[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

The "Evil Cookie Producer" case


I'm confronted with a very special case for which I've written a metaphor. I'd like your opinion on this case.

Imagine that using software is like baking cookies. A free/open source cookie specialist, company A, distributes recipes that are free in the sense of the AGPL: everybody is allowed to bake those cookies, and the consumer is allowed to get the recipe along with the cookies.

Suppose that company B uses the recipe to bake cookies, and they sell those cookies to company C. This is perfectly OK, and company C is allowed to get the original recipe from company A, along with all the extra instructions applied by company B. This is how one should interprete the AGPL: company B is not obliged to pay company A for the use of the recipe. But if company B changes the original recipe or integrates it in a larger recipe, this enhanced recipe is to be distributed under the same AGPL license.

Company C can now consume the cookies, but they can also use the finished cookies to create another product, for instance: cookie spread. This may seem an odd example, but I'm Belgian, and cookie spread is a Belgian specialty. Company C doesn't use the recipe from company A, nor any extended recipe from company B; they are using the finished cookies as an ingredient for another product. For instance: they crunch the cookies, add some extra ingredients, and put them in a jar.
In this scenario, company C doesn't enter in the AGPL: they may have received AGPL recipes from company A and/or B, but they aren't using these recipes. As a result, they can sell cookie spread to consumers without sharing their own recipe.

So far, so good.

Now suppose that nuts are part of the ingredients list of the recipe created by Company A. To protect cookie consumers, Company A adds an extra term to the AGPL: as long as there are traces of nuts down the production line, all products that may contain traces of nuts must retain the notice "may contain traces of nuts".

Suppose that this notice can be added in a way that all the tests mentioned in the DFSG are met:
(1) the equivalent of the message "contains traces of nuts" is automatically part of all the cookies in a non-intrusive way. The cookie doesn't yell "Caution, I may contain nuts" before you bite it, but if you want to find out if it contains nuts, you can analyze the cookie (or the cookie spread) for the presence of nuts in a very simple way. Some operations will remove the nuts; in that case, the message will disappear: no nuts = no message required. In any case: an extra operation is needed to remove the message, so the cookie passes the Desert Island test: there's no obligation that is impossible to meet;
(2) the message doesn't reveal the identity of the modifier, so it passes the Dissident test;
(3) the message is there to inform the consumers, it's there to help them, to protect them, so it passes the Tentacles of Evil test.

In my opinion the extra term takes away one freedom, but adds an important additional freedom: the freedom of information.

Company A makes the recipe a little bit "un-free" because company B nor company C have the right to remove the "may contain traces of nuts" notice. But imagine that you would grant a cookie (spread) producer the freedom to remove the information "contains traces of nuts" from the list of ingredients. Such a freedom could lead to the death of a consumer who is allergic to nuts.
It's hard to imagine that this would be the kind of freedom Debian pursues. I'd say this doesn't pass the Tentacles of Evil test, because intentionally or unintentionally removing such a message could harm a certain group of people.
Note that the message isn't discriminating people allergic to nuts: it's not saying they shouldn't eat cookies containing nuts; it only says the cookies "may contain traces of nuts". It's up to the consumer to decide whether or not he wants to take the risk eating such a cookie.

It's my opinion that in this case one freedom—the freedom of the potential abuser: he who wants to hide information—should be weighed against another freedom—the freedom of the potential user: the person who desires to be informed. It is my personal belief that in this case, the freedom to be informed outweighs the freedom to hide the truth.
You may argue that this is completely different in software, but to me, the freedom of information of a consumer is a basic right, be it in the context of a computer recipe written in a computer language, or in the context of a cookie recipe written for human eyes. I plead against obfuscation and secrecy, in favor of openness and transparency.

I would like to hear your opinion on this case: If you'd eat a cookie based on a free recipe, would you prefer the freedom to find out if the cookie contains a harmful ingredient? Or would you rather die so that a cookie producer has the freedom to hide the fact that the cookie contains such an ingredient? If you'd rather die to protect the abuser's freedom, who would benefit most from your death, the community or an Evil Cookie Producer? Would that matter to you?

I'm looking forward to your responses!

Reply to: