[FSFE PR][ES] Are Free Software developers at risk?

Lun Abr 22 07:20:04 UTC 2024

 = Are Free Software developers at risk? =

[ Read online: https://fsfe.org/news/2024/news-20240417-01.es.html ]

Free Software is everywhere, with studies estimating that it is present
in about 96% of the applications that we use. But what are the
responsibilities and liabilities of the Free Software developers? A
potential threat to Free Software developers looms in the form of an
ongoing lawsuit in the UK involving Bitcoin and its core developers.

Bitcoin (BTC) is a cryptocurrency created in 2009 that operates under
the MIT Free Software licence [1]. After its creator disappeared, a
group of software developers continued to develop Bitcoin independently.
Currently, Dr. Craig Wright, who claimed to be the creator of Bitcoin
[2], is suing the Bitcoin developers in the UK courts through his
company, Tulip Trading Limited (Tulip). This company claims to have lost
£3 billion worth of bitcoin due to a hack that compromised the private
keys, resulting in the loss of access to the funds. In this lawsuit
Tulip is demanding that the Bitcoin developers provide access to the
lost Bitcoin, arguing that the developers have a legal obligation to
provide access or offer equitable compensation or damages.

As such, this legal case is currently drawing attention to the issue of
Free Software developers' liability, in particular the extent to which
they are responsible to their users.

 === UK High Court’s opinion: Developers have no legal duties or a duty of care in this case, but they do have certain duties in some specific situations. ===

The High Court considered whether software developers and controllers of
digital asset networks bear legal obligations to cryptocurrency holders
who rely on their software. The court ruled in favour of the developers
[3], stating that as a "fluctuating body of individuals", the developers
could not realistically maintain ongoing obligations. The court rejected
the notion that developers should be compelled to provide software
updates upon the request of digital asset owners, emphasising the
absence of any explicit commitment or assurance by the developers.
Regarding the alleged tortious duties, the Court determined that the
developers did not owe Tulip a duty of care, highlighting that Tulip's
loss was solely economic.

/A duty of care is a legal responsibility imposed on an individual that
requires them to follow a level of reasonable care when conducting any
acts that could endanger others./  However, the court recognized that,
in certain cases, *software developers have specific duties. For
instance, developers must exercise caution to avoid harming users'
interests and may have an obligation to remedy bugs or faults in the
system*.

The court also acknowledged that the disclaimer in the MIT license [4],
broadly disclaims liability for software issues. However, the court did
not confirm whether this disclaimer absolved BTC Network developers of
responsibility for its operation. This is because:

- the MIT disclaimer has never been litigated, and the court is free to
  decide and set precedent.

- such disclaimers are not easily found when using software.

 === UK Court of Appeal’s opinion: Arguable that developers owe some fiduciary legal duties ===

On appeal, the Court of Appeal (the second highest court in the UK)
overturned the High Court's decision [5], concluding that it was at
least arguable that the developers owe fiduciary legal duties to
cryptocurrency owners. The court noted the exclusive control of the
Bitcoin software code by a small group of developers and their decision-
making role on behalf of all Bitcoin owners, resembling fiduciary
responsibilities. The court also noted that only a handful of developers
have exclusive access to the Bitcoin software code on GitHub. For
example, if a Bitcoin owner notices a bug, he or she is unable to fix it
because only the developers with access can do so, and they have to
agree to do so. In the eyes of the court, this is a clear exercise of
the de facto power of the developers. The court completely missed the
point that no one can prevent others from applying a fix to the code -
that is part of the fundamental freedom that comes with Free Software:
if the developers of a particular repository refuse to apply needed
fixes, the community can fork the project and bypass those developers.

Furthermore, code is speech. Freedom of expression includes expression
in the language of computer code as well. Imposing disproportionate
duties on Free Software developers forces them to change their code, and
therefore infringes on their freedom of expression. The court also
observed that the developers have a positive duty to fix bugs and code
errors and a negative duty to refrain from acting in their own self-
interest.

In summary, Tulip's case raises significant legal questions, and
according to the latest developments, Tulip must prove ownership of the
alleged stolen bitcoins in a preliminary trial [6].

 === Chilling effect on Free Software development? ===

Common law in the UK (and other countries) is developed through court
decisions and precedents. When a court makes a decision in a case, it
establishes a legal precedent that serves as a guide for future cases
with similar circumstances. Lower courts generally have to follow the
precedents set by the higher courts. Courts in common law countries tend
to also borrow concepts and precedents from other countries if there is
no local precedent available. The law and legal scholarship around Free
Software developers’ duties is underdeveloped and almost non-existent.
If Tulip succeeds in their case, it may set an international legal
precedent, opening the floodgates to litigation. This means that any
user of Free Software could potentially sue developers for alleged
breaches of duty.

/A fiduciary duty, as claimed by Tulip, refers to the legal duty of a
person or entity to act in the best interests of another party,
typically referred to as the beneficiary or principal. This duty is
characterized by trust, confidence, and reliance on the fiduciary to act
ethically and responsibly on behalf of the beneficiary. Fiduciary duties
exist in only very specific relationships, like those of trustees,
solicitors, agents, partners, and company directors. Attaching these
duties to Free Software developers is unprecedented and
disproportionate./  Free Software production, a catalyst for
technological innovation, relies on voluntary contributions. Imposing
fiduciary duties (or any disproportionate duties) on developers could
deter them from participating in Free Software projects, fearing legal
repercussions. This could lead to a chilling effect, where developers
opt for more restrictive licensing, or refrain from sharing their code
altogether, or release the software only in jurisdictions where there
are no duties out of fear of litigation. The results of such an effect
would be disastrous; stifling innovation and potentially halting the
progress of specific Free Software endeavours.

In essence, if the court rules in favour of Tulip, it can have far-
reaching consequences that can be detrimental to the Free Software
developers in the following ways:

1. Courts may impose an active duty on Free Software developers to fix
   what the courts deem to be problematic issues.

2. In future courts may impose an active duty on Free Software
   developers to not cause any bugs that impact users. This can
   potentially expose the developers to litigation for just letting
   through a bug or failing to spot a bug.

3. Courts may also impose obligations on Free Software developers that
   require them to compromise the cryptographic integrity guarantees of
   the software. This could involve mandates to weaken encryption
   algorithms or provide backdoor access, directly undermining the
   security measures designed to protect user privacy and data
   confidentiality. Such orders would not only compromise the
   effectiveness of encryption software but also the tools such as
   secure file deletion or data recovery.

Free Software development thrives on the collaborative efforts of
developers worldwide, continually evolving. The developers’ autonomy
inherent in Free Software must not be jeopardized by the fear of unjust
litigation. FSFE remains vigilant in safeguarding against threats to
developer autonomy that could stifle innovation. In the light of these
concerns, we call upon the developers to persist in their invaluable
work without fear.

 1: https://github.com/bitcoin/bitcoin
 2: https://www.theguardian.com/technology/2024/mar/14/australian-craig-wright-not-bitcoin-creator-satoshi-nakamoto-high-court-rules
 3: https://download.fsfe.org/legal/documents/first-instance-decision-dismissing-TTL.redacted.pdf
 4: https://opensource.org/license/MIT
 5: https://www.judiciary.uk/wp-content/uploads/2023/02/Tulip-v-Van-Der-Laan-judgment-030223.pdf
 6: https://download.fsfe.org/legal/documents/PRELIMINARY%20ISSUE%20TRIAL.pdf

  == About the Free Software Foundation Europe ==

  Free Software Foundation Europe is a charity that empowers users to
  control technology. Software is deeply involved in all aspects of our
  lives; and it is important that this technology empowers rather than
  restricts us. Free Software gives everybody the rights to use,
  understand, adapt and share software. These rights help support other
  fundamental freedoms like freedom of speech, press and privacy.

  The FSFE helps individuals and organisations understand how Free
  Software contributes to freedom, transparency and self-determination. We
  enhance users' rights by abolishing barriers to Free Software adoption,
  encourage people to use and develop Free Software, and provide resources
  to enable everyone to further promote Free Software in Europe.

  https://fsfe.org