This page has not been translated yet. Please help us to translate this and other pages on fsfe.org, so people can read our message in their native language.

News

Are Free Software developers at risk?

on:

Free Software is everywhere, with studies estimating that it is present in about 96% of the applications that we use. But what are the responsibilities and liabilities of the Free Software developers? A potential threat to Free Software developers looms in the form of an ongoing lawsuit in the UK involving Bitcoin and its core developers.

Image showing a bitcoin with a blue tech background

Bitcoin (BTC) is a cryptocurrency created in 2009 that operates under the MIT Free Software licence. After its creator disappeared, a group of software developers continued to develop Bitcoin independently. Currently, Dr. Craig Wright, who claimed to be the creator of Bitcoin, is suing the Bitcoin developers in the UK courts through his company, Tulip Trading Limited (Tulip). This company claims to have lost £3 billion worth of bitcoin due to a hack that compromised the private keys, resulting in the loss of access to the funds. In this lawsuit Tulip is demanding that the Bitcoin developers provide access to the lost Bitcoin, arguing that the developers have a legal obligation to provide access or offer equitable compensation or damages.

As such, this legal case is currently drawing attention to the issue of Free Software developers' liability, in particular the extent to which they are responsible to their users.

The High Court considered whether software developers and controllers of digital asset networks bear legal obligations to cryptocurrency holders who rely on their software. The court ruled in favour of the developers, stating that as a "fluctuating body of individuals", the developers could not realistically maintain ongoing obligations. The court rejected the notion that developers should be compelled to provide software updates upon the request of digital asset owners, emphasising the absence of any explicit commitment or assurance by the developers. Regarding the alleged tortious duties, the Court determined that the developers did not owe Tulip a duty of care, highlighting that Tulip's loss was solely economic.

A duty of care is a legal responsibility imposed on an individual that requires them to follow a level of reasonable care when conducting any acts that could endanger others.

However, the court recognized that, in certain cases, software developers have specific duties. For instance, developers must exercise caution to avoid harming users' interests and may have an obligation to remedy bugs or faults in the system.

The court also acknowledged that the disclaimer in the MIT license, broadly disclaims liability for software issues. However, the court did not confirm whether this disclaimer absolved BTC Network developers of responsibility for its operation. This is because:

On appeal, the Court of Appeal (the second highest court in the UK) overturned the High Court's decision, concluding that it was at least arguable that the developers owe fiduciary legal duties to cryptocurrency owners. The court noted the exclusive control of the Bitcoin software code by a small group of developers and their decision-making role on behalf of all Bitcoin owners, resembling fiduciary responsibilities. The court also noted that only a handful of developers have exclusive access to the Bitcoin software code on GitHub. For example, if a Bitcoin owner notices a bug, he or she is unable to fix it because only the developers with access can do so, and they have to agree to do so. In the eyes of the court, this is a clear exercise of the de facto power of the developers. The court completely missed the point that no one can prevent others from applying a fix to the code - that is part of the fundamental freedom that comes with Free Software: if the developers of a particular repository refuse to apply needed fixes, the community can fork the project and bypass those developers.

Furthermore, code is speech. Freedom of expression includes expression in the language of computer code as well. Imposing disproportionate duties on Free Software developers forces them to change their code, and therefore infringes on their freedom of expression. The court also observed that the developers have a positive duty to fix bugs and code errors and a negative duty to refrain from acting in their own self-interest.

In summary, Tulip's case raises significant legal questions, and according to the latest developments, Tulip must prove ownership of the alleged stolen bitcoins in a preliminary trial.

Chilling effect on Free Software development?

Common law in the UK (and other countries) is developed through court decisions and precedents. When a court makes a decision in a case, it establishes a legal precedent that serves as a guide for future cases with similar circumstances. Lower courts generally have to follow the precedents set by the higher courts. Courts in common law countries tend to also borrow concepts and precedents from other countries if there is no local precedent available. The law and legal scholarship around Free Software developers’ duties is underdeveloped and almost non-existent. If Tulip succeeds in their case, it may set an international legal precedent, opening the floodgates to litigation. This means that any user of Free Software could potentially sue developers for alleged breaches of duty.

A fiduciary duty, as claimed by Tulip, refers to the legal duty of a person or entity to act in the best interests of another party, typically referred to as the beneficiary or principal. This duty is characterized by trust, confidence, and reliance on the fiduciary to act ethically and responsibly on behalf of the beneficiary. Fiduciary duties exist in only very specific relationships, like those of trustees, solicitors, agents, partners, and company directors. Attaching these duties to Free Software developers is unprecedented and disproportionate.

Free Software production, a catalyst for technological innovation, relies on voluntary contributions. Imposing fiduciary duties (or any disproportionate duties) on developers could deter them from participating in Free Software projects, fearing legal repercussions. This could lead to a chilling effect, where developers opt for more restrictive licensing, or refrain from sharing their code altogether, or release the software only in jurisdictions where there are no duties out of fear of litigation. The results of such an effect would be disastrous; stifling innovation and potentially halting the progress of specific Free Software endeavours.

In essence, if the court rules in favour of Tulip, it can have far-reaching consequences that can be detrimental to the Free Software developers in the following ways:

  1. Courts may impose an active duty on Free Software developers to fix what the courts deem to be problematic issues.
  2. In future courts may impose an active duty on Free Software developers to not cause any bugs that impact users. This can potentially expose the developers to litigation for just letting through a bug or failing to spot a bug.
  3. Courts may also impose obligations on Free Software developers that require them to compromise the cryptographic integrity guarantees of the software. This could involve mandates to weaken encryption algorithms or provide backdoor access, directly undermining the security measures designed to protect user privacy and data confidentiality. Such orders would not only compromise the effectiveness of encryption software but also the tools such as secure file deletion or data recovery.

Free Software development thrives on the collaborative efforts of developers worldwide, continually evolving. The developers’ autonomy inherent in Free Software must not be jeopardized by the fear of unjust litigation. FSFE remains vigilant in safeguarding against threats to developer autonomy that could stifle innovation. In the light of these concerns, we call upon the developers to persist in their invaluable work without fear.