Interview with Benjamin Jean
Let’s meet the profession of lawyer specialized in free software, with Benjamin Jean.
Benjamin is a lawyer by training, and founder of Inno3
Walid Nouh: Hello and welcome to Free Projects!. My name is Walid Nouh, I fell into the cauldron of free software more than 20 years ago. Whether you are an experienced librist or a neophyte, come and discover with me the portraits of the women and men who make free software: communities, economic models, contributions, we tell you everything.
Hello and welcome to Free Projects!. It’s July [2023] 5th and today we’re going to talk about the profession of free software lawyer. When I think of the term “free software lawyer”, I immediately think of licenses, but also of some of the media lawsuits that we have had or other lawsuits about license violations. Yet, this is only a small part of what lawyers do.
To talk about this profession, I invited Benjamin Jean, a French actor who has been involved in free software for a very long time and founder of the firm Inno3. Benjamin will present to us the different actions he carries out on a daily basis.
Benjamin, thank you so much for being here, I hope you’re doing well.
Benjamin Jean: Hello. All right, thank you very much. Nice to be with you.
Walid Nouh: Could you tell us about your background and when did you discover Free Software?
Benjamin Jean: Benjamin Jean, I am a lawyer by training, specialized in intellectual property. In intellectual property with two themes: everything that was applied to music, jazz music, everything that was improvisation and collective work in music and also everything that was related to software development because I had done it myself a little before. As soon as I finished my studies, I was hired by a free software development company, knowing that I had done my thesis at the time on the subject of open source license compatibility, so I was already quite immersed. So much for me.
Today, I am the founder of Inno3 , which is a somewhat hybrid structure. There are ten of us today. In the firm, there are only three lawyers, including a PhD student, a PhD student and the rest are skills that are either software engineers, designers, or more socio-oriented, uses. Above all, we support both acculturation, the understanding of the legal dimension of licenses in which actors who use or disseminate free software and Open Source ; The whole community dimension as well, how to organize collaboration within a diverse community, the public/private actors internationally.
Walid Nouh: You tell us that you have a bit of a technical background At what point, in your career, did you come across free software?
Benjamin Jean: From the moment you develop. It wasn’t that long ago but still, in 2001 I think, my baccalaureate project was to develop a search engine. I used open source extensively, in fact that was the basis.
In any case, to develop, you had to use free and open source software. At the time, I didn’t have the legal culture that I later acquired, which allowed me to specialize not in development, I don’t develop at all anymore, but in the legal dimension associated with it. Beyond the legal, all the tools that allow this interfacing between many actors all over the world.
Walid Nouh: As a lawyer, how do you define a bachelor’s degree?
Benjamin Jean: There are several ways to answer this. The very notion of license is not something that is defined by law for the copyright part, it is more a vision, it is the terminology that is used in the US.
A license is an offer to contract in the sense that the author, or authors, of a software, associate their software with an offer by saying “if you ever want to use it, then you must respect the conditions that are associated”. It is therefore an offer of contract by which the author gives, in any case shares in a non-exclusive way – that is to say, he shares his rights, but he also keeps them for himself, he does not dispossess them – all his intellectual property rights associated with the contributions he has been able to make for the whole world, for the entire duration of the rights and free of charge, This is also an important point.
Whoever wants to use the software accesses the software, reads the contract, accepts it and, from there, can benefit from the rights that are in the license, as long as he complies with the conditions attached to the benefit of these rights. This is where there is sometimes misuse: if you don’t comply with the conditions, then the licence ends and you become an infringer. Very recently, there was a lawsuit lost by Orange on the subject, regardless of who lost it, a lawsuit that reminded us that the simple fact of not respecting the license does not allow us to claim the benefit of the other parts of the license, so we fall back on the counterfeiting.
Walid Nouh: So, initially, you started by developing, then you went to law school. How did you manage to integrate yourself into this legislative work around licensing?
Benjamin Jean: It’s always the same, it’s meetings, it’s people with whom I’ve had to set up projects. At the beginning, the involvement was mainly in the communities, such as Framasoft and I am still part of it, but by far, I am by far the most inactive of the association. We had created a sub-project, which was also an association called Veni, Vidi, Libri, which was doing the task of responding to the requests of the various projects that were stumbling over the issue of licensing, the issue of CLA contracts [Contributor License Agreement], contribution contracts, anything that was a little too legal for them and that seemed easy to us on the one hand to solve and then to document to allow others to find answers. This is the subject of Veni, Vidi, Libri.
What interested me, and which also responds to part of what you mentioned earlier about the process of creating a license in directing, is precisely that there were very few actors working on these subjects. When I first became interested in analyzing free licenses and Open Source, what was complicated was that there was very little literature so, overall, it was reading two or three bachelor’s degrees a night, drawing an analysis from it and, from analysis to analysis, trying to come out with a matrix and a reading grid. Today, these are things that are much more shared. Moreover, it is very easy, from a license, to find the structure that can then be compared to another license.
At the time there wasn’t all that, so there weren’t many people still involved and a community that was quite small, but that helped each other a lot, that sought to share the legal solutions that were found by one or the other.
There was also an understanding of the legal profession. I don’t know if it’s well worded, but a lot of free licenses and Open Source were written by non-lawyers, people who were not in the legal profession at all; That’s a good thing because it means it met their needs. On the other hand, in the same way as when a lawyer develops software, there are some imperfections in the way of doing things.
Then, there were these meetings between lawyers and developers, hackers, free software communities, in which lawyers began to be more involved and to bring to the drafting of contracts that were both more traditional in the sense of the uses that existed in the legal world, but also, perhaps, more relevant, perhaps more suited to the needs of the projects from a legal point of view.
The work of writing a license is something that doesn’t happen every day either, I think it’s only part of the lawyer’s role in the free and open source community. This work is now being done more and more in consultation between lawyers, between the communities concerned, and it also contributes to the commitment of the actors.
If a license isn’t used, it’s of little use. Today, many licenses are no longer used and, in the end, are somewhat relegated to the background. Sometimes we see projects that use them and, when this is the case, we regret a little because we know that behind it there is not really a doctrine in the sense of being able to interpret the inaccuracies of the license, there is no follow-up: if we ever want to contact the authors of the license they are not available, They don’t have dedicated resources. There is still a role of vision, a spotlight that is put on only a few licenses. This is also what the Open Source Initiative is increasingly doing, i.e. trying to combat the proliferation of licenses and helping developers and communities choose the licenses that best suit their projects.
Walid Nouh: Is that what you call standardization? In fact, I discovered that at the beginning of free software there were a few licenses but nothing well standardized and that, at some point, there was a need to standardize licenses to be able to scale up and have more understandable things.
Benjamin Jean: That has been done, but not by lawyers. You know that law is a lot of common sense. At the time, in the very early days of free and open source licenses, they were just project-by-project licenses. We had the GNU Emacs Public License, the GNU General Public License , and so on. One day they said to themselves, “If we want other projects to be able to reuse the license and to be able to share code more easily from one project to another, we need to have a generic license.” The GNU General Public License , the GPL, is this idea of “I take a specific project out of it and make it a license that can be used on other projects”. The first projects that used it were Linux, Perl . It showed this interest for projects other than those of the Free Software Foundation at the time, to have generic tools that could be used, because it was a bit agnostic, at the time it was considered as such. For me, the success of free and open source licenses is precisely that they have become standards.
Licensing is a legal interface — I don’t know if I used the term interface earlier. Licenses are really what allow humans or organizations to work with each other, so for it to work, they have to be standardized, it’s like code. The success of free licenses and Open Source That’s really it: wherever you are in the world, this version of the MIT It’s the same version, to use a completely free license; License Apache 2.0 is the same version, we associate it with effects that are almost the same, and that’s why we can work together.
Walid Nouh: So there’s a lot of licenses out there. What’s the point of having licenses on a French or European scale?, because we’re talking about MIT, we’re talking about Apache licenses, which are licenses that were written by Americans.
Benjamin Jean: Yes, completely the majority of licenses are American, anyway. It can be explained, I could spend some time on the explanation.
The question of the underlying need for new licenses is, for me, crucial, but it’s not that automatic. This may be part of the biases of lawyers: lawyers often tend, when they are asked to draft a contract or to modify or amend a contract, to start from scratch, because, simply, they have better control, it responds to their practices, their uses, so they are confident.
I think there are quite a few free and open source licenses that, at the beginning, were written because it was secure. And that was certainly also one of the reasons why open source, in the beginning, had so much enthusiasm from companies: a lot of companies said “great, I’m going to create my own license”. At the time, right after the creation of the Open Source Initiative, in the 2000s, we had the definition, the open source definition, so there are a lot of new licenses, including the
Mozilla Public License
, that took the existing licensing models and modified them a bit. We ended up with a proliferation: in five or six years there were hundreds of new licenses. Then, fortunately, we went back, we limited the number of licenses, but I think that at the time it was a good thing for companies that were not borrowing from Free Software to feel confident by saying “we adapted it; We had this need, we did it. »
The issue of French-language licences — licences CeCILL not to mention them, they are those of the CNRS/Inria — were drafted by French research centers because they considered, this is a fair and very legal view, that licenses Open Source did not meet the formalities and obligations to which they were subject. Creating these licenses was a way to remove a barrier to open source, so it was an interesting response from that point of view, saying “we can release under the CeCILL license, plus it’s compatible with the GPL, so later, if people want to merge, take some of our code to develop, reuse in some other projects, they can do it.”
The EUPL license is a little different. It was Europe that said “because of my statutes, I cannot commit myself like a stranger”. Europe cannot end up in the court, I mean anything, of South Carolina, because there has been infringement. There is therefore a stance that was to say “we must necessarily have contracts that are adapted to the specificity that is Europe in view of the whole world”. So this is a new licence, which is not an uninteresting licence, which is currently used mainly by Europe for its own programmes, and which is not intended to be used by other projects. In fact, as written, it is a license that mainly allows other projects to use code that has been developed under the EUPL license, but it is not a license that aims to centralize third-party developments on its own projects.
CeCILL licenses, in France, are a little different. I think that at the time there was this need, today there is no longer this need, people use classic free and open source licenses, no longer need to use CeCILL licenses to be reassured. On the contrary, when I discuss it with research centres, I tend to advise them not to use CeCILL licenses because, in fact – this is a repetition of what I mentioned earlier – they find themselves without internal support or even sometimes with disagreements on how to interpret the license. I think that if you use a free and open source license, most of the time it’s to simplify your life. Anything that complicates collaboration, interpretation, that leads to discussions, to further negotiations, is rather to be avoided.
Walid Nouh: Depending on the licenses used, it can be more or less complicated for a developer to contribute to a project. I guess if you’re a foreign contributor on a project that uses a CeCILl license, it must be more complicated.
Benjamin Jean: Let’s just say that it’s very cocky, it displays the French flag. Those who know the licenses will say “anyway it’s compatible with the AGPL, so I don’t even need to read it, I check the AGPL license”. Those who don’t know the license, who will read it to try to understand it, it’s complicated. If you read all the CeCILl licenses, for me there are real topics, it’s not as fluid and clear as it should be.
Walid Nouh: You mentioned the fact that at the beginning, when you arrived, you were a small community of lawyers, that you talked a lot. What does the French legal community in which you work represent? I guess it’s not a very big community, that you all know each other.
Benjamin Jean: Yes. There aren’t many lawyers who work on these subjects, in fact there are quite a few who have also worked at the firm, I think that we feed through the internships, through the people who come through us, this training, this acculturation to Free Software and then it’s maintained.
It is not easy to say how many lawyers are now working on these issues. I think that in France, globally, it is mainly the lawyers of companies either who unlock free software and Open Source, who have this sensitivity, i.e., increasingly, heavy users of free software and Open Source who are forced to improve their skills on the game Open Source Compliance, thus bringing their software into compliance with the licenses of the components Open Source that they use. It comes slowly. That’s one way of counting it. Every year we give training and every year, for the past ten years, I think we have trained about twenty people. We are not the only ones to provide training on these aspects, but almost, I think it is quite representative of the people concerned.
In addition to lawyers, there are lawyers within companies. There are no law firms that do just that, that are only focused on open source. On the other hand, there are still quite a few firms, rather digitally oriented, that are starting to show competence in these subjects because they have enough clients to maintain their level of expertise.
At the European level, there is a network of lawyers led by the Free Software Foundation Europe. It’s very open, and there are plenty of American lawyers. Today there are more than 500 of us; At the time, more than ten years ago, there were about ten of us, now it’s several hundred, in fact I think we are well over 500 now. And here, it’s exchanges between lawyers to be able to put on the table a little bit of the topics of the moment, sometimes also to identify the key resources to anticipate conflicts because there are some, it happens. It’s also another way of seeing that the community has diversified with projects like SPDX that are technical-legal. SPDX has two sides. One of the sides is to be able to have a unique identifier per license and the second is to be able to have a file in a format that concentrates all the information, the metadata of a package of a global project. There are a lot of lawyers from a lot of organizations as well. However, we can see that competence is increasingly shared.
Walid Nouh: How do you talk to each other in the community? Do you have meetups like in free software? For example, we can meet at FOSDEM [Free and Open Source Software Developers’ European Meeting] and do our team meetings. How do you collaborate between lawyers from different countries?
Benjamin Jean: I’d say it’s mostly through events. There’s a list I was talking about earlier, a FSFE mailing list. Otherwise, it’s more events that FSFE organises. There is also an annual event called EOLE, European & Free Software Law Event. This is an example. The interest of this type of event is to be able to meet, exchange, update our respective practices.
EOLE, for this year, is a bit related to what you just mentioned: there is a final face-to-face event, in Paris, in December. But we organize a few webinars, even workshops, plus workshops. I moderated the first one, the second one was moderated by Malcolm Bain, who is a Spanish lawyer who is very involved in these subjects, there were about twenty people. Each time, they are truly lawyers who share everything they can share, both on the needs and on the answers provided on their side. There are more needs than answers today, but that is precisely the purpose of this sharing.
Walid Nouh: Earlier you were talking about a license and clarifying well-known licenses like a GPLv3, an AGPLv3. Are there still things to clarify or is it more about newer or less used licenses?
Benjamin Jean: There are still grey areas on GPL-type licenses, but they are voluntary grey areas. I don’t think there’s necessarily a consensus in the legal community on this, but the license is also a bargaining tool and it can be used to twist the arm of those who don’t want to share. There is always that issue. Not everyone around the table has the same goals. You have to be aware of the fact that you don’t agree all the time, so that you can save yourself a few weapons in case of disagreement.
In GPL-type licenses, there are things that are interpreted in particular in the FAQs of the FSE, the Free Software Foundation, in an ultra-extensible way or in a rather biased way. When reading the FAQs, the questions are asked in such a way that the answers are obvious. However, sometimes the questions are not so simple. This dimension of interpretation of licenses is an issue for me. We try to support in maximization, so that there are more and more people who use, who join open source communities. For us, it’s about acculturation and erasing all the grey areas.
On the interpretation side, we launched a project, I didn’t talk about it earlier, but it’s a bit like what I was talking about, which is called Hermine. It is both a software for bringing open source compliance, internally, to organizations, especially from a legal point of view, and also an open database, under an open data license, for interpretation, or at least for understanding related to licenses. The goal is to do this work: rather than having a different reading of the same license or convergent readings, we don’t even know it, to have a standard, a somewhat consensual reading of this license by telling ourselves that everyone can then install the software at home and modify the database, but that we start from a starting point to facilitate consensus and also to better manage risks.
I think there is still a lot of work to be done, but we are starting to find solutions that are sometimes technical. The example of Hermine is technical, even if it relies on a community of lawyers who feed it, and that’s a good thing. The interest of the technique is that we have channels, the shape is there, so we are forced to agree on what goes through these pipes. This is a good thing because it simplifies the answers internally and also externally. One of the challenges of open source is also the collaboration we will have with the other players in the Supply Chain, the idea is that we are more or less in tune with the answers we can provide to each understanding of the licenses we use globally.
Walid Nouh: Let’s say I’m someone who wants to make free software, I’m going to upload my code to a platform, I’m going to have to choose a license. If I’m not an expert, what are the big things I need to pay attention to? And where can I find documentation to learn more about these topics?
Benjamin Jean: To answer the first point, when you want to release under a free or open source license, the first question is: are we able to do it?, so we already know what are the constraints we have internally, within the organization, on the one hand. We can have contracts with third parties, it doesn’t matter, there can be contradictory commitments, and with regard to the project too, especially if the project uses dependencies that are subject to binding licenses, whatever they are, it will condition the choice we can make in fine with its own license.
Other factors must be taken into account on the organization and on the project. I say anything, “I am a French administration, the number of licenses, the choice I can make in terms of distribution under a free license is limited”; there are about fifteen licenses that can be used by the French administrations and not others, there is a list by decree of the Prime Minister. All right, you have to take that into account.
The project itself is a SaaS [Software as a Service] project, the same, you have to take into account the specificities related to the project because not all licenses integrate these types of exploitation.
Once we have a clear vision of what our needs are and also our internal constraints, the way we proceed when we want to rationalize the choice of a license is to list our objectives: what is important to us?, simplicity, internationality, modularity, compatibility with other projects. So we list a few things like that, we really have to do it on a blank sheet of paper which allows us to objectify why we would choose this license or that license. Once you’ve done that, it’s pretty easy. There are a lot of free licenses and Open source, as we said earlier, but, overall, the most used licenses are about fifteen, 10/15 licenses. So we can take the most well-known, the most widely used licenses and, just based on the criteria we established before, determine which ones meet the need.
It’s quite easy once you’ve done this exercise, it really doesn’t take much time, to converge on the choice of the Affero GPL or the choice of the Apache license.
It’s a little more complicated when you’re in a large group, when there are a lot of people with a lot of different needs that are sometimes incompatible, but it can be reconciled.
In the light of the criteria that are important to us once we have laid everything flat, it is interesting to note that sometimes two completely different licenses can be quite relevant for the same project. It’s a choice, we have to choose: either we stay, I have an example in mind, on Affero LPG because we really want to orient towards the popular dimension of the project, to make sure that all the contributions are well paid, reshared and so on; either we choose the Apache license because we think that in the end it will maximize uses and, overall, we know that the actors will actually pay, or we set up other mechanisms that are not necessarily legal so that they are encouraged to redistribute the contributions they make to the project. It’s all understandable overall.
Where can I find resources on these topics? There’s Veni, Vidi, Libri , that was one of the goals of the site which is no longer online, so it’s problematic.
On Wikipedia you can find a lot of information. It must be said that at the time, when we launched Veni, Vidi, Libri, Wikipedia was very incomplete on these subjects, this is no longer the case, now there are a lot of resources.
Secondly, there are some tried and tested methodologies. We had shared things, but more in the form of articles. I find that it is perhaps not easy enough, today, to grasp these different steps that lead to the choice of license. It makes me think, it just comes like that, that maybe it deserves to have some kind of materialization, formatting just on a page of everything I just said to clarify: I have to choose my license, here are the different steps and what it can lead me to. We do it on other projects. We are currently working on what we call a commons model canvas, a kind of Business Model Canvas adapted to the implementation of a logic of commons within a community, i.e. a project of open resources that are managed and maintained by its users. These are things where there’s a little bit of brain juice at first, but once you put it on you can put it on A4 or A3 and it’s quite debilitating, people can quite easily grab it afterwards.
Walid Nouh: So it would be within my reach?
Benjamin Jean: That would be helpful.
Walid Nouh: When I do interviews with free software projects, I always ask which license they chose and why. The answers are quite interesting.
If I take my example, in the software I use you will often find two licenses that are quite opposed. There are many who will choose AGPL licenses because they want to be sure that all contributions will be returned. At the other end of the spectrum, there are quite a few projects that use an MIT license. I’ve always had a bit of a problem with that because, for me, the MIT license is, basically, you get the source code and then you do whatever you want with it, you can include it in proprietary software. What makes people want to choose an MIT license?
Benjamin Jean: On the example of MIT or Apache, but MIT, I think that it is precisely the projects that are in a search for excessive simplicity. In fact, we prefer to set aside everything that would be a little too legal, too complicated and, in the end, these are projects that consider that if there are no contributions it is not very serious and if they have to come, they will come. There must be no restrictions on its use.
MIT is because we want simplicity to excess, we want the reading to be done, it’s five lines.
The Apache license is when you are in a logic where you want to favor uses, but you still want to secure legally. For me, it’s quite well-known, it’s just a standard. People aren’t going to read the Apache license every time they see it, they understand that it’s an Apache license and that’s enough for them.
The advantage of MIT or Apache, even more Apache, is from a more industrial community point of view, it’s going to be a big plus to the contribution because in fact it reassures them.
MIT is perhaps more about communities, and in fact in research it is very much used. This is more, I would say, an affinity, it’s not personal, it’s just that the researchers are used to, so they are comfortable with projects under the MIT license. When they see other projects, they can simply be put off. If they have to compare them to another project that looks similar but is under the MIT license, they will favor the MIT project.
There is this communication side through the use of open source licenses that can be important. That is my first answer.
The question of how we can engage, beyond the dimension of the choice of license, I think it’s the whole question of the tools we make available to the community, the way we animate in the sense that we really provide all the processes, the rules and the framework so that the actors feel confident, can easily contribute, share their contributions on the project without feeling completely stupid because this is effectively their debut. It’s more these devices that are going to be useful.
That’s for projects that are quite community-based, open and more with individuals.
For projects that will concern organizations, we will think more about partnerships or distribution logics as well, saying “in the end you have an interest in participating in this project because you have a lot of trouble with your business, so there are other contracts on the side that secure the whole”.
An important point. We talk about licenses, but in a project, there are other aspects that make it safer, I’m thinking in particular of CODs. DCOs are these little documents, I don’t know what term to use in French, attestation of authorship, overall it’s just a statement from the author who says that he is aware that what he puts in this project is distributed according to the license of the project, already he indicates that his contribution will be distributed under a free license, and attests that he acknowledges that he does indeed have the rights to what he contributes and, if he does not have them, he has had the authorization of the persons concerned.
These are things that we see almost systematically today, which are in a completely horizontal logic in the sense that we do not seek to centralize rights, everyone remains the holder of their own rights, but which make it possible to erase other risks, to reduce other risks that we have in theOpen Source which is that we use contributions that are brought by people we don’t know and if the person brings anything we are responsible. Lawsuits have been lost on this, behind it there is a company, otherwise there is no point in attacking. This was a company that had a community project and that automatically put on its site the version without any validation of all the contributions that were made to the project. Someone, in my opinion in good faith, took code that didn’t belong to them, contributed it to the project. The company that published the code found itself in a situation of infringement because it published a third party’s code without its authorization and it was convicted.
The issue is how we can reduce this type of risk in a community project because it is in our interest for people to contribute, but we also don’t want it to generate too much risk for the organization.
Walid Nouh: Do we know if there are licenses for which there are more lawsuits or procedures than others?
Benjamin Jean: Yes. There are plenty of copyleft licenses, i.e. with an obligation to share it identically, such as the AGPL, the Affero GPL, the MPL [Mozilla Public License], the EUPL. Copyleft licenses have obligations that are quite restrictive because they impose this sharing of the project’s evolutions, sometimes with grey areas: we don’t know exactly what is the scope of what must be shared, this is where there is sometimes ambiguity, and therefore conflicts.
These licenses, through these particular obligations, will lead to more lawsuits, because, when these obligations are not respected, those who have shared the code, the authors, the rights holders tend to react quite violently by saying “this is the main condition that we associate with the reuse of our code, if you don’t do it if you are an infringer. We’ll warn you once, the second time we’ll hit it very hard.” I think it’s more like those licenses.
Now, to reuse what I have just said, there are still many lawsuits that only concern a non-compliance with formalism. That is, these are people who have said to themselves “I don’t share the source code of the project that I’m reusing because, anyway, it’s available on GitHub in such and such a place”, so they just provide the link. Yes, but the license requires you to provide the source code, not the link. The companies maintain their position, the judge reads the license, considers that indeed they should have done more than that and condemns the company for non-compliance with the license. It’s a bit silly because if they had listened to the community a little bit and if they had better understood the risks in the sense that the very principle of free and open source licenses had been taken into account, they would have been a bit silly. Open Source which is to rely on intellectual property, so the risk of infringement action if it were not respected, all these organizations would not have been condemned as they were.
Walid Nouh: It’s a topic that comes up regularly: if you’re doing a free project you don’t necessarily have a lot of money and if you think there’s a license violation, in that case what organizations are available to you in the free software community to help you defend yourself, because it can be very expensive?
Benjamin Jean: The point is that not just anyone can take action for violating a license. Let me make a quick aside: in the bill for a digital republic by Axelle Lemaire, in 2016, there was the proposal of an article that aimed to allow companies to defend the interests – it was talking about the commons but it could completely concern free software – of communities or people who freely distributed their products, but who were not able to act on their own. There would have been associations, such as consumer associations, which would have been able to act on behalf of. It was not included in the law as it was finally published , and that is a shame.
The problem today is that only rights holders are able to take action for infringement of their licence. If these holders are not structured in an association, in a foundation, in a legal entity that has the means to be able to take legal action, sometimes it’s a bit like David against Goliath, it’s still very difficult to consider taking action against a huge player. Nevertheless, there are a lot of lawsuits in Europe, especially in Germany, that were initiated by the same person, Harald Welte, who was a contributor to Linux, to BusyBox, and who, on that basis, had the interest and the ability to act. He was the one who acted, but he was supported by local associative structures, which financed him in his actions, which was all the better because he was not doing it to make money, he was just doing it to enforce the licenses and he was only asking for compensation for the costs of the lawsuit. It wasn’t profitable, I think it was a very commendable and strong involvement on his part, asking him to pay for everything on top of that, it was complicated.
There are a few structures that are a bit umbrella structures, umbrella foundations, structures that help projects.
The one that would go the most in this direction is the Software Freedom Conservancy, with Bradley Kuhn, which plays this role of hosting projects, but also acting to defend the interests of the projects. They initiated a few lawsuits. It’s still very complicated because often the people who are counterfeiting are also partners. That’s the principle, so it’s a bit like the stick on one side and the carrot on the other and it’s not always easy to know who is typing and who is proposing the carrot, who is trying to rely on these new entrants in free software and Open Source to strengthen the ecosystem and who is hitting on these same players because they are not yet doing things well, so, sometimes, it’s complex. There are structures, I’m thinking of the FSC, so this one.
In France, I know that the Free Software Foundation France, a local chapter of the association, also helped Harald Welte to act against Free at the time. [The Free Software Foundation France was dissolved in February 2022]
Walid Nouh: How does the Free Software Foundation France help? Does it provide resources or money?
Benjamin Jean: From what I know, but I am not involved enough in the structure itself, for me the FSF France is a copy, it just allows to support actions. I am not sure that it has the dedicated budget, that it can really provide the financial means. On the other hand, they make the contacts, they make the network, the interface with other actors who have the means and who can participate in.
I think at the time it was more to provide support and to make sure that the action could succeed. For someone who is not in the business, arriving in France and acting was far from simple. I think they made this intermediation that ultimately made the action possible.
To my knowledge, there are no dedicated funds, except, perhaps, in foundations that have their own budgets.
Just to finish on that, I forgot his name, there was also, in the Linux community, a person who had been a bit of a troll on the subject, a historical contributor who was acting but for personal gain, i.e. he was acting against a lot of companies just to make money on the basis of non-compliance with licenses. What I found interesting is that the community distanced itself from this behavior precisely because it was not in line with the spirit of free software and open source.
I think it’s a good thing, even if it’s not quite sustainable yet, that it’s not a business as such to attack organizations because they’re misusing or not licensing.
It’s a process that takes time, you have to see with all the actors involved in the work. These are people who are quite willing. It’s rare, it’s exceptional, that there’s a desire to harm or that there’s a real knowledge of the misapplication of licenses.
Walid Nouh: If I come back to you and the Inno3 cabinet, what are your daily topics and your current ones?
Benjamin Jean: We mainly work on free software and Open source, a little bit open data and open source hardware and, sometimes, we work on approaches that are a little more macro, or at least more global, such as open science, open innovation, open science and open innovation, plus innovation postures.
We intervene at three main levels: at the project level, we do code audits. In this case, it’s really about identifying, in the code that is used, all the dependencies, the recursive dependencies, having the broadest, most exhaustive Bill of Materials software associated with each license that corresponds to each part of its dependencies and components. We also often do this work of rectifying the license information that is not the right one, because it is still a lot of metadata and it is quite perfectible and to come out with an analysis and a precise idea on what are the ins and outs with regard to all the components used.
The SBOM [Software Bill of Materials] side is a part of our business.
On the project, we always do a lot of valoro, project valorization, so define what is the economic model that we can move towards according to the needs, what the project meets and its needs, and the target communities.
Then, we also do a lot of open source strategy and policy. It’s really about meeting all the departments of an organization, understanding what their processes are, their challenges, their resources and seeing to what extent they can change to better integrate the open source community. It’s a little more than compliance, because we also integrate everything that is sustainable, so the vision of the underlying communities, there may possibly be links with quality or safety. That’s more for private players, there are some public companies too.
We’re doing a little bit of public policy. At the moment, we are doing quite a bit with France Relance. It’s about integrating into policies this idea that everything that is going to be funded must be distributed under a free and open source license, must be produced within the framework of communities that also perpetuate resources over time, so think about that.
The last point, the last level of intervention, is more the ecosystem in the field of mobility. Here we are on an intermediary vehicle, we have done it in other subjects, which is to say how do we bring together all these players, from a more or less developed market, so that they can produce shared web resources and maintain them over time. This is really a systemic vision in which free software, open source, open data, are all means of bringing about collaboration, or at least a clarification of the framework of collaboration between these actors.
Walid Nouh: On this subject of SBOMs, software bills of materials, are companies coming to you to do this work? I saw him do it with French industrialists when I was in presta and it’s a really long, tedious job, which requires a lot of technical skills.
Benjamin Jean: Yes. They are businesses. We also do it quite a bit on behalf of local authorities, there are quite a few local authorities who are in this logic of “we are spreading our project in Open Source, we allow other communities to be able to use it since they have the same needs, the same basic missions.” There are also companies that ask us to help them with this.
Generally, these are not things that we try to perpetuate in the sense that we do it to help them develop their skills and we try to document, to support these actors in understanding the methodology, because it is necessary. It is indeed tedious and the goal is to make it as automated as possible.
Hermine really aims to automate as much of that as possible. The goal of Hermine [16] is to be able to propagate each decision that is taken and to mutualize. In a project, when we detect a dependency that, I mean anything, like a license has a bad SPDX identifier, we fix it once and the goal is to fix it for all the other occurrences of that same dependency. These are things that we try to associate, or at least to equip them. Hermine’s goal is that they also have the tools that allow them to last over time.
One last point. These are indeed things that take a long time, but it’s also a pretty complete job when you allow you to generate Bill of Materials software.
There is a real revival of interest, an awareness of this, especially because in the US it is now something mandatory: as soon as you work with the state, you have to provide exhaustive SBOMs. There are even more and more players positioning themselves on it and that’s a good thing. In fact, we realize that before, what was delivered to the customer did not correspond to what actually worked on the servers in the end. So there was a pretty huge lack of knowledge, because of digital technology and perhaps the complexity of development, of what was actually being bought and what it entailed in terms of the impact of licensing.
Walid Nouh: At the level of the French state, who is working on these issues?
Benjamin Jean: In France, the DINUM, internally, is quite structured with a free software and digital commons pole. There are several of them now. It is also the role of DINUM to have a vision of the infrastructure of all the administrations, of the other ministries to be integrated.
I had worked with them on the French government’s contribution to free software policy a few years ago, which also aimed to be instantiated by any ministry.
Then, beyond the DINUM, these are subjects that we hear. In research centres, this is quite common. There is a real need because there is a lot of open source in research. In the valorization that is made of research projects, on the other hand, these are skills that are still little known and developed, so we often intervene with them.
Then, from a more political strategy point of view, the ADEME, the ANCT, the National Agency for Territorial Cohesion are the key players. Recently, we carried out a mission for the Ministry of National Education, which is increasingly using open source as part of the services it provides to the territory and also encouraging the production of free and open source software.
I’m thinking about it now. In Europe, there is still a fairly strong incentive for free software, and for the digital commons as well. The term “digital commons”, on a voluntary basis, is the terminology that sometimes simplifies access, or at least the change in the posture of public and private actors. For me, it’s quite representative of free software as we understand it, that is to say that it’s oriented, it’s finalized: we think about users, we think about communities. The idea of these commons is precisely that these communities finally get hold of what they need. It’s really moving towards free software, whereas we’re talking about the digital commons. Europe is doing this more and more. This is an important awareness because it reinforces and then supports the policies of the states and, in the states, of the agencies.
Beyond that, on a European scale, there are also pooling that are interesting. We carried out a mission for Europe a year ago, called FOSSEPS[Free Open Source Services for European Public Services], which aimed to identify critical open source software used by the administration in the ultra-broad sense, French cities are part of it, all public actors, and finally to ask themselves what is strategic, critical. It was at the same time when there was a use, in quotation marks, “very important”: we realize that in libraries there is software that is used by all communities, I am exaggerating, so yes, it is critical, it must not work anymore, we must be careful that there are no vulnerabilities and so on.
The other situation was critical because in situations that are indeed critical: I say anything, to promote the role of the SAMU in route calculations, it must not work from one day to the next; It may not be the best example, but there was also this other dimension.
It’s interesting to see that Europe is seizing on this rather lofty and strategic vision of open source with the idea of providing answers, some of which are funding, but not only.
Walid Nouh: It is good that we are talking about the European Union. Because of my past as a librist I may have a bias, but I had the impression that in France or Germany we were rather well off because it is possible to live from free software. In your opinion, are there countries that are more advanced in terms of open source structuring or do they all do it in their own way in different ways?
Benjamin Jean: I think France and Germany are pretty good indeed. The Germans are very industrial in the use of open source. They have very industrial responses as well as quality.
Netherlands, the same, we can take them together.
Italy is much more political: there is an obligation that everything that is bought with public money is open source.
In Spain, precisely in Barcelona, there are more commons logics, it’s interesting to make sure that there are communities of suppliers, economic actors, communities of communities that federate in order to be able to maintain over time.
In the United Kingdom, it was more interoperability logics that also went towards maximizing open source.
In fact, overall, we see interesting things everywhere, but I think it’s relatively different each time. It’s also interesting to see the differences between all these actions.
Walid Nouh: In the end, when you’re talking to people, when you get to the same point but through different front doors, it has to be really interesting.
Last question: are there any major European issues that you follow closely or on which you intervene?
Benjamin Jean: There is the issue of European regulations that may impact open source communities. We had seen this in particular for the whole security dimension, so CRA, Cyber Resilience Act, saying that if too many constraints are placed on communities, Open Source As part of the necessary vulnerability audit, in any case of security, cybersecurity of the end sectors, both we understand the need, but, at the same time, it is not adapted to the communities, so we are going to put the responsibility on the communities for things that they cannot generate. It was a real risk in the sense that a community is not a company, it doesn’t work in the same way and the more we impose on it things that are not interesting to do, the more we disengage the actors.
I think there are really topics like that. To my knowledge, there have been no foundations in Europe, not even actors, who have sought to mobilize to explain how to get open source communities out of these constraints, out of this framework. A bit like exporting against the US. For me, the right way to do this is to say “as long as the project is public, that it is distributed according to a free license, we consider that we do not impose the same thing on it as if it is a project that is not public or of an organization”, it allows us to make the distinction. That’s a point.
Secondly, I find interesting, and rather beneficial, the way in which Europe is currently operating its funding, I am thinking in particular of NGI, Next Generation Internet. These are micro-financings, they are 20 or 30 million. Instead of giving these tens of millions of euros to a project with very large European players and research centres, every four or five years it starts all over again and we start from scratch. In this case, it is non-profit organizations, associative structures that are delegated these budgets and which, then, micro-finance to the tune of 50 to 150 k, rather 50 k, very concrete projects.
I find it super interesting because over phases of three/six months, a year max, it’s based on very punctual, well-defined needs, and then it’s step by step, that is to say that whoever gets financed a first time can get financed a second time. I find that these logics are very compatible with the free and open source software communities and it’s very simple to answer them. I think it’s really a great development from a European funding point of view. Before, they were detached from the field, and now, on the other hand, I have the impression that they are much closer to the field than the majority of other funding we can get.
Walid Nouh: From what you said, I would say that in terms of free software, the future looks bright, or at least it looks positive.
Benjamin Jean: I tend to be positive in general. We are fortunate, at the moment, to have a dynamic that is really very favourable. It’s not yet something sustainable in the sense that it’s based on a few individuals, it’s based on a few experiments, it’s not notched, it’s not set in stone, but it’s still so much better than what it had ten years ago. I feel like we’re moving in the right direction. In addition, with this convergence that exists between the actions of many ministries, and also private actors who understand these logics of pooling, of free software and community development of projects, we are moving on the right path.
I think the more it goes, the more digital will go towards that. I could have reservations, but I think that now everyone is aware that we have to take ownership of, or at least understand, what we are using and that there is no better way than to participate in the governance of the projects we use. There is a growing maturity among public actors and private actors, and I think that this is really going in the direction of the development of free software and a freer and more open society.
Walid Nouh: From my point of view, I also had the impression that the GDPR had given a boost to the use of free software with all the issues of privacy and data ownership.
Benjamin Jean: In fact, for everything. We talked about Framasoft very quickly, but from a point of view Privacy, respect for privacy, what we are aware of is that if we rely on free solutions that are provided by players across the Atlantic or in China, yes, indeed our data is what makes their services profitable.
On the other hand, if you rely on local actors, if you can’t do it yourself, you have other costs but you can control them and you know why you have them. I think it allows us to better understand what we buy, why, how, to better understand the digital world.
Walid Nouh: There are topics that we barely touched upon, that deserve a full show, I’m thinking in particular of the economic model of free software, because that’s really the kind of subject that interests me a lot.
Since it’s now time to conclude, I’m going to let you speak, Benjamin: are there any topics or a message you’d like to get across? It’s the open forum, it’s yours.
Benjamin Jean: I have already said a great deal. What I would like to add is the expression “the road is long but the way is clear”. Overall, we feel that the meaning of the story is the one we had in mind and that’s a good thing. There is still a huge need for acculturation and to improve skills on all these subjects. I think that’s one of the big points of the years to come, it’s not over and it’s not because we’ve all understood why we have to move towards this that we all know how to do it. This is perhaps where there will still be important associative, community initiatives. Don’t be afraid of not knowing, do it together and discuss it. I’m glad I had that exchange now. Earlier, I had a call with a project that asked a lot of questions about the use of open source and the implications from an economic point of view. We need to talk about it, move forward and share knowledge. Don’t hesitate.
Walid Nouh: That’s a very good last word. Thank you, Benjamin, for taking the time to talk about the subjects that are your daily life and that everyone deserves to know, in the end, because these are questions of governance, public money, and what we want in terms of what we want as a type of society. Thank you for taking the time to chat with us. I hope to see you again soon.
Benjamin Jean: Likewise. Delighted, see you soon.
Walid Nouh: For listeners, if you liked it, don’t hesitate to talk about it around you, to share it on social networks, to leave us a comment on streaming platforms, the podcast is available on all good streaming platforms.
Stay tuned for the next episodes to come, there are still exciting interviews in entirely different areas.
I wish you a very good day. See you again.
Transcription made by the APRIL transcription group, also available on APRIL®.
Learn more about Benjamin Jean and Inno3
This episode is recorded on July 5, 2023.
License
This podcast is published under the double license Art Libre 1.3 or later – CC BY-SA 2.0 or later.