DSM, EIF, RED: Acronyms on the EU level and why they matter for software freedom
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 84 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/32463 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FrOSCon 201621 / 84
2
4
5
7
11
16
25
26
27
28
29
30
31
32
34
36
37
40
41
43
46
47
48
49
50
52
55
56
58
59
62
63
64
65
66
67
68
69
70
71
72
73
75
76
77
79
82
83
84
00:00
Lattice (order)Right angleProjective planeOpen sourceFreewareLevel (video gaming)Coordinate systemSoftwareTrail1 (number)MathematicsDigitizingInclusion mapBitArmMathematical analysisElectronic mailing listConstraint (mathematics)FreezingXMLComputer animationLecture/Conference
01:43
Dependent and independent variablesSystem administratorIterationOpen sourceStrategy gamePurchasingCASE <Informatik>Software frameworkSoftwareField (computer science)Arithmetic meanComputer animation
02:48
SoftwareWorkstation <Musikinstrument>QuicksortFreezingStrategy gameMereologyStandard deviationAreaSoftware frameworkSystem administratorComputing platformContext awarenessExterior algebraFreewareSoftware developerWindow1 (number)Point cloudKey (cryptography)Level (video gaming)Observational studyBitNatural numberOpen setPosition operatorNumberObject (grammar)TelecommunicationPhysical lawNoise (electronics)Parity (mathematics)Internet der DingeOperating systemPerspective (visual)CybersexInformation securitySingle-precision floating-point formatUniverse (mathematics)Civil engineeringInternetworkingDigitizingVector potentialDependent and independent variablesComputer programCASE <Informatik>Different (Kate Ryan album)PlanningOperator (mathematics)Computer animation
07:36
Point cloudStandard deviationLatent heatMultiplication signTerm (mathematics)Numeral (linguistics)FreewareSoftwareImplementationOrder (biology)Normal (geometry)TelecommunicationRight angleMereologyPattern languageSystem administratorGoodness of fitAddress spaceOpen setPosition operatorInternetworkingGroup actionLevel (video gaming)Web 2.0Projective planeDistribution (mathematics)SurfaceCellular automatonAuthorizationPhase transitionSoftware frameworkInclusion mapFunctional (mathematics)Arithmetic meanDebuggerParticle systemNetwork topologyComputer animation
13:48
MereologyOpen sourceStandard deviationBitState of matterRevision controlObservational studyInterpreter (computing)Physical lawWebsiteWordSoftware frameworkFormal languageGoodness of fitArithmetic meanCASE <Informatik>Perspective (visual)Group actionMultiplication signOnline helpXMLLecture/Conference
18:04
Formal languageTerm (mathematics)SoftwareSoftware frameworkFreewareAddress spaceDistribution (mathematics)Computer animation
18:40
FreewareSoftwarePhysical lawStandard deviationMereologySoftware frameworkInsertion lossDirection (geometry)Mixed realityXMLUML
20:03
Physical lawDirection (geometry)BitState of matterBuildingMathematical analysisLecture/Conference
20:41
Image resolutionSoftwareHarmonic analysisDirection (geometry)Information securityLaptopComputer hardwareProduct (business)Link (knot theory)Combinational logicFunction (mathematics)State of matterLimit (category theory)Insertion lossInternet der DingeExterior algebraInternetworkingPhysical systemCASE <Informatik>Power (physics)Order (biology)PlastikkarteMultiplication signAuthorizationMobile WebRouter (computing)Physical lawSoftware bugRule of inferenceBackdoor (computing)XMLUML
24:32
FreewareSoftwareState of matterGroup actionNewsletterStatement (computer science)Exception handlingLevel (video gaming)InformationAreaAxiom of choiceControl flowWeightContext awarenessSelf-organizationWordMultiplication signWeb pageEmailComputer animation
27:32
Self-organizationLevel (video gaming)MassCASE <Informatik>Theory of relativityDirection (geometry)Point (geometry)Right anglePhysical lawMoment (mathematics)Integrated development environmentSheaf (mathematics)Information privacySoftwareNatural numberOpen sourceNonlinear systemFreewarePhase transitionHarmonic analysisOrder (biology)LaptopQuicksortDescriptive statisticsDirected graphSoftware testingSmartphoneLink (knot theory)Router (computing)1 (number)Scheduling (computing)DigitizingVirtual machineSoftware developerRevision controlInterface (computing)View (database)Exception handlingInternet der DingeField (computer science)HypermediaBitWebsiteSimilarity (geometry)Physical systemRule of inferenceMathematicsRegulator geneInternetworkingComputer hardwareFlow separationWordFirmwareCoprocessorComputerOpen setBlock (periodic table)Wireless LANAndroid (robot)Lecture/Conference
35:43
Order (biology)Maxima and minimaRow (database)Computer animationLecture/Conference
Transcript: English(auto-generated)
00:07
Okay, welcome everyone to the afternoon track for Froskal. In this room we have Polina Malaia from the Free Software Foundation Europe. She'll tell us a bit about EU policies and what they have for influence on open
00:23
source projects. So, welcome. Thank you. So, do you hear me? Yes, I hope it works. So, hi everyone. My name is Polina. As I've been already introduced, I'm a human rights intellectual property rights lawyer,
00:43
digital rights activist and working for Free Software Foundation Europe as a policy analyst and a legal coordinator. And today I will give you a talk about EU policies and actually the most recent ones that are important for free software and how FSFE is active in these topics.
01:03
So, there have been several attempts to include free software into discussions on European level. And FSFE was following them from the start but through the policy advocacy work. So, that means publishing analysis, meeting with the officials, campaigning for a change.
01:27
But let's start from the beginning. Oh, it's not working. It doesn't work. Sorry. So, throughout the years, the free software in the EU was mostly a part of internal
01:44
IT strategies policies which were just only for IT departments within the institutions and not much of an overall general policy field. And one of the examples are European Interprobability Framework which was officially,
02:03
I mean, it was an official document from the start at the beginning, yes, for public administrations to increase interoperability within public administrations. And also the other example is the Open Source Strategy in European Commission.
02:21
And this was mostly as a response to the excessive vendor lock-in within the EU institutions. So, that is still evident from software purchase agreements in public procurement. So, that means that EU institutions directly require acquiring particular vendors.
02:42
For example, Microsoft is one of the most dominant vendors. And that also resulted in the case in front of European Court of Justice where Microsoft was actually fined for its anti-competitive behaviour on the market
03:00
of desktop operating system. And FSAV was involved as an intervener in this case to present the interest of free software developers. So, we argued that there is an excessive vendor lock-in in the EU institutions. So, despite all these efforts, by 2016 the vendor lock-in still stays steadily.
03:24
And this is some data according to the most recent study on the lock-in and ICT procurement. So, according to that study, 52% of all respondents amongst public administrations
03:43
have experienced vendor lock-in. And even though the awareness of that problem is high within the public administrations, they still feel almost powerless to question any alternative software. So, the most top-occurring vendors that institutions are buying
04:06
are then Microsoft, Oracle, SAP or Windows. So, this is what they require to acquire. Meanwhile, the world outside of EU is changing and free software is everywhere.
04:21
And it's basically you can't overlook it because of nearly universal software development practices. So, EU has to somehow address that topic. And so, what is the key to success, EU questions? And so, the reaction on the EU level has to follow.
04:44
And one of the most interesting documents and the most recent ones is the Digital Single Market Strategy, which was adopted last year. And it's an umbrella initiative with different legislative and political reforms on the EU level,
05:02
like how Europe can become an ICT leader on a global level. So, EU tries to identify these key areas. And from free software perspective, the most important for free software
05:21
are then the standardization policies. And EU identifies that the priority areas in standardization are then clouds, Internet of Things, big data, cyber security and 5G. So, this is a priority for the EU until the end of 2019.
05:40
And how to implement those policies? EU also identifies then a couple of instruments. This is a joint initiative on European standardization, rolling plan for ICT standardization, annual union work program and European interoperability framework.
06:00
So, one of the most interesting areas like documents within this is another communication which is from April this year. And it's actually made some noise in the community a bit and from civil society and a bit in the media because of its contradictory nature.
06:29
And so, it actually includes some really positive aspects for free software. So, here we have to like acknowledge that before EU was only focusing
06:42
on free software as a part of internal strategy that was not supposed to go outside of the IT department. But now we're talking on some like a more general policy objective that might even somehow be reflected in the law. But yeah, who knows? So, the standardization priority says that proprietary solutions
07:05
can hamper the potential of digital single market and that we need common open standards and that we need to make more use of free software. And that is also for Internet of Things. It's the same that we need an open platform approach
07:20
and promote open standards and also in data the same. So, that's all the good positive steps there. But of course, it's not always as good as it seems from the beginning. So, that's just a little, yeah. So, there is no cloud but the commission says there is.
07:42
And there is one like fly in the ointment, something that despite all this good stuff commission says before, it bases its standardization policy on front licensing and that is unacceptable for free software.
08:01
So, why is front bad for free software? So, front are then so-called fair, reasonable and non-discriminatory terms to license patterns that are essential for standard implementation. So, standard is a common norm agreed within the industry
08:25
and it contains in specification which is protected by copyright but it can also include references to pattern the technology and in order for a project or implementer or company to implement the standard,
08:41
it needs to acquire the pattern license. And this is how also industry has resorted to these practices, mostly in telecommunication industry and saying that, okay, you as a pattern holder have that right to restrict the standard implementation
09:05
and you have to license it so it's accessible for everyone on these fair, reasonable, non-discriminatory terms. But the problem is that as licenses, these front licenses are negotiated in secret, it is very difficult to know what is fair amongst the industry
09:24
and what is reasonable and what is non-discriminatory. And for that reason, front licensing practices are mostly and very often used as anti-competitive tool to abuse the monopoly
09:45
that pattern right holder have. And so, that's why it's not favorable in general but it's also especially not acceptable for free software
10:01
because it goes against the licensing terms and how free software is distributed. So, the problem is that it's mostly an exclusive license which means that you only negotiate it once with a particular implementer
10:21
but the other implementer who wants to implement the same technology has to go again to the same pattern holder and negotiate it again. And it also includes usually a requirement to pay royalties per copy and in free software it's difficult to calculate
10:42
because the license is non-exclusive and the distribution is not limited. So, in conclusion, this is why it's not suitable for free software. So, what can be the solution? The Commission, and also because the industry doesn't know what is front
11:01
or it depends on the negotiations, there is a possibility to define front on EU level so it's acceptable for free software and that just removes all these restrictions. But the problem is that it's not front anymore. It's a restriction-free licensing
11:21
which is already in use for software, web and internet standards and the reason why internet is basically functioning. So, that's about front. And as we already briefly said that the European Interoperability Framework is one of those instruments to implement the standardization policies.
11:45
So, let's take a look into that. So, it was first adopted as an official guideline for public administrations within the EU and it was a really interesting document
12:03
because despite of its unofficial status it actually set an example for numerous national policies and included a very progressive approach at that time for open standards. It was actually requiring that in order to ensure interoperability
12:21
open standards need to be promoted and also the licensing policies were quite good in the sense for open standards and free software. So, in 2010, the European Commission thought that it's a nice document
12:43
that could also be lifted upon from being unofficial to a more official status and that included a massive lobbying and so the document was completely changed and the open standards were in the end not called open standards and they were called open specifications
13:01
which is a misleading term because it only reflects the specification part which we've already touched upon before and it doesn't address other issues and it's just watering down the existing common known term
13:20
and it also introduced first the front that we just touched upon. So, FSCV identified that evidence could be based in the leaked drafts from the European Commission and the lobbying groups positions that were handed in.
13:43
So, that's just like a screenshot from that. You could see that the pink parts were just the exact copy paste from the business source aligned comments that were submitted and then the draft. So, our commission just took one site instead of being impartial.
14:04
Yes. So, in 2016, European interpretability framework is again on agenda. So, it actually is going again through a third revision and the problematic parts are still there. So, they're still taking basically the same approach as in the previous version
14:23
that there is no reference to open standards and also from the wording it seems that the document is being even more lifted to like even more stronger languages used because they're already talking about how member states should implement that
14:43
which is a bit like too strong language for such document. And yes, I'm sorry. Okay, just ask quickly. Okay, yeah, it's good. I would like to have them in the end, but yeah, go ahead.
15:11
You said this approach was more unofficial and then with the second 2010, it's more official character.
15:24
What does it mean in legal? And what does this mean now in how legal? Okay, yes. Yes, I understand the question. Thank you. Yeah, so in 2010, it became from like more internal document.
15:43
It became an actual initiative which means that, okay, so this is an official document from the EU and even though it doesn't have any legal because it's not law, so these are policies that are basically like they used to shape the existing laws in the member states,
16:02
but it's so basically like if member state would not implement it, nothing will happen because if law is not implemented, European Commission can sue a state before European Court of Justice, but in this case, nothing will happen. They can just issue some recommendation being like, yes, please because there is a supremacy of these policies,
16:22
but in the end, member states are free to do whatever they want. But the problem is that you could see that it gradually becomes more and more binding and that's why we should care about it because we don't want this to end up in the law if it goes wrong
16:41
because that's basically the question. So the problem with what's happening now is I've only seen one draft version and it's just a speculation so far. That's why we need to act like when it's still in a draft rather than deal with the consequences later. So in 2010, it became an official document.
17:07
Before it was unofficial, it was just internal. Then it was an official document which is already an initiative and they also issue like studies and see how member states, I mean they score them according to, okay, how much of that you implemented in your state.
17:21
Like yes, they can't legally do anything, but I mean it depends on the member state. Like if some study shows that they are lagging behind, I guess member states will say, okay, we're lagging behind. Maybe we should do something. So it kind of like depends, but it's still like from 2016 perspective,
17:42
it's still better to shape it in the right way because even if it actually becomes a law, then it will be difficult to do something when it's already adopted as a directive, for example, or something like that. Then it has to be implemented. So I hope I answered your question.
18:02
Okay, yes. So on that note, yes, so that language is stronger and one good thing about the draft right now is that royalty-free licensing is a preferred notion,
18:20
which is a good thing because, I mean, at least it eliminates from front the royalty criteria, but it doesn't address other restrictions that such licensing terms can pose on free software distribution. And yes, so that's on the, so that's an interoperability framework.
18:42
So digital single market, this umbrella initiative that European Interability Framework is a part of, I think it's easier to understand why it affects software because it deals with such questions as ICT standardization of technologies, but there we will come to an actual law
19:02
that is already adopted, enacted and can have a more impact on free software than the previous instruments we were talking about because they're just being pauses, but now we're talking about the radio equipment directive.
19:23
And yeah, so how we get to know about that was actually a little accident because we were following the discussions in the US which were talking about introducing some dangerous software compliance regime.
19:44
And we thought that, okay, we're going to look into our own laws. And apparently it turned out that because we didn't follow those policies and like non-binding documents, we actually missed that part when something dangerous was introduced into the law.
20:04
And that is then a radio equipment directive, which we call radio lockdown directive. And so a bit of background about that. So it's a directive which means that it's a law and member states have to implement that.
20:24
So if that's not in the national law, a commission can sue a state, yes. And so it was adopted in May 2014
20:43
and it affects all devices that can send and receive radio signals. So through Wi-Fi, mobile network, GPS. And its main purpose was to harmonize the existing rules. So there was already another directive before that,
21:03
but it wasn't implemented in the member states. And member states were just creating their own rules. And so for the harmonization purposes, this new directive was introduced. And so member states had two years to implement it.
21:26
And so it was actually this year, not too far time ago. But the problem is that it actually introduced a dangerous requirement to ensure for safety and security reasons.
21:44
And it's basically like put an obligation on device manufacturers to ensure that the combination of hardware and software. So basically saying that, okay, for security reasons,
22:05
you have to show that that software that can be put on that hardware is safe. And that means that it just puts a very disproportionate obligation on device manufacturers to test every possible hardware-soldier combination
22:23
and say that, okay, this is secure and this is safe. And that basically creates a very dangerous situation where in fear of being liable for some safety critical bug or something,
22:45
then they would just make sure that no alternative software can be put on the particular hardware. So that in the end means that you can't use alternative software
23:01
on such devices as routers, Wi-Fi cards, and basically all Internet of Things devices. And that was then all justified for the security reasons. But it turns out that installing alternative software
23:21
actually helps increasing the device's security. And it also puts a very strict obligation that is unnecessary for such products as a router or a laptop, which has a limited radio output power. So it's a very vague obligation.
23:40
And it's also, again, as law has been very general, but it basically still creates that backdoor in the law. But there is something that we can still do, despite it being already an official law that has to be implemented. And so the problem with this obligation is that it is a new one
24:04
and it hasn't been introduced before, according to the previous directive. And so how to implement that particular obligation in the member state is for first member states to decide because it's a directive.
24:23
But also the European Commission has to come up with an additional delegated act to say, okay, these devices, you should check for that compliance, others not. And these acts have not been adopted.
24:40
And so if these acts could somehow be influenced, then there is a reason to abstain from this dangerous impact. And so what we are arguing for is that on the member state level, first that the delegated act should be done right,
25:02
and that on member state level there should be an exception for free software, to say that it's okay to put free software. Or for widespread and critical consumer devices saying that, okay, these particular not critical infrastructure devices should not be impacted with this
25:21
because it severely hampers consumers' choice and competition on the EU level. And so what FSIP has done is that we published, we were one of the first to draw attention to that, and we published the joint statement. No, before we just published an information page,
25:41
and many companies and other organizations came to us saying that, okay, I mean, it's something that we should also look into and can be somehow supported. And then we came up with the joint statement. So it's still open to signatories. And if you feel like this is something that should have an impact and should change on the EU level,
26:02
and you want to have more voice into it, put more voice into it, then you can still sign it. And this is just one of the few companies and organizations who decided to support us there. So, and yes, so many other, you can check the first link
26:25
and see all the other organizations. And so, yeah, I'm pretty quick today. And so if you want to support us in these areas and topics and on our goals and to make sure that we don't miss anything important
26:41
for free software on the EU level, then just subscribe to, first maybe subscribe to our newsletter because then you'll be updated on what's going on. And we also have always an action item there. So then everyone can act upon or write to their member or be in parliament or something like that. And, or you can also order a promotional material
27:01
and spread the word about us. And if you just don't have time for that, then you could always just support us with money and donate. Yes. So you can always drop me an email if there's something, some topic you would like to draw our attention and, or just to always in support of like,
27:20
we're always in need of like technical expertise or anything like that. And thanks a lot. And yeah, I opened the floor for the questions and answers. Thank you.
27:41
I have one myself anyway. Okay. Regarding the regulations you were stating about wireless devices, for example, you said that you're pursuing local governments to put in that exception for open source devices.
28:01
But given that the Americans have a somewhat similar legislation and device manufacturers mostly work on a global basis, I think, do you think that they'll still make exceptions at the device level to run open firmware on there?
28:21
Because if they have to limit it for the US and not for three countries in the EU or all but three countries in the EU, would they make a separate version for that, do you think? Well, there's, yes, there's also, actually there's been a case already in US. I think it's in the beginning of August about that.
28:40
It was, yeah, so it's about like TP-Link and there was exactly the same requirement of software and hardware compliance. And so the court was saying that alternative software should not be hampered by that, but they still find TP-Link to be liable,
29:00
which is a little bit like, okay. So, yeah, it's actually, it's a good question. But, I mean, the problem is that laws are different everywhere and even despite the manufacturers actually globally, they're still acting in every different country according to the country laws. So, okay, it might not be that in US, but it might, it still might be that in Europe.
29:23
So laws are not universal. So, I mean, and manufacturers have to abide by the national laws. So I would say that there is, I mean, at least at some point there is hope to make it better. I hope so too.
29:43
You should care about that, yes. Thank you. Thank you very much for your talk. Oh, thanks. It's very concerning a little bit, what's happening there on the EU level.
30:02
What I'm a little bit concerned about, stuff like routers or something like that, are basically complete computers and machines. Yes. So they are basically the same as a desktop computer or so. And we have also radio interfaces in our laptop, notebook, whatever. So could those radio regulations also have an impact if all cases fail on laptops, for example?
30:26
Yes. Free software on laptops also. So we're not just talking about network equipment here. Yeah, yes, exactly. So this is also what our concerns, because of the wording of the directive is so vague that all the cases can fall under that.
30:43
And this is what makes it so concerning, because before that, we didn't have that requirement. And now suddenly we have that. And that's why it's really difficult to say whether it was that because EU was unaware of what this can bring,
31:02
or it was something that some lobbying went too far at some point. Yes, so laptops, yes, smartphones, yes, fall under that. It's crazy, crazy. Thank you.
31:24
I'm not sure how much this really affects smartphones, because perhaps we're really interacting with radio stuff. At the moment, they aren't free. When you are using Android or something similar, you have binary blocks for the Wi-Fi interface and other radio interfaces,
31:47
and you have a separate processor doing the cell phone stuff. So I don't think it affects smartphones so much. It's already bad, so I don't think it will get worse because of this regulation.
32:03
And then notebooks, at least, there are Wi-Fi chips which have hardmax, so the Wi-Fi stuff is done in hardware, more or less. So there's some kind of interface which is really fine. And I think laptops are more or less concerned by that.
32:26
But routers are really, and the Internet of Things, are really a tough thing. And about the regulation, at the moment, I think smartphones are usually registered in Great Britain,
32:44
so the organization like FCC, like in Britain, they register and say it's okay according to the regulation. So I don't know how Brexit will change that globally, so perhaps there will be some other country where most of the equipment will be checked
33:07
whether it fulfills the regulation. So it might be useful to find out which country that is and put effort to influence the regulations there.
33:22
No, that's a good point. That's a really good point, I agree. I'm interested in the case of overseeing the development of the law.
33:47
Is the Free Software Foundation the only organization that could prevent it and not oversee it? Or are other non-governmental organizations around that also overslept it?
34:11
Yes, actually with RID, we were the first ones to publish anything on that. And as much as I talk to other civil societies, they're all like, yeah, we missed it.
34:22
So it's really because of its highly technical nature and the fact that it's not a trendy topic of privacy and mass surveillance or something like that, which is usually most of the digital rights organizations are focused on. And also like other free software organizations or open source free software organizations,
34:43
they're also overlooked and that's really unfortunate. It's like no one could even see that before. Because in the U.S. there was more media attention to that and everything like this. And in our case, in Europe, it was just passed like that.
35:04
So yeah, we were the first ones. And it's already quite late. Exactly, exactly. That's the lesson we learned from this. I tried to save it last minute somehow.
35:24
Okay, I think that's it. Thank you again. Thanks. Next talk will be at 4.30. Not in this room, because next talk here is cancelled. We skip a slot. Have a good day everyone.
35:42
Thanks. And just one last remark before I go. My colleague Max Mael will give a talk about RID and Compose Re-routers campaign in Germany. And if you're interested in more details about that, then yes, go and see him at 16.30 in the first room. Yes, thanks.