A blurry image of programming code, in violet font on a black background.

Good Code, Dangerous Ideas: The Dark Side of Open Source Culture

By Vance Bentzen

Let’s assume that you’re human. You need food, you need warmth, water, shelter. You have decided to move into a house. Where do you find a house? Well, you could make one. What land is available? What does the legal process entail? How do you lay bricks? Where do you place a load-bearing beam? How do you install plumbing? 

The easiest way to avoid answering these questions yourself is by outsourcing them to people who do have the answer. Hire architects and builders or, more likely for this readership, grab four friends and start renting an existing flat. You avoid needing expertise in a range of fields that don’t relate to your original task. You avoid the risks of answering questions incorrectly. It takes weeks rather than years to move in. It’s a less complex, less risky, and faster way to achieve the goal of living in a new house—it is also the approach most people take.

Now imagine that you need a new laptop. Exams are next week. Your time is valuable. How would you lay out the keyboard? How do you build the screen? Where would you get the raw metals and plastics from? How would you machine them? Would you verify whether your supply chain is environmentally friendly and socially ethical? How do you put together the computer chips on the inside? What’s inside a computer anyway? There are far too many details. The obvious approach is to pay a company to deal with these questions and just buy the laptop from a retailer.

Completing complex tasks involves all sorts of sub-tasks, and in many situations it makes sense to outsource the work to someone else. This is how most of the world, especially the tech world, works. Tackle each complex task by outsourcing as many sub-tasks as necessary.

Now, picture this scenario, as laid out on the website for tech manufacturing company Diligent:

“..you need to develop an embedded vision application—something like an object detection system or real-time digital video processing—but you don’t have the time or money to build out the whole thing. You need something quick, you need something flexible, and you need something that is powerful enough for the job.”1

Relatable. What Diligent offers is a prototyping kit allowing the user to quickly implement various tracking algorithms into video streaming. The majority of the company’s target market is made up of hobbyists and amateurs working on small-scale projects or on the application for practice. The implementation example given, however, is far from amateur and far from small scale—an animated GIF shows an intersection in China, the camera panning as coloured boxes close in around figures walking, cycling and standing. An example of the ‘embedded vision application’ put into use by the Chinese state surveillance project.

Regardless of the ethics and scale of the project, tech projects need to, at some level, outsource their work. So what does this outsourcing look like?

Often, like any company task, it manifests as the hiring of contractors or consultants to take on specialist roles and tasks. Given that labor is expensive, and given that most engineering projects fail (it’s nearly ubiquitous for them to finish late and over-budget), outsourcing work also outsources risk.2 One way companies can outsource work and risk—usually for free—is to use open source projects.


Open source projects usually relate to software and involve code being released to the public to be used under minimally restricted licences. Examples of this include OpenSSL, which has been widely adopted by internet providers to allow secure communications on the web; OpenCV, which is a collection of image processing tools and techniques; Linux, a family of open source operating systems for computers; Libre Office, an open source document editing software; and Kicad, an open source circuit board design software.


Open source projects are usually launched by well-intentioned founders, who then develop an online community of contributors, who want to make it easier for anyone to build a sophisticated application instead of having meaningful software protected as commercial trade secrets.3 It gives individuals the freedom to interact with computers in a more capable way, to collaborate, and to develop new technologies.


Companies take advantage of this by combining the capabilities of open source resources with their own internal intellectual property, creating composite applications.4 Perhaps it’s a self-driving car company that uses OpenCV’s implementation of lens distortion correction mathematics, or OpenSSL’s encryption to ensure that their self-driving car is harder to hack. Why would a company pay the wages of an employee to implement these things when another team of open source coders has already made and verified a freely available solution?


While free knowledge may seem like the Internet utopia once imagined, there are some real problems in the open source community. Firstly, the space is often exclusionary as it is made up of 95% male coders and hostile antisocial behaviour is commonplace.1 This means that there are fewer perspectives involved in the development process of open source projects and that there is a needlessly lessened talent pool.
Secondly, having free time to contribute to open source projects is a privilege. There are flow-on negative effects to this. For instance, being an open source contributor is often used alongside a resume for STEM job applicants, creating a built-in bias for those who have the privilege of time. This lack of diversity has a knock-on effect, meaning that the diversity of those employed within the STEM industry becomes very narrow. Having tech production driven by a narrow demographic of developers means that often the final product is less relevant, more difficult to use, and can include built-in biases.


Further, open source software tends not to be ready to use ‘out of the box’, it needs to be integrated into a composite product to be useful. As big organisations have the resources to do this, open source software can easily be seen as normalising free labor for these organisations. Individuals tend to have limited time, and so are less able to take advantage of the potentials of open source projects.

Unfortunately, there are no ethical controls. It is entirely probable that an enthusiastic researcher in computer vision techniques could implement a noise reduction algorithm in OpenCV, (i.e. making cameras see better in the dark) advancing the state of image processing science, with nothing stopping that same algorithm from being used to enhance the performance of state surveillance or military applications (i.e. enabling drones to identify more targets in challenging lighting, or surveillance cameras to identify facial characteristics with more precision).
Would it really be a stretch to build upon the techniques demonstrated in one researchers’ OpenCV tutorial on “developing a system to automatically detect targets from a quadcopter video recording” into a rushed military project?5 Especially given that the Pentagon views open source code as “secure, reliable and effective”6. Another branch of the US Government, the Immigration and Customs Enforcement agency (ICE), has used open source software for its operations. Although, recently, ICE was denied renewal of a licensing contract in a rare instance of a contributor’s representative taking control of the ethical applications of their work.7


Conversely, there is nothing stopping a large organisation from contributing back to the open source community. For instance, Google has released much of its operating technologies to the community.
Freedom of information is a good thing and the internet’s ease of sharing information has enabled the execution of massive collaborative works that were not possible before. It is important to be aware of these often opaque mechanisms of how the people behind tech work and how contributing to one project can inadvertently accelerate another. If the STEM workforce can become more welcoming to all those who want to contribute, we would have better thought out, more usable tech.

Bibliography

1. David Horn 2019, ‘Build a Cheap, Quick (and Powerful!) Video Streaming System’, 23 September, Digilent Blog.

2. Philip Lawrence & Jim Scanlan 2007, Planning in the Dark: Why Major Engineering Projects Fail to Achieve Key Goals, Technology Analysis & Strategic Management, 19:4, 509-525

3. Ben Werdmuller 2017, ‘Why  open source software isn’t as ethical as you think it is’, 30 September, Ethical Tech Medium Blog.

4. Metaeffekt 2018, Open Source Ethics, metaeffekt.

5. Adrian Rosebrock 2015, ‘Target acquired: Finding targets in drone and quadcopter video streams using Python and OpenCV’, 4 May, pyimagesearch.

6. Kelsey Atherton 2017, ‘The Pentagon is set to make a big push toward open source software next year’, 14 November, The Verge.

7.Tajha Chappellet-Lainer 2019, ‘After protest, open source software company Ched will let ICE contract expire’, 23 September, fedscoop.

Check Also

From the Homeland to the Diaspora: An Assyrian Outlook

Ethno-cultural associations like Assyrian Students' Association provide a means of celebrating culture within a multicultural environment at UNSW.