It is supported by many that the AGPL license for network services which run in a cloud brings back the fairness provision that the original GPL intended and returns the freedom that FLOSS promises to all users and developers. But does the APGL license really provide all that?
The AGPL license tries to bring software that works as a service closer to the PC based model for FLOSS licensing by linking the source provision requirement to the modification of the underlying code and its user interaction over a network . Copyright remains in derivative works and provides the potential users with the right to have access to source code. Moreover, with the use of AGPL the vendor is being “watched” somehow so he can not start behaving badly. But there is something that is concerning in all these. Data is the primary challenge of FLOSS in cloud computing so it is easily understood that access on the source code does not help if the data from a service in the cloud are still inaccessible.
Three are the main challenges of cloud computing and these are:
1. Data portability
2. Privacy
3. Compatibility
Before the appearance of network applications, access to the source code was the solution for the above challenges. Someone could easily check the data formats and the processing of the data by just looking at the source code. But as the FSF admits:
“If some program on this server is released under the GNU Affero GPL, it requires that the users have way to download the corresponding source of that program. That is good, but having this source code does not give them control over the computing the server does for them. It also does not tell them what other software may be running on that server, examining or changing their data in other ways.”
Hence, “Terms of service” is an essential part when someone wants to address these challenges for cloud computing. In order to migrate the GPL model to cloud computing, copyright and licenses are not good enough, thus technological characteristics are necessary to provide the user his freedoms. To give the user autonomy, we must guarantee that his data is portable, which means that cloud computing servers must provide API’s (Application Programming Interface) to communicate with other services.
In order to apply the GPL model for web applications we will need 3 basic features:
1. Access to source
2. Carefully designed terms of services
3. Technological features (APIs)
An example of this kind of application is Identi.ca, a micro-blogging service which is a FLOSS replica of Twitter. Its licensed under GNU’s AGPL, so a user can have access to the source code. What’s more, identi.ca’s terms of services clearly determine which data is kept private and which is not, and guarantees that private data is not shared but only used to provide services to the users. Identi.ca will only turn data over to the government with a court order. Finally, with the use of Identi.ca’s API, users can get their data out of the service, which provides us with the third feature. Identi.ca also addresses the vendor lock-in concern by allowing various instances of the service to communicate with each other, thus enabling interoperability without exposing private data.
Someone can easily understand that the AGPL is not by itself enough to provide all the freedoms a user must have in cloud computing or SaaS. A combination of the above 3 features is much more effective and can guarantee the user with his freedoms. GPL license models are being threatened by the spread of cloud computing and software as a service. Technology moves forward. FLOSS license models need to evolve with it.
The above post is the conclusion of an essay I had to write for my university, titled:
“The only major threat to open source software license models like the GPL is the spread of ‘cloud computing’ and Software as a Service (SaaS) business models.”
If you are interested, you can read the complete essay (it’s really not that long).
This makes sense, thanks for posting.
I’ll point out that the issue of privacy can’t be definitively put at rest (unless perhaps, the data is encrypted before it is sent to a server for storage). If you truly need privacy with some data, then using another’s server can be risky as “terms of service” is a promise that can be broken.