WEBVTT 00:00.000 --> 00:22.280 I'm not a lawyer, I'm not your lawyer, I'm definitely not my lawyer, I'm no one's lawyer, 00:22.280 --> 00:26.040 and I'm not certified as a lawyer in any jurisdiction, including America, which is where 00:26.040 --> 00:27.840 I'm originally from. 00:27.840 --> 00:32.720 Why do I mention America because all of open-source law is now predicated upon the American 00:32.720 --> 00:34.840 legal system? 00:34.840 --> 00:38.520 This is kind of confusing and it's kind of weird, but it's because America has been a global 00:38.520 --> 00:42.440 superpower for a long time, and as you all know, it's increasingly less of a superpower 00:42.440 --> 00:46.520 and more of a superpower, like what's going on. 00:46.520 --> 00:51.200 So what I was curious about is what's going to happen with that? 00:51.200 --> 00:57.200 So I currently live in New Zealand, where, yeah, it's really nice, fellow Shannon, where 00:57.280 --> 01:01.400 I joined the Wikimedia group, and it turns out that every single discussion about what 01:01.400 --> 01:06.920 you can upload to Wikimedia in New Zealand is what happens on their American law for this 01:06.920 --> 01:12.280 asset, which doesn't make any sense, because A, it's across an entire ocean, but B, New 01:12.280 --> 01:17.800 Zealand shouldn't be worrying about American law, but they do because Wikimedia is based 01:17.800 --> 01:22.200 in America, and also American law just has a really long arm, you can think of it like 01:22.200 --> 01:27.080 Sauron, just reaching way beyond the border of Mordor. 01:27.080 --> 01:34.360 This is increasingly less of a thing that we need to worry about in a post-American world. 01:34.360 --> 01:38.880 The majority of the legal and interesting policies that we can talk about is really about 01:38.880 --> 01:42.640 the CRA, and about the EU, which makes sense, we're in Brussels. 01:42.640 --> 01:46.480 But I guarantee you, if there was an open-source conference in China, there would be more 01:46.480 --> 01:49.680 about Chinese law, unless about American law than it used to be. 01:49.680 --> 01:53.840 And so my question is, what's going to happen there? 01:53.840 --> 01:56.200 I can't ask anyone here about that. 01:56.200 --> 01:58.760 I can't ask Karen, because Karen is an American lawyer. 01:58.760 --> 02:02.360 I can't ask Richard, because Richard is an American lawyer, and maybe they're lawyers 02:02.360 --> 02:05.120 in other places, but they may not be lawyers in New Zealand. 02:05.120 --> 02:11.080 And I just don't know what this means for the OSI, because the OSI is also a 501c3 in the 02:11.080 --> 02:12.080 US. 02:12.080 --> 02:13.320 And so what happens there? 02:13.320 --> 02:17.640 And if you look at the open-source principles, which they use, on their website, some 02:17.640 --> 02:18.880 of them are really interesting. 02:18.880 --> 02:24.600 For instance, you can't discriminate against anyone using your license. 02:24.600 --> 02:25.920 Your license can't be discriminatory. 02:25.920 --> 02:29.480 But if your license is in English, it's discriminatory against someone in another jurisdiction. 02:29.480 --> 02:33.960 It's not discriminatory if you're entirely based upon American law. 02:33.960 --> 02:35.120 What happens if it's in Ghana? 02:35.120 --> 02:36.360 What happens if it's in another language? 02:36.360 --> 02:40.200 Well, they speak English in Ghana, but I don't know. 02:40.200 --> 02:43.400 Let me just say, I'm not a lawyer, I'm not even smart. 02:43.400 --> 02:48.880 Well, I'm really wondering if my passport is less valuable than it used to be. 02:48.880 --> 02:53.240 And if I can get sued in a different jurisdiction or something, like, what's going to happen 02:53.240 --> 02:54.240 there? 02:54.240 --> 02:57.000 That's really not cogent, but it is for 30. 02:57.000 --> 03:00.280 I think I'm just going to actually stop. 03:00.280 --> 03:06.360 I have notes, oh yeah, the other question. 03:06.360 --> 03:11.920 So when I looked up the open-source principles on the open-source.org website for the OSI, 03:11.920 --> 03:16.640 there's also the open-source AI definition, which was pushed through really, really quickly 03:16.640 --> 03:17.640 by the OSI. 03:17.640 --> 03:22.080 And it was pushed through with the approval of things like Facebook, because they want 03:22.080 --> 03:26.160 to make sure that open-source applies to AI's. 03:26.160 --> 03:28.080 That's also less important than it used to be. 03:28.080 --> 03:33.320 And the OSI is compromised for that reason alone, as well as being an American site. 03:33.320 --> 03:37.960 So when you combine those two things together, it just makes me feel really do me and gloomy. 03:37.960 --> 03:40.520 And so I would be interested in talking to anyone here about that. 03:40.520 --> 03:41.640 This is a lightning talk. 03:41.640 --> 03:45.440 It's not a complete product, and at this point I will stop. 03:45.440 --> 03:47.440 Thank you. 03:47.440 --> 03:53.080 I wish I could respond, but that is not on the agenda. 03:53.080 --> 03:55.440 The next part, we'll go with Jen. 03:55.440 --> 03:57.440 Let me see. 03:57.440 --> 03:59.440 Here we go. 03:59.440 --> 04:07.960 Well, I wanted to follow Richard for a number of reasons, but he posed this question of, what 04:07.960 --> 04:12.600 does it mean if so many different projects, foundations, et cetera, are based in different 04:12.600 --> 04:14.240 national jurisdictions? 04:14.240 --> 04:18.960 And at the same time, we have increased regulation with extraterritoral effects. 04:18.960 --> 04:24.920 And it is a question that I have been looking into, and at the end of my PhD, which focuses 04:24.920 --> 04:28.400 on global governance of open-source software at the University of Cambridge. 04:28.400 --> 04:33.720 When I wrap up this year, I might not have the perfect answers, but I hopefully will have 04:33.720 --> 04:36.400 a answer to this conundrum. 04:36.400 --> 04:40.000 So if you think that I've noticed over the past couple of years of doing this research 04:40.000 --> 04:44.280 and before that, I worked for a decade in practice as an international lawyer, so I looked 04:44.280 --> 04:50.080 at things like global governance of the regimes around climate change or oceans or internet 04:50.080 --> 04:51.760 governance. 04:51.760 --> 04:57.680 And there are all these formalized regimes for governing those comments, but there hasn't 04:57.680 --> 05:00.400 really been that discussion around open-source. 05:00.400 --> 05:04.560 And until now, we haven't really had the political circumstances of pressure to have those 05:04.640 --> 05:12.120 discussions partly because it was freely available, it was open, and there were less restrictions 05:12.120 --> 05:17.560 that were potentially being imposed and more of a cooperative global environment. 05:17.560 --> 05:22.600 However, the reality, as Mark Carney, so eloquently said at Davos, is that we are no longer 05:22.600 --> 05:25.640 living in that world. 05:25.640 --> 05:31.560 We are also watching witnessing a particular geopolitical moment as states talk about digital 05:31.640 --> 05:37.000 sovereignty and how they can leverage the power and potential of open-source to get ahead 05:37.000 --> 05:40.640 and through Jewish dependencies on foreign tech. 05:40.640 --> 05:47.840 So open-source is, in many ways, having a key moment, and that's tying into some very 05:47.840 --> 05:54.440 helpful discussions with states wanting to invest and support in open-source as well. 05:54.440 --> 05:59.840 And I was one of the co-authors of the proposal for a European sovereign tech fund within 05:59.920 --> 06:01.280 this context. 06:01.280 --> 06:06.960 However, as states look also to invest and support open-source, they may also be looking 06:06.960 --> 06:12.240 to regulate and engage in other ways that could potentially further fragmentation. 06:12.240 --> 06:17.000 So another cool part of my research is how can we bring relevance stakeholders together 06:17.000 --> 06:23.440 and have discussions about regulatory cohesion and having a simplified cohesive framework 06:23.520 --> 06:30.720 across borders that supports and facilitates open-source as a digital commons rather than 06:30.720 --> 06:33.440 having that fragmentation. 06:33.440 --> 06:36.440 And with that, I'm very happy to leave things there. 06:36.440 --> 06:42.720 But if you would like to talk to me further, I'm always welcome conversations, suggestions, 06:42.720 --> 06:45.520 people that I should be speaking to and things that I should be reading. 06:45.520 --> 06:46.520 Thank you. 06:46.520 --> 06:52.840 I think at this rate, we may have some time at the end for some rebuttals, which I think 06:52.840 --> 06:55.320 there may already be of interest in doing. 06:55.320 --> 06:57.920 So we'll see how that goes. 06:57.920 --> 06:58.920 Whoops. 06:58.920 --> 06:59.920 So who's next? 07:05.920 --> 07:06.920 Thank you. 07:06.920 --> 07:07.920 All right. 07:07.920 --> 07:08.920 So hello. 07:08.920 --> 07:11.320 My name is Niles Hucos. 07:11.320 --> 07:17.440 So before Christmas, I started looking into digital wallets and in or way, they have 07:17.440 --> 07:18.720 this Sandbox. 07:18.720 --> 07:26.400 It's a program you can apply and join to develop various services or even wallets, technology, 07:26.400 --> 07:28.400 digital wallet technology. 07:28.400 --> 07:34.800 So I said to them, hey guys, I don't want to buy an accrate wallet for iOS or Android. 07:34.800 --> 07:40.120 I'm thinking about creating a wholly different mobile phone, something small, it would 07:40.120 --> 07:41.840 be totally different. 07:41.840 --> 07:46.880 And this was this started, sparked a very interesting process of me talking to this 07:46.880 --> 07:53.120 governmental body because they were like, first resort or first reply was, that's kind 07:53.120 --> 07:58.440 of cool, but it's too bad we couldn't make it this time and so on. 07:58.440 --> 08:02.000 And then I, since I'm in the past life, I was a consultant. 08:02.000 --> 08:09.480 I wrote this wrongly word a letter saying, if you are going to decline me, then you 08:09.480 --> 08:18.000 will have to thoroughly explain why and with pointing to your project mandate and pointing 08:18.000 --> 08:25.240 to the digital market sector where by end explain why you are prohibiting an alternative 08:25.240 --> 08:30.960 platform besides iOS or Android, which this could theoretically be. 08:30.960 --> 08:39.160 And then sometime past and then they wrote me an email saying, maybe we can have a meeting. 08:39.480 --> 08:42.400 And then so that meeting is next Friday. 08:42.400 --> 08:49.480 And I think they are still very on the back first, they don't really know what to do with 08:49.480 --> 08:52.280 something that is not iOS or Android. 08:52.280 --> 09:02.840 I know that they had, like Job offers out requesting people who are experts in Android 09:02.840 --> 09:07.840 or iOS and suddenly there's something else that is not Android or iOS, but we have already 09:07.840 --> 09:11.720 hired people for Android and iOS, what about these other things. 09:11.720 --> 09:14.160 So this is going to be interesting. 09:14.160 --> 09:20.600 So yeah, and I was, that's, so I'm trying to hold the digital market act as a tool and 09:20.600 --> 09:24.960 use it right now, but I don't know how well it will be. 09:24.960 --> 09:30.760 And there's another aspect to this that's also, I wanted to ask that it's released to banking 09:30.760 --> 09:37.320 apps, which is in Norway and in Scandinavia, there's an app called Bank either. 09:37.320 --> 09:41.640 And it's very monopolistic and you use it not only to access your bank, but also to do 09:41.640 --> 09:44.880 all sorts of governmental services and so on. 09:44.880 --> 09:51.800 And it's extremely, prohibitive, it hinders a lot of different platforms because if you 09:51.800 --> 09:57.560 create a fully de-gugled Android operating system, then the users of those systems, they 09:57.560 --> 10:01.040 will not be able to download Bankida at all. 10:01.040 --> 10:10.320 And also, if I would create something small that could readily be worked as a bankida, 10:10.320 --> 10:16.040 then why should this proprietary service owned by a lot of banks even care about me at 10:16.040 --> 10:17.040 all? 10:17.040 --> 10:23.960 So then I wish some of them were here because then I would ask if the bankida company is 10:23.960 --> 10:29.360 actually being a true gatekeeper and should be have all these obligations that we put 10:29.360 --> 10:32.200 on Apple and Google and so on. 10:32.200 --> 10:33.840 So yeah, lots of thoughts. 10:33.840 --> 10:39.040 If this interests you or you've been working a bit with this, come talk to me. 10:39.040 --> 10:40.040 Thank you. 10:40.040 --> 10:58.760 Hi there everybody. 10:58.760 --> 11:02.400 What's good for us them? 11:02.400 --> 11:07.240 So first things first, thank you to the organizers here in the legal and policy devroom. 11:07.240 --> 11:12.040 This is my favorite devroom, I'm completely horribly biased, but I love this place, really 11:12.040 --> 11:19.800 appreciate you all, round of applause for the organizers and volunteers. 11:19.800 --> 11:21.880 My name is Remi De Causemaker. 11:21.880 --> 11:24.760 I am not here officially affiliated with anyone. 11:24.760 --> 11:31.160 I'm here as a private citizen of the global free and open source offer community. 11:31.160 --> 11:33.080 During my day job, you can look up what I do. 11:33.080 --> 11:35.120 I'm not even going to mention it today. 11:35.160 --> 11:40.560 The thing I want to share with you all here in the policy devroom is that there have been 11:40.560 --> 11:47.240 some changes across the way in the place that I come from, but one of them is this thing 11:47.240 --> 11:52.320 called the Share IT Act, it's the source code, harmonization, and reuse of information 11:52.320 --> 11:53.320 technology act. 11:53.320 --> 11:58.120 It is a new piece of legislation that was passed at the end of 2024. 11:58.120 --> 12:03.320 And it says that any custom developed source code that's produced under a contract, whether 12:03.320 --> 12:09.160 it's by feds or by contractors as part of their official duties, and the components 12:09.160 --> 12:15.520 of it such as the architecture and the metadata, it has to be one owned by the agency, two stored 12:15.520 --> 12:20.920 in no less than one public or private repository, three, it has to be accessible under 12:20.920 --> 12:26.960 certain procedures, and contracts need to secure government-wide reuse sharing use and 12:26.960 --> 12:29.680 modification rights for it. 12:29.680 --> 12:36.360 And on top of that, there are four very specific exemptions for it, national security, 12:36.360 --> 12:44.080 national intelligence, public, or sorry, personally identifiable and personal health information, 12:44.080 --> 12:48.120 and the last one is escaping me because I'm standing on a stage looking at the bright 12:48.120 --> 12:54.400 lights right now, but there are four reasons if you're exempt against FOIA. 12:54.400 --> 13:01.160 So back in the day, in 2016, there was a memo called M1621, which was the federal source 13:01.160 --> 13:05.560 code policy it was passed, and it said that, hey, this is an executive order that says 13:05.560 --> 13:07.720 that everybody should default to open. 13:07.720 --> 13:12.000 In fact, there was a pilot in it that said that 20 percent of all source code developed 13:12.000 --> 13:15.600 by federal agencies needs to be published under open licenses. 13:15.600 --> 13:21.240 That had a sunset provision that lapsed here recently, but some of the best bits and 13:21.240 --> 13:27.280 pieces of that executive order were codified in the share IT Act, and it passed. 13:27.280 --> 13:32.860 So there are laws on the books right now that say that source code that is custom developed 13:32.860 --> 13:38.200 needs to be public unless it falls under one of those exemptions, and we can take 13:38.200 --> 13:43.760 that same metadata model, the code.json, metadata file, and extend it to include these new 13:43.760 --> 13:45.880 requirements. 13:45.880 --> 13:50.600 It is very exciting, there are a lot of people doing interesting work in this space. 13:50.600 --> 13:55.800 Take shout out to the software heritage project, the UNESCO project that's categorizing 13:55.800 --> 13:58.320 all of Earth's software. 13:58.320 --> 14:01.680 They use code meta as they are standard. 14:01.680 --> 14:06.000 There's public code.jamel, which I have heard about in this dev room in the past, and the 14:06.000 --> 14:13.600 code.json federal standard borrows from and extends in some cases pieces of those international 14:13.600 --> 14:15.560 standards and brings them together. 14:15.560 --> 14:20.240 So if you're a nerd for metadata and inventories of software, and I know there are government 14:20.240 --> 14:24.800 hospitals that we're here speaking today, I'm a big nerd about this stuff, I would love 14:24.800 --> 14:26.760 to talk about it more as well. 14:26.760 --> 14:31.720 The United Nations Open Source Week is coming up this summer, there's a lot of talk around 14:31.720 --> 14:32.720 this type of stuff. 14:32.720 --> 14:35.880 I think there's a lot of overlap between the conversations that are happening here and the 14:35.880 --> 14:37.520 conversations that happen there. 14:37.520 --> 14:42.200 So I would encourage anybody who's interested in that to check that out and to look up 14:42.200 --> 14:48.920 the Share IT Act, and if you're interested in inventories of open source code that can create 14:48.920 --> 14:54.040 a grand unified directory of all free and open source software on planet Earth that's paid 14:54.040 --> 14:55.640 for by public money. 14:55.640 --> 14:56.640 So we can have public code. 14:56.640 --> 14:58.640 I'd love to talk more with you about that. 14:58.640 --> 15:00.880 And thank you, Legal Dev, Foss, down. 15:00.880 --> 15:17.280 All right, we have one more, you're up. 15:17.280 --> 15:24.880 Hi, I'm getting by, saying sorry, I wanted to be very short, but I'm afraid I might not 15:24.880 --> 15:25.880 be. 15:25.880 --> 15:30.560 So my name is Girard Olishboa, and if the name is not the giveaway, I'm from Portugal. 15:30.560 --> 15:41.280 I'm here because it was just announced the continuity of what was known as NGI-0, and that 15:41.280 --> 15:48.240 means that the money will continue to be bought into open source projects and helping communities 15:48.240 --> 15:50.280 and development. 15:50.280 --> 15:57.160 But at the same time, there's a special fund for marketing, and I want to create a sort 15:57.160 --> 16:04.360 of a network of community managers, local community managers, all around Europe, that 16:04.360 --> 16:12.200 reach out to their communities, and bring them to know the funds, help them apply to the 16:12.200 --> 16:21.240 funds, and somewhat manage the community into forums where they can try to find other partners 16:21.320 --> 16:26.480 doing similar code, so that we don't have to projects doing the same thing in different 16:26.480 --> 16:28.760 code. 16:28.760 --> 16:33.240 And why is this project important? 16:33.240 --> 16:43.280 And my call is for local community managers, or wannabes, please contact me, or the NGI, 16:43.280 --> 16:48.120 or anyone in your open source communities. 16:48.160 --> 16:50.120 Why is this important? 16:50.120 --> 16:55.960 Because we need to create a new generation of community leaders. 16:55.960 --> 16:57.760 They are extremely important. 16:57.760 --> 17:05.400 They are the ones that will keep the fire running, and managing a community, not letting 17:05.400 --> 17:12.600 it die out, is one of the most important things that we have been forgetting. 17:12.600 --> 17:16.440 The open source awards, yes today, yes today? 17:16.520 --> 17:25.000 Well, the day before, well, they chose Greg Hartman, which I think I had heard of him, 17:25.000 --> 17:33.440 but he's the one doing the thankless job of keeping the kernel community alive and in order. 17:33.440 --> 17:39.120 And that's what we need to do in every part of Europe and the rest of the world. 17:40.120 --> 17:47.400 And these people, not only need to exist, need to be refreshed, but they also have to be paid. 17:47.400 --> 17:53.520 And that's what I'm trying to create this project for, so that we have something that also pays 17:53.520 --> 18:08.120 a little bit of the work they are doing, so they are not doing thanklessly and with their time and destroying their health and family and friends and so on. 18:08.120 --> 18:18.280 And with this, I want to finish with something, because managing people is important because, 18:18.280 --> 18:28.640 and I'll repeat this several times with all people I am connecting here, technology is people. 18:28.640 --> 18:32.080 There is no technology without people. 18:32.080 --> 18:45.080 I never you see politicians and I've spoken with my government several times and it's always infrastructure that a lot of other people that other people and say, 18:45.080 --> 18:55.080 no, you have to put people on top, it doesn't matter if the health services puts well infrastructure and new equipment on top and then people on top. 18:55.080 --> 19:05.080 It's people on top, it's always people on top, what's important, what's important in open sources, people open sources, people. 19:05.080 --> 19:18.080 Code is people, they are a reflection of the mind, it's a fraction of intellect and knowledge and so that's why we need community leaders, 19:18.080 --> 19:25.080 that's why we need people that are talking with people and bring more people in. 19:25.080 --> 19:38.080 And on the last note, I had the pleasure of collaborating with a small group that made the latest version of the contributor covenant, 19:38.080 --> 19:48.080 look that so it's a blueprint template, something that you can hold on to manage your community. 19:48.080 --> 19:55.080 If you have already a code of conduct, maybe you can look at it and see there's something we couldn't prove that you couldn't prove. 19:55.080 --> 20:07.080 If you have nothing you can look at and use something, but it's a tool, again, to help people, help people, helping open source and at the end helping the world. 20:07.080 --> 20:11.080 Thank you. 20:11.080 --> 20:16.080 Thanks everybody, we have four of our minutes left. 20:16.080 --> 20:24.080 You were to add it, right, you just want to, well, I'd like to give two minutes to anybody who wants to rebut any of the things that were said. 20:24.080 --> 20:27.080 I knew someone wanted to, you have to come up quick. 20:27.080 --> 20:35.080 Did you want to answer one of the ones that was already, we only have three minutes, so you want to rebut. 20:35.080 --> 20:40.080 You want to rebut something. 20:40.080 --> 20:44.080 There's a camera, there it is. 20:44.080 --> 20:46.080 So, hello, I'm Simon Fipps. 20:46.080 --> 20:49.080 I'm on the staff at the open source initiative. 20:49.080 --> 20:55.080 I am not very excited about the open source AI definition, so it's surprising that I have to say something about it here. 20:55.080 --> 20:58.080 But in the first talk, there were two things that were untrue said. 20:58.080 --> 21:01.080 One of them was that Meta supported the open source AI definition. 21:01.080 --> 21:08.080 It did not matter hate so I say, because we denounce Larmor as a fake open-washed VM. 21:08.080 --> 21:13.080 Secondly, it implied that we are a rigidly American organization. 21:13.080 --> 21:14.080 We are not. 21:14.080 --> 21:18.080 We have three European staff, two Americans and one Brazilian on our stuff. 21:18.080 --> 21:21.080 And I have incorporated a subsidiary in Europe. 21:21.080 --> 21:28.080 I say Europe, stitching or foundation, so that all of our work in the European Parliament, which is the majority of what we do. 21:28.080 --> 21:33.080 We don't even have an AI program at the moment, is conducted as a European activity. 21:33.080 --> 21:41.080 I think Richard missed the real core of, I think Richard missed the real core of the problem. 21:41.080 --> 21:50.080 Which is that we were able to be so successful over licensing because of the burn convention, so that it's the same law everywhere. 21:50.080 --> 21:54.080 And we do not have the same advantage with all the other things we're trying to do. 21:54.080 --> 21:56.080 There we go. 21:57.080 --> 21:58.080 All right, one minute. 22:00.080 --> 22:02.080 Thank you, I'm Jerome. 22:02.080 --> 22:09.080 We are all committed to support open source, so we have an important homework to do now. 22:09.080 --> 22:21.080 Today, because the European Commission has opened a call for evidence and they are waiting for feedback about the European Open Digital ecosystem strategy. 22:21.080 --> 22:26.080 I decided to focus my answer, but we are free to answer whatever you want. 22:26.080 --> 22:35.080 About the first and tight sales of proprietary operating system on PCs is the only example of fourth and tight sales in Europe. 22:35.080 --> 22:44.080 You can buy a car without an insurance policy, but you can't buy a PC without paying the Microsoft tax. 22:44.080 --> 22:49.080 That's just crazy and against any European law protecting consumers. 22:49.080 --> 22:54.080 It's the second point that I answered. 22:54.080 --> 22:59.080 It's the European Patent Office Mark Pack ties. 22:59.080 --> 23:08.080 They grant thousands of software patents, calling them software, innovation implemented by software. 23:08.080 --> 23:18.080 Because in the European Convention on Patents, software must be protected by copyright and not patent. 23:19.080 --> 23:29.080 So, if you want this clear code with the direct link to the form to answer the commissions on the table over there. 23:29.080 --> 23:35.080 And I think that it's ten second well used to support open source. 23:35.080 --> 23:39.080 Thanks very much everybody. Let's give a round of applause to all of our speakers. 23:39.080 --> 23:45.080 How wonderful, super fun use of this time and we learned a lot, so that was pretty great. 23:48.080 --> 23:54.080 Thank you very much.