Needs clarity on indirect harm

[chrisjensen]

As highlighted in stryker-mutator/stryker-js#1061 we'd need some clarity around indirect harms resulting from using services of a company that uses services of a company that causes harm.

[jeznag]

Bitcoin mining would be a similar use case.

With stryker, I don't see any harm because the 4hrs of build server time are being used to enhance the quality of software. It is useful work and it is arguably much more efficient than having a human spend 40 hours doing the same type of testing.

The utility of bitcoin mining is much more dubious as the alternatives (e.g. proof of stake or the visa network) are much more energy efficient.

[chrisjensen]

The main concern here is that potential adopters of JWL licensed software won't find themselves prosecuted unexpectedly.

For the license to be widely adopted people need to feel reasonably confident that they would never fall afoul of it because a judge interprets the contract differently, or because we changed our minds about what we think is ok.

The only real protection they have against this is clarity in the wording of the license. Even though we all agree here that 4 hrs extra of build time is not an issue, if fossil-fuels were added to 4a, it could be interpreted that they could find themselves in trouble with that clause.

[anselmh]

So, in my understanding this would be at least partially covered by the part that says “or gets substantial part of revenue by supporting a company that does [unethical stuff]”.

I think I agree with @chrisjensen that while it’s a good intention to make the whole dependency chain stick to these principles and license, this is hard to achieve. Maybe this could be done in a similar way to how Creative Commons licensing works—with different levels of restriction. This would allow authors to decide if this software could be used only very restrictive (including the complete dependency chain to comply) or less restrictive (only direct revenue stream, as is now in the license).

[jeznag]

I'm a bit confused about what we mean by indirect harm.

Can we run through a few scenarios?

Scenario one: extra CPU usage

The Stryker example was that by running their software, more server time is needed and that server might be running off a coal power station. That doesn't seem to violate the license. There is no statement against consuming fossil fuels, only a statement against trying to block efforts to combat climate change. If the company using Stryker were to make a public statement saying "Stryker is awesome because it gives us an excuse to burn coal and coal will make America great again!" that would be a direct violation.

Scenario two: evil dependencies

I might be misunderstanding your point @anselmh - my take on it is that if Stryker adopted the license but their software was using a node module produced by the makers of Hatreon, that would be indirect harm.

I'd be ok with leaving that out of scope.

[chrisjensen]

To add some other scenarios:

Senario three: Cloud hosting

This sits between scenario one and fossil fuel production - should a cloud service provider that uses predominantly fossil fuels be excluded?
If they're a large host, then the contribution to climate change would be non-trivial, and so seems worthy of exclusion.
Currently excluded: Probably
Should it be: Yes
Practically, how do we differentiate this from scenario one?

Scenario four: Your host practices union busting

What if your service provider practices union busting, engages in oppressive foreign labor practices?
An exclusion on this basis might well exclude any apps in the Apple store.
Currently excluded: No
Should it be: No

Scenario five: You use the software on hardware built from conflict minerals

This is pretty much every hardware manufacturer last time I checked.
Currently excluded: If they derive, or reasonably expect to derrive, a majority of their income from hardware sales, then they'd be excluded.
Should it be: As above

Scenario six: You are a F&B giant like Unilever and some of your products use non-RSPO certified palm oil

(likely contributing to burning of forests in Indonesia)
Currently this would probably not be excluded as such companies are so large that they may not derive a majority of their income from such sales.
Currently excluded: No / Maybe
Should it be: Yes?

On scenario 2, it's hard to argue that using a node module benefits or supports the organisation that made it. Maybe if the project using it is huge and reputable and credits the org on their homepage, but in 99% of cases there'd be no material benefit so I agree an exclusion on this basis is not necessary (and would probably exclude almost all developers from using NoHarm packages).

[chrisjensen]

Scenario Seven: You are Adobe, someone uses your products to promote the Oil industry

Currently excluded: No
Should it be: No

This would end up excluding all SaaS users from using the library as most would not be interested in policing their clients. Maybe theres room for an AGPL style variant (#14, #12 ) for those that want to take a more hardline approach on this

[tommaitland]

I think scenario 3 would be allowed under the license. If a host is using entirely power from fossil fuel generation, they're not deriv[ing] a majority of income from actions that discourage or frustrate action to curtail the use of fossil fuels or prevent climate change.

They're deriving a majority of income from providing hosting services. I think this is acceptable and I don't think the climate impact solely falls on them, it also falls on the energy generator and the legal environment they all operate in. We should of course encourage adoption of renewable energy (as the license does) but I think it's a bad precedent to restrict usage by companies who rely on fossil fuels for power (since that's still, unfortunately, the majority of the world).

If folks agree, we might be able to close off this issue.

[chrisjensen]

I've tried to clarify this into a table. We may need to rejig the sections of the license based on this.

The trickiest part is the "Collaboration" side of things. For the most part, by nature of the license, simply those engaged in harm would not be allowed to use software or derivatives under the NoHarm license. So if you make some general tool, and sell it to lots of people, then the license simply precludes you from selling that software to people causing harm (or more specifically, you could sell it, but they wouldn't be allowed to use it).

However, there might be some things for which there's a zero tolerance approach. This was the approach Lerna took with ICE collaborators - that the software was not to be used for any purpose by the companies, even if their collaboration didn't specifically involve the software, the collaborator is banned from using the software for any purpose.

(In the table yes means permitted, no means disallowed by the licence)

Can ...	Directly engage in	Lobby for	In the supply chain	Sell products in aid of (collaborate with)
Violating Human Rights (UDHR)	No	No	No1	Zero tolerance?
Fossil Fuels	No	No	Yes2	<-- Direct Engagement
Deforestation	No	No	Yes4	<-- Direct Engagement
Slavery / Human Trafficking	No	No	No1	Zero tolerance?
Gambling	No	No	N/A ?	<-- Direct Engagement
Nuclear Energy	No	No	Yes2	<-- Direct Engagement
Weapons Manufacture	No	No	N/A	<-- Direct Engagement
Tabacco Production	No	No	N/A	<-- Direct Engagement
Factory Farming	No	No	Yes 3	<-- Direct Engagement
Violence	No	No	No	<-- Direct Engagement
Addictive Behaviours	No	No	N/A	<-- Direct Engagement
Hate speech & Descrimination	No	No	No	<-- Direct Engagement

¹ Would exclude basically all tech companies that create any hardware due to conflict minerals, possibly also much of the garment industry
² Realistically, any company that uses electricity today has fossil fuels or nuclear energy in their supply chain and it's very difficult to remove
³ If no, would exclude almost every F&B company on the planet
⁴ Would exclude companies using timbre or paper that is not sustainably sourced, and any food products using palm oil that isn't RSPO.
Actually at this point in time, I don't think even RSPO would mean no deforestation, so would likely exclude any company using any products that include palm oil, so probably every company on the planet if you consider employee meals.

This still doesn't solve the issue of large entities with a variety of products, if some are harmful and some are not, do we ban use in only the harmful ones, or is the entire company banned from using the software. I'm inclined to go with the first one (ban use only in production of harmful products)

[ghost]

(edited for grammar errors)
I agree with @tommaitland about closing this issue. Although the fossil fuel industry is causing a lot of indirect harm, most companies (with the exception of Google) may not be able to choose what power source(s) run their offices and servers. The world does not have the infrastructure to switch to complete renewables yet. This is out of scope of the license, and adding a table would make the license relatively unusable.

[ghost]

Everyone, we cannot close this issue yet because we need to discuss some things. First, the * the extraction or sale of fossil fuels will have unintended consequences because

most companies (with the exception of Google) may not be able to choose what power source(s) run their offices and servers. The world does not have the infrastructure to switch to complete renewables yet.
That line will have to be deleted.

I also think we should replace:

- * industrial processes that generate waste products that threaten life
+ * industrial processes that generate *unnecessary* waste products that threaten life

because most people would argue that we cannot feed our households without creating emissions.