Open Source in the Military?

djmcmath asks: "Does anyone have any experience with Open Source Software and/or GPL'd software in military applications? I'm only asking because I'm involved in work on the combat systems for a new submarine, and had considered an Open Source solution. (I apologize, I must be intentionally vague for obvious reasons.) So ignore the obvious questions (Is it really suitable? Are closed-source proprietary options better? Does MS have a good solution?) and skip to the good stuff. What about the fact that my code would be classified Secret under US Code Umptifratz? I cannot distribute my code (and it's changes) without being tried for treason. What happens to the rest of the combat system code when I submit my GPL'd module?" Open Source and the Military: it's a tricky combination of keeping what can be open, open and keeping your secrets...well, secrets! However, open source in the military need not be as high profile as weapons systems. One of the only major OS projects that I'm aware of that had any form of military involvement was GRASS, the open-source GIS system. I'm sure there may be a few others out there. Does anyone know of other OS projects with military association? If there are any projects out there that interface with classified bits, how did you deal with those issues?

Source Distribution

[aridhol]

I cannot distribute my code (and it's changes) without being tried for treason

Are you distributing your executables? If you use the OSS for a specific system and only on that system, you are not required to distribute source - everyone that has the binaries (the military) will have the source.

GPL

[Anonymous Coward]

Don't worry about the GPL. As long as you're not distributing the product or software to anyone, you don't have to give out the source. If it stays within the military, you're fine.

If, however, these combat systems were to be _sold_ (or given away, though that's unlikely) you'd have to give the buyers the source, and you couldn't restrict what they do with it once they have it. Obviously, anyone that purchases the systems would have a vested interest in NOT revealing the source code. I really doubt this sort of thing would be a problem with military sales.

The GPL is meant to protect the users of the software, NOT the developers of the software. Too many people here interpret it far too rabidly, but if you read it carefully you'll realize that, if your combat systems are secret and classified, your source code can stay that way too. Even if you sell it to someone else, you only have to make the code available to _those_who_buy_it_. You don't have to give it to the entire public just because you sell it to one person. What they do with it after they get it is up to them, though, and they may very well choose to give it away.

Read the FAQ

[gkirkend]

Take a look at the GPL FAQ [gnu.org]

A quote from the FAQ which I believe applies to your situation:
"The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization. But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL. Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you."

Greg

Another mis-understanding of the GPL

[mcrbids]

It's a common misunderstanding of the GPL... using GPL software does not mean you have to distribute it.

The terms of the GPL simply state that if you sell a GPL product to a customer, you must provide the source to that customer.

Red Hat, Mandrake, and the like are being nice enough to provide iso images of their software for your download - they are not required to.

So what are the ramifications? Well, if the military sells your GPL solution to a 3rd country, they have to provide the source to that 3rd country, as well.

In other words, in this case, GPL (or no) makes no difference at all. GPL code can be "top secret" as long as the customer has full access to the code.

The idea of the GPL is that "If I bought it, I can do as I please with it - and if I sell it, so can whoever I sell it to..."

ask a military lawyer

[FredGray]

I'm not sure why the author of this question thinks that he'll get good advice from Ask Slashdot. The only reasonable response is "you should find an attorney with experience in intellectual property and national security laws and an appropriate security clearance to be told the complete story."

Hmm.. interestting

[BoneFlower]

IANAL, however I did work in military intelligence and information security.

From what I understand, in this case, the government agency responsible for the code changes would be required to distribute those changes to any agency they distribute the binaries too... This should not, as I understand it, mean the individual users of the software.

For example, lets say the Navy sends copies of the binaries to Electric Boat(a sub manufacturer). They would be required to send the source to Electric boat as well.

However, in this case, it is Electric Boats IT department that is the receiver of the binary, NOT the electric boat employee who uses the software. Therefore, the source can legally be kept inside a safe at the CMCC(classified material control center), shown only to the IT department and others with an established need to know.

However, in any case, regardless of license, if the source changes reveal classified information it would be illegal to release them to the general public. I'd wager that even if that turned out to be a direct violation of the GPL, the classification side of the case would win in court.

With all that said, I would recommend you push for release of all source changes that do not reveal classified information. I realize that might not be much, but what you can, go for it.

Re:Treason? Very unlikely... Know your facts.

[Anonymous Coward]

Your tyrade has several flaws in it:

1) I never claimed to be an expert.
2) I have no reason to doubt my dictionary on definitions, so if the constitution defines something as treason, I'm inclined to believe it.
3) I never said it wasn't something you couldn't get punished for - I just don't believe it's treason. It's more espionage-like than treason-like.
4) You have no idea of my expertise.

Re:GLP and software availability

[ProfessorPuke]

Maybe this is an intentional joke/troll, but it's completely wrong. If you distribute the binary, it must be under the terms of the GPL. Not only do the users need to be able to get the source, but the GPLed source- that means they are allowed to modify and redistribute it as they see fit.

If you use some other means (written orders from the commanding officer) to force the users not to republish the source code, then you have NOT given them a GPLed release, because you haven't given them permission to redistribute it under the same terms you acquired the software with.

(I do software contracting for the US military, and we'll include LGPL or PD code, but not GPL).

Imagine if this happened in the civilian world- CompanyX modifies GPLed GNU Emacs and puts it up for sale- but before a customer can purchase it, they have to sign a separate contract promising to never redistribute the source code. It's a blatant violation.

(Actually, that has been attempted before. A group published a modified version of the GPLed Quake game, but required users to sign away their rights to the source code before they could download the binary. The original author sent his lawyers after them, and they gave up on the scheme)

Functionality not platforms!..It sold Army C.O.E.

[i_want_you_to_throw_]

I work for the Army Corps of Engineers and our entire IM infrastructure (at our location) runs NT. I am unique in that I have been running and using linux for about 7 years outside COE.

I decided to install Linux on a box in my location and brought in several apps that I developed on my own (that I am releasing as open source). One of these boxes I had set up as a web server and I demoed some of these apps to the front office, they mandated that we needed a linux box.

42 NT boxes and now a Linux box too!

One app that I created (eNewsbot) used the PERL LWP mods and scanned the front pages of up to 4,000 media outlets and returned any successful matches through email. WAY cheaper than Lexis Nexis and you can customize which outlets to scan for (like only states that are affected by a certain river, etc). Other successful apps that we use include Checkbot to scan for broken URLs, and we are testing open source for an internal new mechanism. Perl's CGI.pm really came in handy when we needed to get presentations from the field. They needed to be in Powerpoint and only powerpoint so we just rolled our own script to accept them to our intranet.

Could you do this kind of stuff on NT? Sure, but our people couldn't so I had a huge leg up. Plus the fact that open source costs us 0.00 to implement was a HUGE plus.

I have had the open source discusssion with the front office and what (our) green suiters want is functionality not platforms. It just so happens that what makes this functionality possible is open source. They couldn't care less if it was NT or Open Source as long as they are getting this new ability.

This works for non classified stuff so I don't know about what you are doing in particular. If you want other good info regarding Open Source in Government check out the Open Source Software Institute [oss-institute.org].

They have a mailing list with great info and knowledgable folks.

Re:GPL

[ProfessorPuke]

No, the GPL is meant to protect the developers of software. RMS initially created the GPL after he, as a developer, was screwed by a company who marketed emacs without paying him, and without releasing their source code.

GPL is supposed to allow developers to give out their source code, without having to worry that someone else will change the code and not share their modifications.

I code for the army, and we're very clear that unless they truely don't mind Iraq getting a copy of their software, then it can't be based on GPL sources. If its GPL, then any developer, contractor, sysadmin, or random private who comes across the code can walk it right off the base, and no one can legally stop him.

(I suppose for some categories of software, the benefit to Iraq might be low enough that the Army truly wouldn't mind giving them a copy- especially if the hardware is permantently beyond their reach)

Re:GLP and software availability

[jpt.d]

I believe you are possibly in error. The US military is an organization, and any software is published to the organization. You are not giving the binary/code to anyone but the military, not any particular person. The organization has access to the code, but they are only ones that have the binaries anyways.

Two point on Classified work...

[trims]

First off, run, do not walk, do not pass go, straight to the base/department legal department. Do not attempt to do ANYTHING until they OK it - the regulations surrounding secret-level work are inordinately hairy and convoluted, and only a lawyer specialized in classified-work law can answer your question definitively.

The other note, which is useful when discussing this with aforementioned lawyer: any work done under a Classified label (or higher) has different rules than "normal" work. Basically, any license that gets applied to the code only applies to those with a clearance at least as high as the code was written. Thus, if your code is Classified, I don't care if it has the BSD license, GPL, Bob's SuperFree License, or whatnot. Anyone without a Classified clearance isn't entitled to see it. Period.

This is a case where the murky grounds of National Security trumps Copyright (and other Intellectual Property) law. The law still holds, but it's restricted to the circle of security it's at.

National Security law basically allows you to use anybody else's code, provide you compensate them in a just and reasonable manner. As far as I've experienced, this means that you have to pay them the basic asking price on the free (i.e non-classified) market, and they don't get to say "no, you can't use it". For GPL/BSD/Open Source licenses, the asking price is Free, so well, they've been "compensated" as they've normally would.

In this case, Classifed work can certainly suck in Open Source code and not release it until it gets unClassified. And, as a side note, there is no "leaking" - people are not entitled to distribute code to non-cleared people, so it's not like Trade Secrets. It stays locked up until it's declassfied.

-Erik

Contracts vs. laws

[coyote-san]

You're missing an important distinction here. The GPL limits what restrictions (none) you can place on redistribution of source code as a term of the license CONTRACT.

Security classifications, in contrast, are a matter of LAW.

This is an important distinction that comes up periodically. E.g., there's a fair amount of software that is used to control the operation of amateur radio station equipment. The licenses inevitably require that the user have suitable FCC (or local equivalent) certification suitable for the operation of this equipment, probably due to FCC regulations. Does this violate the GPL? I would argue it doesn't - it's the FCC that requires a license to operate the equipment, not the author, and the sole purpose of this restriction is to limit the author's liability in those cases when the receiver acts in bad faith.

Ditto the occasional licenses that require the receiver be old enough to enter into a binding contract. Of course it's silly to say that a 17-year-old can't make valuable contributions, but the law says that contracts with 17-year-olds are never binding except for some relatively rare circumstances. (E.g., they can be emanicpated by a court, by enlistment in the military, or by marriage. Or it could be a "necessity" such as a contract for housing.)

I think the same argument can be made here. Are you willing to make the source code available to any agency legally entitled to view it? If so, then I think you can still use the GPL.

Re:The M-1 Tank is using open source software

[usmcpanzer]

Uhmm, I've been an M-1 tanker for a while, and no way in hell is there any database on there. The thing practicly running the tank is an Atari 2600 :). But it does have fast power up (.5 sec.) And as far as failing after every gun round, nil. Only if certain circuit breakers go off.