Online / 5 & 6 February 2022


A globally unified governance framework for Open Source

International arbitration to harmonize the security provisions of sovereign states and Open Source? Learning from the Java Virtual Machine, Ceph and abstraction layers

Differentiating between architectural flaws and bugs in socio-technical systems: Open Source is no legal term or a political institution in dominant sovereign state systems, making it vague and interpretable in different contexts. However, it is a fundamental institution in security provisions in today's socio-technical societies. But it remains impossible to harmonize the transnational Open Source system with sovereign systems: both cannot be clearly mapped to each other. Yet, international arbitration provides a type of remedy that already exists in software development, illustrating how a shift from just fighting bugs to mitigating architectural flaws can look like.

Initially, the Internet imitated the institutions of the social world despite their limited eligibility (such as "emails" with their complex and vulnerable architecture). Today, societies are socio-technical without delimitable transitions between technology/Internet and society. Societies have started to adapt to and integrate the possibilities the code provides, no longer vice versa. Sovereign state systems early found their limitations in tackling the resulting challenges. However, software development had already to manage comparable issues. The Java Virtual Machine and Ceph are two of many examples: another abstraction layer can create flexibility, simplification and unification on top of different systems.

International arbitration could offer Open Source a transnational and globally-unified framework, enshrined in an arbitration agreement: embedded in a dedicated organization in an eligible legal system to facilitate the conduct of organizations and communities on which code and the Internet depend.

Open source and its related institutions are already the core element of a transnational separation of powers, which is based upon competition: public processes & public code in conjunction with distribution (of development, code, review & testing) enable forking (to avoid monopolies and irrevocable consolidation of powers at one place). Reflecting the software engineering concept "secure by design", Open Source has created a "socio-technical system secure by design" because it avoids single points of failure both in social and technical realms: it does not relate governance to centralization but to distribution. Indeed, if issues like the 2020 Solarwinds Hack would spread in deployed Linux kernels, this could have unprecedented consequences far beyond the technical realms. However, Open Source and its institutions remain capable of providing sufficient security and deterrence. There is much more behind Open Source than just open/public code.

The increasing use and consolidation of IT in governments may break the traditional separations of powers and does not provide the "security by design" of Open Source institutions if applied to socio-technical systems. Indeed, if one administrator and his password in one consolidated IT department can manipulate the databases used in executive, legislative and judiciary operations, new risks can arise. The system around Open Source already contributes to the security provision of and on the Internet and thus, indirectly to the overall security provision of people and entities that depend on the Internet: it facilitates security in socio-technical societies.

If it proves eligible, enshrining the relevant (and legally implementable) Open Source institutions in an arbitration agreement may result in an compatible abstraction layer on top of the traditional state systems. Complementary, this abstraction layer may facilitate to release traditional systems from tackling issues they simply cannot tackle without softening and blurring their own institutional architecture. It may turn antagonism into symbiosis.

However, Facebook's Libra indicates the complexity (but also the possibility) of creating such "implicit legal" ventures (in Switzerland). It also indicates that Switzerland could possibly enable the fusion of an international arbitration body (through its "international private law") with an open/public/distributed but regulable cryptocurrency to facilitate not just the (Open) Source but also (open) exchange within one globally unified system.

Although they will be critical and challenging for any international arbitration approach, legal patent- and license-related questions are not considered in this lecture.

This lecture is derived from the perspective of the field of international relations. It illustrates the role of Open Source in contemporary security provisions (next to and in interaction with sovereign states' security provisions for citizens) and it aims to put alternative (types of) approaches with and around Open Source into discussion.


Photo of Christopher Klooz Christopher Klooz