A Developer Deletes His Code to Protest Its Use by ICE
September 20, 2019 6:09 PM   Subscribe

On Monday, activist Shanley Kane highlighted a contract between Seattle-based software company Chef and US Immigration and Customs Enforcement. Chef develops and sells open source software for configuring servers and cites Alaska Airlines, Google, Facebook, and Capital One as customers. The ICE contract created a minor stir on Twitter, but by Thursday morning, Chef hadn’t made a public statement about the controversy. Discouraged by the company’s silence, former Chef employee Seth Vargo removed several Chef-related open source tools that he had hosted on two code repositories. They included Sugar, a tool designed to make it easier to work with Chef’s software that’s widely used by Chef customers, though it’s not clear if ICE uses it. "I have removed my code from the Chef ecosystem," Vargo wrote on the code hosting site GitHub. "I have a moral and ethical obligation to prevent my source [code] from being used for evil."
posted by Cogito (48 comments total) 37 users marked this as a favorite
 
Oops, forgot to link the Wired article that's the source for the pull quote.
posted by Cogito at 6:11 PM on September 20, 2019 [1 favorite]


From a technical standpoint, what Seth Vargo did is very similar to the Left-Pad incident, which is explained very well in Reply All #69: Disappeared. The motivations for Vargo's protest are rather different, though. The Left-Pad author was upset with npm's policies whereas Vargo was protesting Chef's business with ICE, not Ruby Gems.
posted by Cogito at 6:16 PM on September 20, 2019 [3 favorites]


The blog post from the CTO is a small masterpiece of self-serving whinyness.
"What it is intended to do is arm IT professionals with the tools they need to insight change through knowledge"
You can actually hear the English language crack and cease to be able to support meaning in that sentence.
posted by thatwhichfalls at 6:17 PM on September 20, 2019 [81 favorites]


If it's supposed to say "incite" rather than "insight" that would at least make some grammatical sense.
posted by Faint of Butt at 6:29 PM on September 20, 2019 [20 favorites]


If it's supposed to say "incite" rather than "insight" that would at least make some grammatical sense.

well sure, since "incite" is at least a verb, but it would be a very odd usage of it
posted by thelonius at 6:31 PM on September 20, 2019 [7 favorites]


If it's supposed to say "incite" rather than "insight" that would at least make some grammatical sense.

I suspect you are right, but this lowers my opinion of them even further.
posted by heatherlogan at 6:32 PM on September 20, 2019 [18 favorites]


I said it would make grammatical sense; I didn't say it would no longer be bureaucratic technophile gobbledygook.
posted by Faint of Butt at 6:38 PM on September 20, 2019 [21 favorites]


Has anyone figured out any details of the contract? Normally, I would wonder whether the software in question was actually being used for evil or not, but ICE as an agency seems to do almost exclusively bad things in my opinion, so I suppose it probably is.

The executives don't seem very smart, to throw away their goodwill among their employees and customers for such a small reward. Did they just forget that most of the other people around them hate ICE, or what? Do they not notice the giant companies right next to them who will hire away all their pissed off employees?
posted by value of information at 6:59 PM on September 20, 2019 [4 favorites]


Since no one has explained it to far: Chef is a system for programmatically building out and deploying cloud based servers/applications using cookbooks (get it?). You can use it all for free, but if you want Opscode (or maybe they changed the company name to Chef these days?) to run a managed version for you, you can give them money for management and support. Sugar (the library the former employer removed) made it slightly easier to build said cookbooks.

I’ve used Chef a lot (although not since I started working for everyone’s favorite fruit company), but I never felt the need to use something like Sugar.

However, due to the nature of how open source libraries written in non-compiled languages work, anybody can just re commit the code to a different repo. Annnnnd looks like Chef already did. Ok, the only impact this action caused a was a story got written and people on sites like MeFi made some comments.

Actually, I bet a lot of sales reps are getting a lot of angry calls from customers about how a former employee could do something to disrupt a paid service.
posted by sideshow at 7:00 PM on September 20, 2019 [25 favorites]


For context this is a way bigger issue in terms of their open source community and their perception across that community than an actual code impact or business impact - this is really important in terms of decisions they've made as a company over the last couple of years and how they package and sell services.

The devops twitterverse has come for them - in terms of community impact and perception it's already cost them dramatically more than the contract was worth and the internal criticism is going to be a huge problem.

The reps aren't getting calls, not even the fed/sled reps - that's not really how businesses work, the customers will continue to rely on their contracts to enforce terms. Chef leadership continue to misjudge the messaging on this and it's going to continue to cost them in terms of community and public perception, there will almost certainly be more code pulled from public repos and the employees, while not the targets, will bear a lot of the brunt of this.
posted by iamabot at 7:45 PM on September 20, 2019 [15 favorites]


Has anyone figured out any details of the contract? Normally, I would wonder whether the software in question was actually being used for evil or not, but ICE as an agency seems to do almost exclusively bad things in my opinion, so I suppose it probably is.

If it's being used by ICE, it's being used for evil, even if all they do with it is coordinate office carpools or something. Anything that supports or facilitates ICE and its mission is supporting their abuses.
posted by kafziel at 8:11 PM on September 20, 2019 [35 favorites]


value of information: The executives don't seem very smart, to throw away their goodwill among their employees and customers for such a small reward. Did they just forget that most of the other people around them hate ICE, or what? Do they not notice the giant companies right next to them who will hire away all their pissed off employees?

If it's a small company, landing a couple of contracts like this might be enough to give the owners a comfortable retirement and pay off the boat, which might be all they're looking for.

Does the U.S. have anything like moral rights in copyright law?
posted by clawsoon at 8:39 PM on September 20, 2019 [1 favorite]


Wow, based on that one statement the CTO sounds like a complete douche.
posted by Dip Flash at 9:09 PM on September 20, 2019 [3 favorites]


As I mentioned on Mastodon, now would be a good time for an enterprising individual with the right skills and contacts to launch a competitor to Chef. Fork the software, lure away as many developers as possible and they'd probably steal the community as well.

Honestly, the only way the company can survive now is if the investors fire the C suite, cancel the contracts and publicly promise to never do anything like that again.
posted by suetanvil at 9:19 PM on September 20, 2019 [2 favorites]


now would be a good time for an enterprising individual with the right skills and contacts to launch a competitor to Chef.

There's a pretty healthy landscape of competitors to Chef, like Ansible, SaltStack and Puppet, but none are really interchangable. If you want to change without rewriting everything that manages your service, their entire stack is open source now, and I used to run it without much issue. One might imagine the reason they were able let go of the open core business model is because the Federal government is a customer that doesn't really consider the build side of buy vs build equation very often.

And as it happens, the former CTO and founder left the company at the start of the year, and could potentially (re-) become one such enterprising individual.
posted by pwnguin at 10:11 PM on September 20, 2019 [6 favorites]


the only impact this action caused a was a story got written and people on sites like MeFi made some comments

Believe it or not, doing the right thing has effects beyond the immediate effect of the act itself. You could argue that if you don't run the concentration camp someone else will, but your moral calculus is your business.
posted by klanawa at 11:04 PM on September 20, 2019 [58 favorites]


Wow, based on that one statement the CTO sounds like a complete douche.
Reminder that douche as an insult is misogyny.

posted by hoyland at 4:07 AM on September 21, 2019 [10 favorites]


everyone’s favorite fruit company

Sincerely thought this meant Dole for way longer than I should have.
posted by affectionateborg at 4:28 AM on September 21, 2019 [22 favorites]


..douche as an insult is misogyny
Or maybe not?

posted by Lanark at 4:44 AM on September 21, 2019 [10 favorites]


It was under an Apache license, so I had to look at the forking details:
Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
To my reading, the major effect here is the publicity aspect, which shouldn't be discounted since "erosion of good-faith" is a legitimate business risk, but to me, it looks like Chef can just distribute Sugar it along with their own packages.
posted by mikelieman at 5:16 AM on September 21, 2019 [1 favorite]


Maybe open source licenses need to be updated to prevent things like this from occurring.
posted by Obscure Reference at 5:35 AM on September 21, 2019 [1 favorite]


..douche as an insult is misogyny
Or maybe not?


I'm given to understand that while that article is accurate for many women, it is not for all. To douche is not pointless and harmful for all women, and in that context, I've seen it quite convincingly argued that reclaiming douche as a insult would at least need to interact with and understand that to some extent. Which that article does not.
posted by Acid Communist at 5:51 AM on September 21, 2019 [7 favorites]


db can just be dudebro, little meaning is lost.
posted by snuffleupagus at 7:06 AM on September 21, 2019 [5 favorites]


..douche as an insult is misogyny
Or maybe not?


Points noted and apologies for creating a tangent to the actual discussion here. The company leadership sounds terrible, regardless of which rude word is used.
posted by Dip Flash at 7:14 AM on September 21, 2019 [6 favorites]


Maybe open source licenses need to be updated to prevent things like this from occurring.

It's been tried before. Restricting open source software from people you do not like is against the philosophy of open source software. However, Chef is under no obligation to support ICE using professional services, technical support or whatever else they're providing.
posted by Fidel Cashflow at 7:15 AM on September 21, 2019 [2 favorites]


GitHub itself is owned by Microsoft which has contracts with ICE.
posted by tofu_crouton at 7:21 AM on September 21, 2019 [5 favorites]


Chef can just distribute Sugar it along with their own packages.

They can. Of course, now they'll have to maintain it themselves and they're taking the publicity hit. With any luck, more folks in the Chef ecosystem will stop supporting the project as well. Projects like Chef need a wide net of support outside the core project/product or they aren't going to last long.
posted by jzb at 8:03 AM on September 21, 2019 [2 favorites]


Note that there are many ways that open source developers could make things difficult for Chef without any license tweaks. Somebody from Chef needs a feature in a different project to enable their software or implement a new feature? CLOSED WONTFIX. Chef interacts with a lot of other software, people stop writing community plugins and other projects start shunning any work to support Chef, it's going to be hard for Chef to maintain relevance.
posted by jzb at 8:09 AM on September 21, 2019 [6 favorites]


This was posted to hacker news, and actually got flagged, so basically nobody who reads that saw it. Says a lot. Here's the flagged thread.
posted by joeyh at 8:26 AM on September 21, 2019 [3 favorites]


Corey Scobie twitter thread, after messing up their forking by changing the author tag, complaining about how inconvenient this all is:
But when there are breaks in the ideals of the commons – when unilateral moves are leveraged as tools of destruction – we all lose.
Funny how somebody taking their ball and going home when faced with this kind of collaboration in human rights violation is called destruction, when it's refusing to enable that of destruction, a more important destruction than some technical chain. The breaks in the ideals of the commons are separating children from their families first, providing convenience to the people doing it last.
posted by foxfirefey at 10:34 AM on September 21, 2019 [10 favorites]


Scobie's getting ratioed pretty good in that Twitter thread. What a moron. I don't understand the calculus that leads companies of this scale to work with toxic institutions like ICE. I understand (although do not like) when big companies do it because in some sense they're big enough to take the PR hit and even still Google and others see huge walkouts over questionable choices, but for a small scale tech company it just doesn't seem worth the risk of tanking your reputation and pissing off a big chunk of your community over peanuts. Not to mention the moral stain on your soul, of course.
posted by axiom at 10:55 AM on September 21, 2019 [1 favorite]


But when there are breaks in the ideals of the commons – when unilateral moves are leveraged as tools of destruction – we all lose.

We do indeed, and it's a sad thing that some jerkass fascist's decision to support authoritarian politics means that the only way to not Give Fascists Nice Things is that none of us get to have nice things.

This is the core of how strikes work: it's not just "punish the company that's mistreating workers"; it's "everyone takes a hit until the company caves to the pressure that it exists in a community and it doesn't get to survive if that community can't thrive." Strikes work if they have enough community support.

A single person pulling code is, as noted, an inconvenience only. It becomes more than that if the wider community takes up the idea and refuses to release code that could be used by businesses working with ICE.
posted by ErisLordFreedom at 12:06 PM on September 21, 2019 [9 favorites]


It becomes more than that if the wider community takes up the idea and refuses to release code that could be used by businesses working with ICE.

You are asking if society should give up the concept of “clean running water” because people at ICE also get thirsty.

Yeah, you won’t die after 3 days of no Netflix, but not sure if humanity is willing to go back to the 1970s, technology-wise.
posted by sideshow at 1:12 PM on September 21, 2019 [1 favorite]


I saw this on reddit yesterday before it got deleted, but it was depressing and I realized precisely why we'll have an authoritarian dystopia, because all the "Open Source Software shouldn't be political" and "Everyone has a right to open source!" and other stupid excuses. I wish I could remember specifically the claims. There were plenty of good people fighting the good fight back. But my god.

Who needs T3hJ3st3r when you have redditors sticking up for the police states apparently "right" to use open source.
posted by symbioid at 1:46 PM on September 21, 2019 [3 favorites]


I have made a principled decision, with the support of the Chef executive team, to work with the institutions of our government, regardless of whether or not we personally agree with their various policies.

He thinks its unprincipled to refuse to help Nazis build concentration camps. Think about that for a minute. In his mind the proper, principled, action is to help build concentration camps and he thinks it is unprincipled to decide on a case by case basis which government agencies or policies you will chose to support.

And to be clear: I also find policies such as separating families and detaining children wrong and contrary to the best interests of our country.

This statement is entirely incompatible with the earlier statement. He wants to say on the one hand that he doesn't like concentration camps, but on the other that he'll help build concentration camps.

Fuck Chef. I hope they go bankrupt and the careers of their C level execs are ruined and they have to pay the bills by working menial jobs.
posted by sotonohito at 1:48 PM on September 21, 2019 [17 favorites]


> "Everyone has a right to open source!" and other stupid excuses.
> the police states apparently "right" to use open source.

Here's the thing though, everybody does have a right to use open source. Pretending otherwise won't help solve this problem. The author intentionally and willingly granted everybody that right. The licence he used says, essentially, "I grant everyone a permanent, irrevocable right to use, modify and distribute this work." Once you make that declaration, you don't get to take it back.

That's the crux of the issue here. This author, along with millions of other open source contributors (myself included), regularly waives his own right to control who uses his work without really thinking about what that means.

I feel tremendous sympathy for Vargo, and I 100% support his decision to stop supporting and distributing his code. Discovering your work is being used for evil is an awful thing, and I wouldn't wish it on anybody.
posted by Turbo-B at 4:39 PM on September 21, 2019 [7 favorites]


Here's the thing though, everybody does have a right to use open source. Pretending otherwise won't help solve this problem.

Indeed. And I'm vehemently against trying to "fix" that in open source licensing and also against that being used as a hedge when corporations or institutions do terrible things and people complain about it in a way that's related to the open source community.

Yes, the license gives Chef and ICE the permission to use the software. No, we shouldn't stop criticizing them and even hamstringing them as part of the open source community, because (as much some folks wish it weren't so and have tried to de-politicize open source and free software) it is inherently political.

I've said many times before in other contexts, open source licenses give individuals and organizations the right to build automated seal-clubbing machines using open source software. That doesn't mean that they cannot be rightfully lambasted for it, and it doesn't mean that we should stick an anti-seal-clubbing clause in the various licenses.

It means that we need to solve some problems outside the license, and in some cases by the community coming together and just saying "fuck you, we don't agree and we're not backing down." All of the Chef apologists and people complaining about Seth's actions can fuck right off into the Sun as far as I'm concerned. We need a lot more of this, not limited to ICE but also extended to work like facial recognition and more.
posted by jzb at 5:19 PM on September 21, 2019 [8 favorites]


Here's the thing though, everybody does have a right to use open source. Pretending otherwise won't help solve this problem. The author intentionally and willingly granted everybody that right. The licence he used says, essentially, "I grant everyone a permanent, irrevocable right to use, modify and distribute this work." Once you make that declaration, you don't get to take it back.

“The rules are the rules and you don’t get to change them” is, as a notion, a great tool for opting out of making hard ethical choices. Yeah, that declaration was nominally made. It’s the easy way out to claim that adhering to an arbitrary code is an act of integrity. It’s not, it’s cowardice. The act of integrity is to defy that code when the alternative is enabling inhumane acts.
posted by invitapriore at 9:29 PM on September 21, 2019 [9 favorites]


But an open source license isn't a "declaration that was nominally made," it's a contract, and the rights of the person or entity using the source code under the license they were granted upon distribution are legally protected. The author of the source code is always free to alter the terms under which she distributes the software and source code, but can't retroactively change the terms of the license under which someone else previously obtained the source code. Since "open source" in general means that the licensee is granted permission to also distribute the source code (usually with a few restrictions), the author could refuse to distribute the software to ICE, but decision does not apply to licensees who have already been granted permission to redistribute the software at will. None of this has anything to do with "adhering to an arbitrary code," it's just the legal framework around copyright.

Now, the author of a work of source code could always choose to take a standard open source license and modify it to add something like "This license to copy and distribute the source code is granted to everyone with the exception of United States Immigration and Customs Enforcement or its contractors. No permission to use, modify, or distribute the source code is granted to United States Immigration and Customs Enforcement or any of its contractors by any of the terms of this license." (I'm not a lawyer, this is only an example and not legal advice, and I can't speak to how airtight this specific language would be.) Such a modification would cover all future versions of the software, which for any actively maintained project would likely be a sufficient encumbrance to render it unusable by ICE, even if the desired features were all already present in the previous, less-restricted versions of the license. Placing encumbrances on an open source project like this may not be a great idea for other reasons, but as far as I know it would be perfectly legal. Purists would probably argue that such a license fails to meet the definition of a "free software" license, but certainly it seems like prioritizing free software over free people is wrong.

Personally, I think the approach the developer took here is a very good one, probably better than trying to specifically restrict ICE from using the software through a modified license. Yes, it's unlikely to have any real effect of stopping Chef from just forking the project and continuing, but it sends an important message and works well as an act of protest.
posted by biogeo at 10:49 PM on September 21, 2019 [3 favorites]


> It’s the easy way out to claim that adhering to an arbitrary code is an act of integrity. It’s not, it’s cowardice. 

I'm not sure if the arbitrary code you're referring to is the open source ethos or the law, but it doesn't matter - adherence to a code isn't why Vargo can't take his code away from Chef. There is literally no mechanism, legal or otherwise, for him to do so.

He has done the only thing he can, publicly refuse to provide further support for his work. That *is* a principled stand, and he has taken a great deal of Internet abuse for it. He hasn't gone farther because he *can't*. Calling that cowardice is grossly unfair.
posted by Turbo-B at 5:03 AM on September 22, 2019 [3 favorites]


This was posted to hacker news, and actually got flagged, so basically nobody who reads that saw it.

I emailed the mods and the thread has now been unflagged. Probably too late to be visible on the front page though.
posted by Lanark at 1:13 PM on September 22, 2019


The effect of what Seth has done is show others they can as well, if they want.

They can’t prevent ICE from using their software, Chef technically can’t either - in terms of their open source tools - but what Seth has shown that there is a larger cost for Chef to take the stand it has. It doesn’t get to use the community as they have in the past. What was free in the past for Chef is now something they need to assign their own engineer to manage.
posted by mrzarquon at 5:59 PM on September 22, 2019


He has done the only thing he can, publicly refuse to provide further support for his work. That *is* a principled stand, and he has taken a great deal of Internet abuse for it. He hasn't gone farther because he *can't*. Calling that cowardice is grossly unfair.

I wasn’t calling his action cowardly, since, like you said, he’s done what he can. I was referring to takes here that basically claim, as I read them, that if he doesn’t like what his software is being used for then he shouldn’t have released it under the license he did, and his reaction here is just sour grapes.

I have no patience for slippery slope arguments that gesture lazily at rule of law as a justification for taking this lying down. I think in such cases that the precedent being set in favor of prioritizing humanity over process is stronger than the (imputed) one being set in favor of ignoring contracts when convenient, which latter precedent can be dissolved by the sort of constant moral vigilance that we should all be practicing already anyway. The powerful already bend the law in their favor in so many ways that the notion that the powerless seizing an opportunity to do the same represents the decay of rule of law seems like a pretty weak argument to me.
posted by invitapriore at 6:43 PM on September 22, 2019 [2 favorites]


Chef has changed their stance which was posted four days prior:
After deep introspection and dialog within Chef, we will not renew our current contracts with ICE and CBP when they expire over the next year. Chef will fulfill our full obligations under the current contracts.

We have also decided that we will donate an amount equivalent to our 2019 revenues from these two contracts directed to charities that help vulnerable people impacted by the policy of family separation and detention. We’ll create a team to lead the direction of these funds.
https://blog.chef.io/2019/09/23/an-important-update-from-chef/
posted by Cogito at 8:42 AM on September 23, 2019 [8 favorites]


I guess that ends the mystery about whether it was an effective form of protest, since it clearly was -- just not effective in the sense of stopping someone from running the program.
posted by value of information at 2:00 PM on September 23, 2019 [4 favorites]


> I guess that ends the mystery about whether it was an effective form of protest, since it clearly was -- just not effective in the sense of stopping someone from running the program.

Yup, Seth's actions made it go from "I'm pissed off about it but can't do anything more than this" to "I made a lot of fucking noise, made a lot of people inconvenienced, which made more people talk about it, and made Chef really uncomfortable with their actions and not able to just hope it will die down."

Which is what a protest action is supposed to do.
posted by mrzarquon at 3:20 PM on September 23, 2019 [4 favorites]


and it doesn't mean that we should stick an anti-seal-clubbing clause in the various licenses.

Why not? If we consider seal clubbing to be unethical, and we don't want to enable it, why shouldn't we put a clause in the license forbidding the use of the code to further seal clubbing? Frankly, the argument against doing so is very poorly constructed, relying on both euphemistic language ("people we dislike/don't agree with" are bad faith arguments meant to dismiss conflict by trivializing it) and a slippery slope fallacy. As was pointed out earlier this results in an ethical dodge by the community and one that needs to be (and is increasingly so) called out - you don't get to turn a blind eye to your tools being used for evil.
posted by NoxAeternum at 7:45 AM on September 24, 2019 [1 favorite]


That statement from the CEO is 100% about them getting caught out and 100% NOT about them deciding it was wrong. People like Crist don't have "wrong" in their brains. It's all about deal value for them.

We should stop letting them be in charge of things.
posted by uberchet at 1:31 PM on September 24, 2019 [3 favorites]


« Older Toby Roland-Jones not mentioned   |   English Channel, just once? Newer »


This thread has been archived and is closed to new comments