A hacker group on Tuesday released a novel license agreement that gives end-users the power to enforce the agreement and sue governments and other entities that misuse software covered by the license.
The Hacktivismo Enhanced-Source Software License Agreement (HESSLA) is designed to prevent governments, corporations and other organizations from using Hacktivismos applications to censor Internet content or subvert human rights, the group said. The license is based on the open-source concept of transparency but builds in some unique legal provisions designed to make the applications user base a volunteer enforcement army.
“We tried to create a licensing regime that balanced the transparency of open-source software with protecting the special needs of our end-users, most of whom are living behind national firewalls,” said Oxblood Ruffin, founder of Hacktivismo, an offshoot of the well-known Cult of the Dead Cow hacker collective. “Weve been accused of using the license as a publicity tool, but thats really a cheap shot. Granted it will achieve a certain short-lived notoriety with the press, but weve got our eye focused on the end-game.”
Under the HESSLA, users are free to make changes to applications covered by the license and redistribute them, but the agreement also gives them the right to sue if they find someone using the application for malicious purposes. There is also a provision that dictates if any government uses the software as part of a scheme that violates human rights, the government thereby waives its right to sovereign immunity from prosecution in foreign courts.
“In other words, if Myanmar or China want to keep violating human rights, then they have no choice but to steer clear of Hacktivismos software,” the group said in its release announcing the user agreement.
The concept of sovereign immunity essentially protects governments from being sued without their consent.
: Hackers Fight Censorship, Human Rights Violations”>
The new agreement at this point doesnt apply to Camera/Shy, the steganography application that Hacktivismo released this summer. However, the group could at some point re-release that software jointly under the HESSLA and another license such as the GNU Public License, said Eric Grimm of CyberBrief PLC, in Ann Arbor, Mich., an attorney who worked closely with Hacktivismo on drafting the license.
“Once youve released something, its awfully hard to go back and impose restrictions retroactively,” Grimm said. “This is more for software that will be coming out in the future.”
Hacktivismo is working on several projects right now, including 6/4, a flexible peer-to-peer protocol framework designed to create secure, anonymous tunnels for Internet users. Its meant to help people in countries where Internet content is heavily censored to access whatever information they choose. The system can handle any TCP-based or UDP-based protocol.
Rufffin said the developers release of 6/4 has been ready for several months and that the group is simply waiting for the go-ahead from the Department of Commerce before releasing it. Commerce regulates the exportation of strong cryptography tools, and 6/4 relies heavily on encryption.
“Owing to the nature of the Internet, and that many of our developers, mirror sites, etc., are in America, Hacktivismo wished to conform to regulatory controls in the interest of demonstrating full co-operation and sensitivity to existing security concerns,” Ruffin said. “Our understanding is that the ruling is forthcoming, and at this point making the various rounds throughout the [Department of Commerce] for sign-off. As soon as we get the nod, 6/4 is going out the door.
“Weve taken 6/4 as far as we can take it internally, and now its ready for the full and brutal glare of the open-source community.”
Hacktivismo and Grimm have been working on the agreement for several months and cast a wide net in looking for comments and criticisms of the document.
“Its gone through several revisions, and weve tried to solicit as much input from as many people as we could,” Grimm said.