Subject: Re: JBoss aquired by Red Hat
From: Thomas Lord <lord@emf.net>
Date: Mon, 01 May 2006 12:08:43 -0700
Mon, 01 May 2006 12:08:43 -0700
Taran Rampersad wrote:
> When a trade secret becomes public, it's no longer a trade secret. 
You'd think so.  I thought so.  But it doesn't appear to be true.

Third parties who innocently receive a trade secret can in some cases be 
informed of the fact they have received a trade secret and then they 
have no rights to use or further disclose it.   If they use or disclose 
it  anyway, they can be subject to criminal prosecution for which the 
penalty can include high fines and/or jail time.

For example, read paragraph 1, section 2 of  the Uniform Trade Secrets 
Act <http://nsi.org/Library/Espionage/usta.htm>.

> At a meta level, I view it this way: If there were more trade secrets, 
> there would be less silly patents. And it's possible to view the lack 
> of support of trade secrets as forcing businesses into patents to 
> protect what would have otherwise been trade secrets. There is a 
> section of the world which still believes that trade secrets have 
> value, and if we want less patents - including lobbying FOR *software 
> patents* - encouraging trade secrets might be a good idea. Lobbying 
> against software patents is well and good, but reducing the need to do 
> so seems like a pretty good idea. If a company cannot use NDA/GPL to 
> protect it's trade secrets, and they really think that their secrets 
> have value, then they'll hire someone to do proprietary code, and may 
> even go as far as patenting the process and even attempting to patent 
> the code... Yuck.
>
> Is there a way out of this mess that any of you see?
First, I'm skeptical of the idea that more support for trade secrets 
means less software patents.  The two tools do different things and 
people use them (separately or in combination) for different purposes.  

Second, I see both software patents and NDAs as (usually) ethically 
problematic.   Software patents can make it impossible for anyone but a 
few big companies to legally write programs.   NDAs get software 
engineers to give up their freedom to share-without-criminal-penalty -- 
in most cases it is unethical for an engineer to do that kind of 
thing.   So, I would change your question to ask how we can get rid of 
both while still helping businesses succeed.   How can we do that?

(A) There are other ways to protect secrets that *are* compatible with 
the GPL.  Performance contracts seem to me to be a better idea:  
"Customer will pay Consultant $1 if Consultant has not distributed this 
program to anyone else for 1 year."    There are still ethical and 
practical problems there.   A third party, Competitor, may come along 
and offer Consultant $2 for an early copy of the program (a practical 
problem).  Customer will have no recourse against third parties who *do* 
get a copy (a practical problem).   Consultant can wind up with lots of 
conflicts of interest such as whether to help a neighbor or collect $1 
(ethical problems).   Those issues mean that this approach is applicable 
in fewer circumstances than a full-blown NDA.   Still, in a lot of 
situations, this kind of contract can work reasonably for everyone involved.

(B) There are a lot of cases where secrecy is currently overrated and 
transparency undervalued.   For example, if a company's product is a 
GNU/Linux distribution there is little long-term value in keeping their 
production infrastructure secret and customers are better off if that 
infrastructure is available for scrutiny and franchising.  This implies 
a shift in what GNU/Linux distro companies sell and how they 
differentiate themselves.  Still, this shift is now inevitable.   These 
companies are beginning to compete against one another (and against 
Debian) on their gratis, public projects (Ubuntu, OpenSuSE, Fedora, 
OpenLinspire).  Quality of product is one axis of competition but (I 
predict) openness and transparency will also become a point of 
competition until, finally, instead of just a few big-name distros, we 
have a public infrastructure from which it is relatively easy for anyone 
to assemble a custom distro, distribute it to a few customers, and 
support it.  There is a paradigm, there, for how patent monopolies and 
trade secrets can become less important in general.

(C) One of these days, more free software hackers will rediscover the 
virtues of organizing, standardizing employment contracts, standardizing 
the base rules that define professional conduct, and engaging in 
collective bargaining.  On the issue of software patents: of course they 
must go and it should violate rules of professional conduct to support 
the system other than in the direction of making all software patents 
freely licensed for use by anyone.   On the issue of NDAs, because they 
impinge on an engineer's right to employ their particular skills 
ethically, they should be prohibited by the rules of professional 
conduct and standard contracts.   Conversely, it should certainly be 
prohibited by the rules of professional conduct to willfully or 
negligently harm a customer by disclosing information that would 
normally be kept private except in cases where the consequences of not 
disclosing that information would create a proportionately excessive 
harm to public safety, human life, human rights, etc.   Other 
professional fields (e.g., physicians) have had to grow to be self 
policing over these tricky issues: hackers should as well.

(D) One of the best ways to change businesses whose model requires 
ethically problematic behavior is to compete successfully against them 
with superior business models.   There is an elegant unfolding of 
history here:  Mega-corporations are largely built on old practices with 
ethical problems.   Among their greatest effects on the world have been 
outstanding transportation and communication infrastructures and cheap 
goods.  In these conditions, open source practices and their analogs in 
other fields are inevitable.   Between that new move to open practices 
and the modern possibilities of inventory management and goods 
transportation, we should expect (and leverage) the emergence of a new 
regimen of confederated small companies displacing mega-corporations.   
There shouldn't be just a handful of GNU/Linux companies -- there should 
eventually be be tens of thousands.   There shouldn't be just a few 
factories that make the bulk of the nation's cookies, there should be 
lots and lots of tiny ones.   The economies of scale enjoyed by 
mega-corps are increasingly accessible to small businesses again.   
Among the effects of confederated small companies can be better pay and 
working conditions for workers and greater robustness to the economy as 
a whole.    In a condition of lots of confederated small companies 
patents and secrets won't disappear but will certainly become less 
important.

-t



Taran Rampersad wrote:
When a trade secret becomes public, it's no longer a trade secret.
You'd think so.  I thought so.  But it doesn't appear to be true.

Third parties who innocently receive a trade secret can in some cases be informed of the fact they have received a trade secret and then they have no rights to use or further disclose it.   If they use or disclose it  anyway, they can be subject to criminal prosecution for which the penalty can include high fines and/or jail time.

For example, read paragraph 1, section 2 of  the Uniform Trade Secrets Act.

At a meta level, I view it this way: If there were more trade secrets, there would be less silly patents. And it's possible to view the lack of support of trade secrets as forcing businesses into patents to protect what would have otherwise been trade secrets. There is a section of the world which still believes that trade secrets have value, and if we want less patents - including lobbying FOR *software patents* - encouraging trade secrets might be a good idea. Lobbying against software patents is well and good, but reducing the need to do so seems like a pretty good idea. If a company cannot use NDA/GPL to protect it's trade secrets, and they really think that their secrets have value, then they'll hire someone to do proprietary code, and may even go as far as patenting the process and even attempting to patent the code... Yuck.

Is there a way out of this mess that any of you see?
First, I'm skeptical of the idea that more support for trade secrets means less software patents.  The two tools do different things and people use them (separately or in combination) for different purposes.  

Second, I see both software patents and NDAs as (usually) ethically problematic.   Software patents can make it impossible for anyone but a few big companies to legally write programs.   NDAs get software engineers to give up their freedom to share-without-criminal-penalty -- in most cases it is unethical for an engineer to do that kind of thing.   So, I would change your question to ask how we can get rid of both while still helping businesses succeed.   How can we do that?

(A) There are other ways to protect secrets that *are* compatible with the GPL.  Performance contracts seem to me to be a better idea:  "Customer will pay Consultant $1 if Consultant has not distributed this program to anyone else for 1 year."    There are still ethical and practical problems there.   A third party, Competitor, may come along and offer Consultant $2 for an early copy of the program (a practical problem).  Customer will have no recourse against third parties who *do* get a copy (a practical problem).   Consultant can wind up with lots of conflicts of interest such as whether to help a neighbor or collect $1 (ethical problems).   Those issues mean that this approach is applicable in fewer circumstances than a full-blown NDA.   Still, in a lot of situations, this kind of contract can work reasonably for everyone involved.

(B) There are a lot of cases where secrecy is currently overrated and transparency undervalued.   For example, if a company's product is a GNU/Linux distribution there is little long-term value in keeping their production infrastructure secret and customers are better off if that infrastructure is available for scrutiny and franchising.  This implies a shift in what GNU/Linux distro companies sell and how they differentiate themselves.  Still, this shift is now inevitable.   These companies are beginning to compete against one another (and against Debian) on their gratis, public projects (Ubuntu, OpenSuSE, Fedora, OpenLinspire).  Quality of product is one axis of competition but (I predict) openness and transparency will also become a point of competition until, finally, instead of just a few big-name distros, we have a public infrastructure from which it is relatively easy for anyone to assemble a custom distro, distribute it to a few customers, and support it.  There is a paradigm, there, for how patent monopolies and trade secrets can become less important in general.

(C) One of these days, more free software hackers will rediscover the virtues of organizing, standardizing employment contracts, standardizing the base rules that define professional conduct, and engaging in collective bargaining.  On the issue of software patents: of course they must go and it should violate rules of professional conduct to support the system other than in the direction of making all software patents freely licensed for use by anyone.   On the issue of NDAs, because they impinge on an engineer's right to employ their particular skills ethically, they should be prohibited by the rules of professional conduct and standard contracts.   Conversely, it should certainly be prohibited by the rules of professional conduct to willfully or negligently harm a customer by disclosing information that would normally be kept private except in cases where the consequences of not disclosing that information would create a proportionately excessive harm to public safety, human life, human rights, etc.   Other professional fields (e.g., physicians) have had to grow to be self policing over these tricky issues: hackers should as well.

(D) One of the best ways to change businesses whose model requires ethically problematic behavior is to compete successfully against them with superior business models.   There is an elegant unfolding of history here:  Mega-corporations are largely built on old practices with ethical problems.   Among their greatest effects on the world have been outstanding transportation and communication infrastructures and cheap goods.  In these conditions, open source practices and their analogs in other fields are inevitable.   Between that new move to open practices and the modern possibilities of inventory management and goods transportation, we should expect (and leverage) the emergence of a new regimen of confederated small companies displacing mega-corporations.   There shouldn't be just a handful of GNU/Linux companies -- there should eventually be be tens of thousands.   There shouldn't be just a few factories that make the bulk of the nation's cookies, there should be lots and lots of tiny ones.   The economies of scale enjoyed by mega-corps are increasingly accessible to small businesses again.   Among the effects of confederated small companies can be better pay and working conditions for workers and greater robustness to the economy as a whole.    In a condition of lots of confederated small companies patents and secrets won't disappear but will certainly become less important.

-t