API guide should include principle that govt prefer truly 'free' open standards

[markmuir87]

I'm speaking specifically here about intellectual property. Although a standard may be 'open' (as in, published in the public domain), there are cases where a compliant implementation of these 'open standards' will necessarily infringe on some privately held IP (for more context see this pull request comment).

Just to be clear, 'open standard' does not necessarily mean 'royalty free' or 'extendible/modifiable'.

For example (and I don't mean to pick on OASIS, I've just been looking at one of their standards recently):

Like many bodies producing open standards e.g. ECMA, OASIS added a RAND clause to its policy in February 2005. That amendment required participants to disclose intent to apply for software patents for technologies under consideration in the standard. Contrary to the W3C, which requires participants to offer royalty-free licenses to anyone using the resulting standard, OASIS offers a similar Royalty Free on Limited Terms mode, along with a Royalty Free on RAND Terms mode and a RAND (reasonable and non-discriminatory) mode for its committees. Compared to W3C, OASIS is less restrictive regarding obligation to companies to grant a royalty-free license to the patents they own.

Controversy has rapidly arisen because this licensing was added silently and allows publication of standards which could require licensing fee payments to patent holders. This situation could effectively eliminate the possibility of free/open source implementations of these standards. Further, contributors could initially offer royalty-free use of their patent, later imposing per-unit fees, after the standard has been accepted...

...Patrick Gannon, president and CEO of OASIS from 2001 to 2008, minimized the risk that a company could take advantage of a standard to request royalties when it has been established: "If it's an option nobody uses, then what's the harm?".

Sam Hiser, former marketing lead of the now defunct OpenOffice.org, explained that such patents towards an open standard are counterproductive and inappropriate. He also argued that IBM and Microsoft were shifting their standardization efforts from the W3C to OASIS, in a way to leverage probably their patents portfolio in the future. Hiser also attributed this RAND change to the OASIS policy to Microsoft.

I think this issue is worth a dedicated principle/page. Perhaps the page could be in two parts:

1. A 'whitelist' of standard software licences that are considered safe (e.g. GPL3, Apache2, MIT, BSD etc.). Although it may be tempting to go down the 'copyleft' route (and it's a discussion worth having from a public policy perspective), the more conservative and safer route might be to include licences that are highly permissive and that minimise SWD-implementer exposure to legal risk or potential licencing fees. This might be a good starting point.
2. A more general discussion of desirable properties of software/standards licencing terms. Although impossible to make it exhaustive, this section could at least give an API exposing agency the general tools and guidance to help them discern copyright terms that are appropriate or inappropriate for standards behind, or consuming implementations of, government APIs.

This page could also prescribe how agencies should license any SDKs they publish for their APIs (though that may be covered by the government's general approach of using one of the creative commons variants).

[adonm]

Also would be good to reference AusGOAL - http://www.ausgoal.gov.au/the-ausgoal-licence-suite , as an agency we (Parks & Wildlife) almost exclusively use the BSD 3 clause and Apache 2 licenses to ensure our projects are as unencumbered as possible.