Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source in the Military?

Posted by Cliff on from the you-saw-how-well-NT-on-a-carrier-went dept.

djmcmath asks: "Does anyone have any experience with Open Source Software and/or GPL'd software in military applications? I'm only asking because I'm involved in work on the combat systems for a new submarine, and had considered an Open Source solution. (I apologize, I must be intentionally vague for obvious reasons.) So ignore the obvious questions (Is it really suitable? Are closed-source proprietary options better? Does MS have a good solution?) and skip to the good stuff. What about the fact that my code would be classified Secret under US Code Umptifratz? I cannot distribute my code (and it's changes) without being tried for treason. What happens to the rest of the combat system code when I submit my GPL'd module?" Open Source and the Military: it's a tricky combination of keeping what can be open, open and keeping your secrets...well, secrets! However, open source in the military need not be as high profile as weapons systems. One of the only major OS projects that I'm aware of that had any form of military involvement was GRASS, the open-source GIS system. I'm sure there may be a few others out there. Does anyone know of other OS projects with military association? If there are any projects out there that interface with classified bits, how did you deal with those issues?

12 of 388 comments (clear)

  1. Source Distribution by aridhol · · Score: 5, Informative

    I cannot distribute my code (and it's changes) without being tried for treason

    Are you distributing your executables? If you use the OSS for a specific system and only on that system, you are not required to distribute source - everyone that has the binaries (the military) will have the source.

    --
    I can't say that I don't give a fuck. I've just run out of fuck to give.
    1. Re:Source Distribution by Anonymous Coward · · Score: 5, Funny

      Are you distributing your executables? If you use the OSS for a specific system and only on that system, you are not required to distribute source - everyone that has the binaries (the military) will have the source.

      It's actually simpler than that -- this is the US -- therefore, you only need to say aloud one of two magic incantations, "National Security" or "For the love of God, will no one think of the children?" and debate is terminated. In your favor.

  2. GLP and software availability by Account+10 · · Score: 5, Funny


    You only need to distribute the source to the people that you distribute the binary to.

    Presumably the binary is covered by the same secrecy rules as the source, so the only people entitled to the source are the miltary.

    Although, if the binary is in a bomb, you may also need to distribute the source to the poor sod that you drop it on.

    1. Re:GLP and software availability by linzeal · · Score: 5, Funny

      They could just include the source in a leaflet attached to the side of the bomb with a stern finger wagging RMS on it.

      --
      An Education is the Font of All Liberty
    2. Re:GLP and software availability by FattMattP · · Score: 5, Funny
      Although, if the binary is in a bomb, you may also need to distribute the source to the poor sod that you drop it on.
      That would only be necessary if he's going to execute the code. If the code is in a bomb, it's more likely that it's going to be executing him.
      --
      Prevent email address forgery. Publish SPF records for y
  3. Read the FAQ by gkirkend · · Score: 5, Informative
    Take a look at the GPL FAQ

    A quote from the FAQ which I believe applies to your situation:
    "The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization. But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL. Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you."

    Greg

    --
    To a shark, you are just another food choice...
  4. Another mis-understanding of the GPL by mcrbids · · Score: 5, Informative
    It's a common misunderstanding of the GPL... using GPL software does not mean you have to distribute it.

    The terms of the GPL simply state that if you sell a GPL product to a customer, you must provide the source to that customer.

    Red Hat, Mandrake, and the like are being nice enough to provide iso images of their software for your download - they are not required to.

    So what are the ramifications? Well, if the military sells your GPL solution to a 3rd country, they have to provide the source to that 3rd country, as well.

    In other words, in this case, GPL (or no) makes no difference at all. GPL code can be "top secret" as long as the customer has full access to the code.

    The idea of the GPL is that "If I bought it, I can do as I please with it - and if I sell it, so can whoever I sell it to..."

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.
  5. Hmm.. interestting by BoneFlower · · Score: 5, Informative

    IANAL, however I did work in military intelligence and information security.

    From what I understand, in this case, the government agency responsible for the code changes would be required to distribute those changes to any agency they distribute the binaries too... This should not, as I understand it, mean the individual users of the software.

    For example, lets say the Navy sends copies of the binaries to Electric Boat(a sub manufacturer). They would be required to send the source to Electric boat as well.

    However, in this case, it is Electric Boats IT department that is the receiver of the binary, NOT the electric boat employee who uses the software. Therefore, the source can legally be kept inside a safe at the CMCC(classified material control center), shown only to the IT department and others with an established need to know.

    However, in any case, regardless of license, if the source changes reveal classified information it would be illegal to release them to the general public. I'd wager that even if that turned out to be a direct violation of the GPL, the classification side of the case would win in court.

    With all that said, I would recommend you push for release of all source changes that do not reveal classified information. I realize that might not be much, but what you can, go for it.

  6. Support? by gehrehmee · · Score: 5, Funny
    Open software is typically accompanied by open support. If the usage of your software is as secret as you make it sound, it might be really difficult to get technical support from the community in the same way civillian users might.
    I finally got Linux 2.4.CLASSIFIED to work on my CLASSIFIED system, which required me to work around the CLASSIFIED component attached to the CLASSIFIED-CLASSIFIED. However, I'm still having some stability problems. Anybody see anything blatently wrong with this patch? :

    --- /usr/local/src/linux/fs/devices.c Sat Sep 22 21:35:43 2001
    +++ CLASSIFIED.c Sat Mar 16 14:32:35 2002
    @@ -32,7 +32,7 @@

    struct CLASSIFIED_struct {
    const char * name;
    - struct file_operations * fops;
    + struct string_operations * CLASSIFIED;
    };

    static CLASSIFIED_t CLASSIFIED_lock = RW_LOCK_UNLOCKED;
    @@ -62,9 +62,9 @@
    Load the CLASSIFIED if needed.
    Increment the CLASSIFIED count of module in question.
    */
    -static struct CLASSIFIED_operations * get_chrfops(unsigned int CLASSIFIED, unsigned int CLASSIFIED)
    +static struct string_operations * get_chrfops(unsigned int CLASSIFIED, unsigned int CLASSIFIED)
    {
    - struct CLASSIFIED_operations *ret = NULL;
    + struct CLASSIFIED_operations *ret = NULL;

    if (!CLASSIFIED || CLASSIFIED >= MAX_CHRDEV)
    return NULL;
    @@ -95,7 +95,7 @@
    return ret;
    }
    --
    "You know, Hobbes, some days even my lucky rocketship underpants don't help" -- Calvin
  7. Military involvement by Ektanoor · · Score: 5, Insightful

    Just a note on how military are involved on spreading the evil "specter" all over the world. Just one name that means all:

    "TCP/IP"

    It's open, clear and crystal like water. The whole world uses it. 90% of open/closed source network systems depend on it. It's open, it's readable. And it's ARPA...

    What else is needed to talk about the military involvement? From start to end, many things done on computers are orginally military by their nature... First computers were created for military needs, let's not forget this. And today nearly everyone uses them. From Taco to Ben Laden...

  8. One Approach - Loose Integration by guygee · · Score: 5, Interesting



    I worked on a terrain database analysis tool, called ZCAP,
    that was funded a few years back by U.S. Army STRICOM
    and the Defense Modeling and Simulation Office
    We distributed the application (and still do) in a complete package
    that included a number of supporting free source applications, such as gnuplot
    and tcl/tk. We handled the combination of free source, (no longer)export-restricted
    software, and proprietarty libraries by loosely integrating
    using system calls under a tk-based gui. Not very clean, but there
    is a lot of good code in there, and I'm planning to gpl it in the near future.

  9. Two point on Classified work... by trims · · Score: 5, Informative

    First off, run, do not walk, do not pass go, straight to the base/department legal department. Do not attempt to do ANYTHING until they OK it - the regulations surrounding secret-level work are inordinately hairy and convoluted, and only a lawyer specialized in classified-work law can answer your question definitively.

    The other note, which is useful when discussing this with aforementioned lawyer: any work done under a Classified label (or higher) has different rules than "normal" work. Basically, any license that gets applied to the code only applies to those with a clearance at least as high as the code was written. Thus, if your code is Classified, I don't care if it has the BSD license, GPL, Bob's SuperFree License, or whatnot. Anyone without a Classified clearance isn't entitled to see it. Period.

    This is a case where the murky grounds of National Security trumps Copyright (and other Intellectual Property) law. The law still holds, but it's restricted to the circle of security it's at.

    National Security law basically allows you to use anybody else's code, provide you compensate them in a just and reasonable manner. As far as I've experienced, this means that you have to pay them the basic asking price on the free (i.e non-classified) market, and they don't get to say "no, you can't use it". For GPL/BSD/Open Source licenses, the asking price is Free, so well, they've been "compensated" as they've normally would.

    In this case, Classifed work can certainly suck in Open Source code and not release it until it gets unClassified. And, as a side note, there is no "leaking" - people are not entitled to distribute code to non-cleared people, so it's not like Trade Secrets. It stays locked up until it's declassfied.

    -Erik

    --
    There are always four sides to every story: your side, their side, the truth, and what really happened.