Nate Tracy-Amoroso

Home > Unethical license changes from Mongo, Redis, and Elastic Search

Note: This was written for an ethics course so you may notice a few odd mentions of ethical frameworks.

In 2019 and 2020, a few prominent pieces of open source software developed by startups changed their licenses. I’m sure you’re already interested; what could be more scintillating than software licensing? There is intrigue, I promise, hold on.

Redis (a fast in memory database), MongoDB (an infinitely scalable database) and ElasticSearch (a search engine) used to use free and open source licenses like MIT & Apache 2.0.

These permissive licenses remove no freedoms from the user except that they acknowledge that the software is provided without warranty (The MIT License 1980). Each of these companies were profitable, and ElasticSearch specifically grossed on the order of $250 million (2019). However, each of their codebases were being packaged and sold by Amazon Web Services (AWS) as a service virtually identical to the services run by the startups (Cardoza 2021).

These cloud providers generated over 10 times the revenue of the people building the products. In particular, according to CNBC, AWS generated $3500 million in revenue (2020). Reids, MongoDB, and ElasticSearch felt they were being taken advantage of by AWS who profited immensely off of their work but contributed little back. Fighting back against the perceived injustices they modified their licensing to require anyone modifying their software (as AWS and others do) to contribute their changes and improvements back to the public project.

Why they want to privatize the public project

The startups hoped that they would be better able to compete with, and capture the profit of AWS if they had access to all AWS code.

The primary issue with this license change is that in most free and open source (FOSS) projects the people who contribute code own that code, and they license anyone to use it (legally in most FOSS projects it does not matter who started the project as they license anyone to use it).

CLAs are (can be) used to retroactively claim the work of FOSS contributors

ElasticSearch, unlike virtually all other FOSS projects, required all contributors to sign a CLA which granted ElasticSearch the rights to all user submitted code, and thus the right to modify the license of the entire codebase. This may seem like an unimportant change but it means that contributors who previously believed they were contributing to a non-profit software project can have the code they believed they owned taken by a for-profit company and relicensed to suit that company’s business needs (DeVault 2021).

“The CLA is a license agreement, which enables Elastic to distribute your code without restriction.” -Elastic

From the utilitarian perspective we may conclude that there has been no real change to net happiness. Most business goes on as usual and AWS contributes some of the code they use to sell ElasticSearch as a service (though they haven’t done so for MongoDB which happened a year prior). Since there is no significant effect on the needs of the many or on any particular person’s life, a utilitarian may conclude nothing important has happened.

But, if we examine the needs of the few who volunteer their time we see a different picture. ElasticSearch has used their contributors as merely a means to their end (a highly successful and well supported product) and not respected them as people that they have in fact done something unethical (Sandel).

To which a lawyer would reply that all contributors signed an CLA granting ElasticSearch the right to their work and thus nothing has been taken from them. Whether or not uninformed consent (as in agreeing to a legal document you cannot understand) is consent or not is not the topic at hand.

Is there a model for profitable FOSS projects that avoids corporations capturing their value?

Many people working in the software industry would prefer that a greater share of the profits went to the authors than corporations. As of yet, we haven’t seen that happen for FOSS in practice in a way that respects the rights of the contributors as well as the for-profit startups that sometimes pioneer these projects. ElasticSearch, Redis, and MongoDB did have other more Kantian options which I would have supported above taking ownership of other’s work. They could have done what many “software as a service” companies do: built a closed source product and sold it. They would have been responsible for all development work, without help from community volunteers, but they would not have found themselves in the dilemma of being less profitable than they would like, or stealing the work of volunteers. ElasticSearch’s complaint that their work is being stolen is baseless for two reasons: first, they chose to give it away under an open license, and secondly, it isn’t their work, ElasticSearch had over 1000 contributors before its license change (DeVault, 2021). The only way for ElasticSearch to right this wrong retroactively is to return the rights to contributed code to the contributors, return to an open license respecting its authors and users, and stop requiring a CLA that grants them all rights to a community project.