Thoughts on OSHW and OSHW certification

OSHWA, the Open Source Hardware Association, recently released a proposal for what they are calling Open Source Hardware Certification.  With some paraphrasing and handwaving, their proposal boils down to this:

  1. OSHWA will create a new logo and trademark it.
  2. To license this new trademark, you would need to agree to a contract that says:
    1. We will only put this trademark on open source hardware (as defined in the open hardware definition).
    2. If we use the logo otherwise (and do not stop when OSHWA repeatedly asks to stop), we agree to pay a hefty fine.

OSHWA has not yet fleshed out the details — neither the new logo nor the exact contents of that license contract. It’s easy to be cynical about stuff like this. But instead, let’s please give them the benefit of the doubt and suppose that when those details arrive, it turns out that they’ve done a superb job: the contract ends up to be simple, well thought-out, straightforward and does just what it says.

Maybe the new trademarked logo would look something like this mock-up:

placeholder oshwa certified logo

Given all of that, would there be a good case for some people to use this certification process? I have mixed thoughts on it. But on the whole, I’m tending towards a “probably.”

The problem with Open Source Hardware

Don’t get me wrong: I am an advocate for open source hardware. I’ve designed and released dozens of open source hardware projects and products. I make my living mostly on open source hardware. I have served on OSHWA’s board (see full disclaimer below).  I’ve given talks about how to make open source hardware. I’ve convinced people to open-source closed projects.  And there is a lot of really great open source hardware out there.

oshw logo

But there is something something is rotten, deeply rotten, in the world of open source hardware. And that is that the label “open source hardware,” either in words or represented by the OSHW logo (the keyhole-gear thing above) has been misused so much that it can’t really be trusted.

If you put that label on a piece of hardware, we might expect that this hardware meets the open hardware definition. The definition specifies (amongst other things) that you should be able to obtain the original design files (the “source”), and use them without a “noncommercial use” restriction (the “open”). But it seems like every day I hear about some drone, robot, or development board that turns out to be OSHWINO —Open Source Hardware In Name Only.

Maybe you’ve had this happen: You buy a thing that says it’s OSHW, and want to look at how it works or maybe modify it. You go to download the design files… and there aren’t any. You ask the company that made it and get a pixelated PNG of the schematic. Perhaps it’s not worth fussing much over for a $10 sensor breakout board. But if you plan to hack a $2000+ “Open Source 3D printer” that then turns out to be OSHWINO, that is another matter indeed.

One company boasted to me that they had “more than 1000 open source hardware modules.” Yet, when I asked to see the documentation for a few of them, all that they had were PDFs of schematics. You get the picture.

 

So what?

Just so you know… I’m almost totally okay with all of that.

Open source hardware is still the wild west. Creative anarchy is often wonderful. The wild west is good. Open source needs the wild west. I know that I’m not alone in that opinion. But on the other hand I also want it to mean something when a thing is advertised as “open source hardware.”

I want this for a few reasons.   As a consumer, I want to be able to buy open source things. While I’m an advocate for OSHW, I am neither hardcore nor a fanatic. I don’t require that my stuff is OSHW. (I’m typing this on an Apple computer. I used Adobe software today. I run proprietary CAD software on a Dell running Windows.)  But I do like open source hardware — and given the choice between things otherwise equal, I’d usually pick the open source option. Amongst other reasons, I like to learn how things work by looking at how they’re made.

Second, for the open source products that we make, I want to be able to advertise them as OSHW, and for that to be a meaningful statement to somebody that might want to buy it.  When the term is diluted by misuse, it devalues its meaning. “Open source hardware” is less valuable as a statement than it might otherwise be, because so often it requires fact checking to be sure.

Finally (as a consumer) I just want basic honesty in advertising. If I buy a thing that claims to be blueberry flavored, and it actually turns out to be zucchini flavored, I am not going to be a happy camper.

 

The strength and the weakness

Pretend for a moment that that OSHWA wanted to start legally enforcing the use of the term “Open Source Hardware” and of the OSHW logo, to make it so that you couldn’t use them except on definition-compliant open source hardware.

Could they? The answer is simple: No.

They wouldn’t have a legal leg to stand on. OSHWA does not own a trademark on “open source hardware”, and due to some legal wrangling with Open Source Initiative, neither OSHWA nor OSI can trademark the OSHW logo. And so it turns out that both the name “Open Source Hardware” and the OSHW logo are de facto community property.

This fact is both a great strength and a great weakness of the OSHW community.  Anybody can come and play. Anyone can make open source hardware. Anyone can use the logo, without fear of retribution or down-the-road consequences. It’s why we have that wonderful wild wild west. It’s also how we end up with OSHWINO hardware, for better or worse.

 

Thinking about solutions

The open source hardware problem could be restated as “there’s no quick way to be sure whether a given piece of hardware is genuine, definition compliant open source hardware, or just OSHWINO.” It would be great if there were a reliable solution to that problem.

If we as a community want to have some quick and reasonably reliable way to distinguish between OSHW and OSHWINO hardware then there are a few possible approaches.

One approach would be a comprehensive directory of projects and projects — where staff and readers could rate things that claim to be OSHW, fact checking and noting the details. Think Yelp for open hardware (or OSFCAAS: Open Source Fact Checking as a Service).  The disadvantage of this approach is that it is a lot of work. You’d need an army of volunteers (or maybe a lot of money) to do it well. The advantage is that a site like that could illuminate the shades of gray between open and closed. The checkboxes might show details like whether the project uses open file formats, or whether it requires proprietary components. I expect that we’ll eventually see a directory like this emerge.

Another approach would be a trademark-backed certification logo. That could be a logo awarded by that hypothetical directory site, one awarded by a standards agency (like the UL mark), or by some self-certification process. The important part is that someone owns that trademark, and can enforce its use.

OSHWA’s current proposal is of the latter type: A free self-certification that your hardware is indeed open, a logo that you can use to show it, and a trademark-backed legal threat if you use the logo in violation of the license.  An interesting detail about their proposal is that instead of threatening to sue you if you misuse that trademark, they have a schedule of fees that automatically kicks in if you keep ignoring them after repeated requests to stop. That’s actually kind of clever: OSHWA probably doesn’t have the resources to sue anyone. The fees are a big stick that they’ll probably never have to use — even if there is widespread adoption of the certification logo.

Aside: I am curious if there are other approaches that might work well here.

Doing it right

There are two things that are absolutely critical for OSHWA to get right if they want this to succeed.

First, they need to do a better job of communicating that this is not an attack on, or even a credible attempt to change the current “wild west” that represents the vast majority of the OSHW ecosystem. It is simply another option for labeling. The best analogy is that it’s like adding one of those little “Trusted” logos to your web store — adding one is not a substitute for https, and you would be a fool to think that it was.

Some people think that OSHWA wants to add penalties to misuse of the existing OSHW logo. Nothing could be further from the truth. (And again: they couldn’t even if they wanted to.) What they’re actually proposing is a new protected logo that can be used along with or instead of the usual OSHW logo. This is smart.

Second — and this is the hard part — they really have to not screw it up.  Remember that part where we gave them the benefit of the doubt, and assumed that they would get all the details right? The real world doesn’t do that. By the time they finish fleshing it out, their contract cannot be vague in the least. Amongst other details, that contract needs to provide unambiguous protection for the certification’s users against future changes in the certification requirements. If it did not, then it would leave the users vulnerable to exploitation in the future, should those requirements change. Not screwing it up is a really tall order.

Aside: Here is how unforgiving the world is: Just for putting this proposal out there, at least one person is removing the (original) OSHW logo from their designs. Not that this hurts OSHWA, and not that the OSHWA proposal has anything to do with that logo, but it shows how on-edge people are about the whole idea of certification. 

Onwards

I have seen some varied and bitter reaction to the proposal. Much of it comes from people who think that OSHWA is trying to clamp down on the use of the OSHW logo, or is trying to make money from a licensing scheme. And some of it is from people who live in the wild west — and don’t think that OSHWA or anyone else should care what it means for something to be “open source.”

And naturally, there are some who think that this is a waste of energy, pioneering PCB artist Saar Drimer of BoldPort amongst them:

 I think that the OSHWA fails to appreciate two things here. Firstly, that the ‘public’ doesn’t really care; it’s nearly always the vocal voices within the OSHW community who complain — rightfully on most accounts — about the mislabelling and abuse of their view of OSHW. Secondly, that it is nearly impossible to educate the ‘public’ for brand awareness without massive amounts of money, particularly given the first point.

Saar has a great point. (And yes, I’m one of those “vocal voices” in the community.)  I think that the answer to this is that some of us really do care, and those of us who do care about open source hardware would like better solutions.

So will we be using the OSHWA certification on our open hardware products in the future? So far, we can’t say yes or no. That depends on how things shake out, and in particular on the contents of that contract.

We’ll be watching with interest to see how this all unfolds.

 


Aside and disclosure: OSHWA is a educational non-profit (501c3) organization that I helped to found, and which I previously served on the board of. It’s basically a small group of open hardware enthusiasts who volunteer a hell of a lot of time towards finding ways to advocate for the broader OSHW community. I was not a party to the creation of this proposal, nor have I discussed it with the current OSHWA board or board members. My commentary does not reflect (and likely doesn’t agree with) the views of OSHWA. Also, I am not a lawyer. If you need legal advice, speak with a lawyer.

11 thoughts on “Thoughts on OSHW and OSHW certification

  1. I think there also needs to be a voluntary, paid certification process that, if successful, indemnifies against any and all claims from OSHWA. That way a corporation can protect itself against risk of litigation from OSHWA.

  2. ‘The open source hardware problem could be restated as “there’s no quick way to be sure whether a given piece of hardware is genuine, definition compliant open source hardware, or just OSHWINO.” It would be great if there were a reliable solution to that problem.’

    The only way to be sure is to be upfront about it: it is OSHW if you are getting all the documentation, software and valid legalese about rights grants jumbled and packaged with the hardware. Otherwise, maybe you are being conned (INO-ed).

    ‘Another approach would be a trademark-backed certification logo. That could be a logo awarded by that hypothetical directory site, one awarded by a standards agency (like the UL mark), or by some self-certification process. The important part is that someone owns that trademark, and can enforce its use.’

    And yet another approach without holding (and costly defending) a trademark would be a cryptographic signature of all product markings (including item-specific information like production dates, serial numbers, and private/withheld individual product item ID code, a sort of one-time pad) by manufacturer, using private key assigned by and known to the certification directory site. Certification directory site obviously has power to revoke validity of a key if manufacturer betrays the trust and violates OSHW principles.

    It would sort out nicely everything except direct literal forgery of an existing OSHW product, but then again, a buyer using connected mobile device with camera could quickly check if a product with that markings is 1) validly certified, 2) not already sold to someone else. Of course, every product with certification signature revealed, but not checked in as purchased, would have to be returned to be re-signed using another, different individual ID.

    I hope this idea was not laid out in confused manner. After all, it is just a sketch and starter for someone else who is a real expert in cryptography and secure protocols. The bottom line there is that perhaps things today don’t need to be done in old ways, because some of the old assumptions are no longer valid. Above I proposed two ways of dealing with problem of protection of buyer’s rights offered by OSHW:
    – First, no certification at all. Things could be open, apparently, without need for someone to certify it, because memory is cheap and a lot of information / documentation / code could be handed over with (or in) the thing itself.
    – Second, certification, but no (reliance on magical power of) trademark: if you want to avoid the hassle and cost of producing and conveying material data carriers, proof of holding a certification of compliance to standard should be done without needing to throw a book at someone, especially if you don’t have a war chest or the perpetrator is out of reach of your legal system.

  3. Whenever you buy OSHW online, a simple DIY solution to the “open source hardware problem” is to search for the source before you hit the buy button, isn’t it? If a directory saves you the work, all the better. Open-washing can be called out, as with software, and easily proven wrong by providing a link to the source. IMHO, any attempt to “certify” risks to create new gate-keepers (see e.g. Bluetooth), no matter how good the intentions. Kind regards, Thomas

    1. No, it isn’t. For instance, one project I bought hardware from DOES have source code and schematics available, but the schematics turned out to be incomplete and outdated and while the owner assured me he’ll fix this ASAP, that was two weeks ago. This is NOT the sort of thing you can just “check” – you won’t realize there’s a problem until you hit the wall.

      1. Great observation. There is no easy to verify “build from source” as with software. But how would a certification institution solve the same problem?

  4. Part of your previous arguments is that you were appealing to the authority of an organization you helped found for a definition of open hardware. Rather circular, much?

    Also, I don’t think it helps to being an absolutist on something like non-commercial licensing. So 95% open to you sounds like it might as well be closed.

    1. I do not claim any authority. I am only trying to talk through the current status of things, to try and understand what OSHWA is up to.

      “Open source” is a term that has had a well-defined meaning, ever since the term was created. I didn’t make this stuff up; I am merely trying to treat it respectfully and in the spirit that it was originally created. The OSHW definition is modeled on it, and uses the same language about your freedoms as a user of Open Source hard/software. It’s not circular, just respectful of the origin, from several perspectives.

      As I have said above, there are many shades between fully open and closed– and I would hope that we’ll get things like directories that shed light upon them. This will give much more information, and can be something that MANY more projects can use than a black-and-white certification logo.

  5. “First thing, let’s kill all the lawyers”

    Yes please, none of us are smart enough to figure out if something is open or worthy of our attentions without a cute logo and some lame ass bureaucracy to regulate and control it all. I find it amazingly ironic that people who claim to understand and appreciate openness immediately want to turn around and control the openness, making it to their liking and building little kingdoms along the way. Wouldn’t want this intellectual freedom thing to get out of hand, after all.

    Knowledge and technology, like spice, must flow. Screw the pettifogging control freaks.

  6. Thank you for sharing your thoughts.

    In trying to understand how to use open source hardware in global development projects (humanitarian, development projects) , I have been attracted to the OSHWA because of efforts in defining what OSHW is and now this certification effort.
    I think it is a required activity that we need to go through. It will provide a mechanism for those that seek certification, and I hope will also allow for the continuing growth of the community that chooses not to.

    I like the idea of self-certifiction and a trademarked logo. Let’s say the current logo with a checkmark or a star to show the extra step of certification.

    ***
    Alfredo

  7. I do quibble a bit with the idea that, unless the project can be re-used commercially, it’s not open source hardware. I don’t see why wanting to protect one’s investment of time (and very often, in the case of hardware, considerable money too) rules them out from being considered open-source. The distinction is made in software as FLOSS (both free and open-source) and just open-source.

    A topic for another post, perhaps?

    1. Yes, the “commercial use” restriction is one of the most common things that people object to.

      However, it is very important to note that both “Free Software” ( see https://en.wikipedia.org/wiki/Free_software for a full definition) and “Open Source Software” (see https://en.wikipedia.org/wiki/Open-source_software for further information) explicitly disallow commercial use exceptions. This is not the difference between the two terms. And, it’s a common misunderstanding.

      If you do not want to use a Free/Libre or Open Source label and license for your project, no one will require you to. If you want to share your source or design files (without allowing reuse), you can label them as “source-available,” or as “shared source.” But just ignoring their definitions does a great disservice to everyone who has worked on FOSS hardware and software over the last 30 years.

Comments are closed.