Andrea Danti - Fotolia
An increasingly fraught U.S. political scene has collided with technology ethics the last two years, and directly affected enterprise IT users last month when a politically motivated code deletion caused a service outage for some Chef software customers.
On Sept. 17, Seth Vargo, a Google staff engineer who also worked as a relief engineer for Chef from 2013 to 2014, deleted RubyGems that made up the Chef-Sugar utility he'd contributed from open source repositories. Chef-Sugar offers a leaner domain-specific language for Chef recipes than the default that makes Chef easier to use. After Vargo deleted the gems from a repository on RubyGems.org, some internal Chef build systems, and what Chef CTO Corey Scobie described as "a few" customer deployments that had dependencies on those gems, caused Chef Infra runs to stop working.
Vargo deleted the gems in response to a Tweet that exposed a Chef Software contract with U.S. Immigrations and Customs Enforcement (ICE), an agency that has come under fire during the Trump presidential administration for carrying out family separation policies and overseeing inhumane migrant detention facilities. Vargo did not respond to requests to comment for this story. In a statement on his GitHub page, he said "ICE [is] best known for their inhumane treatment, denial of basic human rights, and detaining children in cages … I have a moral and ethical obligation to prevent my source from being used for evil."
Vargo is far from alone among technologists with a distaste for ICE in particular -- and Chef is one of a number of targets for activists who protest the agency's practices. Other tech companies named on a website for the "No Tech For ICE" organization include AWS, Palantir, Northrup Grumman, Microsoft and Salesforce.
Seth VargoChef-Sugar contributor
Other political issues have stirred controversy elsewhere in the tech sector the past two years, from internal tensions at Google focused on gender politics and sexual harassment to a lawsuit against Salesforce for the use of its technology by alleged sex traffickers.
"There's been a trend toward highly talented individual [software] contributors behaving almost as a guild," said Forrester Research analyst Charles Betz. "There has also been alignment around progressive politics among people who are seen as thought leaders in the industry, on platforms such as Twitter."
Open source ethics force Chef's hand from within
Vargo's protest had a definite impact on Chef as a company and community that went beyond the Chef outage. The company restored the Chef-Sugar gems to their original locations on RubyGems.org, took complete control and ownership of the code and restored normal customer operation by Sept. 20, according to Scobie. Chef CEO Barry Crist also said via blog post that Chef would not renew the $95,000 contract with ICE next year, along with a separate contract with Customs and Border Patrol.
"[W]e will donate an amount equivalent to our 2019 revenues from these two contracts directed to charities that help vulnerable people impacted by the policy of family separation and detention," Crist added in the post.
Insiders and employees with political motivations similar to Vargo's within software companies and open source communities have increased their activism in recent years, particularly in an increasingly polarized political climate in the United States, and industry observers believe that trend will only increase in the future.
"If the employee voices get loud enough and have numbers to support the cause, it will force executive management teams to listen, and potentially act through new polices or existing policy adjustments," said Stephen Elliot, an analyst at IDC. "There will be large enough issues that either employees, or the company's customers, drive the need to act in some capacity."
IT buyers split on technology ethics issues
However, there's less of a clear trend in response to software ethics concerns in IT buyer behavior so far, and enterprise Chef users are split on whether that will change.
"I have never been involved in a vendor conversation where we asked, 'Who are this vendor's other customers, and are we as an enterprise aligned with those customers' human outcomes?'" said a software engineering director at a large enterprise Chef customer, who asked not to be named, after the Vargo incident made headlines. "That seems to me to be an incredibly high and difficult bar to meet."
A software engineering director with a large enterprise Chef customer
For now, another Chef customer and contributor is satisfied with Chef's response to the issue, and will continue to use Chef software -- but technology ethics have already played a prominent role in purchasing decisions.
"Software has become such an intimate part of everything we do -- almost everyone I know sleeps with a Unix device either in bed with them or next to their bed [with their smartphones]," said Blake Irvin, engineer at SmartB Energy Management GmbH in Berlin, a startup founded in 2014 that makes energy monitoring and management products for commercial buildings. "With things like autonomous vehicles and facial recognition coming out, it's obvious that tech has ethical weight."
Irvin already parted ways earlier this year with his previous CI/CD software vendor, Travis CI, after reports surfaced about senior employee layoffs following the company's acquisition by a B2B software firm, Idera Inc. in January. Travis suffered a 24-hour service outage in March that many observers attributed, at least in part, to the staff upheaval.
"Downsizing and restructuring may sometimes be required, but there are humane and inhumane ways to do it," Irvin said. The staffing issues may have affected the reliability of the service later on, but for Irvin, it was a moral issue more than a technical one.
"It put my personal values at odds with the new leadership's," he said.
However, not all vendors are as vulnerable to users' political or moral stances -- infrastructure vendors and particularly cloud service providers are more commonly the subject of "top-down" contract decisions than developer software tools. That's also the case for Irvin's company when it comes to using AWS, though the company also uses GCP, and "it's an ongoing discussion" about whether the company will continue to buy from Amazon, Irvin said.
Here, technical as well as political changes have spurred fluidity in buyers' loyalty to IT vendors -- in the age of commodity public cloud infrastructure and container portability, it's easier for them to put their money where their mouth is, if necessary, and walk away, Irvin said. Similarly, distributed systems design makes swapping out tools such as Travis much less painful than it used to be.
'Hippocratic License' debate raises open source stakes
Software ethics have most strongly affected the open source community, as open source software is increasingly popular among enterprises that historically preferred proprietary vendors and open source communities stand to be affected more deeply by individual political concerns, as in the case of Chef and Vargo.
Last month, another open source contributor, Coraline Ada Ehmke, a software developer at Stitch Fix, proposed a new type of open source software license she dubbed the Hippocratic License, which amends clauses 5 and 6 of the industry standard Open Source Definition "to usher in a new era of ethical development … [with] a modified MIT license that specifically prohibits the use of open source software to harm others."
It's likely this license will get at least some traction in the industry, and IT practitioners such as Irvin say they are in favor of the idea. However, other industry pros believe that placing ethical limitations on the use of software is contrary to the ideals of open source, are vulnerable to unintended consequences and backlash, and will harm adoption for open source software they see as already embattled by commercially motivated open source license variants.
"Pure open source will win in the end," said Heikki Nousiainen, CTO and co-founder at Aiven, an IT managed service provider focused on open source data management tools. "The promise of open source is that there are no limitations on how software is being used, good or bad, and the benefit of that outweighs the bad use cases."