Hacker News new | ask | show | jobs
by davisr 1792 days ago
The ignorance in this comment section is already giving me an aneurysm. Software licenses matter. Copyright matters. If megacorps like Microsoft can sue people into oblivion for violating their copyright terms, people can sue Microsoft into oblivion for violating theirs. I don't use MS Github, I have no skin in the game, but I hope there is at-least a $1000 award to every instance of AGPL and GPL license violation because it's unfair and illegal what they're doing.

This isn't ML, it is a ripoff and is violating clear software licensing terms. https://news.ycombinator.com/item?id=27710287

Software freedom matters, but I wouldn't expect the typical HN type to understand, since their money is made on exploiting freely-available software, putting it into proprietary little SaaS boxes, then re-selling it.
10 comments
heavyset_go 1792 days ago
> The ignorance in this comment section is already giving me an aneurysm. Software licenses matter. Copyright matters.

If anyone thinks they don't, ask why Microsoft didn't train Copilot on their Windows, Office, or Azure source repositories.

link
zarzavat 1792 days ago
Microsoft (presumably) did train it on their open source repositories, since those repositories are public GitHub repos. They didn't train it on anybody's private repositories.
link
jazzyjackson 1792 days ago
The point is, if they're sure they won't be recycling copyrighted code wholesale, why not include their own in the training set. Surely their internal code is higher quality than the average git repo, which must be 80% abandonware (if my personal repos are anything to go by :P)
link
comex 1792 days ago
Probably because of the (very small) chance that Copilot could regurgitate something secret or embarrassing.

Which is not necessarily hypocritical. The amount of copying needed for something to be copyright infringement is not high… but it's still significantly higher than the amount needed to leak information. For that, just a few words will do, e.g.

    // For Windows 12
or

    // Fuck [company name]
or

    long secret_key[2] = {0x1234567812345678, 0x8765432187654321};
link
thayne 1792 days ago
and open source codebases don't have code like that?
link
lostmsu 1792 days ago
Not the parts that are secret or embarrassing.
link
paulryanrogers 1792 days ago
But publicly accessible doesn't mean public domain. Microsoft has shared even some of their private code with others like governments. No doubt with strict licenses which they expect to be honored. AGPL and other licenses on publicly accessible code still matter.
link
phire 1792 days ago
Microsoft's apparent legal opinion is that training an AI on the data is the same as reading it, and doesn't require a license.

That as long as they have the right to read the data, they have the right to train an AI on it. The fact that the code is available under an open source license is irreverent to them.

As for why they didn't use their own private code to train their AI, I suspect it was more of a non-malicious: "we don't need to, this public github repo dataset is big enough for now"

Personally, I think Microsoft should double down on this legal stance. Train the AI on all their internal code. And train it on any code they have licensed from other companies too.

link
pronik 1792 days ago
I remember when some Windows code has been leaked, people explicitely skipped reading it to avoid getting sued if they were to work on Linux kernel or Wine in the future. Reading code can most certainly lead to a copyright breach and Microsoft of all corporates should know this.
link
jcelerier 1792 days ago
> Microsoft's apparent legal opinion is that training an AI on the data is the same as reading it, and doesn't require a license.

How is that conciled with the fact that a person that read copyrighted code (not even the original source code, a mere decompiled version of it !) is forbidden to reimplement it directly:

https://www.computerworld.com/article/2585652/reverse-engine...

link
zarzavat 1792 days ago
Clean room reimplementation is a way to prevent court cases, it's not a legal requirement.

If a company copies a competitors product then the chance of getting sued is very high. If they can show that, in fact, there was zero copying at all, then they can get the case dismissed and save great legal expense.

link
paulryanrogers 1792 days ago
Training is one thing. Regurgitating chunks verbatim without attribution is another.
link
zarzavat 1792 days ago
In general taking short excerpts of a copyrighted work is legal and is not infringement.
link
atatatat 1792 days ago
> They didn't train it on anybody's private repositories.

Are you sure?

link
cromka 1792 days ago
Case closed, everybody go home.
link
lostmsu 1792 days ago
Because that's extra work to wire them up? Until recently Windows wasn't even in Git.
link
xxpor 1792 days ago
Software licenses have barely been tested in court, let alone how they apply to code injected and combined with other code via machine learning. You're extremely overconfident about how this will actually play out.

For one, just because your code is covered by the GPL, it doesn't mean every single line in isolation is copyrightable. It has to demonstrate creativity. That's why you don't have to worry about writing for (int i = 0; i < idx; i++) {.

link
ghoward 1792 days ago
You're right that code has to demonstrate creativity for copyright. But that also means that an algorithm, even a transformative algorithm, cannot change copyright because an algorithm is not creative, by definition.

This means that the output of any algorithm on copyrighted code is still under the original copyright. I mean, we still apply the copyright of the original to the output of compilers, even though compilers can be transformative with inlining and link-time optimization, to the point that it mixes disparate code in the same way Copilot does.

In fact, I wrote some software licenses [1] that codify the fact that algorithms cannot change copyright.

[1]: https://yzena.com/licenses/

link
gradys 1792 days ago
You sound very confident about this, whereas copyright lawyers I've read discuss this issue seem much less confident overall, but lean toward thinking this would be fair use.

What makes you so confident that this would not be ruled fair use?

(And for people not familiar - if ruled fair use, it doesn't matter what the license is because fair use is an exception to copyright itself.)

link
ghoward 1792 days ago
I have a feeling you did not read the FAQ of the licenses. I don't blame you, but they explain my position.

Here's the relevant quote:

> GitHub is arguing that using FOSS code in Copilot is fair use because using data for training a machine learning algorithm has been labelled as fair use. [1]

> However, even though the training is supposedly fair use, that doesn’t mean that the distribution of the output of such algorithms is fair use.

My licenses say, basically, "Sure, training is fair use, but distributing the output is not."

The licenses specifically say that the copyright applies to any output of any algorithm that uses the source code code as all or part of its input.

Now, I have not gotten a lawyer to look at my licenses yet (it's in the works), so don't use them yourself. But because everyone keeps saying that training is fair use, I'm fairly confident that only training is fair use.

Of course, it might not be, but that would take more court cases and more precedent. I wanted to poison the well now [2] to make companies nervous about using a model that was partially trained with code licensed under my licenses.

[1]: https://valohai.com/blog/copyright-laws-and-machine-learning...

[2]: https://gavinhoward.com/2021/07/poisoning-github-copilot-and...

link
seoaeu 1792 days ago
> My licenses say, basically, "Sure, training is fair use, but distributing the output is not."

Licenses basically by definition cannot say what is and isn't fair use...

link
ghoward 1792 days ago
> Licenses basically by definition cannot say what is and isn't fair use...

Yes. However, my licenses only say what people already say. Then the licenses go further and say, "But anything else is not allowed."

Everyone else says training is fair use. My licenses agree. But they make it clear that I don't believe that anything else is fair use.

Yes, these licenses must be tested in court. Except that they poison the well now.

link
alpaca128 1792 days ago
> it doesn't mean every single line in isolation is copyrightable

Microsoft did not just copy individual lines. They fed whole repositories into their model, ignoring the license (if it exists) even though they knew from the start that information generated by the model will be publicly available. Available usually out of context, but nonetheless - the scope of the input and intent are very clearly "everything" and "redistribution".

Just adding a filter/ML model to the output shouldn't matter. I dare you to build a Copilot clone trained from leaked internal Microsoft code and then trying to argue the output is a bit mixed up.

That is a clear violation imho.

link
google234123 1792 days ago
Copilot was trained on leaked internal Microsoft code that's on github at the moment. Anyway, everyone seems perfectly ok with training langauge models on copyright text.
link
dylan604 1792 days ago
Everyone is not perfectly OK with training language models on copyrighted text. It's just that evilCorps do it anyways, and there's nothing anyone can do to stop them. I can't do anything. At best, I could get a Twitter account and complain to the ether. The copyright holders can't do anything against the might evilCorps, but that doesn't make them okay with it. The fact you believe this is just sad, and exactly what evilCorps want from you.

This goes beyond fair use or satirical/comedic effect. They are training their models to output text in the style of the authors being absorbed. The style of is exactly the artistic effect that is being copyrighted.

link
gradys 1792 days ago
Could you explain why you think training models on copyrighted text is illegal or copyright infringement or whatever else it might be?
link
klyrs 1792 days ago
Training the models is fine. Applying the models, which reproduces copyrighted works without proper attribution, is where it gets sticky.
link
dylan604 1792 days ago
My explanation will not be popular here on HN, but I'm never one to shy away. Especially when asked directly.

Buying a book, buying an audio CD, or buying a DVD/Blu-ray is granting the holder permission to read,listen,view that product as a single instance. You can lend them out, but that's all you're really allowed to do with them. The text,audio/video is not owned by you to do with as you please. People obviously do not like that, and argue making copies/backups is their right. Maybe that's acceptable, but we can agree posting them on torrents and sharing in any other manner from a copy made from the thing you have is not.

Saying that, training a model on someone's copyrighted text is not part of the agreement of the usage of said text whether it's a copyrighted magazine, newspaper, or book. If the people doing the training reach out to the copyright holders and get specific permission to use their copyrighted material in such a manner, then go ahead. The fact that people feel like they can do anything without the common courtesy of asking for permission is troubling to me that we've lost something as a society. There's no acknowledgment that someone has created something by their own work so that the creator can do with it as they please. A large portion of people believe that because it was created they deserve/should be able to/etc do what ever they want with someone else's creation. Including getting paid for derivitave works from the original creation.

link
leereeves 1792 days ago
If a trained language model exactly reproduces copyrighted text, is there any question about whether copyright still applies?
link
benhurmarcel 1792 days ago
But then the infringement is done by the person who publishes that output, not by the text editor that copies the code.
link
TchoBeer 1792 days ago
This is a useless hypothetical, no language models do that
link
heavyset_go 1792 days ago
And yet there are plenty of examples of Copilot reproducing copyrighted code verbatim, like is does in this example[1] that was posted on HN.

[1] https://twitter.com/mitsuhiko/status/1410886329924194309

link
jen20 1792 days ago
This is precisely what Copilot does, regularly.
link
sobellian 1792 days ago
The search engine on Github also calls up entire pages of GPL licensed code verbatim. Does it run afoul of copyright?
link
hodgesrm 1792 days ago
> Software licenses have barely been tested in court...

OSS licenses have been litigated and upheld. Can't supply details of my own experience for confidentiality reasons but plenty of plaintiffs have prevailed in suits about violations of OSS license terms. My guess is the numbers are higher than you might think because a lot of the cases end in non-public settlements.

link
sjy 1792 days ago
A confidential settlement does not mean that a licence has been “tested in court” or “litigated and upheld.” It means the parties thought the risk of losing was high enough to justify a settlement. The state of the law remains uncertain because cases are getting settled rather than litigated.
link
hodgesrm 1792 days ago
Technically you are right, but the fact that defendants knew they were at high risk of losing means such licenses have teeth.
link
api 1792 days ago
What about non-traditional-FOSS licenses? There is a lot of source-available not-OSI-compliant licensed software on GitHub like MongoDB, CockroachDB, etc., and that's clearly proprietary. If this thing is trained on that and generates what amount to snippets of that code then it's clearly violating those licenses.

Then there's private repositories. If they included those in the training data set that's even more actionable.

Personally I think this is software piracy at an absolutely unprecedented scale. Machine learning is just information transfer from the training data into weights in a model, a close relative of lossy data compression. Microsoft is now reselling all its GitHub users' code for profit.

link
Wowfunhappy 1792 days ago
Private repositories weren't included in the training data per-github, only public repos.

This really doesn't give me much comfort though. Making a repo public doesn't imply anything, it could be "All rights reserved".

link
sangnoir 1792 days ago
> You're extremely overconfident about how this will actually play out.

I'd argue Microsoft too, was/is overconfident about how this would play out. I would have expected a little more caution on selecting the training data.

link
josefx 1792 days ago
> it doesn't mean every single line in isolation is copyrightable.

copilot is known to reproduce entire blocks of text including non functional parts like comments.

link
bluGill 1792 days ago
While they are not tested, anything other than accepting the idea kills the idea of software completely. There is lots of room to change details, but somehow copyright and the fact that the code is copied into computer memory needs to be reconciled.
link
xxpor 1792 days ago
I don't see how. It might kill specific ideological licensing of software code, but the idea it'd kill software as a whole is pretty unbelievable. Software is too valuable to society.

As we're seeing, there's VERY little software where the specific algorithms or ideas in the software are what's valuable. The value comes from the ability to sell a service based on the software and operate it at scale. Like you said, how much SaaS is mostly open source stuff packaged up? Android is (sort of) open source, companies pay lots of people a lot of money to contribute to the Linux kernel where they give away the code they developed with that money, etc etc.

link
austincheney 1792 days ago
A software license, like any license, is a permission to operate.

> it doesn't mean every single line in isolation is copyrightable

It is if you can prove reproduction apart from your own original work (fair use). Unlike patents copyright doesn’t protect uniqueness. It is only a shield from reproduction, and if reproduction is demonstrable to a court you are likely at risk.

https://cws.auburn.edu/OVPR/pm/tt/copyrightvplagiarism

link
hartator 1792 days ago
> Software licenses matter. Copyright matters.

Some of us think is detrimental to humanity at whole.

link
Y_Y 1792 days ago
Why not both?

Copyright certainly matters. It's a big deal legally and economicically all over the world.

Suppose that it's just a bad idea and shouldn't exist. Does that mean that I should release my code into the public domain? I think you could make a good case that even being totally opposed to copyright morally or pragmatically or otherwise, given that it currently is enforced in many places it's worthwhile to play along. For example, some people would prefer a world without copyright, but GPL their code, because it might prevent a greater evil.

link
dcow 1792 days ago
Exactly. The copyleft side of me says you can't copyright instructions on how to bake a cake, or a fast route across a city, or a beautiful way to display colored pixels in a grid, or an efficient compression scheme for video data... because it's all intellectual, and not physical, "property". But society disagrees so a nice hack on copyright that perpetually keeps any of the above from being stolen and locked down by profit seeking psychopaths just early enough to the scene to make a buck, seems like the best interim solution.
link
runnerup 1791 days ago
I really appreciate yours and parents line of reasoning.
link
sangnoir 1792 days ago
True, but while they exist,they should be evenly applied
link
warkdarrior 1792 days ago
If you abolish copyright, that will only make it easier for for-profit corporations to use FOSS. There will be nothing stopping them from using FOSS, unless people stop sharing their code altogether.
link
syshum 1792 days ago
While True, if you abolish copyright then there is nothing preventing me from Installing Microsoft office on as many machines as I want never paying Microsoft a dime....
link
reedciccio 1792 days ago
This is a common misconception: without copyright, Microsoft would still have many legal means to force you to pay for every copy of windows, from contract law to patent licenses. Without copyright there would not be free software and copyleft as we know it.
link
syshum 1792 days ago
There is zero mechanism under patent law to enforce what you are referring to.

Patent law is about selling items not consuming them so they could prevent me from selling a clone of office but they cannot prevent me from installing office

as far as contract law that would be between two parties so if I obtained a copy of office somewhere and I did not have a contract with Microsoft nothing I would not be violating a contract with Microsoft copyright is the only mechanism they use to stop unauthorized distribution of their software

link
goodpoint 1792 days ago
Not at all. You are confusing copyright with theft of service or other stuff.

Closed source benefit from the secretiveness of compiled software.

link
pabs3 1792 days ago
If Copilot is violating the GPL license family, then it is also violating the permissive licenses like MIT too.
link
MichaelMoser123 1792 days ago
How so? the MIT license allows you to do everything with the code. It doesn't allow to sue the author, but that's about it. Here it is: https://opensource.org/licenses/MIT
link
bblough 1792 days ago
From your link:

> The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

Not including the copyright information for the MIT-licensed code is a violation of the license.

link
MichaelMoser123 1791 days ago
depends on what is a 'substantial portion' of the software. i think that definition is not very clear.
link
bblough 1791 days ago
No, it's not clear, and I guess that's up to the courts to decide.

But in my (non-lawyer) opinion - if the reproduced code is substantial/unique enough to be deemed to be covered by the license, then it's also substantial/unique enough to be subject to that license requirement.

link
swayson 1792 days ago
Very well put and refreshing. Thank you.
link
c7DJTLrn 1792 days ago
If I ever receive monetary compensation for violation of the license on my repositories, I will personally deliver it to you in cash. It won't happen.

I have a feeling Copilot is more of a tool for publicity than for development.

link
spywaregorilla 1792 days ago
That statement sort of depends on how important your repos are
link
snarky_birdie 1791 days ago
>I don't use MS Github, I have no skin in the game

You don't have to use Github to have a skin in the game. As long as someone has access to your open source code, no matter where it's hosted, anyone is free to upload it to Github. The open source license of your code allows that.

link
JTbane 1792 days ago
>I hope there is at-least a $1000 award to every instance of AGPL and GPL license violation

So much this. If a neural network is capable of regurgitating code verbatim (with comments!), it's not a stretch to say it's a derivative work of the GPL code used to feed it.

link
syshum 1792 days ago
Thank you...
link
api 1792 days ago
But don't you get it? The purpose of FOSS is to provide free labor for billion dollar companies.
link
tomnipotent 1792 days ago
A non-trivial amount of FOSS is contributed by programmers on the clock working for those same billion dollar companies.
link