Interesting discussion on ways to regulate AI use, and the role (limitations) of open source there, by Bruce Schneier and Waldo.

It raises some interesting questions about accountability of the open source community. They argue, as many others, that OS community is too fluid to be regulated. I tend to disagree - OS community has many levels, and a certain OS component (say a GitHub code) gets picked up by others at certain points to push to a mass market for benefit (commercial or other). It is when such OS products are picked up that the risk explodes - and it is then when we see tangible entities (companies or orgs) that should be and are accountable for how they use the OS code and push it to mass market.

I see an analogy with vulnerabilities in digital products, and the responsibility of OS community for the supply chain security. While each coder should be accountable, for individuals it probably boils down to ethics (as the effect of a single github product is very limited); but there are entities in this supply chain that integrate such components that clearly should be hold accountable.

My comments below. It is an interesting question for Geneva Dialogue as well, not only for AI debates.

cc ||JovanK|| ||anastasiyakATdiplomacy.edu||

There is a certain analogy with security of the open source, and how to ensure that open source code, which ends up being integral part of commercial products, is secure at the outset. It might not be possible to hold every code-writer in the open source community accountable for vulnerabilities, but there are certain moments later on when that code is picked up and commercialised by others, which allow the window of accountability. It is similar with LLM: it is when a certain code is picked up by others (often for monetisation or some other benefit) that accountability exists as well.

It is exactly this 'pick up' which is a milestone to look at: this is when actors involved go beyond a single github contributor, and involve certain entities (organisations or companies) which put certain resources in the promotion and reach of the product they have integrated, in order to create a mass market effect. This is where accountability for development can be looked for as well.

Is it really so? While open source community is diverse and numerous (and often boils down to a single person), their products become significant when they are put together and to the market (whether for free or monetisation). In other words, the 'danger' is not in each piece of code itself, but once those pieces are integrated into a powerful and mass-used product. This means there are certain milestones when the risks become sufficiently big to address it - and those milestones also involve certain entities (typically companies or organisations) which benefit from the reach of the product in one way or another. Devil is in details: we need to closely monitor how and when open source products come to a mass market and cause a concern - and who are the main actors at that very point that could be hold accountable. This still belongs to 'development', and addresses the developers (or integrators), not the users.

Importance of open source platform

Open source is gaining renewed relevance due to digital geopolitics: https://circleid.com/posts/20220126-why-aopena-may-become-the-keyword-of-the-digital-world-in-2022

SDC can renew efforts for strengthening 'open' approach in their development activities.

How open supports scaling (principle 3) and sustainability (principle 4)

Another possible drawback of ORAN: ensuring interoperability of various vendors, in contrast to responsibility of big vendors (similar challenge to open source software). Open question: how can this impact security (similar to open source security issues)?

New relevance of open source movement.

||VladaR||