Tragedy of the Digital Commons

100 Pages Posted: 17 Oct 2022 Last revised: 31 May 2023

Date Written: August 12, 2022

Abstract

Google, iPhones, the national power grid, surgical operating rooms, baby monitors, surveillance technology, and wastewater management systems all run on open source software. Open source software, or software that is free and publicly available, powers our day-to-day lives. As a resource, it defies economic logic; it is built by developers, many of whom are volunteers, who build projects with the altruistic intention of donating them to the digital commons. Developers use it because it saves time and money and promotes innovation. Its benefits have led to its ubiquity and indispensability. Today, over 97% of all software uses open source. Without it, our critical infrastructure would crumble. The risk of that happening is more real than ever.

In December 2021, the Log4Shell vulnerability demonstrated that the issue of open source security can no longer be ignored. One vulnerability found in a game of Minecraft threatened to take down systems worldwide—from the Belgian government to Google. The scope of the damage is unmatched; with open source, a vulnerability in one product can be used against every other entity that uses the same code. Open source’s benefits are also its burden. No one wants to pay for a resource they can get an unlimited supply of for free. Open source is not, however, truly unlimited. The open source community—the individuals, nonprofits, and companies actively contributing to its production and maintenance—is buckling under the weight of supporting over three-fourths of the world’s code. Rather than share the load, many of its primary beneficiaries, companies that build proprietary software, add to it. By failing to take basic precautionary measures in using open source code, they make its exploitation nearly inevitable—when it happens, they free-ride on the already overwhelmed community to fix it. This doom cycle leaves everyone worse off because it leaves our critical infrastructure dangerously vulnerable.

Since it began, open source has worked behind the scenes to make society better. Today, its struggles are going unnoticed and unaddressed. The vanguard of public and private entities already supporting open source cannot carry the burden alone—the rest of open source’s beneficiaries must also be conscripted. So far, government interventions have been lacking. Secure open source requires much more. To start, it is time we treated open source as the critical infrastructure it is.

Keywords: open source, software, cybersecurity, critical infrastructure, public goods, tragedy of the commons, free riders, FLOSS, OSS, market failures

Suggested Citation

Sharma, Chinmayi, Tragedy of the Digital Commons (August 12, 2022). 101 North Carolina Law Review 1129 (2023), Available at SSRN: https://ssrn.com/abstract=4245266 or http://dx.doi.org/10.2139/ssrn.4245266

Chinmayi Sharma (Contact Author)

Fordham Law School ( email )

150 West 62 Street
New York, NY 10023
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
1,260
Abstract Views
6,042
Rank
30,147
PlumX Metrics