Is any problem domain off-limits to open source development?

Question

Partially inspired by this question: https://opensource.stackexchange.com/questions/613/what-subject-areas-are-in-need-of-free-and-open-source-projects

Open source development has greatly enriched and expanded many problem domains, not simply hardware. Open source 3D printer design, and the Arduino platform are excellent examples.

But are there any domains or industries which are inherently off-limits for the creation of open-source solutions?

And by solution, I don't mean using open source code, but providing an actual implementation.

Answer 1

A few topics in security benefit from being closed-source.

This is not the general case. In cryptography and most of security, Kerckhoff's principle applies. A system should be secure even if its design is fully public, because the adversary can usually learn the system's design anyway. In cryptography, secrecy is concentrated in a very small part: a key, a password, a nonce… The operations that are performed on these secret values are well-known.

Most of security benefits from being open-source. For example, all recommended cryptographic algorithms are public and have undergone years of scrutiny by experts. For software, note that the benefit of being open source only comes into play if someone actually does review the software. This is rarely done because it's expensive. I invite you to read threads on this topic on Security Stack Exchange, such as Open Source vs Closed Source Systems, Security related code in Open Source projects?, How are open-sourced operating systems and software kept secure?, etc.

Nonetheless, there are a few specialized domains where closed source is an advantage for security. These are domains where in order to obtain information about the system design, an adversary has to conduct active attacks that run the risk of detection. Generally, in such domains, the design of the system evolves, so while adversaries can eventually gain the knowledge that they seek, by the time they manage to do so, that knowledge becomes obsolete.

For example, Stack Exchange has measures to combat spam and vote fraud. These measures would not work as well if the detail of how they work was public. For example, it's known that there are filters to block spam, but the details of what makes the system decide that a new user is a spammer and isn't allowed to post are only known to a few Stack Exchange employees. Similarly, it's well-known that there is an automated process to cancel votes between sockpuppets of the same person, but the details of how this works is not public, it is not even known to moderators. In order to learn how to get through, spammers and fraudsters need to carry active probes where they try to post things and see what sticks and what gets shut down. All this probing leaves tracks, which help the defenders make the system more resistant and identity the attackers.

Another example is some of the security countermeasures on smart cards. Smart cards have to maintain secrecy in a hostile environment where the attacker has physical control over the card (e.g. a credit card thief). They are potentially vulnerable to many types of attacks, including side channel leakage and fault injection. Some of the protections on a smart card involve code that erases confidential data if it detects an attack (as well as physical protections such as dissolving part of the card if someone tries to drill a hole in it). These countermeasures work better if the attacker doesn't know exactly what triggers them, so that they'll need to brick many cards before they figure it out. Eventually they will figure it out, but if it takes them a few years and the cards using this technology have expired, the defenders have won.

Both examples are a permanent arms race. Closed source is an advantage only temporarily, for a few years at most. Once ways to break the system are known, the whole design might as well be published. But making the design of these particular subsystems open from the get go would facilitate attacks. Closed source is good to protect a few tricks with expected obsolescence. This doesn't necessarily mean that such systems can't be open-source, but an open-source system would have to be extremely good to compete.

Answer 2

One area where free software will not reasonably compete in the foreseeable future is playback software for premium video. Movie studios make their works available for rental and enforce the terms of the rental contract with DRM (digital restrictions management) so that an end user cannot turn a rental into a substitute for a purchase. Even when a particular DRM scheme is open to third-party implementations, all implementations must meet the scheme's "compliance and robustness" rules in order to get a player key to decrypt the video. A requirement for robustness against end user modification inherently rules out free software.

Another is video games. The vast majority of professional "e-sports" leagues have standardized on non-free games. Trying to provide free software to an e-sports league by "cloning" an existing video game is more legally risky than "cloning" a productivity application because case law doesn't leave quite as much room for an interoperability defense with games. (Compare Lotus v. Borland, decided for the cloner, to Atari v. Philips and Tetris v. Xio, decided for the original games' copyright owners.) Furthermore, the makers of popular "consoles" (set-top video gaming devices) ban all copylefted software from their platforms and authorize no way to load software created by the user of a retail device.

Private sector production of tax preparation software is a third. In this domain, the developer translates annual changes to the tax code into a machine-readable form. Users rely on the accuracy of this translation to an extent greater than the typical ABSOLUTELY NO WARRANTY disclaimer can support. The specialized labor involved in the translation is why details of the translation are considered valuable trade secrets. In theory, it'd be possible for the public sector to provide free tax preparation software, but certain fiscal conservative political parties would be loath to accept what they would term government scope creep and unfair competition with the likes of H&R Block and Intuit.

Answer 3

Other answers have good points but in my mind the biggest issue by far is Patents.

If a company holds patents and then issues open source code that is related to the patents, it can be argued that they are giving permission for anyone to use their patented technology. Some licenses (like GPL) make this very clear in their terms, while other licenses (like MIT) don't mention patents at all.

However, even though MIT/etc don't explicitly cover patents it does cover them indirectly - the license gives anyone permission to "use" the technology and that's enough to give an implied license for all patents.

Where it gets especially nasty is when the company writing the source code only has a license to the patent, instead of being the one who owns the patent. Often technology is covered by a patent "pool" involving a large number of independent corporations. For example this is widespread among video compression and cell phone radio technology. In these cases, a company (such as Qualcomm) will have permission to use and sell technology in the "pool" but they do not have permission to grant the open source community a license to the patents.

This is why video compression and cellphone hardware drivers are typically closed source components in an otherwise fully open source technology stack.

Patent trolls are also a huge problem for open source development. For example Apple's FaceTime protocol, which they originally promised to open source but it never happened, likely because of patents more than anything else.

About a month after they promised to make FaceTime an open standard, Apple was sued by a patent troll name VirnetX, and spent ~3 years fighting in court. Eventually the court rued Facetime did infringe on a couple of the many patents VirnetX claimed Apple had violated. Apple always publicly maintained FaceTime doesn't violate any patents but they had to accept the court's ruling in the end.

While defending themselves in court Apple was in no position to make FaceTime open (that would increase the damages from loosing a lawsuit) and after loosing the case they would have had to sign some kind of agreement to attain a license to VirnetX's patent portfolio which will have included language forbidding Apple from giving anybody else permission to use the patents covered by VirneX's 200 or so patents.

Answer 4

One area strikes me as inherently closed to open source solutions.

It is hard to imagine the creation of an open source weapons system platform. Beyond the concerns of ethics, whilst there might be engineers out there who would be prepared to actively participate in such a project, it would probably quickly attract a very negative response from many government bodies and might even be in violations of numerous laws.

Another potential area is that of medical equipment, which has to meet a prohibitively high legal burden of qualification and indemnity.

Answer 5

Some companies consider some of their software programs as advantages that give them a leading edge against their competitors.

For instance:

• Both InvestmentBankA and InvestmentBankB are very similar, but what makes one earn more than the other is how smart its trading algorithm is.
• Both WebAdsCompanyA and WebAdsCompanyB are very similar, but what makes one earn more than the other is how smart their program can match advertisement content to available advertising space.

On the opposite, most companies consider that they can win over their competitors thanks to their superior team, customer base, strategy, etc.