Skip to content
Personal Sign UpClinician Sign UpLog in
go to icon
Back to Tidepool Blog
Engineering

Where's the code? (Or, a funny thing happened while on the way to an open source license...)

Written by
Howard Look
on
September 18, 2013

Greetings!

A quick update on where we are with making Tidepool's code publicly available, and a request for your feedback on our open source license strategy and draft license.

Our project lives in a set of GitHub repositories at http://github.com/tidepool-org, but these repositories are currently private, which is not our intent. We'd much rather be working in the open, and we really want to get the broader community involved in our efforts. We've kept the code private while we figure out the right open source license to use.

For a while now, we've thought that we should create a new kind of open source license. That decision in and of itself is an important one, because there are already a whole lot of licenses out there and adding yet another just creates more complexity.

Why would we create a new license?

  • We want to require applications, devices and services that use Tidepool code to keep health data open and accessible to patients and their designated caregivers at all times.
  • We want for-profit companies to be able to feel comfortable innovating based on our code, but we also feel that trapping the data in closed, proprietary formats, systems and devices isn't the best way for people with diabetes to manage their disease (ditto for other diseases, for that matter).
  • We are inspired by the current explosion of health apps and devices with open APIs. Open, accessible data enables more engaged and informed patients. It is also important that data be kept open in both human-readable and machine-readable forms.

While we don’t always agree with their rationale, we realize that many enterprises are hesitant to adopt code that is licensed with strong “copyleft” licenses like the GNU General Public License (GPL). It is very important to us that companies continue to develop better and better products to help people with diabetes. We would fail in this goal if there is a hesitancy to include our code because it uses GPL or another copyleft license.

We also believe that open source code makes for safer and more effective devices and services. We believe that "Many eyes make all bugs shallow" and that security through obscurity just doesn't work. There is no doubt in my mind that Medtronic pumps would not be hackable if their source was open to inspection and public comment and improvement.

However, we do want to ensure that health data processed by our software is open and available to those who need to manage their health. This element of “Open Data” is not clearly set out in any existing open source license. Therefore, we needed to create a new license whose conditions are focused on openness of data, rather than openness of source code.

Also:

  • We don't care if other people make money off of our code. As a matter of fact, we want people to make money off of our code.
  • We think what we are building is good, and we want broad adoption of it. More people using Tidepool technology hopefully means more people with fewer complications and better outcomes over time.
  • We want a license that is OSI compliant. These terms are completely reasonable and in line with our mission: http://opensource.org/osd
  • We also appreciate the work that has been done by the Open Definition team, but even that work focuses on free licensing of databases, rather than access to a person’s own data – data about that specific person.

We have also decided that we will not play "the patent game." We will not file patents. We have no intent to sue anyone, nor do we think anyone should feel the need to sue us over intellectual property. Everything we are doing is obvious; there is no rocket science here, it just hasn't been done before in the field of diabetes care. We also don't want anyone using our code to worry that they will be sued. Our work is based on well-understood, publicly available ideas that are in the public domain.

Given all that, we take a step back for a moment and remind ourselves why we're here: Our mission at Tidepool is to help people with diabetes receive safer and more effective therapy while reducing the burden of managing this chronic disease. We are doing this by delivering an open source platform and applications. Our applications will be intuitive and accessible, demonstrating the usefulness of our platform. Our platform will encourage others to do research and innovate beyond our applications, by providing a secure, data-validated infrastructure for diabetes data.

We are proposing that we will dual-license the Tidepool code under these two licenses (update 2013-09-23: To be clear, this "or" not "and." Developers can choose to use the software under either one of these licenses.):

1) The GNU General Public License (GPL) v3

The copyleft provisions of GPL v3 require that changes to the Tidepool code be published back into the open. Over the longer term, this is better for patients. Truly open source code is safer because it can be inspected and improved. However, we don't think that most medical device companies will publish their source code any time soon. Broad adoption of our platform and apps is more important than open code, at the moment.

We hope that at least one diabetes device company will see the value in publishing the source code to their device openly. Some group of smart people -- maybe it's us, maybe it's someone else -- will build an open source reference device implementation. If Tidepool has already done the regulatory legwork to approve the software stack upon which this device is based, it could be a very quick way to get a safe, effective and usable device to market.

2) Tidepool Open Access to Health Data Software License (a.k.a. “The Tidepool License”)

The Tidepool license is very similar to the Apache v2 license, with the addition of an “open health data” requirement.

We want for-profit companies that are hesitant to adopt GPL to still adopt our platform, not be obligated to publish their changes into the open, and have the ability to sell their devices and services as they see fit. In this sense, the Tidepool License is "permissive" like the Apache, MIT and BSD licenses.

However, the Tidepool License has a "sticky" provision that requires people or companies distributing applications, devices and services based on our code to provide mechanisms that allow users to always have access to data generated by their device or service.

For those of you who follow open source licensing, our license is permissive as to source code, and “copyleft” as to data.

The precise definition of what data must be made accessible is the tricky part of creating this new license. The intent is that all reasonable data that would help an engaged patient (or their designate) understand the safety and efficacy of their therapy be made open, in both human-readable and machine-accessible forms.

For example:

  • An insulin pump (as designed by today’s standards) would need to make available all settings and all diagnostic information that could reasonably be used to understand the safety and efficacy of its therapy. This would include (but not be limited to): all settings, all "events" (e.g. basal and bolus deliveries, reservoir changes, etc.), bolus wizard parameters, and all useful diagnostic information like pump resistance (occlusion pressure) and battery levels.
  • A continuous glucose monitor would need to make available raw ISIG (interstitial glucose) values, time stamps (preferably in UTC, please!), all settings, and the converted blood glucose values.
  • Thinking beyond diabetes, we imagine other projects focused on other diseases might also use the Tidepool License. Data from an implanted cardioverter-defibrillator (ICD) would include things like all defibrillation events, battery charge, capacitor charge times and lead impedance.

Since coming up with a list of all "reasonable" data to be provided is tricky, and device and service technology changes over time, we’ve included these examples of data so that people can understand the intent of the license. We’ll maintain a list of more examples like these on our website or wiki.

We’d love to know what you think about this plan. We’re anxious to publish our code and be working in the open along with the rest of the community, but we also want to make sure we get this right.

Thank you all for the support and encouragement you've given us since we announced what we are up to. We've gotten an incredible response to our efforts, reinforcing how wonderfully motivated and supportive the diabetes community is.

Link to Draft Tidepool License

Link to Tidepool License FAQ

Stay in the Tidepool Loop

We'll keep you updated with all the need to know news and announcements for Tidepool and Tidepool Loop

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Support our work

Donate today to support Tidepool's mission to improve the lives of People with Diabetes through affordable, accessible and interoperable technologies

Donate

Stay in the Tidepool loop

Want to get the latest news and updates about Tidepool and Tidepool Loop? We promise to keep it interesting in your inbox.

Thank you for your interest in Tidepool! Check your email to complete your subscription.
Oops! Something went wrong while submitting the form. Please try again.
FacebookInstagramLinkedInYouTube
Thank you for your interest in Tidepool! Check your email to complete your subscription.
Oops! Something went wrong while submitting the form. Please try again.
Tidepool for ProvidersTidepool+
Viewing your dataHow it worksTidepool for telemedicineSupported devicesDownload our software
Tidepool LoopAutomated insulin dosingTidepool Loop interest form
ResourcesSupport documentationWebinarsDocuments and disclosuresBig Data Donation ProjectUser Research community
AboutTeamPressNewsJobsOpen source
Tidepool.org
Healthcare Professionals
"Tidepool" and the Tidepool logo are registered trademarks of Tidepool Project, a fully-qualified 501(c)(3) nonprofit organization. EIN 46-2302287 | 555 Bryant St. #429 Palo Alto, CA 94301
Terms of UsePrivacy PolicyDocumentsRelease NotesTidepool Status