1. David Tollen, The Tech Contracts Handbook, Appendix 2 (ABA Publishing, 2021).

Brussels' Boilerplate

1. See also, “(10) ‘making available on the market’ means the supply of an AI system or a general-purpose AI model... whether in return for payment or free of charge;”
2. As Colorado's AG is empowered under the CAIA to issue rules for enforcement, Denver could also say which licenses satisfy required disclosure (e.g. CDDL, EPL, GPL, MPL, etc.).
3. DeepSeek? was recently the most downloaded free app on Apple's App Store and Google Play.
4. Only 20 states have data privacy policies: thirteen exempt Gramm-Leach-Bliley Act entities and data; four, GLBA entities only; and three, just GLBA data.

1. Robert W. Gordon, The Citizen-Lawyer - A Brief Informal History of a Myth with Some Basis in Reality, 50 Wm. & Mary L. Rev. 1169 (2009), https://scholarship.law.wm.edu/wmlr/vol50/iss4/4, p. 1182.

Rocky Mountain High: Colorado’s AI Act and Hallucinating about Open-Source

As for the CAIA, the arrival of DeepSeek? was not so much a “sputnik” moment, as much as a lesson from Silicon Valley’s recent history. In 1979, Oracle released its first commercial relational database management system, called “Oracle Version 2,” and in 1996, researchers from Berkeley launched PostgreSQL, which became a much-beloved OSS alternative. Today, some industry studies indicate that the latter has more market share than Oracle’s current suite of tools. Even AlphaFold 3 (the model behind the 2024 Nobel Prize in Chemistry) is OSS, so Denver’s myopic view of the “developer” behind major breakthroughs misses the scientific process that underlies progress in software. To that end, where there are replicability issues in many scientific journals, OSS virtually sits in a state of truth, insofar as pull requests are hypotheses (merged, if true, or else restored to previous builds, if false). Thus, superior code is shipped where collaboration and criticism are hallmarks of distributed production.

1. In January, DeepSeek? was the most downloaded free app on the AppStore? and Google Play.
2. Only 20 states have data privacy policies: thirteen have exemptions for data and entities under the Gramm-Leach-Bliley Act; four for just GLBA entities; and three (CO, OR, and MN) for GLBA data-only.

Rocky Mountain High: Colorado’s AI Act and Hallucinations of Open-Source

Rocky Mountain High: Colorado’s AI Act and Hallucinations about Open-Source

Fool’s Gold

The first state to regulate recreational dispensaries is the first to dispense with “AI.” Commentators like EFF have called Colorado’s Artificial Intelligence Act (CAIA), enacted last summer, “comprehensive,” but Colorado’s law merely resembles the European Union’s AI Act. “The Revolution permanently put the major models of European governance off the table,”[1] but apparently, Denver has taken too little from Brussels and put too much out of reach of the state. “Today, most commercial software includes open source components,” and now with DeepSeek? , it is more doubtful than ever that developing “high-risk AI” will require proprietary ownership. Before the CAIA goes into effect February 6, 2026, its omission of open source software (OSS) is an open wound that Denver can still patch: (1) directly, by amending the CAIA to align more closely with the EU, or (2) indirectly, by amending the Colorado Privacy Act (CPA) to collaterally attack the issue as Sacramento did with the updated California Consumer Privacy Act (CCPA).

Open-source Opening

When DeepSeek? , an OSS project from China, was released, Nvidia, a chips manufacturer, lost $1T in value, as share price tumbled 17%.[3] One of the world’s most valuable companies, Nvidia was chastened by news that massive amounts of compute power would no longer be necessary for cutting-edge development in AI—compared to OpenAI? ’s leading model, O1, DeepSeek? performed at least as well across a battery of tests at comparatively negligible costs. Originally, OpenAI? was founded as a nonprofit to promote the open source development of AI (ergo, OpenAI? ), but that founding mythos was lost somewhere along the way—apparently, when humans could no longer handle the gift of knowledge, Prometheus also returned to reclaim fire (Washington State may have a different Mount Olympus, but the ashes of lighting money on fire may yet be traced to Redmond). Hence, as for the CAIA and other aspiring regulators, the arrival of DeepSeek? was not so much a “sputnik” moment, as much as a wake-up call from Silicon Valley’s recent economic history. In 1979, Oracle released its first commercial relational database management system, called “Oracle Version 2,” and in 1996, researchers from Berkeley launched PostgreSQL, which became a much-beloved OSS alternative. Today, some industry studies indicate that the latter has more market share than Oracle’s current suite of tools. Even AlphaFold? 2 (the model behind the 2024 Nobel Prize in Chemistry) is OSS, so Denver’s narrow view of the “developer” behind major breakthroughs appears to miss the scientific process that underlies progress in software. Notably, where there are replicability issues in journals, OSS projects virtually rest in a state of truth, where pull requests are functionally hypotheses, extending the state of knowledge (merged, if true, or else restored to previous builds). Generally, superior code is shipped where collaboration and criticism are the defaults of production.

Minding the Gap

California Dreaming

Up the Mountain

1. Robert Gordon, The Citizen Lawyer, A Brief Informal History of Myth with Some Basis in Reality, p. 1182.
2. David Tollen, The Tech Contracts Handbook, Appendix 2 (ABA Publishing, 2021).
3. Karen Friar and Ines Ferré, DeepSeek? sell-off reminds investors of the biggest earnings story holding up the stock market, Yahoo Finance (January 27, 2025), https://finance.yahoo.com/news/live/stock-market-today-nasdaq-clobbered-nvidia-sinks-17-while-dow-stages-comeback-as-ai-fears-shake-markets-210101592.html.
4. See also, “(10) ‘making available on the market’ means the supply of an AI system or a general-purpose AI model for distribution or use on the Union market in the course of a commercial activity, whether in return for payment or free of charge;”
5. The state AG—already empowered under the CAIA to issue rules for enforcement—could further specify appropriate licenses (e.g. CDDL, EPL, GPL, MPL, etc.).
6. In February, DeepSeek? was the most downloaded app on the AppStore? and Google Play.
7. Only 20 states have data privacy policies: thirteen have exemptions for data and entities under the Gramm-Leach-Bliley Act; four for just GLBA entities; and three (CO, OR, and MN) for GLBA data-only.

A title it a terrible thing to waste.

But you didn't look. You could have found HFT-Orderbook, hummingbot, StockSharp? and a clutch of other tools. Instead of hypothesizing why software either does or doesn't exist, it would have been a good move to find the software that does exist, look at the projects' composition, roadmap, development tempo, etc., in order to understand what is actually going on. Christopher St. Germain has less to tell us about this matter than GitHub? , I fancy.

Paper Title

-- By MichaelMacKay - 25 Oct 2024

In "The Use of Knowledge in Society," Friedrich Hayek argued that civilization advances by expanding the number of actions we can perform “without thinking about them.” When he won the 1978 Nobel Prize in Economics, it was largely for illustrating how price signals create efficient markets. Yet, Black Monday—a massive crash less than a decade later—posed a critical question: who is actually thinking?

In open-source software (OSS), proof of thought is essential, as free software means the right to inspect code. Where marginal costs are negligible, OSS also often surpasses proprietary production. So why have high-frequency trading (HFT) firms like Virtu or Citadel not open-sourced more projects? The commercial success of Google’s TensorFlow? , released in 2015 under an Apache license, a free software license, shows how sharing some core infrastructure can attract powerful network effects while preserving competitive advantages. Despite this, HFTs—now responsible for most daily trading volume—are unswayed. Given the proven benefits of open-source efforts in other complex fields (n.b. this year's Nobel Prizes), their resistance to greater openness is enigmatic where profitability and market influence could be enhanced by selectively open-sourcing some more ancillary code.

Market Microstructure and the Case for Openness

Secrecy has long defined finance, as evidenced by the NYSE’s former "upstairs room,” but beneath the fog lies a path between Scylla and Charybdis, liquidity and price accuracy, that developers at HFTs like Two Sigma must chart. According to the Glosten-Milgrom model, market makers like HFTs set bid-ask spreads based on their expected likelihood of encountering informed traders, so theoretically, open-sourcing key algorithms would likely result in greater losses for HFTs and wider bid-ask spreads for everyone else.

Yet, while conventional wisdom suggests open-sourcing strategic assets would eliminate profits, certain market-making might become more profitable when open-sourced. Consider index arbitrage between S&P 500 futures and underlying stocks. Although the general concept—maintaining price parity between the index and its components—is widely known, profit lies in sophisticated execution: fast order routing, effective risk management, and strategic unwinding of positions. If leading HFTs could open-source basic arbitrage infrastructure, they could cut technology maintenance costs and still compete on speed, efficiency, and capital management. The wider adoption of such infrastructure might also improve market stability, as HFTs could quote tighter spreads based on more predictable counterparty behaviors.

Open for Business

The affirmation of market efficiency in Halliburton II may also turn regulatory burdens into revenue streams. Similar to how IEX transformed its speed bump into a monetized feature, HFTs could open-source core liquidity provision algorithms while offering premium services like risk analytics, execution optimization, and custom implementations. The shift would make them more infrastructure providers than proprietary traders.

For example, a firm specializing in ETF market-making could open-source its quote maintenance algorithms while monetizing the surrounding ecosystem. The core activity—maintaining ETF prices per underlying assets—is already well understood. Hence, the firm could: (i) offer premium features like optimized hedging tools, (ii) charge for privileged exchange connectivity, (iii) consult on trading system design, (iv) reduce compliance costs by increasing transparency, and (v) accelerate institutional orders through demonstrated openness. That model mirrors Bloomberg’s success, where the terminal’s dominance has been maintained not through secrecy per se but superior implementation and network effects.

Open to Rules

Under SEC Rule 10b-5, disclosures of source code could theoretically be compelled if HFT strategies materially impact markets. Forward-thinking firms might preemptively open-source parts of their infrastructure, such as anti-manipulation systems, while retaining their proprietary alpha-generating strategies. This approach echoes how Credit Suisse leveraged dark pool disclosures as a competitive advantage, so regulation can be a net positive. Exchanges may also incentivize this shift by modifying access rules to favor HFTs revealing more about their tooling and libraries, even if limited to backtesting frameworks or infrastructure automation. As Shoshana Zuboff wrote regarding eToro’s success in directing trades, even modest incentives significantly shape information flows among market participants (Age of Surveillance Capitalism, 273). By extension, exchange-level incentives could create a feedback loop of increased transparency and market efficiency, rewarding all stakeholders.

Open to Criticism

However, the OSS analogy may be imperfect where neither coding culture nor zero marginal costs apply. Often, traders and developers at HFTs work in silos on highly specialized projects, but there are also real costs associated with co-locating servers near exchanges—expenses not borne by many OSS endeavors. Moreover, capital markets are inherently zero-sum; sharing could reveal strategic advantages even in innocuous tools like data visualization software. Additionally, recent events, such as the Reddit-fueled "meme stock" phenomenon, highlight that while current opacity in HFTs may not serve them well, increased transparency may yet expose them to volatile market dynamics too soon.

Closed to Some Traditions

Ultimately, the future of open-sourcing certain high-frequency trading software may benefit from revisiting the distant past. In The Doctor and Student, Christopher St. Germain once wrote that “the law whereby all things were in common, was never of the law of reason, but only in the time of extreme necessity.” He further noted that “the law of property is not the law of reason, but the law of custom.” In terms of OSS, if such financial tools were held in common, costly mistakes could be avoided, but even if such ownership had never been a custom in certain domains, certainly, the current hype around AI attests to an “extreme necessity,” lest someone at Citadel recklessly bootstrap an AI-enabled API to proprietary code.

To that end, in 2010, regulators discovered that HFTs were largely to blame for the flash crash when markets lost $1T in value in 36 minutes. Relatedly, almost exactly one decade ago today, a major flash rally prompted an interagency report by the Treasury Department, which (while not outright naming any particular HFTs) ominously noted: “At times, self-trading may reflect unlawful conduct.”

Even before new technological developments, one wonders whether reason should have already dispatched with custom. But today, where there is still a use for knowledge in society, there is probably a grave need for smart money.

• #Set ALLOWTOPICVIEW = TWikiAdminGroup, MichaelMacKay
• #Set DENYTOPICVIEW = TWikiGuest

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.