Showing posts with label freedom. Show all posts
Showing posts with label freedom. Show all posts

02 February 2014

Interview: Eben Moglen - "surveillance becomes the hidden service wrapped inside everything"

(This was original published in The H Open in March 2010.)

Free software has won: practically all of the biggest and most exciting Web companies like Google, Facebook and Twitter run on it.  But it is also in danger of losing, because those same services now represent a huge threat to our freedom as a result of the vast stores of information they hold about us, and the in-depth surveillance that implies.

Better than almost anyone, Eben Moglen knows what's at stake.  He was General Counsel of the Free Software Foundation for 13 years, and helped draft several versions of the GNU GPL.  As well as being Professor of Law at Columbia Law School, he is the Founding Director of Software Freedom Law Center.  And he has an ambitious plan to save us from those seductive but freedom-threatening Web service companies.  He explained what the problem is, and how we can fix it.

GM: So what's the threat you are trying to deal with?

EM:  We have a kind of social dilemma which comes from architectural creep.  We had an Internet that was designed around the notion of peerage -  machines with no hierarchical relationship to one another, and no guarantee about their internal architectures or behaviours, communicating through a series of rules which allowed disparate, heterogeneous networks to be networked together around the assumption that everybody's equal. 

In the Web the social harm done by the client-server model arises from the fact that logs of Web servers become the trails left by all of the activities of human beings, and the logs can be centralised in servers under hierarchical control.  Web logs become power.  With the exception of search, which is a service that nobody knows how to decentralise efficiently, most of these services do not actually rely upon a hierarchical model.  They really rely upon the Web  - that is, the non-hierachical peerage model created by Tim Berners-Lee, and which is now the dominant data structure in our world.

The services are centralised for commercial purposes.  The power that the Web log holds is monetisable, because it provides a form of surveillance which is attractive to both commercial and governmental social control.  So the Web with services equipped in a basically client-server architecture becomes a device for surveilling as well as providing additional services.  And surveillance becomes the hidden service wrapped inside everything we get for free.

The cloud is a vernacular name which we give to a significant improvement in the server-side of the web side - the server, decentralised.  It becomes instead of a lump of iron a digital appliance which can be running anywhere.  This means that for all practical purposes servers cease to be subject to significant legal control.  They no longer operate in a policy-directed manner, because they are no longer iron subject to territorial orientation of law. In a world of virtualised service provision, the server which provides the service, and therefore the log which is the result of the hidden service of surveillance, can be projected into any domain at any moment and can be stripped of any legal obligation pretty much equally freely.

This is a pessimal result.

GM:  Was perhaps another major factor in this the commercialisation of the Internet, which saw power being vested in a company that provided services to the consumer?

EM:  That's exactly right.  Capitalism also has its architectural Bauplan, which it is reluctant to abandon.  In fact, much of what the network is doing to capitalism is forcing it to reconsider its Bauplan via a social process which we call by the crappy name of disintermediation.  Which is really a description of the Net forcing capitalism to change the way it takes.  But there's lots of resistance to that, and what's interesting to all of us I suspect, as we watch the rise of Google to pre-eminence, is the ways in which Google does and does not - and it both does and does not - wind up behaving rather like Microsoft in the course of growing up.  There are sort of gravitational propositions that arise when you're the largest organism in an ecosystem. 

GM:  Do you think free software has been a little slow to address the problems you describe?

EM:  Yes, I think that's correct.  I think it is conceptually difficult, and it is to a large degree difficult because we are having generational change.  After a talk [I gave recently], a young woman came up to me and she said: I'm 23 years old, and none of my friends care about privacy.  And that's another important thing, right?, because we make software now using the brains and hands and energies of people who are growing up in a world which has been already affected by all of this.  Richard or I can sound rather old-fashioned.

GM:  So what's the solution you are proposing?

EM:  If we had a real intellectually-defensible taxonomy of services, we would recognise that a number of the services which are currently highly centralised, and which count for a lot of the surveillance built in to the society that we are moving towards, are services which do not require centralisation in order to be technologically deliverable.  They are really the Web repackaged. 

Social networking applications are the most crucial.  They rely in their basic metaphors of operation on a bilateral relationship called friendship, and its multilateral consequences.  And they are eminently modelled by the existing structures of the Web itself. Facebook is free Web hosting with some PHP doodads and APIs, and spying free inside all the time - not actually a deal we can't do better than. 

My proposal is this: if we could disaggregate the logs, while providing the people all of the same features, we would have a Pareto-superior outcome.  Everybody – well, except Mr Zuckenberg - would be better off, and nobody would be worse off.  And we can do that using existing stuff.

The most attractive hardware is the ultra-small, ARM-based, plug it into the wall, wall-wart server, the SheevaPlug.  An object can be sold to people at a very low one-time price, and brought home and plugged into an electrical outlet and plugged into a wall jack for the Ethernet, or whatever is there, and you're done.  It comes up, it gets configured through your Web browser on whatever machine you want to have in the apartment with it, and it goes and fetches all your social networking data from all the social networking applications, closing all your accounts.  It backs itself up in an encrypted way to your friends' plugs, so that everybody is secure in the way that would be best for them, by having their friends holding the secure version of their data.

And it begins to do all the things that we assume we need in a social networking appliance.  It's the feed, it maintains the wall your friends write on - it does everything that provides feature compatibility with what you're used to. 

But the log is in your apartment, and in my society at least, we still have some vestigial rules about getting into your house: if people want to check the logs they have to get a search warrant. In fact, in every society, a person's home is about as sacred as it gets.

And so, basically, what I am proposing is that we build a social networking stack based around the existing free software we have, which is pretty much the same existing free software the server-side social networking stacks are built on; and we provide ourselves with an appliance which contains a free distribution everybody can make as much of as they want, and cheap hardware of a type which is going to take over the world whether we do it or we don't, because it's so attractive a form factor and function, at the price. 

We take those two elements, we put them together, and we also provide some other things which are very good for the world.  Like automatically VPNing everybody's little home network place with my laptop wherever I am, which provides me with encrypted proxies so my web searching, wherever I am, is not going to be spied on.  It means that we have a zillion computers available to the people who live in China and other places where there's bad behaviour.  So we can massively increase the availability of free browsing to other people in the world.  If we want to offer people the option to run onion routeing, that's where we'll put it, so that there will be a credible possibility that people will actually be able to get decent performance on onion routeing networks.

And we will of course provide convenient encrypted email for people - including putting their email not in a Google box, but in their house, where it is encrypted, backed up to all their friends and other stuff.  Where in the long purpose of time we can begin to return email to a condition - if not being a private mode of communication - at least not being postcards to the secret police every day.

So we would also be striking a blow for electronic civil liberties in a way that is important, which is very difficult to conceive of doing in a non-technical way.

GM:  How will you organise and finance such a project, and who will undertake it?

EM:  Do we need money? Yeah, but tiny amounts.  Do we need organisation? Yes, but it could be self-organisation.  Am I going to talk about this at DEF CON this summer, at Columbia University? Yes.  Could Mr Shuttleworth do it if he wanted to? Yes.  It's not going to be done with clicking heels together, it's going to be done the way we do stuff: somebody's going begin by reeling off a Debian stack or Ubuntu stack or, for all I know, some other stack, and beginning to write some configuration code and some glue and a bunch of Python to hold it all together. From a quasi-capitalist point of view I don't think this is an unmarketable product.  In fact, this is the flagship product, and we ought to all put just a little pro bono time into it until it's done.

GM:  How are you going to overcome the massive network effects that make it hard to persuade people to swap to a new service?

EM:  This is why the continual determination to provide social networking interoperability is so important. 

For the moment, my guess is that while we go about this job, it's going to remain quite obscure for quite a while.  People will discover that they are being given social network portability.  [The social network companies] undermine their own network effect because everybody wants to get ahead of Mr Zuckerberg before his IPO.  And as they do that they will be helping us, because they will be making it easier and easier to do what our box has to do, which is to come online for you, and go and collect all your data and keep all your friends, and do everything that they should have done.

So part of how we're going to get people to use it and undermine the network effect, is that way.  Part of it is, it's cool; part of it is, there are people who want no spying inside; part of it is, there are people who want to do something about the Great Firewall of China but don't know how.  In other words, my guess is that it's going to move in niches just as some other things do.

GM:  With mobile taking off in developing countries, might it not be better to look at handsets to provide these services?

EM:  In the long run there are two places where we can conceivably put your identity: one is where you live, and the other is in your pocket.  And a stack that doesn't deal with both of those is probably not a fully adequate stack.

The thing I want to say directed to your point “why don't we put our identity server in our cellphone?”, is that our cellphones are very vulnerable.  In most parts of the world, you stop a guy on the street, you arrest him on a trumped-up charge of any kind, you get him back to the station house, you clone his phone, you hand it back to him, you've owned him.

When we fully commoditise that [mobile] technology, then we can begin to do the reverse of what the network operators are doing.  The network operators around the world are basically trying to eat the Internet, and excrete proprietary networking.  The network operators have to play the reverse if telephony technology becomes free.  We can eat proprietary networks and excrete the public Internet.  And if we do that then the power game begins to be more interesting.

15 July 2012

So We Won on ACTA Yesterday: Now What?

Well, we did it: ACTA was resoundingly defeated in the European Parliament yesterday by 478 votes to 39, with 165 abstentions. That's largely because so many of us contacted our MEPs, wrote emails and even took to the streets. Leaving aside the victory in itself, that's important too because people across Europe have worked together on a massive scale in the defence of the Internet and its freedom. 

On Open Enterprise blog.

03 January 2012

What should free software do in 2012?

In my last column, I suggested that one of the best things that Mozilla could do in order to promote the Open Web and openness in general would be to support the battle for online freedom in more general ways. That's something it has already started doing, notably in trying to halt the passage of the awful Stop Online Piracy Act (SOPA) that is currently grinding through the US legislative process.

On The H Open.

07 November 2011

Free As In Freedom: But Whose Freedom?

It would be hard to overstate the contribution of Richard Stallman to the digital world. The founding of the GNU project and the creation of the GNU General Public License laid the foundations for a wide range of free software that permeates computing from smartphones to supercomputers. Free software has also directly inspired like-minded movements based around sharing, such as open access and open content (Wikipedia, notably). 

On Techdirt.

05 September 2011

Europeans Care About Civil Liberties: US Shocked

The leaked US cables will clearly provide a rich vein to be mined for many months to come.  I don't really have the time to go digging down there, so I was grateful that @airvpm alerted me to this particular gem from 2009.

The context is "European privacy and data protection concerns" and the tendency of those concerns to get in the way of more important issues - like making obscene profits, ensuring that people can be tortured without any of that tiresome oversight business, and generally propping up the decaying US global hegemony through any means:

European privacy and data protection concerns continue to jeopardize our commercial, law enforcement, intelligence and foreign policy objectives.

More specifically, this is the nub of the problem:

The Commission has failed to exercise a strong policy leadership role vis-a-vis other EU institutions. In this vacuum, the European Data Protection Supervisor and the Article 29 Working Party have asserted expansive roles. These bodies regularly make high-profile public statements on areas outside of their formal competence (including the HLCG and Third Pillar issues). Their interpretations of legislation tend to give primacy to civil liberties-based approaches for the EU's Single Market, consumers, or law enforcement, and have gone largely unchallenged by the Commission. 

So the Euro-trash Data Protection Supervisor and the Article 29 Working Party tasked with protecting privacy in the EU have dared to assert themselves and stand up for European citizens by giving "primacy to civil liberties-based approaches for the EU's Single Market, consumers, or law enforcement", while the US's official lapdog in Yurop, the European Commission, has somehow failed to smack them down.

Can you believe it?  I do hope we haven't hurt the feelings of our lords and masters in Washington...


Follow me @glynmoody on Twitter or identi.ca, and on Google+

26 October 2009

How Proprietary JAWS Bites the Blind

Here's a heart-warming tale of those kind people who make proprietary software, specifically of the piquantly-named company Freedom Scientific, which produces a program called JAWS:

JAWS (an acronym for Job Access With Speech) is a screen reader, a software program for visually impaired users, produced by the Blind and Low Vision Group at Freedom Scientific of St. Petersburg, Florida, USA. Its purpose is to make personal computers using Microsoft Windows accessible to blind and visually impaired users. It accomplishes this by providing the user with access to the information displayed on the screen via text-to-speech or by means of a braille display and allows for comprehensive keyboard interaction with the computer.

Clearly, JAWS fulfils an important function for the visually impaired. One might presume it is a font of benevolence and altruism, doing its utmost to help a group of people who are already at a disadvantage. Maybe not, according to this petition:

Braille displays require a screen reader in order to work. Freedom Scientific has steadfastly refused to provide Braille display manufacturers with the driver development kit required to enable a particular Braille device to communicate with JAWS. Instead, the manufacturer must first pay an outrageous sum of money before support for the Braille device will be permitted. What's more, this charge to the Braille display manufacturer is not a one-time fee but is imposed annually.

Well, that doesn't sound very kind. So why on earth do people put up with this?

One might ask how Freedom Scientific can play the gatekeeper to its JAWS product where Braille driver support is concerned. The answer is simply and for no other reason because it can.

...

I for one am shocked, appalled, and amazed that Freedom Scientific would impose such limitations and restrictions not only upon its own customer base but also on those organizations which manufacture products that supplement the information that JAWS provides. This draconian and self-serving policy is not at all in keeping with the pro-Braille spirit exemplified by the Braille Readers are Leaders Initiative set into motion earlier this year by the National Federation of the Blind in honor of the Bicentennial celebration of Louis Braille. Instead of offering an additional opportunity to expand the usage of Braille, it stifles the ability of the blind consumer to choose the Braille display that will best meet his/her needs.

And the reason it can, of course, is because it is proprietary software, which means that nobody can route around the problem.

This episode shows once again why it is vital for such software to be open source so that there is no gatekeeper, and so that the community's needs come first, not the desire of a company to make as much money as possible regardless of the plight of the people it affects.

Follow me @glynmoody on Twitter or identi.ca.

22 March 2009

Тaking the War against Terror to a New Level...

..of utter, inane stupidity. Here's the grand summing-up of Brown's "new level":

Terrorism threatens the rights that all in this country should hold dear, including the most fundamental human right of all - the right to life. We know that terrorists will keep on trying to strike and that protecting Britain against this threat remains our most important job.

That tired old Blairite trope: the "right to life" as the "the most fundamental human right of all". Except that it's not a *right*: do I have a right to life when I'm suffering from a terminal disease? Do I have a right to life when I'm 123 years old? Do I have a right to life when the Sun explodes? "Right to life": an idiotic meme, which certainly has no "right to life".

What he should have said is this:

This government threatens the rights that all in this country should hold dear, including the most fundamental human right of all - freedom. We know that this government will keep on trying to strike and that protecting Britain against this threat remains your most important job.

18 March 2009

Keep Calm and Carry On: Freedom is in Peril

The Guardian has a nice story about the unexpected success of the "Keep Calm and Carry On" poster. But what struck me was the following:

This was the third in a series. The first, designed to stiffen public resolve ahead of likely gas attacks and bombing raids, was printed in a run of more than a million and read: Your Courage, Your Cheerfulness, Your Resolution Will Bring Us Victory. The second, identically styled, stated: Freedom Is In Peril.

How prescient they all were.

04 January 2009

Another Reason to Run GNU/Linux...

And a pretty important one:


The Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

So why might GNU/Linux help? Well:

He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.

Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.

Er, and how are they going to break into my system to install the keylogger if they don't know the password? Attachments won't work: I'm generally clever enough *not* to open them, and even if I did, they wouldn't do much on a GNU/Linux box. And hacking my hard disc through the wireless network? I don't think so.

Looks like free software is becoming even more about freedom....

05 November 2008

Too Right

This is something that I've been thinking in the context of the wretched "three strikes and you're out":

The internet is a right. We have reached the point at which enabling and assuring open, unfettered, and universal access to the internet should become a hallmark of civilized societies. The Global Agenda Council stands in a position to make this the goal of nations.

In civilized societies, universal education is a right. In some nations, health care is a right. Some other services provided in the common good may require payment but in developed nations are nonetheless considered rights: access to clean water and electricity. In the United States, even telephones are a right, as users pay fees to subsidize the cost of getting lines to all people. In the United Kingdom, television is a right insofar as the government levies a tax to support it. Such rights may be met publicly or privately.

Access to the internet – and open, broadband internet that is neither censored nor filtered by government or business – should be seen, similarly, as a necessity and thus a right. Just as we judge nations by their literacy, we should now judge them by their connectedness.

28 May 2008

El Pueblo Unido Jamás Será Vencido

As RMS has always emphasised, free software is political, because it is essentially about liberty. Openness and transparency are also political - just look at how the ruling classes fight them. But beyond that, I find myself wondering how the ideas behind free software can be applied more directly in terms of changing the world.

One way is to take the idea of collaboration, and apply it at the simplest level: sharing information and uniting voices for or against something. That's the basic intent of the site Avaaz.org:

Coming together in this way, Avaaz has become a wonderful community of people from all nations, backgrounds, and ages. Our diverse community is brought together by our care for the world, and a desire to do what we can to make it a better place. The core of our model of organizing is our email list, operated in 13 languages. By signing up to receive our alerts, you are rapidly alerted to urgent global issues and opportunities to achieve change. Avaaz members respond by rapidly combining the small amounts of time or money they can give into a powerful collective force. In just hours we can send hundreds of thousands of messages to political leaders telling them to save a crucial summit on climate change , hold hundreds of rallies across the world calling for action to prevent a genocide, or donate hundreds of thousands of euros, dollars and yen to support nonviolent protest in Burma.

It's hard to tell how much good this kind of thing does, but the investment of time is so minimal that it's a bit like Pascal's Wager: worth doing however low the rate of return.

But beyond this kind of Concerned Letter-Writing 2.0, how can the technologies of connection be harnessed to do something more practical? Like this, maybe:

When Estonians regained independence from the former Soviet Union in 1991 they not only acquired new political freedoms, they inherited a mass of rubbish – thousands and thousands of tonnes of it scattered across illegal dumping sites around the country. When concerned citizens decided that the time had come to clean it up, they turned not to the government, but to tens of thousands of their peers.

Using a combination of global positioning systems and GoogleMaps, two entrepreneurs (Skype guru Ahti Heinla and Microlink and Delfi founder Rainer Nolvak) enlisted volunteers to plot the location of over 10,000 illegal dump sites, including detailed descriptions and photos. That, in itself, was ambitious. Phase II of the clean-up initiative was, by their own admission, rather outrageous: clean-up upwards of 80% of the illegal sites in one day, using mass collaboration.

So, on May 3rd, over 50,000 people scoured fields, streets, forests and riverbanks across the country, picking up everything from tractor batteries to paint tins.... Much of this junk was ferried to central dumps, often in the vehicles of volunteers.

Only connect.

30 August 2007

RMS on Art and Freedom

One of the things I admire about Richard Stallman is the clarity of his thinking. So I was interested to come across these thoughts on art/non-functional works, and why the imperatives for freedom are different here compared to software, say:

If you use something to do jobs in your life, you must be free to change it today, and then distribute your changed version today in case others need what you need.

Art contributes something different to society. You appreciate it. Modifying art can be a further contribution to art, but it is not crucial to be able to do that today. If you had to wait 10 years for the copyright to expire, that would be ok.

Interesting, too, the emphasis on sharing:

I don't think that non-functional works must be free. It is enough for them to be sharable.

14 February 2007

Free Cultural Works vs. Open Content

Now I wonder where they got the idea for this:

This document defines "Free Cultural Works" as works or expressions which can be freely studied, applied, copied and/or modified, by anyone, for any purpose. It also describes certain permissible restrictions that respect or protect these essential freedoms. The definition distinguishes between free works, and free licenses which can be used to legally protect the status of a free work. The definition itself is not a license; it is a tool to determine whether a work or license should be considered "free."

Here's a further hint:

We discourage you to use other terms to identify Free Cultural Works which do not convey a clear definition of freedom, such as "Open Content" and "Open Access." These terms are often used to refer to content which is available under "less restrictive" terms than those of existing copyright laws, or even for works that are just "available on the Web".

Now, who do we know that prefers the word "free" to "open"?

21 December 2006

On the Statute Book

Great that we've finally been granted free beer access to our laws; pity that it's not free as in freedom. And, of course, positively treasonable, that we don't have access to the original Anglo-Norman texts. (Via Open Knowledge Foundation.)