In today’s Guardian Richard Stallman writes a call-to-arms against technological surveillance. His form of opposition is to create free/libre software, but that is no solution.
Stallman confronts his readers: “Should you trust an internet of proprietary software things? Don’t be an ass.” He claims that “proprietary software is computing for suckers” and that proprietary software is a virtual synonym for malware. Of course proprietary software can be used and is being used to snoop on users, to shackle users, and to report data to companies. But so is free/libre software. Free/libre is not a magic talisman that protects you from all these harms. An internet of open source software things could be just as intrusive as an internet of proprietary software things.
Stallman writes: “What kinds of programs constitute malware? Operating systems, first of all. Windows snoops on users, shackles users and, on mobiles, censors apps; it also has a universal back door that allows Microsoft to remotely impose software changes.”
So what about the free/libre alternative Linux, which apparently he wrote (“I developed the GNU operating system, which is often called Linux“), probably right after he “started free software in the 80s”. My Android phone runs Linux, and it spies on me. And all those NSA computers used for spying? They run on Linux. The biggest corporate contributor to Linux is Intel: is Intel morally better than Microsoft as a result of its contributions? (hint: No)
Or what about the databases used to actually store all that snooping information. The Acculumo database that the NSA developed specifically for the purpose and which is now kindly supported by the Apache Foundation; the Hadoop distributed file system that underlies Accumulo; the Java programming language used to write Hadoop and Accumulo? All open source.
In short, free/libre software is no longer an alternative to corporate and state snooping and shackling, it’s part of the problem.
Stallman avoids this conclusion by mixing up two separate things as if they are one. He calls on his readers to resist surveillance “by rejecting proprietary software and web services that snoop or track”. These are two different things. “Web services that snoop or track” can be and often are built on free/libre software.
Stallman also calls on his readers to resist surveillance “by organising to develop free/libre replacement systems and web services that don’t track who uses them”. But again this is mixing up two separate things. “Web services that don’t track who uses them” can be built on proprietary software just as easily as they can be built on free/libre software.
Stallman gets it right in his third call, to resist surveillance “by legislation to criminalise various sorts of malware practices“. The problem is one of practices, not free/libre vs proprietary software. I know some readers will say I am trying to blame the technology, but they will be wrong. And technology is not the answer either. Much as Stallman and others would like to believe that their practices of software development (free/libre versus proprietary) makes them rebellious hackers against an oppressive empire, freedom-loving opponents of surveillance, they do not.
I agree with you that this isn’t an inherent “software problem,” that instead it is a “what we do/how we develop it” problem.
But, which of proprietary software or free/libre software is more likely to contain the problem Mr. Stallman identified in his article?
Because you do have to factor in the typical mentality that someone who develops free/libre software has, don’t you? (Hacker, rebel, against the system etc…)
Because those individuals would probably be less likely to include malware, so they could aspire to be part of the “free/libre” culture … generally.
So, the psychological makeup of a “free/libre” developer has to play a part in why what Richard Stallman writes is at least somewhat true, doesn’t it?
I would think so.
He is writing from that perspective (free/libre, hacker, against the system) after all.
Joseph: Take a look at the bottom of slide 4 on this presentation from the NSA Boundless Informant program. Apparently the mentality to advocate free / open source software is quite compatible with surveillance.
Tom, this is a silly post.
The FOSS movement is responsible for carving out the small degree of privacy that computer users enjoy today. It created FOSS alternatives to proprietary operating systems and other locally-run software that invaded users’ privacy, with the FOSS versions, of course, being reviewable and modifiable by users to make invasions of privacy impossible.
The FOSS movement was also led by exactly the same people who fought the crypto wars in the 80s-90s, which resulted in the ability of ordinary citizens to have secure communications with each other (and with their banks, etc) instead of having strong crypto relegated to government use only.
Your lack of gratitude for these two major victories is really unbecoming.
Furthermore, the FOSS movement is engaged in active, ongoing efforts to defeat exactly the threats you’ve identified. Licenses like the AGPL were written to specifically address the problem of remote SaaS installations being able to obfuscate what they do with user’s private information. And GPLv3 has provisions built in to defeat hardware lockdown policies that allow, e.g., FOSS-based malware to run on cell phones. The fact that those two problems haven’t been fully solved is, yes, a problem of institutions and users rather than technology. But as with the defeat of proprietary desktop malware and the defeat of the crypto regulators, the first step is to provide the technology and the legal framework for guaranteeing user’s freedom. Only then can you start converting people to make better choices about which platforms they want to use.
Your post comes across as petulant and deliberately misleading. I think you’re better than this.
Picador: times change, movements change, and contexts change. The environmental movement in the 1980s campaigned against nuclear power, now many environmentalists (though not me) are in favour of it. The 1980s and 1990s were a different age when it comes to computing.
As you know better than I, the mainstream of the FOSS movement decided that AGPL provisions would not be included in GPL3 and so decided that it was perfectly OK to build commercial web platforms of any kind on FOSS. And while I appreciate that some are continuing to work for wider adoption of GPL3 to prevent Tivoization, it is not clear to me that this would change things when it comes to surveillance technologies.
But to the main thing Stallman was writing about here: Will an internet of open source things be any better from a privacy point of view than an internet of proprietary things?
We know already that most nodes in the IoT will be based on Linux, and that most of the data will be collected in FOSS databases (or distributed file systems) running on Linux. From a privacy point of view, building these things on open source software is neither here nor there. FOSS is a red herring when it comes to surveillance technologies.
I did not intend to be petulant, but I thought the culture of open source was to be blunt and not overly reverential. Apparently there are exceptions? Gratitude does not belong in this post. You sound defensive of Stallman, but he is not exactly shy to criticize when he feels like it, I’m sure he can handle some blunt speech.
This is NOT a silly post! I agree with you. You are correct. In this case RMS is not correct. You will receive many comments and criticisms of this post.
An earlier, more pleasant comment observed that:
This is not true at all, not now. First, there are plenty of companies who take and take from open source, without giving anything back. Goldman Sachs LOVES to take open source code, alter it for its own purposes, and ignore the FOSS/GNU/GPL licensing requirements. What’s anyone going to do about it? Will Richard Stallman storm Goldman and make them behave? I don’t think that will work. Even the SEC and Department of Justice can’t make Goldman behave.
Secondly, intelligence agencies in the U.S. and elsewhere are not stupid! How difficult would it be to hire people familiar with open source or cultivate participation in open source projects by employees? Not very difficult at all, and it wouldn’t require any rebelling against the system to be involved in an open source project.
Finally, the free/libre model is breaking down, I would claim, as more companies take than give back in return. Eventually, this will become a major problem, although not with respect to surveillance in particular, and maybe not for some time to come.
Thanks Ellie. “not now” seems to me particularly important.
I’ll grant that
1. Use of open source software is no talisman
2. Too many open source projects/products have become commercial in implementation
I’m not so sure, though, that closed source and “snoop or track” are two separate things. I generally assume open source software is a necessary-but-not-sufficient condition for safe computing. So, I don’t believe “web services that don’t track who uses them” can be built on proprietary software just as easily as they can be built on free/libre software. As for the plentiful situations where open source software betrays its users, there are a number of ways this can happen:
1. Open source programs become too complicated to be comprehensible. Countermeasures include traditional UNIX usage pattern built on utilities, not apps. Combine actions of utilities with pipelines, scripts and the like.
2. Open source projects become too dependent on government and/or corporate funding. Early open source software tended to come from academic settings. Apparently today no activity gets off the ground without a milkable business model. Don’t know of any effective countermeasures short of overthrowing capitalism.
3. Most importantly, in my opinion, open source software is used with proprietary data, proprietary hardware, or by people who are sworn to secrecy. As for countermeasures, people are working on open source hardware, but it seems maintaining independence becomes a challenge earlier in the life cycle with hardware. Countermeasure to NDA is whistleblowers. Countermeasure for proprietary data, maybe Pubwan?
Lori: thanks for the comment.
“I generally assume open source software is a necessary-but-not-sufficient condition for safe computing.”
This is a good point. My immediate reaction is that when it comes to data collection the openness of the software is more or less irrelevant, but I will have to think about it a bit more. You may be right…
As you know I think this is a terrific post and an important line of thinking. Despite the various objections folks have raised here and on Twitter, I note that there are very few of what I consider substantive logical counter-arguments to the point of view you describe. Too much of Stallman’s work consists of blanket assertions that do not have the intellectual underpinnings to support them that his advocates want them to. I have for example tried and tried to find the argument that subtends the phrase “free software, free society,” and just cannot.
I agree with you and with the third of Stallman’s points, that the only solution to questions of surveillance and data privacy is found in law and regulation.
I further agree strongly that free software (which should be distinguished from open source, for a variety of reasons, among them that open source as a movement is an explicit attempt to commercialize Stallman’s free software idea, but I digress) is built on a very, very odd argument when it comes to privacy. It suggests that I can block an adversary from knowing what I am doing by showing the adversary what I am doing. FS advocates often seem to be mistaking (as the originator of this thread does to some extent) the single system in question from the totality of the software environment in which it lives. It may well be the case that a single FS system, IF (although this is a huge IF that I believe experience makes us seriously doubt) it is straightforward enough that many people can understand it, can be itself free of surveillance capabilities. The problem is that the adversary can simply observe the entirety of the free software apparatus and build additional tools, about which the free software community knows nothing whatsoever, to attack the security methods built into the free software project, using the very freeness of the software as a huge informational advantage. Even if all you are doing is telling your adversary what methods you are using, and what methods you are not using, telling your adversary what you are doing and what you are not doing is a very odd strategy to take in an information war, and one I suspect you will find few military or game theorists adopting. When the point of your enterprise is in some sense to remain secret, it is contrary to common sense and to most operational theories to start by refusing to be secret.
“I agree with you and with the third of Stallman’s points, that the only solution to questions of surveillance and data privacy is found in law and regulation.”
Law and regulation is necessary, but how do you know the law is being followed?
You keep talking about an adversary, but the way things are now, the service providers and the government are potential adversaries. Without open source, how do I know that a program running on my computer is not, itself, the adversary? There are ways to answer that, but none of them are simple.
This is a general, well-understood, and important problem in all governmental theory. It is not specific to software or digital data. Digital data makes it easier in some ways, harder in others.
This also does not respond to my main point, which is that knowing how software operates in general does not tell us anything about what other people are doing with the software.
And the point of my reply, and Tom’s post, is that with open source you don’t know this either, and in certain ways you may be more subject rather than less to exploitation by an adversary (which generally refers to a person or institution trying to get at your data, not at a program that can get at your data).
Further, the number of people who can competently evaluate any computer system, open or closed source, not just for its possible internal exploits but also for ways in which external adversaries may exploit it, is close to zero. Look at Tor, one of the OS security projects with the heaviest possible scrutiny from independent experts. They routinely find unknown bugs and exploits in the software itself, and even more so in the applications that use it, on a regular basis. And for the huge majority of users–literally 99.99% of them–open source just means trusting whatever community of experts say the product can be trusted. This is the primary virtue recommended by OS advocates, but it is essentially irrelevant for almost all users.
“It is not specific to software or digital data. Digital data makes it easier in some ways, harder in others. ”
Second sentence contradicts the first. Automation completely changes the game. Without automation, if you want to violate the law at a large scale, you have to count on a large number of your subordinates knowing about this violation so they can carry it out. Automation reduces the number of people involved, so if we want the same level of assurance that the law is being followed, we need some way to assure ourselves that machines are doing what we, the public, think they are doing. Enforcing the law is now a matter of predicting machines, which is not a well-understood problem.
“This also does not respond to my main point, which is that knowing how software operates in general does not tell us anything about what other people are doing with the software.”
And thank goodness for that. The point of privacy is to protect us from developers knowing what we are doing with their software!
“And the point of my reply, and Tom’s post, is that with open source you don’t know this either, and in certain ways you may be more subject rather than less to exploitation by an adversary”.
I got that, and if you look at my other post in this thread you can see that I’m not arguing that open source is necessary for protection from exploitation. What I’m saying is that nobody has spelled out what the alternative would be. Such alternatives should be logically possible, but building them would require new advances in mathematics and logic–or at least far more resources invested in deploying them.
“(which generally refers to a person or institution trying to get at your data, not at a program that can get at your data). ”
And this is the problem. I can’t manipulate my data on a computer without programs. If I can’t be assured that the programs are doing what they are supposed to be doing, then any other guarantees you can give me are meaningless.
“They routinely find unknown bugs and exploits in the software itself, and even more so in the applications that use it, on a regular basis.”
Yes, it’s true, all the software is broken. But a huge proportion of those errors are things that, in different programming languages, could have been automatically detected. Closed source makes those bugs slightly harder to find, but as long as the bugs are in there an adversary like the NSA with billions of dollars to throw at the problem will find those bugs. (Heck, what’s to stop the NSA from demanding to see a copy of the source?) The only way to make the software safe is to reduce the number of bugs or design the system so that the bugs are less likely to be critical.
“And for the huge majority of users–literally 99.99% of them–open source just means trusting whatever community of experts say the product can be trusted.”
Okay, here is the well-understood and important problem. How can we be sure that we can trust a community of experts about what a complicated yet publicly available set of documents says or means? It’s not easy, but it’s a lot easier when the documents are publicly available and the experts aren’t all working for one institution.
But that’s my whole point. Software and data are separate issues. If the software is open source and the data are proprietary, the system as a whole is proprietary. If half the militancy and activism applied to open source software were applied to the content of databases, we’d be halfway to freedom by now. There’s a lot of open source text content in GFDL works such as Wikipedia. What I think is desperately needed is a lot more tabulated (“datafied” as the “big data” people say) content present in the public domain. I actually think a massive increase in nonproprietary data collection will make a bigger difference than de jure (that is, ineffective) constraints on proprietary data collection. Think “sousveillance” meets “big data.”
I would not be surprised if our politics on things non-technological are fairly similar: trust and distrust of the same institutions. But which databases? All that data collected about you and me made open for anyone to use? I don’t see that as freeing at all. Even making impersonal data open creates markets for companies who can best leverage it, and in general that’s Google, not you and me.
To me technology-first approaches to politics, such as a commitment to openness, always seem vulnerable to the problem that open data/source/whatever can best be used by those with the most resources.
Which is hopelessly general of course, and maybe it would be better to talk specifics.
I usually prioritize (bi-lateral or omnilateral) transparency over (my own) privacy, but not always. R J The First seems to have some interesting ideas on privacy, although doesn’t seem to provide implementation details.
“I generally assume open source software is a necessary-but-not-sufficient condition for safe computing. ”
It’s theoretically possible for me to prove that my program or server does what I say it does and nothing more without handing you a copy of the source code. In the mid-90s there was this idea of “Proof-carrying code” where your proprietary executable would come with a computer verifiable proof that could be checked before the code executed. Combine that idea with Trusted Computing and Remote Attestation, and you could use something similar for web services.
But I don’t think those ideas have been deployed in practice. Part of that is that writing proofs about programs is still much harder than writing programs alone. Another part is that even if you had the technology to run a privacy preserving web service, that doesn’t mean the government is going to just sit back and let you do that without interference.
But perhaps the biggest problem is that it’s not clear how much demand there is for this stuff. Is there a large number of users who currently refuse to use web services, but would start using them if they were provably secure? Some sort of community that combines skepticism of technology with enthusiasm for proof theory? Or would those currently using web services switch to a new set if they were provably secure?
I don’t understand this proof-carrying code. If it means checking all possible inputs against their corresponding outputs, why not simply reverse engineer the thing. Oh, because it says in the clickwrap that you agreed not to, I guess. And surely trusted computing is a bug rather than a feature.
I don’t think a “provably secure” seal of approval would carry any weight with anyone. I suppose there’s some sort of community out there that combined skepticism of technology with enthusiasm for proof theory, but those two interests combined with an interest in proprietary software would be a rare bird indeed. The hacker community is more about proofs if insecurity than proofs of security. So perhaps claims of security serve the security-minded better than proofs of security, since they generally attract proofs of insecurity and therefore benefit from more selection pressure.