Submitted by: Simon Phipps,
Open Source Initiative Board President

As a society we’re at a turning point. We’re discovering that viewing technology in isolation is insufficient. We really need a holistic, joined-up view of how technology works.

All over the world we see an authoritarian character. It’s always the consequence of economic issues: as the economy dips, you see authoritarianism rise. As technologists we are culpable in not having foreseen this—in having believed technology is amoral, and that we can continue to focus on cool stuff, and not worry about what people are going to do with it.

Here, in the UK, we have a government which bears all the hallmarks of being authoritarian, bears all the hallmarks of abusing technology to control the population. The same thing is happening in the U.S. where civil liberties organizations are campaigning to ensure the constitutional right to not be unjustly searched is applied at the border, as well as inside the border.

Most concerning is digital civil rights. As part of that, we should be working on “re-decentralizing” the web. That is, we take Google, Facebook and Twitter—but not just them—and take them out of the center of the diagram, and put them as nodes in the diagram. Not because they are inherently bad, I have a lot of time for Google, Facebook and for Twitter and for other companies that are doing “cloudy” things, but it is a hostage to fortune to have so much information, and so much control in places where authoritarian governments can, at a stroke of a pen, decide to make it illegal for you to have the freedoms that the US Constitution guarantees you.

Looking at the terrible incident in Las Vegas, I already see people trying to say that we need to abandon a whole load of amendments to the Constitution in order to protect the Second Amendment. The rhetoric that goes around that is the sort of rhetoric that leads to Google, Facebook and Twitter being instructed to control the population on behalf of the government. I’m concerned about our civil rights and concerned about the over-centralization of the web, our over dependence on proprietary technology.

It’s very important that we continue to promote software freedom. I don’t think software freedom is either sufficient or adequate for protecting our civil liberties, but I observe that it’s extremely unlikely that we will have any civil liberties left if software freedom is eliminated. Cory Doctorow talks a lot about the the criminalization of general-purpose computing, and broadly speaking the things authoritarians want to do to you are only possible if you are unable to control your own devices. As a holding pattern it’s vital that we focus on software freedom as a fundamental right. But we’ve got to go a long way beyond there, we’ve got to start looking at technologies and starting businesses that have decentralized data.

For example, I would love to see cloud storage that was genuinely “cloudy”, after all, “there’s no such thing as a cloud, it’s just someone else’s computer.” So while there is no cloud storage—it’s just somebody else’s computer—there is a solution: increase the number of other people’s computers you are using, until it is no longer a weakness, but a strength.

That can be done with storage. There are technologies–like universal file system or Tahoe-LAF—that we can use to distribute storage. We can use Blockchain technologies to distribute credentials for authentication. We can discourage the use of shared keys between vendors for storing personal information, so that providers can’t just use a Social Security number, or your date-of-birth and surname, to uniquely identify you.

We can do all of these things, but I think the most important thing is to keep in mind the need to re-decentralize the web and Internet. To design things that don’t have control points. If you’re going to design the next Facebook, make that Facebook something that is bringing together multiple phones using ipv6 to aggregate the information from your circle of friends, rather than putting all the information in “somebody else’s computer” in the cloud. There’s no reason why Facebook, or the next something like Facebook, couldn’t work like that.

Curiously, I believe that the authoritarian instincts of our governments will be the greatest influence on motivating re-decentralization in existing companies like Facebook, and the next Facebook. There’s a thing in Europe called GDPR, the General Data Protection Regulation,

which is going to change the privacy laws in Europe dramatically. The influence it has will extend way beyond Europe, because any entity that manages personal data of a European citizen will have to comply with GDPR.

The burden of that on companies is massive. Consider the bureaucracy and administration they will have to do; the architectural challenge for the software that they’ll need to develop is massive. Thus companies will prefer not to aggregate non-essential personal information because the administrative and bureaucratic burden of doing so too great upon them. That’s likely to be the sort of thing—new regulations like the GDPR—that will discourage people from storing information that they don’t need to have.

I once wrote something to the effect that, “corporations are reptiles.” Like reptiles, they respond only to hunger and fear, where hunger is profit motive and fear is competitive pressure. When corporations get hungry or fearful they will do things that change their behavior. You can’t easily persuade a corporation to act ethically. This reality was the whole point in the difference between open source and free software. Free software is for people; Free software is something that I am ethically compelled to work with—while open source is something that I persuade my employer with, it’s something where there is a business benefit from working with software that’s licensed that way. They are the same thing, but one is expressed in a different way to the other. To change Facebook’s behavior we have to work out how to explain to them that they will make more profit and suffer less harm if they do things that don’t invade people’s privacy. But that’s a really tough argument, because that’s already their core business.

Look at a different place. Look at the Linux industry, which is huge. The Linux kernel is still licensed under GPLv2. The GPLv2 license, reputedly, has got all sorts of challenges for businesses, and if you ask a start-up what license they’re going to use for their software they’ll never tell you GPL2 or GPL3, it’s always either going to be a AGPL—if they want to use fear as the way they generate revenue—or it’s going to be BSD if they want to maximize adoption.

Yet we see around Linux this massive community of people who are using GPLv2 licensed software. So what’s going on there? Well it turns out that you can run a perfectly good business using GPLv2 licensed software, where nobody has a benefit over anybody else. Companies adapt to the inconveniences: they maintain a history of where the software came from; they maintain a habit of publishing licenses. So now they’ve adapted—they faced the regulatory pressures, they faced the legal challenges, and they have adapted to remain profitable in the environment.

Now going back to privacy, we have to do the same thing to companies in the area of personal data. We have to make it hurt to abuse personal data. We have to demonstrate that the behavior that Equifax is shown, and continues to show, is not just unacceptable morally, but also will lead to the the officers of the company going to prison and will result in the shareholders losing their money.

If those things don’t happen, then the companies are not going to change their behaviors, and if the companies don’t change their behaviors, the re-decentralization of the web and Internet won’t happen.

For more, see the full  interview of OSI Board President Simon Phipps by Bryan Lunduke for an in-depth discussion of “re-decentralization” of the web.