Conférence d'Eben Moglen : Freedom In the Cloud: Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing
Date 5 Fév 2010
C'est un plaisir d'être ici. J'aime à penser que la raison pour laquelle nous sommes tous ici un vendredi soir est la qualité de mes discours . En fait, je n'ai aucune idée du pourquoi nous sommes tous ici un vendredi soir, mais je suis très reconnaissant d'avoir été invité. Je n'avais pas de rencart ce soir, donc cela tombait particulièrement bien.
Donc, évidemment, je n'avais pas de rencart ce soir. Tout le monde le sait. Mon agenda est sur le web.
Le problème est celui-là. Notre agenda est sur le web. Notre position géographique est sur le web. Vous possédez un portable et vous avez affaire à un opérateur de téléphonie mobile. Si votre opérateur se trouve être Sprint, alors on peut vous dire que plusieurs millions de fois l'année dernière, quelqu'un avec une carte de police quelque part dans sa poche s'est rendu sur le site de Sprint pour demander la position en temps réel de quelqu'un à partir d'un numéro de téléphone, et on la lui a donné. Plusieurs millions de fois. Sur simple demande. On le sait parce que Sprint reconnaît avoir un site où quiconque ayant une carte de police peut se rendre et trouver la position en temps réel de quiconque ayant un portable de la marque Sprint. On n'en sait pas autant sur AT&T et Verizon, parce qu'ils ne nous ont rien dit.
Mais c'est bien la seule raison pourquoi on n'en sait pas autant. Voilà un service dont vous pensez que c'est un service commun: la téléphonie. Mais le contrat que vous signez avec ce service commun qu'est la téléphonie contient quelque chose dont vous n'êtes pas au courant: l'espionnage. Pour vous, cela n'est peut-être pas un service, mais ça l'est, et vous l'obtenez gratuitement avec votre contrat de téléphonie. Vous obtenez gratuitement avec votre compte Gmail ce service qu'est la publicité, ce qui veut bien sûr dire qu'un autre service se cache derrière, échappant à toute intervention humaine, celui de l'analyse sémantique de votre courrier électronique. Je ne comprends toujours pas qu'on puisse avoir envie de ça. Je ne comprends toujours pas pourquoi on s'en sert mais il y a des gens qui s'en servent, y compris les personnes très averties et prévenantes qui se trouvent dans cette salle.
Vous obtenez un service email gratuit, ainsi que de l'espace de stockage, ce qui vaut exactement trois francs six sous au prix actuel de l'espace de stockage, et vous vous faites espionner vingt-quatre heures sur vingt-quatre.
Ça aussi, c'est gratuit.
Et votre agenda est sur le web et tout le monde peut voir si vous avez un rencart vendredi soir. Et votre statut, qui dit: "célibataire", avec lequel vous obtenez gratuitement un service de publicité pour «célibataire». Qui s'en sert pour vous espionner, gratuitement. Et le tout s'est développé comme ça, en un clin d’œil, pour en arriver là. Quel rapport avec l'Open-Source? Aucun, en fait. Mais ça a un sacré rapport avec le Logiciel Libre. Encore une raison pour laquelle Stallman avait vu juste. C'est la liberté qui compte, pas vrai?
On a donc besoin de prendre un peu de recul pour comprendre où nous sommes exactement et comment nous y sommes arrivés. Plus important peut-être, si nous pouvons en sortir, et si oui, de quelle manière? Et ce n'est pas joli joli, mais alors pas du tout. David a raison. J'aurais du mal à commencer en disant que nous avons gagné, étant donné que tout contient de l'espionnage gratuit maintenant. Cependant, nous n'avons pas perdu. Nous nous sommes juste vraiment empêtrés et nous allons devoir nous sortir de là très vite ou bien nous allons entraîner d'autres personnes innocentes qui ne savaient pas que nous étions en train de leur débarrasser de leur vie privée à jamais.
Ça commence bien sûr avec l'Internet, c'est pourquoi c'est très agréable de parler ici devant l'Internet Society, une association dédiée au maintien, à l'expansion et à l'analyse théorique d'un réseau de pair à pair appelé "l'Internet", conçu comme un réseau de pairs, dépourvu du besoin intrinsèque de contrôle hiérarchique ou structurel et considérant a priori que chacun de ses composants est une entité indépendante dont la volonté est celle des êtres humains qui veulent bien en prendre le contrôle.
Ça, c'est la structure du Net. Que vous pensiez que c'est l'IPv4 qui la fait tenir ou ce formidable progrès qu'est l'IPv6, qu'apparemment nous n'utiliserons jamais, elle part toujours du postulat de communications entre pairs.
Bien sûr, ça n'a jamais vraiment tout à fait fonctionné comme ça. Il n'y avait rien dans la conception technique pour l'empêcher. En tout cas, pas dans la conception technique de l'interconnexion des nœuds et leur communication. Le problème venait des logiciels. C'est un problème logiciel simple qui porte un nom simple en trois syllabes. Microsoft. En théorie, il y avait un réseau, qui avait été conçu comme un système de nœuds pairs, mais le système d'exploitation a occupé le réseau d'une manière de plus en plus – ils le disent bien à propos de nous, donc pourquoi pas nous? – virale au cours d'une décade et demie. Les logiciels qui en sont venus à occuper le réseau étaient construits autour d'une idée très claire qui n'avait rien à voir avec la notion de pairs. On a appelé ça l'architecture "serveur/client".
Au bout d'un moment, l'idée que le réseau était un réseau de pair à pair est devenue difficile à percevoir surtout si vous étiez, disons, un être humain ordinaire. C'est-à-dire ni un ingénieur, ni un scientifique, ni un chercheur. Ni un hacker, ni un geek. Si vous étiez un humain ordinaire, c'était difficile de percevoir que l'architecture implicite du Net était censée être le pair à pair parce que le système d'exploitation avec lequel vous étiez en très forte interaction impliquait l'idée de l'architecture serveur/client.
En fait, bien sûr, quand on y pense, c'était même pire que ça. Cette chose appelée "Windows" était une version dégénérée d'une chose appelée "X Windows". Ça aussi, ça partait d'une conception serveur/client, mais dont nous penserions maintenant qu'elle l'était à l'envers. Le serveur était la chose du côté humain. C'était ça la conception de base de X Windows. Ça a servi des communications avec des êtres humains aux points terminaux du Net à des processus situés à des points arbitraires près du centre, au milieu ou au bord du Net. C'était la grande idée bizarre de Windows de créer une structure politique dans le Net qui réduisait l'être humain au client et produisait un gros ordinateur centralisé, que nous pourrions appeler serveur, qui distribuait des choses à l'être humain sur le mode "à prendre ou à laisser".
C'était, bien sûr, vraiment "à prendre ou à laisser", et malheureusement, tout le monde est tombé dedans parce qu'on ne savait pas comment en sortir une fois qu'on y était entré. Désormais le Net était fait de serveurs au centre et de clients en périphérie. Les clients avaient assez peu de pouvoir, tandis que les serveurs, beaucoup. Comme l'espace de stockage devenait de plus en plus abordable, comme le calcul devenait de plus en plus abordable, comme des services complexes – trop gourmands pour des petits ordinateurs, ou des assemblages de petits ordinateurs, dont le plus important est le moteur de recherche –, comme des services commencèrent à peupler le Net, on eut l'impression que la nature hiérarchique du Net avait une raison d'être. Le Net était fait de serveurs et de clients, et les clients étaient les types en périphérie représentant les humains, et les serveurs étaient les choses au milieu avec beaucoup de pouvoir et beaucoup de données.
Par ailleurs, une autre chose s'est passée a cette époque. Cela ne s'est pas passé dans les ordinateurs Microsoft Windows, même si c'est arrivé dans les serveurs Microsoft, et c'est arrivé dans les OS sensible comme Unix et BSD et d'autres. Nommément, les serveurs gardent une journalisation. (des logs). C'est une bonne chose a faire. Les ordinateurs doivent tenir des registres. C'est une décision très sage à la création d'un OS de garder un registre. Ça aide au débogage, rend compte de l'efficacité, permet d'étudier les opérations réelles des ordinateurs dans le monde réel. C'est une très bonne idée.
Mais si vous avez un système qui centralise les serveurs, et des serveurs qui centralises leurs journaux, alors vous créez de vastes dépôts de données organisées à propos de gens sur les bords du réseau qui ne le contrôlent pas, et qui, s'ils ne sont pas expérimentés en matière de serveurs, n'auront pas idée de la compréhension qu'on peut en avoir, de leur sens, ne comprendront pas les possibilités de leur agrégation. (traduction approximative de ce dernier paragraphe?)
It’s a pleasure to be here. I would love to think that the reason that we’re all here on a Friday night is that my speeches are so good. I actually have no idea why we’re all here on a Friday night but I’m very grateful for the invitation. I am the person who had no date tonight so it was particularly convenient that I was invited for now.
So, of course, I didn’t have any date tonight. Everybody knows that. My calendar’s on the web.
The problem is that problem. Our calendar is on the web. Our location is on the web. You have a cell phone and you have a cell phone network provider and if your cell phone network provider is Sprint then we can tell you that several million times last year, somebody who has a law enforcement ID card in his pocket somewhere went to the Sprint website and asked for the realtime location of somebody with a telephone number and was given it. Several million times. Just like that. We know that because Sprint admits that they have a website where anybody with a law enforcement ID can go and find the realtime location of anybody with a Sprint cellphone. We don’t know that about ATT and Verizon because they haven’t told us.
But that’s the only reason we don’t know, because they haven’t told us. That’s a service that you think of as a traditional service - telephony. But the deal that you get with the traditional service called telephony contains a thing you didn’t know, like spying. That’s not a service to you but it’s a service and you get it for free with your service contract for telephony. You get for free the service of advertising with your gmail which means of course there’s another service behind which is untouched by human hands, semantic analysis of your email. I still don’t understand why anybody wants that. I still don’t understand why anybody uses it but people do, including the very sophisticated and thoughtful people in this room.
And you get free email service and some storage which is worth exactly a penny and a half at the current price of storage and you get spying all the time.
And for free, too.
And your calendar is on the Web and everybody can see whether you have a date Friday night and you have a status - “looking” - and you get a service for free, of advertising “single: looking”. Spying with it for free. And it all sort of just grew up that way in a blink of an eye and here we are. What’s that got to do with open source? Well, in fact it doesn’t have anything to do with open source but it has a whole lot to do with free software. Yet, another reason why Stallman was right. It’s the freedom right?
So we need to back up a little bit and figure out where we actually are and how we actually got here and probably even more important, whether we can get out and if so, how? And it isn’t a pretty story, at all. David’s right. I can hardly begin by saying that we won given that spying comes free with everything now. But, we haven’t lost. We’ve just really bamboozled ourselves and we’re going to have to un-bamboozle ourselves really quickly or we’re going to bamboozle other innocent people who didn’t know that we were throwing away their privacy for them forever.
It begins of course with the Internet, which is why it’s really nice to be here talking to the Internet society - a society dedicated to the health, expansion, and theoretical elaboration of a peer-to-peer network called “the Internet” designed as a network of peers without any intrinsic need for hierarchical or structural control and assuming that every switch in the Net is an independent, free-standing entity whose volition is equivalent to the volition of the human beings who want to control it.
That’s the design of the NET, which, whether you’re thinking about it as glued together with IPv4 or that wonderful improvement IPv6 which we will never use apparently, still assumes peer communications.
OF course, it never really really really worked out that way. There was nothing in the technical design to prevent it. Not at any rate in the technical design interconnection of nodes and their communication. There was a software problem. It’s a simple software problem and it has a simple three syllable name. It’s name is Microsoft. Conceptually, there was a network which was designed as a system of peer nodes but the OS which occupied the network in an increasingly - I’ll use the word, they use it about us why can’t I use it back? - viral way over the course of a decade and a half. The software that came to occupy the network was built around a very clear idea that had nothing to do with peers. It was called “server client architecture”.
The idea that the network was a network of peers was hard to perceive after awhile, particularly if you were a, let us say, ordinary human being. That is, not a computer engineer, scientist, or researcher. Not a hacker, not a geek. If you were an ordinary human, it was hard to perceive that the underlying architecture of the Net was meant to be peerage because the OS software with which you interacted very strongly instantiated the idea of the server and client architecture.
In fact, of course, if you think about it, it was even worse than that. The thing called “Windows” was a degenerate version of a thing called “X Windows”. It, too, thought about the world in a server client architecture, but what we would now think of as now backwards. The server was the thing at the human being’s end. That was the basic X Windows conception of the world. it’s served communications with human beings at the end points of the Net to processes located at arbitrary places near the center in the middle, or at the edge of the NET. It was the great idea of Windows in an odd way to create a political archetype in the Net which reduced the human being to the client and produced a big, centralized computer, which we might have called a server, which now provided things to the human being on take-it-or-leave-it terms.
They were, of course, quite take-it or leave-it terms and unfortunately, everybody took it because they didn’t know how to leave once they got in. Now the Net was made of servers in the center and clients at the edge. Clients had rather little power and servers had quite a lot. As storage gets cheaper, as processing gets cheaper, and as complex services that scale in ways that are hard to use small computers for - or at any rate, these aggregated collections of small computers for - the most important of which is search. As services began to populate that net, the hierarchical nature of the Net came to seem like it was meant to be there. The Net was made of servers and clients and the clients were the guys at the edge representing humans and servers were the things in the middle with lots of power and lots of data.
Now, one more thing happened about that time. It didn’t happen in Microsoft Windows computers although it happened in Microsoft Windows servers and it happened more in sensible OSs like Unix and BSD and other ones. Namely, servers kept logs. That’s a good thing to do. Computers ought to keep logs. It’s a very wise decision when creating computer OS software to keep logs. It helps with debugging, makes efficiencies attainable, makes it possible to study the actual operations of computers in the real world. It’s a very good idea.
But if you have a system which centralizes servers and the servers centralize their logs, then you are creating vast repositories of hierarchically organized data about people at the edges of the network that they do not control and, unless they are experienced in the operation of servers, will not understand the comprehensiveness of, the meaningfulness of, will not understand the aggregatability of.
So we built a network out of a communications architecture design for peering which we defined in client-server style, which we then defined to be the dis-empowered client at the edge and the server in the middle. We aggregated processing and storage increasingly in the middle and we kept the logs - that is, info about the flows of info in the Net - in centralized places far from the human beings who controlled or thought they controlled the operation of the computers that increasingly dominated their lives. This was a recipe for disaster.
This was a recipe for disaster. Now, I haven’t mentioned yet the word “cloud” which I was dealt on the top of the deck when I received the news that I was talking here tonight about privacy and the cloud.
I haven’t mentioned the word “cloud” because the word “cloud” doesn’t really mean anything very much. In other words, the disaster we are having is not the catastrophe of the cloud. The disaster we are having is the catastrophe of the way we misunderstood the Net under the assistance of the un-free software that helped us to understand it. What “cloud” means is that servers have ceased to be made of iron. “Cloud” means virtualization of servers has occurred.
So, out here in the dusty edges of the galaxy where we live in dis-empowered clienthood, nothing very much has changed. As you walk inward towards the center of the galaxy, it gets more fuzzy than it used to. We resolve now halo where we used to see actual stars. Servers with switches and buttons you can push and such. Instead, what has happened is that iron no longer represents a single server. Iron is merely a place where servers could be. So “cloud” means servers have gained freedom, freedom to move, freedom to dance, freedom to combine and separate and re-aggregate and do all kinds of tricks. Servers have gained freedom. Clients have gained nothing. Welcome to the cloud.
It’s a minor modification of the recipe for disaster. It improves the operability for systems that control the clients out there who were meant to be peers in a Net made of equal things.
So that’s the architecture of the catastrophe. If you think about it, each step in that architectural revolution: from a network made of peers, to servers that serve the communication with humans, to clients which are programs running on heavy iron, to clients which are the computers that people actually use in a fairly dis-empowered state and servers with a high concentration of power in the Net, to servers as virtual processes running in clouds of iron at the center of an increasingly hot galaxy and the clients are out there in the dusty spiral arms.
All of those decisions architecturally were made without any discussion of the social consequences long-term, part of our general difficulty in talking about the social consequences of technology during the great period of invention of the Internet done by computer scientists who weren’t terribly interested in Sociology, Social Psychology, or, with a few shining exceptions - freedom. So we got an architecture which was very subject to misuse. Indeed, it was in a way begging to be misused and now we are getting the misuse that we set up. Because we have thinned the clients out further and further and further. In fact, we made them mobile. We put them in our pockets and we started strolling around with them.
There are a lot of reasons for making clients dis-empowered and there are even more reasons for dis-empowering the people who own the clients and who might quaintly be thought of the people who ought to control them. If you think for just a moment how many people have an interest in dis-empowering the clients that are the mobile telephones you will see what I mean. There are many overlapping rights owners as they think of themselves each of whom has a stake in dis-empowering a client at the edge of the network to prevent particular hardware from being moved from one network to another. To prevent particular hardware from playing music not bought at the great monopoly of music in the sky. To disable competing video delivery services in new chips I founded myself that won’t run popular video standards, good or bad. There are a lot of business models that are based around mucking with the control over client hardware and software at the edge to deprive the human that has quaintly thought that she purchased it from actually occupying the position that capitalism says owners are always in - that is, of total control.
In fact, what we have as I said a couple of years ago in between appearances here at another NYU function. In fact, what we have are things we call platforms. The word “platform” like the word “cloud” doesn’t inherently mean anything. It’s thrown around a lot in business talk. But, basically what platform means is places you can’t leave. Stuff you’re stuck to. Things that don’t let you off. That’s platforms. And the Net, once it became a hierarchically architected zone with servers in the center and increasingly dis-empowered clients at the edge, becomes the zone of platforms and platform making becomes the order of the day.
Some years ago a very shrewd lawyer who works in the industry said to me “Microsoft was never really a software company. Microsoft was a platform management company”. And I thought Yes, shot through the heart.
So we had a lot of platform managers in a hierarchically organized network and we began to evolve services. “Services” is a complicated word. It’s not meaningless by any means but it’s very tricky to describe it. We use it for a lot of different things. We badly need an analytical taxonomy of “services” as my friend and colleague Philippe Aigrain in Paris pointed out some 2 or 3 years ago. Taxonomies of “services” involve questions of simplicity, complexity, scale, and control.
To take an example, we might define a dichotomy between complex and simple services in which simple services are things that any computer can perform for any other computer if it wants to and complex services are things you can’t do with a computer. You must do with clusters or structures of some computational or administrative complexity. SEARCH is a complex service. Indeed, search is the archetypal complex service. Given the one way nature of links in the Web and other elements in the data architecture we are now living with (that’s another talk, another time) search is not a thing that we can easily distribute. The power in the market of our friends at Google depends entirely on the fact that search is not easily distributed. It is a complex service that must be centrally organized and centrally delivered. It must crawl the web in a unilateral direction, link by link, figuring out where everything is in order to help you find it when you need it. In order to do that, at least so far, we have not evolved good algorithmic and delivery structures for doing it in a decentralized way. So, search becomes an archetypal complex service and it draws onto itself a business model for its monetiztion.
Advertising in the 20th century was a random activity. You threw things out and hoped they worked. Advertising in the 21st century is an exquisitely precise activity. You wait for a guy to want something and then you send him advertisements about what he wants and bingo it works like magic. So of course on the underside of a complex service called search there is a theoretically simple service called advertising which, when unified to a complex service, increases its efficiency by orders of magnitude and the increase of the efficiency of the simple service when combined with the complex one produces an enormous surplus revenue flow which can be used to strengthen search even more.
But that’s the innocent part of the story and we don’t remain in the innocent part of the story for a variety of uses. I won’t be tedious on a Friday night and say it’s because the bourgeoisie is constantly engaged in destructively reinventing and improving its own activities and I won’t be moralistic on a Friday night that you can’t do that and say because sin is in-eradicable and human beings are fallen creatures and greed is one of the sins we cannot avoid committing. I will just say that as a sort of ordinary social process we don’t stop at innocent. We go on, which surely is the thing you should say on a Friday night. And so we went on.
Now, where we went on is really towards the discovery that all of this would be even better if you had all the logs of everything because once you have the logs of everything then every simple service is suddenly a goldmine waiting to happen and we blew it because the architecture of the Net put the logs in the wrong place. They put the logs where innocence would be tempted. They put the logs where the failed state of human beings implies eventually bad trouble and we got it.
The cloud means that we can’t even point in the direction of the server anymore and because we can’t even point in the direction of the server anymore we don’t have extra technical or non-technical means of reliable control over this disaster in slow motion. You can make a rule about logs or data flow or preservation or control or access or disclosure but your laws are human laws and they occupy particular territory and the server is in the cloud and that means the server is always one step ahead of any rule you make or two or three or six or poof! I just realized I’m subject to regulation, I think I’ll move to Oceana now.
Which means that in effect, we lost the ability to use either legal regulation or anything about the physical architecture of the network to interfere with the process of falling away from innocence that was now inevitable in the stage I’m talking about, what we might call late Google stage 1.
It is here, of course, that Mr. Zuckerberg enters.
The human race has susceptibility to harm but Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.
Because he harnessed Friday night. That is, everybody needs to get laid and he turned it into a structure for degenerating the integrity of human personality and he has to a remarkable extent succeeded with a very poor deal. Namely, “I will give you free web hosting and some PHP doodads and you get spying for free all the time”. And it works.
That’s the sad part, it works.
How could that have happened?
There was no architectural reason, really. There was no architectural reason really. Facebook is the Web with “I keep all the logs, how do you feel about that?” It’s a terrarium for what it feels like to live in a panopticon built out of web parts.
And it shouldn’t be allowed. It comes to that. It shouldn’t be allowed. That’s a very poor way to deliver those services. They are grossly overpriced at “spying all the time”. They are not technically innovative. They depend upon an architecture subject to misuse and the business model that supports them is misuse. There isn’t any other business model for them. This is bad.
I’m not suggesting it should be illegal. It should be obsolete. We’re technologists, we should fix it.
I’m glad I’m with you so far. When I come to how we should fix it later I hope you will still be with me because then we could get it done.
But let’s say, for now, that that’s a really good example of where we went wrong and what happened to us because. It’s trickier with gmail because of that magical untouched by human hands-iness. When I say to my students, “why do you let people read your email”, they say “but nobody is reading my email, no human being ever touched it. That would freak me out, I’d be creeped out if guys at Google were reading my email. But that’s not happening so I don’t have a problem.”
Now, this they cannot say about Facebook. Indeed, they know way too much about Facebook if they let themselves really know it. You have read the stuff and you know. Facebook workers know who’s about to have a love affair before the people do because they can see X obsessively checking the Facebook page of Y. There’s some very nice research done a couple of years ago at an MIT I shouldn’t name by students I’m not going to describe because they were a little denting to the Facebook terms of service in the course of their research. They were just scraping but the purpose of their scraping was the demonstrate that you could find closeted homosexuals on Facebook.
They don’t say anything about their sexual orientation. Their friends are out, their interests are the interests of their friends who are out. Their photos are tagged with their friends who are out and they’re out except they’re not out. They’re just out in Facebook if anybody looks, which is not what they had in mind surely and not what we had in mind for them, surely. In fact, the degree of potential information inequality and disruption and difficulty that arises from a misunderstanding, a heuristic error, in the minds of human beings about what is and what’s not discoverable about them is not our biggest privacy problem.
My students, and I suspect many of the students of teachers in this room too, show constantly in our dialog the difficulty. They still think of privacy as “the one secret I don’t want revealed” and that’s not the problem. Their problem is all the stuff that’s the cruft, the data dandruff of life, that they don’t think of as secret in any way but which aggregates to stuff that they don’t want anybody to know. Which aggregates, in fact, not just to stuff they don’t want people to know but to predictive models about them that they would be very creeped out could exist at all. The simplicity with which you can de-anonymize theoretically anonymized data, the ease with which, for multiple sources available to you through third and fourth party transactions, information you can assemble, data maps of people’s lives. The ease with which you begin constraining, with the few things you know about people, the data available to you, you can quickly infer immense amounts more.
My friend and colleague Bradly Kuhn who works at the Software Freedom Law Center is one of those archaic human beings who believes that a social security number is a private thing. And he goes to great lengths to make sure that his Social Security is not disclosed which is his right under our law, oddly enough. Though, try and get health insurance or get a safe deposit box, or in fact, operate the business at all. We bend over backwards sometimes in the operation of our business because Bradly’s Social Security number is a secret. I said to him one day “You know, it’s over now because Google knows your Social Security number”. He said “No they don’t, I never told it to anybody”. I said, “Yeah but they know the Social Security number of everybody else born in Baltimore that year. Yours is the other one”.
And as you know, that’s true. The data that we infer is the data in the holes between the data we already know if we know enough things.
So, where we live has become a place in which it would be very unwise to say about anything that it isn’t known. If you are pretty widely known in the Net and all of us for one reason or another are pretty widely known in the Net. We want to live there. It is our neighborhood. We just don’t want to live with a video camera on every tree and a mic on every bush and the data miner beneath our feet everywhere we walk and the NET is like that now. I’m not objecting to the presence of AOL newbies in Usenet news. This is not an aesthetic judgment from 1995 about how the neighborhood is now full of people who don’t share our ethnocentric techno geekery. I’m not lamenting progress of a sort of democratizing kind. On the contrary, I’m lamenting progress of a totalizing kind. I’m lamenting progress hostile to human freedom. We all know that it’s hostile to human freedom. We all understand it’s despotic possibilities because the distopias of which it is fertile were the stuff of the science fiction that we read when we were children. The Cold War was fertile in the fantastic invention of where we live now and it’s hard for us to accept that but it’s true. Fortunately, of course, it’s not owned by the government. Well, it is. It’s fortunate. It’s true. It’s fortunate that it’s owned by people that you can bribe to get the thing no matter who you are. If you’re the government you have easy ways of doing it. You fill out a subpoena blank and you mail it.
I spent two hours yesterday with a law school class explaining in detail why the 4th Amendment doesn’t exist anymore because that’s Thursday night and who would do that on a Friday night? But the 4th Amendment doesn’t exist anymore. I’ll put the audio on the Net and the FBI and you can listen to it anytime you want.
We have to fess up if we’re the people who care about freedom, it’s late in the game and we’re behind. We did a lot of good stuff and we have a lot of tools lying around that we built over the last 25 years. I helped people build those tools. I helped people keep those tools safe, I helped people prevent the monopoly from putting all those tools in its bag and walking off with them and I’m glad the tools are around but we do have to admit that we have not used them to protect freedom because freedom is decaying and that’s what David meant in his very kind introduction.
In fact, people who are investing in the new enterprises of unfreedom are also the people you will hear if you hang out in Silicon Valley these days that open source has become irrelevant. What’s their logic? Their logic is that software as a service is becoming the way of the world. Since nobody ever gets any software anymore, the licenses that say “if you give people software you have to give them freedom” don’t matter because you’re not giving anybody software. You’re only giving them services.
Well, that’s right. Open source doesn’t matter anymore. Free software matters a lot because of course, free software is open source software with freedom. Stallman was right. It’s the freedom that matters. The rest of it is just source code. Freedom still matters and what we need to do is to make free software matter to the problem that we have which is unfree services delivered in unfree ways really beginning to deteriorate the structure of human freedom.
Like a lot of unfreedom, the real underlying social process that forces this unfreedom along is nothing more than perceived convenience.
All sorts of freedom goes over perceived convenience. You know this. You’ve stopped paying for things with cash. You use a card that you can wave at an RFID reader.
Convenience is said to dictate that you need free web hosting and PHP doodads in return for spying all the time because web servers are so terrible to run. Who could run a web server of his own and keep the logs? It would be brutal. Well, it would if it were IIS. It was self-fulfilling, it was intended to be. It was designed to say “you’re a client, I’m a server. I invented Windows 7, It was my idea. I’ll keep the logs thank you very much.” That was the industry. We built another industry. It’s in here. But it’s not in. Well, yeah it is kind of in here. So where isn’t it? Well it’s not in the personal web server I don’t have that would prevent me from falling…well, why don’t we do something about that.
What do we need? We need a really good webserver you can put in your pocket and plug in any place. In other words, it shouldn’t be any larger than the charger for your cell phone and you should be able to plug it in to any power jack in the world and any wire near it or sync it up to any wifi router that happens to be in its neighborhood. It should have a couple of USB ports that attach it to things. It should know how to bring itself up. It should know how to start its web server, how to collect all your stuff out of the social networking places where you’ve got it. It should know how to send an encrypted backup of everything to your friends’ servers. It should know how to microblog. It should know how to make some noise that’s like tweet but not going to infringe anybody’s trademark. In other words, it should know how to be you …oh excuse me I need to use a dangerous word - avatar - in a free net that works for you and keeps the logs. You can always tell what’s happening in your server and if anybody wants to know what’s happening in your server they can get a search warrant.
And if you feel like moving your server to Oceana or Sealand or New Zealand or the North Pole, well buy a plane ticket and put it in your pocket. Take it there. Leave it behind. Now there’s a little more we need to do. It’s all trivial. We need some dynamic DNS and all stuff we’ve already invented. It’s all there, nobody needs anything special. Do we have the server you can put in your pocket? Indeed, we do. Off the shelf hardware now. Beautiful little wall warts made with ARM chips. Exactly what I specked for you. Plug them in, wire them up. How’s the software stack in there? Gee, I don’t know it’s any software stack you want to put in there.
In fact, they’ll send it to you with somebody’s top of the charts current distro in it, you just have to name which one you want. Which one do you want? Well you ought to want the Debian Gnu Linux social networking stack delivered to you free, free as in freedom I mean. Which does all the things I name - brings itself up, runs it’s little Apache or lighttpd or it’s tiny httpd, does all the things we need it to do - syncs up, gets your social network data from the places, slurps it down, does your backup searches, finds your friends, registers your dynamic DNS. All is trivial. All this is stuff we’ve got. We need to put this together. I’m not talking about a thing that’s hard for us. We need to make a free software distribution device. How many of those do we do?
We need to give a bunch to all our friends and we need to say, here fool around with this and make it better. We need to do the one thing we are really really really good at because all the rest of it is done, in the bag, cheap ready. Those wall wart servers are $99 now going to $79 when they’re five million of them they’ll be $29.99.
Then we go to people and we say $29.99 once for a lifetime, great social networking, updates automatically, software so strong you couldn’t knock it over it you kicked it, used in hundreds of millions of servers all over the planet doing a wonderful job. You know what? You get “no spying” for free. They want to know what’s going on in there? Let them get a search warrant for your home, your castle, the place where the 4th Amendment still sort of exists every other Tuesday or Thursday when the Supreme Court isn’t in session. We can do that. We can do that. That requires us to do only the stuff we’re really really good at. The rest of it we get for free. Mr. Zuckerberg? Not so much.
Because of course, when there is a competitor to “all spying all the time whether you like it or not”, the competition is going to do real well. Don’t expect Google to be the competitor. That’s our platform. What we need is to make a thing that’s so greasy there will never be a social network platform again. Can we do it? Yeah, absolutely. In fact, if you don’t have a date on Friday night, let’s just have a hackfest and get it done. It’s well within our reach.
We’re going to do it before the Facebook IPO? Or are we going to wait till after? Really? Honestly? Seriously. The problem that the law has very often in the world where we live and practice and work, the problem that the law has very often, the problem that technology can solve. And the problem that technology can solve is the place where we go to the law. That’s the free software movement. There’s software hacking over here and there’s legal hacking over there and you put them both together and the whole is bigger than the sum of the parts. So, it’s not like we have to live in the catastrophe. We don’t have to live in the catastrophe. It’s not like what we have to do to begin to reverse the catastrophe is hard for us. We need to re-architect services in the Net. We need to re-distribute services back towards the edge. We need to de-virtualize the servers where your life is stored and we need to restore some autonomy to you as the owner of the server.
The measures for taking those steps are technical. As usual, the box builders are ahead of us. The hardware isn’t the constraint. As usual, nowadays, the software isn’t really that deep a constraint either because we’ve made so much wonderful software which is in fact being used by all the guys on the bad architecture. They don’t want to do without our stuff. The bad architecture is enabled, powered by us. The re-architecture is too. And we have our usual magic benefit. If we had one copy of what I’m talking about, we’d have all the copies we need. We have no manufacturing or transport or logistics constraint. If we do the job, it’s done. We scale.
This is technical challenge for social reason. It’s a frontier for technical people to explore. There is enormous social pay-off for exploring it.
The payoff is plain because the harm being ameliorated is current and people you know are suffering from it. Everything we know about why we make free software says that’s when we come into our own. It’s a technical challenge incrementally attainable by extension from where we already are that makes the lives of the people around us and whom we care about immediately better. I have never in 25 years of doing this work, I have never seen us fail to rise to a challenge that could be defined in those terms. So I don’t think we’re going to fail this one either.
Mr. Zuckerberg richly deserves bankruptcy.
Let’s give it to him. For Free.
And I promise, and you should promise too, not to spy on the bankruptcy proceeding. It’s not any of our business. It’s private.
This is actually a story potentially happy. It is a story potentially happy and if we do it then we will have quelled one more rumor about the irrelevance of us and everybody in the Valley will have to go find another buzz word and all the guys who think that Sandhill Road is going to rise into new power and glory by spying on everybody and monetizing it will have to find another line of work too, all of which is purely on the side of the angels. Purely on the side of the angels.
We will not be rid of all our problems by any means, but just moving the logs from them to you is the single biggest step that we can take in resolving a whole range of social problems that I feel badly about what remains of my American constitution and that I would feel badly about if I were watching the failure of European data protection law from inside instead of outside and that I would feel kind of hopeful about if I were, oh say, a friend of mine in China. Because you know of course we really ought to put a VPN in that wall wart.
And probably we ought to put a Tor router in there.
And of course, we’ve got bittorrent, and by the time you get done with all of that, we have a freedom box. We have a box that not merely climbs us out of the hole we’re in, we have a box that actually puts a ladder up for people who are deeper in the hole than we are, which is another thing we love to do.
I do believe the US State Department will go slanging away at the Chinese communist party for a year or two about internet freedom and I believe the Chinese communist party is going to go slanging back and what they’re going to say is “You think you’ve got real good privacy and autonomy in the internet voyear in your neighborhood?” And every time they do that now as they have been doing that in the last 2 weeks, I would say ouch if I was Hilary Clinton and I knew anything about it because we don’t. Because we don’t. It’s true. We have a capitalist kind and they have a centralist vanguard of the party sort of Marxist kind or maybe Marxist or maybe just totalitarian kind but we’re not going to win the freedom of the net discussion carrying Facebook on our backs. We’re not.
But you screw those wall wart servers around pretty thickly in American society and start taking back the logs and you want to know who I talked to on a Friday night? Get a search warrant and stop reading my email. By the way there’s my GPG key in there and now we really are encrypting for a change and so on and so on and so on and it begins to look like something we might really want to go on a national crusade about. We really are making freedom here for other people too. For people who live in places where the web don’t work.
So there’s not a challenge we don’t want to rise to. It’s one we want to rise to plenty. In fact, we’re in a happy state in which all the benefits we can get are way bigger than the technical intricacy of doing what needs to be done, which isn’t much.
That’s where we came from. We came from our technology was more free than we understood and we gave away a bunch of the freedom before we really knew it was gone. We came from unfree software had bad social consequences further down the road than even the freedom agitators knew. We came from unfreedom’s metaphors tend to produce bad technology.
In other words, we came from the stuff that our movement was designed to confront from the beginning but we came from there. And we’re still living with the consequences of we didn’t do it quite right the first time, though we caught up thanks to Richard Stallman and moving on.
Where we live now is no place we’re going to have to see our grandchildren live. Where we live now is no place we would like to conduct guided tours of. I used to say to my students how many video cameras are there between where you live and the Law school? Count them. I now say to my students how many video cameras are there between the front door to the law school and this classroom? Count them.
I now say to my students “can you find a place where there are no video cameras?” Now, what happened in that process was that we created immense cognitive auxiliaries for the state - enormous engines of listening. You know how it is if you live in an American university thanks to the movie and music companies which keep reminding you of living in the midst of an enormous surveillance network. We’re surrounded by stuff listening to and watching us. We’re surrounded by mine-able data.
Not all of that’s going to go away because we took Facebook and split it up and carried away our little shards of it. It’s not going to go away cause we won’t take free webhosting with spying inside anymore. We’ll have other work to do. And some of that work is lawyers work. I will admit that. Some of that work is law drafting and litigating and making trouble and doing lawyer stuff. That’s fine. I’m ready.
My friends an I will do the lawyers part. It would be way simpler to do the lawyer’s work if we were living in a society which had come to understand it’s privacy better. It would be way simpler to do the lawyer’s work if young people realize that when they grow up and start voting or start voting now that they’re grown up, this is an issue. That they need to get the rest of it done the way we fixed the big stuff when we were kids. We’ll have a much easier time with the enormous confusions of international interlocking of regimes when we have deteriorated the immense force of American capitalism forcing us to be less free and more surveilled for other people’s profit all the time. It isn’t that this gets all the problems solved but the easy work is very rich and rewarding right now.
The problems are really bad. Getting the easy ones out will improve the politics for solving the hard ones and it’s right up our alley. The solution is made of our parts. We’ve got to do it. That’s my message. It’s Friday night. Some people don’t want to go right back to coding I’m sure. We could put it off until Tuesday but how long do you really want to wait? You know everyday that goes by there’s more data we’ll never get back. Everyday that goes by there’s more data inferences we can’t undo. Everyday that goes by we pile up more stuff in the hands of the people who got too much. So it’s not like we should say “one of these days I’ll get around to that”. It’s not like we should say “I think I’d rather sort of spend my time browsing news about iPad”.
It’s way more urgent than that.
It’s that we haven’t given ourselves the direction in which to go so let’s give ourselves the direction in which to go. The direction in which to go is freedom using free software to make social justice.
But, you know this. That’s the problem with talking on a Friday night. You talk for an hour and all you tell people is what they know already.
So thanks a lot. I’m happy to take your questions.