Showing posts with label distributed. Show all posts
Showing posts with label distributed. Show all posts

02 February 2014

Interview: Eben Moglen - "surveillance becomes the hidden service wrapped inside everything"

(This was original published in The H Open in March 2010.)

Free software has won: practically all of the biggest and most exciting Web companies like Google, Facebook and Twitter run on it.  But it is also in danger of losing, because those same services now represent a huge threat to our freedom as a result of the vast stores of information they hold about us, and the in-depth surveillance that implies.

Better than almost anyone, Eben Moglen knows what's at stake.  He was General Counsel of the Free Software Foundation for 13 years, and helped draft several versions of the GNU GPL.  As well as being Professor of Law at Columbia Law School, he is the Founding Director of Software Freedom Law Center.  And he has an ambitious plan to save us from those seductive but freedom-threatening Web service companies.  He explained what the problem is, and how we can fix it.

GM: So what's the threat you are trying to deal with?

EM:  We have a kind of social dilemma which comes from architectural creep.  We had an Internet that was designed around the notion of peerage -  machines with no hierarchical relationship to one another, and no guarantee about their internal architectures or behaviours, communicating through a series of rules which allowed disparate, heterogeneous networks to be networked together around the assumption that everybody's equal. 

In the Web the social harm done by the client-server model arises from the fact that logs of Web servers become the trails left by all of the activities of human beings, and the logs can be centralised in servers under hierarchical control.  Web logs become power.  With the exception of search, which is a service that nobody knows how to decentralise efficiently, most of these services do not actually rely upon a hierarchical model.  They really rely upon the Web  - that is, the non-hierachical peerage model created by Tim Berners-Lee, and which is now the dominant data structure in our world.

The services are centralised for commercial purposes.  The power that the Web log holds is monetisable, because it provides a form of surveillance which is attractive to both commercial and governmental social control.  So the Web with services equipped in a basically client-server architecture becomes a device for surveilling as well as providing additional services.  And surveillance becomes the hidden service wrapped inside everything we get for free.

The cloud is a vernacular name which we give to a significant improvement in the server-side of the web side - the server, decentralised.  It becomes instead of a lump of iron a digital appliance which can be running anywhere.  This means that for all practical purposes servers cease to be subject to significant legal control.  They no longer operate in a policy-directed manner, because they are no longer iron subject to territorial orientation of law. In a world of virtualised service provision, the server which provides the service, and therefore the log which is the result of the hidden service of surveillance, can be projected into any domain at any moment and can be stripped of any legal obligation pretty much equally freely.

This is a pessimal result.

GM:  Was perhaps another major factor in this the commercialisation of the Internet, which saw power being vested in a company that provided services to the consumer?

EM:  That's exactly right.  Capitalism also has its architectural Bauplan, which it is reluctant to abandon.  In fact, much of what the network is doing to capitalism is forcing it to reconsider its Bauplan via a social process which we call by the crappy name of disintermediation.  Which is really a description of the Net forcing capitalism to change the way it takes.  But there's lots of resistance to that, and what's interesting to all of us I suspect, as we watch the rise of Google to pre-eminence, is the ways in which Google does and does not - and it both does and does not - wind up behaving rather like Microsoft in the course of growing up.  There are sort of gravitational propositions that arise when you're the largest organism in an ecosystem. 

GM:  Do you think free software has been a little slow to address the problems you describe?

EM:  Yes, I think that's correct.  I think it is conceptually difficult, and it is to a large degree difficult because we are having generational change.  After a talk [I gave recently], a young woman came up to me and she said: I'm 23 years old, and none of my friends care about privacy.  And that's another important thing, right?, because we make software now using the brains and hands and energies of people who are growing up in a world which has been already affected by all of this.  Richard or I can sound rather old-fashioned.

GM:  So what's the solution you are proposing?

EM:  If we had a real intellectually-defensible taxonomy of services, we would recognise that a number of the services which are currently highly centralised, and which count for a lot of the surveillance built in to the society that we are moving towards, are services which do not require centralisation in order to be technologically deliverable.  They are really the Web repackaged. 

Social networking applications are the most crucial.  They rely in their basic metaphors of operation on a bilateral relationship called friendship, and its multilateral consequences.  And they are eminently modelled by the existing structures of the Web itself. Facebook is free Web hosting with some PHP doodads and APIs, and spying free inside all the time - not actually a deal we can't do better than. 

My proposal is this: if we could disaggregate the logs, while providing the people all of the same features, we would have a Pareto-superior outcome.  Everybody – well, except Mr Zuckenberg - would be better off, and nobody would be worse off.  And we can do that using existing stuff.

The most attractive hardware is the ultra-small, ARM-based, plug it into the wall, wall-wart server, the SheevaPlug.  An object can be sold to people at a very low one-time price, and brought home and plugged into an electrical outlet and plugged into a wall jack for the Ethernet, or whatever is there, and you're done.  It comes up, it gets configured through your Web browser on whatever machine you want to have in the apartment with it, and it goes and fetches all your social networking data from all the social networking applications, closing all your accounts.  It backs itself up in an encrypted way to your friends' plugs, so that everybody is secure in the way that would be best for them, by having their friends holding the secure version of their data.

And it begins to do all the things that we assume we need in a social networking appliance.  It's the feed, it maintains the wall your friends write on - it does everything that provides feature compatibility with what you're used to. 

But the log is in your apartment, and in my society at least, we still have some vestigial rules about getting into your house: if people want to check the logs they have to get a search warrant. In fact, in every society, a person's home is about as sacred as it gets.

And so, basically, what I am proposing is that we build a social networking stack based around the existing free software we have, which is pretty much the same existing free software the server-side social networking stacks are built on; and we provide ourselves with an appliance which contains a free distribution everybody can make as much of as they want, and cheap hardware of a type which is going to take over the world whether we do it or we don't, because it's so attractive a form factor and function, at the price. 

We take those two elements, we put them together, and we also provide some other things which are very good for the world.  Like automatically VPNing everybody's little home network place with my laptop wherever I am, which provides me with encrypted proxies so my web searching, wherever I am, is not going to be spied on.  It means that we have a zillion computers available to the people who live in China and other places where there's bad behaviour.  So we can massively increase the availability of free browsing to other people in the world.  If we want to offer people the option to run onion routeing, that's where we'll put it, so that there will be a credible possibility that people will actually be able to get decent performance on onion routeing networks.

And we will of course provide convenient encrypted email for people - including putting their email not in a Google box, but in their house, where it is encrypted, backed up to all their friends and other stuff.  Where in the long purpose of time we can begin to return email to a condition - if not being a private mode of communication - at least not being postcards to the secret police every day.

So we would also be striking a blow for electronic civil liberties in a way that is important, which is very difficult to conceive of doing in a non-technical way.

GM:  How will you organise and finance such a project, and who will undertake it?

EM:  Do we need money? Yeah, but tiny amounts.  Do we need organisation? Yes, but it could be self-organisation.  Am I going to talk about this at DEF CON this summer, at Columbia University? Yes.  Could Mr Shuttleworth do it if he wanted to? Yes.  It's not going to be done with clicking heels together, it's going to be done the way we do stuff: somebody's going begin by reeling off a Debian stack or Ubuntu stack or, for all I know, some other stack, and beginning to write some configuration code and some glue and a bunch of Python to hold it all together. From a quasi-capitalist point of view I don't think this is an unmarketable product.  In fact, this is the flagship product, and we ought to all put just a little pro bono time into it until it's done.

GM:  How are you going to overcome the massive network effects that make it hard to persuade people to swap to a new service?

EM:  This is why the continual determination to provide social networking interoperability is so important. 

For the moment, my guess is that while we go about this job, it's going to remain quite obscure for quite a while.  People will discover that they are being given social network portability.  [The social network companies] undermine their own network effect because everybody wants to get ahead of Mr Zuckerberg before his IPO.  And as they do that they will be helping us, because they will be making it easier and easier to do what our box has to do, which is to come online for you, and go and collect all your data and keep all your friends, and do everything that they should have done.

So part of how we're going to get people to use it and undermine the network effect, is that way.  Part of it is, it's cool; part of it is, there are people who want no spying inside; part of it is, there are people who want to do something about the Great Firewall of China but don't know how.  In other words, my guess is that it's going to move in niches just as some other things do.

GM:  With mobile taking off in developing countries, might it not be better to look at handsets to provide these services?

EM:  In the long run there are two places where we can conceivably put your identity: one is where you live, and the other is in your pocket.  And a stack that doesn't deal with both of those is probably not a fully adequate stack.

The thing I want to say directed to your point “why don't we put our identity server in our cellphone?”, is that our cellphones are very vulnerable.  In most parts of the world, you stop a guy on the street, you arrest him on a trumped-up charge of any kind, you get him back to the station house, you clone his phone, you hand it back to him, you've owned him.

When we fully commoditise that [mobile] technology, then we can begin to do the reverse of what the network operators are doing.  The network operators around the world are basically trying to eat the Internet, and excrete proprietary networking.  The network operators have to play the reverse if telephony technology becomes free.  We can eat proprietary networks and excrete the public Internet.  And if we do that then the power game begins to be more interesting.

28 September 2007

How Gross is That?

I remember well during the fun days of dotcom 1.0 when Bill Gross came up with wacky idea after wacky idea, most of which happily bombed. So I wasn't entirely surprised to see him come out with stuff like this:

We started making only Internet companies because we felt this was an incredible new medium that had unbelievably high gross margins. If you could make a Web site, you could sell something online and you could make margins of 90 percent or higher. When we looked back at the ones that were most and least successful, we realized it had nothing to do with their margins. It had to do with how protectable the idea was. Was there a core intellectual property with which you could differentiate yourself and earn sustainable margins? Because you can make good margins online, but if you can't sustain them, it doesn't mean anything.

So that led us to take another look at all businesses - even companies that make physical products. We had shied away from making anything with atoms; we were all caught up in doing only things with bits. But you can make things with atoms and still have a huge amount of intellectual property in them, where you can earn good margins and protectable margins.

That sounds, well, just gross, really, with its sad little obsession about intellectual monopolies. But reading further on I came across this:

I feel that the biggest disruption that will happen in this century is distributed energy generation. In the past, there was an economy of scale, so you had to build a 1-gigawatt nuclear or coal plant somewhere, and you had to do it far away from people because no one wanted it in their backyard. That was possible because of copper. Only copper could keep that plant far enough away that we wouldn't see it or smell it, and copper could bring those electrons magically into our house. But there's a huge loss by the time the power gets to us - with copper, it's up to 15 percent.

When you can build distributed energy generation on your roof with 10 feet instead of hundreds of miles of copper, you can avoid those huge losses. If you can get lower-cost solar, which we're working on very hard, and if you have the subsidies, all of a sudden it makes sense to have your own power plant on your own roof. Having your own power plant on your roof is just an unbelievable concept that wasn't even possible in the 20th century. It is going to be possible - and necessary - this century if we're going to solve the climate problem.

Spot on. Let's hope this is one Gross idea that succeeds.

18 June 2007

Open Source Disaster Preparation

Another thought-provoking post from Jamais Cascio:

In fact, the Book & Seed Vault may prove to function better as a model and instructions than as an actual vault. We'd need more than one site for any kind of disaster recovery system to be truly useful; we have to assume that many of the eventual locations will be unavailable, so the more the better. The right scale for something like this is probably the "community" -- a bit bigger than your neighborhood, but smaller than a city.

Think of it as open-source disaster prep -- a site and set of resources offering detailed instructions (which can be updated by the users, of course) showing you how to build a recovery vault for your community. What are the physical specs for the facility? Which seeds are appropriate for your regional climate? What are the key instruction manuals and guidebooks to include? How best to store and protect the vault's contents? I could see this done as a wiki and mailing list, probably with some YouTube videos demonstrating various techniques for proper seed and book storage.

03 May 2007

Open Source War - and Open Source

Another characteristically clear-sighted post from Jamais Cascio on the subject of open source war and the changing nature of power in a networked world:

Despite the end of the utility of conventional force, the lack of certainty as to what the next wave of global compellence power will look like will inevitably lead to strategic mistakes. As we look ahead, it's clear that if another state -- say, China -- decides to take America's place as the leading hegemonic power on the planet by emulating the current American model of extreme emphasis on conventional force projection, that state has already become another Lost Hegemon. The system has changed, and the meaning of power has changed.

Conversely, the first group that cracks this problem has the potential to leapfrog the others in assuming the role of global powerhouse. Given the speed with which technology and organizational models are evolving, we can't assume it will be a state. Corporations seemed poised to take on that role in the 1990s; non-governmental groups are the lead candidates today. It's entirely possible that the kind of social organization that will become the next hegemonic force has yet to be invented. One thing is clear: the next superpower, whoever or whatever it is, will be the actor that finally figures out the new meaning of power.

Well, the first people to understand this new kind of distributed, networked, evolving power were, of course, the coders: how about letting them run things for a change?

09 March 2007

Metaweb, not Betterweb?

Is it just me, or does this sound like a horribly retrograde move?

A new company founded by a longtime technologist is setting out to create a vast public database intended to be read by computers rather than people, paving the way for a more automated Internet in which machines will routinely share information.

The company, Metaweb Technologies, is led by Danny Hillis, whose background includes a stint at Walt Disney Imagineering and who has long championed the idea of intelligent machines.

...

The idea of a centralized database storing all of the world’s digital information is a fundamental shift away from today’s World Wide Web, which is akin to a library of linked digital documents stored separately on millions of computers where search engines serve as the equivalent of a card catalog.

A single database for all the world's digital information? Since when did massive, centralised, single point-of-failure systems come back into vogue? Google's holdings are bad enough.

Thanks, but no thanks.

Update: To be fair, it seems to be adopting a sensible licensing policy, so maybe there's hope yet:

We want to make it possible for you to add high quality structured information to your websites, mashups and applications without worrying about restrictive corporate licenses. All data is licensed Creative Commons Attribution. We only ask that you link back to us.

In addition, Tim O'Reilly has a more upbeat (perhaps because better-informed) assessment here. I can see a little better what they're trying to do, but I'm still not convinced by the centralised nature of it. Opinions?

10 October 2006

Distributed Energy Generation

This looks eminently sensible from just about every angle:

Energy suppliers should make it easier for people to generate power for their own homes, the gas and electricity regulator, Ofgem, said today.

Why has it taken so long for the idea of distributed power generation to get going?