Showing posts with label eben moglen. Show all posts
Showing posts with label eben moglen. Show all posts

02 February 2014

Interview: Eben Moglen - "surveillance becomes the hidden service wrapped inside everything"

(This was original published in The H Open in March 2010.)

Free software has won: practically all of the biggest and most exciting Web companies like Google, Facebook and Twitter run on it.  But it is also in danger of losing, because those same services now represent a huge threat to our freedom as a result of the vast stores of information they hold about us, and the in-depth surveillance that implies.

Better than almost anyone, Eben Moglen knows what's at stake.  He was General Counsel of the Free Software Foundation for 13 years, and helped draft several versions of the GNU GPL.  As well as being Professor of Law at Columbia Law School, he is the Founding Director of Software Freedom Law Center.  And he has an ambitious plan to save us from those seductive but freedom-threatening Web service companies.  He explained what the problem is, and how we can fix it.

GM: So what's the threat you are trying to deal with?

EM:  We have a kind of social dilemma which comes from architectural creep.  We had an Internet that was designed around the notion of peerage -  machines with no hierarchical relationship to one another, and no guarantee about their internal architectures or behaviours, communicating through a series of rules which allowed disparate, heterogeneous networks to be networked together around the assumption that everybody's equal. 

In the Web the social harm done by the client-server model arises from the fact that logs of Web servers become the trails left by all of the activities of human beings, and the logs can be centralised in servers under hierarchical control.  Web logs become power.  With the exception of search, which is a service that nobody knows how to decentralise efficiently, most of these services do not actually rely upon a hierarchical model.  They really rely upon the Web  - that is, the non-hierachical peerage model created by Tim Berners-Lee, and which is now the dominant data structure in our world.

The services are centralised for commercial purposes.  The power that the Web log holds is monetisable, because it provides a form of surveillance which is attractive to both commercial and governmental social control.  So the Web with services equipped in a basically client-server architecture becomes a device for surveilling as well as providing additional services.  And surveillance becomes the hidden service wrapped inside everything we get for free.

The cloud is a vernacular name which we give to a significant improvement in the server-side of the web side - the server, decentralised.  It becomes instead of a lump of iron a digital appliance which can be running anywhere.  This means that for all practical purposes servers cease to be subject to significant legal control.  They no longer operate in a policy-directed manner, because they are no longer iron subject to territorial orientation of law. In a world of virtualised service provision, the server which provides the service, and therefore the log which is the result of the hidden service of surveillance, can be projected into any domain at any moment and can be stripped of any legal obligation pretty much equally freely.

This is a pessimal result.

GM:  Was perhaps another major factor in this the commercialisation of the Internet, which saw power being vested in a company that provided services to the consumer?

EM:  That's exactly right.  Capitalism also has its architectural Bauplan, which it is reluctant to abandon.  In fact, much of what the network is doing to capitalism is forcing it to reconsider its Bauplan via a social process which we call by the crappy name of disintermediation.  Which is really a description of the Net forcing capitalism to change the way it takes.  But there's lots of resistance to that, and what's interesting to all of us I suspect, as we watch the rise of Google to pre-eminence, is the ways in which Google does and does not - and it both does and does not - wind up behaving rather like Microsoft in the course of growing up.  There are sort of gravitational propositions that arise when you're the largest organism in an ecosystem. 

GM:  Do you think free software has been a little slow to address the problems you describe?

EM:  Yes, I think that's correct.  I think it is conceptually difficult, and it is to a large degree difficult because we are having generational change.  After a talk [I gave recently], a young woman came up to me and she said: I'm 23 years old, and none of my friends care about privacy.  And that's another important thing, right?, because we make software now using the brains and hands and energies of people who are growing up in a world which has been already affected by all of this.  Richard or I can sound rather old-fashioned.

GM:  So what's the solution you are proposing?

EM:  If we had a real intellectually-defensible taxonomy of services, we would recognise that a number of the services which are currently highly centralised, and which count for a lot of the surveillance built in to the society that we are moving towards, are services which do not require centralisation in order to be technologically deliverable.  They are really the Web repackaged. 

Social networking applications are the most crucial.  They rely in their basic metaphors of operation on a bilateral relationship called friendship, and its multilateral consequences.  And they are eminently modelled by the existing structures of the Web itself. Facebook is free Web hosting with some PHP doodads and APIs, and spying free inside all the time - not actually a deal we can't do better than. 

My proposal is this: if we could disaggregate the logs, while providing the people all of the same features, we would have a Pareto-superior outcome.  Everybody – well, except Mr Zuckenberg - would be better off, and nobody would be worse off.  And we can do that using existing stuff.

The most attractive hardware is the ultra-small, ARM-based, plug it into the wall, wall-wart server, the SheevaPlug.  An object can be sold to people at a very low one-time price, and brought home and plugged into an electrical outlet and plugged into a wall jack for the Ethernet, or whatever is there, and you're done.  It comes up, it gets configured through your Web browser on whatever machine you want to have in the apartment with it, and it goes and fetches all your social networking data from all the social networking applications, closing all your accounts.  It backs itself up in an encrypted way to your friends' plugs, so that everybody is secure in the way that would be best for them, by having their friends holding the secure version of their data.

And it begins to do all the things that we assume we need in a social networking appliance.  It's the feed, it maintains the wall your friends write on - it does everything that provides feature compatibility with what you're used to. 

But the log is in your apartment, and in my society at least, we still have some vestigial rules about getting into your house: if people want to check the logs they have to get a search warrant. In fact, in every society, a person's home is about as sacred as it gets.

And so, basically, what I am proposing is that we build a social networking stack based around the existing free software we have, which is pretty much the same existing free software the server-side social networking stacks are built on; and we provide ourselves with an appliance which contains a free distribution everybody can make as much of as they want, and cheap hardware of a type which is going to take over the world whether we do it or we don't, because it's so attractive a form factor and function, at the price. 

We take those two elements, we put them together, and we also provide some other things which are very good for the world.  Like automatically VPNing everybody's little home network place with my laptop wherever I am, which provides me with encrypted proxies so my web searching, wherever I am, is not going to be spied on.  It means that we have a zillion computers available to the people who live in China and other places where there's bad behaviour.  So we can massively increase the availability of free browsing to other people in the world.  If we want to offer people the option to run onion routeing, that's where we'll put it, so that there will be a credible possibility that people will actually be able to get decent performance on onion routeing networks.

And we will of course provide convenient encrypted email for people - including putting their email not in a Google box, but in their house, where it is encrypted, backed up to all their friends and other stuff.  Where in the long purpose of time we can begin to return email to a condition - if not being a private mode of communication - at least not being postcards to the secret police every day.

So we would also be striking a blow for electronic civil liberties in a way that is important, which is very difficult to conceive of doing in a non-technical way.

GM:  How will you organise and finance such a project, and who will undertake it?

EM:  Do we need money? Yeah, but tiny amounts.  Do we need organisation? Yes, but it could be self-organisation.  Am I going to talk about this at DEF CON this summer, at Columbia University? Yes.  Could Mr Shuttleworth do it if he wanted to? Yes.  It's not going to be done with clicking heels together, it's going to be done the way we do stuff: somebody's going begin by reeling off a Debian stack or Ubuntu stack or, for all I know, some other stack, and beginning to write some configuration code and some glue and a bunch of Python to hold it all together. From a quasi-capitalist point of view I don't think this is an unmarketable product.  In fact, this is the flagship product, and we ought to all put just a little pro bono time into it until it's done.

GM:  How are you going to overcome the massive network effects that make it hard to persuade people to swap to a new service?

EM:  This is why the continual determination to provide social networking interoperability is so important. 

For the moment, my guess is that while we go about this job, it's going to remain quite obscure for quite a while.  People will discover that they are being given social network portability.  [The social network companies] undermine their own network effect because everybody wants to get ahead of Mr Zuckerberg before his IPO.  And as they do that they will be helping us, because they will be making it easier and easier to do what our box has to do, which is to come online for you, and go and collect all your data and keep all your friends, and do everything that they should have done.

So part of how we're going to get people to use it and undermine the network effect, is that way.  Part of it is, it's cool; part of it is, there are people who want no spying inside; part of it is, there are people who want to do something about the Great Firewall of China but don't know how.  In other words, my guess is that it's going to move in niches just as some other things do.

GM:  With mobile taking off in developing countries, might it not be better to look at handsets to provide these services?

EM:  In the long run there are two places where we can conceivably put your identity: one is where you live, and the other is in your pocket.  And a stack that doesn't deal with both of those is probably not a fully adequate stack.

The thing I want to say directed to your point “why don't we put our identity server in our cellphone?”, is that our cellphones are very vulnerable.  In most parts of the world, you stop a guy on the street, you arrest him on a trumped-up charge of any kind, you get him back to the station house, you clone his phone, you hand it back to him, you've owned him.

When we fully commoditise that [mobile] technology, then we can begin to do the reverse of what the network operators are doing.  The network operators around the world are basically trying to eat the Internet, and excrete proprietary networking.  The network operators have to play the reverse if telephony technology becomes free.  We can eat proprietary networks and excrete the public Internet.  And if we do that then the power game begins to be more interesting.

26 January 2014

"The H Open" is Closed and Offline; Here's What I Aim to Do...

Long-time readers of this blog may recall that for some years I wrote for the UK Heise title "The H Open".  Sadly, that closed last year; even more sadly, Heise seems to have taken its archive off line.  That raises all sorts of interesting questions about the preservation of digital knowledge, and the responsibility of publishers to keep titles that they have closed publicly accessible - not least to minimise link-rot.

However, here I want to concentrate on the question of what I, personally, can do about this.  After all, however minor my columns for The H Open were, they none the less form a part of the free software world's history, however footling.  Of course, I have back-up copies of all of my work, so the obvious thing to do is to post them here.  I can do that, because I never surrendered the copyright, and they therefore remain mine to do with as I please.

There are quite a few of them - nearly one hundred - so I have decided to begin with two of the most popular pieces that I published in The H Open: an interview with Linus from the end of my output, and an interview with Eben Moglen from the beginning.  I will then try to work my way through the other columns as and when I have time.  Don't hold your breath....


31 March 2013

Apple's Patent For Creating A Leak-Proof Data Pipe, And Why It's Doomed To Fail

In 2001, I published a history of free software, called "Rebel Code: Inside Linux and the Open Source Revolution." One of the people I interviewed for the book was Eben Moglen, for many years the General Counsel for the Free Software Foundation, and one of the main architects of the later versions of the GNU General Public License. He had the following interesting thoughts on the delivery of digital media: 

On Techdirt.

10 June 2012

'Hack The Real World And Share The Results'

Eben Moglen has been battling to defend key digital rights for the last two decades. A lawyer by training, he helped Phil Zimmerman fight off the US government's attack on the use of the Pretty Good Privacy encryption program in the early 1990s, in what became known as the Crypto Wars. That brought him to the attention of Richard Stallman, founder of the GNU project, and together they produced version 3 of the GNU GPL, finally released after 12 years' work in 2006. 

On Techdirt.

07 October 2010

Back to the Future Again: 2020 FLOSS 3.0

Yesterday I wrote about my experiences last week at the Open World Forum. As I noted, the two-day event closed with the presentation of the latest edition of the 2020 FLOSS Roadmap. Even though I'd not been to the Open World Forum before, I have written about the two previous versions of the Roadmap (still available.)

On Open Enterprise blog.

06 May 2010

Diaspora: Freedom in the Cloud?

One of the key thinkers in the free software world is Eben Moglen. He's been the legal brains behind the most recent iterations of the GNU GPL, but more than that, he's somebody who has consistently been able to pinpoint and articulate the key issues facing free software for two decades. Recently, he did it again, noting that cloud computing is a huge threat to freedom.

On Open Enterprise blog.

16 April 2010

Darkness Visible: Making Patent Absurdity Patent

Regular readers of this blog may have noticed that I write a lot about software patents. The reason is simple: they represent probably the greatest single threat to free software, far beyond that of any individual company. If software patents are invoked more widely, or – even worse – unequivocally accepted in Europe, then free software will be in serious trouble (so will traditional software, but at least the companies involved will be able to pay for lawyers, unlike most free software projects.) This makes fighting software patents one of the key tasks for the free software community.

On Open Enterprise blog.

18 March 2010

Eben Moglen - Freedom vs. The Cloud Log

Free software has won: practically all of the biggest and most exciting Web companies like Google, Facebook and Twitter run on it. But it is also in danger of losing, because those same services now represent a huge threat to our freedom as a result of the vast stores of information they hold about us, and the in-depth surveillance that implies.

Eben Moglen - Prof. of Law at Columbia and former General Counsel for the FSF. Vergrößern Better than almost anyone, Eben Moglen knows what's at stake. He was General Counsel of the Free Software Foundation for 13 years, and helped draft several versions of the GNU GPL. As well as being Professor of Law at Columbia Law School, he is the Founding Director of the Software Freedom Law Center. And he has an ambitious plan to save us from those seductive but freedom-threatening Web service companies. He explained to Glyn Moody what the problem is, and how we can fix it.

On The H Open.

12 December 2008

GPL Violations: Is Cisco the Big One?

Many sceptics were convinced that as free software spread out beyond hackers into the general computing sector the rigorous GNU GPL licence would gradually be replaced by more accommodating – meaning weaker – forms, since it was “obvious” that its unbending rules were too strict for widespread use. In fact, the GPL has grown in importance, until today it is probably fair to say that it underpins most of the free software world, including enterprise applications. This makes any violation of its terms particularly worrying, because if left unchallenged, it threatens to undermine the entire ecosystem.

On Linux Journal.

17 November 2008

Gartner's FUD

Good news:

New research has highlighted quite how pervasive open source software (OSS) has become, with 85 per cent of companies currently using OSS and the remaining 15 per cent expecting to in the next 12 months.

The findings come from a Gartner survey in May and June 2008, which covered 274 end-user organisations in Asia/Pacific, Europe and North America, and raise a series of management issues for businesses.

But wait, trust Gartner to find a cloud in every silver lining for open source....

On Open Enterprise blog.

14 February 2008

Code is Law is Code

Code and law have been inextricably mixed ever since Richard Stallman drew up the first GNU GPL. Indeed, in many ways, the logical processes for crafting both are similar - which is probably handy. Nonetheless, law does present special problems that hackers need to be aware of.

To provide some help, the Software Freedom Law Center has just put together a useful legal issues primer for open source and free software projects:

This Primer provides a baseline of knowledge about those areas of the law, intending to support productive conversations between clients and lawyers about specific legal needs. We aim to improve the conversation between lawyer and client, but not to make it unnecessary, because law, like most things in life, very rarely has clear cut answers. Solutions for legal problems must be crafted in light of the particulars of each client’s situation. What is best for one client in one situation, may very well not be best for another client in the same situation, or even the same client in the same situation at a later date or in a different place. Law cannot yield attainable certainty because it is dynamic, inconsistent, and incapable of mastery by pure rote memorization. This is why we do not provide forms or other tools for “do it yourself” lawyering, which are almost always insufficient and, in fact, can be very harmful to a project’s interests.

The specific topics addressed herein are:

1. copyrights and licensing,
2. organizational structure,
3. patents, and
4. trademarks.

They are presented in this order because that most closely aligns with the life-cycle of the legal needs of a typical FOSS project. When code is written, copyrights immediately come into being. The terms under which the owner of those copyrights allows others to copy, modify and distribute the code determine whether it is considered “free” and/or “open source.” Once a project gains speed, many benefits can be achieved by the creation of an organizational entity for the project that is separate from the project’s individual developers. After successful public release of a project, patent and trademark issues may arise that need attention.

03 December 2007

Eben on Software Ecology

Eben Moglen is probably the most fluent and engaging speaker it has ever been my privilege to interview; proof of his enduring appeal can be found in the fact that I don't get tired reading yet more interviews with him, like this one, which includes the following suggestive passage:

One of the things that everybody now understands is that you can treat software as a renewable, natural resource. You can treat software like forest products or fish in the sea. If you build community, if you make broadly accessible the ability to create, then you can use your limited resources not on the creation or maintenance of anything, but on the editing of that which is already created elsewhere. We package them for your advantage, things you didn't have to make because you were given them by the bounty of nature.

And this one, too:

If you've become dependent on a commons, for whatever role in your business, then what you need is commons management. You don't strip mine the forest, you don't fish every fish out of the sea. And, in particular, you become interested in conservation and equality. You want the fish to remain in the sea and you don't want anybody else overfishing. So you get interested in how the fisheries are protected. What I do is to train forest rangers ... to work in a forest that some people love because it's free and other people love because it produces great trees cheaply. But both sides want the forest to exist pristine and undesecrated by greedy behavior by anybody else. Nobody wants to see the thing burn down for one group's profit. Everybody needs it. So whether you are IBM, which has one strategy about the commoditization of software, or you're Hewlett-Packard, which has another, whatever your particular relationship to that reality is, everybody's beginning to get it. In the 21st century economy, it isn't factories and it isn't people that make things -- it's communities.

The beauty of all this analysis is that the ideas flow both ways: if free software is a commons like the forests or the seas, then it follows that the forest and the seas share many characteristics of free software. Which is why you read about them all the time on this blog. (Via Linux Today.)

24 September 2007

All 's Well That Ends Well

So Eben didn't get his lawsuit yet - but he does get another victory:

Monsoon Multimedia today announced efforts to fully comply with the GNU General Public License (GPL). Monsoon is in settlement negotiations with BusyBox to resolve the matter and intends to fully comply with all open-source software license requirements. Monsoon will make modified BusyBox source code publicly available on the company web-site at http://www.myhava.com in the coming weeks.

21 September 2007

Eben Gets Busy Over BusyBox

One of the things that Eben Moglen has impressed on me when I've talked to him was that he - and Richard Stallman - have always preferred to negotiate settlements in cases of alleged breaches of the GNU GPL, rather than to rush to litigation. Hitherto, that's always worked, in the US at least. So it's extremely significant that Moglen's SFLC has decided to change tactics:

The Software Freedom Law Center (SFLC) today announced that it has filed the first ever U.S. copyright infringement lawsuit based on a violation of the GNU General Public License (GPL) on behalf of its clients, two principal developers of BusyBox, against Monsoon Multimedia, Inc. BusyBox is a lightweight set of standard Unix utilities commonly used in embedded systems and is open source software licensed under GPL version 2.

One of the conditions of the GPL is that re-distributors of BusyBox are required to ensure that each downstream recipient is provided access to the source code of the program. On the company's own Web site, Monsoon Multimedia has publicly acknowledged that its products and firmware contain BusyBox. However, it has not provided any recipients with access to the underlying source code, as is required by the GPL.

Clearly something big is afoot, here. Perhaps Moglen thinks the time has come to establish the legal solidity of the GNU GPL once and for all, and that this is the case to do it with. It will certainly be fascinating to see how this plays out.

31 August 2007

The Other Free Software Lawyer

There seems to be some magic about free software: whenever a certain class of (intelligent) lawyer comes into contact with it, it redeems them, and turns them into enlightened benefactors. Eben Moglen is the paradigmatic case, but here's another: Mark Radcliffe. You don't have to take my word - this is what Matt has to say:

If it has to do with open source and it affects your rights therein, Mark was probably at the fulcrum.

26 July 2007

Another One Bites the Dust - Nicely

Here's double good news:

SugarCRM Inc., the world’s leading provider of commercial open source customer relationship management (CRM) software, today announced the upcoming release of Sugar Community Edition 5.0 will be licensed under the new Version 3 of the GNU General Public License (GPL). The GPL is the most widely used free and open source (FOSS) license in the market.


Double because it sees yet another major open source enterprise stack company adopt the GNU GPL, and because it's gone straight to version 3, with no ifs and buts, which will only strengthen that licence's position. Interesting, too, Eben Moglen's quoted comments:

"We believe that sharing knowledge is good. We encourage other important free and open source software projects to take this step and join us in making better software."

25 July 2007

When Eben Met Tim

I've always felt rather ambivalent about Tim O'Reilly. On the one hand, he is undoubtedly a very shrewd reader of markets, and has undoubtedly contributed hugely to the rise of the open source movement. On the other, he always seems to take what might be called an extreme pragmatist position, where questions of making plenty of dosh always seem to be lurking in the background (and sometimes in the foreground).

I'm glad to see it's not only me:

At the O'Reilly Open Source Convention today, Software Freedom Law Center director Eben Moglen threw down the gauntlet to O'Reilly founder and CEO Tim O'Reilly. Saying that O'Reilly had spent 10 years making money and building the O'Reilly name, Moglen invited O'Reilly to stop being "frivolous" and to join the conversation about software freedom.

So it's really a matter of whether your on Eben's side, or Tim's side....