Freedom Box is the name we give to a free software system built to keep your communications free and private whether chatting with friends or protesting in the street. Freedom Box software is particularly tailored to run in “plug servers,” which are compact computers that are no larger than the power adapters for electronic appliances. Located in people’s homes or offices such inexpensive servers can provide privacy in normal life, and safe communications for people seeking to preserve their freedom in oppressive regimes.
Why Freedom Box?
Because social networking and digital communications technologies are now critical to people fighting to make freedom in their societies or simply trying to preserve their privacy where the Web and other parts of the Net are intensively surveilled by profit-seekers and government agencies. Yet, instead of technology supporting these new modes of communications, smartphones, mobile tablets, and other common forms of consumer electronics are being built as “platforms” to control their users and monitor their activity. Freedom Box exists to provide people with privacy-respecting technology alternatives that enable normal communication in normal times, and that offer ways to collaborate safely and securely with others in building social networks of protest, demonstration, and mobilization for political change in the not-so-normal times. Imagine if your next wireless router, or settop box, or other small computing device came with extra features. It knew how to securely contact your friends and business associates, it stored your personal data, securely backing it up and generally maintaining your presence in the various networks you have come to rely on for communicating with people in society. Such a box would not only make your participation in network communication easier in your daily life, increasing your privacy and the security of computers in your life, it would have many unique advantages during times of crisis.
Such a box could help in disasters by creating a mesh network with your neighbors to replace the centralized internet connections that go out with the lights or are cut by hostile governments. Such a box would make it harder for governments and invasive corporate interests to reach your data and casually profile you for their own uses. Such a box would also let you lend aid to friends in need by sharing your unfettered internet access with those trapped behind government firewalls that prevent them from learning about the world or speaking plainly to it. Such boxes exist in the form of plug computers and mesh routers, tiny, inexpensive machines that can take the place of other electronics in your life, that draw so little power (often as little as 5W) that they can be run off of batteries or solar panels. We even have free software, software meant to empower and support individuals, to do all of the things mentioned above.
What we need is the glue to hold all of that together, the architecture of which pieces stack together in which way to turn a collection of possibilities into an appliance so easy to use that you forget you even have one, at least until that moment when you really need it. The FreedomBox Foundation was built to put this all together. It was started by community leaders with long track leaders and lives as a community project. But the past few months have shown us all that there are millions of people around the world who need such a device now and we need to pick up the pace and get them made so that next time, our friends have some help. That is why we are asking for your help.
In Need of Community Angels
There are many people out there, in many different communities, who feel the same way we do about profiling, internet kill switches, and the need to give people greater independence in their network communications, but turning all that interest and the offers of help into a real software suite is going to take coordination, organization, and bringing people together in focused groups to get this system built. That is why the FreedomBox Foundation was created, but it requires real work and a real demonstration of community size and support to keep everything moving. If we can meet our funding goal now, we can start doing that work full time, build road maps for the core components, and put together a series of conferences/hack days to pull the community together. The Freedom Box is a community based endeavor from the ground up. That includes everything from architecture and engineering through to administration and funding. It’s the reason why we’re seeking the first round of investment from our own community. We want it to be clear that this project begins and remains in the hands of the people who give it life at every stage and in every part of the project. Almost all the software we need to make this work is already out there in the free software world, but if we are going to pull it all together, first we need to get up to speed. Please join us and help keep the momentum going from 0 to 60!
When will we get the software?
The release timeline for this software depends a good deal on how much support we can gather this month, which is why we are reaching out now. If we can reach our goal, we hope to release a first version of the software six months later. This is our best working etimate but we will know a lot more in the next 30 days and will continue to update everyone here and on the Foundation’s website. If you are pledging enough for any of the software rewards ($50 and up), know that we hope to have everything shipped out within in week of the 0.1 release, if not on the release day itself, and please keep your eye here and on the Foundation site for updates.
A plug server or other digital appliance in your home running the Freedom Box software can provide many services to you and your friends, automatically and securely. The following is a short list of the services we think are important:
- Safe social networking, in which, without losing touch with any of your friends, you replace Facebook, Flickr, Twitter and other centralized services with privacy-respecting federated services;
- Secure backup: Your data automatically stored in encrypted format on the Freedom Boxes of your friends or associates, thus protecting your personal data against seizure or loss;
- Network neutrality protection: If your ISP starts limiting or interfering with your access to services in the Net, your Freedom Box can communicate with your friends to detect and route traffic around the limitations. Network censorship is automatically routed around, for your friends in societies with oppressive national firewalls, or for you;
- Safe anonymous publication: Friends or associates outside zones of network censorship can automatically forward information from people within them, enabling safe, anonymous publication;
- Home network security, with real protection against intrusion and the security threats aimed at Microsoft Windows or other risky computers your network;
- Encrypted email, with seamless encryption and decryption;
- Private voice communications: Freedom Box users can make voice-over-Internet phone calls to one another or to any phone. Calls between Freedom Box users will be encrypted securely;
Freedom Boxes can do anything that computers running the Debian GNU/Linux free operating system can do, which means they have full access to thousands of applications packages. Freedom Boxes are Debian server systems specially configured to provide users with privacy-protection and safe communications services. Freedom Boxes will become more capable with time, because they can upgrade themselves safely and securely using well-tested and stable automatic upgrade mechanisms already deployed in hundreds of thousands of Debian and Debian-descended installations around the world.
POWER CONSUMPTION ONE WATT
Freeing the Internet one Server at a time
by Steven J. Vaughan-Nichols / February 16, 2011
Free software isn’t about free services or beer, it’s about intellectual freedom. As recent episodes such as censorship in China, the Egyptian government turning off the Internet, andFacebook’s constant spying, have shown, freedom and privacy on the Internet are under constant assault. Now Eben Moglen, law professor at Columbia University and renowned free software legal expert, has proposed a way to combine free software with the original peer-to-peer (P2P) design of the Internet to liberate users from the control of governments and big brother-like companies: Freedom Box.
In a recent Freedom in the Clouds speech in NYC, Moglen explained what he sees as the Internet’s current problems and his proposed solution. First, here’s the trouble with the Internet today as Moglen sees it:
[6:13] “It begins of course with the Internet. Designed as a network of peers without any intrinsic need for hierarchical or structural control and assuming that every switch in the net is an independent free standing entity who’s volition is equivalent to the human beings who control it … But it never really worked out that way.”
The Software Problem [7:18]: “It was a simple software problem and it has a simple three syllable name. Its name was ‘Microsoft’. Conceptually there was a network which was designed as a system of peer nodes, but the operating software … that came to occupy the network over the course of a decade-and-a-half was built around a very clear idea that had nothing to do with peers. It was called ’server/client architecture’.”
The Great Idea Behind Windows [9:22]: “It was the great idea of Windows, in an odd way, to create a political archetype in the net that reduced the human being to the client, and created a big centralized computer, which we might refer to as the server, that provided things to the human being on ‘take or it leave it’ terms. And unfortunately everyone took it because they didn’t know how to leave once they got in. Now, the net was made up of servers in the center and clients at the edge. Clients had quite a little power and servers had quite a lot … As storage gets cheaper, as processing gets cheaper, as complex services that scale in ways that are hard to use small computers for … the hierarchical nature of net came to seem like it was meant to be there.”
Logs [10:44]: “One more thing happened about that time … Servers began to keep logs. That’s good decision … But if you have a system which centralizes servers, and the servers centralize their logs, then you are creating vast repositories of hierarchically organized data about people at the edges of the network that they do not control, and unless they are experienced in the operation of servers, will not understand the comprehensiveness of [server-collected user data.].”
The Recipe for Disaster [12:01]: “So we built a network out of a communications architecture designed for peering, which we defined in client server style, which we then defined to be the dis-empowered client at the edge and the server in the middle. We aggregated processing and storage increasingly in the middle and we kept the logs — that is information about the flows of information in the net — in centralized places far from the human beings who controlled or at any rate thought they controlled
This ended up creating “an architecture that was very subject to misuse, indeed it was begging to be misused. Now we are getting the misuse we set up…There are a lot of reasons for making clients dis-empowered … There are many overlapping rights owners, as they see themselves, each of whom has a stake in dis-empowering a client at the edge of the network. To prevent particular hardware from being moved from one network to another, to prevent particular hardware from playing music not bought at the monopoly of music in the sky.”
In particular, Moglen has no love at all for Facebook. “The human race has susceptibility to harm but Mr. Zuckerberg has attained an unenviable record. He has done more harm to the human race than anybody else his age. Because he harnessed Friday night, that is, ‘Everybody needs to get laid,’ and turned into a structure for degenerating the integrity of human personality and he has to remarkable extent succeeded with a very poor deal, namely ‘I will give you free web-hosting and some PHP doodads and you get spying for free all the time.’ And it works.
How could that have happened? There was no architectural reason. Facebook is the web with, ‘I keep all the logs, how do you feel about that?’ It’s a terrarium for what it feels like to live in a Panopticon built out of web parts. And it shouldn’t be allowed. That’s a very poor way to deliver those services. They are grossly overpriced at ’spying all the time’, they are not technically innovative. They depend on an architecture subject to misuse and the business model that supports them is misuse. There isn’t any other business model for them. This is bad. I’m not suggesting it should be illegal. It should be obsolete. We’re technologists we should fix it.”
So, what’s the solution to this client/server architecture and all the abuses against freedom and privacy it enables? Moglen turns to inexpensive server hardware. He told the New York Times that “cheap, small, low-power plug servers,” are the start. These are small devices “the size of a cellphone charger, running on a low-power chip. You plug it into the wall and forget about it.” Almost anyone could have one of these tiny servers, which are now produced for limited purposes but could be adapted to a full range of Internet applications, he said. “They will get very cheap, very quick,” he continued, “They’re $99; they will go to $69. Once everyone is getting them, they will cost $29.”
The point of these Freedom servers is to address the privacy and control issues of “social networking and digital communications technologies, [which] are now critical to people fighting to make freedom in their societies or simply trying to preserve their privacy where the Web and other parts of the Net are intensively surveilled by profit-seekers and government agencies.” This needs to be done “Because smartphones, mobile tablets, and other common forms of consumer electronics are being built as ‘platforms’ to control their users and monitor their activity.”
What runs on these plug servers is where Linux and open-source software comes in. The one firm software decision that’s been made so far is that the base operating system will be the latest release of Debian Linux This version of Debian is the one that, for better or worse, contains no proprietary hardware drivers or software.
You say you want a revolution?
by Dan Goodin / 17th February 2011
Concerned about Facebook, Google, and other companies that make billions brokering sensitive information, free-software champion Eben Moglen has unveiled a plan to populate the internet with tiny, low-cost boxes that are designed to preserve individuals’ personal privacy. The Freedom Box, as the chairman of the Software Freedom Law Center has christened it, would be no bigger than power adapters for electronic appliances. The inexpensive devices would be deployed in a peer-to-peer fashion in homes and offices to process email, voice-over-IP communications, and the sharing of pictures, among other things. The decentralized structure of the devices is in stark contrast to today’s biggest internet providers, which offer the same services in exchange for users turning over some of their most trusted secrets. Public enemy No. 1 is Facebook founder Mark Zuckerberg, who in Moglen’s eyes, “has done more harm to the human race than anybody else his age.”
“He has to remarkable extent succeeded with a very poor deal, namely ‘I will give you free web-hosting and some PHP doodads and you get spying for free all the time,’” Moglen said during a meeting last year of the Internet Society’s New York branch. “And it works.” As Moglen envisions them, Freedom Boxes would be used to perform a wealth of services that most of the world has been brainwashed into believing are better performed in the cloud. Secure backups that automatically store data in encrypted form would be performed on the Freedom Boxes of our friends, just as their encrypted data would be stored on ours. The boxes would also be used to send and receive encrypted email, VoIP calls, and to act as a safer alternative to social-networking sites such as Facebook and LinkedIn. The guts of the boxes would be the Debian distribution of Linux, along with countless free applications that would presumably be developed under the same model as most of today’s open source software.
The Freedom Box website gives no timeline for delivery, but Moglen told The New York Times that he could build version 1.0 in one year if he could raise “slightly north of $500,000.” The cost of plug-in devices is about $99 right now, but Moglen said they’ll eventually sell for about $29. They’ll run on a low-power chip. “You plug it into the wall and forget about it,” he told the NYT.
With Facebook and Twitter getting credit for fomenting protests and revolutions in the Middle East, Moglen says the ability to connect online carries immeasurable promise. But right now, most of the organizing is taking place on centralized, for-profit websites with ethics that can easily be compromised. “As a result of which, we are watching political movements of enormous value, capable of transforming the lives of hundreds of millions of people, resting on a fragile basis, like, for example, the courage of Mr. Zuckerberg, or the willingness of Google to resist the state, where the state is a powerful business partner and a party Google cannot afford frequently to insult.”
Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing
A Speech given by Eben Moglen at a meeting of the Internet Society’s New York branch on Feb 5, 2010
It’s a pleasure to be here. I would love to think that the reason that we’re all here on a Friday night is that my speeches are so good. I actually have no idea why we’re all here on a Friday night but I’m very grateful for the invitation. I am the person who had no date tonight so it was particularly convenient that I was invited for now.
So, of course, I didn’t have any date tonight. Everybody knows that. My calendar’s on the web.
The problem is that problem. Our calendar is on the web. Our location is on the web. You have a cell phone and you have a cell phone network provider and if your cell phone network provider is Sprint then we can tell you that several million times last year, somebody who has a law enforcement ID card in his pocket somewhere went to the Sprint website and asked for the realtime location of somebody with a telephone number and was given it. Several million times. Just like that. We know that because Sprint admits that they have a website where anybody with a law enforcement ID can go and find the realtime location of anybody with a Sprint cellphone. We don’t know that about ATT and Verizon because they haven’t told us.
But that’s the only reason we don’t know, because they haven’t told us. That’s a service that you think of as a traditional service – telephony. But the deal that you get with the traditional service called telephony contains a thing you didn’t know, like spying. That’s not a service to you but it’s a service and you get it for free with your service contract for telephony. You get for free the service of advertising with your gmail which means of course there’s another service behind which is untouched by human hands, semantic analysis of your email. I still don’t understand why anybody wants that. I still don’t understand why anybody uses it but people do, including the very sophisticated and thoughtful people in this room.
And you get free email service and some storage which is worth exactly a penny and a half at the current price of storage and you get spying all the time.
And for free, too.
And your calendar is on the Web and everybody can see whether you have a date Friday night and you have a status – “looking” – and you get a service for free, of advertising “single: looking”. Spying with it for free. And it all sort of just grew up that way in a blink of an eye and here we are. What’s that got to do with open source? Well, in fact it doesn’t have anything to do with open source but it has a whole lot to do with free software. Yet, another reason why Stallman was right. It’s the freedom right?
So we need to back up a little bit and figure out where we actually are and how we actually got here and probably even more important, whether we can get out and if so, how? And it isn’t a pretty story, at all. David’s right. I can hardly begin by saying that we won given that spying comes free with everything now. But, we haven’t lost. We’ve just really bamboozled ourselves and we’re going to have to un-bamboozle ourselves really quickly or we’re going to bamboozle other innocent people who didn’t know that we were throwing away their privacy for them forever.
It begins of course with the Internet, which is why it’s really nice to be here talking to the Internet society – a society dedicated to the health, expansion, and theoretical elaboration of a peer-to-peer network called “the Internet” designed as a network of peers without any intrinsic need for hierarchical or structural control and assuming that every switch in the Net is an independent, free-standing entity whose volition is equivalent to the volition of the human beings who want to control it.
That’s the design of the NET, which, whether you’re thinking about it as glued together with IPv4 or that wonderful improvement IPv6 which we will never use apparently, still assumes peer communications.
OF course, it never really really really worked out that way. There was nothing in the technical design to prevent it. Not at any rate in the technical design interconnection of nodes and their communication. There was a software problem. It’s a simple software problem and it has a simple three syllable name. It’s name is Microsoft. Conceptually, there was a network which was designed as a system of peer nodes but the OS which occupied the network in an increasingly – I’ll use the word, they use it about us why can’t I use it back? – viral way over the course of a decade and a half. The software that came to occupy the network was built around a very clear idea that had nothing to do with peers. It was called “server client architecture”.
The idea that the network was a network of peers was hard to perceive after awhile, particularly if you were a, let us say, ordinary human being. That is, not a computer engineer, scientist, or researcher. Not a hacker, not a geek. If you were an ordinary human, it was hard to perceive that the underlying architecture of the Net was meant to be peerage because the OS software with which you interacted very strongly instantiated the idea of the server and client architecture.
In fact, of course, if you think about it, it was even worse than that. The thing called “Windows” was a degenerate version of a thing called “X Windows”. It, too, thought about the world in a server client architecture, but what we would now think of as now backwards. The server was the thing at the human being’s end. That was the basic X Windows conception of the world. it’s served communications with human beings at the end points of the Net to processes located at arbitrary places near the center in the middle, or at the edge of the NET. It was the great idea of Windows in an odd way to create a political archetype in the Net which reduced the human being to the client and produced a big, centralized computer, which we might have called a server, which now provided things to the human being on take-it-or-leave-it terms.
They were, of course, quite take-it or leave-it terms and unfortunately, everybody took it because they didn’t know how to leave once they got in. Now the Net was made of servers in the center and clients at the edge. Clients had rather little power and servers had quite a lot. As storage gets cheaper, as processing gets cheaper, and as complex services that scale in ways that are hard to use small computers for – or at any rate, these aggregated collections of small computers for – the most important of which is search. As services began to populate that net, the hierarchical nature of the Net came to seem like it was meant to be there. The Net was made of servers and clients and the clients were the guys at the edge representing humans and servers were the things in the middle with lots of power and lots of data.
Now, one more thing happened about that time. It didn’t happen in Microsoft Windows computers although it happened in Microsoft Windows servers and it happened more in sensible OSs like Unix and BSD and other ones. Namely, servers kept logs. That’s a good thing to do. Computers ought to keep logs. It’s a very wise decision when creating computer OS software to keep logs. It helps with debugging, makes efficiencies attainable, makes it possible to study the actual operations of computers in the real world. It’s a very good idea.
But if you have a system which centralizes servers and the servers centralize their logs, then you are creating vast repositories of hierarchically organized data about people at the edges of the network that they do not control and, unless they are experienced in the operation of servers, will not understand the comprehensiveness of, the meaningfulness of, will not understand the aggregatability of.
So we built a network out of a communications architecture design for peering which we defined in client-server style, which we then defined to be the dis-empowered client at the edge and the server in the middle. We aggregated processing and storage increasingly in the middle and we kept the logs – that is, info about the flows of info in the Net – in centralized places far from the human beings who controlled or thought they controlled the operation of the computers that increasingly dominated their lives. This was a recipe for disaster.
This was a recipe for disaster. Now, I haven’t mentioned yet the word “cloud” which I was dealt on the top of the deck when I received the news that I was talking here tonight about privacy and the cloud.
I haven’t mentioned the word “cloud” because the word “cloud” doesn’t really mean anything very much. In other words, the disaster we are having is not the catastrophe of the cloud. The disaster we are having is the catastrophe of the way we misunderstood the Net under the assistance of the un-free software that helped us to understand it. What “cloud” means is that servers have ceased to be made of iron. “Cloud” means virtualization of servers has occurred.
So, out here in the dusty edges of the galaxy where we live in dis-empowered clienthood, nothing very much has changed. As you walk inward towards the center of the galaxy, it gets more fuzzy than it used to. We resolve now halo where we used to see actual stars. Servers with switches and buttons you can push and such. Instead, what has happened is that iron no longer represents a single server. Iron is merely a place where servers could be. So “cloud” means servers have gained freedom, freedom to move, freedom to dance, freedom to combine and separate and re-aggregate and do all kinds of tricks. Servers have gained freedom. Clients have gained nothing. Welcome to the cloud.
It’s a minor modification of the recipe for disaster. It improves the operability for systems that control the clients out there who were meant to be peers in a Net made of equal things.
So that’s the architecture of the catastrophe. If you think about it, each step in that architectural revolution: from a network made of peers, to servers that serve the communication with humans, to clients which are programs running on heavy iron, to clients which are the computers that people actually use in a fairly dis-empowered state and servers with a high concentration of power in the Net, to servers as virtual processes running in clouds of iron at the center of an increasingly hot galaxy and the clients are out there in the dusty spiral arms.
All of those decisions architecturally were made without any discussion of the social consequences long-term, part of our general difficulty in talking about the social consequences of technology during the great period of invention of the Internet done by computer scientists who weren’t terribly interested in Sociology, Social Psychology, or, with a few shining exceptions – freedom. So we got an architecture which was very subject to misuse. Indeed, it was in a way begging to be misused and now we are getting the misuse that we set up. Because we have thinned the clients out further and further and further. In fact, we made them mobile. We put them in our pockets and we started strolling around with them.
There are a lot of reasons for making clients dis-empowered and there are even more reasons for dis-empowering the people who own the clients and who might quaintly be thought of the people who ought to control them. If you think for just a moment how many people have an interest in dis-empowering the clients that are the mobile telephones you will see what I mean. There are many overlapping rights owners as they think of themselves each of whom has a stake in dis-empowering a client at the edge of the network to prevent particular hardware from being moved from one network to another. To prevent particular hardware from playing music not bought at the great monopoly of music in the sky. To disable competing video delivery services in new chips I founded myself that won’t run popular video standards, good or bad. There are a lot of business models that are based around mucking with the control over client hardware and software at the edge to deprive the human that has quaintly thought that she purchased it from actually occupying the position that capitalism says owners are always in – that is, of total control.
In fact, what we have as I said a couple of years ago in between appearances here at another NYU function. In fact, what we have are things we call platforms. The word “platform” like the word “cloud” doesn’t inherently mean anything. It’s thrown around a lot in business talk. But, basically what platform means is places you can’t leave. Stuff you’re stuck to. Things that don’t let you off. That’s platforms. And the Net, once it became a hierarchically architected zone with servers in the center and increasingly dis-empowered clients at the edge, becomes the zone of platforms and platform making becomes the order of the day.
Some years ago a very shrewd lawyer who works in the industry said to me “Microsoft was never really a software company. Microsoft was a platform management company”. And I thought Yes, shot through the heart.
So we had a lot of platform managers in a hierarchically organized network and we began to evolve services. “Services” is a complicated word. It’s not meaningless by any means but it’s very tricky to describe it. We use it for a lot of different things. We badly need an analytical taxonomy of “services” as my friend and colleague Philippe Aigrain in Paris pointed out some 2 or 3 years ago. Taxonomies of “services” involve questions of simplicity, complexity, scale, and control.
To take an example, we might define a dichotomy between complex and simple services in which simple services are things that any computer can perform for any other computer if it wants to and complex services are things you can’t do with a computer. You must do with clusters or structures of some computational or administrative complexity. SEARCH is a complex service. Indeed, search is the archetypal complex service. Given the one way nature of links in the Web and other elements in the data architecture we are now living with (that’s another talk, another time) search is not a thing that we can easily distribute. The power in the market of our friends at Google depends entirely on the fact that search is not easily distributed. It is a complex service that must be centrally organized and centrally delivered. It must crawl the web in a unilateral direction, link by link, figuring out where everything is in order to help you find it when you need it. In order to do that, at least so far, we have not evolved good algorithmic and delivery structures for doing it in a decentralized way. So, search becomes an archetypal complex service and it draws onto itself a business model for its monetiztion.
Advertising in the 20th century was a random activity. You threw things out and hoped they worked. Advertising in the 21st century is an exquisitely precise activity. You wait for a guy to want something and then you send him advertisements about what he wants and bingo it works like magic. So of course on the underside of a complex service called search there is a theoretically simple service called advertising which, when unified to a complex service, increases its efficiency by orders of magnitude and the increase of the efficiency of the simple service when combined with the complex one produces an enormous surplus revenue flow which can be used to strengthen search even more.
But that’s the innocent part of the story and we don’t remain in the innocent part of the story for a variety of uses. I won’t be tedious on a Friday night and say it’s because the bourgeoisie is constantly engaged in destructively reinventing and improving its own activities and I won’t be moralistic on a Friday night that you can’t do that and say because sin is in-eradicable and human beings are fallen creatures and greed is one of the sins we cannot avoid committing. I will just say that as a sort of ordinary social process we don’t stop at innocent. We go on, which surely is the thing you should say on a Friday night. And so we went on.
Now, where we went on is really towards the discovery that all of this would be even better if you had all the logs of everything because once you have the logs of everything then every simple service is suddenly a goldmine waiting to happen and we blew it because the architecture of the Net put the logs in the wrong place. They put the logs where innocence would be tempted. They put the logs where the failed state of human beings implies eventually bad trouble and we got it.
The cloud means that we can’t even point in the direction of the server anymore and because we can’t even point in the direction of the server anymore we don’t have extra technical or non-technical means of reliable control over this disaster in slow motion. You can make a rule about logs or data flow or preservation or control or access or disclosure but your laws are human laws and they occupy particular territory and the server is in the cloud and that means the server is always one step ahead of any rule you make or two or three or six or poof! I just realized I’m subject to regulation, I think I’ll move to Oceana now.
Which means that in effect, we lost the ability to use either legal regulation or anything about the physical architecture of the network to interfere with the process of falling away from innocence that was now inevitable in the stage I’m talking about, what we might call late Google stage 1.
It is here, of course, that Mr. Zuckerberg enters.
The human race has susceptibility to harm but Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.
Because he harnessed Friday night. That is, everybody needs to get laid and he turned it into a structure for degenerating the integrity of human personality and he has to a remarkable extent succeeded with a very poor deal. Namely, “I will give you free web hosting and some PHP doodads and you get spying for free all the time”. And it works.
That’s the sad part, it works.
How could that have happened?
There was no architectural reason, really. There was no architectural reason really. Facebook is the Web with “I keep all the logs, how do you feel about that?” It’s a terrarium for what it feels like to live in a panopticon built out of web parts.
And it shouldn’t be allowed. It comes to that. It shouldn’t be allowed. That’s a very poor way to deliver those services. They are grossly overpriced at “spying all the time”. They are not technically innovative. They depend upon an architecture subject to misuse and the business model that supports them is misuse. There isn’t any other business model for them. This is bad.
I’m not suggesting it should be illegal. It should be obsolete. We’re technologists, we should fix it.
I’m glad I’m with you so far. When I come to how we should fix it later I hope you will still be with me because then we could get it done.
But let’s say, for now, that that’s a really good example of where we went wrong and what happened to us because. It’s trickier with gmail because of that magical untouched by human hands-iness. When I say to my students, “why do you let people read your email”, they say “but nobody is reading my email, no human being ever touched it. That would freak me out, I’d be creeped out if guys at Google were reading my email. But that’s not happening so I don’t have a problem.”
Now, this they cannot say about Facebook. Indeed, they know way too much about Facebook if they let themselves really know it. You have read the stuff and you know. Facebook workers know who’s about to have a love affair before the people do because they can see X obsessively checking the Facebook page of Y. There’s some very nice research done a couple of years ago at an MIT I shouldn’t name by students I’m not going to describe because they were a little denting to the Facebook terms of service in the course of their research. They were just scraping but the purpose of their scraping was the demonstrate that you could find closeted homosexuals on Facebook.
They don’t say anything about their sexual orientation. Their friends are out, their interests are the interests of their friends who are out. Their photos are tagged with their friends who are out and they’re out except they’re not out. They’re just out in Facebook if anybody looks, which is not what they had in mind surely and not what we had in mind for them, surely. In fact, the degree of potential information inequality and disruption and difficulty that arises from a misunderstanding, a heuristic error, in the minds of human beings about what is and what’s not discoverable about them is not our biggest privacy problem.
My students, and I suspect many of the students of teachers in this room too, show constantly in our dialog the difficulty. They still think of privacy as “the one secret I don’t want revealed” and that’s not the problem. Their problem is all the stuff that’s the cruft, the data dandruff of life, that they don’t think of as secret in any way but which aggregates to stuff that they don’t want anybody to know. Which aggregates, in fact, not just to stuff they don’t want people to know but to predictive models about them that they would be very creeped out could exist at all. The simplicity with which you can de-anonymize theoretically anonymized data, the ease with which, for multiple sources available to you through third and fourth party transactions, information you can assemble, data maps of people’s lives. The ease with which you begin constraining, with the few things you know about people, the data available to you, you can quickly infer immense amounts more.
My friend and colleague Bradly Kuhn who works at the Software Freedom Law Center is one of those archaic human beings who believes that a social security number is a private thing. And he goes to great lengths to make sure that his Social Security is not disclosed which is his right under our law, oddly enough. Though, try and get health insurance or get a safe deposit box, or in fact, operate the business at all. We bend over backwards sometimes in the operation of our business because Bradly’s Social Security number is a secret. I said to him one day “You know, it’s over now because Google knows your Social Security number”. He said “No they don’t, I never told it to anybody”. I said, “Yeah but they know the Social Security number of everybody else born in Baltimore that year. Yours is the other one”.
And as you know, that’s true. The data that we infer is the data in the holes between the data we already know if we know enough things.
So, where we live has become a place in which it would be very unwise to say about anything that it isn’t known. If you are pretty widely known in the Net and all of us for one reason or another are pretty widely known in the Net. We want to live there. It is our neighborhood. We just don’t want to live with a video camera on every tree and a mic on every bush and the data miner beneath our feet everywhere we walk and the NET is like that now. I’m not objecting to the presence of AOL newbies in Usenet news. This is not an aesthetic judgment from 1995 about how the neighborhood is now full of people who don’t share our ethnocentric techno geekery. I’m not lamenting progress of a sort of democratizing kind. On the contrary, I’m lamenting progress of a totalizing kind. I’m lamenting progress hostile to human freedom. We all know that it’s hostile to human freedom. We all understand it’s despotic possibilities because the distopias of which it is fertile were the stuff of the science fiction that we read when we were children. The Cold War was fertile in the fantastic invention of where we live now and it’s hard for us to accept that but it’s true. Fortunately, of course, it’s not owned by the government. Well, it is. It’s fortunate. It’s true. It’s fortunate that it’s owned by people that you can bribe to get the thing no matter who you are. If you’re the government you have easy ways of doing it. You fill out a subpoena blank and you mail it.
I spent two hours yesterday with a law school class explaining in detail why the 4th Amendment doesn’t exist anymore because that’s Thursday night and who would do that on a Friday night? But the 4th Amendment doesn’t exist anymore. I’ll put the audio on the Net and the FBI and you can listen to it anytime you want.
We have to fess up if we’re the people who care about freedom, it’s late in the game and we’re behind. We did a lot of good stuff and we have a lot of tools lying around that we built over the last 25 years. I helped people build those tools. I helped people keep those tools safe, I helped people prevent the monopoly from putting all those tools in its bag and walking off with them and I’m glad the tools are around but we do have to admit that we have not used them to protect freedom because freedom is decaying and that’s what David meant in his very kind introduction.
In fact, people who are investing in the new enterprises of unfreedom are also the people you will hear if you hang out in Silicon Valley these days that open source has become irrelevant. What’s their logic? Their logic is that software as a service is becoming the way of the world. Since nobody ever gets any software anymore, the licenses that say “if you give people software you have to give them freedom” don’t matter because you’re not giving anybody software. You’re only giving them services.
Well, that’s right. Open source doesn’t matter anymore. Free software matters a lot because of course, free software is open source software with freedom. Stallman was right. It’s the freedom that matters. The rest of it is just source code. Freedom still matters and what we need to do is to make free software matter to the problem that we have which is unfree services delivered in unfree ways really beginning to deteriorate the structure of human freedom.
Like a lot of unfreedom, the real underlying social process that forces this unfreedom along is nothing more than perceived convenience.
All sorts of freedom goes over perceived convenience. You know this. You’ve stopped paying for things with cash. You use a card that you can wave at an RFID reader.
Convenience is said to dictate that you need free web hosting and PHP doodads in return for spying all the time because web servers are so terrible to run. Who could run a web server of his own and keep the logs? It would be brutal. Well, it would if it were IIS. It was self-fulfilling, it was intended to be. It was designed to say “you’re a client, I’m a server. I invented Windows 7, It was my idea. I’ll keep the logs thank you very much.” That was the industry. We built another industry. It’s in here. But it’s not in. Well, yeah it is kind of in here. So where isn’t it? Well it’s not in the personal web server I don’t have that would prevent me from falling…well, why don’t we do something about that.
What do we need? We need a really good webserver you can put in your pocket and plug in any place. In other words, it shouldn’t be any larger than the charger for your cell phone and you should be able to plug it in to any power jack in the world and any wire near it or sync it up to any wifi router that happens to be in its neighborhood. It should have a couple of USB ports that attach it to things. It should know how to bring itself up. It should know how to start its web server, how to collect all your stuff out of the social networking places where you’ve got it. It should know how to send an encrypted backup of everything to your friends’ servers. It should know how to microblog. It should know how to make some noise that’s like tweet but not going to infringe anybody’s trademark. In other words, it should know how to be you …oh excuse me I need to use a dangerous word – avatar – in a free net that works for you and keeps the logs. You can always tell what’s happening in your server and if anybody wants to know what’s happening in your server they can get a search warrant.
And if you feel like moving your server to Oceana or Sealand or New Zealand or the North Pole, well buy a plane ticket and put it in your pocket. Take it there. Leave it behind. Now there’s a little more we need to do. It’s all trivial. We need some dynamic DNS and all stuff we’ve already invented. It’s all there, nobody needs anything special. Do we have the server you can put in your pocket? Indeed, we do. Off the shelf hardware now. Beautiful little wall warts made with ARM chips. Exactly what I specked for you. Plug them in, wire them up. How’s the software stack in there? Gee, I don’t know it’s any software stack you want to put in there.
In fact, they’ll send it to you with somebody’s top of the charts current distro in it, you just have to name which one you want. Which one do you want? Well you ought to want the Debian Gnu Linux social networking stack delivered to you free, free as in freedom I mean. Which does all the things I name – brings itself up, runs it’s little Apache or lighttpd or it’s tiny httpd, does all the things we need it to do – syncs up, gets your social network data from the places, slurps it down, does your backup searches, finds your friends, registers your dynamic DNS. All is trivial. All this is stuff we’ve got. We need to put this together. I’m not talking about a thing that’s hard for us. We need to make a free software distribution device. How many of those do we do?
We need to give a bunch to all our friends and we need to say, here fool around with this and make it better. We need to do the one thing we are really really really good at because all the rest of it is done, in the bag, cheap ready. Those wall wart servers are $99 now going to $79 when they’re five million of them they’ll be $29.99.
Then we go to people and we say $29.99 once for a lifetime, great social networking, updates automatically, software so strong you couldn’t knock it over it you kicked it, used in hundreds of millions of servers all over the planet doing a wonderful job. You know what? You get “no spying” for free. They want to know what’s going on in there? Let them get a search warrant for your home, your castle, the place where the 4th Amendment still sort of exists every other Tuesday or Thursday when the Supreme Court isn’t in session. We can do that. We can do that. That requires us to do only the stuff we’re really really good at. The rest of it we get for free. Mr. Zuckerberg? Not so much.
Because of course, when there is a competitor to “all spying all the time whether you like it or not”, the competition is going to do real well. Don’t expect Google to be the competitor. That’s our platform. What we need is to make a thing that’s so greasy there will never be a social network platform again. Can we do it? Yeah, absolutely. In fact, if you don’t have a date on Friday night, let’s just have a hackfest and get it done. It’s well within our reach.
We’re going to do it before the Facebook IPO? Or are we going to wait till after? Really? Honestly? Seriously. The problem that the law has very often in the world where we live and practice and work, the problem that the law has very often, the problem that technology can solve. And the problem that technology can solve is the place where we go to the law. That’s the free software movement. There’s software hacking over here and there’s legal hacking over there and you put them both together and the whole is bigger than the sum of the parts. So, it’s not like we have to live in the catastrophe. We don’t have to live in the catastrophe. It’s not like what we have to do to begin to reverse the catastrophe is hard for us. We need to re-architect services in the Net. We need to re-distribute services back towards the edge. We need to de-virtualize the servers where your life is stored and we need to restore some autonomy to you as the owner of the server.
The measures for taking those steps are technical. As usual, the box builders are ahead of us. The hardware isn’t the constraint. As usual, nowadays, the software isn’t really that deep a constraint either because we’ve made so much wonderful software which is in fact being used by all the guys on the bad architecture. They don’t want to do without our stuff. The bad architecture is enabled, powered by us. The re-architecture is too. And we have our usual magic benefit. If we had one copy of what I’m talking about, we’d have all the copies we need. We have no manufacturing or transport or logistics constraint. If we do the job, it’s done. We scale.
This is technical challenge for social reason. It’s a frontier for technical people to explore. There is enormous social pay-off for exploring it.
The payoff is plain because the harm being ameliorated is current and people you know are suffering from it. Everything we know about why we make free software says that’s when we come into our own. It’s a technical challenge incrementally attainable by extension from where we already are that makes the lives of the people around us and whom we care about immediately better. I have never in 25 years of doing this work, I have never seen us fail to rise to a challenge that could be defined in those terms. So I don’t think we’re going to fail this one either.
Mr. Zuckerberg richly deserves bankruptcy.
Let’s give it to him. For Free.
And I promise, and you should promise too, not to spy on the bankruptcy proceeding. It’s not any of our business. It’s private.
This is actually a story potentially happy. It is a story potentially happy and if we do it then we will have quelled one more rumor about the irrelevance of us and everybody in the Valley will have to go find another buzz word and all the guys who think that Sandhill Road is going to rise into new power and glory by spying on everybody and monetizing it will have to find another line of work too, all of which is purely on the side of the angels. Purely on the side of the angels.
We will not be rid of all our problems by any means, but just moving the logs from them to you is the single biggest step that we can take in resolving a whole range of social problems that I feel badly about what remains of my American constitution and that I would feel badly about if I were watching the failure of European data protection law from inside instead of outside and that I would feel kind of hopeful about if I were, oh say, a friend of mine in China. Because you know of course we really ought to put a VPN in that wall wart.
And probably we ought to put a Tor router in there.
And of course, we’ve got bittorrent, and by the time you get done with all of that, we have a freedom box. We have a box that not merely climbs us out of the hole we’re in, we have a box that actually puts a ladder up for people who are deeper in the hole than we are, which is another thing we love to do.
I do believe the US State Department will go slanging away at the Chinese communist party for a year or two about internet freedom and I believe the Chinese communist party is going to go slanging back and what they’re going to say is “You think you’ve got real good privacy and autonomy in the internet voyear in your neighborhood?” And every time they do that now as they have been doing that in the last 2 weeks, I would say ouch if I was Hilary Clinton and I knew anything about it because we don’t. Because we don’t. It’s true. We have a capitalist kind and they have a centralist vanguard of the party sort of Marxist kind or maybe Marxist or maybe just totalitarian kind but we’re not going to win the freedom of the net discussion carrying Facebook on our backs. We’re not.
But you screw those wall wart servers around pretty thickly in American society and start taking back the logs and you want to know who I talked to on a Friday night? Get a search warrant and stop reading my email. By the way there’s my GPG key in there and now we really are encrypting for a change and so on and so on and so on and it begins to look like something we might really want to go on a national crusade about. We really are making freedom here for other people too. For people who live in places where the web don’t work.
So there’s not a challenge we don’t want to rise to. It’s one we want to rise to plenty. In fact, we’re in a happy state in which all the benefits we can get are way bigger than the technical intricacy of doing what needs to be done, which isn’t much.
That’s where we came from. We came from our technology was more free than we understood and we gave away a bunch of the freedom before we really knew it was gone. We came from unfree software had bad social consequences further down the road than even the freedom agitators knew. We came from unfreedom’s metaphors tend to produce bad technology.
In other words, we came from the stuff that our movement was designed to confront from the beginning but we came from there. And we’re still living with the consequences of we didn’t do it quite right the first time, though we caught up thanks to Richard Stallman and moving on.
Where we live now is no place we’re going to have to see our grandchildren live. Where we live now is no place we would like to conduct guided tours of. I used to say to my students how many video cameras are there between where you live and the Law school? Count them. I now say to my students how many video cameras are there between the front door to the law school and this classroom? Count them.
I now say to my students “can you find a place where there are no video cameras?” Now, what happened in that process was that we created immense cognitive auxiliaries for the state – enormous engines of listening. You know how it is if you live in an American university thanks to the movie and music companies which keep reminding you of living in the midst of an enormous surveillance network. We’re surrounded by stuff listening to and watching us. We’re surrounded by mine-able data.
Not all of that’s going to go away because we took Facebook and split it up and carried away our little shards of it. It’s not going to go away cause we won’t take free webhosting with spying inside anymore. We’ll have other work to do. And some of that work is lawyers work. I will admit that. Some of that work is law drafting and litigating and making trouble and doing lawyer stuff. That’s fine. I’m ready.
My friends an I will do the lawyers part. It would be way simpler to do the lawyer’s work if we were living in a society which had come to understand it’s privacy better. It would be way simpler to do the lawyer’s work if young people realize that when they grow up and start voting or start voting now that they’re grown up, this is an issue. That they need to get the rest of it done the way we fixed the big stuff when we were kids. We’ll have a much easier time with the enormous confusions of international interlocking of regimes when we have deteriorated the immense force of American capitalism forcing us to be less free and more surveilled for other people’s profit all the time. It isn’t that this gets all the problems solved but the easy work is very rich and rewarding right now.
The problems are really bad. Getting the easy ones out will improve the politics for solving the hard ones and it’s right up our alley. The solution is made of our parts. We’ve got to do it. That’s my message. It’s Friday night. Some people don’t want to go right back to coding I’m sure. We could put it off until Tuesday but how long do you really want to wait? You know everyday that goes by there’s more data we’ll never get back. Everyday that goes by there’s more data inferences we can’t undo. Everyday that goes by we pile up more stuff in the hands of the people who got too much. So it’s not like we should say “one of these days I’ll get around to that”. It’s not like we should say “I think I’d rather sort of spend my time browsing news about iPad”.
It’s way more urgent than that.
It’s that we haven’t given ourselves the direction in which to go so let’s give ourselves the direction in which to go. The direction in which to go is freedom using free software to make social justice.
But, you know this. That’s the problem with talking on a Friday night. You talk for an hour and all you tell people is what they know already.
So thanks a lot. I’m happy to take your questions.