The Linux Voice view on what's going on in the world of Free Software.

News Analysis

Article from Issue 205/2017

Learning lessons from the business success of Linux and applying them to privacy.


Privacy and Re-Decentralization

As a society, we're discovering that viewing technology in isolation is insufficient. We really need to have a holistic, joined-up view of how IT works. All over the world as the economy dips, we see authoritarianism on the rise. As technologists, we are culpable in not having foreseen this – in having believed technology is amoral and that we can continue to focus on cool stuff and not worry about what people are going to do with it.

The biggest challenge may be the centralization of personal data – not just facts, but opinions, too. Global data giants are delivering "cloud" services that may be implemented by distributed systems but are centrally controlled. That offers a control point for authoritarians.

We need to find a way to take Google, Facebook, Twitter, and all the rest out of the center of the diagram and put them as nodes in the diagram. It's not that they are inherently bad, but they create a "hostage to fortune" by having so much information and so much control in places where authoritarian governments can, with the stroke of a pen, decide to make it impossible for you to have the freedoms that the UN Convention on Human Rights declares as inviolable.

It's very important that we continue to promote software freedom. It's extremely unlikely that we will have any civil liberties left if software freedom is eliminated. All the same, I don't think software freedom alone is enough for protecting our civil liberties. I'm thus concerned about all our digitally expressed civil rights; I'm concerned about the over-centralization of the web, as well as our overdependence on proprietary technology.

For the firsts steps of re-decentralizing the web, I think we need to focus on privacy. As I wrote in Issue 203, privacy is not just about protecting facts, it's also about protecting the ability to connect facts and deduce context from them. We have privacy when we control the disclosure of ourselves to others.

That's why, with caveats, I think the new General Data Protection Regulation (GDPR) is a force for good. The burden of GDPR on companies is massive. Consider the bureaucracy and administration they have to manage; the architectural challenge for the software that they'll need to develop is massive. Thus companies will prefer not to aggregate nonessential personal information, because the administrative and bureaucratic burden of doing so is too great upon them.

Some fear new restrictions will harm progress, but the lessons of Linux suggest otherwise. The Linux kernel is still licensed under GPLv2. The GPLv2 license, reputedly, has all sorts of challenges for businesses. If you ask a start-up what license they're going to use for their software, they'll never tell you GPLv2 or GPLv3; it's always either going to be AGPL – if they want to use fear as the way they generate revenue – or it's going to be BSD if they want to maximize adoption.

Yet we see around Linux this massive community of people who are using GPLv2-licensed software. So what's going on there? Well it turns out that you can run a perfectly good business using GPLv2-licensed software, as long as the rules give nobody a benefit over anybody else. Companies have adapted to the inconveniences: They maintain a history of where the software came from; they maintain a habit of publishing under open source licenses. So now they've adapted – they faced the regulatory pressures, they faced the legal challenges, and they have adapted to remain profitable in the environment.

Corporations are like animals; they respond only to hunger and fear, where hunger is profit motive and fear is competitive pressure. When corporations get hungry or fearful, they do things that change their behavior. You can't easily persuade a corporation to act ethically, but you can appeal to its fear and hunger. This reality was the whole point of the difference between open source and free software. Free software is an idea for people – it's something ethically compelling – whereas open source is something I use to persuade my employer, showing the business benefit of working with software that's licensed that way. They are the same thing, but expressed for different audiences.

Rather than just relying on ethical arguments, we must devise equivalent mechanisms for privacy. To change Facebook's behavior, for example, we need laws such that they will make more profit and suffer less harm if they do things that don't erode privacy. We have to make it hurt for companies to abuse personal data and the context that interpolating it delivers. We have to demonstrate that the attitude Equifax has shown, and continues to show, is not just unacceptable morally, but also will lead to the company's officers going to prison and will result in the shareholders losing their money.

In a connected world, privacy won't just happen by itself. We need thoughtful laws to create the competitive pressures that make it happen.

The Author

Simon Phipps is President of the Open Source Initiative and a director of the Open Rights Group and The Document Foundation (makers of LibreOffice).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95