Freedom in the “cloud”?

It’s come to the point that I was asked to explain what I consider necessary prerequisites for an open, free, sustainable approach towards what is often called “The Cloud” or also “Software as a Service” (SaaS).

To be honest, it took some time for me to make up my mind on the matter, and I considered many of the inputs that I’ve seen so far, in particular the Franklin Street Statement on Freedom and Network Services to be good enough for some time.

Clearly I’m sympathetic to the fundamental ideas behind Diaspora, ownCloud and so on. In fact, I myself am currently dedicating my life to the creation of a solution that should empower users to take control over some of their most central data – email, calendar, address books, tasks, see “The Kolab Story” – and thus to provide one puzzle piece to this picture.

So yes, I have developed an opinion by now and obviously I see attempts at “openwashing” such as “Open Surface” by Microsoft to be falling dramatically short on several accounts.

So what do I think constitutes a socially acceptable and sustainable approach to “Cloud Computing” or “SaaS”?

I think it may be simpler than what I initially thought. There are two primary points that now seem most relevant to me:

Right to restrict

Users must be able to restrict access to their own data, especially by their service provider. Participating in social networks, or enjoying the convenience of having your data available at all times should never have to come at the price of giving up privacy. So users must be given a choice to restrict access to their data as much as they consider necessary or desirable, from fellow users, and their provider. Similarly, they should never lose the right in their data simply because they use a certain service.

Freedom to leave, but not lose

Users must be able to switch between providers, or even to host their own data, if they so choose. And they must be able to do so without losing their network.

They should still enjoy the same level of interconnectivity and not be penalized for having switched providers in the form of having to convince all their contacts and friends to switch, as well.

Software such as StatusNet which is powering Identi.ca allows to set up your own instance – this is a step in the right direction.

From these follow a couple of necessary conclusions to get to this point:

Free Software necessary, but not sufficient

Free Software is a necessary, but not a sufficient condition. Without the software being Free Software, the Freedom to leave, but not lose is exceedingly hard to implement. So in my view the GNU Affero General Public License (AGPL) is strongly preferred, followed by the GNU General Public License (GPL) Version 3, but ultimately any Free Software license will do. Implicitly therefore I am also not adverse to allowing companies to differentiate themselves to some level on code, as long as that does not violate the principles above.

Decentralized & Federated

In order to allow switching without losing the network, any software in this context should be designed federated and decentralized, based on protocols that allow such interconnectivity as well as re-discovering users that have moved.

Open Standards

In order to facilitate the connection of services and providers, as well as allow for innovation and differentiation, a certain level of freedom to experiment is necessary. So software and services should provide truly Open Standards with ongoing interoperability work through plug-fests and automated test suites which give some indication on how well which services actually interoperate.

Transparent Privacy Policies

In order to have control over data, users first need to understand what they are (or are not) allowing the provider to do, which is typically not the case. Most users have never read the 20 page privacy statements which are written in ways that make telephone books seem an entertaining read. So we need a way to simplify this.

A set of standardized privacy policies, maybe with a simple visualization approach similar to what Creative Commons came up with, would be a very useful step forward here.

No change of policy without explicit consent

And naturally it should be illegal to change privacy policies on users without their explicit consent. They need to know what is changing, and how, and what will be the resulting level of privacy they enjoy – in the same clear, transparent and understandable manner.

Because much of this is fuzzy in the sense of being open to interpretation and evaluation, these will require monitoring, either through existing consumer protection bodies, through antitrust or standardisation groups, an existing or new NGO dedicated to this work, or something else. Off the top of my head I cannot think of a body that has both the mandate and competency to fulfil such a task.

So while I have some ideas, I obviously still don’t have all the answers.

Be Sociable, Share!

16 comments to Freedom in the “cloud”?

  • Good thoughts all around. :-)

    Regarding transparent privacy policies, you might be interested in
    this: http://www.azarask.in/blog/post/privacy-icons/

    One minor quibble: I think that requiring consent before a policy change is perhaps an unreasonable burden. Would not requiring a reasonable notification period (e.g. a months notice) combined with the freedom to leave be sufficient?

  • evanh

    I know it’s common enough to maintain existing customer plans for those still using said plans while not offering it to new subscribers. Even to the point of not even notifying existing customers that there is newer options available.

  • evanh

    To put it mildly, anything short of a consent is an abuse of power.

  • Matthew C. Tedder

    I have a design in a Google Doc that attempts to meet all of this and more. It’s P2P and federated, based on clear text documents over HTTP 1.1. The notation I call, SIN for Semantic Information Notation. It enables users to specify what (not where) they are looking for. Data is redeemed by its association with other data–super and/or sub-attributes. So you can create a form in a wiki-like manner, the data entered is abstracted such that it can be brought back to whatever other forms (or queries) request it by what it is. Re-design the original form (or create other forms) and there is no need to worry about anything like table structures. Hierarchies are built upon view, not built into the data store. This is tremendously more powerful than SPARQL and non-rigid like ontologies on the Semantic Web. Also, Semantic Web ontologies tend to be widely misused in practice. Everybody needs custom variations of the ontology. It’s a nightmare, if you ask me.

    A SIN server consists stores attribute/value pairs. However, each attribute may have zero or more value instances. Each value instance may have zero or more sub-attributes or super-attributes. I designed the notation using characters that will require easy human readability/editability–translated less need to escape, not having to remember to close braces/tags, etc, and not having to search through masses of text to find the spot you’re looking for. This also grants the easy ability to merge/update. For example, a SIN resources is called very much like you call a web page or a file/folder via WebDAV.

    If you call http://somewhere.info/university/undergraduate, it sets the SIN document’s root two levels below the SIN server’s root. That place is presumed with the notation such as:

    ~school+resources/multiplication+table/heading: Multiplication Table
    /* if there is an enter after the colon, then the value begins on the next line and is multi-lined. */
    /* btw, WTF don’t compilers accept embedding /* comments */ within other /* comments */ ? */
    ~/school+resources/multiplication+table/x0,y0/0
    ~/school+resources/multiplication+table/x1,y1/1
    ~/school+resources/multiplication+table/x1,y2/2

    I specified a complete set of rules. It’s easy to learn and even easier to use. For example, the colon can be replaced with “>” where the value is actually a query pointing to information out there. Or, ” links). URLs would be of little to zero importance. The returned documents may provide back any mix of literal values or references. This is useful for load-balancing. I also built a mechanism to facilitate sorting client-side, since the server’s job is merely to filter. Again, whether you are a client or a server is just a matter of the operation at hand at the time. They both send and receive the same documents via GET and PUT requests.

    Underlying this, the data store is capable of exceptional performance. It’s columnar, which already tends to provide some 10+ times read performance. I designed it without the ability to delete. Rather, an optimization process finds and re-links same-values to one location in storage. When the value changes, its reference is actually pointed to another place. And, for performance it can be broken up by ordered ranges of attribute labels in addition to simply having > links intermingled.

    Security is like this: Every user, access point, and node may have stamps and filters. Stamps are attributes that are automatically added to any data entered thereunder. Filters are criteria by which to filter. So, for example, a user may have has name and the date/time as user-level stamps. The access point may add a user-type attribute (for example) that stamps either “customer” or “employee”, for example. And getting to data through particular nodes may also filter. For example, perhaps only employees are allowed to see certain information. Customers may go through certain nodes depending on what they are looking for, such as women’s verses men’s products. And of course, they can add their own additional criteria such as, no polyester.

    The information network would be global and Free. It would enable all kinds of information, services, and other kinds of resources to be queried globally and yet reduced by the sub and super attributes one is seeking. For example, a query for a product named “hammer” in the city of Nutville might return those from various hardware stores and department stores, bars, and perhaps even a social club. Refine down to only see alcoholic beverages” and it might reduce to two or three bars that server a “hammer” drink. Then explore the other info available on those to decide which bar you want to visit. It’s a vastly superior method to the currently predominant method that sells us things like cars with few selling points beyond the hot girl standing in front of it. Why, in the Internet age to do have to manually seek out the products we are seeking and endure unwanted sales people and advertising getting everywhere in the way of our lives and work.

    Sorry for the long post. I feel passion on this topic. I also think that this information network (if implemented) could revolutionize the global economy and add a new methods of raising capitol for ventures. The size of an economy is measured by how many ends are met by means. Think of how many more could be matched which a producer can simply query for what people are seeking that is not yet sufficiently met? And imagine when people can query for the resources they need to build a new business to fulfill a market need. Let’s say there’s 6,000 people looking for a certain style of wooden chair for a certain price range. They’ve registered their queries and you can query to find this out. But you need the right kind of wood, the right people with the right skills, and perhaps some tools. It all needs to fall within a certain price range. And, you need to finance this venture. You can query for all of that. When met, you have a new business. The risk can be greatly reduced to investors and creditors as all of this information is transparent to them all. They can query to work history and reputationally related attributes of the workers and the suppliers.

    I do also think we need a better form of identity. In my view, it should be anonymous yet persistent identity. That is, we should know who a person is in terms of the reputation of their on-line handle. But we must not be able to trace that back to the physical person, without his/her consent. I think OpenID can evolve to provide this.

    Matthew

  • JohnF

    Very interesting premise.

    I’ll stick with having software and data own servers, thank you very much.

    I use GMail, but every piece of mail is copied to my own servers. If Gmail goes away, I still have my data. Ok .. my email address just disappeared. I could easily fix that by setting up my own server if I felt it was a risk.

    The data on my servers are all backed up offsite, if my house burns down I can get it all back. And have tested it so I know it works.

    I really hardly every need access to ‘everything everywhere’, many that think they do might just need to plan a bit better.

    Looked into if for our business, and found it was just too expensive. It sounds cheap, but depending on how much you want to use your own data, it starts to get very expensive very quickly. And the cost to rewrite everything for some proprietary platform just wasn’t worth the cost.

    Yawn … another technology looking for a problem to solve.

  • Richard

    Interesting question: would a Meta GPL be needed here?

    If one were to write a piece of Free (GPL/AGPL) software to make a cloud-based social network, then how do we guarantee that users have the freedom to keep their network. In order to enforce the Users’ rights to access the data of other Users (to keep their networks), then we might have to make the software itself non-free.

    Consider a cloudy-version of Facebook. Let’s call the community-developed, Affero-GPL software “CBS”, and
    imagine that this is taken up by many companies, eventually including a large, dominant company called “Cloudbook”.

    1. At the moment, the AGPL merely requires that, if Cloudbook, the company alter the source-code of the
    CBS software, they must release the new source.

    2. If the creators of CBS want to make the cloud truly free, then they need to require much stronger conditions, namely that by granting companies such as Cloudbook the right to run (and modify)o CBS, Cloudbook must perpetually provide open access to its data, and allow all users to continually access it, gratis. This is what guarantees users the right to keep their network.

    So, software that is truly Free at the Cloud level would seem to conflict with Freedom 0 (“The freedom to run the program for any purpose.”) in order to guarantee what I might call “Freedom -1″, aka the freedom to access your content and networks at all times and at zero cost, no matter where it is hosted.

    FWIW, I asked RMS a similar question in person recently; his reply (I hope I don’t oversimplify) was that there is indeed an ethical clash, but that software licenses can’t solve everything…

  • [...] Freedom in the “cloud”? « freedom bits It’s come to the point that I was asked to explain what I consider necessary prerequisites for an open, free, sustainable approach towards what is often called “The Cloud” or also “Software as a Service” (SaaS). Source: blogs.fsfe.org [...]

  • Hey Matthew,
    Sounds cool, have you got a link to your online documentation?
    Brad

  • Jonathan

    Hi,

    It’s an interesting post. I always have ambiguous feeling toward cloud services: being able to access your data from anywhere is really tempting but the privacy loss and the lock-in that use to come with it are not acceptable.

    As for the transparent privacy policies, Aza Raskin proposed time ago a set of icons, similar to the ones used by Creative Commons, to help web sites advertise their privacy policies:
    http://www.azarask.in/blog/post/privacy-icons/

  • Thanks so much for the truly insightful comments, everyone.

    In particular the privacy icons are great to see. Was wondering why no-one had proposed something like this before, now turns out I just missed it. :)

  • [...] Georg Greve discussed his perspective on freedom in the [...]

  • Jon

    Seems like you entirely described the OpenStack cloud platform by Rackspace.

    Portable, open source, community driven (with the funding company only as a contributer) and decentralized.

    I just find it weird you have no mention of them!

  • [...] Freedom in the “cloud”? It’s come to the point that I was asked to explain what I consider necessary prerequisites for an open, free, sustainable approach towards what is often called “The Cloud” or also “Software as a Service” (SaaS). [...]

  • Freedom is at risk help us fight them.

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>