2013 GA in Vienna, day #2

Yesterday was Day #2 of the FSFE GA in Vienna. After a short night of sleep, we again began the day around 10.00am. The German chapter of FSFE had their own official General Assembly earlier.

This second part of the GA was more focused on the usual, formal stuff. Review of annual reports (executive report, legal activities report, fellowship report… and soon a campaigning report) and Q&A about the reports.

We also planned out the focus for the next 6-8 months. One important detail for FSFE is that not much is going to be achieved on the side of public policy. With ongoing preparations and campaigning at the European Commission and at the European Parliament, everyone has the coming 2014 elections in mind. There isn’t much to do then for our public policy team. (Although that means it’s time for everybody else to get active on the Ask Your Candidates Campaigns.)

One important focus for 2014 is what we talked about on day #1, our strategy as a whole. Where is FSFE going, and more importantly, where should we go. Major organisational work within the organisation is expected. We’ll see more about that in the future.

We’ll have some minor constitutional changes, including typos (look for “enagagements” instead of engagements in the current copy!)

And last but not least, Karsten has been reconducted in another term as President (his 3rd mandate). Matthias Kirschner is now the Vice-President, as Henrik stepped down to pursue other challenges. Reinhard has been unanimously elected Financial Officer, for another mandate (how many does it make? 5?), because he’s excellent at doing it ☺

2013 GA in Vienna

Hello! I’m writing this currently sitting in Metalab, Vienna’s finest Hackerspace, featuring 3d printers, laser-cutting-graving machine, club mate, an authentic phone booth, and a lot of discussions ☺

Looking around me right now, I can spot 6 different nationalities:

  • Austrian
  • Estonian
  • Belarusian
  • Italian
  • Slovenian
  • German

It’s the first time of the day I’m taking a small break on my own, managed my email, and now writing this. [In the process of writing, Heiki and Andrew popped in].

This day, we met and started at 9:30. And we basically all day worked on the strategy of FSFE. Where are we going? What is our core mission? What do we want to achieve? It’s sometimes good to lay back and take a wider look at what’s going on. What difference are we making?

This process is ongoing of course, and will take time. But I’m confident that we have some of the most interesting melting pot of brains and cultures here to fix and handle the situation!

What do you think?

Blogging here: a new focus

I started blogging here in 2009 when I was an intern in Berlin with the Free Software Foundation Europe. The organisation had just initiated a major change back then: Georg, one of the founding members and first president, handed it over to Karsten. I’ve got to say that I joined during interesting times, and I enjoyed working in Berlin with Matthias and Claudia from the KDE association. I hope I’ve been able to share some of that interest with you readers when I was writing on this blog while an intern.

It’s been 3 years since I was an intern, but I’ve kept on writing here and on my personal blog. However it felt more cumbersome to maintain 2 different blogs (both in 2 languages) than anything else. Moreover the distinction between personal things and free software is difficult to make, as free software and the people who make, use, and defend it, are important parts of my life.

Anyway.

I started blogging at a new place: hroy.eu. I will mostly blog over there, even for matters that are of interest to FSFE fellows and free software activists at large. I will send posts relevant for the free software & FSFE audience to the blogs planet (which I really recommend you read ☺ or if you’re too lazy you can get a good grasp of it each month in the newsletter)

So I’m giving a new focus to this blog. From now on, I will write here about things that are more internally focused on FSFE, and more focused on work, campaigns, and getting things done!

Let’s see how it goes.

RFC: User Data Manifesto

Hi, I’d like to know your opinion on the current draft for the User Data Manifesto.


user data manifesto

“User data” means any data submitted by or collected from a person using a service on the Internet, on which a user has power.1

This manifesto aims at defining basic rights for people regarding their own data in the Internet age. Roughly, we refuse feudalism: people ought to be free and should not have to pay allegiance to service providers.

Thus, users should have:

  1. Control over user data access

    The data that the user uploads should be under control of this person. Users should be able to decide whom to grant direct access to their data and under which permissions.2

    Cryptography3 is necessary to ensure this.

  2. Knowledge of where the data is stored

    When the data is uploaded to a specific storage provider, users should be able to know: where their data is stored, how long, in which country, and which laws apply.

    It is recommended that all users have their own server in the long term and that users do not rely on centralised services. Use of peer-to-peer systems and unhosted apps are a means to that end.

  3. Right to leave a platform

    Users should always be able to extract their data at any time without being locked in to a specific service.

    Open standards for formats and protocols, as well as access to the program under a Free Software license are necessary to achieve this.4

If users have these, they are in control and can reasonably trust the services they use, rather than paying allegiance to the operator of a service.

When users control access to data they upload, it also applies to the operator of the service and to governments. Thus, a service should not force you to disclose private data (including private correspondence). That also means the right to use cryptography5 should never be denied. Exceptions where the user of a service “forces” the user to give access to some user data to the service provider includes cases where data that is necessary for the service to perform the service.6

Some services allow users to submit data with the intention to make it publicly available for all. Even in these cases, some amount of user data is kept private. The user should also have control over this data. This usually applies to so-called “metadata” or to the social graph.

When users make data available to others, whether to a restrictive group of people or to large groups, they should be able to decide under which permissions they grant access to this data. However, this right is not absolute and should not extend over others’ rights to use the data once it has been made available to them. What’s more, it does not mean that users should have the right to impose insane restrictions to other people. But this should be ultimately under the user’s control, not under the control of the operator of the service.

Ultimately, to ensure that user data is under the users’ control, the best technical designs include peer-to-peer or distributed systems, and unhosted applications. Legally, that means terms of service should respect users’ rights.

In the long term, all users should have their own server.

But it is also important that users are not stuck into a specific technical solution. This is why people should always be able to leave a platform and settle elsewhere. It means users should be able to have their data in an open format, and to exchange information with an open protocol. Open standards are standards that are free of copyright and patent constraints. Obviously, without the source code of the programs used to deal with user data, this is impractical. This is why programs should be distributed under a Free Software license.


FAQ:

  1. what’s not user data?

User data is not necessarily private data and does not necessarily relate to a person or contains personnally identifiable information. Thus, this manifesto does not aim at modifying personal data regulations, but rather aim at complementing them.


Footnotes

  1. For instance, the power to edit or move such data. That means that anonymously “dumped” data, e.g. on pastebin, or data that can be edited directly by anybody, e.g. a public etherpad, do not usually deal with user data.

  2. ^6 Services shall apply this principle in spirit. However, we understand that in order to provide some services such as providing email, some amount of user data needs to be accessed by the service provider (e.g. the email metadata from:, to: etc.) This is why Rule #2 is important.

  3. ^5 We mean effective cryptography. If the service provider enables cryptography but controls the keys or encrypts the data with your password, it’s probably snake oil.

  4. The GNU AGPL-3+ safeguards this right by making it a legal obligation to provide access to the modified program run by the service provider. (§ 13. Remote Network Interaction)