I’ve noticed some complaints that the Franklin Street Statement does not address privacy issues. I thought it might be worth explaining here why I am less concerned. As usual, I speak for myself here, rather than the group, but we all welcome constructive feedback on the issue.
Free and open software has a slightly indirect mechanism for dealing with software of low quality. It gives people the freedom to fix the problems themselves, pay for someone else to fix it, or to get their data out and use other software. In other words, freedom creates choices and markets- which allow and encourage quality to happen. Given that free software originates in one man’s quest to improve the quality of his printer, this side effect of freedom shouldn’t be too surprising.
It is a good thing that better quality software happens as a pleasant side effect of freedom, because quality is really hard to define, and anything which is hard to define is almost impossible to mandate. One man’s bug is often another man’s feature, so even though we’d all agree that less buggy software is good, it’d be pretty hard to write a free software license that says “you can modify this software, as long as you don’t introduce new bugs.” Under such a license, who would decide if the new version of the software was buggier or not, and hence whether or not it was acceptable? Hard to picture that working, especially as standards change over time. Instead, we’ve put our faith in the choices of autonomous individuals. This has created incentives to create some pretty high quality software despite the noticeable lack of licenses or philosophies that mandate quality.
Privacy is (to me) remarkably similar to software quality. Defining privacy is hard- like pornography, we know it when we see it, but usually can’t explain it. Valuing privacy properly is also hard- can you articulate when you are willing to compromise it, and for what reasons? And valuing and defining privacy consistently is nearly impossible- Europeans tend to give very different answers to these questions than Americans, for example, and teens give very different answer than adults. Given all that, it would be very difficult, if not impossible, to mandate privacy in a statement like the Franklin Street Statement, or in a license- whose definition would you use? when could it be compromised? etc.
It isn’t guaranteed that this will work, of course. People who feel locked in by network effects (like facebook users) might not have true autonomy in the way an emacs user does. And privacy may be different than quality, since a single crash is temporary but a personal data leak may be forever. So this issue could easily merit more discussion. But until then, trusting in the cumulative effect of personal choice seems like the most reasonable starting approach to the complex and thorny problem of privacy in networked services.
Luis is a law student at Columbia Law School; a director of the GNOME Foundation; a member of OSI’s legal advisory board; and many other hats. He wrote this at 2am, so cut him some slack .