Reducing vulnerability to massive spying with free network services?

FSF executive director (and participant) John Sullivan quoted in The Atlantic Wire:

“Massive privacy intrusions like this are to be expected when people shift from storing their media locally and using local software, to storing them on other people’s servers and using hosted (Web) applications. Giants like Microsoft, Facebook and Google are vulnerable to government requests for user data, and there are better, more secure ways to share information online.” Decentralized (and yeah, much more obscure) programs like GNU MediaGoblin, StatusNet, Diaspora,, Tahoe-LAFS and SparkleShare are better options, he added.

PRISM was recently revealed to be an electronic surveillance program run by the United States National Security Agency (NSA) since 2007, in collaboration with major telecom and net services companies, allegedly including Microsoft, Yahoo, Google, Facebook, Paltalk, YouTube, AOL, Skype, and Apple.

EFF and others are leading the traditional contract your representatives response — please do that, wherever you are in the world. The UK government reportedly participates, and doubtless many others collaborate in some way or otherwise massively snoop.

Network-aware software freedom is no magic bullet against mass surveillance — large fractions of any society can be turned into informants without computers at all, and forthcoming, pervasive physical monitoring will be possible via tiny devices, some of them mobile. And of course many choke points in physical and other (e.g., certificate authorities) infrastructure exist that make the state empowered spy’s job easier.

But software freedom can make the spy’s job harder. How much harder? What is our scope for action and advocacy? Not just short term, but long term? How much would various arrangements of free network services help?

Massively centralized but Franklin Street Statement* compliant Software-as-a-Service providers. In the short term, probably no effect; Google-FSS could be just as easily compromised. In the long term, software freedom would reduce one tendency toward mass centralization — consider for example WordPress, which is free software: is probably by far the largest host of WordPress-based sites, but also only one of thousands — taking us some ways down path to…

Lots of FSS compliant I/P/SaaS providers. In this scenario the spy’s costs presumably go up. Providers are vulnerable to regulatory and (il)legal pressure to cooperate with spies, but there are lots of providers to compromise, in a variety of jurisdictions.

Everyone provides their own services on hardware they control. Presumably this maximizes the spy’s costs: it must target individuals it wishes to spy on, or attempt through regulation to ensure most devices people use facilitate spying (which seems a tall order and dystopian; but perhaps the case can be made that non-spy devices should be illegal in order to satisfy the security state and the entertainment marketing industry: what a deal!).

Numerous other factors that directly or indirectly bear on software freedom which the FSS alludes to (extent to which services communicate in a decentralized fashion: federation, P2P…) and does not (governance of services: some organizational contexts could be less vulnerable; communications infrastructure architecture) would also effect the vulnerability of free network services.

To make software freedom a regular part of the discourse and response to massive spying, we need to go a few levels deeper on how software freedom and vulnerability to snooping interact. But much more than that, we need to implement and deploy free network services such that they are a real option for the masses and thus pertinent in a non-theoretical fashion. Can we use news such as the disclosure of PRISM (even if that turns out to be fake, there will be plenty of others) to motivate building and adoption of free network services?

John Sullivan mentions some in the quote above. Also see Jitsi and other free communications tools mentioned in Free, open, secure and convenient communications: Can we finally replace Skype, Viber, Twitter and Facebook?

*5 years old, the FSS needs to be re-evaluated and refreshed. If you’d like to help please join the mailing list.

4 thoughts on “Reducing vulnerability to massive spying with free network services?”

Comments are closed.