Self-Protection In A Cloud World: Thoughts From Software Freedom Activist Richard Stallman4:00 PM EST Mon. Jul. 08, 2013
In the past, Richard Stallman, the founder of the Free Software Foundation as well as the inventor of the GNU operating system, has had harsh words regarding cloud computing. Stallman has been quoted as saying that the use of Web-based programs is "worse than stupidity," due largely to privacy issues and the erosion of the control of the users' own data. In the midst of the ongoing firestorm around NSA surveillance activities, CRN caught up with Stallman to get an update on his views. Most notably, "cloud" has become something of a four-letter word for Stallman, who also says the best way to protect privacy is to limit the collection of data. Edited excerpts of the conversation follow:
"Wait. I don't want to talk about the cloud ... The term 'cloud computing' is being used to refer to various different practices, which raise different issues. The use of that term cannot be clear. There is always confusion unless you're talking with specialists who know specifically what you really mean. Therefore, I've decided that I should not use that term. I reject that term. It's nebulous. One meaning is about services, which hold data that can be sent back to you when you wish. Another meaning is a method for distributing computing across many different computers. Another meaning is services that do computing tasks for you; tasks that you could've done on your own computer, but did not. These are three different meanings and three different issues. So I'll talk about these things, but I won't run them together."
"I don't see anything wrong with a flexible way of dividing work among various servers. That's just a technical thing. But, there are two issues. One is about letting somebody else's server keep your data, and the other is about letting [somebody else's computer] do your computing for you. If you entrust your data to someone else's server, you are entrusting your data to Big Brother, and it is really foolish to do that. But if you are a government, and you entrust your data to some company's server, you are entrusting data about your citizens to Big Brother. And that is worse than stupid. That's irresponsible."
"If somebody else's server is doing your computing tasks for you, that means that you lose control of your computing because the server owner controls how that computing is done. If you lose control of your own computing, that's an injustice. It's the same injustice that non-free software does. ... Free software does not mean it's not sold. Free software means that the user controls the program. It's a matter of freedom, not price. So think of free speech, not free beer. Free software respects the users' freedom and community. It means that users have four essential freedoms."
"Freedom Zero is the freedom to run the program as you wish, and that includes using it commercially. Freedom One is the freedom to study the source code and change it so that the program does your computing the way you wish. These two freedoms give users individual control of the program. However individual control is not enough. You need collective control as well so that any group of people can work together to exercise control over the program. And that requires two more essential freedoms. Freedom Two is the freedom to make exact copies and distribute them, as you wish, and Freedom Three is the freedom to make copies of your modified version, and distribute them to others, if you wish. In every non-free program is an instrument of unjust power. Our goal is to put an end to that."
"When you're computing is done on somebody else's server that takes away control, just like a non-free program would. But it happens in a different way. If you run a non-free program on your computer, you may have a copy of your own. You can't control what it does because you don't have the source code. But if you do that computing on somebody else's server, then that means that it's somebody else's copy and you also can't see it, or touch it, or change what it does, or investigate what it does. ... If you are a corporation, you deserve control over your computing, just the same as a real person does, or any government, or any other organization. But there's nothing to be gained by letting Corporation A's computing be controlled by Corporation B. Company A in this context is accepting a harmful practice, probably because they never thought of it this way."
"Some Web services invite you to give them personal information. I usually don't use them because I don't want them to have information about me. Some of them invite you to hand over a lot of data, saying that they will keep it for you. That is something you can trust if you can encrypt the data so they cannot possibly tell what any of it means. They could provide a useful backup service this way. Some services do computations for you, which you should never do because you should have complete control over your own computing. And other Web services may not do those things, but many of them do surveillance, which is collecting information about you, other than by just asking you for it. ... I generally do browsing from other people's computers or in places where there are shared computers so that they are not associated with me. I mostly do computing within my own computer."
"Again, I'm not going to talk about the cloud. ... You may have entrusted your music to some companies' servers. I don't do that. It's a mistake to do that. I don't want them to know what I have. On the other hand, there are services that will stream music to your machine, but you can't have a copy of it. Those are 'antisocial' because those [services] place restrictions on you, both technically and legally, that you would not have if you own the CD. To accept those restrictions is bad for you, but you are also mistreating your friends because you can't give them, or lend them, the CD. So the decision to use that service is the decision to mistreat your friends. It's the same with e-books, the way they are typically commercially distributed today. ... Also, you have to identify yourself to read it. That's surveillance. That's putting you into Prism."
"A mobile phone is a hard problem. I don't see a way that mobile phones can work and not have the phone system know where the phone is. But we could legally require the system to not notice where the phone is, unless the phone calls 9-1-1, or if a court has ordered surveillance of that particular phone. Otherwise, it should not figure out where the phone is, and not remember anything about the call. We have to limit the collection of data if we want to prevent its abuse. ... These limits, if we follow the Bill of Rights, will allow data to be collected when courts order specific data to be collected. But, they should not allow data to be collected about everybody, in general, all the time."
"I think he's right. We've already seen the persistent tendency to label dissidents as terrorists and then apply to them all of the armaments that were supposedly set up to protect us against terrorists. So every time the government says it's going to do something to stop terrorism, I think that it's going to be used to stop dissent. ... We need the government to do certain things, but we need to maintain our control over it. This was the idea behind checks and balances in the U.S. Constitution. The problem is we have a government that is getting out of our control and that is a much bigger danger than the non-government-sponsored terrorists that they say they're protecting us from. The biggest harm done by the September 2011 attacks was the harm done to U.S. freedoms."
[We need] "a movement to reject privacy-violating Internet practices. It's clear that the NSA situation is stimulating that, but how big [the movement] is going to be, I don't know. We must put an end to the practices that keep a tremendous dossier about each person. That is tyranny. So I've been protecting myself from tyranny by staying out of its grasp to the extent that I can. But, of course, that's not the real goal. The real goal is a society that does not have a tyranny like that. ... What we really need is a way that we can communicate with each other without having dossiers built-up about who we're talking to. One way to do this is for phone companies to refrain from keeping this information, except about people who have been placed by court order on a watch list. In other words, we can't prevent abuses by limiting how data is supposed to be used. To prevent abuses, we have to stop the data from being collected."
"In the U.S., that's going to be hard to do because of the USA 'Pat Riot Act' that was passed in 2001. People who don't love our freedoms call it the USA Patriot Act, but since I do love our freedoms, I won't call it that. ... [The act] says the government can collect any tangible thing that a company has without even a court order. There are some limited exceptions, like email, which goes by a different law. But, whatever the company has could be taken by Big Brother. On the other hand, if it's not a U.S. company, it's not directly subject to that. But if they store their data on servers belonging to a U.S. company, then it has shafted itself."
"They will continue to get worse unless we fight so hard that we fix some of it. What happens, it depends on how hard people fight. Don't ask me what's going to happen. Ask what you can do. We can't tell in advance what the outcome is going to be. It is a mistake to ask if we are going to win when we are fighting to put an end to a form of injustice."