I saw this a few weeks ago, but with one thing and another took till now to put my thoughts down with LibreOffice. Ah well. I had an email from the Free Software Foundation Europe, which mentioned a meeting they’d been to regarding the cloud. The slogan they mentioned is “it’s not the cloud, it’ somebody else’s computer”. That’s a point that can’t be too heavily emphasised. As I’ve said before, when using a third party cloud service your data ceases to be under your control. As for any business critical processes in the cloud, well you’re on dicey ground. Of course, you can maintain self-hosted fallback systems; but then why bother with the third party cloud service at all? When you consider things, if your business processes or critical data (business or individual) is cloud dependant then you’re really a hostage. A third party owns and can access and/or duplicate everything you do or have. If you have confidential Intellectual Property, then this is clearly a bit of a problem! In the event of a failure at their end, you can be left firmly up the famous creek through no fault of your own! In fairness, I should balance this by pointing out that if the cloud service is run in house, then you get the benefits and reduce the potential drawbacks. On a personal level, I run an OwnCloud instance on a Raspberry Pi computer. It’s allowed me to retake control of my data and gain a degree of independence.
Over the months since the initial Edward Snowden revelations, I’ve been keeping an eye on the big tech companies. I’d hoped to see some kind of gesture here, but it seems to have been a case of completely failing to learn the lessons. Instead we’ve seen denial, misdirection and media spin. In a recent speech Microsoft’s Legal Counsel is reported to have said:
“What we’ve seen since last June is a double-digit decline in people’s trust in American tech companies in key places like Brussels and Berlin and Brasilia. This has put trust at risk,”
Oh really? I think “at risk” is putting things a bit mildly to say the least. It’s with this in mind that I started to look at what could be done. Buddhism gives a mandate for making your own judgements on issues in the Kalama Sutra and I find that it does tend to encourage a less conformist, more critical, attitude to things. This helped my decision to walk away. The main question is how to get the benefits of the could based infrastructure without the actual cloud. I have, to my surprise, found that the humble Raspberry Pi computer has stepped up here. The email solution requires work, but I am finding that the Davical software provides a good alternative for address book, calendar and task sync. I have to sync two Thunderbirds, a tablet and a phone. This is currently, a work in progress, but is already fulfilling a lot of its promise. I hope to fully document what I’ve been up to on this, including an email solution in a future post
In this post, I want to start to think a little about ethics, but specifically from the point of view of software. I started looking around at this casually, I did some searching and chatted with friends who also work in IT. I found that the idea of ethics and software tends to be seen as a matter of software licensing and software piracy. I think that this misses what I’m looking for, that the goal of my search lies elsewhere.
As a programmer, I have ethical obligations. These are mostly to users of my programs. I have to do my best to ensure that the people who use my programs can trust them. This means that the programs don’t spy on the user in anyway, after all my programs are guests on your computer system. That means that they mustn’t abuse your trust. In fact, it could be said that the program acts as an ambassador for the programmer (or software company), if it’s crooked then what conclusions might be implied about the nature of the software provider?
But what about the user? This is an equally important area and is part of what I want to begin mulling over. This really starts with the position of being an ethical customer, so firstly we have to consider the company we’re dealing with. If a software company is noted for being specifically unethical or abusive of it’s power or position, we have to ask ourselves whether we want to do business with this company. Do we really want to support them? After all, the money we hand to the company helps to reinforce their profits and position, thus potentially supporting their unethical actions. In light of the recent revelations from Edward Snowden regarding government snooping and the complicity of some large software companies, this question is very relevant.
This is probably even more alarming when applied to cloud services. After all, we have little control over the practices behind the scenes at the service provider. We still have to ask the question of how easy it is to migrate away. If the only copy of your data is with a cloud service provider then are you a customer or a hostage? Given that you may not be able to guarantee the security or privacy of your data, how much knowledge and control are you willing to share with them? That’s a very pertinent question if the service or data is business critical.
However, there is a degree of responsibility that lies with the user too. When saving data, we have to consider the format used. Should we force other people to use formats for data that might lock them into a given piece of software? For example, a proprietary word processor or database with its own file format. If somebody wants to interact with us, they are forced to buy a given piece of software, but what ethical or moral right do we have to dictate that?
There is another piece to this, I have pointed out in the past that all notions of compassion and ethics have to begin with the way you treat yourself. After all, if you don’t treat yourself well, how can you then extend compassion to your treatment of others? Ethics and compassion have to begin at home.
This seems to mandate that we only use software we can be more confident of trusting, from ethical sources. I am convinced that Free Software such as GNU/Linux is the way forward in this regard. It also means that we apply the question of vendor (or format) lock in to our own situation. Do we want to be locked into this software? Who holds our data? I feel that these are questions that we can increasingly not afford to ignore.