America's FTC Requests Comments on Cloud Computing. FSF Urges Privacy and Freedom (fsf.org) 13
America's Federal Trade Commission is soliciting public comments on the business practices of cloud computing providers, trying to understand security risks and competitive dynamics. (Questions include "To what extent are particular segments of the economy reliant on a small handful of cloud service providers and what are the data security impacts of this reliance?") They've already received dozens of comments (including one from Red Hat).
But there's also three questions about open-source software:
"To what extent do cloud providers offer products based on open-source software?"
- "What is the impact of such offerings on competition?"
- "How have recent changes to the terms of open-source licenses affected cloud providers' ability to offer products based on open-source software?"
This has drawn a response from the Free Software Foundation — and they're urging others to join in. "Since it isn't every day that the FTC solicits public comments on subjects in which the free software community is so well-versed, let's take this opportunity to submit comments that support digital sovereignty." The hope is to persuade policy makers to make software freedom and privacy a central part of any future considerations made in the areas of storage, computation, and services. Such comments will be made part of the public record, so any participation promises to have a lasting impact...
[W]e have prepared the following points for consideration:
- When considering rules and regulations in technology that stand to protect people's fundamental civil liberties, it is important to start from the question, "does this decision improve digital sovereignty or diminish it?"
- In the case of computing, (e.g. word processing, spreadsheet, and graphic design programs), the typical options diminish digital sovereignty because the computations are being run on another computer under someone else's control, inaccessible to the end user, who therefore does not have the essential freedoms to share, modify, and study the computations (i.e. the program). The only real solution to this is to offer free "as in freedom" replacements of those programs, so that end users may maintain control over their computing.
- In the case of storage, today's typical options diminish digital sovereignty because many storage providers only provide unencrypted options for storage. It is imperative that individuals and businesses who choose third-party storage always have the choice to encrypt their storage, and the encryption keys must be entirely within the control of the end user, not the third-party provider.
- In the case of services (such as email, teleconferencing, and videoconferencing), while the source code that runs services need not necessarily be made public, end users deserve to be able to access such services via a free software client. In such cases, it is imperative that service providers implement a design of interoperability, so that end users may use the service with any choice of client.
- Free software allows end users to inspect the software for possible security flaws, while proprietary software does not. Therefore free software is the only realistic option for an end user to achieve verifiable security...
Unfortunately, the FTC's website requires nonfree JavaScript (reCAPTCHA, specifically) to comment on a document, and the FTC has declined repeated requests for instructions for how to submit comments by paper form.
If you're not in the habit of avoiding nonfree JavaScript for the sake of your freedom, which we recommend, you can also leave comments on the FTC's website. While you're there, let webmaster@ftc.gov know about the injustice of proprietary JavaScript and encourage them to respect the freedom of their users...
The deadline to submit is June 21, which is just enough time to publish something meaningful on the topic in support of free software.
But there's also three questions about open-source software:
"To what extent do cloud providers offer products based on open-source software?"
- "What is the impact of such offerings on competition?"
- "How have recent changes to the terms of open-source licenses affected cloud providers' ability to offer products based on open-source software?"
This has drawn a response from the Free Software Foundation — and they're urging others to join in. "Since it isn't every day that the FTC solicits public comments on subjects in which the free software community is so well-versed, let's take this opportunity to submit comments that support digital sovereignty." The hope is to persuade policy makers to make software freedom and privacy a central part of any future considerations made in the areas of storage, computation, and services. Such comments will be made part of the public record, so any participation promises to have a lasting impact...
[W]e have prepared the following points for consideration:
- When considering rules and regulations in technology that stand to protect people's fundamental civil liberties, it is important to start from the question, "does this decision improve digital sovereignty or diminish it?"
- In the case of computing, (e.g. word processing, spreadsheet, and graphic design programs), the typical options diminish digital sovereignty because the computations are being run on another computer under someone else's control, inaccessible to the end user, who therefore does not have the essential freedoms to share, modify, and study the computations (i.e. the program). The only real solution to this is to offer free "as in freedom" replacements of those programs, so that end users may maintain control over their computing.
- In the case of storage, today's typical options diminish digital sovereignty because many storage providers only provide unencrypted options for storage. It is imperative that individuals and businesses who choose third-party storage always have the choice to encrypt their storage, and the encryption keys must be entirely within the control of the end user, not the third-party provider.
- In the case of services (such as email, teleconferencing, and videoconferencing), while the source code that runs services need not necessarily be made public, end users deserve to be able to access such services via a free software client. In such cases, it is imperative that service providers implement a design of interoperability, so that end users may use the service with any choice of client.
- Free software allows end users to inspect the software for possible security flaws, while proprietary software does not. Therefore free software is the only realistic option for an end user to achieve verifiable security...
Unfortunately, the FTC's website requires nonfree JavaScript (reCAPTCHA, specifically) to comment on a document, and the FTC has declined repeated requests for instructions for how to submit comments by paper form.
If you're not in the habit of avoiding nonfree JavaScript for the sake of your freedom, which we recommend, you can also leave comments on the FTC's website. While you're there, let webmaster@ftc.gov know about the injustice of proprietary JavaScript and encourage them to respect the freedom of their users...
The deadline to submit is June 21, which is just enough time to publish something meaningful on the topic in support of free software.
moronic pr (Score:2)
The term "digital sovereignty" is opaque and no one know how to spell it. Stupid stupid choice of nomenclature.
FSF people are just insufferable (Score:3)
Like do you have to cry and complain about everything? Find fault everywhere? FFS people have better things to do.
Re: (Score:2)
You've got to admit it's a bit shady to pre-screen out the commenters who have the most skin in the game. Perhaps next the ATF can solicit comments on gun control and exclude gun owners?
Yeah, they can mostly go use the computers at the local library if nothing else - but that's a substantial burden of inconvenience not faced by people on the other side of the conversation, and runs the risk of many comments from different users on the same computers getting thrown out as spam.
fanaticism (Score:2)
"how to submit comments by paper form"
If you need to submit your comments to cloud computing on paper,
how about leaving them for yourself?
Watch out! (Score:2)
Re: (Score:2)
Thank you for the generic warning! We'll be generally cautious!
Open source? (Score:2)
"To what extent do cloud providers offer products based on open-source software?"
Why does this really matter? Many of these services are "manged", meaning they are locked down to some degree so you don't step on your own toes, and in fact that's usually a good thing. To the extent that you need open source products, you can usually install your own.
Re:Open source? (Score:4, Informative)
Re: (Score:3)
Amazon is (in)famous for taking Open Source software and heavily modifying it for cloud use, including changes that create a vendor lock in.
Yep, we need a GPLv4 to close the SaaS loophole, for those who wish to do so anyway. Some people are still using GPLv2 because they don't even want to prevent Tivoization I guess, which is weird but fine — it's their choice.
Re: (Score:2)
Re: (Score:2)
Sadly, too much of the Open Source ecosystem nowadays doesn't care about that and is perfectly happy with their little walled gardens....
No, it's the fact that the FSF has created a license that didn't limit itself to only require enabling the user to provide their own signing keys. The anti-tivoization clause in the GPLv3 simply requires the means to run the source that was compiled by the end user:
“Installation Information” for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. [gnu.org]
However, by wording the GPLv3 this way, it's been successfully interpreted to mean "the manufacturer must hand over their own signing keys." Which scares off all of the media mongols who are scared shitless of "unlawful" copies, and thus means
Re: (Score:2)
What's obnoxious about requiring that the user be able to run their own code? How that is done is up to the vendor. They don't have to give you the keys to their kingdom.
the "SaaS loophole" is more a social issue than anything.
Is it? It seems to me it's about the wishes of the creators of software.
Re: (Score:2)
Yep, we need a GPLv4 to close the SaaS loophole, for those who wish to do so anyway.
I'm curious, how would this proposed GPLv4 differ from the existing AGPLv3?