123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473 |
- <?xml version="1.0" encoding="iso-8859-1" ?>
-
- <html>
- <head>
- <title>FSFE - Internet Governance Forum (IGF) - Sovereign Software, by Georg Greve</title>
- </head>
-
- <body>
-
- <center>
- <h1>Sovereign Software</h1>
- <h2>Open Standards, Free Software, and the Internet</h2><br />
- </center>
- <div align="right">
- <a href="/about/greve/greve.html">Georg C.F. Greve</a><br />
- Free Software Foundation Europe (FSFE), President<br />
- written for <a href="http://www.intgovforum.org/contributions_for_1st_IGF.htm" target="_blank">substantial contributions to the first IGF</a>
- </div>
-
- <center>
- [<a href="SovereignSoftware.pdf">PDF Version, 91k</a>]
- </center>
-
- <h2>Introduction</h2>
-
- <p>Software issues are issues of power and fundamentally shape the
- societies we are living in. Even to those who had not followed digital
- policy issues before this became increasingly evident throughout the
- <a href="/campaigns/wsis/">United Nations World Summit on the
- Information Society (WSIS)</a>. Two fundamental questions characterise
- this battlefield: Who controls your data? Who controls your
- computer?</p>
-
- <p>The first question generally revolves around Open Standards, and in
- particular how they should be defined and upheld. All players in the
- field speak out in favor of Open Standards, but some wish that term to
- be understood in ways that they still control your data and retain the
- power to lock out competitors at will.</p>
-
- <p>The second question has been one of the key controversies throughout
- the WSIS, it was highly controversial during the WGIG, and remains
- controversial throughout the Internet Governance Forum (IGF). This
- issue is one of software models, of proprietary vs Free Software, and
- has been oddly polarised between for-profit and non-profit in the WSIS
- context.</p>
-
- <p>This may have been due to the specific situation that mainly the largest
- proprietary software multinational followed the WSIS intensively while
- the large multinational vendors of Free Software generally did not
- participate and were thus not represented in the CCBI. [<a name="ref1" href="#1">1</a>]</p>
-
- <h2>Open Standards</h2>
-
- <p>Having been preached as commonplace statement in the information
- technology industry for many years already, Open Standards only
- recently made their entry into the center stage of public policy. One
- of the places where this happened was during the WSIS, and will be of
- major importance for the Internet Governance Forum (IGF). But why are
- Open Standards so important?</p>
-
- <h3>Background on formats</h3>
-
- <p>All computers store and transmit information in encoded form. These
- used to be very simple representations where certain numerical values
- stand for a certain character, for instance. And while their
- complexity has been increasing steadily with the power and complexity
- of computers, certain basic rules always apply.</p>
-
- <p>The first important rule is that any such choice of encoding is an
- arbitrary, and not a natural choice. The number 33 may represent the
- letter 'a' or 'z' depending on the convention for this standard. There
- is no right way of doing this, there are only possible ways.</p>
-
- <p>The second important rule is that once data has been encoded in a
- certain format, it can only be read by software that implements this
- format, and implements it exactly. Even slight deviations from the
- conventions of the format will easily cause massive data corruption. A
- common and mostly harmless form of this is lost or broken formatting
- in text processing software. In the worst case the data will be
- unrecoverable.</p>
-
- <h3>Formats and market failure</h3>
-
- <p>From a market point of view, such a situation generally brings about
- market failure: Customers who saved their data in one format quickly
- find themselves unable to choose another vendor that was not able to
- implement the same format, or unable to implement it well enough. If
- the only way to migrate is to lose years of data there is a very
- effective vendor lock-in that practically makes it impossible to
- choose software according to its merits.</p>
-
- <p>Additionally, strong network effects dominate today's computer world.
- If a company invested heavily into a desktop infrastructure in the
- past and this infrastructure uses certain communication protocols,
- they find themselves faces with two alternatives: Get only such
- software that implements these protocols perfectly or write off the
- investment and replace the entire infrastructure, obviously at a high
- additional investment.</p>
-
- <p>A third party vendor that wishes to enter this market is faced with a
- situation similar to someone finding themselves in a room of people
- speaking a foreign language, with no dictionary and syntactic help
- available. Human languages are collections of arbitrary decisions just
- like computer formats and protocols. There is no inherent natural
- reason to call a table a table, or call a chair a chair. For someone
- not speaking that language and without a dictionary or at least
- someone willing to explain the language it becomes very hard to
- communicate.</p>
-
- <p>In information technology, some people have been able to divine
- information about such protocols and file formats merely by watching
- others use that language. This is called protocol analysis and has
- helped mitigate the negative influences of the systematics above
- somewhat.[<a name="ref2" href="#2">2</a>] It
- is also the reason why some dominant vendors start inserting
- cryptography into their protocols, preventing further protocol
- analysis in the future.</p>
-
- <h3>Public Policy implications</h3>
-
- <p>All of this is obviously a major concern for public policy for various
- reasons and has been discussed in various fora, e.g. the Danish
- parliament for its motion <b>B
- 103</b>[<a name="3" href="ref3">3</a>]
- in which the following reasons are elaborated.</p>
-
- <h4>Healthy procurement policy</h4>
-
- <p>It is obviously not sustainable to make investments that will become
- subject to the effects explained above. There is virtually no market
- and a single vendor is in the position to vitiate the entire
- investment. As this is not in line with the principles of efficient
- and sustainable procurement by the public sector, such situations have
- to be avoided.</p>
-
- <h4>Protect democracy from networking effects</h4>
-
- <p>The same networking effects that were described above take place when
- the software needs to communicate with citizens. Only citizens that
- choose the one vendor implementing that proprietary protocol would
- then be able to communicate with their administration, violating the
- basic principle of citizens being able to freely communicate with
- their governments. Using proprietary formats and protocols would
- instead force them into the same vicious cycle of investment and
- increasing stakes explained above.</p>
-
- <h4>Ensure open competition</h4>
-
- <p>Such a situation is obviously contrary to the principles of
- open competition and markets and will quickly bring issues of market
- concentration and stifling of innovation. As this is contrary to the
- goals of any government, governmental procurement should support open
- and competitive markets.</p>
-
- <h4>Merging effects, ensuring accessibility</h4>
-
- <p>In the scope of more efficient administration, many municipalities and
- different parts of administration are starting to pool resources. If
- this is attempted with proprietary formats, it usually means that
- unless all parts have already been using the same software,
- significant investments by one or several of the administrations would
- be lost.</p>
-
- <p>Also all of this will have to take into account the rights of people
- with disabilities, who may have special requirements in software that
- the implementation of that proprietary format may not meet. In this
- situation there will be no possibility for people with disabilities to
- communicate with their governmental services.</p>
-
- <h4>Commercial-political perspectives</h4>
-
- <p>Ultimately there are strong political issues with storage of data in
- proprietary formats. What if those data become inaccessible in the
- future due to problems with that particular vendor? Can a government
- really rely blindly and without alternative on the goodwill of any
- singular commercial entity?</p>
-
- <h4>Long term commercial aspects</h4>
-
- <p>Also, with all of the above, increasing choice and freedom to choose
- in an open market will bring additional long-term commercial benefits.</p>
-
- <h3><a name="os" />What is an Open Standard?</h3>
-
- <p>There are various definitions for what should or should not be
- considered an Open Standard. The aforementioned Danish motion
- describes it as:</p>
- <ul>
- <li>well documented with its full specification publically available</li>
- <li>freely implementable without economically, politically or legal
- limitations on implementation and use, and </li>
- <li>standardized and maintained in an open forum (a so-called standards organisation) through an open process.</li>
- </ul>
-
- <p>This is relatively similar to the definition of an Open Standard by
- the European Commission in its European Interoperability
- Framework.[<a name="ref4" href="4">4</a>]</p>
-
- <p>Both these definitions were criticised by the vendors that profit
- commercially from the dependency cycles explained above, as well as
- organisations representing their interest. The usual argumentation for
- this criticism is generally oriented along the lines of patents that
- were granted on such a format or protocol, and for which the patent
- holder might choose to generate license revenue. The euphemism du jour
- for this is usually ''Reasonable and Non-Discriminatory'' (RAND)
- licensing.</p>
-
- <p>This is but a euphemism because patents are by their nature limited
- monopolies granted by law to a single entity. This entity will always
- have the upper hand in any dispute, and indeed there are plenty of
- stories about formats and protocols that are theoretically known, but
- remain proprietary due to patent issues.</p>
-
- <p>That all other vendors not holding this patent are put in an equally
- bad position may indeed seem non-discriminatory, but it does not
- fundamentally change the balance of power of the situation.</p>
-
- <p><b>All
- formats and protocols are fundamentally arbitrary in nature, but must
- be followed precisely for the data that was stored in them to be
- recovered.</b></p>
-
- <h3>Open Standards in practice</h3>
-
- <p>In theory, the definitions of the European Union or the Danish
- parliament would be sufficient to define an Open Standard. In practice
- things have proven to be more complicated because the situation with
- proprietary formats described above is immensely profitable for the
- vendor in control of that software.</p>
-
- <p>So ultimately, a proprietary vendor with a certain amount of market
- penetration has an economic incentive to violate the Open Standard and
- turn it into a de-facto proprietary one. This indeed has happened
- repeatedly in history. The European Commission antitrust investigation
- against Microsoft provides testimony to how deviating from an Open
- Standard (CIFS, the ''Common Internet File System'') allowed Microsoft
- to leverage its desktop monopoly into near total dominance on the
- workgroup server market. This has proven so profitable that Microsoft
- appears more inclined to pay billions in fines than to stop this
- practice.[<a name="ref5" href="#5">5</a>]</p>
-
- <p>Often this is also done by slightly changing the implementation in
- ways that are hard to pinpoint or can be debated within the limits of
- human interpretation, but make sure that the implementations of other
- vendors will not integrate flawlessly anymore. The economic incentive
- for this is huge for proprietary players that bypass a certain
- threshold in size.</p>
-
- <h3>How to maintain an Open Standard</h3>
-
- <p>The only way to prevent this sort of thing seems to add one more
- criterion to the definitions above: ''The standard must have at least
- one Free Software implementation and all implementations that seek to
- be compliant with the Open Standard must be regularly tested against
- the Free Software implementation(s), which act as the common reference
- base.''</p>
-
- <p>Because Free Software[<a name="ref6" href="#6">6</a>] is, inter
- alia, defined by the freedom to study its implementation, this allows
- all players in the market to study the common reference base not only
- in specification language, but also in language, and regular tests
- against that base can help curb deviations from the Open Standard.</p>
-
- <p>Free Software also provides the freedoms of use, modification and
- distribution, therefore most vendors can also simply include that
- implementation in their own software, further reducing
- interoperability barriers.</p>
-
- <p>So while there is in theory no connection between Open Standards and
- Free Software, in practice Free Software becomes a necessary component
- to maintain an Open Standards against economic incentive to
- propertise or deviate from an Open Standard.</p>
-
- <h3>Open Standards and the WSIS/IGF</h3>
-
- <p>A good example for this is the internet. Before the internet became
- what it is today there were various different attempts to establish
- something similar. Why did the internet succeed? Because the
- implementations of basic internet protocols such as TCP/IP were Free
- Software and therefore equally available to all.</p>
-
- <p>The World Wide Web repeated this story when Tim Berners-Lee waived all
- patents on the protocols and formats, and they were implemented in
- Free Software. More than 60% of the world's web sites run on Apache,
- one of several Free Software web servers.</p>
-
- <p>Sadly enough, the language on Open Standards adopted in the WSIS and
- subsequently carrying into the IGF would not be sufficient to build
- something like the internet. Formats and protocols going by that
- definition would be subject to all the effects elaborated above.</p>
-
- <p>So it is important that the Internet Governance Forum (IGF) now goes
- beyond this insufficient language and works out true international
- consensus that will protect the internet from ''propertisation creep''
- in all its protocols and formats. Open Standards are an essential
- building block of the internet -- they must be maintained for the
- internet to not fall victim to a tower of babel syndrome.</p>
-
- <h2>Free Software</h2>
-
- <p>The practical connection between Free Software and Open
- Standards has already been elaborated, but there are other, genuine
- Free Software issues that have no direct connection with Open
- Standards. These are issues of software model and ultimately of
- control over your own computer.</p>
-
- <p>Free Software is software that gives all users and developers the
- following four freedoms:</p>
- <ul>
- <li>The freedom to run the program, for any purpose.</li>
- <li>The freedom to study how the program works, and adapt it to your needs.</li>
- <li>The freedom to make and redistribute copies.</li>
- <li>The freedom to improve the program, and release improvements.</li>
- </ul>
-
- <p>It is important to note that any of these activities can be
- commercial, indeed there are large international companies for which
- Free Software is a very profitable business, IBM, SUN, HP and others
- among them.[<a name="ref7" href="#7">7</a>]</p>
-
- <h3>The difference of software models</h3>
-
- <p>So commerciality is not the dividing line between proprietary and Free
- Software. In the ultimate abstraction the issue of software models
- comes down to one fundamental question: Who has control over the
- software that runs your computer?</p>
-
- <p>With proprietary software, that is always and exclusively the
- proprietor of the software. The owner of the computer generally gets
- some usage permissions for certain purposes, but these can usually be
- revoked and the user never owns or controls the software in any
- meaningful sense. With Free Software, the user is put in charge and
- control of their own software.</p>
-
- <p>This shift in power from ''one over everyone else'' to ''everyone over
- themselves'' fundamentally affects how national economy, enterprises,
- science, education, politics and society as a whole works. A full
- elaboration of these issues would be beyond the scope of this paper,
- so it will focus on a few selected issues of governance and
- sovereignty.</p>
-
- <h3>An issue of control</h3>
-
- <p>Although this may seem like an obviously falsehood, there is
- widespread common belief that the user controls their computer. In
- reality, it is only the software that actually controls the computer,
- taking some hints from the user if so programmed. This is an important
- fundamental distinction, because it makes clear that only by
- controlling the software can users control what their computer
- actually does.</p>
-
- <p>There are plenty of examples of software doing things secretly, and
- without the knowledge of the user. One recent example includes a piece
- of software that comes with SONY CDs and informs SONY every time that
- CD is played, and on which machine. All of this happened without
- visible signs on the computer, and without any information for or
- agreement by the user. Indeed, the user was falsely informed by SONY
- that this did <b>not</b> happen until someone was able to prove them
- wrong.[<a name="ref8" href="#8">8</a>]</p>
-
- <p>Similar stories exist for various other proprietary software
- solutions, including collaboration and conferencing software that was
- allegedly safe and highly encrypted and most likely used by
- governments for confidential activities around the world.</p>
-
- <p>Because there is no way to know for sure what your software does
- unless you have full control over it, the German Agency for Security
- in Information Technology (BSI) has a recommendation for Free
- Software.[<a name="ref9" href="#9">9</a>] Indeed, the German embassies
- around the world are networked with the German government through Free
- Software, using the GNU/Linux based SINA box.[<a name="ref10"
- href="#10">10</a>] </p>
-
- <h3>Issues of political mandate</h3>
-
- <p>Even though there has been considerable movement on the issue, Open
- Standards in public administration are still the rare exception. And
- in the proprietary world, which is still the norm in many governments,
- generally only one vendor can provide software that will be able to
- access those data and processes. So effectively much of public
- administration and governmental processes are controlled by software
- which in turn is controlled by only one vendor that the government has
- no meaningful control over.</p>
-
- <p>Free Software is the only way to ensure that governments actually
- control their own data and processes, including critical
- infrastructures. Free Software also avoids the aforementioned
- "propertisation creep" on Open Standards: There is no profit in this,
- as generally any vendor can choose to supply or maintain that
- solution.</p>
-
- <b>Only Free Software is ever truly Sovereign Software.</b>
-
- <h4>Free Software and the WSIS/WGIG/IGF</h4>
-
- <p>Free Software and the internet go hand in hand. It was Free Software
- that critical to making the internet possible, and indeed Free
- Software continues to shape and run the internet. At the same time,
- Free Software and its representatives has been all but excluded from
- the WGIG and the IGF processes thus far.</p>
-
- <p>If the Internet Governance Forum is to become a truly inclusive forum
- to discuss internet related issues, Free Software and its
- representatives should be included in all relevant fora and all
- political levels of the IGF. Otherwise there is a possibility that the
- people who actually continue to build the internet will simply take
- their discussions elsewhere.</p>
-
- <hr />
-
- <p class="footnote">
- [<a name="1" href="#ref1">1</a>] Some people see the two issues connected, other argue they should
- always be treated separately. As will become clear later on, the two
- issues are indeed not connected in theory, but have a connection in
- practice. In order to understand this, it is important to consider
- them isolated and individually first.</p>
-
- <p class="footnote">
- [<a name="2" href="#ref2">2</a>] This is how OpenOffice (<a
- href="http://www.openoffice.org">http://www.openoffice.org</a>) came
- to its ability to generally read most documents written with Microsoft
- Word, for instance, or how the Samba (<a
- href="http://www.samba.org">http://www.samba.org</a>) software became
- able to replace large parts of the functionality of Microsoft
- workgroup servers.</p>
-
- <p class="footnote">
- [<a name="3" href="#ref3">3</a>]
- <a href="http://www.ft.dk/Samling/20051/beslutningsforslag/B103/index.htm">http://www.ft.dk/Samling/20051/beslutningsforslag/B103/index.htm</a></p>
-
- <p class="footnote">
- [<a name="4" href="#ref4">4</a>]
- <a href="http://ec.europa.eu/idabc/en/document/7728.html">http://ec.europa.eu/idabc/en/document/7728.html</a>
- </p>
-
- <p class="footnote">
- [<a name="5" href="#ref5">5</a>]
- <a href="/activities/ms-vs-eu/">http://fsfeurope.org/activities/ms-vs-eu/</a>
- </p>
-
- <p class="footnote"> [<a name="6" href="#ref6">6</a>] For a full and
- concise definition of Free Software please consult the ''<a
- href="/activities/wipo/fser.html">Free Software Essentials
- Reference</a>'' also supplied in the <a
- href="http://www.intgovforum.org/contributions_for_1st_IGF.htm">substantial
- contributions</a> to the IGF.</p>
-
- <p class="footnote"> [<a name="7" href="#ref7">7</a>]
- A more complete and elaborate definition of Free
- Software and a clarification of the most common misunderstandings is
- available on the ''<a href="/activities/wipo/fser.html">Free Software Essentials Reference</a>'' sheet also in
- the substantial contributions to the IGF.</p>
-
- <p class="footnote"> [<a name="8" href="#ref8">8</a>]
- <a href="http://www.wired.com/news/privacy/0,1848,69601,00.html">http://www.wired.com/news/privacy/0,1848,69601,00.html</a></p>
-
- <p class="footnote"> [<a name="9" href="#ref9">9</a>]
- <a href="http://www.bsi.bund.de/oss/index.htm">http://www.bsi.bund.de/oss/index.htm</a></p>
-
- <p class="footnote"> [<a name="10" href="#ref10">10</a>]
- <a href="http://www.bsi.bund.de/fachthem/sina/index.htm">http://www.bsi.bund.de/fachthem/sina/index.htm</a></p>
-
-
-
- </body>
-
- <timestamp>$Date$ $Author$</timestamp>
- </html>
- <!--
- Local Variables: ***
- mode: xml ***
- End: ***
- -->
|