For my money, Christine Peterson offered the most important message I heard at OSCON. Way back when, she invented the term “Open Source” and, if we get behind it, which we should, the No Secret Software! rallying cry could be as big or bigger.

It’s simple: when data is gathered and used for the people as part of civic processes (voting is a good example), processing it using secret software, especially if it’s a private-sector secret, should be totally out of bounds.

Christine Peterson at OSCON 2008

This is very closely aligned to the struggle for the use of open-source software where appropriate, but “Open Source” is a term of art and is associated with ill-groomed inarticulate geeks who have odd opinions about lots of things. “Secret software” is a term that anyone can understand instantly, and it sounds creepy and dangerous; because secret software in the public sector is creepy and dangerous, and simply shouldn’t be allowed.

Ms Peterson gently chided the Open-Source community for having let the e-voting debacle happen in the first place; it was foreseeable and should have been headed off. I think she has a point.

Her aim in the OSCON talk (which is online at blip.tv) was to give warning of similar battles looming in the realm of security data, which is already vast and is growing fast. It will be gathered by our governments and will be put to lots of uses involving lots of software and storage.

We will get better security and simultaneously less potential for abuse if we rule out the use of secret software. So, let’s do that.

It’s not enough to be right about an important issue. It’s vital to frame our opinions and beliefs in language that’s simple and believable and whose meaning is clear and self-evident.

I think we’re in Ms Peterson’s debt for giving us this important rhetorical tool. I’m going to start putting it to use whenever these issues come up in the civic sector. I think if we all get behind this, we’ll strengthen our position in some debates that really matter, and we’ll be better citizens.



Contributions

Comment feed for ongoing:Comments feed

From: Bob Aman (Jul 27 2008, at 16:01)

Thanks for bringing this talk to my attention!

[link]

From: Clint Laskowski (Jul 27 2008, at 19:32)

I like the idea of "No Secret Software," too.

Could we develop a web site and maybe a logo or banner button that we could put on our own web sites or .sig lines showing support of the idea. These could link to the overall web site. We'll need bumper stickers, too.

[link]

From: Iain (Jul 27 2008, at 20:26)

That link seems to go to a talk other than the one you're writing about - it takes me to Widenius, Aker and O'Reilly.

Maybe http://oscon.blip.tv/file/1108326/ is the one you're after?

[link]

From: Doug Ransom (Jul 27 2008, at 21:12)

I think this is a much more apt way of framing the difference between open source and secret software. I completely agree that for security applications, like voting etc., the secret source should be out of the question; however, I would trust the private sector way more than the state with secret software for pretty much anything.

[link]

From: Dan Brickley (Jul 28 2008, at 02:14)

Intuitively, this is very appealing.

In practice I wonder whether it leaves too much wiggle-room to have teeth. Where does 'software' end and 'data' begin? That's a tough distinction to make in an accessible, intuitive way.

Take the security case. The software could be utterly transparent, yet driven by data (eg. rule sets) loaded alongside the base data. I could load up social network data dumps, alongside rules saying 'hat-wearing canadians are often terroristically inclined', into an entirely open-source, non-secret toolkit. But the likely policy folly that would follow is only understood if we understand the nature of the rule/config data loaded into the system. And very different set of policies and behaviour could be generated from exactly the same core 'software', if primed with different rules...

So which input data would we expect not to be secret? Anything untainted with private information about specific individuals, I'd guess. Data that essentially consists of encoded generalisations, assumptions about a simplified view of the world. Such cartoon worldviews can be dangerously over simplified, so I'd argue the 'no secret software' slogan has some applicability there.

Nearby in the Web: http://c4i.gmu.edu/OIC08/

[link]

From: Mark (Jul 28 2008, at 08:24)

I've noticed a euphemism for secret software, and that is "special software."

Whenever a research or other project mentions that they did something with a "special" software tool, what they mean is they aren't sharing it with you.

[link]

From: David (Jul 28 2008, at 09:18)

Having open software does me no good as I can't prove it was used. Instead, keep the data open. Make sure the system exposes sufficient data that any independent auditor can verify operation of the system (oracular arguments etc.). At that point, I don't care if the software is open or not as I can prove if it is corrupt.

[link]

From: Mark (Jul 28 2008, at 09:53)

I see this as a natural step in the ongoing process of dividing the world up in order to marginalize the extremists. "Free Software"? No no, can't have that. Sounds too communist. Unwashed long-haired hippies and all that. "Open source software"! Much better! Business-friendly(TM)!

Now we're dividing the world up again, slicing off the "ill-groomed inarticulate geeks" (Tim's words). Freedom to tinker? No no, can't have that. All we *really* need is the ability to inspect the source code, not modify it.

Next up: "no un-auditable software." Because we "respect" companies' right to maintain their trade secrets, so we'll designate a group of "experts" whom we "trust" to audit the source code for us. In secret of course, but we won't call it "secret." We'll call it "auditing in a controlled setting." We'll write laws to regulate the behavior of the auditors, and the requirements of the controlled setting.

The step after that, of course, is deregulation. Because, you know, all these onerous regulations (on the auditors and auditing) are costing businesses too much money. Deregulate! It's business-friendly(TM)! Let the free market fairy sprinkle her magic pixie dust and determine how secretive companies should be.

Meanwhile, us extremists will be over the corner, chanting "Free Software, Free Data, Free Formats." But you can safely ignore us. After all, the free market has decided that software secrets are doubleplusgood. Whatdya think this is, communism?

[link]

From: David W-F (Jul 28 2008, at 12:19)

Mark, Re: "All we *really* need is the ability to inspect the source code, not modify it", in the case of voting software that is essentially the crux of what we need (and as someone else noted, a way to verify that the source code inspected was actually the source code used).

Unlike, say, DVD player firmware, where modification for personal use is a downright reasonable request, something like voting is by it's nature run in a centralized fashion. Modifying the source code wouldn't really buy you anything. Ideally we want to be able to run the "stock" software independently on a multitude of machines in order to verify it's operation, but running a 'customized' copy of the vote tally doesn't really buy you anything, since what counts is what happens on the central server.

Ideally what'd be nice would be the software, source code and all, released into the wild, along with the data it is processing, in such a manner that we can verify the data is unmolested while protecting voter privacy. Insights from public key cryptography can probably help with the second part. Ronald Rivest (the 'R' in RSA) has done some work on this, but usability is a big issue.

[link]

From: Mark (Jul 28 2008, at 18:42)

> Modifying the source code wouldn't really buy you anything.

That's true, because all elections use the same rules, only the government has any need for election software, and there's only one country in the world that holds elections anyway.

[link]

From: Derek Keats (Jul 29 2008, at 02:08)

So the evolutionary steps are

<document handle="A rose by any other name is a more convincing rose">

<futureHistory>

<step>

<FreeSoftware>

<mutation>

<becomes>

<open source>

</becomes>

</mutation>

</FreeSoftware>

</step>

<step>

<OpenSource>

<mutation>

<becomes>

<noSecretSoftware>

</becomes>

</mutation>

</OpenSource>

</step>

<step type="future">

<noSecretSoftware>

<mutation>

<becomes>

FreeSoftware

</becomes>

</mutation>

</NoSecretSoftware>

</step>

</futureHistory>

[link]

author · Dad · software · colophon · rights

July 27, 2008
· The World (107 fragments)
· · Politics (143 more)

By .

I am an employee
of Amazon.com, but
the opinions expressed here
are my own, and no other party
necessarily agrees with them.

A full disclosure of my
professional interests is
on the author page.