On trust and risk, Australia's Assistance and Access Bill
Jeremy Stanley
fungi at yuggoth.org
Fri Dec 7 19:09:26 UTC 2018
I've seen concern expressed in OpenStack and other free/libre open
source software communities over the recent passage of the
"Assistance and Access Bill 2018" by the Australian Parliament, and
just want to say that I appreciate the trust relationships we've all
built with our colleagues in many countries, including Australia. As
someone who doesn't particularly agree with many of the laws passed
in his own country, while I'm not going to encourage civil
disobedience, I do respect that many have shown preference for it
over compelled compromise of our community's established trust. I,
for one, don't wish to return to the "bad old days" of the crypto
wars, when major projects like OpenBSD refused contributions from
citizens and residents of the USA. It's bad for project morale,
excludes valuable input from people with a variety of perspectives,
and it's just downright inefficient too.
The unfortunate truth is that anyone can be pressured at any time to
derail, backdoor or otherwise compromise software and systems. A new
law in one country doesn't change that. There are frequent news
stories about government agencies installing covert interfaces in
enterprise and consumer electronic devices alike through compulsion
of those involved in their programming, manufacture and
distribution. There's evidence of major standards bodies being
sidetracked and steered into unwittingly approving flawed
specifications which influential actors already know ways to
circumvent. Over the course of my career I've had to make personal
choices regarding installation and maintenance of legally-mandated
systems for spying on customers and users. All we can ever hope for
is that the relationships, systems and workflows we create are as
resistant as possible to these sorts of outside influences.
Sure, ejecting people from important or sensitive positions within
the project based on their nationality might be a way to send a
message to a particular government, but the problem is bigger than
just one country and we'd really all need to be removed from our
posts for pretty much the same reasons. This robust community of
trust and acceptance we've fostered is not a risk, it's another line
of defense against erosion of our ideals and principles. Entrenched
concepts like open design and public review help to shield us from
these situations, and while there is no perfect protection it seems
to me that secret compromise under our many watchful eyes is a much
harder task than doing so behind the closed doors of proprietary
systems development.
I really appreciate all the Australians who toil tirelessly to make
OpenStack better, and am proud to call them friends and colleagues.
I certainly don't want them to feel any need to resign from their
valuable work because they're worried the rest of us can no longer
trust them.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20181207/a5219030/attachment.sig>
More information about the openstack-discuss
mailing list