On trust and risk, Australia's Assistance and Access Bill

Michael McCune msm at redhat.com
Fri Dec 7 19:23:23 UTC 2018


On Fri, Dec 7, 2018 at 2:12 PM Jeremy Stanley <fungi at yuggoth.org> wrote:
>
> I've seen concern expressed in OpenStack and other free/libre open
> source software communities over the recent passage of the
> "Assistance and Access Bill 2018" by the Australian Parliament, and
> just want to say that I appreciate the trust relationships we've all
> built with our colleagues in many countries, including Australia. As
> someone who doesn't particularly agree with many of the laws passed
> in his own country, while I'm not going to encourage civil
> disobedience, I do respect that many have shown preference for it
> over compelled compromise of our community's established trust. I,
> for one, don't wish to return to the "bad old days" of the crypto
> wars, when major projects like OpenBSD refused contributions from
> citizens and residents of the USA. It's bad for project morale,
> excludes valuable input from people with a variety of perspectives,
> and it's just downright inefficient too.
>
> The unfortunate truth is that anyone can be pressured at any time to
> derail, backdoor or otherwise compromise software and systems. A new
> law in one country doesn't change that. There are frequent news
> stories about government agencies installing covert interfaces in
> enterprise and consumer electronic devices alike through compulsion
> of those involved in their programming, manufacture and
> distribution. There's evidence of major standards bodies being
> sidetracked and steered into unwittingly approving flawed
> specifications which influential actors already know ways to
> circumvent. Over the course of my career I've had to make personal
> choices regarding installation and maintenance of legally-mandated
> systems for spying on customers and users. All we can ever hope for
> is that the relationships, systems and workflows we create are as
> resistant as possible to these sorts of outside influences.
>
> Sure, ejecting people from important or sensitive positions within
> the project based on their nationality might be a way to send a
> message to a particular government, but the problem is bigger than
> just one country and we'd really all need to be removed from our
> posts for pretty much the same reasons. This robust community of
> trust and acceptance we've fostered is not a risk, it's another line
> of defense against erosion of our ideals and principles. Entrenched
> concepts like open design and public review help to shield us from
> these situations, and while there is no perfect protection it seems
> to me that secret compromise under our many watchful eyes is a much
> harder task than doing so behind the closed doors of proprietary
> systems development.
>
> I really appreciate all the Australians who toil tirelessly to make
> OpenStack better, and am proud to call them friends and colleagues.
> I certainly don't want them to feel any need to resign from their
> valuable work because they're worried the rest of us can no longer
> trust them.
> --
> Jeremy Stanley

++

well said. thank you for stating this so eloquently.

peace o/



More information about the openstack-discuss mailing list