1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.90 -->
<title>A wise user judges each Internet usage scenario carefully - GNU
Project - Free Software Foundation</title>
<!--#include virtual="/philosophy/po/judge-internet-usage.translist" -->
<!--#include virtual="/server/banner.html" -->
<h2>A wise user judges each Internet usage scenario carefully</h2>
<p>by Richard Stallman<br />First published in <a
href="https://www.europeanbusinessreview.com/a-wise-user-judges-each-internet-usage-scenario-carefully/">The European
Business Review</a></p>
<p>Businesses now offer computing users tempting opportunities to
let others keep their data and do their computing. In other words,
to toss caution and responsibility to the winds.</p>
<p>These businesses, and their boosters, like to call these computing
practices “cloud computing”. They apply the same term
to other quite different scenarios as well, such as renting a remote
server, making the term so broad and nebulous that nothing meaningful
can be said with it. If it has any meaning, it can only be a certain
attitude towards computing: an attitude of not thinking carefully about
what a proposed scenario entails or what risks it implies. Perhaps the
cloud they speak of is intended to form inside the customer's mind.</p>
<p>To replace that cloud with clarity, this article discusses
several different products and services that involve very different
usage scenarios (please don't think of them as “cloud
computing”), and the distinctive issues that they raise.</p>
<p>First, let's classify the kinds of issues that a usage scenario
<em>can</em> raise. In general, there are two kinds of issues to
be considered. One is the issue of <em>treatment of your data</em>,
and the other is <em>control of your computing</em>.</p>
<p>Within treatment of your data, several issues can be distinguished:
a service could lose your data, alter it, show it to someone else
without your consent, and/or make it hard for you to get the data
back. Each of those issues is easy to understand; how important they
are depends on what kind of data is involved.</p>
<p>Keep in mind that a US company (or a subsidiary of one) is required
to hand over nearly all data it has about a user on request of the
FBI, without a court order, under “USA PATRIOT Act”,
whose blackwhiting name is as orwellian as its provisions. We know
that although the requirements this law places on the FBI are very
loose, the FBI systematically violates them. Senator Wyden says
that if he could publicly say how the FBI stretches the law, <a
href="http://www.wired.com/dangerroom/2011/05/secret-patriot-act/">the
public would be angry at it</a>. European organizations might well
violate their countries' data protection laws if they entrust data
to such companies.</p>
<p>Control of your computing is the other category of issue.
Users deserve to have control of their computing. Unfortunately,
most of them have already given up such control through the use of
proprietary software (not free/libre).</p>
<p>With software, there are two possibilities: either the users control
the software or the software controls the users. The first case we
call “free software”, free as in freedom, because the users
have effective control of the software if they have certain essential
freedoms. We also call it “free/libre” to emphasize that
this is a <a href="/philosophy/free-sw.html">question of freedom, not
price</a>. The second case is proprietary software. Windows and MacOS
are proprietary; so is iOS, the software in the iPhone. Such a system
controls its users, and a company controls the system.</p>
<p>When a corporation has power over users in that way, it is likely to
abuse that power. No wonder that Windows and iOS are known to have spy
features, features to restrict the user, and back doors. When users
speak of “jailbreaking” the iPhone, they acknowledge that
this product shackles the user.</p>
<p>When a service does the user's computing, the user loses control
over that computing. We call this practice “Software as
a Service” or “SaaS”, and it is equivalent to
running a proprietary program with a spy feature and a back door. <a
href="/philosophy/who-does-that-server-really-serve.html">It is
definitely to be avoided.</a></p>
<p>Having classified the possible issues, let's consider how several
products and services raise them.</p>
<p>First, let's consider iCloud, a coming Apple service, whose
functionality (according to advance information) will be that users
can copy information to a server and access it later from elsewhere,
or let users access it from there. This is not Software as a Service
since it doesn't do any of the user's computing, so that issue
doesn't arise.</p>
<p>How will iCloud treat the user's data? As of this writing, we don't
know, but we can speculate based on what other services do. Apple
will probably be able to look at that data, for its own purposes
and for others' purposes. If so, courts will be able to get it with
a subpoena to Apple (<em>not</em> to the user). The FBI may be able
to get it without a subpoena. Movie and record companies, or their
lawsuit mills, may be able to look at it too. The only way this might
be avoided is if the data is encrypted on the user's machine before
upload, and decrypted on the user's machine after it is accessed.</p>
<p>In the specific case of iCloud, all the users will be running Apple
software, so Apple will have total control over their data anyway. A
spy feature was discovered in the iPhone and iPad software early in
2011, leading people to speak of the “spyPhone”. Apple
could introduce another spy feature in the next “upgrade”,
and only Apple would know. If you're foolish enough to use an iPhone
or iPad, maybe iCloud won't make things any worse, but that is no
recommendation.</p>
<p>Now let's consider Amazon EC2, a service where a customer leases
a virtual computer (hosted on a server in an Amazon data center)
that does whatever the customer programs it to do.</p>
<p>These computers run the <a href="/gnu/linux-and-gnu.html">GNU/Linux
operating system</a>, and the customer gets to choose all the
installed software, with one exception: Linux, the lowest-level
component (or “kernel”) of the system. Customers must
select one of the versions of Linux that Amazon offers; they cannot
make and run their own. But they can replace the rest of the system.
Thus, they get almost as much control over their computing as they
would with their own machines, but not entirely.</p>
<p>EC2 does have some drawbacks. One is, since users cannot install
their own versions of the kernel Linux, it is possible that Amazon
has put something nasty, or merely inconvenient, into the versions
they offer. But this may not really matter, given the other flaws. One
other flaw is that Amazon does have ultimate control of the computer
and its data. The state could subpoena all that data from Amazon. If
you had it in your home or office, the state would have to subpoena
it from you, and you would have the chance to fight the subpoena in
court. Amazon may not care to fight the subpoena on your behalf.</p>
<p>Amazon places conditions on what you can do with these servers,
and can cut off your service if it construes your actions to conflict
with them. Amazon has no need to prove anything, so in practice it
can cut you off if it finds you inconvenient. As Wikileaks found out,
the customer has no recourse if Amazon stretches the facts to make
a questionable judgment.</p>
<p>Now let's consider Google ChromeOS, a variant of GNU/Linux which is
still in development. According to what Google initially said, it will
be free/libre software, at least the basic system, though experience
with Android suggests it may come with nonfree programs too.</p>
<p>The special feature of this system, its purpose, was to deny
users two fundamental capabilities that GNU/Linux and other operating
systems normally provide: to store data locally and to run applications
locally. Instead, ChromeOS would be designed to require users to save
their data in servers (normally Google servers, I expect) and to let
these servers do their computing too. This immediately raises both
kinds of issues in their fullest form. The only way ChromeOS as thus
envisaged could become something users ought to accept is if they
install a modified version of the system, restoring the capabilities
of local data storage and local applications.</p>
<p>More recently I've heard that Google has reconsidered this decision
and may reincorporate those local facilities. If so, ChromeOS might
just be something people can use in freedom—if it avoids the
many other problems that we <a
href="/philosophy/android-and-users-freedom.html">observe today in
Android</a>.</p>
<p>As these examples show, each Internet usage scenario raises its own
set of issues, and they need to be judged based on the specifics.
Vague statements, such as any statement formulated in terms of
“cloud computing,” can only get in the way.</p>
</div><!-- for id="content", starts in the include above -->
<!--#include virtual="/server/footer.html" -->
<div id="footer">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and submitting translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and submitting translations
of this article.</p>
</div>
<!-- Regarding copyright, in general, standalone pages (as opposed to
files generated as part of manuals) on the GNU web server should
be under CC BY-ND 4.0. Please do NOT change or remove this
without talking with the webmasters or licensing team first.
Please make sure the copyright date is consistent with the
document. For web pages, it is ok to list just the latest year the
document was modified, or published.
If you wish to list earlier years, that is ok too.
Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
years, as long as each year in the range is in fact a copyrightable
year, i.e., a year in which the document was published (including
being publicly visible on the web or in a revision control system).
There is more detail about copyright years in the GNU Maintainers
Information document, www.gnu.org/prep/maintain. -->
<p>Copyright © 2011, 2019 Richard Stallman</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
Commons Attribution-NoDerivatives 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2019/12/30 11:28:30 $
<!-- timestamp end -->
</p>
</div>
</div>
</body>
</html>
|
