☆ Balancing Transparency and Privacy

Beautiful WindowOne of the keys to a successful open source community is appropriate transparency. A community with strong values around transparency will also be likely to respect its participants privacy. Such a community will also be unlikely to have a copyright assignment benefiting a commercial party. Here’s why.

An open source community arises from the synchronization of the individual interest of many parties. Each person:

  • comes to the community at their own (or their employer’s) expense,
  • seeks to derive from the commons at its heart software that fulfils their individual interest and
  • freely brings with them their own abilities and contributions.

No-one is owed a living by anyone else – communities do not have business models, only the participants gathering in them do. Participants with a business interest in the code express that interest elsewhere, if it’s a truly open community.

To create an environment where people are willing to synchronize their individual interests and collaborate over code, there has to be transparency. But that doesn’t have to extend to the lives of the participants themselves. Your motivations for being involved in the community are of no relevance to my life because our relationship in the community depends on code. The code, the community and how they interact are transparent, but motivations for participating in it are opaque. My reasons are up to me alone and yours up to you. They’re private and irrelevant because the code speaks for itself. And by implication, you have no right to force acceptance of your business model on me.

Thus in a healthy open source community, I’m free to maintain my privacy around my motivations and how I’m funding my involvement if I wish. On the other hand, I’m able to work in an environment of transparency where all the code is known, all its origins are known, all its defects are potentially known.

That combination of transparency with privacy is, in my opinion, a primary characteristic of an open-by-rule open source community. Communities without the rule “if it didn’t happen as a matter of open record, it didn’t happen” are closed, regardless of the software license. Open source is about transparency at the community level but also about the privacy of the individuals involved.

The interface between the two is where a formal community/contribution agreement is relevant. To maintain trust, enable development transparency and permit individual privacy, it’s reasonable to ask every participant to sign an agreement promising to stick to community norms, especially with respect to the originality of contributions and the possibility that they are associated with parallel-filed patents.

But it’s not reasonable to give any one participant the exclusive advantage of aggregated copyright for them to use privately. Doing so breaches the transparency-privacy boundary, damages trust by enabling opaque behaviour with the community commons and introduces private business-model reasoning into the community where it doesn’t belong.

I’ve heard arguments such as “we have to be able to make a profit” or “we contributed the original code” to justify copyright assignments, but these are personal not community arguments. Your need for profit is yours, not the community’s, and if you didn’t have it nailed before you started the community and irreversibly licensed the code under an OSI-approved license, that’s your problem. Your business need is no reason for me to surrender my copyright to you, so please don’t demand it. There is no amount of contribution on your part that permits you to demand anything from me.

That’s why, as a participant in Project Harmony, I’m only interested in the variants that grant equal rights to everyone. There will be more news about this soon – watch out for it.

[Expanded from a comment I made in FLOSS Weekly 39.  A helpful research paper on this subject is The Role of Participation Architecture in Growing Sponsored Open Source Communities]

☆ Bite-Size Privacy and Anonymity

Peeping SquirrelA discussion 1 2 3 4 broke out on Identi.ca recently where it became clear that the distinction between anonymity and privacy is not clear for some people. It led to the opportunity to discuss the nature of both concepts (albeit in 140-character bursts) with some smart people devoted to both, people I respect greatly. I’ve been left with some bite-sized explanations that I hope others will appreciate as well.

  • Privacy is the lifecycle of secrets once you have chosen to share them. Anonymity is where an act is publicly known but the actor is not.
  • Privacy is the duty to respect the data that has been disclosed to you. Anonymity is the right not to disclose the data in the first place.
  • Privacy is the duty of each and every entity with which we engage. Anonymity is a privilege each of us should be entitled to on the rare occasions we need it. (By privilege I mean that we are able to secure anonymity only by the grace of those who choose to supply the means for it to be possible. It is not a given – notably in China –  it must be granted.)
  • In daily life, we routinely expect our privacy to be respected by those with whom we engage. We rarely expect or need anonymity but on the occasions we do it must be absolute.
  • To create privacy, we need policies backed up by law that each recipient of our personal data must adhere to. To deliver anonymity, there needs to be a place where our connection with the net is anonymised, and the provision of that capability needs the active grace of its provider.
  • Anonymity requires privacy, but privacy does not require anonymity. (By this I mean that your connection to the internet is known to your ISP, and much else is known to many others, so to secure anonymity in a specific case requires the discretion of those individuals who could identify you if they chose to – and that discretion is called privacy.)

I’ll add further points as they arise. Discussion welcome!

Update: Just a few moments after posting I saw this great Bruce Schneier posting about the dynamics of privacy:

“So privacy for the government increases their power and increases the power imbalance between government and the people … Privacy for the people increases their power. It also increases liberty, because it reduces the power imbalance between government and the people.”

Update: I really like this initiative to create icons for privacy policies by the way.

%d bloggers like this: