Snowden argues for cloud control at OpenStack Summit

Edward Snowden, NSA whistleblower and current president of the Freedom of Press Foundation, joined OpenStack Foundation COO Mark Collier on stage at OpenStack Summit (via video conference) and delivered his keynote speech in the form of a Q&A.

Snowden might have sounded like a misfit at an open source conference that’s all about building cloud, but he removed all such doubts by drawing a very clear distinction between the public cloud and open source private cloud.

He took aim at public cloud and said you can use Amazon’s EC2, Google’s Compute Engine or any such solution out there that may work fine, but the problem is that they’re fundamentally disempowering. You pay them in exchange of services, but the fact is that you are paying them more than money. “You’re giving up control,” he said.

He then pointed at the well-known flaw of the proprietary software development mode where users have almost no influence over the development of the project. Users can’t fix bugs themselves of add few features. “They’re not going to change things and tailor it for your needs,” he said, “You’re sinking costs into an infrastructure that is not yours fundamentally.”

In contrast, he said, what OpenStack does is it gives alternatives of investing into things that you actually do not influence, own, control or even shape.

Talking about private cloud, Snowden said that we should envision a world where cloud infrastructures are not private in a sense of private corporations, but private in the sense of personal.

“Whether you are a small business, whether you are a large business whether you are a community of technologists, you can own it, you can control it, you can shape it,” said Snowden. “You can build, you can lay the foundation upon which everybody builds, and I think that’s probably one of the most powerful ideas that shapes the history of the internet and hopefully will allow us to direct the future of the internet in a more free, rather than more closed way.”

Snowden’s deep understanding of the way the open source model works comes from the fact that he is a very heavy user of open source projects like Tailguard, Debian, Tails OS and Tor.

Snowden has evolved from being a user of open source to a contributor to open source. As the president of Freedom of Press Foundation, his primary job has been to expand the open source development efforts that they do in-house.

“We make Secure Drop, which is run in all the important news rooms in the United States and increasingly around the world, for allowing anonymous sources to contact journalists securely,” he said. “There are a lot of other really interesting efforts that you’ll be hearing more about this year.”

But when it comes to privacy and anonymity, software is only one part of the equation. Hardware plays an even bigger role. “When we turn on airplane mode, when we turn off location services, how do we know the GPS is actually off? How do we know the basement antenna is actually powered down?” he said.

That’s one of the many reasons privacy advocates don’t recommend using cellphones. But Snowden is not stopping at pointing out the problem, he is working on fixing it. “We are developing a hardware, which is free and open. Anybody will be able to replicate this. We’re going to provide the plans. We’ve already written the paper about it, where you will actually be able to look at the electron flow over these circuit paths to confirm that for yourself,” said Snowden.

This need to create new hardware is driven by his belief that, “All systems should largely be designed to obey the user. Secondly, they should not be designed to hide things from us. They should not deceive the user. They should not lie to the user. They shouldn’t hide things or material from the user.”

But the problem with proprietary software goes beyond the fact that someone doesn’t want to share the source code. It’s also about not being able to know and fix problems in those closed technologies. He gave an example of Intel where every Intel chip has a vulnerability but we can’t do anything about it. “Intel’s management engine has these blobs on it that we can’t inspect, that we can’t see, that we can’t change, that we can’t patch,” said Snowden.

Snowden compared this situation with open source by referring to a quote by Linus Torvalds, “the beauty of open source is many eyes make all bugs shallow, but we see the bugs still get through. And they still get through for a very long time, even in the most open context, we get things like Shellshock, and the impacts of this are large.”

That doesn’t mean we should not do open source just because some bugs get through, he argued. Because unlike proprietary software, when you do get a bug in open source, the entire community responds, they can audit it, fix it and release patches. The community learns something from that bug and the code base is improved, new processes are put in place to ensure less such bugs pass through.

Whereas in the proprietary world when companies find security flaws in their software, we don’t know what they learned. “We can’t evaluate if their response was positive or negative, if it was good enough, or not good enough, and ultimately even if we don’t like it, we have no influence over it,” he said.

“The point of open source,” Snowden said, is that “we don’t have to compromise. We want a better world, and so we’re going to build it.”