If you have been keeping an eye on what the NSA has been up to while they were busy reading your emails, you might be aware of the XKEYSCORE program run by the agency. According to Edward Snowden, as told to Glenn Greenwald, the program was used to “sweep up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications.”
This is old news, you say. We’ve all known about it since 2013. So what’s the big deal and why am bringing it up now?
The big deal is that the NSA was allegedly running the program on ‘Free and Open Source’ software. Greenwald disclosed it yesterday on The Intercept:
XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat servers. It uses the Apache web server and stores collected data in MySQL databases. File systems in a cluster are handled by the NFS distributed file system and the autofs service, and scheduled tasks are handled by the cron scheduling service. Systems administrators who maintain XKEYSCORE servers use SSH to connect to them, and they use tools such as rsync and vim, as well as a comprehensive command-line tool, to manage the software.
This story generated mixed responses from the Open Source community. Many bashed Red Hat, even though we don’t know if the NSA is a Red Hat client. Others bashed the NSA for using Free Software to perform its ‘evil’ deeds.
I was among those who didn’t see any problem here. I have been using and advocating Free Software since 2005 and I have met numerous people from different walks of life who use Free Software. Back in 2007, I met Mohammad Khansari, director of the National Linux Project, Iran, who said that when the U.S. closed ‘Windows’ on them they moved to ‘Open Source’.
From the early days I tend to believe that the ‘Free Software’ community, despite philosophical differences, should not decide who should be allowed to use it. It must be agnostic about ‘who’ uses it. As long as the core value of ‘Free and Open Source’ software is not compromised.
I recalled a discussion around the same topic with Richard M Stallman in India a few years ago. But I had vague recollection of it so I reached out to him and asked him outright: “Should free software care or dictate who should use it? Shouldn’t any such free project be agnostic to ‘who’ uses it?”
[ See also: Don’t call it Linux! And other things that tick off Richard Stallman ]
He came back with a simple reply: “I basically agree with you.” And pointed me to an FSF article where he discussed the issue. I highly recommend that everyone interested in this story read his blog in it entirety. But the key takeaway is this: “A program must not restrict what jobs its users do with it.”
And the fact remains that the herculean task that the NSA decided to take on is better done with Free Software than proprietary software. To underscore this point, John Adams, former security lead for Twitter, criticized NSA for using such a poorly designed system. He said, “There are many open source offerings that would function far better than this design with very little work. Their operations team must be extremely unhappy.”
As far as Red Hat’s involvement is concerned I have no clue if they are working with the NSA. And honestly I wouldn’t have problems with Red Hat offering their solutions to the NSA. But I would have problems if Red Hat created backdoors in its software for the NSA, which doesn’t seem to be the case.
The takeaway from this discussion remains the same: A program, a book, a device, a tool, a service must not restrict what jobs its users do with them.
Instead of bashing Red Hat or Free and Open Source software we need to work towards creating a political environment where the NSA’s unconstitutional activities are brought to an end.