LibrePlanet 2017

Jump to navigation Jump to search

Saturday, March 25th

When we fight we win: Technology and liberation in Trump's America

Kade Crockford

The senate voted to allow ISPs to sell user data, by 50-48. Now, we have to worry about ISPs selling personal data to private companies, and to government agencies.

Technology is not an adequate response to bad policy. If you understand policy implications, then you have an obligation to take action on a technical level.

The last election made a lot of people think "I haven't paid attention to politics, and now look what's happened". We've elected a demagogue. ACLU membership quadrupled after the election.

We wish people would have paid this much attention when Obama assaulted our freedoms. For example, killing American citizens in drone strikes, expanding the "war on terror", expanding executive powers, and the militarization of police departments. Lots of towns use surveillance technologies that the federal government bought for them. This surveillance is predicated on extremely rare acts of violence, but it's used to harass black and brown people. Donald Trump inherited the surveillance state that Obama built.

Politics is not something you can take up only in times of crisis. You have to stay engaged every day. You have to hold your representatives accountable, regardless of what party they belong to. Politics is a lot harder than code. You should not give up if you encounter adversity in political work. Reason and logic help, but they only get you so far in politics.

Let's talk about Apple and the FBI. The FBI likes power; they don't care about technology. You have to be engaged in politics to preserve technology - preventing back-doored encryption, for example. The FBI lost their standoff with Apple because of massive public push-back.

Technology also threatens politics. The city of Boston was prepared to spend $1.5M on social media monitoring. Los Angeles has a similar program, which costs $70k/year. The ACLU and other groups made a big stink about this. The police commissioner agreed to drop the program, because of our multi-coalition campaign.

A few year ago, the ACLU released a report on how BRIC (the Boston Regional Intelligence Center, a fusion center) was used to surveil anti-war groups and other activists. The post-9/11 policy that allows the Boston police to collect this information is still in place. The police can collect information about you and share that information with the federal government, even if you're not involved in a crime. Law enforcement fingerprints everyone who's arrested. These fingerprints go to the FBI, and then to DHS and ICE. This means that every arrest in an opportunity to deport someone. Think about the relationship between criminalization, deportation, and oppression. Nobody benefits from a drug possession arrest. People are 50 more times likely to die of an opioid overdose when they get out of jail.

Say you're caught driving with an expired license. If you're white, you'll probably be told to go down to the registry and straighten it out. If you're not white, you're likely to be arrested. Driving with an expired license is an arrestable offense. The ACLU will sue Donald Trump. It helps that the Trump administration can't keep their mouth shut about their intentions. We have an opportunity to make some really good laws through the court system.

We have a lot of work to do locally. Mass incarceration is a big problem in Massachusetts. We're better than Mississippi, but we're not so good when compared to, say, Sweden. We've also got some of the worst racial disparities in the country. Partner with local organizations doing criminal justice work, or immigrants rights work. Help them with technology and security. Push to separate local law enforcement from federal agencies. Push to prevent federal agencies from deputizing local law enforcement.

Take fair information practices seriously. Facial recognition is a good example. The photo on your driver's license effectively enters you into a facial recognition database. Information collected for one purpose should not be used for another purpose. Toll data should not be used for warrantless tracking. Write letters. Call your local reps. Write to government offices.

Question: Can you say more about stingrays? Can someone just develop a new surveillance technology and sell it?

These devices had to be approved by the FCC. The FBI has aggressively tried to keep the existence of these devices secret; most local law enforcement agencies have to sign an NDA in order to get a Stingray. The FBI doesn't want a constitutional challenge to warrantless Stingray use.

Question: What about providing expert testimony, and serving on advisory boards?

That's great. Lobby your state officials. Lobby your employer to take positions on the technology aspects of law.

Question: Are there any initiatives on "Smart City Surveillance", where cities collect lots of information from different sources, and aggregate them in command and control centers?

These are just another kind of fusion centers, and they don't have a legitimate public safety purpose. Long term, it would be better to turn them into climate emergency centers. Short term, pushing for more transparency would help.

Move Fast and Break Democracy

Shauna Gordon-McKeon

I went to school for neuroscience, and I've had to take ethics courses everywhere I've worked. There was a 40-year study of syphilis in Tuskogee, where the subjects were never told that a syphilis treatment existed. This study is considered a stain on scientific ethics. Lise Meitner was an Austrian physicist whose work led the US to start the Manhattan project. She wanted nothing to do with the bomb, saying "people can do ghastly things with beautiful science".

The economy is changing, particularly in our increasing use of automation. The US has a limited safety net, which make us very dependent on the economy. When people lose jobs, we have a responsibility to understand what's happening. Economic discontent often spills over into political discontent.

Carrier - the company that received a tax break to keep a manufacturing plant in the united states - plans to use that money to invest in automation. The rust belt has lot a lot of manufacturing jobs, but our manufacturing output has increased. Manufacturing jobs are disappearing all over the world due to automation. The affected jobs tend to involve lower degrees of education, typically less than a college degree.

Automation was rarely mentioned during the last presidential election, but immigration was mentioned a lot. Of course, automation has led to more job losses than immigration. In a sense, the people who build automation equipment are modern day strike breakers.

Tech workers are laborers; their labor extracts an an enormous amount of capital, which goes to a very small number of people. We have a responsibility to act collectively.

When you write free software, you're effectively giving away the value of your project. And free software projects are chronically underfunded. Why do tech workers give away their labor? Because it feels like a good thing to do? Or, because it's easier than becoming a capitalist?

Facebook is the leading source of news for people under 50, and lots of stories have click-bait titles. The concept of fake news isn't new. "Remember the Maine" was a sensationalist (and fake) news story from the Spanish-American war. Some papers of the time tried to push back on sensationalism, by introducing ethics and integrity. But how to you apply ethical norms to a flood of information?

Tech companies like Google and Facebook have been very hesitant to address algorithmic bias. There's also a lack of transparency around the way they work. Google may show you a result, but they won't say why they showed it to you. Propaganda is hard to counteract.

It's hard to find a good financial model for online news. There's media consolidation, and behavioral ad targeting. You may need a second job in order to make a living as a reporter. Information may want to be free, but the people who create that information want to be fed.

Work collectively. It's better to work out your differences, than to splinter off.

There are potential solutions. Support alternative business models. Many startups have a goal of being acquired by a larger company. That's not the only option. We can demand that companies which use free software donate to (or otherwise support) the projects whose software they use.

We could adopt a professional code of ethics. We could lobby for government programs to counter the effects of job loss from automation. We have to grapple with things that people do with our work.

Civilian Code Conservation Corps: Free software for governments of all sizes

Cecilia Donnelly

Why do we care of government agencies use free software? Stallman talks about the need to maintain control and sovereignty over our computing environment. Is free software public infrastructure? Software has definitely become organizational infrastructure. When the government builds a new piece of software, they're actually building a new resource.

The US forest service has a multiple use mandate. They require land to be allocated to several uses, and that land must be put the best public use (as opposed to the most profitable use). Software doesn't neatly map to public land. For example, you can copy software with zero marginal cost.

Free software is both infrastructure and a resource. You can develop it like infrastructure, and use it as a public resource. The government has a duty to make their software available to us.

Open tools are more effective; they give users better control, less lock-in, better transparency, and more efficiency. Free software tends to have more open APIs. We have to trust proprietary software a lot. For example, the software in electronic voting machines.

Georgia HMIS is a homeless management information service. This system has made it much easier to satisfy statutory reporting and data requirements.

A lot of federal money is spend by the states; Medicaid section 8 for example. Each state needs to buy a piece of software to manage a program, which means that each state will have a Medicaid management system. A state will contract with a vendor, and the federal government will reimburse them for 90% of that cost. Yes, there are differences between states but there are also a lot of similarities. It would be nice if the federal government funded a free software medicaid management system, and gave it to the states to customize.

Why aren't all government software projects free software? Governments are really risk averse, and people in government often believe in security through obscurity. They think "open source" means "someone can come in and change our data". At the federal level, DoD has the most mature use of free software.

Governments are very concerned about support for software systems (including free software). It takes them a long time to procure support relationships. But there are many companies that offer support for free software.

Sometimes openness is counter to what vendors want - they want to lock themselves in to a long-term government contract.

Where are we now? More people are advocating for the use of free software in government than we've seen in the past. At the federal level, we are starting to see efforts to prevent vendor lock-in. They have a responsibility to do this.

For governments, free software can be treated as "free, as in a puppy".

The Monster on the Project

Tiberius Hefflin

13-14% of Americans work under an abusive boss, and 80% of these workers do nothing about it. Workers stressed by bullying can perform up to 50% worse than they would otherwise. The stress of bullying can lead to active decision making -- stress rewires the brain so that it's more difficult to make good contemplative decisions.

Speaking out against abuse can be hard. People are often fired for speaking out. Turnover is a big problem in teams that have toxic personalities. Each time someone leaves, you have to find a replacement and bring that replacement up to speed. The people who leave generally take valuable knowledge with them.

What is toxic behavior and how do you recognize it? Toxic behavior can take many forms. For example, people falsely accused of mistakes they didn't make; belittling comments; people taking credit for work they didn't do; picking on co-workers. People who are more self-centered, or focused on getting what they want are more likely to exhibit toxic behavior.

If you're being bullied on a project, you're not alone. Be professional and don't retaliate. Keep records and build a body of evidence. Evidence is important, especially when trying to show a pattern of behavior. Talk to friends and family. Use your support network. In extreme cases, expulsion can be the best decision for a manager. Expulsion should be a last resort, however.

How do you help someone (i.e., a workplace bully, or someone exhibiting toxic behavior) reform? Don't label people - label their behavior. Both carrot and stick approaches can work. The trick is to find out what motivates people. Be very clear and specific about what the problematic behavior is, and that it will not be tolerated. Some people may not realize that their behavior is unacceptable.

Behavioral expectations should really be set at the outset, by a code of conduct or similar policy. You also need a support network, to help people who have been harassed or bullied. Call out bad behavior when you see it. Teach conflict resolution skills.

Miscommunication is often a source of problems. Asking for clarity can be very helpful.

When resolving problems, it's okay to take a break and come back the next day.

In the FOSS community, we have to value soft skills. It's not all about coding. Mental health issues are often the source of toxic behavior.

Some resources:

Question: Can you explain more about documentation?

When something happens, write down the date, time, what happened, and who witnessed it.

Question: What about organizations where there's not a hierarchy?

Step back to conflict resolution techniques. For example, "when you say this, I feel this".

Comment: Bringing in outside people can be helpful in resolving a dispute.

Comment: Understanding emotional abuse is a good place to start.

Comment: In human resources, we talk about misconduct and gross misconduct, where the latter is result for immediate dismissal. Your group should have ideas of what constitutes gross misconduct.

Question: How often do individuals exhibiting toxic behavior reform?

This is the idea, but it takes a lot of work, and it's probably the rare case. Going through the resolution process can offer validation to people who were abused. Comment: Once you've set expectations about conduct, people often tend to follow those expectations.

Lightning Talks

Tahoe LAFS. LAFS is the Least Authority File Store. Think Google drive and drop box. There are command line, HTTP and API interfaces. "Least authority" is the idea that you should give someone the least amount of authority that still allows them to do their work. For example, a file store generally doesn't need the ability to read your files. Tahoe LAFS can't, but Google Drive can. Tahoe LAFS uses client-side encryption and erasure encoding. It breaks files up and distributes them.

Sunday, March 26th

Keynote, Cory Doctorow

Cory Doctorow

It seems like FLOSS has won. People still use Mac and Windows computers, but they're basically dumb terminals which talk to services built on FLOSS.

Let's compare alchemy and science. Alchemists keep results to themselves while scientists share them. In the end, the alchemists did something novel; they took the step of moving from superstition to science. FLOSS is like the transition from alchemy to science, where work becomes subject to peer review.

When you have something open, there's always a temptation to close it. For example, someone can develop a free program, which another takes and uses to develop a business. We haven't gone back (to alchemy) because the GPL is irrevocable. That removes the temptation to take a big step back for a short-term goal.

If FLOSS won because it's everywhere, then DRM has won too. This is largely due to DMCA section 1201, which makes it illegal to circumvent DRM, even for a lawful purpose. The US has exported section 1201 all around the world via trade agreements.

There's little juris prudence around section 1201, because most defendants fold before taking a case to court. Section 1201 allows companies to convert their business preferences into legal rights. You can't copy a DRM protected disc. John Deere is using DRM to force farmers to have tractors serviced at John Deere dealers. John Deere is also forcing farmers to pay for telemetry data collected by their tractors, as they're driven around the fields.

When software is locked up with DRM, looking at it becomes a jailable offense. Likewise for publicly talking about defects in DRM-based systems. Because it's illegal to disclose defects in DRM software, those defects have the risk of becoming weaponized.

The IoT (Internet of Things) business model isn't about selling hardware. It's about collecting data, and locking consumers into a manufacturer's product ecosystem. For example, Phillips has smart light sockets that will only work with Phillips light bulbs.

HP delivered a printer firmware update that caused the printers to reject non-HP ink cartridges. Even CVS used DRM in their smart rectal thermometers. You no longer have a property right in these devices; you have a tenancy right instead.

The W3C standardized DRM. The EFF suggested that the W3C amend its term of memberships: if a member has a patent that affects a standard, then that member won't invoke their patent to prevent someone else from implementing the standard. Several large organizations said they'd rather leave the W3C than accept these terms. They'd rather be able to turn commercial preferences into commercial interests. Devices should always give deference to their owners, and not to third parties. It should always be legal to disclose security defects.

Last summer, the EFF filed a law suit with the hope of getting section 1201 invalidated. The benefits of free software are worthless if devices and software treat their owners as adversaries.

Question: How do you feel about software copyrights?

I think there's a utility to limited-term monopolies, but I don't have an idealistic view of copyright. Eldred Vs. Ashcroft was a court case where the courts determined that copyright is only compatible with free speech if there is a fair use exception.

Comment: You said that FLOSS has won, but FLOSS is not a real thing - it conflates the ideas of free software and open source. Outsourcing your computing to someone else is bad. Even if the third party uses free software, you don't have access to it.

Free software hasn't eroded over time. Other open things, like the open web, were compromised and have eroded over time.

Question: You said people don't litigate DRM cases. There there ways for people to change this?

We kind of have that in the EFF's 1201 case. The plaintiff has a devices that overlays static images over a DRM-protected HDMI stream. He didn't break DRM. Instead, he used leaked HDMI keys to overlay images into the stream.

Often, the government will drop DRM cases where the defendant has a strong case. That prevents the courts from establishing precedents.

Question: Can we use licenses to fight DRM? For example "this software cannot be used in a DRM encumbered product".

No. A program with that limitation would be non-free. It would damage freedom zero too much.

Algorithmic bias: Where it comes from and what to do about it

Andrew Oram, Ifeoma Ajunwa, Geoff A. Cohen, Ben Green

(Andrew) Latanya Sweeny is a researcher. She discovered that search engines display very different ads for name searches, based on whether the name sounds "white" or "black".

Cathy O'Neil's Book Weapons of Math Destruction is a good read. Often the problem is data, not code. Civiscope publishes their code, but most companies don't. Most companies fear that publishing their algorithms will encourage people to game them. Or, companies consider their algorithms trade secrets.

(Ben). Machine learning relies on past data to predict future events. It's hard to get unbiased samples, and many data sets reflect biases in society. For example, training data may not represent the population as a whole. Amazon's Alexa is trained to understand English with a midwestern accent. Alexa has a difficult time understanding people with accents.

Given a data set, you have to select a set of features that will be used to predict outcomes. Consequently, feature engineering tends to reflect the bias of data scientists. Machine learning algorithms optimize for a metric, but which metric? Is there more concern about false positives or false negatives? Do inaccuracies go in different directions for different populations?

When policy is implemented on a computer, people are less likely to challenge the decisions. They just go along with what the computer says.

(Ifeoma) I research algorithmic bias in the hiring process. There is a disconnect between what is accurate and what is fair. Socio-economic status is highly correlated with race, and can be used for discriminatory bias. For example, SAT scores are highly correlated with gender and socio-economic status. Sometimes, they're used as a proxy for legally protected categories. You can only know if your hiring algorithm is biased if you audit the results - both yes and no. That kind of auditing almost never happens.

(Jeff) I work for an investigation and forensics company. When we get a black box (e.g., from the NTSB) we have to use the information to figure out what happened.

Algorithms are only one piece of the computational puzzle. Training data is very important. How was the algorithm trained? What random number generator was used? Algorithms take humans out of the loop. Many times, we really need to have humans in the loop, especially in the legal system. There's a huge body of literature about how to build secure systems. We're just starting to figure out how to use this body of knowledge to scrutinize algorithmic fairness.

A role for free software in movements, communities and platform cooperativism

Micky Metts

I'd like to talk about two movements: Free Software and Platform Cooperativism. Platform cooperativism is people coming together to build something, as a platform, that benefits the community. For example, an Uber that's owned by drivers and riders. Another example is the Internet of Ownership; it's a directory of platforms that are currently being built. See

Stocksy is a cooperative of photographers that sells stock photos. See https://www.

The Boston collaboratory school is a school where students build platforms for their communities. The goal is to have a bridge between school and community.

Loomio is a platform for group decision making.

Drutopia is a cooperative for shared web hosting. See

Platform cooperativism started at the New School in New York. They examined digital labor, and where work and benefits were going.

Platform cooperativism should be based on free software.

Books to read:

  • Uberworked and Underpaid
  • Thank you Anarchy: Notes from the Occupy Apocalypse

Small companies tend to be more interested in what people want. Sometimes you can make changes just by asking them questions.

Voucher networks are a real-world web of trust. People vouch for someone who wants to come in to a group.

Concrete things you can do.

  • is an organization that helps activists by providing funding.
  • Look for resources in your area. What kind of events are coming up. What kind of people can you meet? Awareness is really important.
  • Invite some friends over, talk about an issue, and plan what to do. We are the plan makers.
  • Talk to your library about using free software. Put them in touch with the Library Freedom Project.
  • In Massachusetts, a platform to record wage theft (or to record work done) could be really useful.
  • Find ways to help and support new activist groups that are starting up.
  • Look at business models that might work for cooperatives. What would the governance models look like.

Comment: Most people who own smartphones don't have root on the device. Intel laptops and computers have a systems management chip that's not under the user's control. It's very important to ask for computers that we really own.

The GNU philosophy: Ethics beyond ethics

Marianne Corvellec

Philosophy is at the heart of our lives, and at the heart of the human experience. The free software foundation rejects the idea of a "priesthood" of technology, where only experts understand how things work.

Ethics and morality are related terms, but they are not interchangeable.

Aristotle investigated the question of how to live best. Ethics are the answer to good living for the individual. They're practical and not theoretical. Ethics are a way of life. Ethics is not about finding the boundaries of human conduct.

Marcus Aurellius tried to be on his best behavior when with friends. He did this to preserve his own standing. This is ethics, and it's very pragmatic. The ethics of free software go way beyond operational ethics.

Ethics is often treated as a cost/benefit equation.

The following century made a philosophical jump. Philosophers started to thing about how other people feel. This is where morality enters the picture. Morality is not about being smart; it's about acting according to your obligations.

Humanism is about putting the human being front and center. It's the idea that we are all equal, meant to form communities, and meant to share. The GNU manifesto has many traits of humanism.

Our intangible cultural heritage is another form of commons, which deals with cultural expression.

Pragmatic idealism is part of the FSF philosophy. That's very much in the spirit of classical ethics.

How do you form a social community? You need to start with a social contract, and that takes empathy. There are no technical aspects involved.

Existentialism posits that we're always responsible.

Anarchism is a school of thought about freedom. It's about challenging the power of oppression.

Other Notes

gLabels,, is a GNU project for creating labels and business cards.