Last week Donnie Berkholz, new guy on the team over at Redmonk, writing on his “The Story of Data” blog posted an entry entitled “Whither the GPL? Why we don’t need it anymore“. Today saw the announcement that Facebook was buying Instagram for a staggering $1-billion and so I thought it was worth tying these two things together.
Reading the comments and the content of Donnies’ post I was waiting for him to get there, and he never did. Reading the comments most of the people took his observations literally, and since I don’t know Donnie, and have not got the chance to talk to him, I guess we must. But that’s missing the point I think.
I’d like to think Donnie was saying the GPL should NOT be where the focus is anymore. The freedoms that come with it are well understood, as is the responsibility. And this is where I was expecting Berkholz to go, but he didn’t.
I wanted him to go on and talk about all the challenges of allowing access, maintaining, withdrawing, exporting and removing your personal data in the “cloud”. It’s no longer programs that are valuable, they have some value, but not without the data. If you have the data, you have the users. If you have users, you have instant value, it’s not about the users themselves, it’s not like you are able to charge them to access your own data, it’s about monitoring what you are doing, where you have been, where you are going, who you are with and more. That’s value, whether it’s your facebook status updates, your tweets, to instagram pictures etc.
It used to be in the old days that software companies would find a business requirement, develop software, go through a few releases of their software; build a user base and then get acquired for what they were, not what data and users they had aka the marriage of facebook/instragram. I for one have recently created a new blog to own the content that I would have formally posted directly on facebook. I’m increasingly concerned with what Facebook will do with the knowledge about what device, what OS, where, how I created the post, not to mention what I post.
And that is what I was half hoping Donnie was going to tackle, personal data freedom. That is what we need today, a meaningful personal data freedom that web 2.0 and cloud companies sign-up to implement, in a meaningful way. Before I give you my data, you sign-up you agree to treat my data according to the following freedoms, with deference to the GPL
Data is free data if originator has the four essential freedoms:
- The freedom to store, or delete forever and irrevocably the data, for any purpose (freedom 0).
- The freedom to manipulate, offload, change and re-load the data
- The freedom to redistribute copies of the data so you can help your neighbor (freedom 2).
- The freedom to distribute copies of your modified versions to others (freedom 3). Meaning, data you create and store on any computer will be the property of the owner of that computer. Rather the data remains your property and you will have the ability to decide on the future use of said data.
I have a somewhat facetious disclaimer, privacy notice, data restriction on my facebook page. In the UK, I can remember back to 1980 when I was working for Canada Life Assurance, the UK Data Protection Act had just been enacted, and I can recall the seriousness with which the company applied the treatment and use of personal data. Today, where data is created everywhere we go, and we have technology that can access it from anywhere and anytime, yet we have almost no ability to control our data, where or how it is used, and even who actually owns some of your most personal and private data. And that is why we need a data freedom, and why this should now replace the focus on Linux and the GPL.
I made the same mistake as Donnie back in 2001 when I gave the keynote at the IBM Technical Conference that year. In my presentation I said that we should expect that in 5-years we are no longer talking about, or working on Linux as an Operating System. This wasn’t because I wanted Linux to go away, in fact the opposite was true, I wanted to move on from the discussion about Linux. We should assume it’s there, differentiation doesn’t come from the OS; we should all be complying with the rights that were inferred on us by users of Linux, but can’t we just move on?
My Linked profile
Adventures in systems land 
Thought you were going to mention something along the lines of what Adam Curry mentioned in February (http://blog.curry.com/stories/2012/02/24/personalDataVault.html)… Am also liking what you’re saying here. I don’t like Facebook and am planning to deleting my account (took the decision last year but I’ve some “cleanup” to do).
Yes, a personal data vault would be a good way to keep all the data, if you could grant access to it based on either field level authorization, combined with some kind of reward system, that would be cool. However, even at Internet speed and cloud scale, you’d still have to give, authorize, or permit copies of your data to be taken. Surely you can’t run a scan across 500,000 users and expect the data to come from their vaults distributed across the net would be impractical… or would it?
Great post, an interesting observation on the source of value… of thought: Do you support the Consumer Data Privacy framework? Would your concepts build on that? Curious to know how we would govern across borders. http://www.whitehouse.gov/sites/default/files/privacy-final.pdf
Joe, great comment, thanks. I hadn’t read the Consumer Data Privacy framework, I’ll download and read next week while travelling. As for cross-border, it’s definitely a problem but can’t be a reason to do nothing. At least initially it would be reasonable to grant access to your data, or provide your data only to companies that have adopted the data freedom license. There no laws per se that govern the GPL and that hasn’t stopped it.
Really good post! I also post my blog to Facebook and I agree that we should be concerned about what they do with it. Sometimes we forget that there is a large data collection/storage/ manipulation machinery behind the Internet. Do you think that through usage -blind and uninformed as it may be – that we have abdicated our right to ‘internet’ privacy?
Fran, I think the problem is much worse, there isn’t one “large data collection/storage” machine behind the Internet, there are hundreds depending on who far you as an Individual reach, how many stores, social networks etc. etc. And thats the problem, you have no idea where your data is, who it is being used, who it is being accessed by, and to whom it is being sold.
A better approach would be to have some form of personal data repository, where commercial companies can access it via a standardised web programming interface. That way you can both control who has access to it, you can grant temporarily, ie just this shopping purchase, or permanently, ie this social media application and then updating as appropriate.