How can Collaboration and Open Source Tech Protect Civil Society Privacy?


This article originally appeared on the Bahá’í Chair for World Peace Blog.

In June 2020, I attended OPEN 2020 – Networked Commons Initiatives, an event focused on “how to enable small groups to form, share ideas, define shared purposes and collaborate on commons building projects, as part of a global network.” Like many events organized in the time of Covid-19, the conference shifted from a physical event to being online, featuring 70-odd people from time zones across the globe. What was unusual was the technology enabling the event. Rather than using the now-ubiquitous Zoom service or another proprietary web conferencing tool, the organizers opted to host the event using free and open source code on a server they shared with other organizations.

Activists and civil society organizations often face a difficult decision in choosing their communication tools. Many video companies provide users with access to free services that encrypt conversations in transit so that they can’t be monitored as they travel through the open Internet. This is a major step up in terms of safety from the relatively insecure SMS and phone calls on which many civil society organizations rely. At the same time, these companies are increasingly under public scrutiny for how they disclose, sell, and otherwise profit off user data. Private sector solutions are a double-edged sword, securing communications from some bad actors but placing trust in data-hungry, data exploiting, and potentially, data sharing companies.

Even in situations where companies employ end-to-end encryption, meaning the content of messages passing through their servers is unknown to the companies that own them, there is ample fodder for privacy and accessibility critiques. Services like WhatsApp can’t track the content of messages but track metadata on who people speak with. The teleconferencing company Zoom, under significant public pressure, will provide end-to-end encryption to its free users, but will likely accomplish this by requiring users to provide phone numbers as authentication members.

Experts are worried that Zoom may fall prey to disclosure and abuse issues that occurred with Facebook and Twitter.  Brazilian digital security specialist, Janina Spode, pointed out other issues that can arise when identities are tied to phone numbers: “In addition to being a discriminatory measure, since it can exclude a portion of the population that does not have a phone bill in their name, this measure carries the risk that, in case you lose your phone number (either due to theft or due to the need to change your phone number), your account may also be questioned or invalidated.”

With so much opportunity for privacy abuse by the private sector, there is a clear need for civil society to be able to safeguard both their communications and their data.

An alternative to the privacy issues posed by proprietary solutions is running free software on hardware controlled by the user. Open source applications – tools that rely on code that is free and publicly available – provide alternatives for many of the services we use in daily life. Libre Office is a powerful open source equivalent to the Microsoft Office suite. OsmAnd is a very similar to Google Maps. Mastodon, PeerTube, and Pixelfed can stand in respectively for Twitter, YouTube, and Instagram-like social media experiences. Signal is an end-to-end encrypted messenger that is far less data hungry than Facebook Messenger. Open source solutions tend to be less hungry for user data than their proprietary cousins, because their business model relies less on commoditizing user data.  their business model relies less on commoditizing user data.

The challenge with open source solutions is that they tend to trade one downside for another. Often the big issue is maintenance. Software always requires someone to host, administrate, and support it. Corporate solutions are attractive because they provide that support in exchange for a subscription; the user requires no technical expertise in order to implement the service. By contrast, open source solutions necessitate that the user come up with technical and administrative support for their tools. For many civil society organizations, it can be a high bar.

OPEN 2020 was an example on how cooperative ownership of an open source tool can reduce this sort of technical burden. The organizers of the event, Open Co-op, partnered with a cooperative of five other organizations (The Online Meeting Cooperative) to host the event on a platform running the open source videoconferencing software, BigBlueButton. While the servers used by the cooperative are maintained by a team of “Producers,” individual members of the member organizations can use the tool without worrying about technical matters. In June 2020, the governance model for this cooperative was still a matter of debate, but the basic model was clear – for a sum of money (or time spent administrating the servers), member organizations would have access to a professional grade video-conferencing tool, over which they (or constituent members) would have decision-making power. The solution was both a safe and surveillance-free way to meet their online communication needs.

Oliver Sylvester-Bradley, a co-founder of Open Co-op, told me that this initiative was exactly what he and his colleagues had been trying to accomplish. “The whole dream is about co-owning a collective infrastructure. Part of this what we call the ‘collaborative economy,’ collaborating to do stuff together rather than relying on proprietary systems to serve what they deem might be the right tools. We want what we think are the right tools, that we own and that therefore we can control, and also to know that nobody is benefiting and syphoning off our data or trying to sell us advertising. It’s really big part of what we do.”

There are other examples of this model for collective ownership of tech. Collective Tools provides open source tools like Nextcloud for file-hosting and collaboration and the group chat tool Rocket.Chat to members who share ownership over the platfrom.  Webarchitects is a cooperative model hosting solution. Social.coop, a cooperative social website in a decentralized social network called the Fediverse, employs member decision-making to decide how the cooperatives funds are spent.

Could more activists and civil society organizations at-large follow this model? One can imagine a group of like-minded organizations agreeing to share the costs and burdens of maintaining a service, trusting each other with the service rather than a distant for-profit organization. Such a measure might not only ensure safer interactions online, but also improve user ownership over their data. Said Oliver Sylvester-Bradley, “I’m hoping that the platform co-op model in which there are several different member classes becomes a bit more widely accepted, because it has been proven to be an effective blueprint for managing large online scalable organizations. And since we know it works, why not try?”