Hactivismo

Of BBQ, Open Source, and Heartbleed.

Heartbleed logo

There's a point here about heartbleed and security — I promise. Keep with me.

As I am wont to once the weather finally begins to coöperate, I've been trying a few new things out on the grill. When I'm in this exploratory phase, I love digging through the infinitely interesting BBQ blogs of the Internet - they're full of hard-won knowledge about fire and smoke, but often lack a certain level of technical polish.

Case in point, my reference blog for this week's experiment was a well-seasoned old blog, but they'd lost every single comment from years of discussions. Why? No technical glitch, but simply because they'd chosen a private company to manage their comments - and it went out of business, leaving them not only without a commenting tool, but without those years of educational clarifications and discussions.

Ownership and control matter. This is true when you're talking about your possessions, your house, your comments on a BBQ blog, and with your software. I've railed against app-ification before, but I want to make a slightly deeper point here. If you bought a house, but with the condition that any repair, no matter how minor, you had to contract the previous owner (and only them) to make at a cost of their choosing - would you feel you really owned or controlled that house? Would you buy a car where the hood was locked shut, accessible only to the specific dealership where you bought it?

These cases are very much the situation with the vast majority of software you run on your computer. From Microsoft Word to Apple's iTunes, and even more insidiously, OSX and Microsoft Windows themselves - are all locked away from you. You've been forced to pay hundreds of dollars for them with the purchase of any computer - but you have no control or real ownership over them.

Open Source

The alternative is what's called "free" or "open source" software (people get into fierce debates on the terminology here, which I'm ignoring for the time being). All software starts with instructions that are more-or-less understandable by humans; commands like if (this thing) then (do this other thing). Generally speaking, this "language" is then turned into something that's closer the more basic tools that computers understand. Imagine a particularly skilled dog with a great memory - by stringing together enough fetches, play deads, stops, roll overs and so on, you could eventually come up with a sequence of commands that would have this dog go out and buy a beer for you at the corner store, and bring in back.

"Closed source" software only gives you the computer-understandable version, and it's surprisingly difficult to turn that back into a simple, human-understandable chunk of logic. "Open source" software, on the other hand, always provides you with the original, understandable language.

This means a lot of things - one, you can tweak it. If you don't like the beer that your dog fetched, you can find the human-speak parts of the commands where it's selected, and make sure your preference for hoppy beer is respected, and then turn it back into the commands your computer can do.

This ability to change how your own tools work itself has many additional benefits - you can share that change, and if it's useful enough, that change itself will be included in the next version of the "core" software that everyone uses.

And finally, Heartbleed

This openness also means anyone can look at the logic that is driving their tool. This means that when you start talking about trusting software, there's a heavy preference towards the software that you can look at the source code of, and even more preference towards software where a lot of people have been looking at this same code.

So, that failed with heartbleed. The team behind OpenSSL is tiny compared to their impact. Two out of every three secure servers in the world are running the software that this four-person team manages. And on New Years Eve 2011, one of their developers committed a very, very subtle piece of code that basically didn't make sure that all the doors were closed behind it, and no one else at the time (or anyone who'd taken a look the in two years and chance since) noticed.

So obviously the whole open source thing is broken, right? The bug is out in the open for anyone to figure out, but no one fixed it!

It's not quite so simple. Do you really think that a working piece of closed-source code gets a second glance by its development team? They're just as bound by priorities and shipping product releases as an open-source team, but their code gets locked away with not even the chance for a third party to find a bug and lend a hand — but it's no more secure than the open source tools from concentrated probing, and testing for flaws just like heartbleed.

So yes, heartbleed was bad, but it was also a reminder in how powerful the open source software world can be in finding and fixing a bug. Most of us woke up with some updates to install, and that was the end of it. What horrible, dark bugs are lurking, unfindable, in every piece of closed source software? The precise number is unknowable, but the prevalence of viruses and malware that affect deeply closed systems like Windows might be a strong hint.

No more broken hearts

Going forward, I obviously have a long wishlist of things I'd like to see - a public discussion on what trust in software really means, better tools on every platform to guarantee software packages are what they claim to be (Tor is doing amazing work here), a return to inter-operable standards, especially when we're talking security systems... But as a beginning point, simply better support structures for open code development would be nice. We have volunteers building the basic structures of the Internet - which is an absolutely amazing and good thing - but let's make sure they have the time and resources to do it.

A Senate response to The Day We (Fought) Back

Senator Cruz's office's response to my personal note about surveillance I sent as part of TheDayWeFightBack:

Thank you for sharing your thoughts regarding the National Security Agency's surveillance program. Input from fellow Texans significantly informs my decision-making and empowers me to better represent the state.

During my time in the Senate, I have consistently reiterated my support of programs that can detect impending threats to our homeland or diplomatic and military facilities abroad. It is imperative, however, that we strike an appropriate balance between remaining vigilant against terrorism and protecting the civil liberties guaranteed to the American people by the Constitution.

Unfortunately, the government has eroded the American peoples' trust by the secrecy surrounding these surveillance programs. I will continue working with my Judiciary Committee colleagues and the entire Senate to review existing law and the actions of the Administration to ensure that we protect our Constitutional liberties. In doing so, I hope to guarantee true accountability in these programs so that we protect Americans from the threats of both terrorism and unwarranted government intrusion.

Thank you for sharing your views with me. Please feel free to contact me in the future about any issue important to your family. It is an honor to serve you and the people of Texas.

For Liberty,

Senator Ted Cruz

The promises of a decentralized currency: Think Locally and Buy Globally?

I once rented a part of a house that had been, well, not fully cleaned out from the previous occupants. It was a house full of hackers that had been variously occupied by friends and friends-of-friends for almost a decade as they passed through Austin on their way from or to new lives, which is to say, it had, well, "character".

One of the odder things left behind by the previous inhabitants was a literal pile of Final Fantasy boxes, completely intact save for the all-important registration codes. A bit of digging uncovered a fascinating tale of cross-border, tax- and fee-free value transfer. The former occupant, let's call him "Bob" was engaged in a business proposition with a colleague based in South Korea, let's call her "Alice." Whatever version of the RPG Final Fantasy had just been released in the States (only). This had proved very difficult to pirate, causing a huge untapped demand in Korea. Koreans, however, had been happily hacking away at another RPG game which was only just now catching on Stateside. So, Bob would tear off and destroy these registration codes, emailing the codes themselves to Alice in Korea. Alice, in exchange, would provide Bob powerful and rare in-game items for the newly-popular game - these were of less value to the Korean market, as it was saturated with players and therefore items, but there was no arbitrage market into the States -- before Alice and Bob, at least. Bob could then sell these on online grey markets for such items, effectively creating a way for both Alice and Bob to profit (rather lucratively, from my understanding) from local markets, and transfer value across borders without incurring bank costs, wire fees, or, for that matter, taxes. This setup lasted for as long as both were able to extract value from the arbitrage process, but obviously wasn't able to scale or even easily re-adapt to new opportunities.

With the rise and increasing stability of bitcoin as an actual contender for a digital currency, the global market suddenly starts looking a lot more local.

Kiev on #Jan25

404: Human Rights Not found?

I spent this past week in Kiev. You may have heard something about the protests, and possibly even about some of the policy changes and new laws that sparked them. I was working with colleagues, journalists and human rights activists, supporting and training them as quickly as possible on digital security basics, and making sure they had contacts to reach out to for timely support.

It was a trip that was scheduled many months ago, when Ukraine was on the cusp of joining the EU. Things, to put it mildly, changed. Obviously, the violent protests have been featured widely in the news, but those capture only the most visible challenges the country is facing. Legislation pushed through with no regard for legal proceedings last Thursday promise to have a chilling effect on free speech, tight limits on media, even citizen journalists, and will devastate the civil society organizations, labeling them as "foreign agents" and taxing them as for-profit corporations if they take any international aid funding.

In the few days I was there, we experienced a "test" of new censorship capabilities as twitter and facebook -- critical messaging and coordination channels for activists -- went dark in Kiev for almost half an hour. People near the protest areas received ominous SMS messages on their phones telling them that they had been registered as present at the (illegal, under the new law) protest.

One note of import - there are two main areas of the protest - EuroMaidan is the months-long, Occupy-on-steroids encampment in Maidan Square. Though well barricaded off, it is a peaceful protest, with daily concerts and speeches on a well-equipped stage, a huge jumbotron, laser-light projections and more. Businesses - from a Nike storefront to a local brewpub to a carousel - are going on with business as normal within the barricaded-off area. The scenes of burning tires, tear gas and molotov cocktails is from the nearby Grushevsky St, where protesters gathered to confront Parliament after their "passage" of this Black Thursday law.

It is inspiring to see the passion and focus of people working to protect and expand their rights, and it is humbling to be able to lend support in any form. However, the challenges aren't getting any easier. The digital tools which provide the most security are also difficult to use, and more difficult to use correctly. They still "stick out" as unusual, and face an uphill battle against popular systems with little if any security.

This has to change. Privacy is not some abstract concept in these situations, it is the economic well-being, and too often, the pure survival of activists, journalists, and their contacts. When we allow policies and practices that undermine security and privacy, we're not just revealing embarrassing factoids about our call history, or even the three felonies a day you're probably committing as a US citizen - we are undermining our global dream of a world of nations with democratic rule, where their citizens can enjoy basic human rights without fear.

The world is ready for this, but when the current Ukrainian government points at American domestic policies as models of their newly crafted censorship and surveillance laws, it's a sign that we as Americans are not drinking our own koolaid (with a hat-tip to the many dedicated civil servants who are working hard to further human rights).

Jam Echelon Day, Redux

(Or, how to remind anyone snooping your email of your fourth amendment rights)

So clearly we have a situation here where we failed to learn from the past. Fourteen years ago (Exactly in a few days - Oct 21!), we were protesting ECHELON, which was (is) a "worldwide computer spy network [that] reportedly scans all email, packet traffic, telephone conversations, and more in an effort to ferret out potential terrorist or enemy communications. Once a communication is plucked from the electronic cloud, certain keywords allegedly trigger a recording of the conversation or email in question."

In response (along with a short burst in activity around people trying to figure out how to use PGP), hackers added amusing bonus keywords in the parts of emails that humans rarely see (where junk like the path the email took, listserv details, and so on goes) - many, including myself, added the 4th Amendment to the US Constitution, as well as participating in "Jam Echelon day," when everyone added what we presumed at the time were these mythical "trigger words:"

ATF DOD WACO RUBY RIDGE OKC OKLAHOMA CITY MILITIA GUN HANDGUN MILGOV ASSAULT RIFLE TERRORISM BOMB DRUG KORESH PROMIS MOSSAD NASA MI5 ONI CID AK47 M16 C4 MALCOLM X REVOLUTION CHEROKEE HILLARY BILL CLINTON GORE GEORGE BUSH WACKENHUT TERRORIST.

As an aside: maannnnnn, do you remember the 90s? Was that an unpleasant walk down memory lane or what?

Anyhow, this amusing idea that this would work for more than a few minutes just doesn't seem to die, and someone's trying it with a new "security" tool called ScareMail that "takes keywords from an extensive US Department of Homeland Security list used to troll social media websites and utilizes them “to disrupt the NSA’s surveillance efforts by making NSA search results useless.” "

While that's ... well, whatever. It's a nice thought, right? Probably not very useful overall. Anyhow, it gives me a small boost of civic pride to tweak my email settings and put the fourth amendment text back in to almost every email I send out. This requires an actual email client (Thunderbird works nicely), and some configuration hacking:

  • Go to Edit → Preferences → Advanced → General → Config editor
  • Right click, new, "string"
  • For 'Enter the preference name' use "mail.identity.id1.header.header1"
  • For the string, add "X-Fourth-Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
  • If you have multiple mail accounts, you'll have to do this for each one, using id2, id3, etc. and header2, header3, etc.
  • Restart thunderbird, make sure you didn't break anything. For more details, peek at http://kb.mozillazine.org/Custom_headers
Tags

Of Code, Free Speech, and Weapons

DeCSS Inside!

Quick quiz.  Which of these should not be protected as free speech?

[ ] A gun (you know, the kind you can hold and shoot)

[ ] Plans for a nuclear weapon

[ ] Political statements (lots and lots of them)

[ ] Detailed instructions on how to communicate privately

[ ] Detailed instructions on how to make an archival, digital copy of a DVD

The answer is either none or all of the above - we are in a world where free speech (in the form of computer code) can create real world objects and actions that are themselves regulated or outright illegal.  But if the action is illegal, is the code that causes it also illegal?  If so, the line gets very blurry very quickly.  If not, we still have some fascinating problems to deal with, like printable guns.  Regardless, we need to educate policy makers to understand this digital frontier and be prepared to defend free speech when this gets unpleasant.  Spoiler: It's already unpleasant.  Our world is defined by code, where programmed actions have very real, tangible effects.

Code of Protest

Civil disobedience can take some weird forms. While today masked digital vigilantes of Anonymous act as a curious type of Internet immune system; reacting against gross infringements of cyber liberty, their methods are not as new as you might think.  In the late 90s, the Electronic Disturbance Theater (http://en.wikipedia.org/wiki/Electronic_Disturbance_Theater) was supporting the Zapatistas by flooding Mexican government sites with a rudimentary DDoS (Distributed Denial of Service) attack, which brings a webserver down by overloading it.  This concept is at the heart of LOIC, Anonymous's "Low Orbit Ion Cannon" (http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon).  EDT's version, "Floodnet," had the nice touch of requesting webpages with names like "human rights" from the government sites, resulting in errors clogging up the server reading something like "404 - human rights not found."  Asking for a webpage is pretty clearly something akin to shouting at a rally, or a "cyber sit-in" (http://angelingo.usc.edu/index.php/politics/cyber-sit-ins-grassroots-to-gigabytes/) - get enough people to do it, and it causes some level of annoyance - but it's still an act of speech.

Free speech and a dead-end for copy controls

More compelling is the story of decss. CSS, an acronym now known as a web design tool, also means Content Scramble System, and is how DVD content is locked down. Only authorized hardware and software can decrypt a DVD and play it. This theoretically prevents wanton piracy, but it also prevents you from exercising your rights of fair use, backing up, or watching on a device of your choosing.

Fortunately, CSS was not particularly well crafted, and was quickly and thoroughly broken with a chunk of code nicknamed decss by a Norwegian teenager nicknamed "DVD Jon".  This caused a slight bit of controversy.  DVD Jon was accused of theft in Norway, and users in the States were threatened with fines and jailtime for re-distributing it under the DMCA law.

In a predictable story arc, the next chapter of this story is of course the Internet digerati of the day getting royally teed off and causing a ruckus. The  source code of decss was immediately turned into graphic art, secretly embedded in photos, turned into poems, and even a song (http://www.youtube.com/watch?v=GekuuNqAiQg) - a gallery of creative works using or containing the decss code remains online: http://www.cs.cmu.edu/~dst/DeCSS/Gallery/ .  DVD Jon won his case (http://news.bbc.co.uk/2/hi/technology/3341211.stm) and we all celebrated the somewhat obvious win for free speech and consumer power.

Private speech and munitions export controls

We can rewind even further back to the early 90s, when Phillip Zimmerman published the entire source code of his powerful encryption tool, PGP, in a book (of the paper, box-shaped physical object type).  Now, encryption this powerful was classified (until 1996) as a "munition" and subject to export controls with the types of penalties you might expect for selling military equipment on the black market.  Had PGP been released as a program, it would obviously fall into this categorization.  As text in a book, however, it appeared to be protected as free speech.  The stupidity of the distinction of course also spurred many to make t-shirts and code snippets of this "illegal" code.  Eventually, a series of court cases (Bernstein v. United States, Junger v. Daley) establishing that source code, indeed, counts as free speech.

Free speech and real munitions

Fast forward back to today, and the distinction between code and munitions is again somewhat unclear - with 3D printers, you can even begin building core pieces or real munitions - like, well, guns (http://www.wired.com/dangerroom/2012/08/3d-weapons/), based on digital blueprints and DIY-enthusiast at-home 3D printing kits.  For anyone who doubts that print-at-home guns couldn't possibly be thought of as pure expressions of free speech, covered by copyright laws and software licensing more than gun laws, I recommend browsing through this video and transcript; (http://hardware.slashdot.org/story/12/09/04/1837209/should-we-print-guns-cody-r-wilson-says-yes-video#media)with the clear excitement around innovation and failure-as-a-feature in the gun printing market by Cody Wilson of Defense Distributed.

Code is speech, code is reality.

The kicker here remains that code - that mysterious language that creates everything from Skype (now illegal to use in Ethiopia, with up to 15 years of jailtime) to your bank's software to this webpage - is also, at its core, just ideas and language.  Now, disruptive ideas have always been a bit dangerous, and we have a long, if rarely permanently successful history of ways to limit, erase and squelch them.  But ideas that themselves are actions are another thing altogether.

In linguistics, you have the concept of "Illocutionary Acts" - acts which are embodied in language.  There aren't many - no matter how I say that I'm going to go for an after-work run, the act of running can only be done by my whole body.  Oaths are the best example of these acts - speaking the oath is making the oath, and that combination of idea and action is a powerful sentiment.

And every line of code can be just as powerful.

Social Currency Unleashed: Bitcoin? (on FastCoExist)

Here's one of our big ideas from last week's overview. I take the helm here and dive in to alternative currencies, like the crazy new kid on the block -- bitcoin.

Is bitcoin a key to unlocking social currency?

The earlier attempts all were centralized startups, each proposing a competing faux-currency to ease online (providing simplicity and improving trust) transactions and slowly build a virtual currency of sorts. Their business plans generally involved taking margins from the transactions or cost differentials. The early Internet currency attempts ran into regulatory problems (most countries frown upon private companies setting up alternate currencies, it turns out), and had to evolve their offerings to avoid getting shut out.

Bitcoin provides something different. Instead of a currency that has evolved from being backed by precious metals into fiat currencies, Bitcoin is backed by cryptographic algorithms, and has no company--or even an identifiable person--behind it. This shared system provides an amazing openness for a currency: Every transaction is part of a public, collaborative log. However, the people behind those transactions are known only by their account numbers, in a world where you can create as many accounts as you like.

Read the full article at Fast Co.Exist

Against Appification

Appification

My wife and I bought a new TV for ourselves this holiday season. Well, to be more accurate, we bought a large monitor (which happens to be a TV) for our media computer. We long ago gave up on our local cable monopoly, so its use is split between digging through the increasingly meager offerings of online video rental services and watching a screensaver-ified flow of our travel favorite photos. Sometimes maybe using the live 2D->3D conversion thing. I never said we weren't both dorks.

That being said, the TV comes with, as most new TVs seem to, an app store. And it sucks. By gods, the offerings are horrible, the interface is via the clunkiest of all possible remotes, reminiscent more of an 80s-era cellular phone than a 21st century Internet-enabled TV control device. Once you manage to navigate into the app store, there are but a scant few useful apps and a smattering of crappy games and info apps.

Don't get me wrong - I'm excited about new form factors of devices, and computational power showing up in more devices - but give me a device that I can use and that is multifunctional at its heart. It may have a nice skin and intended purpose, but technology changes rapidly, and I don't want to churn through hardware devices at the speed of change in software.

Part of this is that companies must accept failure -- or at least change -- as a possibility. Your framework, support, upgrades and management of a walled garden app store may be fantastic, but what if you ditch your entire business unit? (HP, I'm looking at you).

Apple has provided a solid model of the benefits of the app path, but few companies can match Apple in their abilities to keep up with the store - and even then, it suffers from being a disneyfied (http://phandroid.com/2010/03/16/iphone-is-a-sterile-disney-fied-walled-…), tightly controlled and kid-friendly store. The Android market is certainly a bit more wild and wooley, but that creates a new foothold for innovation.

This disneyfication is unavoidable for any centralized store, since that centralization focuses responsibility on to the ones who make decisions about what goes in to the store and what stays out - which ends up being increasingly restrictive and eventually anti-competitive.

As Dave Winer points out at Scripting News, this is a classic cycle in technology over control (http://scripting.com/stories/2011/12/31/theUninternet.html). This trope affects the continuum between being able to compile your own software to being able to download whatever software you like all the way to only having access to pre-approved app-store apps, but its influence also is seen in web services and consumer electronics.

There's a value to the app store model, as there's a value to Disneyland. You know everything is tailored, tweaked, padded and sanitized. If something goes wrong, it won't be your problem -- but the cost for this level of safety is freedom. Your iPhone works great, but just try to swap out its SIM card for an affordable local provider in another country, or, really, do anything that Apple hasn't approved of, despite if it would be useful or not to you. It's not called jailbreaking for nothing.

The Art of Failing

I have a critical flaw - not being able to say no to helping out worthwhile projects get their technological house in order.

I've left a trail of wikis, content management system-run sites, and creative cabling across three continents. One such effort was in the pre-iPhone world of the early 2000s with a creative social enterprise that empowered artisans to realize the full market value of their goods (often undercut by middlemen taking advantage of innumeracy, a need for liquidity, or both). These goods are then shipped to the US to sell. The NGO takes a small cut for its operations and the shipping cost, and everyone benefits. Beyond dealing with the unpredictability of the Nicaraguan electrical system, they were efficient in their offline practices, but saw the need for inventory tracking. That seemingly basic task is both a key to empowering online sales and other scaling activities, but is no short order. The system must be able to know what items were stored in what locations in the US and in Nicaragua, and meet the needs for a geographically disperse set of volunteers to sell those items at events. It also has to have a simple and largely foolproof way of adding inventory from the Nica office that can absorb a backlog of work if the power or Internet connection is off.

Web 1.0: Cue Cat No problem - totally doable. For the US side, we work with a Salesforce Foundation volunteer to create an online, cloud-based inventory system where the volunteers can log transactions live on the site using a re-purposed cue:cat barcode scanner -- the cue:cat itself being a dotcom-era QR code wannabe, best summed up by Jeff Salkowski of the Chigao Tribune as "You have to wonder about a business plan based on the notion that people want to interact with a soda can." and by Wired’s Leander Kahney as "a cheapo bar-code scanner that looks like a marital aid."

On the Nica side, the staff can add the inventory on a spreadsheet and batch upload it into SalesForce whenever they have power. This gives them an offline backup, and lets work continue (on a laptop) even if power cuts out. The Excel sheet automatically creates a code that can be barcode-ified for matching by the volunteer sales staff without painstaking scribbling of notes.

We’re in this to save and improve lives, not make a profit. If a plan fails, it’s lives lives - not just bank accounts -- that are not enriched.

Perfect, right? With so much time spent on the “challenging” part of the equation in Nica, not enough thought went into the sales side - often outside, at craft markets, sometimes in the rain. Not happy environments for laptops, rarely enough electricity or battery power to last the day, and never any wifi to actually connect to the Internet to track sales in realtime.

Times have changed, and the plan, like the cue:cat itself, may have a new life in our 3G-saturated world with QR Codes and Square point-of-sale gadgets replacing the bulky laptop, but at the time, it was simply a failure.

What do you do when your project just falls flat? Moving on and hiding it is the wrong answer. The right answer is that you get up in front of a crowd of your peers, donors, and investors (past and potentially future) and spill the beans. In the startup world, some amount of failure is expected, and even welcomed. Learning from failure is, after all, the best education out there. But in the do-gooder space of non-profits and international development organizations, failure is not an option.

The challenge is that we’re in this industry if you will to save and improve lives, not make a profit. If a plan fails, it’s lives lives - not just bank accounts -- that are not enriched.

There are obviously failures in development, as evidenced by the mere fact that we’re five to six decades in to concerted global efforts, and still working on it. More ICT4D projects fail than ever scale beyond the pilot stage. The World Bank bravely released its internal study revealing that while most of its projects succeed overall, in the ICT4D category of projects, only achieve their intended outcomes 30% of the time. Some of those may be wildly successful in unanticipated ways, others just complete flops.

Katrin Verclas has done the community a huge favor in creating and open-sourcing the concept of the FailFaire.

The Failfaire celebrates and de-stigmatizes failure by loosening lips with some alcohol and then throwing people on staqe for a tightly scheduled 5 minute moment of candor. Thanks to the open-source philosophy, these have spread to internal organizational events as well as a few public failfaires, most recently one hosted by Inveneo’s Wayan Vota in DC at the World Bank itself, and another coming up this December in NYC hosted by MobileActive.

The risks of failure in development work are clearly weightier than Q3 profits,which makes the relaxed, raucousness of a failfaire that much more important. For a community that has no normal mechanism for learning across the various implementers, the only way we can advance the whole cause is through these commiserations over good goals, good people, and solid technology completely failing - and learning from them.

This was best encapsulated after the event. One presenter discussed his media-darling pedal-powered phone booth for remote villages, which was a complete failure. Another Failfaire-er approached him afterwards to commiserate on similar problems - their own popular bike-powered computer system actually took almost seven people pedaling to reliably power the system. While bikes garner tons of often-misguided warm feelings and media popularity, they aren’t necessarily silver bullets -- a lesson for the road.

Tags

Open Source Society

Open Source all the things

This is a rough summary of my talk Tuesday night at DCWeek's Hot Tech Trends. Read more about the panel and continue the discussion over at quora

The trend I'm most interested in right now is actually as much offline as it is on. It really hit me a few weeks ago as I was reading through the minutes of an Occupy General Assembly. Here was a huge meeting with multiple viewpoints that was being successfully self-facilitated, prioritizing issues and moving quickly. This was a committee that was being collaborative, open, transparent, and still ... effective.

It really got me thinking on how we are are becoming accustomed to new social constructs in movements, government, and business. These concepts are familiar to anyone who's delved into the nuts and bolts of open source software -- like collaboration, shared or no ownership, team-building, and radical transparency -- but they're popping up everywhere offline.

So, I want to tackle the convergence of these concepts offline with the democratization of tools online

By democratization, I really mean simplicity and open to all. An important pre-condition to this is basic access, but we are increasingly living in an access-rich world, thanks to mobile. This year, Africa surpassed both European and the Americas and is now the second largest market for mobiles - behind only the Asia/Pacific region.

But beyond access, there is a new "digital divide" if you will -- the ability to create and engage in a participatory experience. Things like Twitter and blogging have long been low barriers of entry for getting your voice heard online. The exciting development in this arena is that it is mindbogglingly easy to create complex sites and apps with drupal and wordpress, at least compared to the work this would have taken 10 years ago.

This combination of a simple toolbox and open social constructs is powerful.

The past few years have been accelerating this convergence. Blogs and Wikipedia have permanently altered publishing, Twitter, Facebook and foursquare have opened up your social life, and Yelp and Tripadvisor have changed your customer service interactions with travel and dining destinations.

But more importantly, crowdfunding models like Kiva and Kickstarter are toe-in-water steps towards creating collaborative business models by seeking out customers and supporters in a very early stage and rallying their support around potential projects and products. Co-working spaces provide entry-level incubation for young startups with great perks of cross-startup networking and talent sharing. These fast prototyping models reduce overall risk and create engaged, evangelical customers and partners.

The social change sphere has jumped in to this intersection and is spawning hundereds of really exciting co-creation models. We've seen this in crisis mapping (Snowpocalypse, Haiti, Thailand), protest movements (Moldova, ArabSpring, OWS), open data mashups combining entrepreneurs and civic data (Apps4Democracy, UN Global Pulse), and even countries crowdsourcing their own constitutions (Iceleand and now Morocco)

The availability of these easy to use platforms and expectations of openness and co-creation is forcing new levels of engagement in all sectors. People are no longer OK with occasional, reactive, or superficial engagement.

My first human interaction with a brand shouldn't be after I post a negative tweet - nor should it be a annual 10 page user survey that never changes anything. I want to help build their business and be engaged at a strategic level, even though I'm "just" a consumer

If that sounds a bit insane and totally unscalable, just replace business with government and consumer with citizen and it suddenly sounds less crazy.

Business, non-profits, social enterprises, and governments will all need to open up not only their data or their superficial interactions, but begin to fully collaborate with their communities on their policies and business plans.

This means that 2012 holds a huge potential for global co-creation and new organizational frameworks, and anyone who doesn't begin to engage customers, supporters and citizens in this way is going to be shut out by organizations that aren't merely building their business with their users in mind, but building their business with their users.

With these concepts of shared ownership, highly functional teams, collaboration and transparency, combined with online structures that parallel these same values, we have a world where decentralized, democratized power structures forming across the digital/analog borders. This changes governance, economics, social change and business.

Holy shit, this is going to be a wild, fun ride.

"All the things" courtesy quickmeme with the amazing original comic by Hyperbole and a Half