Open source hasn’t made tech more open

There are two institutions dominating the top of the tech food chain today. On one side are big tech companies like Google, Facebook, Amazon, Microsoft and Apple, as well as China's big three of Baidu, Alibaba and Tencent. Alongside them are the massively funded, heavily staffed global cyberpowers -- most notably the US, China and Russia -- who are seeking to monitor and control information flows online in the name of national security or political control.

Both are intertwined. Sometimes intimately, as in China, where an Orwellian social credit system is taking shape, and private companies are becoming indistinguishable from the state's apparatus. In the US, tech companies are now the biggest lobbyists and political donors in Washington, while in Russia there is a battle against the message app Telegram. Together, these forces control the vast majority of information that flows online, either through data gathering, surveillance or censorship.

There is an opposition: Small, often bare-budget operations run by hackers, nonprofit activists and volunteers. These open-source, decentralized projects and cooperative alternatives aim to protect user security and provide them greater control of their personal data. Some, like Tor or Signal, aim to encrypt and protect digital communication from the peering eyes of governments and corporations. Others, like Orchid, Dat or Blockchain-based protocols such as Ethereum want to return the web to it's initial, decentralized roots. Whether or not they get more people to adopt their alternatives could determine whether the years-long trend toward greater corporate and governmental control of data will continue. At stake is nothing less than the future of the internet itself.

"We need to find a way to balance our own privacy and security and the data economy we have built," said Mark Surman, executive director at the Mozilla Foundation. "We need to look at ways that both companies and governments are reigned in."

Email, at its core, is simply a protocol to send messages directly from one server to another, without the need for a central system or governing authority. This was how the internet was designed. No matter what browser you're using, or what your operating system is, you can access websites, mailing lists, message boards anywhere due to the use of standard protocols.

Today, nearly everyone relies on the same few platforms. Some, like Amazon Web Services, host an increasing number of websites. Others, like Google's search or Facebook's news feed, are how we find or discover news or videos. Together, these few big companies now control much of the flow of traffic online.

"Once you're on Facebook or on Instagram, you're locked in, and you're locked in because all your friends are there," Surman said. "We don't have choice."

Now, the internet is primarily used to access platforms like Google, Facebook, Twitter and others. This is why researchers have found that in parts of Southeast Asia, people regularly confuse Facebook for the internet itself. "Unfortunately, today the internet is being used as a transport layer for people to build walled-garden communication networks," said Daniel Kahn Gillmor, senior staff technologist for the speech, privacy and technology project at the American Civil Liberties Union.

Of the more 3 billion people online globally, two billion of them are on Facebook, with much of the remainder likely behind China's Great Firewall. In fact, in China, apps like Tencent's WeChat dominate not just messaging and social media, but payments, transportation and, in 27 cities, municipal services such as paying electricity bills or traffic fines. Soon, Chinese residents might need WeChat to travel.

Governments are scaling up too, with the US Army's Cyber Command now including over 19,000 soldiers and civilians. And one can only guess at the size of what might be the biggest operation of them all, China's opaque censorship, security and online surveillance behemoth, estimated to have at minimum 50,000 staff dedicated to monitoring and controlling the world's largest internet and mobile market.

The revelations of government spying by Edward Snowden was the impetus for some of the first generation of privacy apps and protocols to expand. One of the most successful is the Tor Project, a free, open-source browser and apps that allow for anonymous browsing and communication and has 2 million daily users. Lately, there has been a new wave of privacy concerns, stemming from fake, viral news, state-sponsored hacking during the 2016 US presidential election, and, more recently, the Cambridge Analytica scandal, in which the firm used Facebook to harvest data from 50 million profiles to do massive data-based psychological targeting.

Yet the scale of these alternative projects is quite small. Mozilla, one of the largest non-profit foundations in this space, has a budget of just over $400 million. The Tor project has a total of 35 staff, while Qubes, a secure operating system used by Snowden, has just a dozen core members. Most of these projects count a large number of dedicated volunteers and open source contributors and are almost always in need of more financial and human resources. In contrast, Google now employs 85,000 staff around the world, while Facebook has 27,000, and the combined market value of the two companies is an astounding $1.27 trillion.

Considering the scale, it may be too much to expect real alternatives to the dominant technology platforms. The incentives and competitive dynamics of the digital economy might be broken. Snowden's 2013 revelations were a big media story, but in the end had little impact on the bottom lines of the companies mentioned as part of Prism including Google, Facebook, Microsoft, and Apple, all of which are bigger today than they were five years ago. Similarly, Facebook saw a rapid drop in its stock prices right after The New York Times and others broke the story about Cambridge Analytica, but it's recovered to near its all-time highs. Its most recent quarterly figures showed no drop in user numbers either.

"They have not been hit too hard by this massive misuse of user data, and that's troubling because it means that users are so trapped into using Facebook even a massive scandal does not really change their behavior," said Nathan Schneider, a professor of media studies at the University of Colorado at Boulder. "That is a very disturbing level of monopoly-type power."

Google dominates email, search, maps and has an even more sophisticated data-gathering operation today than 2014. Facebook is selling even more highly personalized ads based on the data it gathers about us -- data that is, as many are finding, incredibly personal. Together, the two control an estimated 67 percent of all digital advertising revenue, and are capturing an even higher percentage of yearly growth. All of it is dependent on centralization and control of data.

"The way the advertising business works today is the surveillance economy ... their bread is buttered by building detailed dossiers on individuals and on communities so they can do predictive-behavioral analytics of individual," said Gillmor.

Open source projects have spurred action among consumers too, such as the rapid growth in use of ad-blocking plugins. They also occasionally force the giants to take a pro-privacy move, such as Facebook's decision to allow its messaging app, Whatsapp, to have industry-standard end-to-end encryption.

Still, it has not been enough. Take, for example, open source. Even though the dominant web-server software is open-source Apache and 59 percent of websites run on the open-source Wordpress content management system software, this hasn't prevented centralization or control of data by Google, Facebook and others. A more clear example of this failure is the world's most popular mobile OS -- Android.

"Android is built on Linux, and is a key piece of open-source software, but also the most powerful tool for corporate surveillance ever invented," said Schneider. "This intellectual-property hack has been very amenable to the needs of very centralizing, profit-seeking enterprises."

The growing decentralization movement, which seeks to take the web back to its initial roots, may not be enough, either. Email is still technically a decentralized protocol, but most of us depend on tools from just a few companies –- Google's Gmail, Microsoft's Outlook –- to access it.

Another idea that has been gaining attention is platform cooperatives – user-owned, democratically run alternatives. One of the most successful early-stage platform co-ops is Resonate, a music-streaming service that aims to provide an alternative to Spotify, the dominant player in the field and one that is notorious for its low payments to artists. Resonate would be partially owned by listeners, musicians and labels, all of whom would have voting rights, and have an ethical, open formula for distributing revenues to musicians. It recently raised $1 million and is quickly approaching a full launch.

"Once we get through that process of really getting things much more stable and user-friendly, then we'll be able to go after more aggressive marketing campaigns and promotional activities and grow the community," said Peter Harris, the founder of Resonate.

It will be a challenge. Resonate remains a niche player and lacks access to the huge catalog of songs that Spotify has. In essence, this is another variation of the same network effect that keeps users trapped on Facebook or Instagram.

One possible conclusion is that governments and other regulatory authorities need to treat digital platforms as monopolies.

"If there isn't enough meaningful market competition to hold these companies accountable, there may be need for antitrust, which is increasingly being talked about," said Schneider.

The obvious tool -- breaking up a company, as the US did in the 1980s to tackle the Bell monopoly, would have to be altered for the uniqueness of the digital space. Companies now operate across borders and provide a diverse range of digital services that an increasing percentage of the global economy depends on.

"If governments are going to step in and play a regulatory role, we need to really make sure they do it creatively, in a way that focuses on the core principles of the internet -- open APIs, interoperability -- rather than more traditional things like breaking up companies," said Surman.

Open APIs (Application Programming Interfaces), are protocols or tools that allow apps and internet-based applications to communicate. If designed properly, they could allow various social network alternatives to Facebook to connect with each other, reducing the impact of any network effects that force users to stick to one platform because all their friends and contacts are there. Government action could also force some form of user ownership or control of platforms, shifting the economic model into one that is more cooperative.

"If a company can demonstrate that it can meaningfully self-govern itself, that can be a way of escaping more drastic regulatory oversight," said Schneider. And privacy could be one way competing platforms could stand out. Imagine the impact of the Cambridge Analytica scandal if Facebook users had an alternative platform they could quickly switch to while still being able to communicate with their friends. In that world, the impact on companies who violate privacy could be big enough to actually change industry practices.

It remains a question, however, if governments will act. The US has not broken up a monopoly in decades, and the current administration has shown no appetite for a shift. Some pin their hopes on Europe, which, through the implementation of the General Data Protection Regulation could give regulators the power to hold companies that violate user-privacy accountable, though it only went into force in late May.

There is likely no single solution. That is why Mozilla takes a three-pronged approach -- working to build alternatives, like the Firefox browser, running advocacy campaigns on key issues such as encryption, while also lobbying for better digital policy.

"Unless we can actually open up competition it's really impossible to imagine new products breaking into the market," said Surman. "But unless new products break into the market, regulations aren't going to matter, and if consumers don't say what they want ... you're not going to have a better internet."

The battle for the future of the internet is likely a battle without an end. Technology is ever-evolving, as is privacy, security, and our expectations of it. As long as corporations control the internet and rely on an economic model that profits from user data, is it likely that we will keep seeing the same battles between individual privacy and control of data for years, if not decades.

"There is no end game for the internet, no final destination," said Camille Fassett, a reporter with the non-profit Freedom of the Press Foundation. "I cannot imagine there will ever be a time at which the internet will become 'secure' when we can stop thinking about and actively pushing for security and privacy."