Software Freedom and the Cloud

Cloud computing is not just disruptive to the software market; it's also disruptive to software freedom advocacy. Software freedom has been defined as being present when any recipient of a software binary has the freedom to also use the source...


Cloud computing is not just disruptive to the software market; it's also disruptive to software freedom advocacy. Software freedom has been defined as being present when any recipient of a software binary has the freedom to also use the source code for any purpose, study the source code, modify it and distribute it themselves. Cloud applications fail this test at the first hurdle, since no-one is actually receiving a software binary and thus the "four freedoms" analysis to determine the presence of software freedom is inapplicable.

Does this mean no-one should use cloud solutions? While there are some extreme voices that assert abstinence, I think that's an untenable position. Cloud computing offers so many benefits - many resonant with what people have historically sought from software freedom - that it's sure to be used. Listening to entrepreneurs and investors here at OSBC, there's no doubt that the future of software has a substantial dimension in the cloud.

All of us live on a continuum when it comes to software freedom, with almost all selecting a compromise point that is neither at the extremity of avoiding every trace of non-free code in their lives (including firmware, software used by suppliers and more) nor entirely in the pocket of proprietary vendors.

For my personal choices, my rule is I will use open source software as much as I can without it needing to become a hobby to maintain it. Applying this rule, I use a mix of open source, open core and closed technologies. I'm always give preference to open source solutions, and I'll tolerate more "hobby maintenance" for critical control points, but there's always a line that has to be drawn. I aim to draw that line consciously and based on understanding the alternatives, with a clear bias to open source.

The same principle applies to cloud solutions. It's crucial to ensure your freedoms are protected as you select a cloud solution. Not because of some philosophical imperative, but pragmatically because the ways we protect our businesses turn out to depend on those freedoms.

As an individual, I am committed to the principles of software freedom; in business, I want the cost control that comes from always being free to negotiate with my suppliers, the flexibility to be able to respond to business change on my own terms, along with the other business values I've documented before. Consequently, seeking software freedom in cloud computing is a matter of knowing how and where to "draw the line".


This is still an evolving topic, but it seems to clear to me that crucial factors include

  • separating out control points,
  • ensuring meaningful data export is possible,
  • understanding new service risks and
  • where possible ensuring the whole solution can be rehosted at will.

By control points, I mean things like user/identity management which can appear as meta-topics in a hosted SaaS solution and may not be easily exportable.  At ForgeRock we use our own identity provider despite using cloud-hosted mail, productivity and business systems, so that in the event we migrate we have both the business data and the identity graph that animates it. Every cloud solution is likely to have these meta-control points and protecting your freedom means owning them yourself.

Meaningful data export means more than just being able to export and re-import into the same application. That's an important first capability but being able to re-parse the data and use it in a different application is also import. These are very early days and all the formats I've seen are application-specific, subject to arbitrary change and not standardised. It's hard to protect your freedom here.

By new service risks I mean the additional risks resulting in running software outside your own company. What used to be under your control and on your premises is not subject to both a service agreement and also to terms of use. If the cost of complying with local law in the service providers country becomes greater than the cost of satisfying the agreement with you, guess what will happen? The trigger may not even be your behaviour; it may be that actions by another customer will cause loss of service or even shut-down.

Ultimately, your best protection is to be able to rehost your service elsewhere. This is where traditional views of software freedom become important. If the whole solution is open source, if there are no dependencies on meta-control points outside your control and if the existing data can be exported live and whole, you have the ultimate protection for your freedoms.

It's early days for considering this. The thinking surrounding software freedom and then open source has taken decades to mature, so it's no surprise the equivalent thinking around freedom in the cloud is still young. What matters is taking concious, informed decisions with a view to protecting your freedoms and the business pragmatics they enable. In the cloud, that's your responsibility alone.

Follow Simon as @webmink on Twitter and Identi.Ca

"Recommended For You"

EU FRAND Report Signals Problems The Open Cloud Initiative