On openness and privacy
This is a draft. I'd like to refine this essay - I'm sure there are places where the wording is awkward, where arguments don't make sense, where things can just be said better. Please leave your thoughts - and your revisions - either in the comments here (which I'll incorporate into the wiki version), or directly on the wiki version itself.
On openness and privacy
I'd like to talk about openness again today - on openness and privacy, and what the terms mean and how they intersect in the context of open-source development.
In particular, I'd like to talk about how openness and privacy do not oppose each other - and how, in fact, working on one will actually benefit the other. This might sound strange, since one is about sharing information and the other is about not sharing information. However, how and what type of information is shared in each case is what allows the two to be nearly symbiotic.
First, what is openness?
I'll describe it here as free (libre and gratis) access with the ability to understand and utilize a resource.
Note the caveat on "ability to understand and utilize." If you put something on a high shelf and allow anybody to take it, it's "freely available to all." But it's not equally accessible to all. And while you can never make anything equally accessible to everyone, there are often things you can do to make it more available to a larger number of people. That's part of your responsibility if you are sincere about making things "open."
I want to emphasize this - having your stuff "free" and "out there" is not enough. Sometimes programmers tag a bug as "worksforme" to mean "well, I could do this, so therefore the bug does not exist." This works in software, but it does not work in life (which is more fuzzy and much harder to debug, and runs on over 6.60 billion different kinds of processors as of right now. For many things, worksforme is a terrible justification for tagging something as "wontfix" unless you're completely sure the generalization of worksforme == worksforall is true.
This is your responsibility as a maker. To make change with the things you make, people must use it.
Now, what is privacy?
I will describe it here as the ability to choose what information about yourself you wish to share (or not) with whom, and when and why. The ability to be anonymous is part of this. The ability to create and share and own your own identity is part of this. It's tied in heavily with the notion of ownership and control - that you can shape yourself and what we know about you, and that this is your right (to some extent defined by law).
Note that privacy is about you. It's possible to maintain your privacy and still be open about the work you do, so long as this work is about something outside yourself. You don't need to share your phone number in order to give a solution to a math problem, or tell people how old you are, or where you're from, or what politics you do and don't support. You can even build up a separate identity - for instance, with a pseudonym - to preserve your other (usually "primary" or "real-world") identities while still building up a track record for the "open" work you do.
Openness and privacy are not opposed.
We're starting to see here how they're similar, and actually aligned. In order to be truly open, information needs to be available and usable by people who want to preserve their privacy.
You can't say "well, anyone who's interested, just contact me personally." That's not enough. Some people will not - can not - contact you personally and ask. The barrier of having just one person knowing that they're doing something can be too high. They might not have a means of getting back your message. It might be dangerous for them to leave a trace - if you could be attacked or killed for doing something, you probably won't contact someone you've never met for further information on it. They might be shy or scared of wasting somebody else's time. (You know the little kids who never talk, but who'll pick up a toy or a book you leave out on the table when nobody else is watching, and then become engrossed in playing with it? Those. They grow up*.)
*I did. (In other words, this worksforme. ymmv.)
The knowledge that your privacy is safe, in turn, promotes openness. When you're not afraid to share, and when sharing doesn't hurt you - when it helps you - you tend to do it more. When you can share things anonymously but still listen back to what people are saying in response without you having to reveal you are the author, your work becomes about the work, and not about you. It doesn't divorce your work from context - all works still have a context, and are undeniably written through the lens and frame of mind of their creators - but the context comes from people; the context is not itself a person, and this helps separate creator from creation so we can judge the work on its own merits.
This last bit is a loaded phrase. Sometimes knowing more about the author's identity makes a work "better" to some people. I think this is important, but I also think we place far more importance on it than we should (just because somebody said something worth listening to before doesn't mean that everything that issues from their mouth henceforth is gospel, to exaggerate a trend). New York Times Bestselling Author! Well, good for them. But is their new book any good? There is a study - I am trying to find it again (help welcomed) - that used scholarly citations to rank the "goodness" of a paper. They found the people that published "good" papers (cited by many other papers) were not more statistically likely to produce a "good" paper (in other words, they had the same hit-to-flop ratio as many other scientists). They just wrote more, and so they had a larger number of hit papers than the rest.
Openness helps us with this type of evaluation, because when we have the work available for us to judge for our own selves (instead of trusting what "authorities" on the subject say without our own critical thought on top of that). When we separate the work from who made it, we (1) can actually make our own judgments in the first place, and this (2) depersonalizes the conflicts in opinion that inevitably follow lots of people saying what they think of something. And once again, privacy - the ability to withhold information about yourself from judgment (or submit it, if you want to share that you are X, who has credentials in this field) - is crucial to this dynamic.
On building trust
The synergy of openness and privacy are needed to build trust.
Trust is an important thing to cultivate and preserve, and I believe that making information open and accessible to those involved in the conversation is a huge part of building that trust within the group you're working within. Makes sense, really - if you can't communicate, you have no information as to whether or not you want to trust somebody else in the first place. Now, this should be a "duh" thing, but it's not - sometimes we forget that we cannot hear the people who can't join the conversation in the first place.
Make sure your conversation includes the people that it really should - not just the ones who speak up first and loudest. Make sure the people you are talking to are fully aware of the terms of the conversation - that it is crystal clear what can and can't be shared (best done by specifying a default, and then making a clear and obvious way to mark things otherwise).
Both are incredibly hard in practice, especially when the you-know-what hits the fan.
At TOPP, there's been a lot of thought and conversation on the difference between open source as-in-license, open source as-in-accessibility (in the sense of users being able to find/easily-run/easily-modify the software - is the code gnarly, the application easy to use?) and open source as-in-information-flow-and-culture (is there a volunteer community? do they know what's going on? do they drive what's going on? what's the relationship between "official employees" of the project and volunteer contributors?)
Likewise at OLPC. Communication is incredibly hard to do. From the "inside," it seems obvious, and sometimes annoying - people are knocking at your door, demanding things you think they're misinformed about. Why don't they understand you're too busy working to solve the problem to tell them about it? Why won't they go away? We're hosed! We can't do anything about this!
Well, no. You can.
You can put out a sign saying "WE'RE HOSED. We really want to talk and listen to you, but we can't right now - we realize X is a problem, and we want to sit down and talk about it. Could you please do us a favor and hold your horses and your speculation until this date, when we will set aside our time to dialogue with you in such-and-such a forum? In the meantime, we are buried working on the problem - we will fill you in on what is going on when we sit down and talk. While you wait, here are some things that you can read and do..."
That's open. That preserves the privacy you have to keep the things you're doing (including potentially sensitive things that can't go to the public) until you can figure out what you do, in fact, want to tell people. You can be open about the fact that you are exercising your right to privacy - and make it clear that this is not because you're mean, or that you don't trust others - but because of other factors, whatever they might be.
I note here that I do this very poorly myself, because when you are hosed, it's tough to pull back from the deathcrunch and swallow your pride and put out a sign that explains how you... well, can't deal with things as well as you would like to. But it does keep you honest. And keeps the lines of communication open. And perhaps that helps you respond a little better than you would within a vacuum.