Of Morality and Software Development

Thursday, January 27, 2011 - Jerry Sievert

It's not every day that I find myself in a conundrum -- not just any conundrum, but a moral one. I rarely think of computers and software in the terms of morality: right and wrong, good and bad, but instead the expression of ideas, a beautiful manifestation of thought. This time things are different.

Let me back up a little bit. It was the height of the WikiLeaks release of the Iraq War Logs and I was outraged. Typically with outrage comes the desire to do something about it: this was no exception. I figured that I could do something about it, but I wasn't willing to risk my own hide by hosting a copy of the data on my own servers. Laws here in the US are fickle. I could be in the clear, but still end up on some watch list. I could legally be OK, but if my travel is suddenly impeded, that's a bad thing. I may be idealistic, but when it comes to the possibility of losing my livelihood or being put on some sort of watch list I tend to take a step back.

But I had an idea. What if I were to build something that required very little effort to set up and maintain, and allowed others to be as subversive as they wanted. The idea was pretty simple: why not just build a giant distributed cache? Ambitious? Yes, but doable. Really, it's just like opening up your wifi router. Right?

I started by building a node.js server that could answer for any domain name pointed at it. The idea was that the server could handle any type of content: just supply a domain name and a resource to be returned and the server would check its data store, grab what it knew about, and serve it up -- a pretty straightforward implementation. A simple hosts file change and anyone can get any data from anywhere. Augment this with a fairly simple replication strategy and you have what I like to call The Anonymous, Autonomous, Self-Replicating Web.

Replication was easy. First I built a quick in-memory store and started connecting copies of the server via websockets to each other. As files were uploaded, they got replicated to any other server that happened to connect via a websocket and announced itself as a replication server. Each of those replication servers was to obey the same rules, answering to any domain name it knew about, replicating blindly. That fulfilled all of my requirements. Extremely simple, the whole thing: less than 500 lines of code. Easy peasy. Right?

That's when I started thinking. Is this really a good idea? The potential for good was huge: the ability for anyone to upload anything into the cloud, have that replicated to an army of servers spread throughout the Internet, where any host can answer for all hosts. Unfortunately, the potential for bad was also huge. Sure, I could limit the types of files that make it through replication: keep it to text, but that would limit the data that I can deal with. But, my mind still continued to race. What about child pornography (that's the big bad), what about espionage, what about (egads! here's where we get into real trouble) PIRACY? That didn't make me happy. There are just too many other ways to deliver data. Removing a line of code to defeat my limitations was just too obvious. So what should I to do?

Obviously, if I can build it, anyone else can. Sure, I kept it small and fast, but that doesn't mean anything in the grand scheme of things. Should I release it? Probably not. I'm just not willing to undertake the liability. But I will be the Devil whispering into your ear, "if you build it, they will use it." Build it, use it, smile, nod. Technology is good: don't be evil. Technology is evil: don't be good. I'm just not sure that I can straddle that chasm. Thus my conundrum.