COVID, Open Source, Industrial Policy

By the time you read this post, you are likely bombarded with news and tweets about the antitrust hearing of the big four tech companies (Apple, Amazon, Facebook, Alphabet) and their respective quarterly earnings. Meanwhile, another announcement happened in the tech world that I believe could be just as impactful but received relatively little attention: the Linux Foundation’s announcement of its public health initiative to combat COVID-19.

Let’s dive into why the Linux Foundation Public Health (LFPH) initiative is important in this humanity-scale fight against the coronavirus, the global collaborative potential of open source technologies, and the strategic value open source should play in a country’s industrial policy.

Dissecting the LFPH

To date, the LFPH is one of the few COVID-related initiatives that is technology-oriented and global in nature, as opposed to financial-oriented in the form of monetary policies and stimulus packages. Its founding members are the following seven companies:

• Cisco
• Doc.ai
• Geometer
• IBM
• NearForm
• Tencent
• VMware

While its global coverage may surprise some people, it’s actually the default in open source. All open source technologies have a global reach, because the code base is public, transparent, and accessible to any person with an Internet connection. She can download the codebase to run, copy, modify, and distribute it however she likes. There is no “going global”; you are global from Day 1. Thus, collaboration in open source always attracts contributions from a worldwide audience. While this initial cohort of members heavily represents the U.S. (Cisco, Doc.ai, Geometer, IBM, VMWare are all American companies of various sizes), it also includes NearForm, an Irish tech consulting and training company, and more notably Tencent, a Chinese tech giant. Tencent’s involvement very much runs counter to the stream of current events between the U.S. and China -- dominated by sanctions, distrust, and the closing of diplomatic posts. It’s worth pointing out that out of the big tech players on this member list, only Tencent and IBM have actually done some COVID-related open sourcing already. Four months ago, Tencent open sourced a global case tracking software with an AI-based digital health portal, and IBM open sourced a dataset of epidemiological case reports.

The LFPH also hosts these two open source projects:

• COVID Shield: a COVID exposure notification app developed by a volunteer team at Shopify, the Canadian e-commerce giant, currently in the process of being deployed in Canada.
• COVID Green: a similar exposure notification solution developed by NearForm to support the Irish Government’s response to COVID-19.

Both of these solutions are built on top of the Google Apple Exposure Notification (GAEN) system announced in April. A version of it was first made available in May as part of the iOS 13.5 update.

It’s useful to nerd out about GAEN’s technical specs for just a bit here to understand why this protocol was embraced by the LFPH in this first phase of the initiative over other alternatives. This protocol is a hybrid of Bluetooth Low Energy technology with cryptography -- meaning it’s likely the most privacy-friendly and least intrusive option for building exposure notification apps. The distance limit between two devices that communicate using Bluetooth Low Energy max out at 100 meters (~330 feet), which is not that far, but far enough to do COVID contact tracing. It’s also opt-in by default, as opposed to opt-out, giving users the choice. Combined with cryptography that encrypts the shared data so only relevant institutions (e.g. public health authorities) can access the information, the GAEN protocol strikes a decent balance between data sharing and privacy protection. Of course, it also has the added benefit of being developed jointly by the two tech behemoths that collectively owns close to 100% of the world’s smartphone operating system market share, making distribution much easier.

There are two other alternatives to GAEN. One is a Bluetooth-based protocol not developed by Google and Apple, currently adopted by countries like Australia, Malaysia, and France. The other one is a GPS-based protocol, which is likely more intrusive since GPS is generally used for location tracking via satellites not just near-distance communication like Bluetooth. This protocol is currently adopted by countries like China, India, Israel, Singapore, and New Zealand.

The LFPH publishes and maintains a very helpful graphic showing which countries are adopting which one of the three protocols: GAEN Bluetooth, non-GAEN Bluetooth, GPS.

You don't have to squint too hard to notice one conspicuous absence: America. We will discuss that shortly when we get to industrial policy.

Open Source Nuances

For readers who are not steep in open source, it may not be totally clear why this foundation-led open source initiative is such a big deal. I’ll do my best to explain the significance without the jargon.

Open source technology development: Two of the most important, and somewhat counterintuitive, advantages to open source technology development are speed and security.

You’d think that developing software in the open, where the whole world can participate, can be messy and slow. The reality is the messiness and slowness do happen, especially during a project’s early days, when both the technology and the processes organizing its development are immature. But once some best practices are established, the velocity of improvement is much faster than a similar technology developed behind closed doors. Having the whole world download, test, deploy, and debug your work is extraordinarily powerful, if you know how to organize that energy and attention.

Open source technology is also more secure and trustworthy. Having the codebase public and transparent to all may feel like oversharing, exposing the technology to attacks and security breaches. In reality, allowing security experts and hackers to easily access and test the codebase is the best way to secure the technology continuously. As I’ve written in “Can ByteDance Build Trust?” and many other posts, sunlight is the best disinfectant, and open source is that sunlight in the technology world.

Look no further than the U.S. Department of Defense’s (DoD) deep adoption of Kubernetes, an open source container orchestration software, as an example. Right now, the U.S. Air Force’s F-16 fighter jets are running three concurrent Kubernetes clusters. Few machines require more robust security than F-16’s.

Defeating COVID-19 will also require technology that can both improve quickly and be secure and trustworthy. Developing such a solution the open source way is a no-brainer.

Foundation: the role that a foundation plays in open source is more subtle. While a foundation’s involvement in an open source project is by no means necessary, it can help in two meaningful ways: accelerate development and vendor neutrality.

Foundations like the Linux Foundation, having organized, governed, and fostered many large-scale projects, have distilled lots of experiences and best practices that can help reduce some of the messiness and slowness that often plague young open source projects. Both COVID Shield and COVID Green are most certainly young open source projects. Their progress may be hampered if they are driven solely by Shopify and NearForm, respectively. By having the LFPH “host” these two projects (and likely many others in the future), they can all leverage the foundation’s know-hows in IP management, technical governance, community building, and many other essential elements of open source to accelerate their development.

A foundation also provides vendor neutrality to the technology. Neutrality is key for an open source project to achieve wide and deep adoption, because no big user can tolerate the risk of being locked-in by another company. The DoD would not invest deeply in using Kubernetes if it was still a Google project, where it was first created; it would not want to be locked-in to any Google-imposed restrictions or dependencies. Because Kubernetes is hosted in the Cloud Native Computing Foundation (CNCF), a sub-foundation of the Linux Foundation, the lock-in risk is reduced.

Global collaboration on solutions to fight COVID no doubt requires the same neutrality. Many national governments and public health authorities are involved, and none of whom want to be locked-in to any vendor. Fittingly, the LFPH is led by Dan Kohn, who was the executive director of the CNCF for four years. He’s done this before.

Full Stack Industrial Policy

Coming back to the American flag being noticeably missing in the Linux Foundation's public health landscape graphic, there is little doubt at this point that America’s top leadership, in both the White House and Congress, is grossly dysfunctional and incompetent. Without a coherent national plan, different state governments are left to their own devices. Some states, like California, New Jersey, and New York have decided to not adopt the GAEN and opt for manual contact tracing. Other states, like Alabama, North Dakota, and South Carolina said they would adopt the GAEN, but have yet to approve and release any app for people to use. The inconsistency and inaction have made controlling this pandemic that much more difficult.

The LFPH presents a new template, with neutrality to both technology vendors and partisan politics, that has the potential to facilitate the large-scale collaboration necessary to develop solutions for large-scale problems, like the coronavirus. By bringing together a common infrastructure layer (the GAEN protocol), a few open source applications to develop and foster (COVID Shield, COVID Green), and both big and small companies who are willing to put in resources and expertise to support the initiative sustainably, the LFPH is a full stack solution.

More than ever, America needs to fully embrace and leverage open source from the very top to: 1. Defeat COVID in the short-term; 2. Put forward an industrial policy and long-term vision.

Arguably, America has not had a holistic industrial policy since NASA’s space program landed humans on the moon and the National Interstate and Defense Highways Act of 1956 built the interstate highway system. Combining Washington DC’s mostly laissez-faire stance since the Reagan Administration with four decades of globalization, many companies have profited handsomely by offshoring their supply chains, while America’s own capabilities have deteriorated. Rebuilding these capabilities is not easy; just because you used to have it, doesn’t mean you can have it again with the snap of a finger. The latest and most painful example is Intel’s massive delay of its 7nm chip manufacturing process, forcing it to place a big order with the rival Taiwanese foundry, TSMC.

Open source is not the panacea to all of these massive challenges. But strategically incorporating both open source technologies and the spirit of open source collaboration can replenish much of this deterioration of American industrial capabilities. Like I noted earlier, one of the biggest strengths of open source is speed of development.

There is reason to be hopeful. During the waning days of the Obama administration in 2016, the White House released the Federal Source Code policy. Among other things, this policy requires all Federal agencies to open source 20% of their custom-made codebase (yes, the government builds plenty of their own software), all of which is centrally organized and accessible on code.gov. The goal is to improve reusability of software among Federal agencies (don’t reinvent the wheel) and allow the public to leverage these softwares as well. Both the policy itself and all the open source repositories housed under code.gov are managed publicly and transparently -- as all open source projects should.

All this open source work has been continuing since without much attention or fanfare, building processes and best practices within the Federal government. For what it’s worth, the American government’s open source muscle is much stronger than that of the Chinese central government’s, though officials from the Ministry of Industry and Information Technology have been participating in open source related events more actively in recent years.

A strong, official embrace of open source as part of a larger industrial policy is both desirable and realistic. We are seeing signs of this happening elsewhere. The UK government has publicly pushed for OpenRAN, an open source telecommunications solution to build 5G networks, so countries are not locked-in to either Huawei, Nokia, or Ericsson (recall vendor neutrality). I’m not advocating for top-down industrial planning in America, like what’s happening in China or South Korea. The free market is and should continue to be the dominant engine of growth and innovation. Federalism also serves an important function -- state and local governments should have the autonomy to adapt Federal leadership and direction to local conditions. The problem now is: there is no leadership, no direction.

Fighting a global pandemic and rebooting the world’s largest economy will need a humanity-scale effort that requires sharing, collaboration, and positive-sum thinking. Open source embodies all these values.

If you like what you've read, please SUBSCRIBE to the Interconnected email list. New posts will be delivered to your inbox (twice per week). Follow and interact with me on: Twitter, LinkedIn.