Open Projects Escrow

Related link: http://www.atnewyork.com/news/article.php/2107891

In recent weeks after the MusicBrainz launch I've been talking a lot about the project and answering questions. One of the frequent questions I have to answer is about the possibility of me selling out the project and taking my wad of cash and moving on to the Bahamas. After CDDB turned from an open source project into a fiercly protected closed enterprise this is a valid question for people to ask.

Joi Ito recently asked me the same question and I rattled off my typical answers of mirroring the data far and wide and designing the system so that in case I (or someone else in my team) decides to sell out that the system could route around the problematic nodes in the system.

We then proceeded to talk about using Emergent Democracy techniques for electing a new leader in case the current leader sells out. The key here is that the community of MusicBrainz users is more important than the technology that powers the project. So, in order to have a truly effective defense against the leader selling out, the project must ensure that the community would not blindly follow the compromised node as it happened with CDDB.

Source code escrow projects like O-STEP that encourage companies to place source code to into escrow for release in 2-3 years later are a great start. However, O-STEP will not be able to help with placing a whole community into escrow. What needs to happen is that projects that rely on their communities need to be able to place domain names and private user data (passwords, email addresses, etc.) into escrow.

When a project leader sells out, the rest of the project members can turn to the escrow agent to release the domain name and the private data to the new leader so that the project can continue. The domain name gets routed to the newly elected hosts and the private user data gets loaded into the newly elected leader node and life continues as if nothing ever happend. If this sytem is swift and effective the community may not even notice that something went horribly wrong with the open project.

I see the need for these services arising as more community sites emerge. But, who will provide such services? Who do we trust enough for us to assign control over our domains? And more important still, who do we trust enough to escrow private user data? The FSF? Creative Commons? The EFF?

Who will be the guardian/watchdog of open communities?