Just like our roads, bridges, electrical grid and airports will deteriorate without public investment, so will our software infrastructure without action.
Imagine the security screening system used at your local airport has broken down for the second time this month. Unfortunately, nothing can be done because it is the responsibility of one guy, Bob, to ensure the security screening system is working. And Bob is an unpaid volunteer.
Bob has a full-time day job, so he can only do security screening repair on nights and weekends, and only when it isn’t soccer season because he coaches his girls in the evening during soccer season. So the security of our skies will have to wait until soccer practice is over.
Sound ludicrous? This is exactly the situation we’ve come to accept as normal when it comes to the software infrastructure that powers all of the world’s phones, computers and the applications that run on them.
This came into stark relief earlier this month when one obscure but heavily used piece of software called xz — which is maintained by a single unpaid volunteer developer — was compromised, likely by a well-funded state actor like China or Russia. The most alarming part of this hack, and what it made crystal clear, is that our global software infrastructure — used by large corporations to generate billions of dollars of wealth — is built on the backs of unpaid labor.
This is dangerous, and it needs to change.
