[A2k] After Snowden: Prioritising Free Software for Computing You Can Trust

Frederic Couchet fcouchet at april.org
Fri Feb 28 03:23:35 PST 2014


Hello,

An article, signed by the president of April and myself, was published
this week in the popular French newspaper Libération :

http://www.april.org/en/after-snowden-prioritising-free-software-computing-you-can-trust

After Snowden: Prioritising Free Software for Computing You Can Trust

What does Edward Snowden reveal to us? First of all, that, contrary to
what the outraged yelping of the American administration would tend to
have us believe, this is not an affair of State, but rather an affair of
all the States. The weakness —and even the absence— of diplomatic
reactions show rather clearly that PRISM and its galaxy of surveillance
programs, even though they were built under the aegis of the NSA, are in
fact today a global marketplace for the exchange of private data, in
which all US allies are involved, at varying degrees of intimacy.

Let us repeat it, PRISM and associates are not the work of one State,
but of every State. Tomorrow, the American NSA will no doubt have become
the Chinese NSA, but, unless we, the people, curb it, it will remain
this insane and obscene compulsion to peek through every digital
keyhole. In France, the adoption of Article 13 of the Act on Military
Programming, which disregards unfavourable opinions of the French Data
Protection Authority (CNIL) and the French National Digital Council,
recently illustrated this trend. Thus, the Snowden affair invites us not
so much to debate geostrategic balance as to reflect on our
relationship, as users and citizens, with technology, and especially
with IT.

For, if we cannot completely trust our governments, can we at least
trust our smartphones, our computers, our applications, or centrally
hosted services? Here also, unfortunately, the answer is “No”. The
information disclosed by Edward Snowden shows that the innumerable NSA
intrusions were possible only because of low resistance, and
deliberately created security breaches in major proprietary
programs. Our computing was therefore acting treacherously—often
deliberately so—and communicating, unbeknownst to us, information that
we were considering private.

This being said, what would computing we could trust look like?

The mechanism that establishes computing you can trust is not any
different from that which regulates a modern democratic society. It
essentially rests on the right to vote, associated with access to
objective information. Free/libre software, which, in a global computer
base dominated by Microsoft, is gathering momentum, is the only one to
follow these principles: its code is accessible to everyone and its
modifications are collectively decided on by a community of
developers. The installation of a backdoor by the NSA within the source
code of a free program is theoretically not impossible, but it will
always remain much less likely than it would be within a proprietary
program, whose code is kept secret.

Ensuring the integrity of our IT systems is the first step, and the most
vital one, by far, for the preservation of our privacy. Because, as
Edward Snowden himself admitted in a recent chat with the Guardian
readers, “Encryption works [...]. Unfortunately, endpoint security is so
terrifically weak that NSA can frequently find ways around it.” It is
thus useless to encrypt an email during its routing from A to B, if A
and B are proprietary systems that do not offer any guarantee against
the intrusion of a third party...

The Web is 25 years old, personal computing is 30. Not without a certain
nostalgia, we can consider the previous generation, ours, as the
adolescence of IT, an era in which the profusion of invention, and the
novelty of the procedures perhaps allow one to understand —if not
excuse— the disorder that prevailed where basic freedoms and consumer
rights were concerned.

In those heroic days, the big software and Web-industry bosses advocated
—with a straight face— autoregulation (sic) of the field, in order, so
they said, “not to stifle the creativity of this fledgling
industry”. The bitter fruits of this “autoregulation” can be harvested
today in the Snowden files, the most gigantic undertaking for
record-keeping and surveillance of ordinary citizens ever seen on this
planet, bar none, including the KGB. Thus, a quarter of a century after
the fall of the Wall, one may wonder in favour of which model of a
society it fell: democracy or Orwellian police state?

If Edward Snowden is teaching us anything, it is that it is high time
that we regain control of our computing. The ball is in our court: we
can either ignore the warning that he has just sent us at the cost of
putting his life in jeopardy, or we can start a new, more adult,
relationship to our computing than that of passive consumer. A
relationship of trust. Trusting would mean, for instance, knowing in
real time with whom our computer is communicating, and why.

Free software alone is able to present arguments to guarantee this
confidence pact with the user/citizen. Free software alone provides
total transparency of its inner workings, and this transparency is
certified by permanent auditing by its community of users and
developers. No proprietary software program, whose source code is
concealed, can, by definition, offer the same guarantees. Free Software,
while not the definitive solution to this problem, is nevertheless an
essential building block in the fight for user freedoms.

That said, technical solutions have their limits. What we need is
political awareness, both at the governmental level and at the
individual level. This choice is going to require some efforts from each
of us: proprietary software programs have for years aimed to infantilize
our relationship with IT, on the assumption that the less we knew, the
more we would behave like captive customers. Regaining control of one's
computing is not easy, but it is an essential civic initiative. Everyone
should try to give priority to free software.

It is also up to us to make our elected officials more aware of this
choice for free and honest computing, so that they might support
initiatives like that of the French Gendarmerie, which migrated all of
its IT equipment to free software as early as 2002, as opposed to ones
like that of the French Air Force, which just renewed a one-sided
contract with Microsoft, under conditions that were opaque, to say the
least.

Richard Matthew Stallman, who launched the free software movement in
1983, has stated: “I am often asked to describe the ‘advantages’ of free
software. But the word ‘advantages’ is too weak when it comes to
freedom.” It seems to us that this is the most important lesson that
should be drawn from Edward Snowden's heroic deed.

All the best,
Fred.




More information about the A2k mailing list