Escolar Documentos
Profissional Documentos
Cultura Documentos
PrivacyInaDigitalAge:FinalPaper
WhyFreeOpenSourceSoftwareistheBestChoiceforMaintainingUserPrivacy
Inthelastfewdecades,weveseenexplosivegrowthintechnologyrivalingthatofany
erainhumanhistory.Withtheriseofthecomputer,theenvironmentinwhichmankindlivesand
workshaschangeddrastically.Computershavehadanundeniablypositiveimpactonthe
efficiencywithwhichwework,andtheinterconnectednessoftodayssociety,butwiththese
benefitscomemajordrawbacks.ThroughtheserviceslikeGoogleandFacebook,weregiving
upourpersonaldatainexchangeforconvenience12.CertainoperatingsystemslikeWindows
10automaticallycollectinformationaboutwhatyoudoonyourcomputer3.Evensomesoftware,
liketheChinesewebbrowsersBaiduBrowser4andQQBrowser5 ,havefunctionalitytomonitor
thestateofyourPCandsendittothirdparties.Unfortunately,somuchofourmoderncomputer
useiscenteredaroundclosedsource,corporateorgovernmentcontrolledsoftware,leavingus
powerlesstochangewhatinformationiscollectedaboutus.Shortofnotusingthesoftwareand
losingthebenefitsthatitimpartstous,theusersprivacyisentirelyincontroloftheseentities.
Fortunately,thereexistsaclassificationofsoftwarethatisfreefromthesecontrolling
influences.FreeOpenSourceSoftware(orFOSS),issoftwarethatscommunitydevelopedand
TheAtlantic:FacebookIsExpandingtheWayItTracksYouandYourData:
http://www.theatlantic.com/technology/archive/2014/06/facebookisexpandingthewayittracksyouandyo
urdata/372641/
2
Salon:4waysGoogleisdestroyingprivacyandcollectingyourdata:
http://www.salon.com/2014/02/05/4_ways_google_is_destroying_privacy_and_collecting_your_data_partner
/
3
Computerworld:
Windows10makesdiagnosticdatacollectioncompulsory
:
http://www.computerworld.com/article/2968288/microsoftwindows/windows10makesdiagnosticdatacolle
ctioncompulsory.html
4
CitizenLab:BaidusandDonts:PrivacyandSecurityIssuesinBaiduBrowser:
https://citizenlab.org/2016/02/privacysecurityissuesbaidubrowser/
5
WashingtonPost:ThisChinesebrowsergathersacrazyamountofyourdataandthenstoresitunsafely:
https://www.washingtonpost.com/news/worldviews/wp/2016/03/28/chinesebrowsergatherspathologicallev
elofpersonaldataandthenstoresunsafelystudyfinds/
controlled,existingasasortofdemocraticalternativetotheautocraciesofcorporateand
governmentcontrolledsoftware.FOSSisdesigned,writtenandmaintainedbythecommunity,
freeingitfromthecontrolofcorporateentitiesandgovernments.Itsfullytransparent,anyuser
canlookintothesourcecode(theinternalworkingsofthesoftware)toseeexactlywhatthe
programisdoing,andwhy.Finally,becauseFOSSisfreeandoftenredistributable,itmitigates
anumberofbarriersofentrythatusersmightencounterwhentryingtoprotecttheirprivacy.
TechnicalBackground:
Inordertoeffectivelyunderstandthispaper,firstwemustcoveranumberoftopics
crucialtounderstandingtheFOSSmovement.Wellstartoffbydefininganumberofkeyterms.
An
operatingsystem
isacollectionofbaselinesoftwarethatyouneedtouseacomputer.
WindowsbyMicrosoft,andOSXbyApplearebothoperatingsystems.Aprograms
sourcecode
isahumanreadableversionofacomputerprogram.Whensomeonecreatessomethingtorun
onacomputer,theywritesourcecodetodescribeexactlywhattheprogramdoes.Ifthesource
codeismodified,aprogrammercanchangewhattheprogramdoes.Tocontrastthis,most
programsthesedaysaredistributedintheformofa
precompiledbinary.
Thisistheresultofa
processcalledcompilation,whichtakesthesourcecodeofaprogramandturnsitintosimple
instructionsthatthecomputerexecutes.Thesekindsoffilesarenothumanreadable,soitsnot
feasibleforapersontodeterminewhataprogramdoesbyreadingthebinaryfiles,letalone
changetheprogrambymodifyingthem.
OpenSource
iswhenaprogram'ssourcecodeis
availabletousersoftheprogram.
FreeOpenSourceSoftware
issoftwarethatisfreetouse,
andoftenfreetodistributeandmodify.Inthispaper,whenreferringtoFreeOpenSource
Software,itshouldbeassumedthatIamreferringtosoftwarethatisfreetouse,modifyand
redistributeinallsituations.
ABitofHistoryonOpenSourceSoftware:
TheOpenSourcesoftwaremovementasitexiststodayhasitsoriginsintheearly80s.
Atthetime,AT&TownedandlicensedanoperatingsystemcalledUNIXthatwaswidelyusedin
academiccircles,eventuallygrowingintocommercialusebecauseofitsacademicprevalence6.
Unfortunately,thesoftwarewasproprietaryandunderthecontrolofAT&T,whorestrictedthe
sourcecodeandcollectedlicensingfeesforitsuse7.In1983,RichardStallmanfoundedthe
GNU(GNUsNotUnix)Projectinordertocreateafree,communitycontrolledversionofUnix.In
1985hepublishedtheGNUManifesto8 ,which,amongotherthings,outlinedhisreasonsfor
creatingtheproject.Stallmancitesprimarilyhisdesireforuserstobeabletocontrolthe
softwarethatrunsontheircomputers,andultimatelytoimprovethestateoftheprogramming
artthroughtheeliminationofredundantwork.By1991,TheGNUprojecthadalmostcompleted
theirgoal.Thelastpiece,akeycomponentcalledthekernel,wasincomplete9 .Aroundthe
sametime,asoftwaredevelopernamedLinusTorvaldsstartedworkononesuchkernel.
LinusskernelwaseventuallycombinedwiththeotherGNUutilities,spawninganoperating
system.Thisoperatingsystem,anditsderivatives,commonlyreferredtocollectivelyasLinux,
havegrowntobecomesomeofthelargestandmostpopularopensourceprojectstoday.
GooglesAndroidoperatingsystemusesaderivativeoftheLinuxkernel10,andapproximately
35%ofallserversontheinternetrunsomeversionoftheoperatingsystem11.Linuxisacase
TheUnixSystemHistoryandTimeline:
http://www.unix.org/what_is_unix/history_timeline.html
WhyOpenSourceSoftware/FreeSoftware?Lookatthenumbers!:
http://www.dwheeler.com/oss_fs_why.html#history
8
TheGNUManifesto:
http://www.gnu.org/gnu/manifesto.en.html
9
HistoryofUNIX,Linux,andOpenSource/FreeSoftware
http://www.dwheeler.com/secureprograms/SecureProgramsHOWTO/history.html
10
AndroidAZ:WhatistheKernel?:
http://www.androidcentral.com/androidzwhatkernel
11
UsageStatisticsandMarketShareofUNIXforWebsites(Authorsnote:thepagetitleisdeceptive,
w3techsreferstoall*nixsystemsasUNIX):
http://w3techs.com/technologies/details/osunix/all/all
7
studyintheviabilityofFOSS,andIllrepeatedlyrefertoitthroughoutthispaperastheshining
exampleofcommunitycollaborationandtechnologicalfreedomthatitis.
TheQuestionofControl
Ingeneral,oneofthegreatestbenefitsofFOSSisthat,duetothefactthatitsoften
communitycreatedandcontrolled,itsmorefreefromcorporateandstateinfluencethan
softwarecreatedandmaintainedbythosegroups.Thisextendstoprotectpersonalprivacyina
fewways.Thislessenedstateandcorporateinfluenceminimizesincentivestoviolateuser
privacyinexchangeformonetarygain,orindefenseofpublicsafety.Lastly,thefactthatthe
creatorsofthesoftwarewillveryoftenbeusingthesoftwarethemselves,thereexistsapositive
incentivefordeveloperstocreatethemostsecuresoftwaretheycan.
Databrokering,thebuyingandsellingofuserspersonaldata,isa$200Billionindustry12
.In2014,Facebook,whotargetsadvertisementsbaseduponinformationcollectedfromusers,
made$2.96Billioninadvertisingrevenue13.Withthissortoffinancialincentive,onecanreadily
expectthatcorporationsarelookingtoexploitthisemergingmarket.Evenwhencompanies
promisenottosellyourdatatomarketers,thatsnoguaranteethatyourpersonalinformationis
safe.RadioShack,anelectronicsstore,collectedcustomernames,phonenumbers,and
addresses,buttheirprivacypolicystatedthattheywouldntsellthedata.However,intheir
bankruptcyproceedings,theylistedthosecustomerdatabasesinthelistofassetstheywere
auctioningofftopaytheirdebts14.Intheend,mostofthisdatawasdestroyedratherthansold,
butaccordingtoCNNMoney,thecourtcouldhaveallowedthesaleofthedatadespitethe
12
Pando:WhatSurveilanceValleyKnowsAboutYou:
https://pando.com/2013/12/22/apeekintosurveillancevalley/
13
VentureBeat:Facebook'sQ3adrevenuehits$2.96B,with66%comingfrommobile:
http://venturebeat.com/2014/10/28/facebooksq3adrevenuehits296bwith66comingfrommobile/
14
Bloomberg:RadioshacksBankruptcyCouldSellYourDatatotheHighestBidder:
http://www.bloomberg.com/news/articles/20150324/radioshacksbankruptcycouldgiveyourcustomerdat
atothehighestbidder
promisesthatRadioShackhadpreviouslymadetocustomers15 .Inordertobeincomplete
controlofonespersonalinformation,ausercouldmakeeffortstoreplaceproprietarysoftware
andservicestheyusewithFOSSalternatives.WhileGooglecollectsinformationfromtheir
onlineservices,ausercouldinsteadinstallandusetheirownversionoftheFOSSOwnCloud16,
acommunitydriven,OpenSourcesoftwaresuitethatperformsmanyofthesamefunctions,
withouthavingtoexposepersonalinformationtosomecorporatethirdparty.
Corporatedatacollectionisnttheonlythreattotheuserspersonalprivacy.Data
collectionbythestatehasthepotentialtobesignificantlymoredamagingtoauserslifethan
corporatedatabrokering,becauseoftheextralegalpowersthestatehasoveritscitizens.
EdwardSnowdens2013leaksaboutthePRISMprogram17demonstratetheeffortsthat
governmentswillgothroughinordertocollectinformationontheirowncitizens.ThePRISM
programcollectedinformationfromamultitudeofonlineservices,suchasMicrosoftsHotmail
andGooglesGmailservices.WhiletheStoredCommunicationsAct18 stillrequiresthe
governmenttohaveawarranttoaccessthecontentofEMailsbetweenUScitizensnewerthan
180days,theNSAwasstillabletocollectmetadata19 aslongascommunicationswithatleast
onecommunicantoutsidetheUnitedStatesorforwhichnocommunicantwasknowntobea
citizenoftheUnitedStates20.ThissurveillancebehaviorisntexclusivetotheUSgovernment
either.TheChineseversionofSkype,knownasTOMSkype,wasfoundtoautomaticallycensor
messagescontainingcertainkeywords,aswellasforwardacopyofthemessagetoChinese
15
CNNMoney:RadioShacksaleprotectsmostcustomerdata:
http://money.cnn.com/2015/06/10/news/companies/radioshackcustomerdatasale/
16
"OwnCloudWebsite."
OwnCloud
.Web.27Apr.2016.
http://www.owncloud.com/
17
TheVerge:EverythingYouNeedtoKnowAboutPRISM:
http://www.theverge.com/2013/7/17/4517480/nsaspyingprismsurveillancecheatsheet
18
StoredCommunicationsAct:
https://www.law.cornell.edu/uscode/text/18/2701
19
MetadataisdataregardingtheEMail,notincludingthecontentoftheEmailitself.Examplesofmetadata
canincludethesender,otherrecipients,whentheEmailwassent,andmore.
20
TheRegister:
SenatevotestocontinueFISAdomesticspyingthrough2017:
http://www.theregister.co.uk/2012/12/29/senate_fisa_extension_vote/
Governmentservers21.WhenusingFOSSliketheaforementionedOwnCloud,auserisoftenin
completecontrolofthesoftwareinstallation,protectingagainstunnotified,unauthorizedaccess
bystateagencies.Inorderforausertoensurethattheirchatmessagesarentbeing
intercepted,ausercoulduseanynumberofFOSSclientsthatcommunicateovertheopen
sourceToxprotocol22,asystemofcommunicationthatfeaturesfullendtoendencryption.
ExamplesofsuchclientsareToxandqTox,bothofwhichareFOSS.Whenusingthese
communitydevelopedclients,userscanbeassuredthattheywerentdevelopedbya
corporationlegallyforcedtocomplywithstateregulation.
Lastly,perhapsthemostpowerfulbenefitofthecommunitycontributedaspectofFOSS
isthefactthatthedevelopersofthesoftwareareoftenthesamepeoplewhousethatsoftware
daytoday.ManyFOSSprojectswerestartedbecausesomeuserneededatool,andthetool
wasntavailable.Infact,RichardStallmansGNUproject,mentionedintheintroductionofthis
paper,wasinpartstartedbecauseofStallmanslackofsubstantiveaccesstothesoftware
controllingaprinter23.Thisstakeholderstatusmeansthatsoftwaredevelopersaredeveloping
thekindofsoftwaretheywouldwanttouse,withouttherestrictionsofcorporatefeatureorlegal
requirements.Assuch,thereisamultitudeofFOSSthattakesimportantstepstoprotectuser
privacyandsecurity.
21
Bloomberg:CrackingChinasSkypeSurveillanceSoftware:
http://www.bloomberg.com/news/articles/20130308/crackingchinasskypesurveillancesoftware
22
Wired:OutintheOpen:HackersBuildaSkypeThatsNotControlledbyMicrosoft:
http://www.wired.com/2014/09/tox/
23
I(Stallman)hadalreadyexperiencedbeingonthereceivingendofanondisclosureagreement,when
someonerefusedtogivemeandtheMITAILabthesourcecodeforthecontrolprogramforourprinter
,
undertheheadingAStarkMoralChoicefromanarticleontheGNUwebsite:
http://www.gnu.org/gnu/thegnuproject.en.html
PrivacyProtectionsThroughTransparency
BecauseoftheOpenSourcenatureofFOSS,itsverydifficulttohideanythingthatthe
softwaredoesfromthecommunitythatusesit,asthecodeisconstantlybeingreviewedbythe
communitydevelopers.Thisextremetransparencyhasanumberofpositiveimpactsonthe
privacyoftheenduser.Mostdirectly,itpreventsthemakerofthesoftwarefromgathering
informationfromtheuserswithouttheusersknowledge.Thetransparentnatureofthesoftware
alsomakesthesoftwaremoresecure,astheconstantcodereviewperformedbythecommunity
resultsinsecurityflawsbeingpromptlydiscoveredand,moreimportantly,fixed.
Whilecurrentlymostsoftwareandserviceswilldisclosetheinformationtheycollecton
theirusersthroughtheprivacypolicy,suchpoliciescanbelengthy,difficulttoread,andplaced
inobscurelocations 24.Tomakethingsworse,certainpoliciesareambiguousaboutthetypeof
informationtheycollect.TheChineseBaidubrowserpolicy25 simplystatesthatBaidumay
collectyourpersonalinformationwhenyouvoluntarilyopttouseourservices,programsor
provideuswithyourpersonalinformation,failingtomentionexactlywhattypesofinformationis
collected.ArecentCitizensLabstudy26revealedthetypeofinformationcollected,which
includeseverythingfromyoursearchtermsandbrowserhistory,toyourMACaddressandhard
driveserialnumber.Thelattertwopiecesofinformationarentdirectlynecessaryforthe
operationofatypicalwebbrowser,andcouldbecauseforconcernamongprivacyadvocates.
Asanalternativetoclosedsource,proprietarybrowserslikeBaidu,InternetExplorer,and
24
Mcdonald,AleeciaM.,RobertW.Reeder,PatrickGageKelley,andLorrieFaithCranor."AComparative
StudyofOnlinePrivacyPoliciesandFormats."PrivacyEnhancingTechnologiesLectureNotesinComputer
Science(2009):3755.Web.
25
BaiduBrowserPrivacyPolicy:
http://en.browser.baidu.com/policy.html
26
CitizenLab:
BaidusandDonts:PrivacyandSecurityIssuesinBaiduBrowser
:
https://citizenlab.org/2016/02/privacysecurityissuesbaidubrowser/
others,ausercouldoptforFOSSlikeFirefoxorChromium,bothbrowsersthathavebeen
praisedfortheirprivacyfeatures27 .
PrivacyandSecurityareintrinsicallylinked.Databreachesarefairlycommononthe
internet,andoftenexposethepersonalinformationofthousandsofusers.Adobes2013breach
of153millionusers,theFebruary2016Mate1breachof23millionusers,theOctober2015
hackoftheTelephonycompanyTalkTalk,thelistgoeson.Thesebreachesexposeduser
EMailaddresses,passwords,andsometimesevenbankinginformation,leavingthoseusers
susceptibletofurtherbreachesintheirpersonalprivacy.Thesecountlessexamplesserveto
provehowimportantmaintainingpropersecurityistoprotectinguserprivacy.Securityholes
arentexclusivetolargeonlineservices,either.ThecybersecurityfirmTrendMicrorevealed
vulnerabilitiesinApplesproprietaryQuickTimemovieplayer,andsinceAppleisnolonger
providingsecurityupdatestothatsoftware,thevulnerabilitiesarelikelytogounpatched28.Near
theendofWindowsXPssupportlifecycleinearly2014,around18%ofcomputersintheworld
stillusedthesoftware29.Despitethisstatistic,Microsoftrefusedtopatchcriticalsecurity
vulnerabilitiespastApril8th,201430.Bothofthesedemonstratetwokeypointssupporting
FOSS.Firstofall,thesebugswerentdiscoveredinternally.TheQuickTimebugswere
discoveredbyanexternalsecurityfirm,andtheWindowsXPIEbugwasdiscoveredbya
Googleemployee.Despitethequalityassuranceteamsthatworkedonbothsoftwares,thebugs
stillmanagedtoslipthrough,onlytobecaughtbythecommunity.Secondarily,bothbugs
continuetobeunpatched.Thefirstpointdemonstratestheonlinecommunityspropensityfor
27
Lifehacker:WhichBrowserisBestforPrivacy?:
http://lifehacker.com/whichbrowserisbetterforprivacy1525895782
28
AppleQuicktimeVulnerabilities:
http://arstechnica.com/security/2016/04/applestopspatchingquicktimeforwindowsdespite2activevulner
abilities/
,
29
WindowsXPUsageStatistics:
http://gs.statcounter.com/#desktoposwwmonthly201402201402bar
30
WindowsXPInternetExplorerVulnerabilities:
http://www.computerworld.com/article/2489407/malwarevulnerabilities/microsoftstickstovowleavesxpe
xposedtoongoingattacks.html
bugfinding.TheFOSScommunityleveragesthistoeliminatebugsintheirsoftware.Services
likeBountysourceevenallowuserstopostmonetarybountiesonbugstheydlikefixedor
featurestheydlikeadded,allowingcommunitycontributorstoreceivemonetarycompensation
fortheirvaluableeffort.Asforthesecondpoint,accordingtoasurveyreferencedbyCIO,the
averageproprietarysoftwarebugtakesabout7daystoberesolved.Tocontrastthis,thesame
articlestatesthatabout40%ofbugsinFOSSarepatchedinabout8hours31.Thepromptness
andvigilancewithwhichtheFOSScommunityfixesbugsnotonlymakesthesoftwarebetterto
use,itmakesitmoreprivacyfriendlybecauseofthedecreasednumberofsecurityflaws.
FOSS:Accessibleforeveryone.
Finally,FOSSisthebestoptionforprotectingusersprivacysimplybaseduponhow
accessibleitis.AlargenumberofFOSSprojectsarereleasedunderlicensesthatguarantee
userstherighttofreelymodifyandredistributethesoftware,insteadofthesoftwarebeing
ownedbysomecorporateentity.Thisstyleoflicensinghasanumberofbenefits.Firstofall,it
reducesfinancialbarriersofentryforusingthesoftware.Usersdonthavetopurchaselicenses
orsubscriptionstouseFOSS,allowingthemtouseprivacyfriendlysoftwarewithminimal
financialinvestment.Secondarily,ifthereevercomestopassalegalenvironmentthatisnt
privacyfriendly,thepotentialfordecentralizeddistributionofFOSSmeansthatprivacytoolswill
stillbeavailabletothosewhoneedthem,regardlessoftheeffortsofthestate.
AcommontoolthatmanyusersusetoprotecttheirprivacyissomethingcalledaVPN
(VirtualPrivateNetwork).AVPNtakesallofyourcomputersnetworktraffic,encryptsit,making
itunreadableforanyoneinterceptingthetraffic,andsendsittoanotherlocation,whereits
decryptedandmadereadableagain.Theyreoftenusedtoaccessworknetworksfromoutside
31
ProprietarySoftwareBugfixtimevsFOSSfixtime:
http://www.cio.com/article/2374313/developer/enterprisedevelopersprogrammingspeedchecktimetofix
bugsnotsofast.html
theoffice,buttheyarealsousedtoprotecttheusersinternettrafficfrombeinginterceptedby
otherpeopleontheusersnetwork.Assuch,theyareavaluableprivacytoolforuserswho
oftenusepublicnetworks,likecoffeeshopsorbusWiFi.Unfortunately,operatingaVPN
requiressoftwarerunningonthelocationwherenetworktrafficisdecryptedandforwardedto
theinternet.ThereareonlineVPNproviders,butthisisoftenasubscriptionservice,requiring
theusertopaysomeamountofmoneypermonthtomaintaintheirVPNaccess.Whilethere
arefreeservices,thesavvyconsumerhastowonderexactlyhowthoseservicesmakethe
moneytomaintaintheirservers.Luckily,thereisaFree,OpenSourceSoftwarealternative:
OpenVPN.OpenVPNcanrunonanynumberofthings,fromyourrouter32,toanolddesktopPC
33
,toevena$35minicomputer34.BymaintainingtheirownOpenVPNserver,ausercanavoid
monthlyfees.Thismeansthatusersthatmaynothavebeenabletoaffordtheservicesofa
VPNcanstillprotecttheirprivacy.
Encryption,aprocessusedthroughouttheentiretechnologyworldtoprotectbank
transactions,medicalinformation,andotherpersonalinformationfrombeingdisclosedto
unauthorizedparties,hasbecomeahotpolicytopicinrecentyears.Prominentnewssources
areassociatingencryption35 withterrorism36 andworldleadersarelookingtobanorweakenit37,
prominenttechnologycompanieswarnagainstthedangerofweakeningencryption 38.Inearly
32
OpenVPNonyourrouter.Warning:Requirescustomfirmware:
http://www.howtogeek.com/64433/howtoinstallandconfigureopenvpnonyourddwrtrouter/
33
InstallingOpenVPNonaWindowsPC(ClientandServer):
https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
34
RaspberryPiOpenVPNInstall:
http://readwrite.com/2014/04/10/raspberrypivpntutorialserversecurewebbrowsing/
35
WSJ:FBIStymiedbyIslamicStatesUseofEncryption,DirectorSays:
http://www.wsj.com/articles/fbistymiedbyislamicstatesuseofencryptiondirectorsays1447866592
36
CNN:Parisattackerslikelyusedencryptedapps,officialssay:
http://www.cnn.com/2015/12/17/politics/parisattacksterroristsencryption/
37
Wired:NoUturn:DavidCameronstillwantstobreakencryption:
http://www.wired.co.uk/news/archive/201507/15/cameronbanencryptionuturn
38
TheGuardian:Apple,GoogleandMicrosoft:weakeningencryptionletsthebadguysin:
https://www.theguardian.com/technology/2015/nov/23/applegooglemicrosoftweakeningencryptionbackd
oors
april,SenatorsDianneFeinstein(DCA)andRichardBurr(RNC)introducedadiscussiondraft
ofabillcalledTheComplianceWithCourtOrdersActof201639.Itstatesthat
allprovidersof
communicationsservicesandproducts(includingsoftware)shouldprotecttheprivacyofUnited
Statespersonsthroughimplementationofappropriatedatasecurityandstillrespecttheruleof
lawandcomplywithalllegalrequirementsandcourtorders
.Itgoesontorequirethat
a
coveredentitythatreceivesacourtorderfromagovernmentforinformationordatashall(A)
providesuchinformationordatatosuchgovernmentinanintelligibleformator(B)provide
suchtechnicalassistanceasisnecessarytoobtainsuchinformationordatainanintelligible
formatortoachievethepurposeofthecourtorder
.Inshort,thisessentiallyrequires
companiesthatmakecommunicationssoftwareordevicestobuildbackdooraccessintoallof
theirproducts,sothatthegovernmentcanaccessthemwiththeproperwarrant.Thebillhas
beenhighlycriticizedbyprivacyadvocates40,andisntlikelytopassduetoalackofwhitehouse
support41,butitisntentirelyinconceivablethatsimilarlegislationmaypassinthefuture42.Inthe
casethatitdoes,usersofFOSSarelikelytobesignificantlybetterprotectedthanthoseusing
corporatecontrolled,proprietarysoftware.TherealreadyexistFOSSencryptionsolutionslike
GnuPG43forencryptingEmails,orLUKS44forencryptingharddrives.SinceFOSSis
encouragedtobemodifiedanddistributedbythecommunity,itsnotlikelythattheUnited
StatesGovernmenthasanypracticalwaytoenforcetheirencryptionregulations.Thetypical
strategyoffinesandlegalactionwouldbeineffectiveagainstalarge,geographicallydisparate,
39
FullTextoftheBill:
https://cryptome.org/2016/04/burrdecryptdraft.pdf
Wired:TheSenatesDraftEncryptionBillIsLudicrous,Dangerous,TechnicallyIlliterate
https://www.wired.com/2016/04/senatesdraftencryptionbillprivacynightmare/
41
Reuters:WhiteHousedeclinestosupportencryptionlegislation:
http://www.reuters.com/article/usappleencryptionlegislationidUSKCN0X32M4
42
Wired:WhiteHouseSilenceonanAntiEncryptionBillMeansNothing:
http://www.wired.com/2016/04/dontreadwhitehousesilenceencryptionbill/
43
GnuPGWebsite:
https://www.gnupg.org/
44
LUKSWebsite:
https://guardianproject.info/code/luks/
40
andoftenpseudonymousdevelopmentcommunity,especiallysincetherewouldbeagood
chancethatsomeofthedeveloperswouldbeoutsidetheUSentirely.
SomeConcernswithFOSS
Despiteallthesebenefits,FOSSisntperfect.However,noteveryconcernexpressed
aboutFOSSislegitimate,andagooddealofthemcanbemitigatedifthepropermeasuresare
taken.Somesuchconcernsare:WhetherFOSScanevenbesecurewhenthesourcecodeof
thesoftwareisfreelyavailable,theideathatFOSSismoredifficulttousethanproprietary
alternatives,andconcernsaboutstagnationindevelopmentduetoalackofprofitmotive.
Thefirstoftheseconcerns,thatsoftwarecantbesecureifitsOpenSource,assumes
thatallsecuresoftwareoperatesontheconceptofSecurityThroughObscurity.Security
throughobscurityattemptstomakesoftwaresecurebyrelyingonthefactthatoutsidersdont
knowhowthesoftwareworks45 .Forexample,beforeencryption,militariesoftencommunicated
incodethroughthingscalledclassicalciphers46 .Ciphersfunctionbyreplacinglettersina
messagewithotherlettersornumbers.Theproblemwithusingthiskindofsecurityisthat,as
soonastheinnerworkingsofacipheraremadepublic(forexample,whichletterscorrespond
towhichnumbers),thecipherbecomesuseless.Asimilarthingcanbesaidforsoftware.If
softwarereliesentirelyonsecuritythroughobscurity,assoonastheinnerworkingsofthe
softwarearerevealed,thesoftwareisinsecure.Modernsoftwaredevelopmentinsteadrelieson
strongencryptionmethodslikePGP,RSA,AES,andmore.Everysingleoneofthese
algorithmsisextensivelypublicised,anypersoncangointheinternetandreadexactlyhow
theywork.Insteadofrelyingonsecuritythroughobscurity,thesemethodsusemathematicsto
45
Whatissecuritythroughobscurity?:
http://users.softlab.ntua.gr/~taver/security/secur3.html
PracticalCryptography:Whatsasimplecypher?
http://practicalcryptography.com/ciphers/classicalera/simplesubstitution/
46
transformdatafromareadableformat,tosomethingcompletelyunreadableintransit,andback
toareadableformatagain47.Becauseofthesealgorithms,itspossible,andveryadvisable,to
writesoftwarethatremainssecuredespiteitsinnerworkingsbeingcompletelypublic.
Unliketheprevioussecuritybyobscurityconcern,FOSSbeingmoredifficulttousethan
proprietarysoftwareisaveryvalidconcern.Unfortunately,duetothenatureofthecommunity,
FOSSsoftwaretendstorequiremoretechnicalaptitudetousethanproprietaryalternatives.
TakeOwnCloudforexample.IfauserwantstouseGoogleDocs,theysimplynavigateto
Googlessite,clickontheicons,andcanusethesoftwareimmediately.However,Ifauser
wantstheirowninstanceofOwnCloud,thesoftwarehastobeinstalledonaproperly
configuredserver,aprocessinwhichthereareanumberofstepsthatwouldbedifficultfora
nontechsavvyusertoperform.AsimilarsituationistrueforOpenVPN.Thevarious
distributionsoftheLinuxoperatingsystem,despitetheirprivacyandsecuritystrengths,can
sometimesbedauntingforanontechsavvyusertosetup.Inthelongterm,iflesstechsavvy
usersstartgettinginvolvedinusingFOSS,andprovidefeedbacktothedevelopers,this
problemmayresolveitself.Inthemeantime,however,therearesomethingsthatcanbedone
tomitigatethisproblem.Primarily,membersoftheFOSScommunitycanputmoreresources
intocreatingdocumentationreadableforthelayman.FOSSprojectsaregenerallyvery
extensivelydocumented,forexamplethereareextensivemanualpagesforthemajorityof
programsinlinux48.However,thesemanualpagestendtobewritteninlanguagethatsdifficult
fortypicaluserstounderstand.Bywritingdocumentationinsimplerlanguage,FOSSdevelopers
couldmakethesoftwaremoreaccessibleforlesstechsavvyusers.Ifthedocumentationstillis
47
Formoreindepthinformation,read:
ReadWrite:UnderstandingEncryption:HerestheKey:
http://readwrite.com/2013/09/19/keysunderstandingencryption/
48
LinuxCommand.org:ReadingManPages:
http://www.linuxcommand.org/reading_man_pages.php
toodifficulttounderstand,andauserhasexhaustedtheirresourcesinaskingthecommunity
forhelp,thereexistsanentireindustrydedicatedtoprovidingusersupportforFOSS49.RedHat
andCanonicalarebothcompaniesthatfacilitatethedevelopmentofdistributionsofLinux(Red
HatLinux/FedoraLinuxandUbuntu,respectively),andbothcompaniesmaketheirmoneyby
providingsupporttotheusersofthesoftware.ThedistributionsarestillFOSS,buttheusers
havetheoptiontoreachouttothesecompaniesiftheyrequiresupport,andthecompaniescan
helpcreatefreesoftware,whilestillturningaprofit.
Finally,speakingofprofit,therestheassertionthatFOSSisdoomedbecause,without
profittomotivateprogrammers,therewillbealackofgoodprogrammerstoworkonprojects.
StallmanactuallyaddressedthisconcerninhisoriginalGNUmanifesto.Hestatesthat:
Many
peoplewillprogramwithabsolutelynomonetaryincentive.Programminghasanirresistible
fascinationforsomepeople,usuallythepeoplewhoarebestatit.Thereisnoshortageof
professionalmusicianswhokeepatiteventhoughtheyhavenohopeofmakingalivingthat
way
.Over30yearsafterthismanifestowaspublished,thisstatementringstruerthanever.
FOSSprojectscontinuetothrive.Asmentionedearlierinthepaper,Linuxhosts35%ofallweb
servers.ProjectslikeOwnCloud,OpenVPN,OpenOfficeandmorecontinuedevelopment,
addingnewfeaturesallthetime.NewprojectslikeToxappear,solvingnewproblems.FOSSis
aliveandwell.Furthermore,thisproblemisinfactpartiallyresolvedbythesolutiontoour
previousproblem.CompanieslikeCanonicalandRedHatmakemoneyoffofsupportingFOSS.
IfmorepeopleuseFOSS,thenthesecompaniesstandtoprofitmore.Agoodwayofhaving
morepeopleusingFOSS,istocreateFOSSthatmorepeoplewanttouse.Therefore,itsin
thesecompaniesbestfiscalintereststomaketheirrespectiveFOSSprojectsasgoodasthey
canpossiblybe,whichoftenentailshiringdeveloperstoworkonthem.Finally,some
49
PCWorld:HowtogetsupportforOpenSourceSoftware:
http://www.pcworld.com/article/207958/how_to_get_support_for_open_source_software.html
corporationslikeGooglesupportFOSSasawayofimprovingtheirownproducts.Google
maintainsseveralopensourceprojects,liketheAndroidoperatingsystem,albeitunderthe
Apacheversion2.0license,thatallowsforclosedsourcederivativesofopensourceprojects50.
BymakingAndroidopensource,Googlecanmarketphonesthatruntheoperatingsystem,and
getthecommunitieshelpdevelopingit.
Allinall,whileFOSSisntaperfectsolutionforprotectinguserprivacyinourmodern
digitalage,theinherentbenefitsthatcomefromusingFOSSaddsignificantbenefitstousers
thatchoosetouseit.Fromtheadvantagesofavoidingcorporateandstateinfluence,tothe
advantagesofcompletetransparency,tothebenefitsoffreelyaccessiblesoftware.FOSS
provesitselftobethebestoptionforaprivacysavvyuserinourcurrentsurveillanceheavy
society.Furthermore,asmoreandmoreprivacysavvyusersuseFOSS,thecommunityaspect
startstostrengthentheprivacyprotectionsthatFOSSimparts.Becauseoftheblurredline
betweenuseranddeveloper,themoreprivacysavvyusersthereare,themoreprivacysavvy
developerstherearelikelytobe.Usersmaystarttotakemoreproactivemeasurestoprotect
theirprivacy,supportingandcontributingtothesoftwarethatprotectsit.FOSSisthebestoption
forprivacyconscioususers,andiftheycontinuetouseit,itwilllikelyremainthiswayforyears
tocome.
50
Apache2.0License:
http://www.apache.org/licenses/LICENSE2.0