Have Free Software licenses Become More Important Than Human Rights?
The Independent yesterday (16/5/2015) reported that “The British government quietly changed anti-hacking laws to exempt GCHQ and other law enforcement agencies from criminal prosecution, it has been claimed.”1 The Independent’s report goes on to say that “Privacy International launched its challenge [… claiming] that protection provided by warrants signed by a secretary of state under the Intelligence Services Act conflicted with individuals’ right to privacy under the European Convention on Human Rights.” (1)
This is the story that the Government Communications Headquarters (GCHQ) has been taken to court for breaching our European Human Rights while conducting its surveillance activity, while the Conservative Government is now proposing to do away with the UK’s commitment to the European Convention of Human Rights. Handy if you’re a spook!
We’ve known for a long time now that the Security Services have the technical capability to intercept almost all of our communications, all of the time. However, this latest news highlights how any illusion of protection by regulatory or legal means can and will be overturned when it suits the state.
The Internet – Liberty and Control!
At the centre of this issue is the fact that at one and the same time the power of the internet is both to easily distribute information and collect it. It is both a tool that rebalances power away from the traditional gate-keepers of information – corporations and the state – but at the same time it allows corporations and states (which own and control the cables and computers that run the internet) to gather, store and control the use of huge amounts of information, which has massive implications for our political systems.
As the Independent’s article highlights, it is quickly becoming clear that real power lies not in high-faluting concepts such as Human Rights, which can be changed or binned at will, but in the actual control, ownership and technical working of the tools that we use – in this case to communicate.
Enter software licenses!
Richard Stallman and the GPL Free Software License
Software licenses are traditionally thought of as a way to maintain ownership and control of software by those that own it. However, in the early 1980s a computer programmer called Richard Stallman, working at the Massachusetts Institute of Technology (MIT), where he and others routinely wrote and shared computer code to run on the university’s mainframe computers, turned software licensing on its head.
Stallman became increasingly frustrated that much of the code that he had been freely sharing and improving upon was being bought up by companies that started to exercise Copyright control over the code and stop him and his colleagues from improving and sharing the code that they were using.
In practice this meant that Stallman could no longer read the source code, fix it if he found a flaw and improve and share it with his colleagues. In response he wrote a software license that gave away ownership rights and instead protected the user. This license was called the General Public License (GPL), and he started releasing his code under his new license. (2)
Fast track 20 years and the majority of the software that runs the internet, our smart phones, millions of our desktop computers (and a lot of the software that we use on a day to day basis) is software released under Stallman’s GPL, or similar, Free and Open Source Software (FOSS) licenses.
Four Freedoms
Although Stallman foresaw the importance of his license, it is only with the development of the internet in combination with political events of the last decade that its fundamental importance to democracy has become clear to many of us.
“Proprietary software deliberately attacks the social solidarity of your community, by leaving people helpless against it. They can’t change it. They can’t independently verify what it does to them.” – Richard Stallman (3)
Stallman defined free software as:
- The freedom to run the programme, for any purpose.
- The freedom to study how the programme works, and change it so it does your computing as you wish. Access to the source code is a precondition for this.
- The freedom to redistribute copies so you can help your neighbour.
- The freedom to distribute copies of your modified versions to others. By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this. (4)
The power of his GPL FOSS license (and other Free Software and Open Source licenses) is that it codifies these four freedoms and gives away the owner’s Copyright control of the code in order to protect the freedoms of software users. Of course, for the license to be of any practical benefit the software Source Code must be available. One important way that the availability of Source Code is maintained is via peer-to-peer file-sharing networks such as the BitTorrent network. (5)
You Can’t Trust The Network, But Can You Trust Your Computer?
Because, we don’t own or control the cables and computers that make up the Internet’s physical network and we know almost all of our communications are being intercepted, we cannot trust the network.
Even worse, if it was not for the availability of Free and Open Source Software (i.e., software that must allow us access to the Source Code that is is based on) it would also not be possible to know what the software we are running on our computers and other devices is actually doing, which in turn, would mean that it would not be possible for us to choose to secure our communications and other data. (6)
This is not just a theoretical danger, as previously reported by Bella.7 In 2003 Munich City Council initiated a project to switch almost all the city council’s 15,000 computers away from the U.S. based Microsoft Corporation’s propitiatory Windows computer OS, over to the Free Software GNU Linux computer OS. Although there were many factors which contributed to city leaders supporting the switch over, project leader, Peter Hofmann explains that one of the factors was because “At the time [2003/04] there was a lot of discussion about Windows 2000 and the calling home functionality (i.e., sending information back to Microsoft without the computer user’s knowledge). If you asked Microsoft […], ‘which one of your programmes are calling home?’, they said ‘err, yeah, maybe some, or not’. So we didn’t get a clear answer at that time, and we thought there would be a great advantage from a security perspective to using Linux.” (Linux is a Free and Open Source computer Operating System).
Most malicious software (also known as Mal-Ware) appears to us to be innocent or desirable but is actually working to harm the computer user and/or other users on the network.
All proprietary software (i.e., software for which we do not have access to its Source Code) – like the Windows Operating System (OS) – is potentially working in this way. We have no way of knowing.
What We Know
We know that with propitiatory software we have no way of knowing what the software is actually doing and therefore all proprietary software must be suspect.
We also know that all of our communications are likely being intercepted and analysed by GCHQ based in Cheltenham, England, the National Security Agency (NSA) in the US and others.
It is also clear, as previously mentioned, that without Free Software we would have no way of choosing to secure our communications and other data.
Because we have access to software that is licensed and distributed under Free Software licenses, at least in theory we and others can look at it’s source code and make sure it is doing what we think it is doing. We can also combine this with Open Source encryption technology which gives us the potential to secure our communications and other data and keep it safe from the prying eyes of the Security Services or others who would seek to misuse our information or use it to harms us.(8)
Why Worry?
The Security Services’ collection of massive amounts of personal data could be used to manipulate or threaten individuals, especially those in positions of influence. As well as this risk, the macro analysis of all the data that is being collected could also be used to manipulate society and undermine our political systems – for example, by identifying emerging political movements and subduing them before they gain traction. Add to this the fact that some of those within the Security Services have had a track record of abusing their position and powers – not least with the issue of child abuse – things are not looking too good for our political systems while all of our information is flowing around the internet waiting to be collected and analysed. (9)
Time To Act
In the face of the Tories weakening protection against mass surveillance and the fact that the state’s access to massive amounts of personal data threaten our political system it is time that the Scottish Parliament implemented a policy of using Open Source Free software in combination with Free Open Source encryption software to run Scotland’s information infrastructure.
This issue effects all of us and especially those campaigning for political, social and environmental and economic change that potentially threatens the state and corporate interests.
There are a number of groups working for change on this issue including the the Open Rights Group Scotland: https://www.openrightsgroup.org/issues/scotland and the Scottish Green Party: www.scottishgreens.org.uk. However, the issues discussed here have serious implications for other organisations such as the Friends of the Earth Scotland, Greenpeace Scotland, The Radical Independence Campaign. Even organisations such as Citizens Advice, NHS Scotland and Police Scotland, as well as, Scotland’s academic community, should be concerned about the current situation. Of course, all political parties in Scotland – including the Scottish National Party, the Scottish Socialist Party, the Scottish Labour Party, the Lib Dems and the Scottish Conservative Party – should have an interest in improving the situation in order to protect and strengthen our political system.To protect our personal freedom and strengthen and protect our political systems it is time that the Scottish Parliament take action and switch Scotland’s information infrastructure to secure Free and Open Source Software.
Notes
1. The Independent, 15/5/2015: http://www.independent.co.uk/life-style/gadgets-and-tech/news/uk-government-rewrites-surveillance-law-to-get-away-with-hacking-and-allow-cyber-attacks-campaigners-claim-10253485.html
2. GNU General Public License: http://www.gnu.org/copyleft/gpl.html
3. Hacktivist Richard Stallman takes on proprietary software, SaaS and open source: https://gigaom.com/2013/08/06/hactivist-richard-stallman-takes-on-proprietary-software-saas-and-open-source/
4. What is free software?: https://gnu.org/philosophy/free-sw.html
5. BitTorrent: http://en.wikipedia.org/wiki/BitTorrent
6. Can You Trust Your Computer?: http://www.gnu.org/philosophy/can-you-trust.en.html
7. Glasgow City Council’s Budget Cuts: Corporate Profits Or Local Jobs?: https://bellacaledonia.org.uk/2014/11/06/glasgow-city-councils-budget-cuts-corporate-profits-or-local-jobs/
8. The GNU Privacy Guard: https://www.gnupg.org/
9. Monstrous cover-up: How the Liberal party, police and MI5 concealed MP Cyril Smith’s industrial-scale child abuse: http://www.dailymail.co.uk/news/article-2602802/How-Liberal-party-police-MI5-concealed-MP-Cyril-Smiths-industrial-scale-child-abuse.html
If you like Bella Caledonia and want us to continue and develop we need you support – please donate to our appeal fund here – and if you can share the link on Facebook. Thank You.
Open source code allows you to control your costs because the investment is in people rather than paying global software houses whatever they demand for use of their products.
Also,with open source,what you see is what you get and it gives organisations the flexibility to modify it for their specific requirements.
However,usually at some point these programs have to communicate over a network and that is where,it doesn’t matter whether the data is from open source or not,it can be and is collected by the state apparatus for scrutiny.
Regulation should be focused on this area and legal safeguards should apply for individual protection.
Having the state security services acting outside the law is incompatible with a modern democracy which,I suppose,is one of the reasons the Tories want to drag us back to the past where the country was run by an elite for an elite.
The really bad guys know that the state acts in this manner and don’t use the internet for communication,so the question must be to what purpose are the security services collecting all this data?
bringiton: Thanks for your comments. One of the points that I was trying to make is that because we have Free Open Source software along with mature encryption methods we CAN transfer data across the network securely from user to user, if we choose. However, truly secure communications has not been built into the architecture of the internet the minds of users. I agree that metadata is still vulnerable to interception and that ideally we should re-architect the internet to mitigate this danger. As far as I understand, the UK’s physical internet infrastructure has been designed so that most traffic has to pass through a very small number of hubs, making interception and gathering of data very much easier. In some other countries this is not the case i.e., other countries physical internet infrastructure are much more like true networks and less like a series of concentric nodes – presumably this reflects the fact that state surveillance has not been so much of a factor in the evolution of the infrastructure.
Interesting and worrying in equal measures. On a sort of related note, only this morning, I was reading up on Mozilla’s quest to make the entire web run on secure protocols…. http://www.infoworld.com/article/2917575/encryption/mozillas-firefox-https-or-bust.html
I think the rich again have divided us and conquered. Give us a few parties basically squabbling about same old,or new, as a diversion tactic. When the top 2% of world are running everything anyway. This is a token gesture, to make us think we have some control. It’s not going to matter a jot who gets in, still same Eatonion, or fetishism college clones who always “rise to the top “. No that was destiny for the blue blood brigade.They want a new world order and the like. Give arms to other countries to start fights, this getting negative. It’s like an elutio,, they think we can’t see. And don’t talk to them about new money , there even lower.
Some excellent points here, but also a problem:
“In response he wrote a software license that gave away ownership rights and instead protected the user.”
“The power of his GPL FOSS license (and other Free Software and Open Source licenses) is that it codifies these four freedoms and gives away the owner’s Copyright control of the code in order to protect the freedoms of software users.”
Developers who license their work under the GPL and similar licences aren’t giving up their copyright control, they’re stating the conditions under which copying and distribution of their software is allowed. Without copyright* these conditions would be toothless: it is copyright that enables developers to enforce them, when third parties distribute modified versions without source code for example.
Cameron and May have talked about the unacceptability of encrypted communication, so aside from the above issue, this is a good and important piece.
* Other approaches are possible, but within existing legislation copyright is the tool that allows the GPL to provide and protect the four freedoms.
FlimFlamMan: Thanks for your correction and comments.
It’s like the state insisting that they have the right to open all our postal mail for investigation when the really bad guys are using carrier pigeons.
Pointless and since the state operators are not stupid,what is the real motive and objective?
@bringiton. What do you think the states motives and objectives are?…….is it speeding camera boxes without the film …….. Making us all keep to the speed limit …….making us all think Big Bros is watching so net users “behave” themselves?
Clydebuilt: The spectre of mass surveillance can produce self censorship. However, the Snowden revelations (along with other revelations and information) has allowed us to understand that mass surveillance and analysis is ACTUALLY happening> The motivations for mass surveillance will be many and varied – to protect established powers which I would guess is largely motivated by fear and paranoia.
One possibly useful avenue for exploration could be the physiological impact of the boarding school system and how this psychology is brought in to the workings of institutions : http://www.theguardian.com/society/2014/jul/20/damage-boarding-school-sexual-abuse-children
Thanks Mike…….totally agree ……my analogy wasn’t quite right. Very useful article ……hope our leaders take heed.
it’s worth realizing that the technical and legal approaches to online freedom are complementary and that both are worth pursuing. That’s why it’s good to see that, despite expressing disappointment in the disposable nature of human rights legislation, the author later refers readers to the Open Rights Group. I’d like to take the opportunity to mention the Free Software Foundation Europe (fsfe.org) who also work on a wide range of issues surrounding software and online freedoms.
David Boddie: Thanks for your comments and for mentioning the Free Software Foundation Europe. Do you have any members in Scotland that might be interested in coming together to talk about some of the points raised above?
It looks like there’s a group in Aberdeen: https://wiki.fsfe.org/groups/Aberdeen
There are other groups and individuals that work on Free Software in Scotland who I can perhaps refer you to. Do you have a contact address I can use to contact you off-site?
Hi David, you can get me on Wick, my ID is mikeedwards. Download Wickr for free at http://wickr.com/app.
For what it is worth: “Wickr employs Perfect Forward Secrecy. This means that each message you send has a new encryption key. Keys are deleted immediately when you decrypt the message. Even if a party were able to break ECDH521, they would still not be able to read the message without the unique device because each message is bound to a specific device.”
As a long time user, advocate and author of open source software, I find the problem that usually kiboshes it is that investment decisions are made by bean counters who, because they do not understand the risks involved, think that the low risk option is to go with the herd and buy, invariably, Microsoft. Even though this is usually a much more expensive way of giving away all their corporate jewels. It is the way that gives them the warm feeling that they won’t be out on a limb in terms of support or features.
Why do it ? TO SELL ideas and “products ” to try and CONTROL for the spooks bosses .Silly Billy!
Knowledge for control.
This an interesting related story in today’s Guardian: Microsoft executives telephoned Conservative MPs threatening to shut down a facility in their local area because of planned IT reforms, David Cameron’s former strategy chief has claimed. http://www.theguardian.com/technology/2015/may/22/microsoft-faces-claims-it-threatened-mps-with-job-cuts-in-constituencies?CMP=omgubuntu