Berlin, 2011-12-12

A Seal to Protect Our Devices

i see a general trend where our own devices are more and more subverted away from us on an operating system level:

this technological shift to the "right" isn't just empowering totalitarian states. it is opening up an opportunity for any country to turn into a totalitarian state.

mass surveillance that cost the GDR or the soviet union immense investments in human resources can be automated these days and return much more accurate data at the flick of the wrist. we're just lucky fascism isn't in vogue now, at least not as much as in the 30s.

we need to make sure our technology is working for us. it's not enough to install our own social tool, the foundation needs to be fixed. for PCs there is Linux. for mobile phones some systems are in the making, that can be flashed onto them.

but that isn't enough, because if a bunch of activists install open source operating systems on their mobile phones they don't fix democracy, they just put themselves in front of the viewfinder along with the criminals.


i think we have 2 options:

that is, we require

  1. the operating system and pre-installed software of a device, let's call it the "package," to always be available in open source in its entirety; documented and published with a name, version number and unique digital checksum and delivered along with the device on a driver cd/dvd or other standard storage medium. additionally the package can be retrieved anonymously from the internet.
  2. if the hardware components contain any algorithmic functionality the system depends upon for completeness, it's operation and source code must be documented within the package defined above.
  3. easy free software tools available that allow anyone to reflash their own devices. 'software warranty' is only broken if they put an inofficial OS onto their devices.
  4. 'physical warranty' is guaranteed even if the user has chosen to run a modified operating system.
  5. a virtual seal using the mathematical checksum of the OS version that proves the contents of the memory of the device conforms to the OS version delivered along with it.
  6. a physical seal applied to the wrapping of the device by an independent authority after checking the virtual seal.

we especially require that above points are met for all machines in governmental use. every citizen shall have the right to inspect the source codes of the devices that handle her or his data (although only people with sufficient competence are expected to do so representatively for the general population) and by examining the physical seal be reassured that the data will encounter its correct treatment.

but going back to popular electronics, with these principles at hand the population can be reassured, they are buying technology that actually belongs to them and doesn't spy on them. except this still doesn't address the problems of privacy and surveillance introduced by lack of encryption technologies and overuse of client-server models. these can be addressed within the development process of open source operating systems.

i think i will introduce this into the pirate party legislation process. maybe in several years we'll have one or two countries that actually pass such legislation.

from a technological point of view it's not a big stretch to go open source for companies. android is basically linux while macosx is a BSD unix derivate. i think we have given those companies enough opportunity to earn money from open source - it's about time they give something back.

yes, the price of mobile phones will rise in consequence of this, but i think this is the wrong product to buy in a dollar shop.


My pages.

Go have a chat.
Use Tor.
Use IRC.
Use IRC over Tor.

But, if you already sold your
soul to the surveillance
market, you can . . .  

Tweet this.
Share on Facebook.
Stumble upon this.
Find it delicious.
Digg this.

Follow tweets in
Deutsch, Italiano
and English.

Follow on Facebook in
Deutsch, Italiano
and English.

CC-BY-SA, carlo von lynX