FLOSS after Prism: Privacy by Default

The disclosures by Edward Snowden will have a huge impact on our society and by that also on free software. I do not think that we can continue as we used to do, but that we have to adjust our software to fit the new reality, to make our software a true opponent to the surveillance state we live in and to return to 1983.

I have been thinking about what floss can do to protect the people and I want to share my thoughts in a few blog posts. Today I want with this first blog post talk about the fifth freedom:

“The freedom to decide which data is sent to which service”.

As we all know free software offers us the four freedoms. Those are important but they cannot protect the user’s privacy. Unfortunately there is free software out there, which is violating the above fifth freedom. There is software out there which is able to track you, there is software out there which sends all your local search queries to third parties like Amazon, there is software out there which allows to turn your smartphone into a surveillance utility. Thanks to the four freedoms we are able to see that software is doing this but the user has no chance to change it. Yes the four freedoms allow a user to modify the source code, but in practice a user normally cannot do that. Even users who are skilled can only protest.

I know that many users think that it doesn’t matter, because they have “nothing to hide”. But I disagree – I have lots to hide and I am sure that everyone has things to hide. And even if it is not about our private life there are lots of occupation with privacy being a central part. Yes, it’s the job of a lawyer to hide. If a lawyer is not able to use floss software because he cannot even open a client’s file without Amazon and any connected third party (e.g. Tempora) knowing about it, this is a clear violation of the first freedom which forbids discrimination of users.

Given that we have the above fifth freedom which is directly derived from the four freedoms and highly inspired by Germany’s right for informational self-determination:

… in the context of modern data processing, the protection of the individual against unlimited collection, storage, use and disclosure of his/her personal data is encompassed by the general personal rights of the [German Constitution]. This basic right warrants in this respect the capacity of the individual to determine in principle the disclosure and use of his/her personal data.

With informational self-determination every user has to be always aware of which data is sent to where. By default no application may send data to any service without the users consent. Of course it doesn’t make sense to ask the user each time a software wants to connect to the Internet. We need to find a balance between a good usability and still protecting the most important private data.

Therefore I suggest that the FLOSS community designs a new specification which applications can use to tell in machine readable way with which services they interact and which data is submitted to the service. Also such a specification should include ways on how users can easily tell that they don’t want to use this service any more.

With this information provided applications can start to add first run information to tell the users how they interact with services and how the users can configure this.

Furthermore a complete database of all the services would allow to introduce a privacy center directly in the user’s desktop. A center listing all the applications which interact with remote services, a center where the user can directly disable certain services.

Of course there is still one problem: how to force applications to make use of it and to provide all the data. Such a center becomes useless if some applications do not implement it, because it thinks its user are a product which they need to sell. But this is a social problem and we cannot solve social problems with technical merits. If a FLOSS product is violating the user’s privacy we all have to call out and convince the project that this is a bad idea. It’s up to the users to not use software which is violating the user’s privacy and by that force the project to change.

Update: See also the follow-up post FLOSS after Prism: Anonymity by default

21 Replies to “FLOSS after Prism: Privacy by Default”

  1. Hello Martin, what do you think of software that sends, say, a unique configuration id and version number to a central server? For example, a win32 application (yeah, ignore that fact) that checks for updates and sends such data every time so that the developer can know in precise numbers how big his userbase is.

    1. well that’s quite a lot of data. It basically tells the developers when a specific user starts the application. And that without the user even knowing. I doubt that this would be legit here in Germany given our rather strict privacy laws. Software phoning home is in general a no-go.

      Obviously such software cannot be free software otherwise you wouldn’t have a unique configuration id and version number. That’s something which I consider as impossible to implement in free software. If you use proprietary software you have lost directly from a freedom point of view.

    2. It is not the intent of the developer that matters, therefor the question could be seen as: “What are your opinions on software that sends a unique identifier for its particular installation and version number to a remote server?”

      I’d personally say that if the application did not send this automatically when started but instead gave the user the option to enable this functionality and be clear that the information sent will include the unique identifier, version number, date and time, sending computers IP and all other stuff that comes with the communication method then at least I would personally be happy with it and in many cases enable it.

  2. The privacy centre is a good idea but isn’t enough. Most distributions already preconfigured in the browsers they include a search engine that provides them with revenues based on the user searches, without the user’s acknowledgement. Changing those search engines at the core of a browser may not be a simple task for, nor at the reach of the common user. And unless the distribution community is diligent in getting the browser’s code rid of those engines, the privacy problem will remain even if a privacy centre takes care of the other issues.

  3. Well, I’d say the first is to crack down on the SSL certification “mafia” and introduce open certification in a more widespread manner.

    The second issue is clear joint/solidary European penal rules against business espionage and a clear commitment of the United States when spy operations against their allies would be terminated.

    Oh, and then there was the Echelon Europarl report a decade ago with its recommendations:

    29. Urges the Commission and Member States to devise appropriate measures to promote, develop and manufacture European encryption technology and software and above all to support projects aimed at developing user-friendly open-source encryption software;

    30. Calls on the Commission and Member States to promote software projects whose source text is made public (open-source software), as this is the only way of guaranteeing that no backdoors are built into programmes;

    31. Calls on the Commission to lay down a standard for the level of security of e-mail software packages, placing those packages whose source code has not been made public in the “least reliable” category;

  4. This was a good blogpost, Martin.

    It is certainly by time we start defending our inalienable(!) rights in practical ways, and what is the point of (F)OSS if we have lost our freedom to begin with. It might be worth bearing in mind that the EU has directed ISPs, including phone companies, to retain communication data on their servers for upto two years. Fighting this directive would, IMO, be a good place to start. If this directive could be eradicated, we would have achieved a solid consensus on (some) limits of state interference in private and personal matters, which in turn might be a both a foundation and an inspiration for the practical solutions you are indicating.

    1. As a note that directive is not implemented in Germany (any more). Our highest court decided it’s violating civil rights.

      1. Yes, I know. Too bad the German government did not oppose the directive in the first place. We non-Germans can only hope the European Court of Human Rights will some day arrive at the same conclusion as Germany’s Federal Constitutional Court.

  5. I think it’s important to define who is the adversary here. While I don’t trust Facebook, Google, etc very highly; the real problem lies with governments (and the extra-legal activities of the security agencies). It isn’t just the data, but also the metadata we need to protect. So that means we need an easy front-end to GPG for everyone, defaults in Firefox/Thunderbird that encrypt everything, some kind of P2P DNS, and some way to make the metadata impossible to grab.

    Of course, as a matter of good manners, I’d prefer applications not to phone home without permission, but it’s government surveillance rather than corporate misbehaviour that is the real threat.

  6. What the article seems to be talking about is outside the scope of software freedoms. The four freedoms are needed by the software user.

    When the user abdicates their freedom to the entity that runs the service, demanding more software freedoms is not going to address that. Those freedoms don’t help the user, if the user isn’t the one who gets them.

    Instead, the problems discussed here are more directly addressed by the Franklin Street Statement on freedom and network services.

  7. “The freedom to decide which data is sent to which service”.
    Sounds relevant, but is utter rubbish.

    Everyone has this freedom already.
    Reason: YOU CHOOSE which service you use.

    Why the heck do you think people like Richard Stallman refuse to use Facebook, Amazon, etc.?

    Simple: because he has that freedom (already)!

    And on the topic of free software:
    The 4 freedoms already give you all the freedom that you need.
    Who the hell are you to dictate to others what they should do, just if you want to use their service?

Comments are closed.