codema.in
Mon 14 Aug 2017 11:12AM

An open letter to the policy makers

KVM Kannan V M Public Seen by 381

It's been 70 years since we got independance, yet we are still dependent on proprietory softwares that abuse our freedom to use them as we like. This is an open letter to our policy makers and public to make them aware about the security issues and other serious consequences of using non-free softwares.

An Open Letter to IT Policy Makers

It has been 70 years since we gained independence from the British empire. We gained independence in administration and we now have the freedom to make choices as a nation. Our freedom fighters knew that the British rule was against our interests, that they will continue to exploit our nation as long as we are dependent on their administration. We fought with our own policies of non-violence and finally we won. Now we are the fastest growing economy in the world!

But years later, when we look back at those times of our fight for freedom, isn't it obvious that we have forgotten a great lesson that was already known to us? The lesson being "dependence can lead to exploitation".

When it comes to the Information Technology sector we could see that it's a wholly' different scenario. We live in a world where everyone is connected, hardwired to internet around the clock where cyber attacks are the new form or warfare. A good example is the Stuxnet, a joint U.S.-Israel project, known for reportedly destroying roughly a fifth of Iran's nuclear centrifuges by causing them to spin out of control. This warfare is so powerful that it can turn a country's economy upside down overnight, without even leaving a trail! We saw cyber attacks like WannaCry and Petya ransomwares affecting millions of computers worldwide. We saw that such attacks can even affect the working of governments and banks. And the main thing is, this war doesn't need countries, even a handful of people in a tiny room can unleash such massive attacks. In case of government institutions, losing sensitive administration data is way more disastrous such that it can be used against that nation by their enemy countries or terrorist groups. It may be pointed out that such security threats are largely confined to Microsoft products. While WannaCry affected so many computers in India, it didn't affect any computer used in the 2000+ schools in Kerala. They were safe because they were running the Free Operating System, GNU/Linux. The same was the case with the computers of our Life Insureance Corporation, which also runs Free Software.

It's a well-known fact that "data is the new oil!". Almost all developed countries as well as many developing countries around the world are now spending billions in the field of data mining in order to gain more power and hence more strategic control over the rest of the world. User data is used for user profiling. The results of this mass cyber profiling can range from simply advertising a cheese burger to mass-manipulation for influencing a key election. The demand for transparency in democracy is to prevent rigging elections directly, but elections still can be rigged indirectly by manipulating voters who are profiled and targeted advertisements are placed strategically. This is just one example of how important data really is. In the not so distant future the news we see will be based on our cyber profile, we will see the world as how some coporates think how we want it to be instead of how it actually is, which will keep our political views dormant for sure. In case of manipulated news, we will be surrounded by information that some other agency wants us to see. In other words, we might see more news about dogs surfing competition than the news of children next to us dying out of starvation and preventable diseases.

When a program loads and runs in a computer and the user doesn't exactly know what all this program will actually do in background, it's a security risk. This is where the dependency on proprietary software vendors becomes an issue, they don't provide us enough freedom on the software we buy, they don't allow us to check what code they run behind nor can we know what they do with our data. These programs can steal our sensitive data or they can change or corrupt them altogether. This doesn't end here, each year we spend billions of our taxpayer money to buy software licenses and because these proprietary vendors don't give us the freedom to distribute the software, we have no choice but to buy software licenses for each installation and finally we end up begging them to provide discounts.

Another problem is that proprietary software that is widely used, including Microsoft Word, Excel, etc. save files in their own secret formats which cannot be cleanly opened by other software. This means that documents created using them are locked to that company's products and we risk losing access to those documents if and when the company stops supporting the software as companies do periodically. So, we need software that will save documents in open formats that can be read using any software any time and don't depend exclusively on a particular company.

We need softwares that provide us the freedom to use them as we want, study them as we want, change them as we want and let us distribute them as we want, we need to end making dangerous sacrifices, being depended on companies that don't let us study their software, we must make sure that our nation's security is not sold to a few companies that sell unreliable products. We still have a long way to lead the technological competition between countries, to go ahead we need to get rid of the dependency on proprietary softwares. We are already late, but it's better to be late than never. So on this occasion of our 71st independence day, let's switch to the path of complete independence in the Information Technology sector, let's switch to the path of Freedom and Security, let's switch to the path of Free (as in freedom) Software!

NB: The idea is to get this public as possible, starting with avaaz.org, please do add more suggestions and share it youself.

Also this is written in a context that it should be understandable to non-techie people too.

PP

Pirate Praveen Mon 14 Aug 2017 11:44AM

looks good to me.

GDB

Gokul Das B Mon 14 Aug 2017 1:01PM

The concept is good. But I feel some improvements can be done:

  1. Since this letter is an open appeal to the government, I think it would be best to avoid names of specific companies. Instead, you could cite their specific products, proprietary software and closed standards to illustrate the problems. Citing the company in general may be counter-productive.

    The case in point is Microsoft. Their record in treating FOSS software has improved a lot lately. One example would be the 'Language Server Protocol' that they introduced. LSP is improving developer experience by leaps and bounds across several development platforms - including completely open ones. They may still have shady practices against FOSS, but citing the company name would undermine any act they have done in good faith. Meanwhile, there are some other companies who take overtly or covertly malicious stance against FOSS on a much worse scale than them.

    On the counter case, there are some 'open source software' directly responsible wrecking open standards. A good example is how EME was introduced as a web standard against the best efforts of Mozilla. We should be trying to promote FOSS, privacy & security and open standards. Citing specific malicious actions, cases and products would be better than citing companies.

  2. The letter mixes in online services. Agreed that many social media platforms resort to mass manipulation of population. But for normal users, there is no way to tell apart a proprietary online platform from a free one. The difference perceived by the population is so subtle that I doubt that the govt can do much to free its citizens from these manipulations and profiling. Perhaps the problem with online platforms should be addressed in a different manner from proprietary software.

PB

Pirate Bady Mon 14 Aug 2017 1:21PM

Since this letter is an open appeal to the government, I think it would be best to avoid names of specific companies.

i agree, it may be better to remove the company name(s).

The letter mixes in online services. Agreed that many social media platforms resort to mass manipulation of population.

but is it just the social media platforms? what about proprietary operating systems? do they repsect our privacy? what about proprietary browsers? even proprietary keyboards we use in our mobile can misuse our personal data, right? so i think it's not just a matter of any proprietary social media but all proprietary software in general. if we can't see the source code we can't know what they do with our data.

GDB

Gokul Das B Mon 14 Aug 2017 2:25PM

but is it just the social media platforms? what about proprietary operating systems? do they repsect our privacy? what about proprietary browsers?

No questions there! If someone is neglecting the dangers of proprietary software, they are genuinely inviting trouble. What I was pointing to is the fact that the dangers are not so obvious in case of online platforms. If you use illegitimate copy of Windows, you're breaking the law and you probably deserve what is coming. But what law are you breaking and what should you expect when you use a platform like FB? How can anyone ask people not to use proprietary online platforms when they aren't breaking a law? It is still a danger - but then how do we tackle it?

PB

Pirate Bady Mon 14 Aug 2017 2:58PM

let me clarify. i was trying to say that the privacy issues are not just limited to social media platforms, as i said before it can be related to any properietary software in general, that's why it was added in the letter.

How can anyone ask people not to use proprietary online platforms when they aren't breaking a law?

in case of proprietary softwares, say microsoft windows, we're still inviting trouble even if we're using a 'legitimate' copy. so it isn't about legal v/s illegal. one thing we can do is to keep educating people, make them aware about the potential issues. i agree that it isn't an easy job, but that doesn't mean we should stop trying.

here's some useful resources:
http://www.socialcooling.com,
https://www.privacytools.io,
https://prism-break.org

KVM

Kannan V M Mon 14 Aug 2017 1:27PM

  1. Being free software should be the minimum criteria for a trustable software, as long as they are not going fully open source, I think it will be okay to blame them. If they had a good will, they would've made necessary changes to respect the privacy.
    Here the issue we face is, people dont understand they are using a proprietary if we dont tell them by name. It will be needed for a local governing body to see the name of the company that can cause them trouble.

  2. Its not just problem with online platforms, applications with backdoors and data leaks are national security issues.

A

Athul Mon 14 Aug 2017 6:45PM

Did we finalise it????