Today I am not going to talk about current events or political economy. Today I am going to talk about digital privacy. The principle of the 4th Amendment is not merely legal: it is ethical. It is a statement of natural law, and the USA’s Founding Fathers believed it to be instituted by God to govern God’s creation.
The Internet has evolved to a business model of mass surveillance, and mass surveillance is contrary to the principle articulated by the 4th Amendment. Even if you’re not from the USA, that doesn’t change the principle.
“Computer hacking” may still sound pretty “1337” to folks who don’t aspire to professional knowledge of computers. Hacking used to be a labor of love done by guys like Steve Wozniak, who broke the law frequently and was richly rewarded because Silicon Valley was free from serious law enforcement before the famous “Hacker Crackdown” of 1992.
Nowadays, “hacker” is a blue-collar job. Check out this glorious bit of corporate propaganda:
I have not signed up for those online training course. Maybe they are high-quality products put out by an ethical training company. But the point is that hacking is a mainstream job skill now. You can get an “ethical hacker certification” just like you can get an “apprentice electrician certification.”
I am not eager to sign up for those courses. I don’t understand privacy technology. I don’t understand how many people would get their hooks into my personal data if I were to try to get educated online. I suspect, however, that a fair number of newbies trying to get educated are just going to get onto NSA watchlists without acquiring any useful skills.
By now, everyone has heard that the NSA has Carnivore and XKeyScore and other projects intended to eavesdrop on everyone.
You may have heard that the NSA also bribes hardware manufacturers to put backdoors into commercially available hardware.
Julian Assange has declared the dawn of the CYPHERPUNK age. In this day and age, when Catalonia is trying to use Internet privacy technologies to get a vote out, who remembers cyberpunk? Apparently PocketC.H.I.P. remembers. They are selling their glorious equipment to hobbyists and hackers in a small number of countries, because they are a tiny organization that cannot pay for a big shipping company to ship these devices all over the world. These devices are not very powerful, but they ARE user friendly – if you can manage to get one shipped to your country, and that is a big deal.
You can build a very reliable, very open laptop. It’s called the Novena, and as far as I can tell, it’s impossible to get one pre-assembled. You have to buy the parts and put it together yourself.
The problem is that the masses need digital privacy. The 99% need digital privacy.
The NSA is not constrained by limited finances and limited technical skills.
The NSA appears to intend to search everything written by everyone everywhere.
…the large majority of traffic passing through US telecommunications peering points can be screened based on the rule sets used for packet capture.
If the NSA closes up shop tomorrow, there would be plenty of other national spy agencies eager to imitate their tricks. The Mossad already probably has access to most of the USA’s tricks; the Mossad probably co-developed some of those tricks, including but not limited to StuxNet.
The private hardware manufacturers are very clever at obeying the letter of the law while breaking the law in spirit:
TiVo’s software incorporates the Linux kernel and GNU software, both of which are licensed under version 2 of the GNU General Public License (GPLv2). GPLv2 requires distributors to make the corresponding source code available to each person who receives the software. The goal of this requirement is to allow users of GPL-covered software to modify the software to better suit their purposes.
However, Stallman asserts that TiVo circumvented this goal by making their products run programs only if the program’s digital signature matches those authorized by the manufacturer of the TiVo. So while TiVo has complied with the GPL v2 requirement to release the source code for others to modify, any modified software will not run on TiVo’s hardware.
… Torvalds has stated that he believes the use of private digital signatures on software is a beneficial security tool. …
Stallman and the Free Software Foundation have attempted to respond to some of these concerns. They have stated that their goal is for GPLv3 to allow private digital signatures for security purposes, but to still prevent tivoization.
By the way, recall that the Mossad commits war crimes and other crimes against humanity, but somehow major chip companies never have a problem building facilities in Israel and funneling Israeli personnel into sensitive positions.
So the C.H.I.P. solution is to release as much of the hardware as possible as open source:
However, it is very hard to make a modern device completely open source. The C.H.I.P. includes The Mali 400 graphics device, which isn’t open source in a bare metal sense. Reverse engineering can fill in some gaps in the releases:
Lima is an open source graphics driver which supports Mali-200 and Mali-400 GPUs.
The aim of this driver and others such as freedreno is to finally bring all the advantages of open source software to ARM SoC graphics drivers.
This kind of work is difficult. It requires a lot of skills that I don’t have, and most of my readers probably don’t have. (I probably get 40 distinct readers every day. I doubt that most of them are hardware engineers skilled at reverse engineering.) I imagine myself to be pretty hardcore just because I run Linux, but honestly, running Ubuntu in 2017 is about as low-stress as running a Macintosh in 1991. Thus the C.H.I.P. project is doing a great service to the world by making open hardware into something cool, hip, and user-friendly. The Open Source attitude needs to recruit a new generation of students.
It is very easy to give up the fight, to give in to despair, to believe that no individual can make a positive difference. Obviously, I wrote this post because I am not willing to give up, or to give in, in the realm of digital privacy. I am probably on a bunch of watchlists already; my personal info has probably been sold by Equifax even before they got hacked. I don’t care. I am angry enough about this that I still want to struggle for digital privacy, regardless of how ignorant my struggle might be.
In the past, I have not usually closed posts with a “call to action” but today is different. Today, I am asking you to comment on digital privacy. Do you give a damn? Are you going to actually engage with the technologies that might enhance your digital privacy, e.g. Linux?