Slashdot Mirror
Why American Corporate Software Can No Longer Be Trusted
jrepin writes "There is a problem with proprietary, closed software, which makes Rick Falkvinge, the founder of the first Pirate Party, a bit uneasy: 'We get a serious democratic deficit when the citizens are not able to inspect if the computers running the country's administrations are actually doing what they claim to be doing, doing all that and something else invisibly on top, doing the wrong thing in the wrong way at the wrong time, or doing nothing at all. ... In the debate around the American Stop Online Piracy Act, American legislators have demonstrated a clear capability and willingness to interfere with the technical operations of American products, when doing so furthers American political interests regardless of the policy situation in the customer’s country."
Well if you deal out Microsoft, Apple And Google, you are left with not much but Linux as an alternative! I for one would love to see this happen as resources and money would have to be poured in to make Linux distributions and applications that were world class!
And it was ever trustful, in the first place?
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Really? Do you have a reference for that? AFAIK the US Government does NOT ban the use of Chinese electronics in government or defense applications.
One of the major arguments for SOPA have been the trillions of dollars of theoretical losses of sales by the Media companies. As has been pointed out repeatedly ad nauseum, these losses are only theoretical.
But has someone on the senate actually done some estimation of possible loss of revenue, if the internet actually becomes splintered and USA loses its control? Or of even more foreign governments just turning to open source solutions, instead of to, say Microsoft? China, for example, is a big competitor already for the control of internet. They control a sizable part of it already. Let us say that they actually get it in their head to actually set up an alternate mechanism and act as the controlling authority? Even USA doesn't really dares to stand up to them... so all in all, we are talking of China ultimately controlling the distribution of said media/softwares, and who knows what terms they will set for the USA based companies?
I will admit that chances of above happening are remote at the moment. But what are these media folks, and their employees in the senate, smoking? Why even take the chance?
If you use Android, you should check out the Guardian Project.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
The difference is the ideas. The idea of America is being lost. What is leftover when that is gone is just another place. May as well be called just Homeland. The ideas that are traditionally associated with America are not espoused by those that use the term Homeland.
which is hilarious because our manufacturing base is gone.
Which is why we still have more manufacturing capability than any other country in the world, including China? Granted those stats are a bit old, it's still true. The number of jobs is down (by a lot), because US manufacturing has grown more efficient, which creates the impression that we lack manufacturing capability. Well, that and all the "Made in China" crap you find at Walmart. The reality is the US makes ~18% of the worlds manufactured stuff. And that is considered a "small fraction" of the US's economy. In an international context, the US is massive. Still by far the biggest player.
Also, the US probably should ban Chinese electronics in defense applications, but they don't.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Security-critical environments are one of the few places where open source should be a must.
No it was not, but that's not the point. Congress can order technology to restrict freedoms outside America. That was only theoretically the case before SOPA and similar bills. Now, there is no reason to assume that the American government is not interfering with any technology you can't inspect yourself.
Or to remove the double negatives: Now there is reason to assume the American government is interfering with any technology you can't inspect yourself.
We all know that SOPA is all about the money (I'll ignore the "everything is" argument, for now). Money the *IAAs feel they are losing, money the politicians have accepted in campaign contributions... Even the advertisements trying to drum up support for SOPA are about all the jobs (money) that will be lost if this doesn't become law...
Every argument I've heard has been about ideals and technology... We all know how politicians and corporations feel about ideals. Freedom of speech, Impossible to implement, Would break the very foundation of the web, etc... All meaningless to these people without a dollar sign attached to them.
This is the first argument I have heard that directly turns the tables. "Pass SOPA, and we will no longer trust any software produced by a US company." This would affect many more than just MS, Apple, and Google... How many PCs will Dell, (or HP, or Acer, or...) sell outside of the US if they are not allowed to sell them with (or without) Windows? If Dell et. al. are forced into producing computers with Windows installed for the US market, and %NotWindows% for the rest of the world, how long before they decide it isn't worth the effort, and just pick their favorite %NotWindows% for the entire line? How many jobs will be lost if no one in Europe is allowed to use Photoshop, MS Office, iTunes, AutoCAD,... The list goes on and on.
Do I think this is likely to happen? Not really.. But it makes for a good advertising campaign against SOPA.
Those who will be affected most by SOPA are those who rely on American billing, search and advertising services.
It doesn't matter if you are running Linux, if you are hosting content that is flagged for violating copyright law, then you risks losing your advertising revenue.
The solution to the problem is to use services in other countries than the US. Whether you are running Linux or Windows is irrelevant.
I find this sort of thing rather amusing. You didn't trust closed source software...
So you download ten million or so lines of source code from some anonymous server, written by thousands of people you've never met and will never know. You then build it using even more software and libraries and tools running under yet another OS, and you then install it on hardware with its own BIOS and roms and controllers.
Hundreds of millions of lines of code you've never seen, and never will see...
And yet the end product of THAT result is somehow more trustworthy.
Right.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
It's a Foster Motherland.
"Why American Corporate Software Can No Longer Be Trusted"
This should read:
"Why Corporatations Cannot Be Trusted"
And I'm not sure TFA answers that very well.
Today's global economic situation is not much different than that of 1932. After years if not decades of reckless investment, currency and market manipulation, leveraged investment, and rapacious profit-making, US corporations and banks conspired in a way that ultimately led to a economic meltdown.
In 1929 they didn't need computers and software to do this. They needed a willing and complicit Legislature, courts, and government agencies. The results then are well known, as they are today.
We started back down this path in 1999 with the repeal of the Glass-Steagell Act. Couple that with the continuous pressure to expand home ownership, a Federal Reserve inappropriately tasked with controlling inflation and economic growth, and lack of oversight into multiple industries (Accounting firms audting a corporation while their banking divisions floated the IPO, for instance) and you had the makings of a perfect storm. It came.
Corporations, by design, cannot be 'trusted' to act in the 'public interest'. They need to be at least minimally regulated, if for no other reason than to prevent the most egregious abuses.
What this has to do with software is beyond me. It's more than that, a lot more.
deleting the extra space after periods so i can stay relevant, yeah.
Re "If it's phoning home, we can detect it."
The problem is not so much what is "phoning home" everyday but the carrieriq like layer between any shipped phone in parts of the world wrt https and all input.
From 2006 "FBI taps cell phone mic as eavesdropping tool" http://news.cnet.com/2100-1029-6140191.html
Before that you had the fun of the safe 56 bits and the Data Encryption Standard.
More at http://cryptome.org/nsa-v-all.htm
Products have shipped for generations before smart people began to discover what they had really installed and recommended beyond the accepted public math and low price.
Domestic spying is now "Benign Information Gathering"
Falkvinge here.
I am referring to the fact that the SOPA debate has shown that US legislators won't hesitate for a moment to mutilate global technical resources if they can be used as leverage to project US trade interests, intensely disregarding the fact that severeign nations elsewhere have other sets of laws.
Specifically, the seizure of Internet domains is a precursory example.
Since the legislators have shown both a willingness and a capacity to regard anything happening on US soil as something that can be legislated into political leverage, at the expense of the customers and the US supplier, we must assume that cloud services and closed software can and will also be thus regarded.
This, in turn, means that any nation serious about its sovereignty can't let its critical administrative processes be governed by such code.
If you really want to get paranoid, you won't be using computers at all. You can't trust the software, even open source unless you've personally reviewed it all including the compiler. Even then you can't trust it unless you've reviewed the OS, BIOS and verified the design of all hardware in your system (including input devices down to the chip level.) Even then, you'll need monitor every byte of traffic on your network link (since even open software has vulnerabilities you likely didn't find in your review.) Still safe? No, because there could be listening and/or other devices anywhere, even inside the concrete blocks that make up your house. (e.g. a filter outside the street that modifies your network traffic.) Heck, even if you are Microsoft you can't trust your OWN software because there are too many cooks in the kitchen, as it were. None of whom were fully vetted.
Basically, guaranteed trust is a myth. You have to trust some one and some things or you are basically useless to society and will die of starvation (trust your food and water?) This article is either the start of a scare tactic against US companies and/or a poor attempt at bringing some rational thought to congress. Even if the US isn't doing crazy things behind the scenes, I'm sure China and most other large countries are.
I don't know, but it works for me.
Let's take your claims and dissect them.
Let's dispense with the argument that this is US legislators fighting for "US trade interests". This is about particular US companies pushing US legislators to fight back against a stubborn foe: global piracy. (Also, by framing it as "US trade interests" you're intentionally suggest a wider attack on foreign trade. If you set it up more accurately, it would be "unfair competition" because piracy is an illegitimate form of trade competition. Of course, if you talk about piracy as a form of unfair competition, you can't scare people because if you said "the US legislators won't hesitate to fight unfair competition" you'd lose the moral highground.)
The US is able to unilaterally cut websites (both foreign and domestic) off the internet because they are doing something that many people find wrong, but other countries have semi-legalized. But, wait, what did you write in the article again: "[US] policymakers are not the slightest afraid of legislatively ordering American-run corporations to sabotage their customers in order to further United States foreign policy". What in the world does kicking websites off the internet have to do with forcing US corporations to sabotage their customers? What are you alleging here? Where is the sabotage? How does this "advance US foreign policy"? It sounds to me like SOPA is US corporations telling the US government what to do, and you're here telling us that the US government is telling the US corporations what to do. So which is it? Who is telling who what to do because it seems to me that SOPA is doing the exact opposite of what you're claiming in your article. I can see absolutely nothing to support your claims of "sabotage" in order to "advance US foreign policy". Since you brought up Apple and Microsoft specifically, could you please explain how and why these companies are going to sabotage you at the behest of the US government, why no US company can be trusted, and what this has to do with SOPA?
A precursory example? You mean that nothing in SOPA supports your claims, but you fully expect that sometime in the future things will start happening differently to support your view of the world?
First, define "political leverage" because I can't figure out how it makes sense in this context.
Second, how is "kicking piracy websites off the internet" creating political leverage at the expense of the customers and US supplier?
What in the world are you talking about? What, specifically are you alleging? Are you saying that the US government passing SOPA at the behest of corporations indicates that the US government is going to force corporations to ... what? Steal your state secrets? That's quite a stretch from "US corporations want the US government to pass laws to allow a crackdown on piracy websites" into a complete reversal "the US government is dictating to US corporations to sabotage customers and steal information from foreign nations".
I have no such expectations of privacy at work. My duties are monitored and evaluated. If I make use of 'my' workstation for personal purposes, I am actually using the company's workstation.
I can't access web based or personal email at work - primarily to complicate transferring data to non-company storage. I can't access Facebook, Linkedin, and a host of other social systems. I can't access a multitude of sites that are either known to provide information about compromising systems, or are known to host malware of any sort. I cannot use several commenting and interaction systems such as Disqus.
Antivirus software is the least of the security measures on 'my' workstation. The corporate LAN, both wired and wireless, require certificates for me to connect. DLP processes on 'my' workstation track every read and write. Specific filters look for characteristic types of data, and prevent its transmission in emails and instant messages. Documents of al types, even text, are required to be categorized by the nature of their confidentiality, and are blocked from being stored on certain storage if they require more security than is afforded by that media.
Email can be encrypted by a method that requires the recipient to register at the corporate website to read and interact with it. Certain data cannot even be sent encrypted without specific certificates that are given only to employees for whom this is a required function.
Mind you, I have the privilege of using removable media. Not many employees do, or need to. I need to share data with non-corporate entities regularly. I assume my activities are scrutinized.
And yes, I post to Slashdot from work. Not now, but that's one reason why I share a little more info.
In the largest, most vulnerable corporations, the stakes are much higher than most people imagine. And the largest corporations are the most vulnerable.
And ultimately, everything here and in similar forums on the Internet is cataloged, analyzed, and processed. By several entities, here and abroad. It's not like Slashdot is a secret. Pretty much everything without an HTTPS in front of it is no secret, and some of the HTTPS stuff is also.
Privacy is what you do by yourself.
deleting the extra space after periods so i can stay relevant, yeah.