Free Software post-PRISM
by Glyn Moody
The news has been full of talk of spying, whistleblowing and data mining. Glyn Moody looks at how open source has been used to threaten freedom and privacy and how it could be used to defend them.
The last few weeks have been full of the revelations from Edward Snowden about the surveillance carried out across the world by the US's NSA and, more recently, the UK's GCHQ. Aside from their intrinsic importance, the stories that are emerging are notable too for the way that they have placed computers and even open source software at the heart of the news.
The story is centrally about spying on computer networks, which have become conduits not just of government and business information, but the basic stuff of many people's lives as experienced in their emails, web visits, social network activity and more. It's about a spy not in the classic James Bond mould, but a geek who believed the internet to be "the most important invention in all of human history" and one that was in danger of being subverted. He even has the stickers:
His allegiance to internet freedom is reflected in the stickers on his laptop: "I support Online Rights: Electronic Frontier Foundation," reads one. Another hails the online organisation offering anonymity, the Tor Project.
It was his role as a sysadmin that allowed Snowden to access supposedly top-secret files; that symbolises neatly how digital powers nowadays trump traditional analogue restrictions.
We also learn from Snowden's leaks that the NSA is a big fan of free software. We already knew that it used free software, even to the extent of open-sourcing some of its code:
Accumulo is a distributed key/value store based on the design of Google's BigTable. Developed by the US National Security Agency (NSA), the Accumulo project has now been proposed to the Apache Software Foundation for consideration and incubation as a new Apache project.
According to the proposal, Accumulo already has hundreds of developers using it and has been in development since early 2008; there are now over 200,000 lines of, mostly Java, code and "100s of pages of documentation". The NSA says in the proposal that the project has been handled, internally, as an open source project, using common tools such as Maven and many other libraries.
And here's what we find at the foot of a set of slides released by Snowden about a data mining application with the rather grandiose name of "Boundless Informant":
BoundlessInformant is hosted entirely on corporate services and leverages FOSS technology (i.e. available to all NSA developers)
Of course, there is a deep irony that free software should be used by the NSA in this way to threaten freedom around the world, but it's long been recognised that software is truly free only if that freedom can be abused – that's why Freedom 0 of the Free Software Definition is
The freedom to run the program, for any purpose
including bad ones.
Talking of bad purposes, one of the key insights that Snowden's leaks has provided concerns computer companies being part of the surveillance system. Early arguments about what was meant by the leaked documents' claims that the NSA had "direct" access to Google, Facebook et al have been rendered moot now that we have learned GCHQ is downloading communications that flow through fibre optic cables coming into and going out of the UK, and sharing them with the NSA. The law under which the UK surveillance is apparently being conducted simply requires that "one end of a communication must be outside the UK" – which obviously captures 99% of most UK citizens' use of the internet.