After Snowden: Prioritising Free Software for Computing You Can Trust
article initially published in the French newspaper Libération February 25, 2014
Frédéric Couchet and Lionel Allorge, from April (a French nonprofit devoted to promoting and protecting Free/Libre Software).
What does Edward Snowden reveal to us? First of all, that, contrary to what the outraged yelping of the American administration would tend to have us believe, this is not an affair of State, but rather an affair of all the States. The weakness —and even the absence— of diplomatic reactions show rather clearly that PRISM and its galaxy of surveillance programs, even though they were built under the aegis of the NSA, are in fact today a global marketplace for the exchange of private data, in which all US allies are involved, at varying degrees of intimacy.
Let us repeat it, PRISM and associates are not the work of one State, but of every State. Tomorrow, the American NSA will no doubt have become the Chinese NSA, but, unless we, the people, curb it, it will remain this insane and obscene compulsion to peek through every digital keyhole. In France, the adoption of Article 13 of the Act on Military Programming, which disregards unfavourable opinions of the French Data Protection Authority (CNIL) and the French National Digital Council, recently illustrated this trend. Thus, the Snowden affair invites us not so much to debate geostrategic balance as to reflect on our relationship, as users and citizens, with technology, and especially with IT.
For, if we cannot completely trust our governments, can we at least trust our smartphones, our computers, our applications, or centrally hosted services? Here also, unfortunately, the answer is “No”. The information disclosed by Edward Snowden shows that the innumerable NSA intrusions were possible only because of low resistance, and deliberately created security breaches in major proprietary programs. Our computing was therefore acting treacherously—often deliberately so—and communicating, unbeknownst to us, information that we were considering private.
This being said, what would computing we could trust look like?
The mechanism that establishes computing you can trust is not any different from that which regulates a modern democratic society. It essentially rests on the right to vote, associated with access to objective information. Free/libre software, which, in a global computer base dominated by Microsoft, is gathering momentum, is the only one to follow these principles: its code is accessible to everyone and its modifications are collectively decided on by a community of developers. The installation of a backdoor by the NSA within the source code of a free program is theoretically not impossible, but it will always remain much less likely than it would be within a proprietary program, whose code is kept secret.
Ensuring the integrity of our IT systems is the first step, and the most vital one, by far, for the preservation of our privacy. Because, as Edward Snowden himself admitted in a recent chat with the Guardian readers, “Encryption works [...]. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.” It is thus useless to encrypt an email during its routing from A to B, if A and B are proprietary systems that do not offer any guarantee against the intrusion of a third party...
The Web is 25 years old, personal computing is 30. Not without a certain nostalgia, we can consider the previous generation, ours, as the adolescence of IT, an era in which the profusion of invention, and the novelty of the procedures perhaps allow one to understand —if not excuse— the disorder that prevailed where basic freedoms and consumer rights were concerned.
In those heroic days, the big software and Web-industry bosses advocated —with a straight face— autoregulation (sic) of the field, in order, so they said, “not to stifle the creativity of this fledgling industry”. The bitter fruits of this “autoregulation” can be harvested today in the Snowden files, the most gigantic undertaking for record-keeping and surveillance of ordinary citizens ever seen on this planet, bar none, including the KGB. Thus, a quarter of a century after the fall of the Wall, one may wonder in favour of which model of a society it fell: democracy or Orwellian police state?
If Edward Snowden is teaching us anything, it is that it is high time that we regain control of our computing. The ball is in our court: we can either ignore the warning that he has just sent us at the cost of putting his life in jeopardy, or we can start a new, more adult, relationship to our computing than that of passive consumer. A relationship of trust. Trusting would mean, for instance, knowing in real time with whom our computer is communicating, and why.
Free software alone is able to present arguments to guarantee this confidence pact with the user/citizen. Free software alone provides total transparency of its inner workings, and this transparency is certified by permanent auditing by its community of users and developers. No proprietary software program, whose source code is concealed, can, by definition, offer the same guarantees. Free Software, while not the definitive solution to this problem, is nevertheless an essential building block in the fight for user freedoms.
That said, technical solutions have their limits. What we need is political awareness, both at the governmental level and at the individual level. This choice is going to require some efforts from each of us: proprietary software programs have for years aimed to infantilize our relationship with IT, on the assumption that the less we knew, the more we would behave like captive customers. Regaining control of one's computing is not easy, but it is an essential civic initiative. Everyone should try to give priority to free software.
It is also up to us to make our elected officials more aware of this choice for free and honest computing, so that they might support initiatives like that of the French Gendarmerie, which migrated all of its IT equipment to free software as early as 2002, as opposed to ones like that of the French Air Force, which just renewed a one-sided contract with Microsoft, under conditions that were opaque, to say the least.
Richard Matthew Stallman, who launched the free software movement in 1983, has stated: “I am often asked to describe the ‘advantages’ of free software. But the word ‘advantages’ is too weak when it comes to freedom.” It seems to us that this is the most important lesson that should be drawn from Edward Snowden's heroic deed.