Blogs

Carrier IQ proves (again) the need for completely open mobile phones

According to the Register and many other sources online, an Android app developer has reported conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration.

The only way to avoid such attacks to one’s privacy are mobile phones are systems that are built from the ground up to provide truly private conversations and to be completely transparent to their end users as the TFF Transparent Telematics system.

Telex, an anti-censorship technology and a possible component of UVT

Telex is (quoting from New Tool Keeps Censors in the Dark): "a scheme that makes it harder for censors to block communications, by taking traffic that's destined for restricted sites and disguising it as traffic meant for popular, uncensored sites."

The Telex system has two major components: "stations" at dozens of Internet service providers (ISPs) and a software client that runs on the computers or smartphones of end users.

The clients make outgoing connections to non blocked websites, encrypting the traffic in the same way that an e-commerce or online banking site does. The identity of the site to which they really want to connect is then encoded using steganography in a special string, or "tag," that's embedded in the encrypted request. A Telex station at an ISP can examine incoming traffic and detect the presence of these tags, providing it has the right encryption key. The tag would be indistinguishable from random gibberish without the key.

When the Telex station detects an incoming request that includes a tag, it redirects that connection to the site specified in the encrypted message.

The Telex protocol may then be used in the User Verifiable Telematics (UVT) system to give its end users an anonymous, not interceptable way to connect from their smartphones to the anonymous blogs and discussion forums hosted by the same providers of their UVT terminals.

HTML5 has a huge potential to promote freedom for world citizens

HTML5 and other open multimedia standard for online publishing and interactive communication play a critical role in one of the projects of the Telematics Freedom Foundation: the Universal Audiovisual Library. Here is one of the reasons.

HTML5 and its ("extension" webAPI, open web platform, boot2gecko, webgl, etc) represent a potential extension of the freedom implicit in open Web standards to the world of native apps. If widely deployed on mobile, NetTVs and TV-connected device, such technologies will have the historical potential to promote an incredible disintermediation of the video (and entertainment) sector, similar to what has happened for text news with traditional blogs.

This has the potential to enourmously help the liberalization and democratization of opinion building by ordinary citizens about relevant social matters.

According to IBC, by 2015 IBC there will be 2 billions of mobile devices with HTML5 capability. This means that in just a few years a large part of the world population may be able to use a standard browser as their main interface to discover and consume up to 4-5 hours per day of multimedia entertainment (video and games) as explained, for example, in these articles:

All this , however, would also contribute greatly to promote disintermediation in those markets, in much the same way as it has happened in the daily news sector with blogs.

Such an unprecedented disintermediation would, in turn, cause an equally unprecedented democratization (through liberalization) of TV. This would substantially decrease the huge editorial control and the related "manufacturing of consent" currently exercised by owners of broadcasting infrastructure (satellite, cable, digital terrestrial), and make much easier that "micro-production centered on research, editing and remixing" that is one of the objectives of the Universal Audiovisual Library

GPLv3 is great to promote open innovation, but not enough to protect our constitutional communication rights

(this is a summary of some of the reasons why TFF Founder Rufo Guerreschi and others started the UVT project)

A lot of great work has been done in promotion and branding of GNU GPLv3. However, I think GPLv3 cannot promise freedoms in digital communications to ordinary users, and adequately protect their constitutional communication rights while using telematics communications.

Even a very wide deployment of GPLv3 software and its adoption - through lots of very easy to use online services and apps - by many end users would still not provide those end users with effective means to verify the levels of security, privacy and authentication of those services, because they would have no means to verify that:

  • the code they are using on some website is effectively the same code that, thanks to the GPLv3 license, they could download from that same website
  • there is no other malicious software running on the same server
  • in general, the hardware on which that software runs has not been compromised
  • all that GPLv3 code is regularly tested, to maintain consistent levels of security, privacy and authentication

Of course, nothing of all this is a critique to the GPL or to the FSF (which has other goals than solve the general problems above): these are not problems that any license could solve. However, this doesn't change the fact that, today, it has become extremely difficult for an ordinary person to enjoy the freedoms promote by FSF. It is not a problem of demand but of supply. There are no tools and practices that are accessible to the ordinary person who cares about his or her freedom, not even for the most sensitive parts of their computing or communications.

There is a large demand, and need, for that. People in regimes with decent judiciary systems should have access to basic digital communications in a way that:

  • it is not controlled by any private corporation, nor by any single system administrator or anyone else
  • does not run on proprietary and/or unsafe hardware and software environments
  • it is legal

The last point is crucial for quick and large scale building and adoption (even from people without software hacking skills) of such secure and privacy-friendly communication systems. In practice, it means that such systems should be built and work in ways that still allow lawful interceptions and compliance with the EU data retenction directive and similar laws, but in ways that also make abuse of those laws, as well as violations of your privacy by private parties (e.g. business competitors...) impossible.

If we could bring out a service and device like that, active citizens could communicate with adequate privacy and security, while lawful interceptions, authorized by Courts after getting evidence of their needs, would still be possible.

In other words, the availabily of such integrated services and devices for peaceful and democratic political activists, would make it politically difficult for governments to:

  • further promote the "privacy is bad" meme that is now being aggressively promoted and would prepare the way for laws that make all encrypted communications illegal
  • make secret deals for large scale privacy violations with telecom networks operators and providers, as there would be no single organization of that kind, that could stipulate or enforce such deals.

All this is why we conceived User Verified Telematics (UVT). UVT aims to:

- provide and effectively guarantee levels of authentication, security and privacy that are legal, very very high AND inherently, openly verifiable by everyone

  • make possible the activation of lawful interception procedures only after a Court order and in presence of a suitable number of randomly selected users, to prevent abuses (but WITHOT disclosing to anyone the identity of the intercepted users!)

A very short comparison between the TFF UVT project and the Freedom Box

The Learn About the FreedomBox! page of the FreedomBox Foundation explains that their FreedomBox "integrates privacy protection on a cheap plug server so everybody can have privacy. Data stays in your home and can't be mined by governments, billionaires, thugs or even gossipy neighbors... FreedomBox will put in people's own hands and under their own control encrypted voice and text communication, anonymous publishing, social networking, media sharing, and (micro)blogging."

According to that page, the services provided by the FreedomBox are:

  • Email and telecommunications that protects privacy and resists eavesdropping
  • A publishing platform that resists oppression and censorship.
  • An organizing tool for democratic activists in hostile regimes.
  • An emergency communication network in times of crisis.

The User Verifiable Telematics project (UVT) of the Telematics Freedom Foundation has some goals and services in common with the FreedomBox, but takes a different approach. From a purely technical point of view, UVT aims to provide the first two services mentioned above, but:

  • works through end-user devices that are communication terminals with a completely open architecture, like the FreedomBox, but working through any ordinary cellphone
  • hosts the content crypted with those terminals on external, not on personal servers
  • is 100% compliant by design with existing lawful interception laws and requirement for telecom equipment. While this doesn't, of course, provide total protection from interception, it guarantees that it will only be performed in compliance with existing laws. In other words, TFF makes impossible for anybody, be they law enforcement officers or private parties, to illegally intercept the communications of large numbers of people, for as long as they want, at an affordable cost

In addition to this, UVT was conceived thinking to a different use case. The FreedomBox is a (fixed?) server that requires a certain amount of knowledge to operate. Regardless of how much or how little that knowledge is, it can constitute quite a psychological barrier, if we think to how many people still consider computers and software as black magic (even when they use them daily). The FreedomBOx is also less dependent on external, pre-existing large telecom infrastructures than UVT.

UVT, however, is made to order for a much larger class of people (especially, but not only, in developing countries), that is ordinary cellphone users. Besides, UVT will be much simpler to use than a FreedomBox, in the sense that it will require zero set-up and configuration, and the same skills needed to operate a basic cellphone. For these reasons, we believe that UVT may be a better solution for many people, that is a better compromise between ease of use and higher privacy.

Obscuracam, a smartphone app for visual privacy

Obscuracam logo The goal of ObscuraCam for Android, developed by the SecureSmartCam project, is to to design and develop a new type of smartphone camera app that makes it simple for the user to respect the visual privacy, anonymity and consent of the subjects they photograph or record, while also enhancing their own ability to control the personally identifiable data stored inside that photo or video.

ObscuraCam doesn't set out to replace training and/or best practices, but rather to introduce these concepts to a wider activist audience, as well as to raise awareness and generate discussion around the idea of "visual privacy."

 To try ObscuraCam or know more about the project, please read:

Report confirms basic assumptions of the Telematics Freedom Foundation

According to a recent analysis from Matt Blaze, the 2010 U.S. Wiretap Report released last month provides official, essential confirmation of the assumption at the basis of several Telematics Freedom Foundation (TFF) activities.

In the report, defined "the most complete public picture of wiretapping as practiced in the US by federal and state law enforcement agencies", there are two interesting facts, according to Blaze: discouraging the incorporation of basic security technology in ICT infrastructures meant that the computers, phones, and other gadgets remained exposed to other criminals who might want to illegally exploit the very same surveillance techniques that the government hoped to preserve for itself.

However, the report says, despite dire predictions to the contrary, the open availability of cryptography has done little to hinder law enforcement's ability to conduct investigations. Even when they encountered encrypted communications, law enforcement officials have adapted their methods in order to get their work done, with one comforting result: widespread encryption, rather than shutting down police wiretaps, has actually pushed them in a more reliable and accountable direction... legal wiretap evidence is now much more reliable and illegal cellular intercepts are now much harder to perform.

This is exactly the principle inspiring TFF projects like User Verifiable Telematics: to provide systems that give all citizens the greatest possible guarantees that their communications will remain private and that only law enforcement officials will be able, within the limits set by law and with full accountability, to intercept them.

The Telematics Freedom Foundation is active again

After a break caused from simple lack of time from its members to work on the several programs, the Telematics Freedom Foundation (TFF) has restarted its activities. The Programs and Documentation projects now active on the Foundation website are the following:

In the next days, the "Active Projects" block in the navigation menu will be updated to reflect the new set of activities, and the home page of each project will be updated. Older programs, currently unactive, will still remain available in a separate section of the website, but only for historical documentation purposes.

 Marco Fioretti

TFF Program Director

New director for the Telematics Freedom Foundation



The Telematics Freedom Foundation has chosen as new Program Director Marco Fioretti. Marco succeeds Giovani Spagnolo, who is now working on other projects but remain a member of the Advisory Board. Marco is a freelance writer, trainer and member of several groups and organizations active in the Open Standards and Digital Rights arena. Marco's first task will be to refresh, prioritize and streamline the Programs on which the Foundation will work in the next months. The updated list of Programs will be announced soon in another post.

Proposal for a substantial disintermediation and expansion of the content market, and a democratic and fair remuneration of authors and producers, through collective licensing systems inclusive of legalization of digital contents sharing.

This Saturday, March 19th, in Rome, in the cinema Capranica, near Parliament, the Feast of the Pirates will be held to discuss multimedia piracy and the future of copyright with the participation of various political figures from the right and the left, associations and activists who are part of a very broad and diverse movement in the country.
The event will take place, apparently, in absence of representatives of authors and producers, who, by the way, are starting to surface proposals that include legalizing free content sharing.

This absence is symptomatic of a serious lack of dialogue with them, which has encouraged the spread in the "movement" of a position that promotes a mere legalization of piracy, without considering the problem of a decent and fair compensation for those who decide to live on culture, as if this didn't matter or was somebody else responsibility.
In theme with the debate which will be raised by this event, we are here to present a solution which we believe should solve the dilemma of how to legalize content sharing and, at the same time, fairly remunerate authors and rights holders, besides promoting a strong disintermediation of the content market.

PROPOSED SOLUTIONS AS OF TODAY

For a long time there has been an intense debate on how to fairly compensate authors and producers should piracy continue its rapid spread and, as it seems, no measures can be applied to prevent it which are both constitutionally and technologically feasible and sustainable.  Especially in the case of music, some solutions of this kind are already a common practice among many mobile operators worldwide, with a monthly fee of a few euros entitling users to a "collective license" for millions of songs.  Most of these solutions provide a fixed fee for the user, either mandatory (through taxes, also applied to products) or voluntary (contributions) – which would then be allocated between the authors, based on some set criteria and procedures.  Almost all of the proposed solutions require allocation of these revenues to be based on monitoring and counting of individual content as it travels through IP networks.

This monitoring presents enormous challenges for the citizens' privacy and the fairness of compensation of authors and producers, and more. In fact, it would be technically impossible to carry out thoroughly, verifiably, constitutionally, and fairly. It would be:

  • Seriously incomplete, because more and more content moving online is encrypted and therefore is not monitorable;
  • Subject to fraud, since it would be very unlikely that citizens and associations could discover possible large scale manipulation by third parties, when contents are counted within proprietary computer systems;
  • Severely invasive of privacy, as private or public bodies should constantly monitor the content shared by citizens with increased opportunities for a large or very large scale abuse of the right to secrecy of communications as established by Constitution.
  • Unfair to the authors, because it is far from clear that contents most downloaded are also the most appreciated (many people are actually downloading contents in the wake of advertising campaigns to never play back them anymore)
OUR SOLUTION

Our proposal draws heavily on a proposal made in 2009 by Francis Muguet and Richard Stallman, who created many free/open source software licenses and the GNU/Linux operating system, as clearly pictured in an article by Gaia Bottà, published on the Punto Informatico website on 19 March 2009.
Instead of relying on monitoring contents conveyed in the network or played back on user appliances, it is expected that this fee, however acquired (mandatory or voluntary), is shared among authors and producers on the basis of citizens' choices, expressed in part directly and in part through private interviews to random samples of users. For example, the direct expression of that preference could be made public over the internet, at the citizen will, or privately offline, while paying yearly income taxes.
This solution would not only have the effect to equally reward the rights holders, but more importantly, would greatly contribute to democratize, decentralize and liberalize the contents market, thus alleviating the tremendous influence that nowadays many subjects - publishers, advertisers, broadcasters etc. - exercise on promoting and monetizing contents, and indirectly on its chances to be financed and produced.  This solution, if implemented, for instance, on a nation level, would result in a significant disintermediation of digital contents market, establishing a direct financial relationship between the producer/author and the consumer/citizen, "from producer to consumer".
Every author and producer will benefit from an increased freedom to create, knowing that the actual monetization and distribution of its cultural product will be more than ever dependent on the appreciation by an appropriate number of citizens.
Two additional political economic occurrences would be key factors in further realizing the huge potential for democratization and liberalization of culture through the spread of Internet-based multimedia fruition. These are: (1) the adoption of effective laws supporting the neutrality of fixed and mobile networks, and (2) a wide adoption of networked appliances to play back digital contents which are built exclusively on free/open source software, or which primary software platform is managed and administered by an "open consortium" of content producers.