Joining A Community Means Accepting Its Norms

The progress of Microsoft towards acceptance into the open source community continues. The Azure team is definitely a force for good in the company, constantly pushing Microsoft’s developer teams to understand how important the Linux platform and open source developer components and tools are to the success of Microsoft’s cloud business. After the partnership with Red Hat, the news they will release SQL Server for Linux, while not surprising to me, was very interesting, as was the news they are joining Eclipse. Continue reading

Azure Loves Linux; What About Microsoft?

The news that Red Hat and Microsoft have reached an agreement about hosting Linux is very welcome. I am delighted for Red Hat here, and see this as a huge sign of the continuing power and growth of open source. It shows that the cloud market is one where and embrace of Linux is table stakes. It also shows that the enterprise market is one where Red Hat is a huge and powerful supplier.

All the same, let’s be clear that all the “Microsoft Loves Linux” hype I saw at SUSECon in Amsterdam yesterday and at other events earlier this year is just not true. Microsoft Azure loves Linux, there is no doubt; it is a basic requirement for them to become relevant on a cloud market dominated by AWS and Linux. They have been out in force at every commercially-oriented open source I have attended this year and have a full-scale charm offensive in place.

But the rest of the company still does not. They still seem to covertly spread open-source-related FUD about LibreOffice here in Europe. They haven’t foresworn making embedded Linux vendors pay for patent licenses of dubious necessity. The Azure business unit is certainly embracing the ecosystem the same as many before them have done so in their steps towards open source. But the Windows and Office business units show no signs of “loving” Linux and only modest signs of co-existing with open source.

It’s hard to change a company as large and profitable as Microsoft quickly. But a significant and binding gesture of goodwill would go a long way to convincing those of us with the scars of Microsoft’s decades of verbal and actual abuse of open source that they mean business.  It’s no secret what the necessary gesture is.

“We both know we have very different positions on software patents,” said Paul Cormier, Red Hat’s president for products and technologies. “We weren’t expecting each other to compromise.”
(WSJ)

Red Hat, despite asserting they don’t believe Microsoft has any patents that read on their products, included a standstill agreement in the deal. Sources tell me it is carefully phrased to comply with the GPL. If Red Hat felt they had to do that with their new partner, there’s no doubt everyone else remains at risk.

If Microsoft truly want to signal the end of hostilities, step one is to sign the Mozilla Open Software Patent License Agreement or join OIN. Until one of those happens, I remain sceptical of Microsoft’s love for Linux.

[Please see my InfoWorld article for more]

Blocking The Fields

Dry stone walls in the Yorkshire Dales

There are people walking over the beautiful spring meadows. Most are just enjoying the beauty of it all, but some are going visiting to each other’s houses. Of those, you discover one or two of them doing things you and your supporters don’t like when they arrive, so you want to stop them.

You issue an instruction to block the fields. Your objective is just, so it must be possible, right? Your bureaucrats get to work on your demand.

They can’t block an open field, so they build a road and block that.

But people go round the roadblock, so they build a fence along the sides of the road too.

But people go round the fence, so they add a fence all around the field.

But people go round the field, so they mandate fences across the whole country. That bad thing you want to stop justifies all the expense and inconvenience, doesn’t it? Building the fences takes several years, but the whole country is now covered in obstacles of various kinds.

But there are now so many miles of fences that they are mostly out of sight of your staff. People just jump over them, so you tell the police start to arrest people who do. That bad thing is so bad you have to act tough, even though most of those people they are arresting are just trying to work round the inconvenience you have caused them for innocuous reasons.

But there aren’t enough police to patrol every fence, so you hire more and more.

But they still can’t arrest everyone, so they recruit informers.

You can’t rely on the informers, so you get them to spy on each other as well.

Turns out you can’t rely on spies, so you add security cameras as well.

You now need an army of spies, analysts and police to watch the security cameras, check on the spies and watch for people jumping fences. This is not about the bad thing you first objected to any more. It’s now about respecting the law for the sake of the law. So your people are arresting everyone regardless of their motives, checking on spies for telling lies, dealing with corruption among your informers, suppressing all the “SJW”s who whine about the loss of freedom and undermining your political opposition who are equally clueless about blocking fields but can see that what you are doing is hugely unpopular.

Congratulations! Your attempt to stop something your supporters disapprove of by mandating the impossible has created a police state. It doesn’t matter how bad the thing you were trying to stop is; people probably agree that it’s a bad thing.

By mandating the impossible, you caused collateral damage that outweighed any benefits, and by associating it with a thing no-one dares defend in public you were able to accidentally destroy society without opposition. And you didn’t notice because you never go for walks in the fields.

Who Else Listens To Your TV?

Samsung’s Smart TV listens to everything you say all the time you have voice control enabled. No surprise there. But Samsung’s Terms warn that it’s likely to be sending all that audio to a service provider for analysis, rather than analysing it in your TV.

That’s got plenty of people worried, but Samsung aren’t concerned. They sent me their canned press response, which starts:

Samsung takes consumer privacy very seriously. In all of our Smart TVs, any data gathering or their use is carried out with utmost transparency and we provide meaningful options for consumers to freely choose or to opt out of a service. We employ industry-standard security safeguards and practices, including data encryption, to secure consumers’ personal information and prevent unauthorized collection or use.

I’m sure that is all true. Samsung has a large investment in technical experts of all kinds. All the same, the key phrase there is “prevent unauthorized collection or use”. Why? Well, let’s carry on with their response.

Voice recognition, which allows the user to control the TV using voice commands, is a Samsung Smart TV feature, which can be activated or deactivated by the user. Should consumers enable the voice recognition capability, the voice data consists of TV commands, or search sentences, only. Users can easily recognize if the voice recognition feature is activated because a microphone icon appears on the screen.

That’s not exactly what the Terms say; they note that “if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted”. So we’re not just talking about the sort of data Google Now or Siri sends to their service provider (the phrase after you have started the voice recognition). Samsung also sends the commands themselves, plus any conversation around them. From that description, it seems the whole stream of conversation is likely to be sent.

Samsung does not sell voice data to third parties. If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.

The fact the data is not sold is good. I would expect no less from Samsung in this circumstance. But there is a use case that is conspicuously excluded from both their statement and the Terms.

What about requests for interception? The data may be encrypted to prevent “unauthorised collection or use” but what about authorised use, when a legal authority in one of the countries involved in the transaction requests access to the raw audio? In the USA, the Third Party Doctrine would allow security and law enforcement services to request access without a warrant. Given the service provider appears to be a US company, even if the customer is in a country where interception locally would be illegal, the NSA (or any of a myriad other US organisations) could still collect on their behalf.

Tim Cushing thinks this is at least gated by the need for the device ID but I think that overlooks the strategy used by the US & UK security services. They separate bulk data collection and later data analysis, treating only the latter as surveillance in need of a warrant. I would not be at all surprised if Samsung’s service providers at some point get an order to tee all their audio inputs through the NSA, using an order of which Samsung may not even be aware. This would not be for immediate analysis, just for pooling and later use once a device ID is obtained by other means.

I asked Samsung to clarify their position on law enforcement use of their streaming audio data, and to clarify whether they had ever received requests for it. So far I’ve had no reply to my questions. I suspect that’s because they have not considered the issue. I think more people need to ask them and their service providers, and their competitors who offer the same services.

You say you have nothing to hide? When a joke you made over dinner is flagged by an algorithm and a clipping provided to a busy police analyst out of context leads to a visit by a SWAT team “just in case”, will you still think that? We need this privacy exposure nipped in the bud, given we have police with a SWAT first and don’t apologise later attitude. Some innocent comment caught by a TV is going to lead to a tragedy otherwise.

Legislating For Unicorns

When Julian Huppert MP (Lib-Dem) asked the Home Secretary Theresa May MP (Con) if banning encryption – as the Prime Minister had been interpreted as saying – is “genuinely what the Home Secretary wants to do?”, she evaded him with her answer.

I remain convinced her and the Cabinet’s position on encryption is based on a non-technical misinterpretation of detailed advice from within the Home Office. Her response, and other responses by her colleagues and by the US government, imply that the security officialdom of the US & UK believes it can resurrect “golden key” encryption where government agencies have a privileged back door into encryption schemes. That’s what’s encoded in her replies as “there should be no safe spaces for terrorists to communicate.” Think “Clipper chip“. As Ryan Paul comments,

More telling though is the insecurity the Conservative Party exhibits on the subject. Unwilling to discuss the matter in a balanced way, party mouthpiece Julian Smith MP descends to ad hominem against deputy Prime Minister Nick Clegg MP (LD), in the process also exhibiting the hypocrisy of the unconvinced apologist. Sadly Mrs May rewards rather than rejects his question.

In a sequence of questions and answers in the same debate – which cannot conceivably have been unplanned – Conservatives ask party-political questions of the Home Secretary, to which she responds with unashamed electioneering. When this tactic is used – accusing an opponent of a fault you exhibit yourself far more than they do – it is always an attempt to conceal your own lack of validity.

Clegg’s crime was to assert that freedom and security are not inherently incompatible:

“I want to keep us safe. It’s ludicrous this idea that people who care about our freedom don’t care about our safety.

“What I will not do, because it is not proven, is say that every single man, woman and child should have data about what they get up to online kept for a year.”

For Conservative MPs to call that “disgraceful” is extremely revealing, both of their lack of comprehension of the issues and the cynicism with which they intend to manipulate the misapprehensions of Middle England for electoral gain. I’ve met no-one who seriously asserts the security services should be unable to secure warranted access to specific communications of those suspected of a crime. That capability is obviously justifiable in a democracy.

But the Communications Data Bill and proposals for “golden keys” go much further than is reasonable and balanced. What defenders of freedom seek is not insecurity; we instead seek transparency, accountability and proportionality, all in a form open to any citizen to scrutinise and challenge.

When Mrs May (and Labour’s Jack Straw MP, and others) refuse that democratic oversight and accuse its proponents of partisanship and irresponsible disregard of security, their own ad hominems and party partisanship reinforce the case rather than diminish it. It’s time for an adult debate informed by technological realities, instead of this opportunism and electioneering.

How To Safeguard Surveillance Laws

This letter was published in the London Evening Standard on January 12th, 2015:

I watch with alarm as, in the wake of the barbaric murders in France, politicians seek increased surveillance powers for the security services.

Surveillance is not always wrong; far from it, our democracy has long allowed accountable public servants to temporarily intrude on individuals they believe to be a threat.

My alarm arises for two reasons:

  • The powers requested in recent attempts at new law are open-ended and ill-defined. They lack meaningful oversight, transparency or accountability. They appear designed to permit the security services free rein in making their own rules and retrospectively justifying their actions.
  • The breadth of data gathered – far beyond the pursuit of individuals – creates a risk of future abuse, by both (inevitable) bad actors and people responding to future moral panic. Today’s justifications – where offered – make no accommodation for these risks.

Voters should listen respectfully but critically to the security services’ requests. Our representatives must ensure that each abridgement of our liberties is ring-fenced:

  • justified objectively using public data,
  • governed with impartial oversight, and
  • guarded by a sunset clause for both the powers and all their data by-products.

If the defence of free speech fatally abrades other liberties we are all diminished.

Yours faithfully

Simon Phipps

Any Revolution Can Be Repurposed

In fact this memorial to one — involving three days of killing in Paris over free speech for the press and a death sentence for blasphemy — has been:

Liberty and Vigilance
The July Column in the Place de la Bastille in Paris – itself dedicated to the celebration of liberty after the French Revolution – was erected in memory of the fallen of the later July Revolution of 1830. It’s not too far from the offices of Charlie Hebdo.

The July Revolution comprised three days of fighting in Paris, primarily on free speech grounds against state censorship. Charles X, France’s last hereditary monarch, had imposed the death penalty for blasphemy against Christianity. He also suspended the liberty of the press and dissolved the newly elected Chamber of Deputies.

Today, the column is used as a platform for surveillance cameras. We must be on our guard against similar repurposing today.

%d bloggers like this: