Timothy Lord: You mentioned several of the tools people can have on either cell phones or laptops or home servers, how do you advise someone to whom this isn’t a major current thought right now, how should they think about privacy in terms of hardware, in terms of what can people do most intelligently between now and the widespread use and availability of plug and play privacy solutions, what are the top things someone can do to preserve their privacy?
Eben Moglen: One of the things which everybody really now understands is that what makes the web a miracle also contains its dangerousness. The web was created for openness and power of construction. The browser made the web extremely easy to read, but it didn’t make it extremely easy for normal people to write. And so a little thug in a hooded sweatshirt came along and he made the web easy to write on condition that people allow him to surveil all of it. This was a horrible deal, bad for everybody as it turns out, except the little thug who made a lot of money. But what it created was a man in the middle attack on human civilization.
The first and most important thing that people can do is to stop sharing with their friends from places where they automatically get another friend consisting of somebody who super surveils the human race and lets other people watch. Getting out of there, where ‘there’ is already described in ways that don’t require me to give a trade name or a brand, getting out of there is the first and most important thing to do.
The second most important thing to do is to keep your browser from working against you, because for most people who just use the web, the browser is what the web is made of and if the web is made of surveillance, it’s because the browser is permitting it. So, the things that need to be done are things that make the browser less leaky and less creative of privacy difficulties.
Even Microsoft, and I do mean ‘even’ Microsoft now understands that being pro-privacy is good for its business, because the major beneficiary of the loss of privacy isn’t Microsoft, that’s how they think about it. So, IE10 will actually help people if they use it, which they shouldn’t do. People should use a browser not made by an advertising company and the browser not made by an advertising company is Firefox, that’s just the way it is, so people should use it. They should use it and then they should put Adblock Plus in it, which requires one Google search and they should consider using no script, which will sometimes mean that a site won’t behave the way they expect until they press one button, but which will keep untrusted people from using the web to hurt them.
If you are running Firefox and you have no script and you have Adblock Plus, you have become a much more private person than you used to be, that doesn’t mean you’ve attained privacy, but by using the browser, everybody ought to use anyway and putting too little add-ons into it, which is two clicks each, you will have very much improved your situation.
The next thing you ought to do is HTTPS everywhere, which is distributed by the EFF and very heavily promoted by it as they should. And at that point, although there are many more things that people can do, including figuring out how to use an SSH proxy and so on and so forth, we have massively improved people’s privacy and we have caused them only a few minutes of clicking and then it’s done. I don’t mean that that’s the whole job by any means, but if people want to know what can I do right now that’s simple and that will work for me, that’s simple and it will really help.
Timothy Lord: I think I’ve taken up 20 minutes of your time.
Eben Moglen: If you’ve got a couple of more questions and you want to ask them, let’s talk about it.
Timothy Lord: Sure. Well, I have a question here. Someone asked, how do you feel about app stores and what lock-in and censorship issues do you see in what seems now to be the dominant method of buying software at least in the context of mobiles and tablets and something like a quarter of Americans apparently or at least by some gadget statistics are reputed to have tablet computers?
Eben Moglen: Systems of selling you a computer which limit how you can install software on them are inherently working against your freedom. That doesn’t mean they’re inherently going to take away your freedom or that they can’t have any use to you. But they’re inherently going to constrain you. Systems that make you expect to pay for software also mean that on a personal basis you’re being taught that by sharing everything we all need, we can’t meet one another’s needs, and so we are making a mistake.
I can use whether it’s a sophisticated computer or a device that fits in my pocket using software I don’t have to pay for, that is made by people with whom I can share freely, that does everything I want and I’m a quite sophisticated user of computers. So, I wouldn’t want people to think that if they buy a device that says the only place you can get software is here and some of it has nominally no charge, but you can’t share it with anybody else and you’re not guaranteed the ability to improve it or understand it that they’re getting a good deal, in fact they’re getting a bad deal.
All those mobile devices should allow software to come in from everywhere, and if they did, people would find that all the software they could possibly need is available to them at no cost because we make it and share it, and the real purpose of the stores is to conceal that from people and to create service platforms that they can’t actually get away from.
There’s nothing about the form factor that makes this happen. There is nothing about it being a thing that fits in your pocket and is mostly flat with rounded edges, so it doesn’t tear your pocket corners and nothing about being a keyboard list object and there’s nothing about any of that, that means, you have to have hidden from you that everything you could possibly want is just available to you because we share it. That’s a trick, and it’s not a trick I’m particularly fond of.
The other thing I want to say about the quarter of people who have tablet computers is, they don’t care about their hands as much as I do. The keyboard is not a dead means of entering data, it’s the most efficient way that they’ll ever be, because we have an enormous amount of brain built to use all 10 fingers of our hands. And a tablet computer is pretty much like a piano without a keyboard, and it doesn’t make a lot of sense if you want to be a great musician. If what you want to be is a consumer of data on the run, then the tablet computer looks like it’s a good idea, but it’s mostly about being a consumer not a producer. And I want children around the world to know that their brains and their hands are together the great mechanism for inventing, creating and becoming. And anything which reduces the hands to the thumbs or which reduces the hands to two fingers at a time is actually against the education of the human being.
Timothy Lord: And I have got one more reader question I’d like to ask if you don’t mind?
Eben Moglen: Of course.
Timothy Lord: And I’ll read it out, I’ll read it at length. The readers writes with hardware being secure, it’s likely places will be able to use GPL code without having to appear to the license, because people won’t be able to find out and if they do, they are running afoul to the MCA or treaties that might hurt them. Is there a way to slow down [tivoization] of computing as a whole these days and specifically the encroachment of locking down the desktop. We talked about stores, they mention secure [booth] and requirements that Microsoft has made with the new arm devices that are meant to be locked down to my old Windows?
Eben Moglen: The lockdown problem is as the reader says a very severe problem. And Mr. Stallman and I made the fuss that we made in the middle of last decade in the creation of GPL3 because this was the foreseeable problem. We worked very hard to get people to agree with us that it was not just a foreseeable problem, but a preventable problem. And we tried to provide some methods of prevention in GPL3. Regrettably, people didn’t all see it our way, even people great and wise and good within the free software community didn’t see it that way. If we had adopted anti-lockdown principles for free software 8 years ago, things would be a little different now.
So, I must in all honestly say to the reader that, yes, there are ways of stopping them and some of them would have worked better when we first proposed them than they’re going to work now because things are easier to prevent than to fix. It is also however true that there are ecological forces that work against lockdown. In the world of cloud to mobile, there are very few businesses that 15 or 10 or even 5 years from now will be able to constrain effectively what hardware their employees use to conduct the business.
The problem of the bring-your-own-device world for the CIO of a major business is that she needs to be able to affect the behavior of those devices with respect precisely to security and privacy among other things in the interest of the business. But in most verticals, in most areas of business effort, the CIO can no longer determine what hardware the employees are using. The consequence of which is that enterprise data companies of the very biggest kind around the world are going to come to share our interest in making it possible to side load not an application, but a stack into a device that has been brought to its customer’s business, and that’s going to mean that they’re going to have problems with lockdown too.
So, the ecology around lockdown is as the reader currently sees it, effort to relock everything in the interest of a semi-proprietary software business, and network operator dominated service platforms is going on. It’s a serious problem made worse by the fact that the things we could done have last decade, we didn’t do, and now we have to undo problems instead of preventing their creation. We’re working on it very hard, technicians, lawyers, policy analysts in many different organizations and communities around the world, we’re working on it. There is a lot at stake, but the game is not over yet.
Now, with respect to breaking the locks on devices and the global and legal environment for doing so, once again, the problem is not going to be a problem in which we will have no allies. Infrastructure insecurity created by inadequate software is the real story of what Microsoft did to the net. It made crappy software and it turned PCs all over the world into points of vulnerability. Even as we moved away from that, the truth is software quality is never good enough that unmaintained software is safe and secure. And the embedding of software in lockdown devices therefore creates unsafety and insecurity at probability 1.0, because no matter what happens it doesn’t get serviced.
And in most cases the lockdown is only the lockdown against the consumer. It doesn’t really lock down against the criminal, because the criminal beats the technology. We therefore have routers and all sorts of other gear all over the network, semi-lockdown or sort of lockdown and sort of horribly insecure. The process of dealing with that infrastructure is going to require a lot of lock breaking because you have to break the lock to fix the problem.
Therefore, we’re not going to be living in a world in which the only people who think that this is a problem we have to solve are people who are going to be thought of or reducible to crackers, criminals and bad guys. There’s going to be an immense amount of White Hat activity to deal with all of this and we’re going to use that activity to further our point, which is, it’s not safe, it’s not secure, it’s not pro-growth, it’s not pro-human. This is a bad way to build technology and we have to stop.
The people who are going to have a hard time down the road are the people who have to argue that we shouldn’t make things safe and secure, we shouldn’t make them maintainable and fixable, we shouldn’t make them pro-child, and pro-education, and pro-learning, and pro-innovation, we should lock everything down to make their businesses better. Because as times goes by, it will become more and more obvious that the only reason for doing this is to support certain private interests and that it comes at the expense of safety, security, education and everything else and the net as a whole. And when that happens, people are going to come our way. We’ve been right about this all the way along, but we’re not complaining, we’re going to be right in the end too.