Summary: Various questions from different people answered by Richard Stallman
Having solicited some questions for this interview with Richard Stallman, we start with a question about FreedomBox. One person asks: “How about freedombox? For the uneducated, the progress seems to be horribly slow. Here is the chance of a lifetime to show how with free software we could revolutionize the people communicate in the internet but the progress is too slow to take advantage of it.”
To paraphrase what Alessandro asks, “what new project is the FSF going to or would want to sponsor in the near future? For example, as the FSF sponsored GNU Media Goblin to free us from YouTube, Flickr etc., will there be something to free us from other risks to our privacy, freedom, and control over data?”
Another reader asks: “What are your opinions about the companies that work with Free Software, notably Red Hat and Canonical, and are, every time, distancing themselves more and more from the ideals of Free Software and making small proprietary walled gardens in their so-called ‘ecosystems’ (which, of course, harm the whole GNU/Linux ‘ecosystem’ and community). Specifically, Canonical with its own graphical server, package format and init system and Red Hat with its own init system that’s breaking the *nix paradigm of KISS and shoving down the throats of the entire community something that the community does not want (Gentoo and Slack are opposing it, Debian is sitting in the fence).”
Summary: Tracking in Facebook criticised; Malicious features in mobile phones (tracking and listening) are being discussed as well
THIS 84th episode speaks about phones’ exploitation for tracking and listening by authorities. For those who are not aware yet, as long as the main battery is inside a phone, or any battery at all is inside a phone (some have several batteries), then even when the phone is switched off it can be used to listen to the carrier and his/her environment. Craig Murray, a former British ambassador, says the MI5 uses this technique.
Android/Replicant are discussed, noting that they do not help resolve the above issue. One listener of TechBytes asked: “Maybe you could ask him [Stallman] about so called smartphones. Everybody knows he doesn’t use any… But can he think any condition he could think about using one. Fairphone? Phone with FirefoxOS? Prepaid SIM without registration?” Stallman said he was hypothetically thinking about getting an OpenMoko phone, but eventually decided that tracking would be unavoidable.
Summary: Stallman speaks about encryption, privacy, and data collection as the main problem
THE problem with data collection and at times indefinite retention of data in very colossal datacentres is a very real problem. The target datacentres are coupled with NSA/GCHQ/other datacentres, perhaps built with functionality to mimic the original systems (e.g. Facebook, Google search, Skype) by intercepting packets over the networks (at the exchanges), then assembling/decrypting those in private/secretive databases (based on Bill Binney’s repeated claims as an NSA whistleblower, yet to be confirmed by Snowden’s leaks).
Statements about FISA courts, national security letters, etc. are being used as a distraction from what can be characterised as direct access even though it is not direct access per se. After all, if packets get multiplexed at router-level and then stored in another, external system, then approaching companies like Microsoft, Google, Apple etc. is not even necessary. This bypasses the need for warrants, which would basically be needed only when data hoarding failed to get the entire signal (Binney estimates that about 60% of the data gets hoarded and stored in the US).
All the vague claims about foiling of terror plots, where some of the named examples were famously stopped not by the NSA but by other means, do make one wonder if there is a way to stop surveillance without getting characterised as “aiding the enemy.” Citing civil rights issues (such as indefinite detention as per NDAA 2013), I recently spoke to Stallman about data collection and found that his solution would be to limit data collection, not just retention. This recording is 10 minutes long and it deals with the topic at hand quite concisely.
Summary: Stallman speaks about security, privacy, networks, and the NSA
TODAY’S part deals with several different topics that Stallman rarely speaks about publicly. The full transcript follows.
Dr. Roy S. Schestowitz: The next bunch of things I’d like to speak about is the data, showing whole data security, I mean, security from the point of view of the user, not security from the point of view of, you know, “national security”, which could mean just about anything.
Dr. Richard M. Stallman: I understand.
RSS: The repositioning of the datacentres and the location of datacentres that companies are selecting — what role do you think that plays in privacy?
RMS: Well, if you’re going to deal with a company and it’s going to get some personal information about you and that company’s servers are hosted by a US company — whether in the US or not — then that means that the US government can get all your information.
If a country wants to provide data protection to its citizens, part of their data protection must include not permitting that data to be searched in any way as part of the company’s operations, to have [...] fully reliable and cooperating data protection. So for instance, a European company should not be allowed to host its data on an Amazon server.
RSS: There was one case way back in 2008 or so, several of us European people and people in the FFII were trying to encourage the European Commission not to put Google Analytics in its Web site. That was a public service Web site which was providing, using JavaScript, a helluva lot of details about the European citizens accessing the site to a US company. I don’t think that’s being addressed sufficiently, even now a lot of the servers…
RMS: Well, you’re certainly right and I would suggest that if a Web page is set up so that it will provide information [to] these companies, that should be treated as legally equivalent to the case where the operator of that Web page explicitly sent the same data to [these companies] and of course in Europe that would bring the European data protection rules into play and that would say, “no, you can’t send this data to Google Analytics or to some advertising network or anyone.”
RSS: I want to also ask you about encryption. I’m not sure to what degree you’re into, into all these — I suppose this is an area that enthusiasts in the field of security are very much into — but several of us people are trying to find reliable encryption, ubiquitous encryption method…
RMS: Well, I can help you find that. I know how to use the GNU Privacy Guard. However, in order to use that you’ve got to have somebody’s public key. So that’s why I was wondering if when I go to the UK we might meet and then can I could get your public key.
RSS: We’ll probably come to it later, but in the UK we have this big scandal right now about spying on diplomats in the G8 summit and that’s probably something that Russia — I read about it today — Russia is apparently going to take some legal action over it as well as the NSA leaks. There was spying on people using, basically honeypots as access points, as a way in which it would connect to a wireless access point and of course even if people are using E-mail with SSL/TLS, I’m not sure to what degree this is safe. We know WPA — WPA2 even — is crackble. And…
RMS: Well, okay, the point is, the encryption of a network hub is not something that you can depend on for your own privacy because, you know, if other people are getting on the network hub, they can listen to your packets too, so if you want to maintain your privacy, you do that with something else like communicating with SSH.
Now, the relevance of encryption on the network hub — that’s not just a way of controlling who can use it. It’s very important for people to maintain Wi-Fi networks without any kind of password, because if you don’t, then you’re becoming an enforcer in the war on sharing. One way to resist the application of unjust laws such as the Digital Economy Act is by not having a key on your Wi-Fi network.
RSS: That increases the pressure through liability claims, so…
RMS: Of course, collective responsibility is the tool of tyrants. Collective responsibility is the policy that says, if you don’t help keep everyone else subjected, we’ll punish you. Right now the UK government is using the system of collective responsibility to divide people and turn everybody into an enforcer against everybody else, and that’s why it’s people’s duty to refuse to do it.
RSS: And I suppose the same…
RMS: …Wi-Fi that works without passwords, so that they refuse to enforce the system of unjust control on everyone else.
RSS: I totally agree with you and the same was said about the solidarity when it comes to encrypting E-mail. We should make it a standard thing to encrypt our E-mails although, to tell you the truth, I mean, all the encryption methods are based upon industry standards that are accepted at the other end of the line, so when you send somebody an E-mail you have to make sure they have the same decryption methods upon which…
RMS: Right. That’s why it’s difficult, in practice, to encrypt all our E-mails. We can encrypt E-mail with people that we know and have arranged to exchange keys with. But the other thing to point out is that encrypting E-mail doesn’t disguise any of the metadata, so the NSA can still track who sends E_mail to whom, even if the contents are encrypted.
RSS: And I suppose with all the mathematicians at the NSA — they seem to be hiring quite a few very skilled people who can do analysis on the encryption methods and…
RMS: They’ve been doing that since 19…
RSS: Fifty?
RMS: 1949 or so.
RSS: I think the NSA was only founded in 19…
RMS: Well, it wasn’t then called the NSA, but it doesn’t matter. You know, details like where it’s put don’t matter.
Later today I’ll be meeting Stallman in Oxford to get some video interviews done with him. This time the audio quality will be vastly better.
Summary: Stallman speaks about erosion of freedom on the Internet
TODAY’S part deals largely with the Internet and the full transcript follows.
Dr. Roy S. Schestowitz: I read an article yesterday in the Canadian press, I think it was CBC, writing about the ban effective today or yesterday of using a mask in a protest, so you can face up to 10 years in jail for merely attending a protest with something to conceal your face.
Dr. Richard M. Stallman: Really? Where is this banned?
RSS: In Canada.
RMS: Oh, yeah, this sort of tyrannical law being spread around the world. You know, the ban on burqas in France is a ban on just covering your face, so this is in itself tyranny.
RSS: I think that recently the issue of free speech online [...] has been cracked down [on] in Korea — and when I say Korean I mean South Korea — because they don’t necessarily like the comments people make online.
RMS: No, they gave up on that. They [have tried] that and they gave up. They backed down.
RSS: There is a very famous case, people say about Carl Sagan when he was writing anonymously in favour of legalising marijuana for example. These things show you that in order to challenge an existing law, which may itself be unjust, you have to preserve people’s right to anonymity when they write things and as long as you try to take this right away you’re basically discouraging, scaring people’s away from being…
RMS: Yes. Well, yes indeed, those laws are tyranny, but we see in governments that work for the plutocrats around the world, they act like governments of occupation. So, systematically they change laws to make democracy just a shell. It’s lip service while everything possible is done to eliminate real democracy, to make democracy unable to oppose plutocrats.
RSS: There is a certain degree of overlap between the operations of the government of course. And to give an example of one revolving door, here in the UK a few days ago the manager of BT moved into a government position, some kind of a manager in charge of something and I made a joke basically because BT and a company which came from BT, called Phorm, was responsible to a great degree for DPI, for deep packet inspection in the UK, so everything that goes through my line — landline or Internet basically — is subjected to inspection and to analysis by BT and that’s another issue which relates to the need for privacy and the fact that even the ISP [...] it will be able to tell who you are and what you’re sending back and forth through the line. And that’s another topic people don’t tend to touch on very often.
RMS: Yeah, well, you know, they’ve just announced that censorship would be applied to the Internet in England.
RSS: Yeah, because we have to “protect the children”. Or the “Terrorists”.
RMS: And the thing is, censorship would be applied to everyone that doesn’t have a private Internet subscription.
RSS: Right. By default. So you’d…
RMS: But in public Internet ports it won’t be possible for you to turn it off. So the point is, it will be censorship that you can’t avoid unless you have your own Internet subscription and note it will be censorship of whatever they decide to censor. Now, they say they are going to censor porn. but every past attempt to do so has blocked other things as well.
RSS: I think the Great Firewall of China as it’s called actually started as a copyright thing, which is kind of funny because it’s in China… so they said we have to do this for copyright reasons…
RMS: You should check that because I don’t think that that’s true.
RSS: I read it somewhere. I found it to be quite dubious, but I thought…
RMS: Well, I don’t think that that’s true. They merely used porn as the excuse because they do try to block access to porn.
RSS: OK. And of course it starts with…
RMS: But I don’t think they would have given copyright as the excuse.
RSS: Well, that’s the trajectory. You start with the children and terrorists and then move to copyrights and expression of political dissent.
RMS: There was a case where we know that that’s an intended trajectory. You can try to find a reference for this, but somebody from the IFPI, which is the international organisation of record companies, said in an international meeting that he was in favour of filters to block child pornography because then they would be able to use the same filters to block other things.
RSS: There was a case where, I don’t think it was law-based person but a person working for Hollywood, [who] spoke about how they really like child porn and terrorism because that’s a very convenient pretext for them to bring…
RMS: I’d like you to… Can you find the reference?
RSS: ….Ars Technica at some stage. I did try…
RMS: Can you find it? Because the [incomprehensible - statement?] I found a reference for at one point and linked to concerns somebody from IFPI, not from Hollywood. It sounds like maybe you are thinking of the same case.
RSS: It was around 2010 or 2011, I think.
RMS: Well, that’s later than the one I’m thinking of, I think, so I’d be interested in seeing if there’s a second case of this.
The next part will be out later this week. Stallman will also be touring the UK very soon, so I may try to get video interviews with him (depending on my work schedule).
Summary: The latest Stallman interview, which deals with NSA involvement in Microsoft Windows and how to use search engines anonymously
TODAY we turn our attention to two subjects which are not frequently tackled by the corporate media. The first one expands on matters we covered in the second part and to a lesser degree the first part of this interview. The second subject is anonymity. Browsing the Web these days is hard without identifying oneself, due to many cookies and cross-site interaction (e.g. Google and Facebook code inside plenty of Web pages). I asked Stallman what to use for search and the full transcript follows.
Dr. Roy S. Schestowitz: Whenever the source code is being passed for the NSA before release, as you see before the release of Windows Vista or Windows 7, they always pass it through the NSA and they assure you that it’s fine and that it [has[ gone through hardening of the operating system. I think fewer people will believe that after the Snowden leaks, but anyway I…
Dr. Richard M. Stallman: Well, the thing is, it’s different in the case of Windows because Microsoft keeps that source code secret from the users, which is in itself reason to distrust it and that’s why it has the universal back door. The users can’t take that out, so once software is proprietary, that means that the owner of a program has power over the users, it subjugates the users and that is an opportunity for abuses. But that opportunity is not there in the same way with Free software where the users can change this code. Not only do it individually, but they can work together to make their own version of it.
RSS: I’d like to [discuss] different sort of strand of topics. I have everything written down in terms of, like, one-word or two-word kind of a summary of things I wanted to go through and the next few things are to do with browsing and the of of the Internet in the form of the World Wide Web.
So, the first thing I wanted to ask you is, what do you suggest to people who want to do a Web search and what do you use yourself?
RMS: Well, it’s fine to use any search engine as long as it has no idea of who you are.
RSS: And which one would you personally use the most?
RMS: Well, I generally use DuckDuckGo first, but I will use the Google search engine also.
RSS: There are several… OK, this actually relates to a discussion I’ve been having all over the Internet in the past few months and the thing about DuckDuckGo, it’s hosted in the United States, whereas something like IXQuick or StartPage are based in Holland, and some people have pointed out that DuckDuckGo is using Yahoo, which basically means Microsoft for search results, to a certain degree. And they also seem to be very…
RMS: Look, we don’t know to what extent [duck duck go records things]…. there is no proof that DuckDuckGo doesn’t track IP addresses, for instance, of requesters. And they could have been [tracking], right? What can they possibly do to prove that they don’t track people? The point is, I don’t refuse to use Google search engine either because I just never find myself in such a way… I always just use it from other people’s computers, people who have let me use them, of course. [If] I don’t have to break security, I borrow people’s computers for a few minutes… for a while [incomprehensible] to use, so my searches are done from lots of different machines and each of those machines is mainly used by others.
RSS: OK, so basically you suggest trying to discourage the tracking by using different IP addresses…
RMS: Well, you could use Tor also. The point is, if you identify yourself to a search engine, you are basically helping it track you.
RSS: And increasingly they do provide incentives for people to be logged in, explicitly, when they are using a service like YouTube or Google search engine, which is something that didn’t happen before and I think that’s something that exploits the need for convenience — to have people give away their identity whenever they use the search engine, which didn’t exist about 10 years ago, it’s a new thing. Also, I wanted to point out, I had this small argument with DuckDuckGo over the fact, for example, that even though they don’t retain the data, all of their infrastructure is hosted on Amazon, so Amazon knows people’s IP addresses and whether there is some tracking at the router or some place or another, there might be a third party knowing…
RMS: Yeah, the point is that, the NSA might snoop all your packets and see that you’re sending a packet to DuckDuckGo. You can’t stop that, so the point is, I don’t assume that doing the search there means that I won’t be recorded in any way, but there’s no way they would know that it was me.
RSS: So basically, the notion of anonymity is important here. The use of the Net anonymously…
The next part will deal with anonymity in a broader context, so stay tuned.
Summary: The second part of this interview series focuses on back doors in software
TODAY we speak about back doors and software freedom tackling this issue. Now that we know that [cref 69563 the NSA receives notifications about zero-day flaws in Windows (long in advance, directly from Microsoft)], which enables cracking PCs abroad, this is very relevant.
This is the second of several and the transcript follows.
Dr. Roy S. Schestowitz: I want to try and discuss with you this whole subject of back doors. I think in the past — I know from experience — people were trying to call people like yourself “paranoid” for discussing or even entertaining the possibility that there may be back doors in proprietary software. Well, now we know that they exist. One of the things…
Dr. Richard M. Stallman: We know for a long time about specific back doors in specific proprietary software. It has been documented. For instance, the existence of a universal back door in Microsoft Windows was proved years ago. And the existence of a universal back door in most portable phones was proved years ago. Now, a universal back door means that they can be used to do absolutely anything. It can be used to change the software, so whatever they want to do, they could put in software which does it.
RSS: We can make an educated guess about what they think is intercepted and how, but I think that many discussions lack technical details on exactly how the NSA is doing what it does because Glenn Greenwald is not going to release the documents related to that. But some people were talking about hardware-level — even firewall- of network-level — back doors. We may know, based on the leaks for example of Klein in AT&T, they might be harvesting the data at the chokepoints.
RMS: Well, it’s not a back door. If AT&T agreed to connect its computers to surveillance of the NSA, that doesn’t involve a back door. Those computers belong to AT&T, so if AT&T has full control over them, which it should, then AT&T could also connect to the NSA. You see, these are somewhat different issues. The first issue, which Free software is part of, is that you should have control over your computer. Now, that’s violated with proprietary software if your computer is running, say, Windows, or Mac OS, or if it’s an iThing, or most kinds of Android products, then you don’t control it, some company is controlling it and making it do things that you’ll like. So the first thing is, [incomprehensible] says that the computer should have full control over it.
But that doesn’t mean that when you’re using some company’s service, if a company has full control over the computers that implement that service, which it should, that doesn’t mean the company will treat you right. That’s a separate issue. It’s wrong for [another] company to have control over these computers and if AT&T uses proprietary software, it [that other company] fully has control over AT&T’s computers and that’s wrong. However, making sure AT&T has complete control over its computers doesn’t guarantee that AT&T will treat us right.
RSS: I was thinking about a different scenario where the company that you interact with might itself backdoored in the sense that the firewalls, they might be using older hardware and might be using — maybe — back door by design, so that the NSA, for example, can quietly and silently infiltrate and capture data, for example, [from] firewalls or Intel chips for example.
RMS: It’s possible, and not just necessarily Intel chips because the Pentagon suspects that devices made by Huawei might have some back door of the Chinese government…
RSS: And the latest NDAA is actually explicitly forbidding the use of hardware made in China. That’s from the NDAA 2014. But not many speak about why this is happening, why they modified the rules. Recently, interestingly enough, a guy who was interacting with these companies — I’m not sure if you’ve heard about Shane Todd — the guy who lived in Singapore was assassinated apparently under the — basically, the guise of suicide — and there seems to be a lot of suspicion among those two camps of telecom companies and what they might be doing at the back room.
RMS: Well, it’s perfectly reasonable suspicion to me. I don’t think the US government should use operating systems made in China for the same reason that most governments shouldn’t use operating systems made in the US and in fact we just got proof since Microsoft is now known to be telling the NSA about bugs in Windows before it fixes them.
RSS: I was just going to bring this up exactly, so I was saying that the NSA recently received notifications about the zero-day holes in advance and [incomprehensible] the NSA and the CIA to just crack PCs abroad for espionage purposes.
RMS: Now, [incomprehensible] that this proves my point, which is that you have to be nuts if you were some other country and using Windows on your computers. But, you know, given that Windows has a universal back door in it, Microsoft would hardly need to tell the NSA about any bugs, it can tell the NSA about the mal-feature of the universal back door and that would be enough for the NSA to attack any computer running Windows, which unfortunately is a large fraction of them.
Retrieval statistics: 21 queries taking a total of 0.165 seconds • Please report low bandwidth using the feedback form
Original styles created by Ian Main (all acknowledgements) • PHP scripts and styles later modified by Roy Schestowitz • Help yourself to a GPL'd copy
|— Proudly powered by W o r d P r e s s — based on a heavily-hacked version 1.2.1 (Mingus) installation —|
Filed under: 
Dr. Richard M. Stallman: I understand.