Luke K. C. Leighton: The Open Source Way

#OSE Open Source Everything
Luke K. C. Leighton

The proposed Open Source (Technologies) Agency outlines an innovative coordination of nine open technology groups, the simultaneous funding of which is intended to improve the quality of life for all world citizens, thus completely eliminating the root cause of criminal and terrorist behavioral development: poverty in all its forms. The United States is the de-facto world leader in creative innovation: where the United States leads, other countries follow. Right now however, driven primarily by dangerously-pathological Corporate lobbying, the United States acts without thinking of the consequences, in an Isolationist and Imperialistic fashion, seeking to “protect” its “interests”, hoarding and outright stealing world resources, then acting utterly surprised and puzzled when state-sponsored attacks occur on a regular and ongoing basis.

However, whilst the Memorandum clearly outlines the problem and provides an overarching framework, it is a little short on both details as well as knowledge of the current technology and the detrimental effects of, for example, the way in which the FCC is influenced to make decisions and policy. With the scope being so extensive, this document focuses on one specific area of technology (Digital Radio-based Communication) that, if funded and the relevant laws and policies changed, would quickly help move the proposed OS(T)A forward within a matter of a few years.

Some of these decisions need to be brave ones: they represent a loss in billions of dollars of spectrum licensing revenue, which may easily be offset against the savings measured in trillions of dollars of no longer having to deal with state-sponsored attacks on the United States.

  • IEEE 802.22 “whitespace” broadbandIEEE 802.22 is an unlicensed wireless standard with a significantly longer range than IEEE 802.11 (“WIFI”), that is designed to operate in peer-to-peer as well as centralised “tower” mode. With a potential range of 60km it can connect tens of thousands of people through a single tower, to each other and to the wider internet. Additionally they can communicate locally – even in a mobile fashion – without centralised infrastructure and without requiring an “Operator’s license” up to a potential range of 3km. Thus, even if a unit is outside of the range of a tower, and would otherwise be disconnected from the internet, other people’s units can be used to hop their traffic in a collaborative fashion to maintain connectivity with the rest of the world.IEEE 802.22 however has been designed specifically to bring broadband to the “outlying” areas of the United States where it is cost-ineffective to lay fibre-optic cables or install expensive ADSL equipment at the exchange (which has a limit of around 5km anyway). The problem is: the exact same cost reasons as to why no investment in ADSL or fibre is done to provide outlying Internet connectivity are equally valid for the deployment of and investment into IEEE 802.22.Development and widespread deployment of IEEE 802.22 is therefore only going to progress with significant funding, to bring down the cost of the equipment to mass-volume pricing levels. The software, however, due to the “cognitive” adaptive aspects, to ensure that commercial TV is not interfered with, as well as the peer-to-peer aspects of 802.22, is extremely complex. We know FULL WELL that arrogant mistakes and cost-cutting (“get it out the door”-ism) in commercial operations leads to severe security flaws. It is therefore ESSENTIAL that the software in IEEE 802.22 equipment – towers, routers, handsets and dongles – all be developed to respect the “Four Freedoms” as clearly outlined by the Free Software Foundation (best codified in the GNU General Public License v3+). The scenario to work towards (as outlined and justified in more detail below) is that proprietary firmware across the entire Radio Spectrum should be made illegal. There is plenty of room for commercial operations to make money from selling the actual hardware: their irresponsible attitude to security however has to be reined in with legislation.
  • OsmoconBBThis is a reverse-engineering project to turn low-cost ($10-$15) GSM mobile phones into actual working base stations, as well as implement FREE and entirely open GSM mobile phone firmware. Yes, really: you can take a 2nd-hand $10 GSM phone off of of ebay, reflash the firmware with OsmoBTS, run it up a pole on the end of a USB cable and you have your own cell tower with free phone calls (only one call at a time, mind!).Other projects along similar lines include OpenBTS which has been deployed successfully with off-the-shelf low-cost Embedded boards and Software-Defined Radio hardware, as reported by Hackaday. OpenBTS was even deployed with permission from the FCC at the Burning Man Festival, operating far from any location where it could potentially interfere with commercial operations or emergency services, providing free experimental GSM phone coverage for the duration of the festival.Excitingly, with the latest Open and high-end SDR board, LimeSDR, a company named Fairwaves has just successfully ported the Osmocon GSM stack to the LimeSDR. Open implementations of GSM are therefore not an immature technology, but it *IS* one that is hampered by the cost of Spectrum licensing and by FCC regulations.The open development of handsets and cell towers needs to be HUGELY extended (to 3G and LTE) but more than that we need an entirely open chipset to be designed, manufactured and sold. An estimated budget for that is around $USD 50 million: it’s several man-decades of work, as well. The quickest way to achieve this goal would be to find a company to buy and then release all their source code as an open project. The company can and will remain profitable through licensing and sale of actual hardware, just as the Arduino business model first widely demonstrated (The arduino’s PCB and complete hardware design are open and may be replicated by anyone – just not under the Arduino Trademark. People buy from Arduino out of respect and gratitude and in recognition that doing so will guarantee future development and fund existing support).Crucially, here, however, the FCC needs to be brought into line, and, if legislation is brought in that makes it a legal requirement for cell tower and handset firmware to be released publicly under the GPLv3+ Software License, a contingency Research Grant budget needs to be made available for the incumbent Cell companies to apply for in order to collaborate with the Software Libre Community and with Universities, in order that they can prepare for the transition to fully Libre working practices. The problem is that if the transition is instantaneous, and source code is simply dropped onto the public internet we know full well from bitter experience that severe security flaws and protocol design flaws will be found within days, and likely exploited immediately, in both handsets and the cell towers themselves. There are going to be a lot of embarrassing admissions and even potential criminal negligence lawsuits, against which the current incumbents will need to be indemnified except in extreme cases. They’re going to complain bitterly, but ultimately their objections need to be overruled. We know what happens when Corporations act in self-interest and are permitted to influence or write Government policy and strategy.

There is also some very specific political moving and maneuvering that needs to be carried out:

  • It NEEDS to be possible for open hardware and software projects to be both funded and allowed to implement and deploy open WIFI, GSM, 3G, 4G and LTE. That includes provision of licensed spectrum to “open projects”, and not at a cost of 20 billion dollars or whatever the insane cost was on whatever last auction went down. However, the “verification” phase of the firmware definitely still needs to be done (for safety reasons), but someone needs to pay for it (and it’s about $50k per test). Ultimately however the rules need to be changed so that the actual “transmitter” part and associated safety protocols are hard-coded into the chips, such that the software may be modified (crucially, any security flaws fixed immediately WITHOUT requiring Manufacturer or FCC permission) and modified without the possibility of interference with other equipment.
  • The FCC needs to be hit over the head with the biggest baseball-bat ever manufactured, over their recent incredibly stupid and dangerous lock-down of WIFI, where unfortunately they listened to “stakeholders” instead of common sense. The situation is so complex that NOT EVEN THE OPEN SOURCE COMMUNITY fully understands the harm done by the FCC’s current “rules” (they basically forced companies to lock WIFI firmware in order to comply… if they wish to comply in a profit-maximising way). I have a friend who sells routers with open firmware: his business is basically now completely screwed because it’s now ILLEGAL for him to sell products with firmware that was not provided by the manufacturer. Worse than that, if he obeys the software license which allows the end-user to replace the firmware (providing extra features or fixing critical security vulnerabilities that neither the FCC nor the manufacturer even noticed), that is BANNED under the FCC’s new rules!Even worse than that, laptops and desktop computer Operating Systems strictly come under these new stupid rules: any product with a WIFI dongle is now illegal if the WIFI firmware and the OS that loads it is not fully locked down. Want to upgrade your computer? tough luck! you can’t… because the OS is locked, you have to throw it away and buy a new one. This is an utterly stupid, stupid situation which has to stop. During the consultation process, several well-informed highly-technical people wrote to inform the FCC that the only way to guarantee security is to REQUIRE that the source code be made available (in full) and that it be made MANDATORY to provide the full toolchain and an unrestricted means and method of flashing new firmware: due to the “stakeholders” complaining that their profits would be affected, the advice was completely ignored.
  • It turns out that 3G is actually a peer-to-peer protocol. It’s technically perfectly possible for 3G phones to call each other directly… without needing a cell tower. This would give people both free phone calls and also allow them to act as network carriers for their friends (peer-to-peer networking). except… the Corporations wouldn’t get their money, and governments wouldn’t get their spectrum extortion / license fees. this situation has to change. The source code – the entire source code – has to be made mandatorily available for mobile handsets and chipsets, not just so that people can use it for their own purposes and fix security flaws on equipment that they have purchased and own, but also because severe design flaws can be quickly found that the FCC (or its licensed testers) simply do not have the time or resources to find. For example: a well-known low cost HTC smartphone released in 2003 used “shared memory” between the baseband and the main processor, in order to save costs. The Operating System on the main processor (WINCE) had absolutely no security protection whatsoever. During routine reverse-engineering it was discovered that it was possible to change an easily-accessible memory address to change the phone’s transmit output power to DANGEROUS levels, well beyond that permitted by the FCC, potentially enough to cause the phone to overheat and catch fire. The FCC naively places its trust in manufacturers despite clear evidence that they are incapable of carrying out basic security and risk analysis, making a mockery of the purpose of granting them licenses to sell their products.
  • We know that one of the reasons why mobile phone firmware is kept secret is because governments expect to be able to run any program they want on your phone, without anybody knowing. On a device that has open firmware, that no longer becomes possible. however, if the actual problem is fixed because national security is done in an open, transparent responsible, ethical and cooperative manner, there is no need for secret backdoor programs to be run on people’s mobile phones. In fact, instead of running “Stingers”, if there were individuals (with HAM Radio licenses) operating their own private cell towers for public use, and the security services required their cooperation, chances are high that they’d be both flattered, fascinated and cooperative, and would actually HELP in the tracking of criminal activities. Not only that: if cell tower mobile phone source code was publicly available, police and intelligence services could get hold of it and create themselves a “Stinger” at a fraction of the exorbitant cost they’re being charged right now.
  • One of the reasons why the FCC wishes to lock down WIFI firmware is quoted as being that WIFI should not interfere with Radar; that it should “shut down” if the operation of Radar is detected. This is utter nonsense. If Military Radar can be interfered with through the operation of WIFI, you’ve just provided the enemies of the United States with everything that they need to know in order to prevent and prohibit the successful operation of Radar. Radar should in NO WAY be adversely affected by the operation of commercial off-the-shelf 100mW WIFI equipment! If it is, then it should be an absolute and immediate top priority of the United States Military to provide funding for the development and deployment of Radar that is not so affected! * Patents. Patents have to go, it’s really that simple. The original purpose of patents was to provide the inventor with a government-sanctioned monopoly (creating a cartel, in effect) to financially benefit from the fruits of their creative work. Decades of abusive manipulation of the entire Patent system has resulted in anything but benefits to the actual inventors. Primarily this is down not just to the exorbitant costs now associated with maintaining patents, but also it is a little-recognised fact that employment it itself nothing more than slavery by a different name. If you are not familiar with this concept, contact any creative individual in technology and ask to have a read of the “Intellectual Property” agreement section of their employment contract. Corporations genuinely expect creative individuals to hand over complete and total ownership of every single thing that they do, think and say, in return for what – a “wage”? Why are Corporations even permitted to do this? They should be providing the individual with a financial reward equal to and commensurate with the profits that their ideas brought in! Anything else is nothing more than slavery. Open Hardware and Software developers, by virtue of operating outside of Corporate “Control”, are seen to be a threat to Corporations. One means by which Open Hardware and Software developers may be controlled is through the threat of patent lawsuits, as well as the threat of demanding patent license fees. It is therefore absolutely critical that Patents be revoked – period. First, though, U.S. Law which permits “ideas” to be considered as “tangible assets” on the books of Corporations needs to be brought into line with the rest of the world. It is crazy for companies to be able to have value based on ephemeral, unproven and potentially worthless ideas. Tangible assets are physical items like “buildings” and “factory goods”. Once ideas are phased out (over time) from consideration as “tangible assets”, and the noise and complaints from the U.S. Commercial Sector have stopped, Patent Law may then be safely revoked.

To summarise: we know from years of experience and security analysis, much of it incredibly expensive and painstaking work which would go much faster with full access to source code, that proprietary commercial operations have blatant disregard for security, naively citing “obscurity” and “commercial trade secret” as the worn-out excuse for the continued dangerous practice of locking down devices.

We also know full well that whilst commercial operations are extremely good at manufacturing products with amazing efficiency, for which they should be praised and encouraged, their strategic decision-making should in ABSOLUTELY NO WAY be permitted to operate along the exact same “profit-maximisation” lines. This is by far and above the biggest, fatally-flawed and completely unrecognised mistake made by the proponents of Free Market Economies.

In the area of Digital Radio communications, allowing Global Corporations to call the shots and to abuse the FCC as their enforcer, huge opportunities are being lost, and mistakes being made that stifle creativity and communication. Correcting this is a big task which will throw the incumbent power players into an absolute frothing, foaming-at-the-mouth frenzy, with many of them looking at whom they can buy, threaten or simply outright murder in order to maintain the status-quo. It will take some brave decision-making to stare them down, and some even braver and more creative decision-making to come up with a strategy that ensures their cooperation instead of resistance.

The key question is: what would they accept?