It is not enough for citizens to be told to have certain rights as users of a given telematic service, under a license (such as FLOSS), or a legislations (such a national and global privacy protection regulations) or under a contract with the service provider (such as Terms of Use)
To actually control a telematic service, or a web service, a user needs reasonable practical means to verify the software AND the hardware of all servers which run at and beyond the point of decryption of my communications with such service (or “end servers”).
If such “end servers” interact with other external network services, I will know, by having access to their code of the “end servers”, which services, and all the details and conditions of such interaction.
It is not necessary to control servers and networks in between the client device and the “end servers”, as we can reasonably rely on the power of the latest encryption to totally secure from all software, hardware and cables in between. In fact, the communication could be intercepted in between, but the content could not be read. It could be stopped or deviated in between, but there is free software that, installed on both client and server can prevent that, or at least verify that it did happens.
This is not new. Democracies, for centuries now, have always provided citizens with reasonable means to verify that key constitutional rights were not widely abused. When I go to vote, I do not simply have the right that my vote be secret and fairly counted, but I rely on a good number of other citizens, randomly selected or with conflicting interests, which prevent the bad guys to put in place large scale abuses of such rights. There are also a number of process regulations, such as recounts, that further prevent such frauds.
In fact, in order to provide such concrete control over telematics, server rooms (or “cages”) hosting a such “free” telematic service could be physically managed applying those same (or enhanced) physical security provisions that are currently applied to ballot boxes during an election. In practice, physical access to such servers would be enabled only while a few randomly selected or elected users (or citizens) are physically present. For a more detail explanation on how that may be accomplished, see our proposed hosting requirements for such service
According to this model of telematic service provisioning, anyone could deploy a “free” telematic services, by developing new software or freely installing or extending any publicly available FLOSS software, and running those according to such hosting requirements.
Anyone can do this, without breaching any FLOSS license, by requiring the signing of a copyright assignment, or similar statement, whenever users, or anyone, wants to access the software source code.
For more info on how set up such “free” telematics service, see our draft Service Access Policies at Plonegroups.org
Rufo Guerreschi
Powered by ScribeFire.