In this video excerpt of a Dec 14th Columbia University talk hosted by Eben Moglen, Bruce Schneier, arguably the world foremost security expert, seems to squarely share the User Verifiable Social Telematics architectural approaches and tenets, developed by the Open Media Cluster, for the development and provisioning of innovative IT solutions that can reasonably aim to achieve resistance to “bulk” eavesdropping attacks even from extremely well-financed and skilled entities.

Listen to from minute 33.21 till 36.00, as Bruce Schneier describes what are the core paradigms to keep in mind to develop the service or solution that should be developed to resist such bulk eavesdropping. Here’s a summary of such video excerpt:

• Must truly be an end-to-end solution, including end-point equipment manufacturing oversight.
• Highest level of privacy is really about transparency of all processes involved, which indirectly but solidly ensure  user verifiability though (iterative( processes organisational and inspired by democratic accountability procedures, such as those practiced in proper ballot voting procedures.

Find pasted below some text excerpts from the latest version of UVST R&D Project Summary (downloadable from its web page) from which it is possible to desume the similarities in  approaches and paradigms:

BASIC COMPONENTS: The main components of UVST are: a cheap and thin touch-screen device (CivicPod), custom-built through a thorough security assurance process (CivicFab), which is attachable via a custom external case to any smartphone and via dock to desktop peripherals or comes optionally embedded into the custom-modified internal case of commercial smartphones (CivicPhone); bare-bone dedicated or compatible HDMI/USB TV-connected devices with extensive HTML5 and video rendering capabilities (possibly embedding FirefoxOS or OperaOS) with onion routing functionalities (CivicDongle/Box); one or more dedicated custom-built street-facing lab where all devices and server-side equipment are verified and assembled, and where new users are authenticated on-site (CivicLab); a dedicated server-room, inside each CivicLab, where all remote services accessible by CivicPod/Phone are hosted, all CivicDevices are flashed, whose remote access is disabled and whose on-site access is physically conditional on presence, and express approval, of 5 randomly-selected UVST users (CivicRoom); any willing service provider that manages and commercialised the UVST end-to-end service (CivicProvider), whose quality of service is regularly certified by a to-be-established organization (CivicAuthority) which is made up of leading independent global digital civil rights expert organizations and UVST user-elected representative, also responsible for the updating of the certification specifications.

PARADIGMS: Core to ensuring such levels of assurance will be: (A) fully open processes and technology, (B) extremely low features set and lines of code for all software stacks of both server and client and, especially, (C) innovative iterative organisational processes, and related procedures and technologies, inspired by best-practice paper-based ballot-box democratic election procedures, military-grade oversight procedures, democratic jury-based committee processes, and best-of-breed certification authority organizational models; applied to all phases of all processes involved in the service provisioning.

ASSUMPTIONS: Our approach to highest-standards privacy communication solutions, in a post NSA-surveillance scandal world, is centered on (A) the recognition of the overwhelming solidity of proper encryption, (B) the inherent weaknesses to eavesdropping of transnational IP networks backbones due to their huge and multinational geographical extension, (C) the high-probability of radical security remotely-exploitable weaknesses, and the inability to verify, in core software and hardware components of both mass-market and “high security” mobile and desktop and (D) the understanding that highest privacy is really not a product nor a service, but a set of iterative organizational processes that end up producing a user end-to-end communication experience.
It is therefore critical to extend the privacy-by-design and security-through-transparency paradigms to their full extent, by building processes for the provision of end-to-end communication solutions that aim to be trust-free, i.e. devoid of need of trust in anyone or anything, except self-guaranteeing transparent and accountable organizational processes, whose quality can be assessed by reasonably educated citizens of democratic countries.

“Security is a process and not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products.” Bruce Schneier, 2000;

“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.” Edward Snowden, 2013

“Ultimately, if you want to stop a burglar breaking through your front door, you don’t need a lawyer, you need a lock”. Neelie Kroes, Vice-President of the EU Commission, Dec 2013, (speaking about foreign state mass-surveillance).

CORE HW SECURITY: Given the grave risks that hardware or software vulnerabilities may be introduced during the manufacturing process, beyond-state-of-the-art verification and oversight processes and technologies – called (CivicFab) – will be applied for the production processes of the most sensitive hardware component of server-side and client-side devices involved in the service. CivicFab will match and exceed the security currently deployed by certain very powerful state security agencies for the most sensitive hardware components they need for the devices they need for highest-security scenarios. Here’s what the reportedly to today:

• Choose a manufacturer, located a specific country, which are both somewhat more trustable than others, which will agree to:

  • Make so that the requested hardware is all produced in a continuous batch (50,000 let’s say) in a short time span (a few weeks).

  • Allow, once a year (let’s say), about 20 competent, trained and trusted technicians to monitor and verify thoroughly the process for a couple of weeks.

In addition, to such state-of-the-art, the CivicFab process under the oversight of the CivicAuthority would add:

• Allow those technicians to publicly and completely document the process with videos, photos and more.

• Choose a chip design of low or mid performance, but very solid security, so as to have a wider choice of manufacturers and countries to choose from.

• Add at least 5 people that are randomly-selected among the UVST users, and at least 5 user-chosen technicians, to accompany the 20 technicians. They would be very well paid to take that time off, and are well trained and “self-trained” through open participatory processes.

Tor Project functionality (or other onion routing functionality) will be provided to protect the privacy of both voice and non-voice communication metadata. It will be directly or indirectly provided through a large number of entry and exit nodes (many hundreds) provided by the CivicDongles, the CivicRoom and related onion routing mirrors. Sophisticated per-user and behavioural traffic analysis countermeasures will be put in place, including: random off-setting of server connections between parties to the same Voip call; random generated spoofing and decoy voice-like and data-like traffic; and several other measures. Such countermeasures will become effective only when the user base will be both active and large (at least a few thousands of daily users for voice calls), especially if not using the Tor network.

AIMS: UVST aims to intrinsically (i.e. inherently) ensure that the actual software, protocols, hardware and procedures running “at any given time” at end-points and onion routing nodes – from the (re)-design phase to core HW components manufacturing processes – match that which is stated by the provider, allowed by applicable local (non-secret) laws and constitutions, and available for review by independent experts; and whose security, privacy and authentication levels has been openly developed and very very extensively assessed (paid, award-based and volunteer) by independent security top-experts, but especially by world-brightest ethical hackers and crackers. In fact, without their very active (paid and/or not) contribution it would unlikely to be able to have reasonable expectations to counter budgets and accumulated skill-sets of very extremely well-financed adversaries. 

http://motherboard.vice.com/blog/inside-the-effort-to-crowdfund-nsa-proof-email-and-chat-services

“What surveillance really is, at its root, is a highly effective form of social control. The knowledge of always being watched changes our behaviour and stifles dissent. The inability to associate secretly means there is no longer any possibility for free association. The inability to whisper means there is no longer any speech that is truly free of coercion, real or implied. Most profoundly, pervasive surveillance threatens to eliminate the most vital element of both democracy and social movements: the mental space for people to form dissenting and unpopular views.”

Bruce Schneier said in May 2013 :

You’d think that your privacy settings would keep random strangers from learning everything about you, but it only keeps random strangers who don’t pay for the privilege — or don’t work for the government and have the ability to demand the data. Power is what matters here: you’ll be able to keep the powerless from invading your privacy, but you’ll have no ability to prevent the powerful from doing it again and again.

One way to balance that disparity of power may be to campaign for laws requiring that:

• All that personal private data (Axciom and similar databases, NSA, etc) becomes accessible to everyone for free for non-commercial use, as advised by Morozov for NSA-collected data.
• A public agency with thorough direct-citizen oversight (citizens juries?) is delegated to ensure that such database was complete and updated with all the info of all powerful or rich citizens, and officials.
• User-controlled IT end-to-end infrastructure becomes widely available that ensures against tampering against the integrity of such data by the powerful, skilled and/or rich (similar to User-Verifiable Social Telematics)

Under US law, where judge rulings become integral part of the law, all data and communications of any foreign citizen, even a parliamentarian, can be legally accessed by US security agencies without a warrant, provided that they are stored in the US (or by a US-based company).

https://www.eff.org/deeplinks/2012/01/inter-parliamentary-union-condemns-government-investigation-member-iceland%E2%80%99s

While Ms. Jonsdottir’s specific situation is unique, many non-U.S. users of Twitter are rightfully unnerved. At least according to the magistrate and judge in Virginia, all of a users’ communications records can be subject to review by the U.S. government without a warrant because the users chose to use an online “cloud” service that stores data about them in the U.S.

Bruce Schneier, arguably the world top security expert, in todays post More on NSA Commandeering the Internet, report about the owner Lavabit, until a few weeks ago one of the world most private email service, with half million users:

Last month, Levison reportedly received an order — probably a National Security Letter — to allow the NSA to eavesdrop on everyone’s e-mail accounts on Lavabit. Rather than “become complicit in crimes against the American people,” he turned the service off.
…
It’s what happened next that is the most chilling. The government threatened him with arrest, arguing that shutting down this e-mail service was a violation of the order.

Schneier concludes:

Every Lavabit-like service that shuts down — and there have been several — gives us consumers less choice, and pushes us into the large services that cooperate with the NSA. It’s past time we demanded that Congress repeal National Security Letters, give us privacy rights in this new information age, and force meaningful oversight on this rogue agency.

I invite Dr Schneier to reason if even perfect new legislation can be sufficient to prevent, or even detect, continuous and wide-spread abuses to the privacy of citizens by NSA and others. Or if maybe the solution may be technological or, more precisely, in the procedural and organization processes behind private Internet service offering.

Even we had perfect (and non-secret) legislation in regards to Surveillance and its oversight, and even publicly-disclosed NSA internal regulations interpreting those laws, users of any Internet device, service or end-to-end solution may still have no reasonable or substantial way neither to detect nor to prevent wide and continuous violations of their constitutional rights.

The solution may reside in building large-scale no-profit end-to-end communication service offerings, and in particolare their procedural, organizational and certification processes, that do away altogether with the need for trust in anyone – as argued by Lawrence Lessig, and as is the basis of the security ballot boxes during well-run paper-based governmental elections – because the quality and precision of those processes, covering both devices and servers-side of a given end-to-end ICT service, intrinsically “auto-guarantee” their own constitutionality.

Here’s how such process could work as applied to server room management processes, in an excerpt from User Verified Social Telematics project:

The CivicRoom is a server room inside the CivicLab, that hosts the servers providing UVST services, the latest version of the CivicPod/Phone firmware and approved applications, and the keys that are necessary for law officers to decrypt communications and logs among UVST end users. In addition to state-of-the-art end-to-end security provisions, live streaming and many other transparency procedures, any physical access to the server room (CivicRoom) will be physically conditional to the presence and approval (through keypad locks) of at least a «jury» of 5-10 randomly-selected rotating users and/or with conflicting interests, in ways similar to the what is possibly the “most beneficial security invention of human history”, democratic procedures for polling stations and ballot boxes for well-run paper-based governmental elections. If an admin, rogue state agency and/or anyone wants to commit an illegal OR unconstitutional act in the server room, then each «jury user» – before, during or after – can type in their key pads their «emergency code» instead of their “access code”. If two of them do, then all user are automatically notified of a potential breach, if a majority of them do, then an automated procedure to make «scorched earth» as done by Silent Circle, possibly automatically switching the service to a P2P solution. It will not be detectable who of them typed the «access code» and who typed the «emergency code» of them did. In the case of unconstitutional access, but legal (secret or public law). The will therefore allow for effectively allow for peaceful civil disobedience actions to protect all users.

Who then guarantees and certifies the adequacy of the software, hardware and procedures, and updates those standards? It sure needs to be an extremely competent and independent body, let’s call it CivicAuthority. And who would then control the controllers? CivicAuthority may potentially accrue a huge power that need to be thoroughly checked, through effective and democratic organization procedure and body, let’s call it CivicOvershight.

Such organization could be intergovernmental but it would probably inspire more trust if it was non-governmental but thoroughly democratically accountable.

Here’s how such body could work, in an excerpt from the User Verified Social Telematics project:

The CivicAuthority, a global dedicated committee made mostly of leading IT security experts digital civil rights organizations – but also consumer, authors and content rights holders associations – also responsible for the updating of the certification specifications. It is run by proceeds from certification revenue and from % of revenue generated by CivicProviders. We’ll propose membership in order to: Privacy International, EFF, EPIC, CDT, Human Rights Watch, Amnesty International, Altroconsumo, and more. Such board would be re-elected by and accountable directly to an informed sample of ordinary citizens through deliberative polling(tm) procedures, CivicOversight.

If our hopes are in the politicians hands, we have little reason to hope. But with user-controlled user-verifiable auto-guaranteeing services, that enable digital civil disobedience, we can directly protect our freedom and affirm technologies and practices that improve even the ability of security agencies to promote their missions, proving that security and privacy are no zero-sum game, on the contrary.

I have no doubt that the only way to prevent humanity to destroy itself or, worse, entranch durable forms of inhumane global governance in the midst of environmental catastrophe, is to arrive in a timely manner to adequate global governance through adequate global constituent processes.

I have spend many year studying and working towards such goal. In the last few years I have worked more side-ways in respect to that goal, but I have kept thinking about it very much.

In short, I would suggest that promoting global democracy nowadays would require a few major paradigm shifts in world democracy proponents:

• We should drop the term “democracy”, in favor to “direct democracy” or other adjective. Democracy is becoming in the last few decades a very discredited name, and therefore global democracy activists should add some kind of adjective which does not refer to already tested and failed form of government to achieve governance that is both good and truly accountable to people, such as direct democracy (which includes the reversible election of a representative for given issues), or “continuous democracy” (too little known though) where everyone is able to exercise its share of sovereignty at any given time.
• We should drop the term “world federalism” altogether. It is either redundant or may be interpreted by most as a possible application of the subsidiarity principle which is unbalanced toward the smaller units, as for example in the case of European Union, or even separatists as Lega Lombarda in Italy.
• We should seriously evaluate if it is inevitable to reinvent a form of democracy that do away with the privacy of vote and “civic” communications. There is the possibility that technology evolution “may force use to choose between privacy and freedom”, as first argued by James Brin In fact, the only reasonable way to both (A) save us from constant and extremely thorough abuses of privacy by state agencies and other powerful actors, with resulting self-censorship, and (B) finally enable us to take advantage of the huge pptential of technologies to enhance the democratic efficiency of global (constituent and then) democratic processes, without the huge manipulation risks involved if vote (and civic online participation) is supposed to remain secret.

After years of skimming through the book, I finally got to the last chapter of by James Brin’s famous book “The Transparent Society – Will technology force us to choose between privacy and freedom?”.

I interestingly discovered that at page 332 of 335, he hints to the potential role of groups of randomly selected citizens (or juries) to ensure the transparency of IT management of those in power, public or private (see below), as a means to ensure that the actual reciprocal transparency between citizens and big powers actually matches the one stated by laws or by Terms of Service.

A very similar idea was presented in this 2007 blog post I wrote and constituted the core mission of Telematics Freedom Foundation that i founded, and it is now at the core of our User Verified Social Telematics project, being developed as an integral part of the
Open Web Next Project.

Here it the excerpt from page 332:

ADDED on Aug 28th 2013: Oversight of such randomly-selected citizens could be made more informad through processes such as deliberative polling methods, as we’d just added to our User Verified Social Telematics project.

Sunil Abraham, Exec. Dir. of Centre for Internet and Society India, has just posted on Forbes India a bright, deep and comprehensive analysis of the policy priorities in regard to large-scale surveillance abuses, and the civil rights AND economic rational for India to promote adequate policies, which may very well apply to Europe.

He furthermore convincingly argues how privacy and security are no zero-sum-game, but a prerequisite one of the other, as I also argued in a recent post. Privacy is a necessary but non sufficient condition of individual, collective and business security.

I believe though that “privacy by policy”- through appropriate laws and Terms of Use, even if perfectly implemented – may unfortunately end up creating just a dangerous smoke in the mirror, unless such laws also embed solid clauses inspired to the paradigms of “security by design” and “security through transparency”.

Service and technology providers, public and private, beyond a certain size, should be mandated to regularly submit, for review by experts AND anyone, all software, hardware, and especially procedures that affect in any way the security, privacy and authenticity levels of their offerings.

Such offerings would be evaluated according to regularly updated guidelines, managed by independent oversight boards, the ability of hardware, software and procedures – as well as the actual intensity and quality of independent security review – to intrinsically and inherently guarantee that the actual levels match the stated levels, at present and any given time in the past.

In fact, intrinsic “privacy and security by design”, devoid of any need for trust, was the core invention at the basis of the engineering of democratic political regimes, exemplified by the rule concerning proper ballot-box democratic voting procedures.

Just as the International Institute of Democratic and Electoral Assistance for decades has provided crucial and largely independent assistance and review for governments electoral processes world-wide, it could be advisable to promote the constitution of a similar – but even more independent and extremely competent – international body that may provide similar assistance, review and certification processes to improve and assess the actual levels of security, privacy and authenticity of communication service offerings by large public and private providers.

http://gigaom.com/2013/08/16/chromecast-gets-gesture-control-via-kinect/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+newteevee+%28GigaOM%3A+Video%29

Leon Nicholls, who previously experimented with local content playback, online shopping and other cool stuff on Chromecast, has managed to hook up his Kinect to a web app running on Google’s new TV stick.

We’ve had that (since 2010) in our Open Web Next project through our CivicPod (kinect functions +) and our CivicDongle (chromecast functions +).
But w/out google lock-in, more features, open Web access, beyond state-of-the-art privacy and security, and controlled by italian content rights owners and broadcasters:

www.openwebnext.com

These actions have been accompanied by a sea change in public opinion about surveillance. Poll after poll has shown that, for the first time ever, Americans think the government has gone too far in violating their privacy, with vast majorities believing the NSA scooping up a record of every phone call made in the United States invades citizens’ privacy.

While the administration certainly doesn’t believe Snowden is patriotic, Americans do. A Quinnipiac poll conducted this month found people agreed, 55 percent to 34 percent, that he was a whistleblower — a large margin that crossed party, gender, and age lines. A recent Reuters poll showed only 31 percent of the public thought he should be prosecuted.

Read more at:
http://www.politico.com/story/2013/08/edward-snowden-is-a-patriot-95421.html

Comments to this post:
Schneier on Security: Has Tor Been Compromised?

Prof. Ed Felten wrote on his blog on May 16th:

“The FBI argues that the Net is «going dark» that they are losing their ability to carry out valid wiretap warrants. In fact, this seems to be a golden age of surveillance, more collectable communications are available than ever before, including whole new categories of information such as detailed location tracking. Regardless, the FBI wants Congress to require that voice, video, and text communication tools be (re-)designed so that lawful wiretap orders can be executed quickly and silently.

Our report focuses in particular on the drawbacks of mandating wiretappability of endpoint tools – that is, tools that reside on the user’s computer or phone. Traditional wiretaps are executed on a provider’s equipment. That approach works for the traditional phone system (wiretap in the phone company’s switching facility) or a cloud service like GMail (get data from the service provider). But for P2P technologies such as Skype, information can only be captured on the user’s computer, which means that the Skype software would have to be changed to add a virtual «wiretap port» that could be activated remotely without the user’s knowledge.”

The User Verified Social Telematics (“UVST“) concept developed by the Open Media Cluster and the Telematics Freedom Foundation could step into this discussion and provide a win win solution for both defenders and opponents of this FBI proposal.

UVST service, provided in a non-commercial way that does not fall under the legislation for network operators (in Italy, and maybe US?), could provide for a solutions that allows state security agencies to access end-points, but only if they have a warrant (based on probable cause), by providing for an innovative technological and organizational infrastructure that intrinsically guarantees users from its abuse.

Provided UVST research project delivers on its aims and promise (far from certain!), I could see it possible and advisable, that (as a consequence of ongoing NSA surveillance revelations) such FBI proposal could be emended by Congress, in coordination with both FBI and civil rights associations, to provide strong incentives and disincentive that all Internet communication end-points (devices and server rooms) be UVST certified. At some point in the future, after many years of very successful large-scale UVST deployments, it may be even become advisable that all non-UVST encrypted Internet traffic be recorded, and possibly blocked by security agencies.

Such possibility may be jump started by Open Web Next, a 6,5M€ research project – aimed at developing a new modular multi-platform mobile&TV platform and ecosystem for the Italian market, based on dual-run time OS (or hybrid) devices running both FirefoxOS and UVST – that integrates UVST organizational, procedural and technical infrastructure as the core mechanism to guarantee both content security and user privacy.
It is being presented as a proposal to a Lazio Region Grant, lead by us of the Open Media Cluster, Open Media Park and Telematics Freedom Foundation. It’s co-promoted and co-coordinated together with the Fondazione Ugo Bordoni (the research arm of Italy’s Ministry of Economic Development) that is also a partner. These are some of its confirmed partners: Tre Italia (part of H3G, 4th mobile operator in the world), Center for Cyber Intelligence and Information Security Sapienza,(Italy’s leading Cyber Intelligence research center), Hermes (Italy’s leading technical and legislative digital civil rights experts, similar to EFF in the US),Progesi/BV-Tech (leading Italian IT defense and security contractor), Freemantle Media (the largest TV content producer in the world), UCLA School of Cinema, Television and Theatre Remap, Cedeo/WimLabs (di Leonardo Chiariglione), IT Media Consulting. We are in active and extensive discussion with Tivu/Tivusat (owned by Rai, Mediaset, LA7, the top 3 Italian broadcaster to evolve their joint satellite and internet platforms) and others. We plan soon to propose participation to EFF (or epic.org) and Mozilla (makers of FirefoxOS).

We are glad for any comment, suggestions, support and leads that can help us further this project.

Alla luce di queste dichiarazioni di Obama, (che potrebbero dare la linea al governo Italiano) la ricerca e sviluppo delle idee e finalità che sottendono al Concept User Verified Social Telematics (UVST) – nucleo dell’architettura di sicurezza della nostra proposta Open Web Next da 6,5M€ alla Regione Lazio- potrebbero fornire l’occasione e ingenti risorse per LE associazioni leader in Italia su questi temi da ambo le sponde, ovvero il Centro di Ricerca di Cyber Intelligence e Hermes, di analizzare estesamente e pubblicamente se ci siano soluzioni tecniche/procedurali (ma anche tecnico/procedurali-normative) che possano dimostrare come la questione non é un “gioco a somma zero” fra sicurezza nazionale e privacy dei cittadini.

http://www.primaonline.it/2013/06/18/118896/datagate-obama-raccolta-dati-nsa-e-trasparente/
“I programmi di sorveglianza elettronica della National Security Agency (Nsa) sono “trasparenti” perché soggetti a molteplici controlli da parte del Congresso e dei tribunali federali, ha detto il presidente americano Barack Obama, aggiungendo tuttavia che è necessario trovare un modo per rassicurare i cittadini sul rispetto della loro privacy. “Dobbiamo trovare il modo per dare assicurazioni al pubblico che ci sono controlli e bilanciamenti” sull’operato dei servizi segreti e “che le loro telefonate non vengono ascoltate, …. …. La verifica, ha detto Obama, è già cominciata. Obama ha quindi annunciato di aver dato vita ad una commissione per la difesa della privacy e delle libertà civili formata da cittadini indipendenti, per avviare un dialogo nazionale sulla questione. “Li incontrerò, perché intendo creare una struttura e lanciare un dibattito a livello nazionale”, anche su una visione più ampia dell’argomento, ha affermato. “Ritengo che il mio lavoro – ha quindi detto il presidente Usa – sia di proteggere il popolo americano, e anche di proteggere lo stile di vita americano, che comprende la nostra privacy“. (ANSA).”

Anzi, si potrebbe dimostrare come soluzioni tecnico/procedurali come UVST, basate sulla trasparenza auto-garantita intrinsecamente da procedure e tecnologie, possono aumentare sostanzialmente la sicurezza nazionale per numerosi motivi (tra i quali cito, ad esempio, l’aumento di sicurezza interna a i vari soggetti pubblici di sicurezza, e alle strutture di istituzionali a cui rispondono), oltreché la privacy degli utenti.

Tale soluzione, nelle finalità complessive della proposta Open Web Next, potrebbe divenire quindi una fondamentale vantaggio competitivo in Italia (e oltre?) di un piattaforma di comunicazione fruizione mediale mobile/TV italiana, che aggrega una massa critica di attori della filiera (detentori diritti, broadcaster/detentori, operatori mobili) e che si affianca alla piattaforma globale di openWeb/FirefoxOS.

Ovviamente ci sono poi enormi opportunità di applicazione per grandi provider di servizi web e cloud, di poter restaurare la loro credibilità non meramente con nuovi termini di utilizzo in adeguamento a leggi attuali o nuove che usciranno, ma attraverso sistemi che intrinsecamente assicurano il rispetto delle leggi (costituzionali …)

Sembra che il DRM che ha in mente Berners-Lee quando ha detto che lo vuole in HTML5 ma “open” sia quello di cui parlava Guido Scorza (ed altri) già nel 2008,: “E’ per questo che credo in un DRM – non uno qualsiasi! – interoperabile, trasparente e rispettoso dei diritti e gli interessi di utenti e consumatori. ”

Alcuni pensano che open source DRM per HTML5 sia possibile.

Altri autorevoli, come Stallman e Lessig, dicono che open source DRM è possibile e sicuramente efficace ma immorale:

Gli editori di libri italiani sono già convinti da 1 anno sull’abbandono del DRM perché hanno capito che và a consolidare il predominio di colossi esteri. Gli editori di giornali come Financial Times e NYT puntano molto sull’HTML5 e addirittura evitano gli store nativi. Gli editori audiovisivi e cinema arriveranno presto alla medesima maturazione, speriamo non troppo tardi, non appena AppStore o  DRM proprietarie inizieranno a prevalere anche nella fruizione di contenuti sulla TV.

Ci sarà spazio per convincere gli editori e detentori di diritti italiani che la loro unica salvezza da sistemi proprietari e dominanti di AppStore (per giornali e audiovisivo) o DRM (per ebook) , sia puntare facendo sistema sull’open Web  HTML5 rinunciando a DRM e/o adottandone uno open source a livello W3C? e in attesa sceglierne per legge, delibera AgCom o per accordo di settore a livello Confindustria Cultura?

Chissà che una soluzione che porti a una disintermediazione quasi totale si al win win solution che mette d’accordo detentori dei diritti con i diritti dei consumatori e i diritti digitali dei cittadini che si sono sempre scontrati sui temi del DRM e la pirateria? Forse se qualcuno lo analizzasse verrebbe fuori che il valore sottratto ai detentori di diritti suoi contenuti da parte dei pirati è, e in particolare sarà, inferiore di molto a quello estratto ora e in futuro dai suddetti nuovi gatekeeper globali …

UPDATE:

Ieri 18 febbraio ho presentato all’evento “Editoria 2.0“, organizzato da Arturo Di Corinto, i perché economici e di diritti civili di una legge sull’open Web e di un grande progetto pubblico-privato di creazione di un distretto ICT sull’open Web nel Lazio, che sottendono al progetto del Open Media Park, la sua Visione Strategica dell’Open Media District. Vedi anche la Campagna “No ad Internet senza Web aperto” per una normativa per libero accesso al Web.

————————-

“Salve, sono Rufo Guerreschi, A.D. del progetto Open Media Park, che il prossimo anno avvierà la realizzazione a Roma del il secondo parco tecnologico mediale d’Europa per dimensione, incentrato su tecnologie Web di prossima generazione (HTML5), con 13 partner leader italiani ed esteri.

In 3 minuti illustrerò l’enorme rischio per (1) l’economia editoriale italiana, (2) il pluralismo dei media e (3) per l’apertura del Web costituito dal predominio degli Over-the-Top e proporrò una precisa strategia di contrasto per l’Italia e la Regione Lazio.

Google e Apple nel mobile, Samsung nelle TV, e i loro partner di contenuti globali, stanno rapidamente rimpiazzando i broadcaster nel loro ruolo di gatekeer della fruizione di contenuti mediali, con conseguente potere di estrazione di valore economico e controllo editoriale.

Se questo scenario in Italia continua a rafforzarsi – come evidenziato dalla Fondazione Rosselli IEM - a produttori, aggregatori e detentori di diritti di contenuti italiani sono destinati ad aver un potere negoziale sempre più limitato per negoziare una condivisione equa del valore aggiunto generato dai propri contenuti.

Un dato che sintetizza tale egemonia .. Dal giugno 2011, il tempo passato dagli utenti di apparecchi mobili ad interagire con browser Web è stato superato dal tempo passato con applicazione scaricate da App Store proprietari (primariamente Android e iOS), ed oggi costituisce solo il 10% del tempo passato davanti a un apparecchio mobile.

Ma con i nuovi standard Web (HTML5), oltre il 95% delle principali applicazioni mobili potrebbe essere riprodotto con la stessa velocità , qualità grafica e facilità d’uso, come semplici siti/applicazione Web di nuova generazione… Ma i browser default e installabili sugli apparecchi mobili o TV non permettono di sfruttare le capacità di tali nuovi standard Web, con il pieno accesso alla memoria locale, scheda grafica grafiche e funzionalità dell’apparecchio (telefono, fotocamera, giroscopio, etc)

Ma il problema piu grande è il predominio sulla TV. L’apparecchio mobile infatti diventa rapidamente un primario strumento futuro di fruizione mediale nel salotto e sulla TV. Con la grande predominanza di pochi attori globali come Samsung e LG nelle TV connesse, sono in atto dinamiche simili e un affermazione delle piattaforme mobili come piattaforme dominante nel TV e box connesse.

Quindi, negli apparecchi mobili, TV e e-book, quindi, il World Wide Web – con la sua natura aperta, innovativa, competitiva, e di disintermediazione – è a rischio di diventare assolutamente marginale. Tale marginalità impedisce a produttori, aggregatori e detentori di diritti di contenuti italiani di tali soggetti di instaurare un rapporto diretto e disintermediato con gli utenti attraverso il Web.

Pensate che il fatturato pubblicitario previsto di Google in Italia per il 2015 è superiore a quello di Mediaset. Youtube ha aperto a feb 2013 estesi studi di produzione a Tokio con 13 partner locali incluse TV, dopo aver aperto a Londra e Los Angeles. Quando a Roma o Milano?

E ora la proposta. E’ ambiziosa, e richiede un grande coordinamento pubblico-privato, ma riteniamo i rischi e le opportunità coinvolte sono tali che riteniamo si possa fare.

Tale situazione di duopolio egemonico – e i suoi effetti sulla salute economica e il pluralismo dei media  - può essere invertita sostanzialmente in Italia attraverso una chiara strategia nazionale e della Regione Lazio fatta di 3 azioni:

• 1. un nuovo cluster distretto ICT italiano dedicato all’open Web, prodotto da una visione condivisa fra molti soggetti pubblico-privato, simboleggiato da un un parco tecnologico mediale dedicato

• 2. una forte normativa di contrasto a tali pratiche anti-competitive che - sulla scia della legge che dal luglio 2015 impone ad ogni TV venduta in Italia di supportare il DVB-T2 e la legge Europea che da anni obbliga Microsoft ad offrire la possibilità di istallare browser diversi da IE –  imponga ad ogni apparecchio mobile, e-book e TV in Italia di permettere agli utenti l’accesso pieno a contenuti Web indipendenti di ultima generazione, con pieno accesso alle funzionalità dell’apparecchio.

• 3. grandi investimenti di operatori mediali italiani nella creazione di competenze e ecosistemi di sviluppo di contenuti Web di prossima generazione coordinati

Vi invitiamo partecipare al secondo Open Media Forum II nel prossimo luglio 2013 dove cercheremo di allargare il consenso su questa proposta.

Rufo Guerreschi, A.D. Open Media Park

Proposta per una sostanziale disintermediazione ed espansione del mercato dei contenuti, ed un’equa e democratica retribuzione di autori e produttori, attraverso la legalizzazione della condivisione di contenuti digitali.

Sabato 19 Marzo 2010 si terrà a Roma, al cinema Capranica, a due passi da Montecitorio, la Festa dei Pirati, per dibattere della pirateria multimediale e del futuro del diritto d’autore, con la partecipazione di vari politici di destra e di sinistra, associazioni e attivisti, che fanno capo ad un larghissimo e vario movimento nel paese.

L’evento si terrà, a quanto pare, con l’assenza di rappresentanti di autori e produttori, fra i quali, tra l’altro, iniziano ad affiorare proposte che includono anche la legalizzazione del libero scambio di contenuti.
Tale assenza è sintomatica di una grave carenza di dialogo con essi, che ha favorito la diffusione nel “movimento” di una posizione che promuove una pura e semplice legalizzazione della pirateria, e che non si pone il problema di una decente ed equa retribuzione di chi decide di voler vivere producendo cultura, ritenendolo un non-problema o di competenza altrui.

Cogliamo l’occasione offerta da tale evento e dal dibattito correlato per presentare qui una nostra proposta di soluzione che riteniamo vada a risolvere il dilemma di come legalizzare la condivisione dei contenuti e al contempo retribuire equamente autori e detentori di diritti, oltre a promuovere una forte disintermediazione del mercato dei contenuti.

SOLUZIONI PROPOSTE

È in atto da tempo un intenso dibattito sulle varie soluzioni praticabili al fine di compensare equamente autori e produttori nel caso la pirateria dovesse continuare la sua rapida diffusione e qualora non si trovi, come sembra, un modo per prevenirla che sia fattibile e sostenibile costituzionalmente e tecnologicamente.
Nel caso della musica in particolare, alcune di queste soluzioni sono già una realtà praticata da molti operatori mobili nel mondo, con un costo fisso mensile di pochi euro che dà diritto ad una sorta di “licenza collettiva” per la fruizione di milioni di canzoni.
La maggior parte di tali soluzioni prevede una tassa fissa per l’utente, obbligatoria o volontaria (contributo) – applicata alla connessione, alle imposte o altri prodotti – che sarebbe poi ripartita fra gli autori, sulla base di un qualche criterio e procedura.

Quasi tutte le soluzioni proposte prevedono la ripartizione di tali introiti sulla base del monitoraggio e il conteggio dei singoli contenuti veicolati sulle reti internet.
Tale monitoraggio presenta enormi problematiche per la libertà dei cittadini e l’equità dei compensi degli autori e produttori, e non solo. Esso infatti sarebbe tecnicamente impossibile da eseguire in maniera completa, verificabile, costituzionale, ed equa. Sarebbe infatti:

• Gravemente incompleto, perchè sempre più contenuti viaggiano in rete criptati e quindi non sono monitorabili;
• Soggetto a frode, in quanto sarebbero possibili eventuali manipolazioni in larga scala, da parte di terzi, nel conteggio dei contenuti all’interno di reti e sistemi telematici proprietari, le quali sarebbero molto difficili da scoprire e dimostrare da parte di cittadini e associazioni;
• Gravemente lesivo della privacy, poiché enti privati o pubblici dovrebbero monitorare costantemente i contenuti condivisi dai cittadini con aumento delle possibilità di abusi in larga o larghissima scala del diritto alla segretezza delle comunicazioni sancito dalla Costituzione;
• Iniquo verso gli autori, perché non è assolutamente detto che il contenuto più scaricato sia poi il più fruito e apprezzato (molti scaricano un contenuto sulla scia di campagne pubblicitarie per poi non fruirne mai).

LA NOSTRA SOLUZIONE

La nostra proposta si ispira fortemente ad una proposta fatta a Marzo 2009 da Francis Muguet e Richard Stallman, l’inventore delle licenze di software libero/open-source e del sistema operativo GNU/Linux, illustrata molto chiaramente da un articolo di Gaia Bottà su Punto Informatico del 19/03/2009.

Invece di basarsi sul monitoraggio dei contenuti veicolati in rete o eseguiti dall’apparecchio dell’utente, essa prevede che tale “tassa”, comunque prelevata, venga ripartita fra autori e produttori sulla base delle preferenze dei cittadini espresse in parte direttamente e in parte attraverso campioni di utenti. Ad esempio, l’espressione diretta di tale preferenza potrebbe essere effettuata, a scelta del cittadino, in modalità pubblica su internet o privata offline (in occasione del pagamento delle tasse, come con l’8 per mille).

Tale soluzione avrebbe l’effetto non solo di ricompensare equamente i detentori di diritti, ma, ancor più importante, contribuirebbe fortemente a democratizzare, decentralizzare e liberalizzare il mercato dei contenuti, attenuando l’enorme influenza che oggi vari attori – editori, inserzionisti, broadcaster, etc – esercitano sulla diffusione, promozione e monetizzazione di ogni contenuto creato, e quindi indirettamente sulla probabilità che esso venga finanziato e prodotto.
Tale soluzione, se ad esempio attuata a livello statale, porterebbe ad una notevole disintermediazione del mercato dei contenuti digitalizzati, realizzando un rapporto economico diretto fra produttore/autore e consumatore/cittadino, “dal produttore al consumatore”.
Ogni autore e produttore potrà finalmente creare liberamente, sapendo che l’unico metro della monetizzazione e diffusione del suo prodotto culturale sarà l’apprezzamento da parte di un adeguato numero di cittadini.

Due obiettivi, altrettanto cruciali per le speranze di democratizzazione e liberalizzazione (e quindi espansione!) del mercato dei contenuti digitali, sono (1) l’eventuale approvazione di efficaci leggi a supporto della neutralità delle reti fisse e mobili, e (2) la diffusione maggioritaria di apparecchi e sistemi telematici per la fruizione di contenuti digitali che siano costituiti esclusivamente (o quasi) da software libero/open-source, o la cui piattaforma software primaria sia gestita e amministrata da “consorzi aperti” di produttori di contenuti. Tratteremo di tali questioni in successivi post.

It is great news that California – the software capital state of the world, the economy best positioned to benefit from a worldwide e-voting market, and lead state in many areas of legislation – has decided to de-certify all e-voting systems.
Most, or possibly all, e-voting systems available today are just not at all ready for prime time!

Let’s hope well-intentioned world politicians hear this loud and clear message among the PR noise of e-voting system sellers!

At the very least, this should push back lunatic attempts to have, at present, binding web or sms governmental elections.

Sustaining an ecosystem of “truly copylefted” telematics applications through the “Work-for-hire” loophole of FLOSS licenses

Imagine Google decided to aggressively responsiblize and incentivize his employees, consultants and partner companies.
It would offer them very extensive performance bonuses on profits generated by software services, which they could design, develop and manage, by extending both publicly available FLOSS and unreleased Google-derivatived FLOSS.
It would offer them a “Consulting/Partnering Agreements” where it irrevocably stated to hire their services (as “work-for-hire”) to modify such source code; as well as to hold full responsibility for the managing and hosting, except for its obligation towards Google to respect a set of specific (mainly) hosting requirements. They would sign concurrently the assignment of all copyrights and other intellectual goods generated from their work on such code to Google.
Google, as the provider of partially-copyrighted source code, branding (and possibly some inevitable liabilities), would get 1-5% of the direct revenue generated by the service. The Partner, in turn, would get 95-99% of the revenue, sustain all consulting and hosting costs, as well as and fully “manage”, and be responsible for, the hosting of such service on behalf of Google.

It would also offer “Software Quality Review Agreements” to the same parties, in order to apply the same decentralization principles to quality and security assurance of its code. All such parties would be offered (under “work-for-hire” terms) a small symbolic amount to: obtain the code, review it and offer their feedback at their will.

Now, let’s imagine instead that all these would done by a foundation (or governmental entities, or a redundant network of national governments), which irrevocably commits to the following:
* any user and anyone in the world could decide at anytime to become a “Partner”
* all source code that is assigned to the foundation, and therefore that running on any of the partner-managed “derived services”, would always be available to anyone willing to sign (online or on paper) one of those 2 agreements.
* Requires that those Partners abide (possibly just above a certain number of “active users”) by severe hosting requirements (similar to the ones we have drafted here) for the running of those services, which concretely and enforceably places all hardware and software, running beyond the point of decryption, under the collective democratic control of its users.
* As the foundation reaches X thousands of active users of services hosted by it or by Partners; it would offer to each of those users to join other willing users in forming the sovereign body of the foundation, though a carefully designed constituent processes.

I am suggesting this may be a good thing, as it would create an ecosystem of developers and users where anyone, though partly limited from such democratically-controlled foundation, could access remotely-accessible software applications under “practically-copylefted” terms
They could start building new applications, as well as derivative works from any publicly-available FLOSS. Those works would never be “released” to anyone and, although still bound to the derivative terms of  GNU GPLv2 or other FLOSS license, would be made accessible to users and everyone under terms that amount practically to those of the current Affero, plus the means to collectively verify the code that is actually running.

It is not enough for citizens to be told to have certain rights as users of a given telematic service, under a license (such as FLOSS), or a legislations (such a national and global privacy protection regulations) or under a contract with the service provider (such as Terms of Use)
To actually control a telematic service, or a web service, a user needs reasonable practical means to verify the software AND the hardware of all servers which run at and beyond the point of decryption of my communications with such service (or “end servers”).
If such “end servers” interact with other external network services, I will know, by having access to their code of the “end servers”, which services, and all the details and conditions of such interaction.
It is not necessary to control servers and networks in between the client device and the “end servers”, as we can reasonably rely on the power of the latest encryption to totally secure from all software, hardware and cables in between. In fact, the communication could be intercepted in between, but the content could not be read. It could be stopped or deviated in between, but there is free software that, installed on both client and server can prevent that, or at least verify that it did happens.
This is not new. Democracies, for centuries now, have always provided citizens with reasonable means to verify that key constitutional rights were not widely abused. When I go to vote, I do not simply have the right that my vote be secret and fairly counted, but I rely on a good number of other citizens, randomly selected or with conflicting interests, which prevent the bad guys to put in place large scale abuses of such rights. There are also a number of process regulations, such as recounts, that further prevent such frauds.
In fact, in order to provide such concrete control over telematics, server rooms (or “cages”) hosting a such “free” telematic service could be physically managed applying those same (or enhanced) physical security provisions that are currently applied to ballot boxes during an election. In practice, physical access to such servers would be enabled only while a few randomly selected or elected users (or citizens) are physically present. For a more detail explanation on how that may be accomplished, see our proposed hosting requirements for such service
According to this model of telematic service provisioning, anyone could deploy a “free” telematic services, by developing new software or freely installing or extending any publicly available FLOSS software, and running those according to such hosting requirements.
Anyone can do this, without breaching any FLOSS license, by requiring the signing of a copyright assignment, or similar statement, whenever users, or anyone, wants to access the software source code.

For more info on how set up such “free” telematics service, see our draft Service Access Policies at Plonegroups.org

Rufo Guerreschi

Powered by ScribeFire.

Dear fellow world citizens,

most of you will read this post in a few years from today, when this blog will have matured, together with the ideas of the author, and through your support, suggestions and leads!

The goal of this blog:
To entertain a constructive exchange of ideas, with all interested, for whatever reason, in creating ways to substantially improve the life of humans and other sentient beings; through rational inquiry, research and experimentation.

My exploration is driven by curiosity and passion, as well as by a yet unproven intuition that “True love of self and love of others coincide”, as Alexander Pope said.

… and then I will write in some light and funny stuff, to keep you and me in the right balance between distraction, fun and ethical inquiry.

Have fun!!

Rufo