User-Verifiable Telematics

From P2P Foundation
Jump to navigation Jump to search

= research project from the Italian Telematics Freedom Foundation

URL = http://www.telematicsfreedom.org/en/projects/user-verifiable-telematics


Description

"A research project for the realization of software, hardware and processes that enable ordinary non-technical citizens to affordable access to any internet-based telematic communication with pretty high levels of privacy and security that are fully user-verifiable." (http://www.telematicsfreedom.org/en/projects/user-verifiable-telematics)


Discussion

"It is not enough for citizens to be told to have certain rights as users of a given telematic service, under a license (such as FLOSS), or a legislations (such a national and global privacy protection regulations) or under a contract with the service provider (such as Terms of Use). To actually control a telematic service, or a web service, a user needs reasonable practical means to verify the software AND the hardware of all servers which run at and beyond the point of decryption of his communications with such service (or “end servers”).


If such “end servers” interact with other external network services, he will know - by having access to the code of the “end servers” - which services, and all the details and conditions of such interactions.

It is not at all feasible, nor necessary for most user scenarios, to control servers and networks in between the client device and the “end servers”, as we can extensively rely on decades-old tested encryption protocols and FLOSS software to secure from third-party interference through software, hardware and cables in between. True, there is a possibility that even those protocols may have been broken by some powerful third party through undisclosed computers and alghorythms, but it is a "very" remote possibility for a host of reason. We therefore advise it's use, even in the political arena, except for governmental elections and primaries.

In fact, the communication could be intercepted in between, but the content could not be read. It could be stopped or deviated in between, but there is free software that, installed on both client and server can certainly verify that it did happen.

This is not new. Democracies, for centuries now, have always provided citizens with reasonable means to verify that key constitutional rights were not widely abused. When I go to vote, I do not simply have the right that my vote be secret and fairly counted, but I rely on a good number of other citizens, randomly selected or with conflicting interests, which prevent the bad guys to put in place large scale abuses of such rights. There are also a number of process regulations, such as recounts, that further prevent such frauds.

In fact, in order to provide such concrete control over telematics, server rooms (or “cages”) hosting a such “free” telematic service could be physically managed applying those same (or enhanced) physical security provisions that are currently applied to ballot boxes during an election. In practice, physical access to such server room would be enabled only while 4 or more randomly selected or elected users (or citizens) are physically present.

According to this model of telematic service provisioning, anyone could deploy a “free” telematic services, by developing new software or freely installing or extending any publicly available FLOSS software, and running those according to such hosting requirements.

Anyone can do this, without breaching any FLOSS license, by requiring the signing of a copyright assignment, or similar statement, whenever users, or anyone, wants to access the software source code." (http://www.telematicsfreedom.org/en/projects/12/blog)

Retrieved from "https://wiki.p2pfoundation.net/index.php?title=User-Verifiable_Telematics&oldid=24883"