Pugwash: Malicious programs raise questions regarding free software
Pugwash began this week’s meeting by watching Richard Stallman’s TED talk from 2014. Stallman is the founder of the free software movement, which has the goal of providing certain freedoms for software users, including the freedom to run a program, change a program’s source code, redistribute a program, and redistribute a program with your changes. Stallman argues that these freedoms are necessary for users to maintain control over the programs they run. He believes that programs without these freedoms can be instruments of unjust power, because the developer of the program can include malicious functionalities without the user’s knowledge. Malicious programs can snoop on users, track users, and restrict program functionalities.
There are many examples of this type of program. For instance, in 2009, Amazon, much to the shock of its users, deleted a version of George Orwell’s 1984 from all Kindles without the permission of their owners. This angered many users and showed that Amazon had complete control over the devices. Another instance occurred in 2010 when Sony released an update to the Play Station 3 that removed support for installing Linux. At its launch, Sony had touted the ability to install Linux on the PS3. Sony compelled users to update their systems by disabling online features on consoles that were not updated. In 2007, Microsoft updated nine small programs on machines running either Windows XP or Windows Vista without user approval. Although these changes proved to be benign, it showed that Microsoft has a universal back door through which anything on the user’s machine can be changed. In 2013, Bloomberg reported that Microsoft shares information with the NSA about vulnerabilities in its popular products before it fixes them so that the NSA and other agencies can infiltrate users’ computers.
After watching Stallman’s TED talk, members of Pugwash agreed with his argument that something has to be done about malicious programs, but many did not agree with his solution. Members who were not technically focused felt quite helpless. If they couldn’t trust software developed by companies, why could they trust software developed by other programmers?
More technically-minded members argued that, unlike companies, the open source community did not have a reason to write malicious programs. In fact, such a community tends to be self-policing. However, this argument did not quell the concerns of many members.
Many members felt that Stallman understated the sacrifice of only using free software. Free software can be of lower quality and is frequently designed for programmers rather than regular users. Many popular services use cloud-based programs, which by definition cannot be free software. By pretending that the sacrifice of only using free software is quite small, Stallman perpetuates the alienation non-programmers feel from the free software community.
Some members of Pugwash argued that the free software movement was the wrong method for preventing malicious programs. Instead, they argued that governmental regulation of programs should prevent companies from providing malicious programs. Other members argued that this process was quite impossible, because of the monumental effort required to enforce such regulation.
All members of Pugwash agreed that malicious code was a serious problem. However, many felt quite helpless and disgruntled by the free software movement. The technological barriers to understanding and being able to do something about this problem continues to be an issue without a simple solution.