lawful interception

GPLv3 is great to promote open innovation, but not enough to protect our constitutional communication rights

(this is a summary of some of the reasons why TFF Founder Rufo Guerreschi and others started the UVT project)

A lot of great work has been done in promotion and branding of GNU GPLv3. However, I think GPLv3 cannot promise freedoms in digital communications to ordinary users, and adequately protect their constitutional communication rights while using telematics communications.

Even a very wide deployment of GPLv3 software and its adoption - through lots of very easy to use online services and apps - by many end users would still not provide those end users with effective means to verify the levels of security, privacy and authentication of those services, because they would have no means to verify that:

  • the code they are using on some website is effectively the same code that, thanks to the GPLv3 license, they could download from that same website
  • there is no other malicious software running on the same server
  • in general, the hardware on which that software runs has not been compromised
  • all that GPLv3 code is regularly tested, to maintain consistent levels of security, privacy and authentication

Of course, nothing of all this is a critique to the GPL or to the FSF (which has other goals than solve the general problems above): these are not problems that any license could solve. However, this doesn't change the fact that, today, it has become extremely difficult for an ordinary person to enjoy the freedoms promote by FSF. It is not a problem of demand but of supply. There are no tools and practices that are accessible to the ordinary person who cares about his or her freedom, not even for the most sensitive parts of their computing or communications.

There is a large demand, and need, for that. People in regimes with decent judiciary systems should have access to basic digital communications in a way that:

  • it is not controlled by any private corporation, nor by any single system administrator or anyone else
  • does not run on proprietary and/or unsafe hardware and software environments
  • it is legal

The last point is crucial for quick and large scale building and adoption (even from people without software hacking skills) of such secure and privacy-friendly communication systems. In practice, it means that such systems should be built and work in ways that still allow lawful interceptions and compliance with the EU data retenction directive and similar laws, but in ways that also make abuse of those laws, as well as violations of your privacy by private parties (e.g. business competitors...) impossible.

If we could bring out a service and device like that, active citizens could communicate with adequate privacy and security, while lawful interceptions, authorized by Courts after getting evidence of their needs, would still be possible.

In other words, the availabily of such integrated services and devices for peaceful and democratic political activists, would make it politically difficult for governments to:

  • further promote the "privacy is bad" meme that is now being aggressively promoted and would prepare the way for laws that make all encrypted communications illegal
  • make secret deals for large scale privacy violations with telecom networks operators and providers, as there would be no single organization of that kind, that could stipulate or enforce such deals.

All this is why we conceived User Verified Telematics (UVT). UVT aims to:

- provide and effectively guarantee levels of authentication, security and privacy that are legal, very very high AND inherently, openly verifiable by everyone

  • make possible the activation of lawful interception procedures only after a Court order and in presence of a suitable number of randomly selected users, to prevent abuses (but WITHOT disclosing to anyone the identity of the intercepted users!)