Hello, President Rousseff … I told you so.
Paw Prints: Writings of the maddog
Dear President Rousseff,
I understand that you are irritated with my country, the United States of America, because one of our agencies, the National Security Agency, has been tapping into your private communications, reading your email and otherwise spying on you and other Brazilian nationals.
Please pardon me for saying this, but “I told you so”.
Ever since 1996 I have been coming to Brazil, and talking about GNU/Linux and Free and Open Source Software in general. After the events of September 11, 2001 and the passage of the so-called “USA Patriot Act of 2001”, I started to feel this little chill in the back of my mind, where I knew such far-reaching, unchecked powers were not what the founding patriots of our country intended....in fact, quite the opposite.
Over the past ten years I was also becoming more attuned with the issues around Cuba and the embargo that has been going on for over forty years. With the reaction of my country to the election of Hugo Chavez, I began to wonder what would happen if Brazil (or a lot of other countries) found itself under economic or military embargo.
Having been in the computer industry since 1969, of course I thought of embargo issues from a computer science/software standpoint, and this has been one of the main driving points of my desire to see Brazil (and the rest of the world) use Free Software and to also design and manufacture Open Hardware.
For at least the past ten years I have been telling audiences around the world that I love my country but if you do not live in my country then any data that is stored in my country, or even passes somewhat near the borders of my country is not really “private”. I also have been telling you that software is no longer a luxury, and if all the software was to disappear from the planet, your elevators would stop working and your email would stop flowing. Finally I have said many, many times that the Military in the United States does not think twice about putting closed source code created by US-based companies into our tanks, planes and ships because these companies are headed by loyal, US citizens....but if you are China or (ahem) Brazil, you should really think twice about putting software into your weapons if you have not inspected all of the code for trapdoors and Trojan horses.
Several times I also pointed out the issues of economic embargo, purposely using that tiny island off the coast of Florida as an example. I pointed out that companies like Microsoft and Oracle could not legally sell their software to Cuba. Of course Cuba did use Microsoft and Oracle software, but Fidel could not call up Bill Gates and offer him a box of cigars to fix a problem they were having, because Bill Gates is a loyal, US citizen and we are not allowed to sell high-tech things to Cuba.
Some of these companies have a program that allows you to “look” at their source code pool to inspect it for Trojan Horses and other trapdoors, but do those companies really expect you to believe the source code you are looking at was the code that built your closed-source binary products?
In this time frame I have been singing the praises of Free and Open Source Software, developed around the world, with the eyes of every nation upon it. Software that can (as you know) typically be pulled down from the Internet for free, using the money that you usually would pay in license fees to the company making it to pay local in-country programmers to change it to meet your needs. Local programmers that buy local food, local housing and pay local taxes.....and who vote for local politicians. I have also pointed out that while a business person in a country like Vietnam may find it difficult to pay 400 USD per hour for programmers, that Vietnamese businessperson might find a local resource that could do just as good a job for a lot less money.
Finally I lectured against storing Brazilian data, particularly sensitive data, outside of your national boundaries. Brazilians get to vote for you, President Rousseff. If they do not like what you do, they can vote someone else in. Brazilians can not vote for President Obama, or John Boehner, the Speaker of the USA House of Representatives, nor can they vote to amend our Constitution to better protect their data.
I will point out that while I recognize the advantages of some types of “cloud” infrastructures, I have been very vocal about how “clouds” will hide software from people's control and make people even more dependent on large “cloud” companies based in the USA than they are today on large closed-source product companies based in the USA.
You may not have been in my lectures, President Rousseff, but your people were, and I was hurt that they did not seem to take my warnings seriously....until now.
Now I hear you want to develop a method of protecting Brazil from this intrusive behavior from the USA. I applaud you for that, and I hope that other countries do the same. Perhaps Brazil can (once again) be a model for how a task like this can be done. Of course it will not be easy, as security and safety are not easily accomplished. It takes a lot of planning and a lot of hard work.
I have good news for you in the fact that I have been working on a plan for seven years that would:
- create millions of new, independent, local, entrepreneurial, high tech jobs, training people to help with the issue of privacy and security while delivering better computer service to local users
- create a framework for millions of “local clouds” and thin clients that would provide better, lower-cost computing services for urban areas with lower energy and cooling costs
- generate an answer to wireless communication saturation and contention, allowing hundreds of megabits of data per second to each device
- reduce the amount of electronic storage waste, keeping electronic waste out of Brazil's landfills
- make computers easier to use, saving time and money for end users
- help with Brazil's balance of trade by spending more software and hardware dollars inside of Brazil instead of sending it outside your country
- allow Brazilians to decide where to run their programs and where to store their data dynamically, and under Brazilian control
- utilize Brazilian designed and manufactured computers
All of the above (and more) could be done today with existing Free and Open Source Software and existing hardware, but a lot of the hardware is designed and produced in China, which does nothing for Brazilian manufacturing or the creation of a Brazilian high-tech design industry, and opens up spy-ware possibilities by allowing “binary blobs” to exist in the firmware. My plan utilizes Brazilian universities and Brazilian industries to create these high-tech solutions, designed and manufactured inside of Brazil.
All of the above was designed to be funded privately, with the government only having to license (and appropriately tax) the millions of new entrepreneurs and thousands of companies needed to produce this structure. However to have the project completely funded privately means it could take twenty years to finish. With some small initial funding from the government and some cooperation from various agencies we could make the project self sustaining in three years, and shorten the implementation time to ten years.
The plan is one I have been speaking about freely for the past three years. It is an open project called “Project Cauã”, and we have been working hard to bring it forward. To say that we have been met with a lack of cooperation from both Brazilian government (federal, state and local) and Brazilian industry is an understatement.
Project Cauã could be extended to give Brazil (and other countries) the sovereignty necessary to control their own Internet and have its own “cloud services” without breaking the access to the world-wide Internet that people enjoy today.
I am not asking that you adopt Project Cauã, although I think Project Cauã would give the Brazilian people living in high-density urban areas (about 70% of the population) many benefits. I do think that in light of the issues I have brought forth in this letter that you should:
- teach Free and Open Source Software and Hardware techniques at Federal universities
- create governmental policies to accelerate the adoption of Free and Open Source Software and Hardware at an even faster rate
- accelerate the certification of systems administrators in FOSS, perhaps by giving tax advantages
- create or accelerate tax breaks for new buildings wired for networking to bring high-speed local "clouds" to your people
Brazil has been a leader in FOSS for many years. I have called it the "shining star" of FOSS in Latin America. Brazil is doing some of the points I have mentioned above, but in light of what has happened with the NSA, I believe you need to accelerate this even more.
I am currently scheduled to speak about Project Cauã at Latinoware in Foz do Iguassu October 16th and 17th, and again at a conference being held in Brasilia on November 8th. I do not expect you to be there, as you are very busy, but I would like to seriously discuss with members of your staff and other members of the Brazilian government methods of helping Brazil pilot its own IT future, perhaps using part or all of Project Cauã.
It might take ten years, but if you do not start now you will never get there, and I think you would want to have people remember you as the “Progressive President”.
Jon “maddog” Hall, President
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.