Stories
Slash Boxes
Comments

SoylentNews is people

Convicted by Code

posted by martyb on Sunday October 18 2015, @12:09AM   Printer-friendly
from the and-then-we'll-welcome-you-to-obfuscated-code-contests dept.

Phoenix666 writes:

Secret code is everywhere—in elevators, airplanes, medical devices. By refusing to publish the source code for software, companies make it impossible for third parties to inspect, even when that code has enormous effects on society and policy. Secret code risks security flaws that leave us vulnerable to hacks and data leaks. It can threaten privacy by gathering information about us without our knowledge. It may interfere with equal treatment under law if the government relies on it to determine our eligibility for benefits or whether to put us on a no-fly list. And secret code enables cheaters and hides mistakes, as with Volkswagen: The company admitted recently that it used covert software to cheat emissions tests for 11 million diesel cars spewing smog at 40 times the legal limit.

But as shocking as Volkswagen's fraud may be, it only heralds more of its kind. It's time to address one of the most urgent if overlooked tech transparency issues—secret code in the criminal justice system. Today, closed, proprietary software can put you in prison or even on death row. And in most U.S. jurisdictions you still wouldn't have the right to inspect it. In short, prosecutors have a Volkswagen problem.

Interesting article with implications for Open Source.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Convicted by Code | Log In/Create an Account | Top | 38 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday October 18 2015, @01:19AM

    by Anonymous Coward on Sunday October 18 2015, @01:19AM (#251300)

    We had the source code, we knew the hackers were out there trying to take advantage and yet the bugs were hidden in plain sight for years and years. Multiple bugs, and nobody would be surprised if there are still some in there that are being exploited right now. And this isn't a huge piece of code.

    Just because the source is free and open doesn't mean it's safe.

  • (Score: 0) by Anonymous Coward on Sunday October 18 2015, @01:25AM

    by Anonymous Coward on Sunday October 18 2015, @01:25AM (#251304)

    They weren't even hidden in plain sight, they were reported to OpenSSL and on their bug tracker and just ignored. There's no difference between OSS and CSS. It's all in people's minds. You can examine closed source programs with a debugger and disassembler and find stuff that would be obfuscated at source level this way (in both cases).

    • (Score: 0) by Anonymous Coward on Sunday October 18 2015, @01:33AM

      by Anonymous Coward on Sunday October 18 2015, @01:33AM (#251307)

      There's no difference between OSS and CSS.

      Open source is irrelevant. What matters is free software. The real issue with proprietary software is that it denies users their freedoms. This includes being completely dependent on whoever develops the software, which is a recipe for disaster.

      You can examine closed source programs with a debugger and disassembler and find stuff that would be obfuscated at source level this way (in both cases).

      That's far less useful than having free software which respects all of your freedoms. Then you have the source code and you can still debug.

  • (Score: 0) by Anonymous Coward on Sunday October 18 2015, @01:28AM

    by Anonymous Coward on Sunday October 18 2015, @01:28AM (#251306)

    Your 'counterexample' is irrelevant. Saying that free software is more secure is not the same as saying that free software is perfectly secure. So pointing out that there are occasionally bad exploits is utterly meaningless unless you are under the delusion that non-free proprietary software doesn't have these problems to an even greater extent. With proprietary software, you don't even have the freedom to inspect the code or hire some independent third party to audit it, let alone modify it and share your changes. You're completely dependent on your masters (probably a corporation), and if you don't like those masters or you don't want masters, too bad.

    • (Score: 0) by Anonymous Coward on Sunday October 18 2015, @01:36AM

      by Anonymous Coward on Sunday October 18 2015, @01:36AM (#251309)

      I have no doubt that closed source has bugs at least as bad as OpenSSL, but it does have one advantage.

      Security by obscurity.

      Of course, that won't protect it from the likes of the NSA, or perhaps, the Chinese or Russian governments, but it probably does help against the credit card-stealing botnets, i.e. criminals motivated first and foremost by $$$.

      • (Score: 0) by Anonymous Coward on Sunday October 18 2015, @01:42AM

        by Anonymous Coward on Sunday October 18 2015, @01:42AM (#251313)

        I have no doubt that closed source has bugs at least as bad as OpenSSL, but it does have one advantage.

        Security by obscurity.

        That's not actually an advantage, but a disadvantage. It requires that users be completely dependent on the ones who develop the software (often companies who don't care about you or your security at all), and you have no freedoms whatsoever.

        We have seen tons of non-free proprietary software (not "closed source") where this insecurity by obscurity is ruthlessly exploited.

  • (Score: 1, Insightful) by Anonymous Coward on Sunday October 18 2015, @05:14AM

    by Anonymous Coward on Sunday October 18 2015, @05:14AM (#251362)

    Your argument is a nirvana fallacy. Open source is not a perfect solution, but that doesn't mean it's not a superior solution.