[tt] NS: Laptops could betray users in the developing world

[Premise Checker]

Laptops could betray users in the developing world
http://technology.newscientist.com/article.ns?id=mg19826596.100&print=true
8.6.5
Colin Barras

IN JANUARY, a court in Mazar-e-Sharif, Afghanistan, sentenced a
young journalism student to death. Sayed Pervez Kambaksh's crime was
to download and distribute a document about Islam and women's rights
to his fellow students at Balkh University in Mazar, an action that
the court considered blasphemous. Despite widespread international
condemnation, the Afghan Senate later passed a motion confirming the
death sentence.

Kambaksh was caught because some of his fellow students reported him
to the authorities. But oppressive governments could soon have a
simple way to track the internet activity of their citizens
directly, potentially paving the way for many more such cases.

For security reasons, sensitive data sent over the internet, such as
that used for online banking transactions, is digitally signed at
source with a signature that can be traced to the user's computer.
This helps validate their identity and guard against fraud. The
system is known as non-repudiation, because the person creating the
digital signature can reasonably be assumed to be the source of the
sensitive data and, in a fraud case, for example, cannot repudiate
this.

If this system were to become the default setting for all traffic on
a network, there would be nothing to stop authorities from tracing
the source of any online activity, says Len Sassaman, a computer
security researcher at the Catholic University of Leuven (KUL) in
Belgium. Users would be stripped of their anonymity and authorities
could identify anyone that criticised them. "If countries like
Afghanistan were to switch to a system where the user cannot refute
any action they took on the internet, I suspect we'll see more cases
like Kambaksh's," says Sassaman.

Now Sassaman and his colleague Meredith Patterson at the University
of Iowa in Iowa City claim a prominent philanthropic organisation is
inadvertently in the process of introducing just such a system
across the developing world.

The One Laptop per Child foundation (OLPC), the brainchild of
Nicholas Negroponte, hopes to provide children around the world with
a cheap laptop, called the XO, and access to the internet. But
rolling out internet-ready laptops to inexperienced users across the
developing world poses a huge security problem, not least because
the devices could easily get stolen.

To minimise this risk, the OLPC security team, formerly led by Ivan
Krsti at Harvard University, developed the Bitfrost security model.
Bitfrost has garnered praise from security experts around the world
for its innovations, such as its anti-theft system, P_THEFT. Each
laptop automatically phones an anti-theft server each day, sending
its serial number. The server responds with an activation lease,
valid for the next 24 hours. Any laptop that has been reported
stolen is denied activation and becomes a useless lump of plastic
and metal. While this will discourage theft, Sassaman and Patterson
think there is a crucial element missing from the Bitfrost security
model - personal privacy.

Because the XO laptops will often be used in areas with limited
internet connectivity, the OLPC team chose to use a mesh network, in
which all XO computers in the region act as nodes. This means a
message might pass through many XOs before it reaches its target, so
each one is digitally signed to authenticate its source. While it is
possible to use a digital signature that simply confirms the device
is legitimate without identifying it, Bitfrost uses non-repudiable
digital signatures. These can be traced to a specific laptop and -
since children must register their details with a central database
on taking possession of their XO - an individual child.

"If a government happens to be monitoring, perhaps by inserting
itself into the network between two XOs, it can prove to the world
that the communicating parties said what they said," says Sassaman.
Then, taking advantage of the P_THEFT system, the government could
silence the user by simply denying their laptop a new activation
key.

Steven Murdoch, a privacy and security researcher at the University
of Cambridge, says that Sassaman and Patterson have made a useful
contribution to the Bitfrost model. "What I found most surprising
about the Bitfrost specification is that it doesn't appear to
consider governments as a risk to security," he says.

Simson Garfinkel, a former security consultant for OLPC, dismisses
the claims. He says Bitfrost does not use the signature to track
user activity, adding that the model was intensely scrutinised by
security experts after it was developed.

"It's an issue of intent versus possibility," counters Sassaman.
"They may not intend for the signatures to be used for
non-repudiation, but it's possible to use them for this purpose."

That won't be an issue, says Ricky Greenwald, a clinical
psychologist and founder of the Child Trauma Institute in
Greenfield, Massachusetts. Governments won't need to monitor the
internet activity of 5 to 10-year-olds. "Children that age are more
likely to use their computer for games and schoolwork," he says.
It's very unlikely that a child's laptop would be deactivated by an
oppressive regime, he says.

Sassaman disagrees. "Remember where these computers are being
deployed," he says. "We have 11-year-olds in some of these countries
being drafted as child soldiers. Why would we not want to give them
the ability to whistleblow?"

Furthermore, Sassaman points out that it is unlikely that XO laptops
will be used by children alone. "The OLPC project is laying the
groundwork for a major network across the Third World," he says.
"It's rather short-sighted to think that this would be limited to
children, or to education." With rumours that an adult XO programme
is in development, it is important to tackle security issues now, he
says.

To this end, Sassaman and Patterson are working on a modified
version of Bitfrost that will allow XO laptops to identify each
other without eroding the privacy of their users. Their work is at a
preliminary stage, but will be based on existing cryptographic
techniques that cannot be used for non-repudiation.

With recent changes at the OLPC project it remains to be seen how
widely Bitfrost will be installed in the XO laptops (see "Education,
or just the laptop?"). The security system was designed to run
alongside the Linux operating system and the experimental Sugar
graphical user interface developed for the project. Last month,
however, OLPC announced that the latest XO laptops will run Windows
XP, although the foundation said the machines will eventually be
able to run both operating systems. So far, there are 1000 XOs in
Mongolia and 8000 in Uruguay using Bitfrost, with thousands more due
to be delivered this year. Other countries that have agreed to buy
XOs include Peru, Libya, Nigeria and Rwanda.

Meanwhile Walter Bender, the former president of software and
content at the OLPC, has begun talks with a number of ultra-low-cost
laptop manufacturers that might see Sugar deployed on non-XO laptops
in the near future. "Bitfrost is a far-reaching design," Bender
says. "Much of it is of general use, and aspects of Bitfrost will be
folded into the Sugar efforts."

Sassaman welcomes this development. "Don't get me wrong, Bitfrost is
a highly ambitious project. It's an application of lessons learned
in software security and in that respect it has done a great job,"
he says. "They just happened to overlook a significant issue - user
privacy. But those problems can be fixed without changing the goals
of Bitfrost."

At the time New Scientist went to press, after four months of
international pressure, the Afghan authorities appear to be on the
verge of freeing Kambaksh. With modifications to Bitfrost, Sassaman
and Patterson hope that, in similar cases, at least people's
computers won't betray them.

Computer Viruses - Learn more about the threats to your PC in our
comprehensive special report.

Education, or just the laptop?

Earlier this year, Nicholas Negroponte claimed that One Laptop per
Child, the organisation he founded, had been acting "like a
terrorist group" and needed to be managed "more like Microsoft".
Since then, OLPC has lost some of its key members and all but
abandoned a Linux operating system in favour of the ubiquitous
Microsoft Windows XP.

Reports suggest Negroponte took the decision to adopt Windows after
requests from developing countries, which were stalling on placing
orders for the XO. Critics argue, though, that the switch, coupled
with the recent resignations of Walter Bender, president of software
and content, and Ivan Krsti, director of security architecture, are
signs that OLPC has abandoned its original mission to educate, and
is now simply a laptop manufacturer. "Teaching children to use a
proprietary system such as Windows does not make the world a better
place, because it puts them under the power of the system's
developer," wrote Richard Stallman, founder of the Free Software
Foundation, on the foundation's blog.

Krsti argues that a Windows computer is as useful an educational
tool as one running free software, but he agrees that OLPC's
priorities have changed. "I quit when Nicholas told me that learning
was never part of the mission. The mission was, in his mind, always
getting as many laptops as possible out there," he wrote on his
personal blog.

Related Articles

Hackers have poor nations' PCs in their sights
http://technology.newscientist.com/article/mg19626345.700
15 December 2007
$100-laptop created for world's poorest countries
http://technology.newscientist.com/article/dn8338
17 November 2005
Developing nations to test new $150 laptops
http://technology.newscientist.com/article/dn11177
13 February 2007

Weblinks

One Laptop Per Child
http://laptop.org/
_______________________________________________
tt mailing list
tt at postbiota.org
http://postbiota.org/mailman/listinfo/tt

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE