You probably heard about the bug in the Free Software OpenSSL nicknamed "heartbleed". The FSFE already welcomed the industry initiative to fund critical Free Software projects, and the topic was discussed in several blog articles on the planet: Sam Tuke wrote about his impression, Hugo Roy shared an XKCD comic explaining how heartbleed works, and Martin Gollowitzer wrote about what the Heartbleed bug revealed to him about StartSSL certificate authority.
But your editor is convinced that the main problem is not OpenSSL. It is not Free Software. It is about companies not taking responsibilities and about missing economic incentives to ensure security. Security expert Bruce Schneier wrote in 2006:
"We generally think of computer security as a problem of technology, but often systems fail because of misplaced economic incentives: The people who could protect a system are not the ones who suffer the costs of failure."
In a nutshell, if your private data is exposed because your health insurance, where it is stored, did not take care to secure it, you suffer to a much higher degree than the health insurance does! You are in no position to pressure the health insurance to change its level of security, and they have no economic incentive to do so. In the article Schneier further explains that the liability for attacks is diffuse and that "the economic considerations of security are more important than the technical considerations".
Following the argument, the important question we face is, how can we give the right economic incentives to ensure that: security relevant software has the proper funding; third parties are auditing code; more people are trained in computer security; programmers have time for maintenance and are not forced to just develop new features; we have a diversity of software for different special purposes and therefor prevent software monocultures; companies run secure software instead of just giving people a good feeling by performing a security theatre or by delegating responsibility to others (for example the government), so they can be blamed if there is a problem, and that also the security interest of private users is fulfilled and not just those of big cooperations.
In the FSFE we thought about how to give good economic incentives for Free Software development from the beginning, and now we have to think more about economic incentives to increase security. It is a difficult area, so we are looking forward to your comments on this topic and invite you to discuss it on our public mailing lists.
Local elections scheduled across the country for the following day, the government blocking both YouTube and Twitter, and the usage numbers of the Free Software anonymity software Tor doubling during the week. Is there a better time for the FSFE's President to go to this country? At the annual conference of the Turkish GNU/Linux Users Association in Istanbul Karsten Gerloff talked about the relationship between technology and power, and made it to the front page of a national newspaper by mentioning who sold the software to block the internet. Karsten wrote a summary of his talk and his journey in his blog.
The talk would not have happened without our Turkish volunteer Nermin Canik, who encouraged us to attend the conference. Nermin has been working steadily and reliably as a volunteer for a couple of years now. Together with other volunteers she organised Document Freedom Day (DFD) events in Turkey. This year, although as mentioned above it was a hard time for people in Turkey who care about freedom, they accomplished 7 events in Istanbul, Ankara, Çayırova, Denizli, and Adana.
Have a look at the Document Freedom Day 2014 Report to find out what happened in Turkey and around the world during that day. The report includes lots of pictures ranging from children celebrating DFD at school, the new leaflets, comic, and t-shirts, as well as the very delicious looking cakes. Thanks to our Turkish translator Tahir Emre and our leaving intern Matti Lammi the report and the whole DFD website are also available in Turkish and Finnish.
As we wrote in March, candidates pledging for Free Software is a good way to take them at their word after an election. In Future we can contact them whenever there will be EU legislation to be passed that might endanger the existence or growth of Free Software.
After FSFE's volunteers did a lot of translations for the pact, April now published all necessary information on the Free Software pact website so you can get active.
In Italy our new intern Michele Marrali already contacted 51 candidates. He searched for the candidates, used Erik's template (also available in German) to contact them, and afterwards noted on our pad whom he already contacted. His goal is to contact every Italian candidate and get them to sign the pact. So how many can you contact?
In case you do not have time to participate in this "hobby lobby competition", consider to make a donation so we can offer the most active volunteers some rewards from our shop.
Thanks to all the volunteers, Fellows and
corporate donors who enable our work,
Matthias Kirschner - FSFE