Researcher: We must design a new, open source Internet

Will online information ever be safe from government snooping? It could be, says researcher Eli Dourado, if we design a "new Internet" based on open source software and hardware.

"Open source" refers to software such as Mozilla's Firefox browser and the Linux operating system. The programmes are typically free to download and the source code is available to anyone who wants it, allowing people to modify the programmes to suit their needs.

The restriction-free attitude of open source distributors has led to their popularity among programmers and tech-savvy users. Dourado, an economics and technology research fellow at the Mercatus Center, George Mason University, argued in his op-ed piece for the New York Times that the freedom to delve into the workings of open source programs could allow security-minded users to "scrutinize the code for vulnerabilities — whether accidentally or intentionally introduced."

One of the main reasons for the success and scope of the NSA and GCHQ's PRISM and TEMPORA programmes, revealed earlier this year by mega-leaker Edward Snowden, was that "companies like Microsoft, Apple and Google... programmed 'back door' encryption weaknesses into popular consumer products and services like Hotmail, iPhones and Android phones."

This kind of corporation-government collusion would be impossible, Dourado argues, if open source software was more widespread, open as it is to scrutiny by independent security experts.

But the solution can't stop at open source software, Dourado says. If the Internet is to be truly secured against government spying, the open source movement needs to encompass the hardware that makes up the infrastructure of the Internet.

The bulk of the UK's TEMPORA programme involved the tapping of data from the undersea transatlantic fibre optic cables that linked the US to Britain and the rest of Europe. According to Dourado, interceptions like this would be more difficult if companies and individuals had access to the underlying hardware architecture of the Internet.

However, he concedes that "open hardware would at a minimum make the NSA's Internet surveillance efforts more difficult and less effective."

Other security analysts agree. When contacted by ITProPortal, Adrian Culley, technical consultant at Damballa security firm, said that while "a new, open-source, secure Internet would be very welcome," it would still be vulnerable to interception by nation states and others.

"All communications CAN be passively intercepted. Without exception," he told us. "Nation states have signals intelligence agencies specifically to do this. I would be very interested in learning how any proposed new open-source Internet would be immune to interception of communications."

Dourado's suggestions have also met with a mixed response among other analysts. Timothy B Lee, editor of the Washington Post's technology blog, argued on Twitter that "End-to-end encryption is a better approach".

"Let's do both!" Dourado riposted, adding the caveat that "I'm not claiming a silver bullet."

Image: Flickr (PNNL - Pacific Northwest National Laboratory)