Free software gives more control than this entire room

One of my primary reasons for using mostly free software is control over my computer and the software on it. Free software gives this control as I could change programs to get rid of various features that annoyed me enough that I would take the time to deal with them. Admittedly I might not have the free time or the skill to deal with any given problem without a fair amount of effort, but this would not change the possibility that I could. Besides which I might be sufficiently lucky that any problems I had would already have been dealt with by others with more free time. It is entirely possible that I might not exercise this freedom on any sort of regular basis, but its mere presence is comforting as at least if something goes wrong I could always decide to try and fix it or imagine that others in a similar position will fix it and provide the solution.

The issue of control over one’s computer becomes more important with the proliferation of systems for securing information. While a system such as HiStar (GPLv2) or Asbestos (BSD) may control information flow with the intent of protecting the user’s data (pdf), controlling information flow is an essential part of DRM and treacherous computing. If one wished to properly implement DRM with confidence that it was correct, one would probably be well served in using a language like Jif (pdf), which is a modified form of Java with annotations to deal with information flow control. The system described in the paper relies upon the existence of a trusted execution platform so that the provider of data can trust that the software will execute correctly and not communicate the protected data inappropriately. However if one’s execution platform is free software, one can simply change the execution platforms code and gain access to the protected data ‘inappropriately.’

Naturally such an event would be a significant problem for a party concerned about the safety of the data communicated, as it might mean that one could never trust a computer running free software as it can change without notice. A friend of mine involved in this area of research sees this as a significant problem as he thinks that it is important to be able to show that someone else can trust your execution platform. Of course if one’s platform is not trusted, others may not be willing to provide sensitive data to it as they have no proof that it will not be leaked. He compared the ability to demonstrate one’s execution platform as trusted to that of giving one’s car keys to a friend when intoxicated so that one can try and prove that one will not be driving. In this analogy if the car is the computer running free software then one may simply hotwire the car so that handing over the keys provides no proof that one cannot drive. However, this analogy is substantially flawed, rather than having the keys to hand over in the first place one must ask for the keys every time one wants to drive, and this would be fairly undesirable. (in exploring this analogy it occurs to me that some people would prefer in car breathalyzers as a general ‘feature’). Perhaps using free software means that one will not be able to prove the trustworthiness of your system, but having a system I can trust to do what I want rather than a system other people can trust to do what they want seems much more valuable.

Using proprietary software grants others control over your computer so that its actions do not suit your preferences. Conceivably one could accept having a machine trustworthy to others over one that is trustworthy to oneself, but it is extremely puzzling to me that anyone would choose to do so.

Would you trust proprietary software with this key?

Might this happen?