October News

Public XMPP operators commit to fully encrypted communications network by May 19, 2014

Operators We, as operators of public services and developers of software programs that use the XMPP instant messaging standard published“A Public Statement Regarding Ubiquitous Encryption on the XMPP Network”committing to implement encryption in their products and services by May 19, 2014. XMPP, which stands for Extensible Messaging and Presence Protocol, is a popular open Internet standard for instant messaging and real time communications. The schedule calls for intial test implementations of encryption on public XMPP networks on January 4, 2014 with a full implementation required by May 19, 2013 to coincide withOpenDiscussion Day.Open Discussion Day is a promotion of open communication systems and protocols.

The XMPP protocol originated with the Jabber instant messaging open source project. The protocol was formally adopted by IETF in 2002 in a series of RFC specifications. Since then the protocol has been implemented in multiple open source and propriety instance messaging and presence information products. In addition to high quality open source implementations of XMPP servers, major social media providers including Google, Facebook, Microsoft, and Apple have implemented XMPP client compatibility.

Thirty four XMPP public services from around the global including operators from Germany, the United States, and Japan have signed on to the statement. The signers are committing to the use of secure public encryption standards and cease the continued use of outdated encryption standards that are no longer considered secure. The changes will require that service providers encrypt all client to server communications; all server to server communications; and that they allow a person using the network to see what encryption is being used when transmitting their personal information. The latest versions of TLS are still believed to be secure and will become the preferred encryption protocol. Recent news reports have revealed that some encryption protocols have been compromised by the U.S. National Security Agency, but the latest versions of TLS appear to be safe against technical attacks by the NSA. Support for SSLv2 and SSLv3, the precursors to TLS, will be disabled as they are no longer considered secure. This announcement reflects a growing trend towards the adoption of open standards for communication and encryption in an effort to ensure that end user privacy is protected.

Anger and worry over NSA surveillance has experts urging a move toward open source encryption

Disturbed and concerned about NSA spying, global IT companies are scaling up security to exclude US and other State listeners. As they do so they will be relying increasingly on FOSS security tools– especially encryption tools– in preference to now discredited proprietary alternatives. Google and Facebook have publiclyexpressed angerover recent revelations of NSA spying. Google, Facebook, and Yahoo have recently decided to increase the length of encryption keys used to secure their data, which should make it more difficult for others to decrypt information by guessing the key. Twitter is rumored to be making plans to implement encryption for direct messaging between individual users.

Open source advocates have long maintained that the only encryption that can be trusted is open source encryption software because without the ability to inspect the source code it is impossible to tell if a government or other attacker has compromised the security of the system. Those concerns may have been validated byrecent documentsshowing that that the NSA pushed for a flawed encryption method it created to be adopted as a standard by both the U.S. National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO). Numerous companies who had been relying on the flawed encryption standard have recently switched over to more reliable standards for their data protection needs.

Security experts are advocating more then ever for the use of open source encryption programs for security conscious individuals and institutions. A member of the Internet Engineering Task Force hassuggesteddeveloping new open source software and hardware to help secure Internet infrastructure from ubiquitous surveillance. Much of the Internet is already secured by open source software projects likeOpenSSLwhich provides encryption for a large portion of Internet traffic, especially VPNs and secure web browsing. Other open source projects such as GPG have long been relied on to provide secure email and document encryption.

Open Source Software Experts From the United States and Europe to appear at Korean Copyright Commission’s November Conference

Carlo Piana, the foremost European FOSS lawyer, will be appearing at the Korean Copyright Commission’s November Conference on FOSS software, along with Song Kee Ryong of the Software Freedom Law Center.

Mr. Piana is an expert in field of free software licensing and has over 17 years experience in Internet and technology law. In addition to serving as the general counsel of the Free Software Foundation Europe, he currently has his own practice in Italy where he represents clients in European courts in the fields of Data Protection and IT security. Mr. Piana had published on open source licensing and serves on the Editorial Committee of the International Free and Open Source Software Law Review (“IFOSS L. rev.”). Mr. Piana recently conducted a workshop on the legal aspects of Free and Open Source for the European Parliament with with Professor Eben Moglen of the Software Freedom Law Center in the summer of 2013.

Song Kee Ryong will also be presenting at the conference. Song Kee Ryong received a Master of Law Degree in 2010 from Columbia Law School and is currently employed at the Software Freedom Law Center, the premier American law firm specializing in open source software issues.

Significant Developments in Free and Open Source Software Compliance Expected in the Coming Months

The Korean Copyright Commission and the Software Freedom Law Center anticipate significant developments in the area of FOSS compliance in the coming months, including major changes in global best compliance practices, led by Samsung Electronics, and the first reissue in five years of the Software Freedom Law Center’s well-respectedGPL Compliance Guide.

The GPL compliance guide offers general guidance on the use of software available under the GNU General Public License (GPL) and related licenses. In accordance with the Software Freedom Law Center’s philosophy of assisting FOSS users in adopting a proactive and cooperative approached to GPL compliance and FOSS community relations, this guide focuses on avoiding license violations and minimizing the negative impact when unforeseen enforcement actions occur. It introduces and explains basic legal concepts related to the GPL and its enforcement by copyright holders. It also outlines business practices and methods that lead to better GPL compliance. Finally, it recommends proper post-violation responses to the concerns of copyright holders.

Last updated in 2008, the forth coming reissue will expand upon the current guide and reflect the developments that have accompanied the increased role of FOSS in the global economy over the past five years.

FOSS Use in the Automotive Industry Booming

Mercedes Benz uses free and open source software in every model of every series in its current line. Mercedes Benz recently released asupplement to its vehicle owners guidethat lists all of the open source licenses covering software components in each of its product models. The high end Mercedes S Class, for example, contains over 90 open source software components. Each and every one of the vehicles marketed under the Mercedes name contains GPL software. Included in the Mercedes license supplement is a copy of all of the license agreements and an offer to provide the corresponding source code for the GPL’d components contained in each vehicle model.

Mercedes Benz is not the only car manufacturer using open source software. U.S. Based General Motors is producing Cadillacs using a Linux based in-vehicle infotainment system (IVI). The same IVI is also being used in newer models of Toyota’s luxury brand Lexus. In addition to Cadillac and Lexus, Jaguar, Land Rover, and the California based all-electric Tesla motors are also beginning to use open source software in their vehicles as well.

Car manufactures are leveraging the same open source software used to power mobile phones in order to provide customers features and experiences in their automobiles that rival what they have grown used to from the mobile device they carry in their pockets. The same Linux operating system software used in the open source IVI is also the software used to power Android phones and numerous other consumer devices. Rudi Streif, the leader of the Linux Foundation’s Automotive Grade Linux work group, says that car manufactures are attracted to the prospect of leveraging what is essentially an $11 billion investment already made in Linux by many other companies including IBM and Intel.

Car manufacture’s are not simply duplicating Android or embedding phones in their vehicles. The IVI system is based onTizena open source platform designed to work on multiple devices from smart phones and tablets to TVs and cars. The cost to auto manufacturers of deploying and maintaining an open source software platform is dramatically less than the cost of doing the same for their own individual proprietary systems. As a result car companies are able to focus resources on differentiating their user interfaces and are able to offer a vastly improved user experience compared to proprietary alternatives.