Canonical announced at the Mobile World Congress (MWC) conference in February that they signed agreements with telcos in Spain and China to deliver Ubuntu Phone by the end of 2014. In their press release of the announcement, the company said: “Ubuntu is a free, open-source platform for client, server and cloud computing”, and “Ubuntu Phone code is always open, so it’s visible”.
When Ubuntu announced its entry into phone market, many people expected that would be the new Ubuntu phone which will walk on the open source path. But sadly it’s not to be. Privacy International says, “…despite hopes of a totally open mobile handset platform, Privacy International has learned from Canonical that their new phone will suffer from the same problems as their competitors by leaving the baseband closed.”
According to Dr. Richard Tynan, technologist with Privacy International, “…without the ability of the security community to examine the baseband software of the new Ubuntu Phone, the open-source nature of the remaining element may provide no more assurances than other open-source phone operating systems such as Android.”
Baseband Processor, also known as baseband radio processor, BP, or BBP is a device/chip in a network interface that manages all the radio functions, in short, all functions that require an antenna. A baseband processor typically uses its own RAM and firmware. Since the software which runs on closed baseband processors is usually proprietary, it is impossible to perform an independent code audit. By reverse engineering some of the baseband chips, researchers have found security vulnerabilities which could be used to access and modify data on the phone remotely.
In March 2014, Replicant–makers of the free Android derivative–announced they have found a backdoor in the baseband software of Samsung Galaxy phones which allows remote access to user data stored on the phone.
We know that cell phone location data contains some of the most intrusive information about people in the digital age, leaving a kaleidoscopic footprint of a person’s life. Phones transmit location data whenever a phone is turned on, irrespective of whether they are being used to make calls or send text messages and emails.
According to documents supplied by whistleblower Edward Snowden, the National Security Agency (NSA) is reportedly collecting almost 5 billion cell phone records a day under a program that monitors and analyses highly personal data about the precise whereabouts of individuals, wherever they travel in the world.
Canonical, the maker of Ubuntu, has been touting the open-source nature of the operating system, but until now it has been rather vague about other details.
Now Canonical is claiming that they are at the mercy of third-party manufacturers when it comes to the Ubuntu Phone. Michael Hall, a Canonical developer, says, “There is no Ubuntu baseband OS. None. Just like there is no Ubuntu BIOS. Phones that ship with Ubuntu will have a baseband OS, but it isn’t developed by Canonical or the Ubuntu community. Ideally yes, we would love to have open source baseband code, just like we’d love to have open source BIOS (there are some). But we don’t make them, we don’t ship them, that’s just not in the scope of what we’re building.”
Dr. Richard fears, “A phone’s baseband can be exploited in a number of ways by malicious external devices that force it to surrender information about the user that can sometimes lead to suppression of protests or even death. A closed baseband does not allow for the examination of one of the most critical components of the phone, which goes against the open-source philosophy many Ubuntu users have come to embrace. The choice of Canonical to use a binary only baseband is even more disappointing when Osmocom have already produced a functional open-source GSM baseband for the Calypso chipset. One must wonder why was this not adopted or improved upon by the talented individuals at Canonical, especially given the previous enthusiasm for open-source philosophy.”
We have seen this behavior of Ubuntu at the time of Ubuntu 12.10. Does Ubuntu believe in open source philosophy at all? EFF and FSF have been critical of Canonical’s ambition to track users’ activities. Richard M Stallman, the founder of FSF says,”Ubuntu uses the information about searches to show the user ads to buy various things from Amazon. Amazon commits many wrongs; by promoting Amazon, Canonical contributes to them. However, the ads are not the core of the problem. The main issue is the spying. Canonical says it does not tell Amazon who searched for what. However, it is just as bad for Canonical to collect your personal information as it would have been for Amazon to collect it.”
I agree that it is beyond Canonical’s control to dictate open baseband, but since any major player is either way not picking Ubuntu, they could have chosen a hardware player which was using open baseband. At the same time ‘online dash search’ is something that’s under total control of Canonical, but still they chose to refuse the requests from organizations and kept it enabled by default. In case of baseband, it was easy for Canonical to put the blame on OEM; though there are alternatives if they really want, but the case of online search does leave one to wonder if Canonical truly cares about user’s privacy. Or it’s just another company like which happens to use Linux and Open Source to do what Apple, Google or Facebook want to do.
In the wake of the Edward Snowden’s revelations of the NSA collaborating with service providers to collect phone metadata, there has been tremendous interest among privacy advocates and consumers alike in a truly open source mobile phone. One that will allow code to be examined to prevent back-door access and protect user privacy.
To be Open or Not? That is the question.
The dilemma of Hamlet is a subtle and profound examining of what is more crudely expressed in the phrase out of the frying pan into the fire. In essence ‘Life is bad, but Death might be worse’.