In a previous blog entry, I posed the question whether open source communications software is really free and came to the conclusion that additional principles need to be defined for free communications, above and beyond the normal expectations of free software.
This is a fundamental problem that projects like the FreedomBox, Lumicall and other privacy-enabling free communications solutions must be familiar with. Otherwise there is a risk that development will never end as there is no finish line in sight.
Practical solutions are not so easily defined though: so let's just imagine a perfect solution for a moment. Later, we can contemplate the trade-offs that are necessary to make it practical.
Here are some attributes that may exist for a perfect solution:
Privacy must be the default: the user should not have to explicitly request privacy. If there is a risk that an incoming communication will establish a session without full privacy, the user should be able to decline the opportunity to participate.
Only participants to a communication can receive the communication
A third party should not be able to replay, modify or forge any aspect of the communication or the request to initiate a session
Only participants to a communication are aware that a communication occurred
Only participants to the communication are aware of who participated in the communication
A participant may be anonymous: but in this case, all other participants will be aware that there is an anonymous party present in the communication
Participants may not deduce any information about the other participants that is not explicitly shared (e.g. location, type of device, service provider)
In the case of real-time communication, a participant may leave the communication without any other party even realising that they left or why.
Communication is off-the-record: No participant can save and reproduce a copy of the communication in such a way that a third-party will know it was authentic.
Anonymous reception of communications - the perfect post-office box: someone may create an anonymous identifier that allows other people to call them without being able to trace their location or identity
Some consequences of a perfect solution
Just imagine if all communications worked in this manner.
There are many potential consequences. For example, if you call somebody and the call is not connected, you will get no feedback about whether their line is busy, out of service or whether they deliberately chose to reject your call.
Another example is somebody who is driving while talking on a telephone. If they have an accident, there will be no way to prove that they were using the phone. This may already be the case if somebody uses a VoIP app on their phone - the police investigating the accident later will simply find no records of calls through the mobile phone account.
The perfect solution described here is something of a holy grail rather than a recipe that a developer can implement. It is unlikely that such a solution will fall out of the sky in the immediate future. Most software products that offer secure communications only address less than half the issues described above: for example, digital mobile phones prevent eavesdropping with arbitrary radio receivers, but they don't prevent shops detecting the IMEI (serial numbers) of phones that pass through their store and using that information to identify repeat visits to their store.