Open Source and the threat of mandatory filters

Keep in mind this thread will touch on a few social and political subjects, although it’s intended to be a technical discussion as well. I tried finding more info on the matter, however my search engine didn’t help a lot. I believe this new threat is an issue we need to start being aware of and ready to combat in case it becomes a thing.

I wanted to discuss the subject of censorship by means of hardware level filtering: How technically possible is it, how could it work, and what other software (especially an OS like Linux) can do to combat it.

Lawmakers have recently began toying with a new idea in the department of website blocking: Instead of making ISP’s block undesired sites, make it mandatory for the user to have censorship software installed on their devices, by forcing providers to make sure the owner of a device can’t uninstall their filter without authorization. This can be done in one of two ways: Either a hidden filter being part of the preinstalled operating system, or a special censorship chip being installed on the motherboard of every smartphone laptop and desktop sold in stores. I wanted to discuss both methods here.

I believe this sort of thing should not be underestimated nor taken lightly. If this mentality gains ground, we’re likely headed toward a dark future where it could be a crime to even own an unlocked device without government mandated software being installed on it. Imagine living in a world where you have to take your computer into a back alley, past which a shady hacker will ask you for money in order to remove the censorship chip from your newly purchased motherboard so that you have full access to the internet again. It gets even worse: Such a push may lead to mandating that operating systems themselves include filters, criminalizing any OS that dares to respect the freedom of its users by not filtering content by force… in fact this may lead to the first case of open-source software being deemed illegal and whole Linux distributions having their websites blocked or rendered uninstallable by means of vendor lock. This approach to censorship is likely to grow as the decentralized internet arrives (Substratum, Zeronet, IPFS), which will be impossible to control by filtering any given IP address due to the P2P nature of those systems… once the darker parts of the deep web inevitably find their way in as well (livestream murders, child pornography, drug stores, etc) people and politicians will use the typical “something must be done” rhetoric, with local filtering on our devices being the only technical means to censor such a network.

Let’s get into the technical aspect which is what interests me the most. First of all, let’s discuss the scenario in which the filter is an application running on the system (like any process but with administrator rights): In the case of Windows and iOS, I’m confident they’d have no trouble convincing Microsoft and Apple to embed censorship mechanisms into their OS… but what about Linux? Apart from the fact that no serious distribution would stand for this, it’s technically impossible to have a forcefully installed program! Linux is modular, meaning that every base component is an independent application communicating with other system components, as well as being installed as its own rpm / deb package: Plasma / GNOME handles the desktop, Pulse handles the audio, X11 handles the display, etc. Each of those modules can be installed or uninstalled at will, as well as replaced with any alternative the user desires… therefore you can’t block any user capable of running the “sudo” command from uninstalling any library from their system. At most they can demand that the kernel or networking stack implement it, but even then that component is FOSS so anyone can remove the filter from the code and share their fork somewhere else. In this regard, their only option is to basically label Linux as criminal software unless it gives up its open-source nature and hosts software mandated by the government, which even I don’t believe could possibly be allowed to happen.

I worry the bigger risk comes from censorship at hardware level; There may come a day when components such as the BIOS, IME (Intel Management Engine) or other chips on the mainboard would be capable of running hidden software at CPU / memory level, which analyzes not just the network but even the memory and stuff on your disk: If it doesn’t like what it finds, it can kill any process or even delete data from your hard drive without you having the ability to stop it! In this dark scenario, the OS and / or individual applications will have to somehow protect themselves from this chip snooping in on them and / or taking action. The only way I can think of would be using encryption: Everything on the drive and in the memory would have to be encrypted, using a key that’s somehow out of the reach of the censor chip… that way, even if the chip has access to the HDD or RAM, it can’t tell what the data it’s reading is. Of course the chip may as well kill any process that doesn’t let it access its data, so that would be a problem.

I’m curious what your thoughts and opinions are on this. Do you believe things will ever get here, and we’ll one day see operating systems or hardware manufacturers being forced by law to implement internet filtering software? If that were to happen, what could a free OS like Linux do to fight it… both in terms of refusing to embed mandatory filters without being caught, as well as fighting parallel systems built into the motherboard designed to block content? I know the thoughts I presented here are worst case scenarios and unlikely to happen unless the government truly goes bonkers, however these are very scary prospects and I believe we need to be prepared to defend the free internet from them.