Linked by Thom Holwerda on Mon 22nd May 2017 11:42 UTC
In the News

Like many other countries, The Netherlands uses a chip card for paying and using public transport, and while there's been a number of issues regarding its security, privacy, and stability, it won't be going anywhere any time soon. Just today, the various companies announced a new initiative where Android users can use their smartphones instead of their chip cards to pay for and use public transport.

The new initiative, jointly developed by the various companies operating our public transport system and our carriers, is Android-only, because Apple "does not allow it to work, on a technical level", and even then, it's only available on two of our three major carriers for now.

This got me thinking about something we rarely talk about: the increasing reliance on external platforms for vital societal infrastructure. While this is a test for now, it's easy to see how the eventual phasing out of the chip cards - already labelled as "outdated" by the companies involved - will mean we have to rely on platforms beyond society's control for vital societal infrastructure. Chip cards for public transport or banks or whatever are a major expense, and there's a clear economic incentive to eliminate them and rely on e.g. smartphones instead.

As we increasingly outsource access to vital societal infrastructure to foreign, external corporations, we have to start asking ourselves what this actually means. Things like public transport, payments, taxes, and so on, are absolutely critical to the functioning of our society, and to me, it seems like a terrible idea to restrict access to them to platforms beyond our own control.

Can you imagine what happens if an update to an application required to access public transport gets denied by Apple? What if the tool for paying your taxes gets banned from the Play Store days before the tax deadline? What if a crucial payment application is removed from the App Store? Imagine the immense, irreparable damage this could do to a society in mere hours.

If these systems - for whatever reason - break down today, we can hold our politicians accountable, because they bear the responsibility for these systems. During the introduction of our current public transport chip card and its early growing pains, our parliament demanded swift action from the responsible minister (secretary in American parlance). Since the private companies responsible for the chip card system took part in a tender process with strict demands, guidelines, rules, and possible consequences for failure to deliver, said companies could and can be held accountable by the government. This covers the entire technological stack, from the cards themselves up to the control systems that run everything.

If we move to a world where applications for iOS and Android are the only way to access crucial government-provided services, this system of accountability breaks down, because while the application itself would be part of the tender process, meaning its creator would be accountable, the platforms it runs on would not - i.e., only a part of the stack is covered. In other words, if Google or Apple decides to reject an update or remove an application - they are not accountable for the consequences in the same way a party to a government tender would be. The system of accountability breaks down.

Of course, even today this system of accountability isn't perfect, but it is a vital path for recourse in case private companies fail to deliver. I'm sure not every one of you even agrees the above is a problem at all - especially Americans have a more positive view of corporate services compared to government services (not entirely unreasonable if you look at the state of US government services today). In countries like The Netherlands, though, despite our constant whining about every one of these services, they actually rank among the very best in the world.

I am genuinely worried about the increasing reliance on - especially - technology companies without them actually being part of the system of accountability. The fact that we might, one day, be required to rely on black boxes like iOS devices, Microsoft computers, or Google Play Services-enabled Android phones to access vital government services is a threat to our society and the functioning of our democracy. With access to things like public transport, money, and all that come with those, locked to closed-source platforms, we, the people, will have zero control over the pillars of our own societies.

What can we do to address this? I believe we need to take aggressive steps - at the EU-level - to demand full public access to the source code that underpins the platforms that are vital to the functioning of our society. We, the people, have the right to know how these systems work, what they do, and how secure they really are. As computers and phones become the only way to access and use crucial government services, they must be fully 100% open source.

We as The Netherlands are irrelevant and would never be able to make such demands stick, but the EU is one of the most powerful economic blocks in the world. If you want access to the wealthy 450 million customers in the European Union (figure excludes the UK), your software must be open source so that we can ensure the security and stability of our infrastructure. If you do not comply, you will be denied access to this huge economic block. Most of you will probably balk at this suggestion, but I truly believe it is the only way to guarantee the security and stability of vital government services we rely on every single day.

We should not rely on closed-source, foreign code for our government services. It's time the European Union starts thinking about how to address this threat.

Thread beginning with comment 644614
To view parent comment, click here.
To read all comments associated with this story, please click here.
by Bill Shooter of Bul on Mon 22nd May 2017 20:15 UTC in reply to "RE[3]: FDROID? "
Bill Shooter of Bul
Member since:

Well, ok. Do you really want any/all websites to be used to process payments? Even if they aren't fraud, are they themselves protected against attacks by fraudsters? Should every commuter have to choose a provider in a list of thousands? Which ones have good security and privacy practices?

Reply Parent Score: 2

by Alfman on Mon 22nd May 2017 21:22 in reply to "RE[4]: FDROID? "
Alfman Member since:

Bill Shooter of Bul,

Well, ok. Do you really want any/all websites to be used to process payments? Even if they aren't fraud, are they themselves protected against attacks by fraudsters? Should every commuter have to choose a provider in a list of thousands? Which ones have good security and privacy practices?

I was really referring to a ways to solve the problems you brought up in the original post. In particular, solving fraud in app distribution. Cryptographic signatures solve this problem very nicely.

What you're asking here seems to be a bit different: how do you trust a website to process payments and how do you choose good providers from a list of thousands? I'm not really able to answer that, but regardless of how people choose their services, cryptography can be used to eliminates fraud.

Cryptographic technology is way ahead of the industry, and personally I blame visa/mastercard for not doing more to embrace 1990's era crypto for payment processing.

With PKI:
1) Each individual transaction could be signed.

2) the merchant couldn't just claim the customer authorized a payment, it would have to be cryptographically signed by the customer.

3) even if the merchant account was 100% breached, no one would be able to issue new fraudulent transactions using the information since the merchant never sees the private signing key.

4) we could even require the banks themselves to use PKI such that even employees of the bank couldn't transfer your funds without your cryptographic signature.

Reply Parent Score: 2

by acobar on Mon 22nd May 2017 23:12 in reply to "RE[5]: FDROID? "
acobar Member since:


I totally agree with you about security of operations using cryptography being stronger, though, it does not dispel the worries about security and who is going to bear the consequences of breaches.

When I think about security I imagine an elder citizen using her/his smart phone on every interaction she/he may need. Now, suppose her/his phone is hacked and his/her cryptography signature stolen.

Now, who is going the bear the consequences? The elder citizen, the OS seller, the producer of the software that was unlucky to have its software used on fraudulent transactions?

I think banks and credit card companies will be more than happy to share the burden with the OS sellers and the other software vendors on the stack, but till now all we have is an offensive indemnity on EULAs and agreements over use.

You probably know that if you want a bigger slice of the pie you must take more responsibility on failures. I have said here many times that my main customers are small business. Some of them would like to lower the cost of credit card operations. It is possible to have a contract so that an internal system pre process the payment and as so lower the cost of the operation, it does, though, shift part of the responsibilities of fraudulent operations to who is pre processing them. Big business can afford the costs because they can spread the risk between a large base of customers and it has an (almost) fixed cost to develop and secure the system. It does not work well on small scale. When I explain this to them, the many point-of-failure in the chain, they usually, let me know that they want to keep what is "working".

Now, I know that my business is not to cast fear on my friends, and that is what all they are, hearts, but I don't want them to incur on costs that can hurt their source of income. If we really want a better system, guarantees and accountability must be very well established.

Reply Parent Score: 2