Making a Difference
Posted by Craig H on 6 July 2009
On Saturday I attended OpenTech 2009, hosted at the University of London Union. I hadn’t been before, but I was particularly intrigued by this year’s theme: Working on Stuff that Matters. The attendees were a motley collection of social activists, technology advocates and alternative lifestylers, but I think our common cause was the desire to make a positive difference in the world in some way. That really resonated with me, as that same desire was a crucial element in my decision to join the Symbian Foundation earlier this year.
I want to briefly (yes, I know I’m really bad at that ;-)) mention some of the ways that I’ve been thinking about in which we (the community) could take advantage of the unique and powerful opportunity that the Symbian Platform offers, to make that positive difference. You may or may not agree with my ideas, but the fundamental thing I want to do is to throw open the challenge. I’m going to focus on security as that’s where my expertise is, but if any other good ideas come up I’ll be happy to move them over to the main Symbian blog for further exposure.
First, why is this such a great opportunity? I think there are three main reasons:
- The user base. The last published figures (up to 30 June 2008) gave a total of 225.9 million phones shipped with Symbian OS, and I think we can confidently state that it is now well over the quarter billion. That’s a substantial number of people whose lives you could potentially improve.
- The security model. Yes, pretty much every developer I meet complains about Symbian Signed*, but the Symbian Platform security architecture is much deeper and more flexible than that. It’s actually designed to enable less central control and more delegation of authority; commercial concerns and inertia may have lead us to where we are today, but let’s seize the opportunity to democratise it!
- The openness. We’re not there yet, but Symbian is totally committed to providing the most open and democratic platform for mobile devices. We really are betting the (non-profit!) company on this: the future of the Symbian Platform is utterly dependent on contributions, and we have no in-house product development resources at all. This is such a radical change, when Old Symbian was a company with over 1000 engineers, that I don’t think the outside world has completely understood the implications of it yet.
So, what should we make of this opportunity? That’s really up to you, but here are some of my ideas:
For a long time, I’ve been wondering what we can do in the security area to benefit the end user. It seems to me that a lot of the development effort over the past few years has been directed towards benefiting phone manufacturers and, to a lesser extent, network operators and service providers. In a commercial software vendor, this is hardly surprising because “he who pays the piper calls the tune”. However, now things have changed, what difference should we make?
My feeling is that we should look to empower the end user in their relationships with government (and its agents) and large commercial enterprises. “Knowledge is power” is an old phrase (scientia potestas est, Francis Bacon 1597) but still a relevant one today. Simply put, “they” have more information about us than we have about them (there’s a lot of interesting research into the effect of information asymmetries on transactions and also on trust relationships like patient-doctor interaction). This can be a privacy issue, and it can also be an issue in cases of dispute. I’m going to develop this theme of redressing the balance of information:
I’m quite taken with the idea of “reciprocal surveillance” (watching the watchers) in general, but there’s a specific application of this with regard to dealing with large faceless corporations. You always hear “this call may be recorded” when you call them, but what about turning that around? Ever wanted to prove they’ve already told you they’d correct their error when you call them the next time, and the next, and they’ve conveniently lost their records? If you call from a mobile, then you’ve got your call log, but that doesn’t prove what they said. Personally, I’ve resorted to using registered snail mail instead, but that’s not really taking advantage of technology! There was a telephone service set up called Registered Call, but unfortunately it didn’t take off. Surely it must be possible to do something useful like this in handset software? You’d have to provide some tamper-resistance to it, perhaps using a digital notary, but that seems feasible.
Then there’s pre-advice of premium rate charges. Clearly it’s not in the service providers’ interests to add an extra step before you give them your money in return for the privilege of voting on the latest reality TV circus, but it really ought to be possible to provide this as an automated service to benefit the end user. In the UK, PhonePayPlus provide a web page and a free SMS service which you can query to get details of the charges associated with a particular number, but as far as I know there’s no programmatic way to access this information. I’ve tried three or four times over the years to get them interested in providing an API, with zero success. There is a clear security benefit to this in preventing malware from using premium rate numbers to scam people, so how about writing a filter which checks the numbers your phone is calling and texting, and warns you before the call is made if they are premium rate? “Will you allow this application to spend €1?” is a far more useful prompt than “will you allow this application to make phone calls and send text messages?” when you don’t even know if it will cost you anything.
Right, I’m going to stop there, as my brief post is already over two pages 😯 sorry! As I say, the most important thing is, what difference do YOU want to make, so please do add comments with your own gripes, wishes and ideas. Thanks!
* To Alex, who I met at OpenTech: the makesis and signsis tools are in the Application Installation package, which I’m sorry to say isn’t yet open source, but I will encourage the technology manager and package owner to move it to open source ASAP so the tools can be compiled for, and used on, other open source platforms.