[OLPC Security] "Chilling Effects" paper at USENIX

reynt0 reynt0 at cs.albany.edu
Thu Apr 10 16:27:16 EDT 2008 

On Tue, 8 Apr 2008, Benjamin M. Schwartz wrote:

> A paper called "Freezing More Than Bits: Chilling Effects of the OLPC XO
> Security Model" will be presented next Monday at USENIX UPSEC'08 [1].  The
> author has kindly posted the paper at [2], which I discovered after Google
> took me to her weblog [3].
  . . .
> [1] : http://www.usenix.org/events/upsec08/tech/tech.html
> [2] : http://www.cosic.esat.kuleuven.be/publications/article-1042.pdf
> [3] : http://maradydd.livejournal.com/374276.html
  . . .

I am not very familiar with the details of Bitfrost's spec,
but--IMO, FWIW--some comments about the paper as a paper.  If
this isn't appropriate or isn't helpful, please tell me to
keep quiet.

There are more exclamation points than one might want to see
in a USENIX paper.  There are some phrasings which seem a
little like emotional overemphasis.  Eg section 2.1's actual
"too young to read", versus something like "unable to read"
which would direct attention to users' real life situations
and the limitations which OLPC is trying to help lessen.
Eg section 2.2's actual "poor management practices", versus
something like "low budget".  Eg that same section's lack of
recognition for the current-best-effort status of Bitfrost
and of deployments, as well as for OLPC's explicit consideration
of the problem of how to upgrade deployed units.  Wouldn't one
usual response to supposedly flawed open-source work be to
ask how to help, rather than suggest it is not "Open"?  There
is no expressed awareness of the usual contest between delaying
for a "final" specification versus accomplishing a needed task
*now*.  (Who's the LISP guy who wrote the paper something like
"Perfect is the Enemy of Good Enough"?)

The paper says Bitfrost's threat model is "inappropriate",
but offers no explicit alternative.  The paper seems to
give much of its attention to concerns about protecting
users' presumed tendency to use their laptops to criticize,
especially to criticize social elements which are powerful
enough to access user keys and restrict laptop use.

The paper has little discussion of the OLPC use model,
including considering education (and security policy
appropriate for that) versus wider social uses (and
security policy appropriate for them).  (By "education"
here I am not excluding non-institutional life
experiences.)  Compare section 3.2's actual "Subjecting
children to constant surveillance", versus something
like "Not perfectly prohibiting surveillance".

The paper's consideration of Piaget was interesting, and
the mention of Acquisti & Gross useful.  I suggest that
Erikson may have been more culturally bound to his own
time and place.  In any case, there is no consideration of
the relative significance of the XO experience versus the
significance of a child's other experiences.  Who raises
the children, who "has the last say"?  Their parents and
local others, or computer people in the distant, developed,
industrialized world?

I'm certainly in agreement with the aim of maximizing OLPC
security, but do feel the paper could have been more effective.

HTH.  Cheers.

More information about the Security mailing list