Category Archives: Technology

Québec’s Own French Language Open Source Licenses

Posted on by

While doing some work as to open source, I recently came across a section of the list of officially accredited open source license and that includes 3 licenses Made in Québec. These were apparently created by Québec authorities for its own purposes. Not too surprisingly, the original version of these 3 open source licenses is in French, contrary to most others of this kind.

The official site www.opensource.org now lists these 3 licenses, which I’m linking below to a micro-site created by the Centre de services partagés du Québec called Forge gouvernementale”. The presentation of the documents on this site is much easier to read than the version posted on opensource.org (that presents the text of each license in a single block of text):

The OSS licenses at issue were created with the government’s software development efforts in mind and (initially) presented in French, though an English translation is available. As with other open source licenses, the goal here is to free source code in the manner that maximizes the users’ rights and the ease with which it may be used and redistributed down the line. If you’re curious (I was), the Québec government published the following FAQ about these licenses.

The first license (LiLiQ-P) is akin to the Apache open source license and, thus fairly permissive. The code released under this license may be included in other software that is then distributed without having to make it available with the source code and without being required to distribute it through an open source license.

The other 2 licenses (LiLiQ-R and LiLiQ-R+) are relatively similar to somewhat more restrictive licenses such as the MPL license and the LGPL license, requiring that resulting software be made available, including as source code, through a LiLiQ-type license. Another feature of the licenses at issue resides in their reciprocity provisions, generally allowing the combination of LiLiQ code with code made available pursuant to most other open source licenses.

Is anyone really surprised that Québec would want to express how different it is from the rest of Canada (and the world) by creating its own version of an open source license? Eh, why not?

Right to Repair: Yes… Perhaps… Someday

Posted on by

The BBC had a good article on Friday about the right-to-repair movement, starting with the story of a Canadian student turned cellphone repairman, first for himself and then his classmates. It’s worth reading.

We’re hearing more and more about the right to repair, or in any case about a will to try and get manufacturers of electronics to stop the planned obsolescence of their products. Although the movement is starting to make some headway, the trend remains for manufacturers to produce goods as cheaply as possible without giving any thought to allowing for eventual repairs. Today, as it’s been since the 1950s, smart manufacturers want a product that customers are satisfied with and then replace, ideally with the same make. The goal is to create products that are good enough to get good reviews (and accompanying sales) which the typical consumer will not mind upgrading not too far down the line.

Of course, this trend is doing nothing to help the planet, notably because of the natural resources extracted at great cost and quickly sent to landfills once the product gets discarded, often after only 2 or 3 years. Suffice it to say we can do better.

Proponents of the right to repair are pressuring the industry to start changing its model, so as to start making products designed to make repairs easy, but also that CAN be repaired. In practice, this requires making information and parts available to customers who’d rather repair their product than replace it outright.

Europe is making some progress in enacting laws that will start nudging companies in that direction, but we’re seeing little movement on this front in North America. Though Canada briefly contemplated a private bill about the right to repair (in 2019), not much is happening since, notwithstanding the growing demand from consumers.

Finally, on a related note, a friend recently shared a good piece in Wired about the Taylor ice cream machine at McDonald’s restaurants. It seems the machine at issue is imposed on franchisees who wish to offer the McFlurry desert, along with an onerous maintenance contract and little or no information allowing them to maintain the machine. It seems that franchisees are now attempting to diagnose and better control the machines (including by relying on third-party custom products to do it) which the franchisor’s not too happy about. It’s another good read.

Alleged Flaws in Cellebrite UFED May Allow Throwing Out of Locked Smartphones Evidence

Posted on by

It is inevitable in today’s world that law enforcement is sometimes faced with mobile devices that a suspect locked prior to their seizure by authorities. Locking your devices is good common sense security: This goes for you and I, and, yes, for criminals. As a result, the police will sometimes need to break the encryption on such mobile devices in order to get to the data within, either for investigative or evidentiary purposes. That’s when tools such as Cellebrite UFED come into play. By using UFED, law enforcement can break into otherwise secure devices, such as iPhone smartphones, and get to the data within.

Unfortunately for the prosecution side, someone recently obtained access to UFED and analyzed its security features. These were found to be, shall we say, lacking. Indeed, according to Moxie Marlinspike (creator of the Signal app), ironically, cybersecurity isn’t exactly UFED’s strong suit. In fact, according to his report, after looking at the product, he believes this tool’s security is so weak that even scanning a booby-trapped device may result in an alteration of the data that was or is later extracted using UFED.

In short, in their efforts to secure some evidence, it seems that some police forces are using a tool whose reliability may be called into question. Indeed, if the tool at issue cannot be counted on to provide data that is a reliable record of what really was found in a particular device, should such evidence not be thrown out?

Legally, the fact that a tool used to extract information is prone to tampering may not bode well for convictions obtained on the basis of the resulting evidence, at least if the vulnerabilities reported by Moxie Marlinspike can be substantiated. Some American defense attorneys intend to argue against convictions secured by the authorities based on evidence extracted from locked smartphones. This could lead to the need for new trials in some cases.

UFED is apparently used by many law-enforcement agencies throughout the world. We don’t yet know how many convictions this inconvenient revelation may eventually allow defence attorneys to call into question.

This is yet another example of the perpetually problematic relationship between cybersecurity and the law.