What exactly constitutes as open source hardware (OSHW)?

oshw-logo-200-px

There is a lot of buzz around the net on this idea of open source hardware (OSHW). However, the deeper that I look into it, the more tangled the web seems to be. I’ve been noticing that some sites tout equipment as OSHW because they have SOME open source hardware on-board. In other cases, the pieces/parts are all closed source hardware, but the schematic of the use of those parts is open, so that makes it open source hardware. It gets a little confusing.

Some of you are reading this, thinking, “What IS open source hardware, and why does it matter?” I guess it is time to get technical, here is the definition from https://www.oshwa.org:

Open Source Hardware (OSHW) is a term for tangible artifacts — machines, devices, or other physical things — whose design has been released to the public in such a way that anyone can make, modify, distribute, and use those things.

Well, that clears up the first part of our question. I guess now the second part to answer is: “Why does it matter?”

For the educated, you will find them placing tape over their computer cameras, using tor clients, chatting through XMPP, and generally taking a strong stance to protect their privacy.  You see, with all of this great technology, come great risk. That risk is this: someone could be spying on you.

Take, for example, Carrier IQ. (If you doubt that this is real, you can look it up on Google or any other search engine, because it does exist.) It was a great program designed for cell phone manufacturers so that they could get reports on what went wrong for the end user while using their phone. Say the camera app crashes, it could send a detailed report to the carrier (such as T-Mobile, AT&T, Verizon, etc.) to let them know that a user is having camera problems. As they collect this data, they can see statistically that all the users having this camera app crash are all using software version blah-blah.blah, and it trips on this line of code because of a kernel issue. Now armed with this information, the carrier can make modifications to the kernel, push out an update, and solve that issue for their phone users who want to take pictures with their camera.

Overall, the above paragraph sounds great. The end users get the camera working properly, and the carriers get happy customers, so everybody wins. Here’s where it gets touchy. What people came to realize is that the Carrier IQ software could also do things like: log every keystroke, take a picture and upload it to some carrier server, record audio, view your phone logs, etc., etc., etc. That’s where people took issue.

Granted, the example above was for software, and we are talking about hardware. However, hardware often faces similar issues. For troubleshooting purposes (we will give them the benefit of the doubt….) hardware will often have “back doors” or be “magic black boxes” that you don’t really understand or know about. Because the drawing, schematics, and software that runs on these smaller hardware items, such as modem chips, SoC’s, etc., are closed source, hidden from your view, you don’t know what is really going on under the hood.

So, a fictitious example:

What if you bought a *Name your car company* model: ZuperOne. Let’s say that, unbeknownst to you, every mile you drive, it sent your GPS position to the car factory, as well as what radio station you were listening to at the moment, what speed you were driving, if you were wearing your seat belt, and record from the microphone in the car, etc., all without letting you know.

What would they want that information for? Well, who knows, really. Perhaps they want to build better ZuperOne’s, or see what radio equalizers they should put in the next model. Maybe they want to evaluate engine performance by region compared to the recorded temperatures. That’s great, I guess.

But, what if they decided to sell your radio preferences to local stations? Or turn you over to the police for speeding? Or record your conversations in the car? Whoa! That would be bad, obviously. Your private life is just that, private, and it should stay that way.

The problem is that your privacy is being invaded, but you don’t even know it. Seems far fetched, but now replace that car with your cell phone. Built in hardware that is below the system level, available for the hardware manufacturer to use at their leisure.

So, back to the real world. What if the ZuperOne car was made OSHW? E.g., every part was specifically spelled out in the documents and drawing, all of the software was available for review, and you knew everything about the car? Then you would be informed that they are spying on you. You might not drive the same way, or go the same places. Or, you might ask your programming buddy to reprogram the source code to not transmit some (or all) of that data to the factory. Now you are not only informed, but you have modified it so you will not be spied on at all.

That is the goal of open source hardware. The OSHW stamp *SHOULD* mean that every part of something has been open sourced, allowing you to at least know what it is doing. In general, because they are open, they do not include any kind of spy ware, since you will obviously see it and not use it for that reason. Notice that it does not actually mean that there is no “back door” nor spyware, it just means that you are able to look at the code yourself and can see those issues, and that you have the means and permission to change them, if you want to.

So, what’s the issue? The problem that I’ve been running into is that some hardware is being manufactured, claiming to be open source hardware, only to find that it is *mostly* open source hardware. The question becomes, how much of a product needs to be OSHW for the entire product to be marked as OSHW? In my mind, it is black and white. To procure a OSHW stamp of approval and sale, the entire product must be made OSHW, and all of the components must be OSHW. But apparently, there are more than one opinions on that.

However, on the plus side, I have found one website that sells OSHW, and closed source hardware as well. However, they appear to be very diligent in marking and marketing each product as to it’s open source hardware status. I’ve also checked with a few other sites who have reviewed their products (since I’m not an engineer), and found them to be very reputable on what they mark as OSHW or not. That website is Olimex. There are probably others as well. If you know of one, be sure to drop a line in the comments. Although a little dated, there is also a wiki list of open source hardware projects that you can view.

Do I wear a tinfoil hat to bed every night? No. Just on Tuesdays (just kidding). But it would be nice to live in a world where your hardware wasn’t built to spy on you.

Linux – keep it simple.