So, the One Laptop Per Child Get One, Give One program [1] started this week and I ordered one for my kids. I can’t wait to get it and try it out and see what my kids will do with it. I downloaded the ISO earlier this year and tried it out and it seems pretty awesome. My secret hope is that early education (pre-k) software will really take off on Linux once more these have been distributed.

This occasion has prompted Jon Espenschied to write a very nice article called Security and the One Laptop Per Child sensibility [2] with his plea for improved security through simplicity. While I really love this article pointing out the problems associated with software becoming ever more complex, I think he has missed that the OLPC has added some radical new security features to help secure the laptop.

If you have a spare hour to dedicate to OLPC, I highly recommend listening to Ivan Krstic’s Google Tech Talk on the OLPC [3]. Ivan is the lead for OLPC security. This Tech Talk was primarily about technical details about OLPC in general. He lays out the best arguments for the project (to refute the common complaint about why laptops rather than food). He points out that a primary motivation for the project is to encourage kids to retain active learning (which is their primary learning mechanism up until they enter school). He says that one of his interview questions was “Can you make 100 million laptops secure?” His answer (in collaboration with Simson Garfinkel) is Bitfrost. Jonathan Corbet did his usual excellent job describing Bitfrost: the OLPC security model [4] back in February and the specification [5] can be found on the OLPC wiki.

It starts off with some very interesting requirements based on their target audience: “No reading required” and follows up with some classics “Open design” (aka Principle of Open Design) and “Unobtrusive security” (aka Principle of Psychological Acceptability). They set a goal for no user passwords which is audacious in its simplicity. There is a clear owner of each laptop established at first boot and the ability to wipe the owner information and all personal documents before transferring the laptop to a new owner. Untrusted programs are severely bandwidth limited to make the laptops unattractive targets for draft into a botnet army. They establish a “per-program permission list” which is created when a new program is installed – this is a whitelist of the permissions that the program needs for its normal operation (similar to AppArmor). The microphone and camera have LEDs which light up when they are activated (interestingly, this is also a FISMA requirement). Most controversial appears to be the anti-theft detection – it is a call home mechanism which causes the laptop to deactivate if it can’t successfully reach home within 3 weeks (apparently configurable). They plan to (or maybe have) integrate OpenID. The specification is quite engaging and readable with deep thought behind their anticipated threats and the protections to counter the threats. The outcome is quite simply good security and I’ll be eager to look at the detailed design and implementation of some of the key security features when I have a little more time at my disposal.

One curiosity about the whole security model is its reception by its users and the open source development community. So far the reception has been quite positive, despite utilizing some of the same security concepts that have been the source of continuous criticism for Trusted Computing. Some people have even defended Bitfrost using some of the same arguments used by pro-TC advocates, for example in this interesting argument and response [7] posted as comments to the LWN article.

All I really need to say is Yay! OLPC – I can’t wait to get mine … I mean I can’t wait until my kids get theirs.