Like most things, the harms of closed-source {firm,soft}ware fall on a spectrum, and a black-and-white absolutist view is impractical and demagogical.
When the harms of closed-source are high and hard to detect via other means (e.g. Dieselgate, like you mention), I agree that said firmware should be auditable. Maybe even for things like network cards, although in that case it would be very easy to detect any spy traffic via network traffic analyzers, and any company caught shipping network cards with embedded spy firmware would cause a news sensation and be immediately driven out of business.
But when the harms are low-to-none, I'm not sure what good your proposed legislation would do. In the case of the headphones, the best argument you present against closed-source firmware is literally a joke about subliminal messaging.
I get your point, but it should be noted that there is little evidence subliminal messages have any significant effect outside extremely specific circumstances, so this hardly seems like a real threat.
More broadly, the problems you are discussing would rarely be accurately addressed by open source firmware, since so few people have the required expertise or time to actually audit that. What would be far more useful would be state authorities maintaining code review boards, and asking for auditable firmware, not necessarily open source. If a state board received access to these sources and reviewed them, that would actually fix all the problems of confidence that you mention.
MontyCarloHall|2 years ago
When the harms of closed-source are high and hard to detect via other means (e.g. Dieselgate, like you mention), I agree that said firmware should be auditable. Maybe even for things like network cards, although in that case it would be very easy to detect any spy traffic via network traffic analyzers, and any company caught shipping network cards with embedded spy firmware would cause a news sensation and be immediately driven out of business.
But when the harms are low-to-none, I'm not sure what good your proposed legislation would do. In the case of the headphones, the best argument you present against closed-source firmware is literally a joke about subliminal messaging.
simiones|2 years ago
More broadly, the problems you are discussing would rarely be accurately addressed by open source firmware, since so few people have the required expertise or time to actually audit that. What would be far more useful would be state authorities maintaining code review boards, and asking for auditable firmware, not necessarily open source. If a state board received access to these sources and reviewed them, that would actually fix all the problems of confidence that you mention.