[en] IRPF-Livre 2010: Free as Always, Sooner than Ever
info en fsfla.org
info en fsfla.org
Lun Mar 1 06:10:14 UTC 2010
Brazil, March 1st, 2010---It's with great pleasure that we announce
the release of the 2010 version of IRPF-Livre, a Free implementation
of the program to generate natural people's income tax returns. For
the first time since we started the campaign against “Imposed/Tax
Software” (“Softwares Impostos”), in 2006, we publish the Free version
before Receita Federal publishes the proprietary one, that it
traditionally publishes in flagrant disrespect for essential freedoms
and fundamental constitutional rights of Brazilian citizens and
taxpayers.
== Campaign Against Imposed/Tax Software
More than 3 years ago, FSFLA launched a campaign against Imposed/Tax
Software, with focus on Receita Federal's income tax programs and the
authentication applet for Internet access to Banco do Brasil's
accounts, two proprietary programs unjustly imposed on millions of
citizens by organizations under control of the Brazilian federal
government.
Banco do Brasil recently dropped the requirement for that program, but
introduced a new one: a new proprietary program, less visible, more
dangerous and not effective: browsers that identify themselves as a
specific brand of proprietary cell phones are relieved from this
demand, a trick that can be easily abused by spy sites or programs
that stand in the middle and use this identification, or that simply
display similar pages to capture passwords.
Several security and cybercrime experts recommend the use of a
GNU/Linux Live CD to access banks. Banco do Brasil itself uses this
operating system in pretty much all of its computers, from ATMs to
mainframes. It could easily extend this benefit to its customers,
offering them a fully Free, customized and secure version of this
system for Internet banking, to run independently from the operating
system installed on the computer, or on a virtual machine. The
presence of digital certificates and preselected access links, along
with the impossibility for malicious software to modify the system,
would do away with several supposedly-security measures, that today
weaken the security for those who use already robust systems.
As for Receita Federal and its proprietary program, IRPF, the
nearly-secret formats that it uses to store tax returns, as well as
the secret protocols it uses to transfer them, demand citizens to
blindly give up to Receita Federal, or to third parties, control over
their computers and data stored in them. The way Receita Federal
adopted to distribute the program permits in-flight tampering.
Without means to authenticate the origin of the program, or to inspect
its behavior, users are subject to leaks of the highly personal
information in the tax returns, as well as of other data stored in the
computer. They can't even reassure themselves that the filled-in
forms contain the intended information, or that they are transmitted,
without tampering, only to Receita Federal, or even verify that the
receipt was issued by Receita Federal.
If Receita Federal published the programs as Free Software, with
authentication of origin through digital signatures, these problems
would be solved, without introducing new ones. Whoever attempted to
cheat the system tampering with the computations would find out,
receiving a notification of attempted fraud, that the system that
receives and processes the tax returns performs all the verifications.
Although laymen in information sciences are often fooled by the myth
of security through obscurity (“close your eyes and trust me”),
experts in the subject expose the myth, casting serious doubts on the
competence or the honesty of those who impose blind trust:
> “Security through obfuscation and secrecy is not security. Fully
> disclosed source code is the path to true transparency and
> confidence in the voting process for all involved.” --- Eric
> D. Coomer, PhD, Vice President of Research and Product Development
> at Sequoia Voting Systems.
> http://www.sequoiavote.com/press.php?ID=85
Voting systems have far more complex security demands than banking and
fiscal ones, so complex that they can't ever do without recording of
votes on paper. Nevertheless, they can achieve security without
giving up transparency. Popular myths do not grant simpler systems
authority to disrespect transparency or to take control of citizens'
computers and expose them to threats.
== IRPF-Livre
Given Receita Federal's reluctance in respecting taxpayers and the
Federal Constitution, we started in 2007 a project to offer taxpayer a
Free program to prepare the tax returns that have to be turned in
annually to Brazilian tax authorities.
The program was based on IRPF2007, published under a Free Software
license, but without the source code needed for it to be Free
Software. Without source code, there isn't freedom to study, adapt or
improve the program. Using reverse engineering tools, we could obtain
source code and adapt the program to work on Free Java virtual
machines. Receita Federal changed the license in later versions, so,
instead of adopting the same procedure as in 2007, we have updated the
program, in accordance with changes to law and the file formats
adopted by newer versions.
IRPF-Livre 2010, that we now unleash, performs computations and
generates tax returns files identical to those produced by the test
version of IRPF 2010, released by Receita Federal in January,
reconfigured as a final version, to permit saving files.
In general, between the testing and final versions, there aren't
changes in file formats or computations determined by law, so we are
confident that the program we published will be useful for the
preparation, without the use of any proprietary software, of natural
people's income tax returns to be turned in, on diskettes or pen
drives, at Receita Federal's, Banco do Brasil's and Caixa Econômica
Federal's offices.
However, if there are changes, newer compatible versions, that will be
able to use declarations prepared with the just-published version,
will be released at the same location, where instructions to install
and run the program can also be found:
http://fsfla.org/~lxoliva/fsfla/irpf-livre/2010/
Be Free!
== About FSFLA's Campaign against Imposed/Tax Software
We understand the Brazilian law, particularly the Federal
Constitution, grant preference to Free Software in the public
administration, both internally, for compliance with constitutional
principles, and in interactions with citizens, for respect for their
fundamental constitutional rights and for compliance with the same and
other constitutional principles.
This campaign, started in October, 2006, seeks to educate public
administration managers about these obligations that are beneficial
both to citizens and to the public administration itself, such that
they pay attention not only to compliance with the law, but also to
respect for citizens and for digital freedom.
http://www.fsfla.org/blogs/lxo/pub/misterios-de-eleusis (in Portuguese)
http://www.fsfla.org/anuncio/2009-04-softimp-irpf-livre-2009
http://www.fsfla.org/anuncio/2008-04-softimp-irpf-livre-2008
http://www.fsfla.org/anuncio/2008-02-softimp-irpf2008
http://www.fsfla.org/circular/2007-09#1
http://www.fsfla.org/circular/2007-04#3
http://www.fsfla.org/anuncio/2007-03-irpf2007 (in Portuguese)
http://www.fsfla.org/circular/2007-03#1
http://www.fsfla.org/circular/2006-11#Editorial
http://www.fsfla.org/anuncio/2006-10-softimp
== About FSFLA's “Be Free!” Initiative
It's a project to renew the original goals of the Free Software
Movement: not just promote Free Software itself, but rather Software
Freedom, achieved by a user only when all the software s/he uses is
Free Software.
http://www.fsfla.org/befree/
To make this goal achievable, besides awareness campaigns and speeches
and the activities against “Imposed/Tax Software”, FSFLA has
maintained Linux-Libre, a project to set and keep Free the non-Free
kernel Linux, most used along with the Free operating system GNU.
http://linux-libre.fsfla.org/
http://www.gnu.org/distros/
== About FSFLA
Free Software Foundation Latin America joined in 2005 the
international FSF network, previously formed by Free Software
Foundations in the United States, in Europe and in India. These
sister organizations work in their corresponding geographies towards
promoting the same Free Software ideals and defending the same
freedoms for software users and developers, working locally but
cooperating globally.
http://www.fsfla.org/
== Press contacts
Alexandre Oliva
Board member, FSFLA
lxoliva en fsfla.org
+55 19 9714-3658 / 3243-5233
+55 61 4063-9714
----
Copyright 2010 FSFLA
Permission is granted to make and distribute verbatim copies of this
entire document without royalty, provided the copyright notice, the
document's official URL, and this permission notice are preserved.
Permission is also granted to make and distribute verbatim copies of
individual sections of this document worldwide without royalty
provided the copyright notice and the permission notice above are
preserved, and the document's official URL is preserved or replaced by
the individual section's official URL.
http://www.fsfla.org/anuncio/2010-03-IRPF-Livre-2010
Más información sobre la lista de distribución Anuncios