Does the 485th richest person in Britain really need to crowdfund a mobile phone?

People get fanatical about open-source software, but Canonical Inc. is not a charity, writes Alex Hern.

Yesterday, Canonical, the private company which leads development of the open-source operating system Ubuntu, started a crowdfunding campaign on the site IndieGoGo. The aim is to raise $32m to enable the production of the "Ubuntu Edge", a planned smartphone running the operating system which will incorporate elements of the desktop software, to create what the company calls "next generation of personal computing".

The device itself looks promising, although with a starter price of $830 (the crowdfunding campaign is offering discounts of up to $230 to early backers) it will need to be top-of-the-line to compete. Nonetheless, just a day in and they have already raised over $4m. But there's a bigger question to be asked, which is: why crowdfund?

The relationship between Ubuntu and Canonical can be confusing, at least to people outside the world of open-source software development. "Open-source" is the term for software which has been released to the commons by its creators. There's a number of ways to do this, but the most popular is with a so-called "copyleft" license, like the "GNU general public license", or GPL. That allows anyone to take the source code of a program and use it to make new things, without asking permission or paying anyone anything; but, it requires that any new software which is made is also licensed under the GPL, and has its source code released to the public.

Ubuntu, the operating system which Canonical leads development of, is licensed in this way. It's based on a family of open-source operating systems called GNU/Linux, and so it would be difficult (although not impossible) to charge for: anyone who wanted to get the software for free could perfectly legally download the source code, compile it, and then host it themselves.

Instead, the way companies such as Canonical make their money is by selling customer support and similar services to users of open source software. But with the Ubuntu Edge, they won't even have to do that. While the software will be open source, the hardware is still something people will have to buy, so they will be able to make money on it far more directly. And they do make money; Canonical is a private company with a reported annual revenue of $30m, founded by Mark Shuttleworth, the 485th richest person in Britain, who bought a flight on the International Space Station in 2002 for $20m.

If you're a multi-million dollar company headed by a multimillionaire with a bolshie idea for a product which could make you a lot of money, the normal way to do things is to sell shares and take loans until you've got enough cash to fund the product; then sell that product to customers. Taking thousands of pre-orders for a phone which you won't deliver until May 2014 – and which you have no contractual obligation to deliver at all, because crowdfunding sites are not e-commerce sites – and dressing it up in the aesthetics of artistic patronage is an odd, and slightly distasteful, way of doing things.

Kickstarter, the leading crowdfunding site, recently doubled-down on its opposition to this sort of campaign, writing that it's a service "to help bring creative projects to life", and tightening up its rules to prevent companies using it to launch their businesses. It's not hard to see why, when this is the sort of thing which has been stopped.

The Ubuntu Edge docked with a monitor. Photograph: Canonical, Inc.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Getty
Show Hide image

Marcus Hutchins: What we know so far about the arrest of the hero hacker

The 23-year old who stopped the WannaCry malware which attacked the NHS has been arrested in the US. 

In May, Marcus Hutchins - who goes by the online name Malware Tech - became a national hero after "accidentally" discovering a way to stop the WannaCry virus that had paralysed parts of the NHS.

Now, the 23-year-old darling of cyber security is facing charges of cyber crime following a bizarre turn of events that have left many baffled. So what do we know about his indictment?

Arrest

Hutchins, from Ilfracombe in Devon, was reportedly arrested by the FBI in Las Vegas on Wednesday before travelling back from cyber security conferences Black Hat and Def Con.

He is now due to appear in court in Las Vegas later today after being accused of involvement with a piece of malware used to access people's bank accounts.

"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," said the US Department of Justice.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

His court appearance comes after he was arraigned in Las Vegas yesterday. He made no statement beyond a series of one-word answers to basic questions from the judge, the Guardian reports. A public defender said Hutchins had no criminal history and had previously cooperated with federal authorities. 

The malware

Kronos, a so-called Trojan, is a kind of malware that disguises itself as legitimate software while harvesting unsuspecting victims' online banking login details and other financial data.

It emerged in July 2014 on a Russian underground forum, where it was advertised for $7,000 (£5,330), a relatively high figure at the time, according to the BBC.

Shortly after it made the news, a video demonstrating the malware was posted to YouTube allegedly by Hutchins' co-defendant, who has not been named. Hutchins later tweeted: "Anyone got a kronos sample."

His mum, Janet Hutchins, told the Press Association it is "hugely unlikely" he was involved because he spent "enormous amounts of time" fighting attacks.

Research?

Meanwhile Ryan Kalember, a security researcher from Proofpoint, told the Guardian that the actions of researchers investigating malware may sometimes look criminal.

“This could very easily be the FBI mistaking legitimate research activity with being in control of Kronos infrastructure," said Kalember. "Lots of researchers like to log in to crimeware tools and interfaces and play around.”

The indictment alleges that Hutchins created and sold Kronos on internet forums including the AlphaBay dark web market, which was shut down last month.

"Sometimes you have to at least pretend to be selling something interesting to get people to trust you,” added Kalember. “It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference.”

It's a sentiment echoed by US cyber-attorney Tor Ekeland, who told Radio 4's Today Programme: "I can think of a number of examples of legitimate software that would potentially be a felony under this theory of prosecution."

Hutchins could face 40 years in jail if found guilty, Ekelend said, but he added that no victims had been named.

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics.

Oscar Williams is editor of the NewStatesman's sister site NSTech.