Security Watch

Keeping Track of patches and hacks in the IT security world.

High-Profile OLPC Defections Bad for Security

OLPC Defections Hurting Security

There's a serious brain drain affecting the OLPC (One Laptop Per Child) initiative and it's not a good sign for security.

The latest high-profile defector from the nonprofit organization is Walter Bender, a former MIT Media Lab executive who was very instrumental in efforts to change the desktop computer security model.

(See Slashdot and Techmeme discussions.)

In his exit message Bender took the high road, but OLPC insiders I've spoken to confirm some parts of this report that the recent restructuring has ruffled feathers in a big way.

In additon to Bender, the brain drain includes Director of Security Architecture Ivan Krstic and kernel maintainer Andres Salomon.

Krstic (pictured left), who is credited with creating the OLPC's Bitfrost security platform, hinted strongly at the internal turmoil affecting the organization:

"Not long ago, OLPC undertook a drastic internal restructuring coupled with what, despite official claims to the contrary, is a radical change in its goals and vision from those that were shared with me when I was invited to join the project. Adding insult to injury, I was asked to stop working with Walter Bender, without a doubt one of the most stunningly thoughtful and competent people I've ever worked with. Following Walter's demotion from OLPC presidency, I was to report instead to a manager with no technical or engineering background who was put in charge of all OLPC technology.I cannot subscribe to the organization's new aims or structure in good faith, nor can I reconcile them with my personal ethic. Having exhausted other options, three weeks ago I resigned my post at OLPC."

I remember the first time I started looking at the OLPC's security model, I got on the phone with Bender and Krstic and was blown away by just how much they had thought through every aspect of securing the laptops.

They were thorough and upfront about the major challenges and Krstic even turned up at security conferences (I met him at ToorCon and RSA) to appeal for help from the hacker community. Bitfrost was an impressive undertaking that ignored existing security models and made us all think about new ways to make anti-virus software obsolete.

Krstic's departure (along with Bender's) can't be good for the OLPC.