Canonical made the puzzling decision to opt for a closed baseband, which can allow malicious external devices to force it to surrender information about the user

In the wake of the Edward Snowden revelations of the NSA collaborating with service providers to collect phone metadata, there has been tremendous interest among privacy advocates and consumers alike in a truly open source mobile phone.  One that will allow code to be examined to prevent back-door access and protect user privacy.

Many people hoped that would be the new Ubuntu phone, but according to Privacy International, it’s not to be.  Ubuntu has told them that while the operating system will be open source, the baseband will be closed.

According to Dr. Richard Tynan, Technologist with Privacy International, “without the ability of the security community to examine the baseband software of the new Ubuntu Phone, the open-source nature of the remaining element may provide no more assurances than other open-source phone operating systems such as Android.”

Canonical, funder of the Ubuntu operating system, has been touting the open-source nature of the operating system, but until now has been rather vague about other details.

Now Canonical is claiming they are at the mercy of third party manufacturers when it comes to the device itself. “The baseband software is the firmware that runs in the modem, e.g the chipsets we get from third parties,” they claim.  “Therefore, we do not control that part of the solution, that is provided by the chipset vendors, and it is typically binary only.”

Why does it matter?  “A phone’s baseband can be exploited in a number of ways by malicious external devices that force it to surrender information about the user that can sometimes lead to suppression of protests or even death,” says Tynan.  “A closed baseband does not allow for the examination of one of the most critical components of the phone, which goes against the open-source philosophy many Ubuntu users have come to embrace.”

Canonical’s decision to go with a closed baseband is all the more puzzling since Osmocom have already produced a functional open-source GSM baseband for the Calypso chipset, he notes.

“One must wonder why was this not adopted or improved upon by the talented individuals at Canonical, especially given the previous enthusiasm for open-source philosophy.”

The Ubuntu phones, which are scheduled go on sale this fall, will be priced between $200-$400.  They will not, however, truly offer the open-source access to code that consumers with privacy concerns are looking for.  That giant hole in the marketplace will still exist, waiting for some enterprising company to fill.