IRPF-Livre 2010: Free as Always, Sooner than Ever
Brazil, March 1st, 2010---It's with great pleasure that we announce the release of the 2010 version of IRPF-Livre, a Free implementation of the program to generate natural people's income tax returns. For the first time since we started the campaign against “Imposed/Tax Software” (“Softwares Impostos”), in 2006, we publish the Free version before Receita Federal publishes the proprietary one, that it traditionally publishes in flagrant disrespect for essential freedoms and fundamental constitutional rights of Brazilian citizens and taxpayers.
Campaign Against Imposed/Tax Software
More than 3 years ago, FSFLA launched a campaign against Imposed/Tax Software, with focus on Receita Federal's income tax programs and the authentication applet for Internet access to Banco do Brasil's accounts, two proprietary programs unjustly imposed on millions of citizens by organizations under control of the Brazilian federal government.
Banco do Brasil recently dropped the requirement for that program, but introduced a new one: a new proprietary program, less visible, more dangerous and not effective: browsers that identify themselves as a specific brand of proprietary cell phones are relieved from this demand, a trick that can be easily abused by spy sites or programs that stand in the middle and use this identification, or that simply display similar pages to capture passwords.
Several security and cybercrime experts recommend the use of a GNU/Linux Live CD to access banks. Banco do Brasil itself uses this operating system in pretty much all of its computers, from ATMs to mainframes. It could easily extend this benefit to its customers, offering them a fully Free, customized and secure version of this system for Internet banking, to run independently from the operating system installed on the computer, or on a virtual machine. The presence of digital certificates and preselected access links, along with the impossibility for malicious software to modify the system, would do away with several supposedly-security measures, that today weaken the security for those who use already robust systems.
As for Receita Federal and its proprietary program, IRPF, the nearly-secret formats that it uses to store tax returns, as well as the secret protocols it uses to transfer them, demand citizens to blindly give up to Receita Federal, or to third parties, control over their computers and data stored in them. The way Receita Federal adopted to distribute the program permits in-flight tampering. Without means to authenticate the origin of the program, or to inspect its behavior, users are subject to leaks of the highly personal information in the tax returns, as well as of other data stored in the computer. They can't even reassure themselves that the filled-in forms contain the intended information, or that they are transmitted, without tampering, only to Receita Federal, or even verify that the receipt was issued by Receita Federal.
If Receita Federal published the programs as Free Software, with authentication of origin through digital signatures, these problems would be solved, without introducing new ones. Whoever attempted to cheat the system tampering with the computations would find out, receiving a notification of attempted fraud, that the system that receives and processes the tax returns performs all the verifications.
Although laymen in information sciences are often fooled by the myth of security through obscurity (“close your eyes and trust me”), experts in the subject expose the myth, casting serious doubts on the competence or the honesty of those who impose blind trust:
“Security through obfuscation and secrecy is not security. Fully disclosed source code is the path to true transparency and confidence in the voting process for all involved.” --- Eric D. Coomer, PhD, Vice President of Research and Product Development at Sequoia Voting Systems.
Voting systems have far more complex security demands than banking and fiscal ones, so complex that they can't ever do without recording of votes on paper. Nevertheless, they can achieve security without giving up transparency. Popular myths do not grant simpler systems authority to disrespect transparency or to take control of citizens' computers and expose them to threats.
Given Receita Federal's reluctance in respecting taxpayers and the Federal Constitution, we started in 2007 a project to offer taxpayer a Free program to prepare the tax returns that have to be turned in annually to Brazilian tax authorities.
The program was based on IRPF2007, published under a Free Software license, but without the source code needed for it to be Free Software. Without source code, there isn't freedom to study, adapt or improve the program. Using reverse engineering tools, we could obtain source code and adapt the program to work on Free Java virtual machines. Receita Federal changed the license in later versions, so, instead of adopting the same procedure as in 2007, we have updated the program, in accordance with changes to law and the file formats adopted by newer versions.
IRPF-Livre 2010, that we now unleash, performs computations and generates tax returns files identical to those produced by the test version of IRPF 2010, released by Receita Federal in January, reconfigured as a final version, to permit saving files.
In general, between the testing and final versions, there aren't changes in file formats or computations determined by law, so we are confident that the program we published will be useful for the preparation, without the use of any proprietary software, of natural people's income tax returns to be turned in, on diskettes or pen drives, at Receita Federal's, Banco do Brasil's and Caixa Econômica Federal's offices.
However, if there are changes, newer compatible versions, that will be
able to use declarations prepared with the just-published version,
will be released at the same location, where instructions to install
and run the program can also be found:
About FSFLA's Campaign against Imposed/Tax Software
We understand the Brazilian law, particularly the Federal Constitution, grant preference to Free Software in the public administration, both internally, for compliance with constitutional principles, and in interactions with citizens, for respect for their fundamental constitutional rights and for compliance with the same and other constitutional principles.
This campaign, started in October, 2006, seeks to educate public
administration managers about these obligations that are beneficial
both to citizens and to the public administration itself, such that
they pay attention not only to compliance with the law, but also to
respect for citizens and for digital freedom.
http://www.fsfla.org/blogs/lxo/pub/misterios-de-eleusis (in Portuguese)
http://www.fsfla.org/anuncio/2007-03-irpf2007 (in Portuguese)
About FSFLA's “Be Free!” Initiative
It's a project to renew the original goals of the Free Software
Movement: not just promote Free Software itself, but rather Software
Freedom, achieved by a user only when all the software s/he uses is
To make this goal achievable, besides awareness campaigns and speeches
and the activities against “Imposed/Tax Software”, FSFLA has
maintained Linux-Libre, a project to set and keep Free the non-Free
kernel Linux, most used along with the Free operating system GNU.
Free Software Foundation Latin America joined in 2005 the
international FSF network, previously formed by Free Software
Foundations in the United States, in Europe and in India. These
sister organizations work in their corresponding geographies towards
promoting the same Free Software ideals and defending the same
freedoms for software users and developers, working locally but
Board member, FSFLA
+55 19 9714-3658 / 3243-5233
+55 61 4063-9714
Copyright 2010 FSFLA
Permission is granted to make and distribute verbatim copies of this entire document without royalty, provided the copyright notice, the document's official URL, and this permission notice are preserved.
Permission is also granted to make and distribute verbatim copies of individual sections of this document worldwide without royalty provided the copyright notice and the permission notice above are preserved, and the document's official URL is preserved or replaced by the individual section's official URL.