AT Products and OS Security
Recently, the discussion on Blind Confidential has grown increasingly esoteric. I doubt that too many people care as intensely about accessibility API layers and where they live as those of us engaged in the discussion do. Today, I’ll move onto another topic that will explain to many why the accessibility layer discussion has such great importance and why, ultimately, it must reside at the operating system level and why you should care.
One of the dirty little secrets of the AT industry regards how virtually all screen readers and magnifiers, on screen keyboards and other very important programs used by people with disabilities, at some level, compromise system security. Some Windows based AT products (none from Freedom Scientific I am happy to say) go so far as to turn off some security settings in the Windows Registry during their installation process and require that they remain off to function properly. All AT products that work in the login screen and anywhere else that passwords get entered compromise system security.
At this point in time, though, no other techniques exist to make these aspects of a computing environment accessible to people who need to use the type of AT products that hook the keyboard, mouse and/or video systems. The Macintosh screen reader, on screen keyboard and magnifier are the exceptions in this case as they do not hook video at all and they get information from the keyboard and mouse through the Apple accessibility layer. Unfortunately, the Apple screen reader isn’t, according to Access World, very good and a professional could not use it in a workplace. So, this leaves the AT users in a quandary, compromise security or don’t use programs, computers, web sites, files or anything else that requires a password. Neither of these options provides a good outcome.
What about AT products compromise security?
I will use screen readers as my example but the same problems exist in other types of AT products too. If a screen reader can say, “star star star…” while the user types in their password and also respond to its built in keystrokes at the same time, it can know your password as it looked at every keystroke to determine if you were issuing a command or typing text. Fortunately, all of the AT vendors I have ever met, which probably represents a large sample of the business, are overwhelmingly scrupulous people who would never use this information in an illicit manner. Unfortunately, if the operating systems permit AT products to hook sensitive aspects of the information stream, they also provide the opportunity for the nastiest of the network criminals to do the same thing. So, to keep computer systems entirely secure, the OS developers need to close off some of the ways AT products have traditionally received information.
Do AT products make my computer any less secure?
The AT programs that change security related registry settings do, in fact, make your system less secure. I know for certain that JAWS, MAGic, Connect Outloud and Serotek’s Freedom Box System Access do not make such registry changes. I have not paid close enough attention in the past year to whether or not those that had done this in the past have fixed this problem so I will not name names as they may have remedied the situation already.
Windows based AT programs that do not change these registry settings do not make your system any less secure than any other piece of software. The techniques used by AT developers to gain access to this information shows up on various hacker oriented web sites around the world with very good documentation as to how one can do these things.
So, the bad guys already know how to do this stuff and we all spend money on virus checkers, spyware eliminators, firewalls and other system security programs to make sure that the work of the nefarious types stays off of our computers.
Is Windows the Only OS Subject to These Problems?
I don’t think so. The Macintosh probably creates the greatest difficulty for the bad guys but I don’t know enough about the GNU/Linux platform to make a truly informed statement about it. I will say that the text based, SpeakUp screen access utility that I use on my GNU/Linux box could present a huge security threat in that, to install it you have to modify your operating system kernel which means that your screen reader has access to the lowest level and most dangerous information on your system. Fortunately, if you make sure you get your SpeakUp distribution from a reputable source (like the project’s own web site) you can be sure that it is safe as the people who maintain that distribution are also users of the software. Also, open source screen readers expose their source code to the entire world so can, therefore, be inspected by other hackers to make sure that nothing illegal has been added.
Why will a new accessibility API be better?
If the accessibility layer lives at the operating system level, it can enforce the same security constraints on all programs. By removing direct access to the input and output streams, the operating system itself becomes more secure and, therefore, less prone to invasions by software with criminal intent. Unfortunately, this means that AT users need to rely upon information delivered by the accessibility API and, if this information is less rich than that which they can get today, it will result in computers becoming less usable by people with vision impairments and probably other disabilities as well.
What does the future hold?
As I know people like Peter from Sun, Rob and others up at Microsoft and Mary Beth and Travis from Apple personally, I can say that they are all working very hard on the next generation of operating system accessibility interfaces. They are all very smart and highly dedicated people and those who work with them in the various assistive technology groups at OS companies put in everything they can muster to make the next generation as good as they can. They also accept a fair amount of input from AT and application developers alike and integrate much of this feedback into their designs.
I’m not sure that I will ever find an accessibility layer in an OS to expose everything I want but some of this may be impossible (reference my comment on a telepathy API earlier this week). The best outcome will happen when the OS, AT and application developers can all meet their needs with a single solution and I hope that through outreach and communication this will happen someday.
What do I mean when I use the word hacker?
I am an old timer in the programming world. I started programming as a hobby when I was eleven years old when I first got access to a PDP 8 at Lawrence Berkeley Labs and have been hooked on it since. I turned professional in 1979 and have worked in the field ever since. Back in the old days, before the uninformed media got hold of our vocabulary, the word “hacker” meant, “very talented and curious programmer type.” There are good hackers, people like Richard Stallman, who hack for the benefit of the entire world. There are criminal hackers who use their skills to break into systems and steal money and/or information. There are tourist hackers who will, illegally, work their way into a secure system just for the challenge of doing so. The tourists are mostly harmless but are trespassing and, therefore, breaking laws.
Then, there is the group I dislike more than any of the others; these are what I call the vandals. It is the vandals who launch worms and viruses just for the sake of messing everyone else up. It is these vandals who write stupid Outlook scripts to send emails to everyone in your address book. The vandals aren’t even hackers, if you use the definition I put in above, they are just troublemakers. The overwhelming majority of vandals have little talent and the nasty programs they set upon the world can usually be written by any high school kid with a copy of Visual BASIC and a little free time. They are the technical equivalent of kids who throw rocks through windows or spray paint cars. They are not hackers.