Recently the Sun published an article by Ryan Sabey (@ryansabey), “UNION HACK Jeremy Corbyn’s digital democracy manifesto ‘would let foreign spooks rob UK’”. The post included several criticisms from government officials and pundits challenging the quality and security of open source software, cautioning readers, “sensitive data could be at risk under Labour leader’s plans.”
Mr. Corbyn’s, “Digital Democracy Manifesto” calls for public bodies in the U.K. to, “encourage publicly funded software and hardware to be released under an Open Source license,” and “financially reward staff technicians who significantly contribute to Open Source projects”.
Neil Doyle, who the Sun simply identified as an expert, warned, “cyber-criminals and foreign intelligence agencies would have a field day” under such an approach while, “private firms or individuals would be reluctant to get involved in public sector projects.”
Adding further criticism was British MP Nigel Adams who said Mr. Corbyn’s initiative, “ignores the issue of Internet abuse” adding, “his shambolic policies could leave us open to malicious attack and put our national security at risk.”
Indeed, the deepest irony of this smear is that the current UK government has been (and still is) an advocate of open source—Mr. Corbyn is being slammed for advocating for more of what the current government already advocates. In 2012 The Cabinet Office, the UK government’s administrative ministry, provided a briefing, “All about Open Source: An Introduction to Open Source Software for Government IT“, noting, “Government recognizes the potential benefits of Open Source Software (OSS) and is committed to increasing the adoption of open source solutions across government.” Most importantly, the briefing unequivocally refutes the “myths” around open source software insecurity, stating, “Open Source is less secure: False” (pg. 10).
Additionally, the UK’s national authority on IT, The Communications-Electronics Security Group (CESG), has produced a paper, Good Practice Guide: Open Source Software – Exploring the Risk, including in their “Key Principles”, “there are no ‘right’ or ‘wrong’ answers regarding the security of OSS as opposed to that of proprietary products,” and, “No one type of software [open source or proprietary] is inherently more secure than the other.”
In addition to the UK government’s findings, other nations have also reported on their adoption—and value of—open source software:
- The U.S. Federal Government’s Source Code Policy states, “Each agency shall release as OSS [Open Source Software] at least 20 percent of its new custom-developed code… Although the minimum requirement for OSS release is 20 percent of custom-developed code, agencies are strongly encouraged to release as much custom-developed code as possible to further the Federal Government’s commitment to transparency, participation, and collaboration.” The policy continues, “When agencies release custom-developed source code as OSS to the public, they should develop and release the code in a manner that (1) fosters communities around shared challenges, (2) improves the ability of the OSS community to provide feedback on, and make contributions to, the source code, and (3) encourages Federal employees and contractors to contribute back to the broader OSS community by making contributions to existing OSS projects.” (https://sourcecode.cio.gov/OSS/)
- The Policy on Adoption of Open Source Software for Government of India, “has also been promoting the use of open source technologies in the e- Governance domain within the country in order to leverage economic and strategic benefits,” citing the 2012 National Policy on Information Technology, and its objectives to, “adopt open standards and promote open source and open technologies”, the policy states, “Government of India shall endeavor to adopt Open Source Software in all e-Governance systems implemented by various Government organizations, as a preferred option in comparison to Closed Source Software.” (http://meity.gov.in/sites/upload_files/dit/files/policy_on_adoption_of_oss.pdf)
- The U.S. Department of Defense, Office of the CIO, Open Source Software FAQ points to The 2003 MITRE study, “Use of Free and Open Source Software (FOSS) in the U.S. Department of Defense,” which posed the hypothetical question of what would happen if open source software (OSS) were banned in the U.S. Department of Defense (DoD), and found that OSS “plays a far more critical role in the DoD than has been generally recognized… (especially in) Infrastructure Support, Software Development, Security, and Research”. In particular, it found that DoD security “depends on (OSS) applications and strategies”, and that a ban “would have immediate, broad, and in some cases strongly negative impacts on the ability of the DoD to analyze and protect its own networks against hostile intrusion. This is in part because such a ban would prevent DoD groups from using the same analysis and network intrusion applications that hostile groups could use to stage cyberattacks. It would also remove the uniquely (OSS) ability to change infrastructure source code rapidly in response to new modes of cyberattack”. (http://dodcio.defense.gov/Open-Source-Software-FAQ/)
Once presented with such evidence, other news organizations reporting on Mr. Corbyn’s, “Digital Democracy Manifesto” have updated their positions. Most recently the New Statesmen corrected a similar article, “The good, the bad, and the meaningless: Jeremy Corbyn’s ‘digital democracy’ decoded” moving open source from their “bad” category to their “good” category after a Twitter exchange. We would like to recognize the responsible attitude of the article’s author, Amelia Tait (@ameliargh), who was obviously badly advised by a PR briefer with a vested interest.
Of course we could go on and on with more examples of national government adoption, but suffice to reference the recent article from Network World, “Which countries have open-source laws on the books?“, or point to the open content on Wikipedia, “Adoption of free and open-source software by public institutions“, if readers require further evidence countering the experts quoted by the Sun.
Finally, mud-flinging is now, sadly, a standard practice in politics these days, and here open source has apparently become just the latest unfortunate bystander deployed as cannon fodder. Such uninformed coverage regarding software development and distribution comes off as utterly clueless to those in government, business, technology, and the media who have worked in the sector and recognize the tremendous adoption—and resulting value—across industries that open source software now enjoys.
Clearly as highlighted above, many governments—including agencies most concerned with security—have made the conclusion that open source software does not, as Mr. Doyle warns, create a “field day” for cyber-criminals and foreign intelligence agencies. Nor are, again as Mr. Doyle fears, private firms reluctant to get involved in open source projects.
Should the Sun, Mr. Adams or Mr. Doyle wish to become better informed on the current state, and value proposition of open source software in government and business, we at the OSI would be very happy to offer our expertise.