Blog

Of Open Source, Security and the Naughty Stair

Written By:
Published:
Content Copyright © 2006 Bloor. All Rights Reserved.

I had the pleasure of attending a forum the other day hosted by
OASIS which is the Organization for the Advancement of Structured
Information Standards, a non-profit consortium focussed on
developing e-business standards.

At the event I ran a panel session which discussed the following
proposition:

“The house proposes that within 10 years all European
governments will have adopted systems based on open security
standards for all external electronic communication. By then,
governments will use open source software exclusively to implement
those open standards in order to be accountable to citizens,
business and other governments.”

The proposition, as it stood, had a number of semantic flaws
that were quickly picked up by all those present. For example, what
is an open security standard? What is open source? Even, I guess,
what is a European government?

Standards

Most people would agree that standards are generally a good
thing. Despite the fact I cannot touch type having a standard
QWERTY key board (phew, that was easy to type) makes life easier
when moving from PC to PC. Likewise having a standard 13 AMP power
socket in my house means that I can easily plug in an extension
cable and be assured that it is compatible.

Whatever people may think of Microsoft one needs to consider the
impact they have had on the industry by providing a standard
platform used by most of the world’s PCs. Let’s face
it, if you are going to create a mass market product for the PC
what operating system are you going to target?

Likewise I have to say therein lies the same attraction for the
myriad of malware writers.

I like the fact I can plug in a vast range of peripherals to my
PC and they just work. The same story isn’t quite true for
many people using more esoteric operating systems as the maturity
and compatibility just isn’t there.

The downside of having a dominant player such as Microsoft is
the inevitable founded (and some unfounded) accusation of bad
behaviour ranging from acting like a stroppy teenager through to
downright illegal monopolistic shenanigans.

Unfortunately 20 minutes on the naughty stair does not seem to
have much impact on such a gigantic and powerful organisation.

Open Security Standards

When we start to talk about open security standards what do we
mean? Do we mean an agreed way of encoding data and then sharing
it? Maybe, maybe not. But when it comes to managing data at a
governmental level we, as citizens, have a number of
expectations.

I expect my data to be secure. I expect my data to be protected
from illegal fishing trips when agencies fancy taking a look
“just in case”. I expect my data to be treated with
respect.

I am happy if governments want to standardise on a security
protocol. Quite frankly I don’t care if they use black magic
to secure my data, as long as it is secured from prying eyes and
treated with respect.

Open Source Software

Open source software clearly has a passionate following. This
ranges from the quite clearly obsessive personalities that see it
as their mission in life to create open source software to the
exclusion of all else through to the more passive observers such as
myself that see open source software as having a part to play in
the great scheme of things.

I do have a problem with the notion that people will give freely
of their time to an open source development project on the basis
that it contributes to the greater good. Unfortunately we all have
to live, and trying to pay for your shopping at ASDA with the
ebullient thanks of your co-developers isn’t going to get you
very far.

Do I have a problem that my government is using proprietary
software to conduct its business? Not really. As long as the
supplier is reputable, then, quite frankly, I have other things to
worry about. Of course the vendor could have put in some back door
code but then over 3,000 people get killed on the roads in the UK
each year which concerns me more.

I suppose I do have a concern when we talk about software in
support of that most democratic process, elections. Horror stories
emanating from the US about new voting machines that do not provide
an auditable paper trail of the vote instead only retaining an
electronic image does concern me. For this most basic democratic
process sticking my big cross on a piece of paper every 4 years or
so is something I am prepared to do.

But then we have discussions about trying to engage with the
“yoof” and enabling voting via mobile phones, as per
the X Factor. Maybe we could get more people to take part in the
democratic process by enabling such voting, but we seem to have a
perfectly viable postal voting system for those that are absent or
unable to make the ballot box or am I just being old fashioned?

In 10 years time?

Sounds like one of those dumb interview questions, “So Mr
S where do you see yourself in 10 years time?”. Well, quite
frankly, I can’t see more than 10 days ahead on occasions so
10 years in a bit of a stretch. In 10 years we could see a
significant erosion of the Microsoft franchise and the emergence of
a hot new competitor that is being run by the next Bill Gates.
Indeed we may see Google continue to succeed and become—using
the dread expression—“the new Microsoft”. I would
bet a (moderate) amount of money that the next big thing is
currently under development and will be coming to our PCs soon. Who
would have thought a video sharing site such as YouTube would have
gained so much mind share so quickly?

One thing I am moderately happy about predicting is that
European governments would not have got their act together and
banned all proprietary software and replaced it with open source.
The politics of Europe is a nightmare, as anyone that follows the
scene will attest.

What we may see is a move to a more hybrid environment where
government uses both open source and proprietary software on the
basis that it will interoperate better (using open standards maybe)
and enable government business to be conducted more easily.

Back to the Proposition

I started this article with the proposition that;

”The house proposes that within 10 years all European
governments will have adopted systems based on open security
standards for all external electronic communication. By then,
governments will use open source software exclusively to implement
those open standards in order to be accountable to citizens,
business and other governments.”

My view?

“ Within 10 years SOME European
governments will have adopted systems based on open security
standards for MOST external electronic
communication. By then, SOME governments will use
open source software exclusively to implement those open standards
in order to be accountable to citizens, business and other
governments.”

Meanwhile I am going to ponder the thought of Bill Gates
spending 30 minutes on the naughty stair.