EC Questions Security Of Open Source Software

The vice president of the European Commission has warned that any progress in using open source and open standards in the region will have to be tempered against the possibility that the software could have downsides in terms of security.

Speaking ahead of the launch of a European declaration on approaches to e-government in Europe up to 2015 in Malmo, Sweden, vice president of the European Commission Siim Kallas stated in a webcast that although the commission was behind the idea of adopting open source and open standards, such approaches to IT have implications for security and business continuity that governments must consider.

“You must understand that these open standard issues include an important element of sustainability and also security, so we must have a balance between the openess and the business continuity and security which is quite important,” he said when asked about the importance of open source. “There should be a good balance between open standards and open source and business continuity – and we are open to discuss all possible solutions.”

Although slightly faltering, Kallas’ comments appear to reflect the view – championed by proprietary software makers – that open approaches to software development are somehow more insecure than closed-source techniques and as a result more exposed to hacking or other attacks.

Kallas’ comments may surprise some in the open source community, timed as they are just before the official announcement of the Malmo EC declaration, which includes a commitment to put open-source solutions on an equal footing when it comes to awarding government contracts. The UK government made a similar declaration earlier this year but according to some experts in the open source community – little has changed when it comes to adoption of open source in the public sector.

“The UK has one of the best-written policies out there — the problem is policing it,” said Steve Shine, vice president of worldwide operations at open source specialist Ingres at a discussion in September. The problem is that large procurements simply ignore it, and this is not being picked up, he added.

In February, the UK government said it intended to use open source to save £600 million a year and published guidelines the that effect but, despite this, the UK lags badly at open source, using it less than countries like Mali, open source activists said at a meeting in September.

Elsewhere in Europe, other countries including Switzerland and Hungary have seen action taken by open source backers to force governments to break-down barriers to the use of non-proprietary software in the public sector. In an open letter to the Hungarian government’s procurement agency earlier this month – Directorate General for Central Services (KSZF) – the Open Document Format Alliance (ODFA) stated that last year the government spent around 9.5bn Hungarian forints (£32 million) on Microsoft software and has already spent 6.3 million euros (£5.6 million) on educational licenses and millions more on consultation and services from the software giant.

“Please make your calculations known to the public which will prove that open source will not be a viable low cost alternative,” the letter states.

The UK government is also involved in the drafting of the new Malmo regulations and has pledged support for extending its existing commitment to open source across Europe, despite the concerns over whether it has even been able to apply the policy in its own country. “This meeting gives me the opportunity to share our successes with my European counterparts and also learn from their experiences,” said cabinet office Minister Angela Smith, who is attending the meeting in Malmo.

Smith also stated that the UK is leading the way in Europe when it comes to using the internet to improve public services – another facet of the e-government directive being announced on Thursday. “With a huge range of public services available online, pioneering work taking place to free-up data and the world’s first plan to systematically cut the carbon emissions of government IT systems, Britain is leading the way in e-Government.

The Conservative opposition party in the UK recently appointed an open source enthusiast as an adviser on the use of the internet in public services. In early October, Tom Steinberg, co-founder of mySociety, the site behind online tools such as TheyWorkForYou.com agreed to help the Conservative party with internet policy. mySociety developed much of its software under the Affero GPL – a version of the GNU General Public License that actually goes further than the standard GPL. In an interview with Heise UK, Steniberg admitted that applications developed by mySociety such as TheyWorkForYou.com, WriteToThem.com, and PledgeBank.com would have been difficult to create without open source tools.

In September, the Hungarian government did approve a scheme that allows open source companies to compete for a share of public sector contracts but admitted at the time that half the IT budget is still reserved for Microsoft.

Speaking at a conference in Budapest earlier this year Florian Schiessl, deputy manager of the Munich LiMux project – one of Europe’s most high-profile Linux migrations – said there has to be political will to push through change. “Our politicians decided to have independence – we have the political backing. If there is no political backing – I know from many, many projects in the principalities and in the federal government and so on – then you have a real problem,” he said.