Differences between revisions 5 and 6
Revision 5 as of 2014-05-29 06:11:08
Size: 5644
Comment: Fix PGP abbreviation, and list independent fro TLSm (not alternative to - i.e. AND not OR).
Revision 6 as of 2014-06-02 08:52:19
Size: 5513
Comment: Consistently use abbreviation FLOSS instead of varying mixtures of "free" and "open" arguably prone to misinterpretation.
Deletions are marked like this. Additions are marked like this.
Line 22: Line 22:
By means of this document, I am submitting my thoughts about the use of Debian, or other Open Source/ Free Software by the European Commission so as to meet operational and bussiness needs but without drawbacks that closed-source software represents, and to prevent therewith potential political fall-out, support a public image of responsible spending of public money, and support user needs. By means of this document, I am submitting my thoughts about the use of Debian, or other FLOSS (Free/Libre and Open Source Software) by the European Commission so as to meet operational and bussiness needs but without drawbacks that closed-source software represents, and to prevent therewith potential political fall-out, support a public image of responsible spending of public money, and support user needs.
Line 36: Line 36:
This is the case for open source software, but not for vendor-provided software. This is the case for FLOSS, but not for vendor-provided software.
Line 44: Line 44:
The question that thus came to my mind was whether it would be possible to run open source software on Commission IT platforms instead of vendor-provided software. The question that thus came to my mind was whether it would be possible to run FLOSS on Commission IT platforms instead of vendor-provided software.
Line 46: Line 46:
== a case for open source and free software == == a case for FLOSS ==
Line 48: Line 48:
I came into contact with a Debian user group in the European Parliament that has similar concerns. It has successfully launched a Debian pilot that provides the guarantees that I mentioned before and that demonstrates that all software needs can be successfully addressed through open source software. I came into contact with a Debian user group in the European Parliament that has similar concerns. It has successfully launched a Debian pilot that provides the guarantees that I mentioned before and that demonstrates that all software needs can be successfully addressed through FLOSS.
Line 50: Line 50:
The issue is thus whether a similar approach is possible in the EC, under what conditions and timeframe. It is reassuring that the Commission has already experience with the use of open source and Debian, f.i. for websites developed for Commissioners/Cabinets and …. If could be possible to expand on the basis of that experience. The issue is thus whether a similar approach is possible in the EC, under what conditions and timeframe. It is reassuring that the Commission has already experience with the use of FLOSS and Debian, f.i. for websites developed for Commissioners/Cabinets and …. If could be possible to expand on the basis of that experience.
Line 52: Line 52:
The use of open or free software has moreover an ethical component that is important for an organisation like the European Commission that operates with tax payers’ money. The need (and possibility) to demonstrate responsible management and use of public funds is an asset that can provide goodwill and additional benefits. The use of FLOSS has moreover an ethical component that is important for an organisation like the European Commission that operates with tax payers’ money. The need (and possibility) to demonstrate responsible management and use of public funds is an asset that can provide goodwill and additional benefits.
Line 54: Line 54:
A substantial number of national governments and international organisations [source] has or is looking for those reasons into the possibility to use open source and free software. A substantial number of national governments and international organisations [source] has or is looking for those reasons into the possibility to use FLOSS.
Line 56: Line 56:
At the level of capital and operational expenditure, the use of open/free software that does not have to be written off and can be further developed, shared and re-used is a way to pay investment forward to society. The use of public procurement is used to promote this trend and to wane public authorities of vendor lock-in that otherwise can keep the organisations tied to exclusive provider contracts with the attached security risks and costs. At the level of capital and operational expenditure, the use of FLOSS that does not have to be written off and can be further developed, shared and re-used is a way to pay investment forward to society. The use of public procurement is used to promote this trend and to wane public authorities of vendor lock-in that otherwise can keep the organisations tied to exclusive provider contracts with the attached security risks and costs.
Line 58: Line 58:
Debian is free open source software that allows running centralised or autonomous (stand-alone) applications in a secure, transparent and independent manner can end the vendor lock-in conundrum in a way that closed-software applications never can offer. The applications that run on and with Debian can qualify for a TLS certificate and PGP (depending on the user-cultural context) to demonstrate their reliability and security. Debian is FLOSS that allows running centralised or autonomous (stand-alone) applications in a secure, transparent and independent manner can end the vendor lock-in conundrum in a way that closed-software applications never can offer. The applications that run on and with Debian can qualify for a TLS certificate and PGP (depending on the user-cultural context) to demonstrate their reliability and security.

DebianParl in the European Commission

Introduction

By means of SMT Reference (Ticket) Nr IM0012717721 I received the following request:
IM0012717721
Dear user,
We are working on your help request IM0012717721. Can you please provide the following information to progress your request.
Requested information :

Dear Jacques,
Refering to our discussion over the phone, please get back to us with an email in which you sum all your thoughts up.
We will then forward it to the appropriate team.

best regards,

[name]

Thank you for your cooperation.

purpose of this document

By means of this document, I am submitting my thoughts about the use of Debian, or other FLOSS (Free/Libre and Open Source Software) by the European Commission so as to meet operational and bussiness needs but without drawbacks that closed-source software represents, and to prevent therewith potential political fall-out, support a public image of responsible spending of public money, and support user needs.

introduction

I am a user of the Commission IT systems with an interest in security, sustainability and transparency. This interest was educated by my previous professional activities.

I was, for instance, the administrator for the project for the design, contracts, building and deployment of large scale police and justice IT systems (Schengen Information System, SIRENE support system, the Visa Information System, and a connection between national Automated Fingerprint Information Systems), for the drafting and negotiation of the counter-terrorism strategy, as well as for the management of the Data Retention and Data Protection Directives.

core needs

The point in case is to provide users of the Commission IT System a secure and reliable environment for their daily work, that is under-friendly and gives reasonable guarantees that the texts and documents sent arrive unaltered at the intended addressees only, and that the documents received are identical to the documents sent by the sender.

Security and reliability guarantees can be given only if the system is fully auditable, which is the case if the source code is known.

This is the case for FLOSS, but not for vendor-provided software.

Examples abound of state- and commercial intrusion in personal and non-public data, which can interfere with the need for a secure working environment and the interests of the Commission and the EU.

basic concepts

In my previous activities the investment made in data security was important not only to ensure the legality of criminal investigations and the constitutional rights of second and third parties, but also in the interest of the management of organisations concerned (responsibility, business continuity, liability, success, financial or reputational damage) and of system users.

The question that thus came to my mind was whether it would be possible to run FLOSS on Commission IT platforms instead of vendor-provided software.

a case for FLOSS

I came into contact with a Debian user group in the European Parliament that has similar concerns. It has successfully launched a Debian pilot that provides the guarantees that I mentioned before and that demonstrates that all software needs can be successfully addressed through FLOSS.

The issue is thus whether a similar approach is possible in the EC, under what conditions and timeframe. It is reassuring that the Commission has already experience with the use of FLOSS and Debian, f.i. for websites developed for Commissioners/Cabinets and …. If could be possible to expand on the basis of that experience.

The use of FLOSS has moreover an ethical component that is important for an organisation like the European Commission that operates with tax payers’ money. The need (and possibility) to demonstrate responsible management and use of public funds is an asset that can provide goodwill and additional benefits.

A substantial number of national governments and international organisations [source] has or is looking for those reasons into the possibility to use FLOSS.

At the level of capital and operational expenditure, the use of FLOSS that does not have to be written off and can be further developed, shared and re-used is a way to pay investment forward to society. The use of public procurement is used to promote this trend and to wane public authorities of vendor lock-in that otherwise can keep the organisations tied to exclusive provider contracts with the attached security risks and costs.

Debian is FLOSS that allows running centralised or autonomous (stand-alone) applications in a secure, transparent and independent manner can end the vendor lock-in conundrum in a way that closed-software applications never can offer. The applications that run on and with Debian can qualify for a TLS certificate and PGP (depending on the user-cultural context) to demonstrate their reliability and security.

conclusion and recommendation

Having regard to what precedes, I am of the opinion that it would be beneficial that the EC would consider a more general use of OS and FS to cover business/operational needs. Interaction with the Debian User group in the EP could help exploration of opportunities and challenges. Since risks inherent to the use of closed-software remain as long as this software is used, a strategy of containment in relation to a phasing out should be guided by a risk/threat analysis ….