Of Open Source, Security and the Naughty Stair (Pt 1)

I had the pleasure of attending a forum the other day hosted by OASIS which is the Organization for the Advancement of Structured Information Standards, a non-profit consortium focussed on developing e-business standards.

At the event I ran a panel session which discussed the following proposition;

”The house proposes that within 10 years all European governments will have adopted systems based on open security standards for all external electronic communication. By then, governments will use open source software exclusively to implement those open standards in order to be accountable to citizens, business and other governments.”

The proposition, as it stood, had a number of semantic flaws that were quickly picked up by all those present. For example, what is an open security standard? What is open source? Even, I guess, what is a European government?

Standards

Most people would agree that standards are generally a good thing. Despite the fact I cannot touch type having a standard QWERTY key board (phew, that was easy to type) makes life easier when moving from PC to PC. Likewise having a standard 13 AMP power socket in my house means that I can easily plug in an extension cable and be assured that it is compatible.

Whatever people may think of Microsoft one needs to consider the impact they have had on the industry by providing a standard platform used by most of the world’s PCs. Let’s face it, if you are going to create a mass market product for the PC what operating system are you going to target?

Likewise I have to say there in lies the same attraction for the myriad of malware writers.

I like the fact I can plug in a vast range of peripherals to my PC and they just work. The same story isn’t quite true for many people using more esoteric operating systems as the maturity and compatibility just isn’t there.

The downside of having a dominant player such as Microsoft is the inevitable founded (and some unfounded) accusation of bad behaviour ranging from acting like a stroppy teenager through to downright illegal monopolistic shenanigans.

Unfortunately 20 minutes on the naughty stair does not seem to have much impact on such a gigantic and powerful organisation.

Open Security Standards

When we start to talk about open security standards what do we mean? Do we mean an agreed way of encoding data and then sharing it? Maybe, maybe not. But when it comes to managing data at a governmental level we as citizens have a number of expectations.

I expect my data to be secure. I expect my data to be protected from illegal fishing trips when agencies fancy taking a look “just in case”. I expect my data to be treated with respect.

I am happy if governments want to standardise on a security protocol. Quite frankly I don’t care if they use black magic to secure my data, as long as it is secured from prying eyes and treated with respect.