Thanks for sharing!
I just passed it on to a government mailing list in my country (Peru).
I did a quick search and found an article by the Singaporean government
explaining their logic, which I shared also.
<https://www.tech.gov.sg/media/technews/six-things-about-opentrace>
Hope it helps!
Regards,
Sebastian
El vie, 10 de abr de 2020 a las 15:52, Paul Boddie <[email protected]>
escribió:
On Friday 10. April 2020 12.00.34 Jan Wey. wrote:
I was made aware of this just 5 minutes ago. Sorry, if this was
already
mentioned on this ML in the past few days.
Singapore decided to release their Tracing-App under GPL-3.0 [0],
which
obviously would establish better trust and would benefit other
countries
and regions as well, as the software (or parts of it) could be
re-used,
being in line with PMPC[1] as well as the FSFE's call to release any
COVID19 Tracking App under a Free Software License.
[...]
[0] <https://github.com/opentrace-community>
[1] <https://publiccode.eu/>
[2] <https://fsfe.org/news/2020/news-20200402-02.html>
This is interesting to hear about! Reading the Norwegian news
recently, it
would appear that the "app" being developed for this country's public
health
agency will not be Free Software. Here's a reasonable Norwegian
language entry
point to the news coverage:
<https://www.nrk.no/norge/fhi-appen-smittestopp-gjennomgas-na-av-sikkerhetseksperter-1.14977918>
The justification for this is fairly weak:
<https://www.simula.no/news/digital-smittesporing-apen-kildekode>
One reason given is that making the source code available helps
people with
"hostile intent" to do bad things. Obviously, one can also argue that
making
the code available allows people with helpful intent to remedy the
bad things
that may be in the software, these being there through accident,
questionable
judgement or even malicious intent.
To justify their position, the case of the Heartbleed vulnerability is
mentioned, with it being stated that the bug that caused it lingered
for two
years in Free Software without the anticipated scrutiny being brought
to bear.
Certainly, those who pitch "open source" largely as an efficiency or
economic
tool (the ones who talk about bugs and eyeballs) don't do the Free
Software
movement many favours by reducing the spectrum of benefits down to a
single
easy-to-sell metric of success.
But as we know, the real reason for things like Heartbleed occurring
is the
chronic underinvestment in Free Software by companies making colossal
amounts
of money using Free Software. These companies are happy to see "open
source"
in broad use, but they are not prepared to adequately invest in the
maintenance and further development of the software. When the auditing
audience is burned-out volunteers and bad guys, the situation is
obviously not
favourable to those wanting to see high reliability and security
engineered
into the code.
The fact is, however, that Free Software characteristics are largely
orthogonal to how good any software might be. There is nothing to
stop the
best quality software being Free Software, and there is nothing to
stop
commercially "valuable" proprietary software being complete garbage.
Sadly,
academic and research institutions are often bamboozled by predatory
"innovation" advocacy that equates value with scarcity and secrecy,
leading to
the hoarding of research benefits for application within privileged
niches
instead of helping to strengthen society at large.
With regard to the news article on the topic, there are various
attempts at
reassurance about how serious the developers are taking the work. For
example:
"Måten vi jobber på er nok veldig likt hvordan åpen
kildekode-miljøet ville
jobbet. Det er også den typen folk som sitter i gruppen, sier
lederen av
ekspertgruppen."
("The way we work is probably rather like how the open source
community would
have worked. It is also this kind of people working in our group,
says the
leader of the expert group.")
In other words, a form of imitation of how Free Software developers
might work
is occurring based on a perception of a particular "kind of person".
Seeing
how well the industry tends to imitate various recommended practices
more
generally, typically failing in a burdensome way, I'm not sure how
much
confidence I would have from such reassurances.
Reassurances from the government also seem to be readily forthcoming:
"Vi vil selvfølgelig ikke lansere en løsning hvis det skulle vise
seg at den
ikke er sikker. Ekspertgruppens uavhengige vurdering vil selvsagt
være viktig
for oss i den sammenhengen, sier helseminister Bent Høie til NRK."
("We would obviously not release a solution if there were indications
that it
wasn't secure. The expert group's independent assessment will, of
course, be
important for us in that regard, says health minister Bent Høie til
NRK.")
I would take government reassurances more seriously if we hadn't
previously
heard lazy brushing aside of concerns about attacks on electoral
processes and
infrastructure by the prime minister. A while ago there were reports
of
intrusions and data breaches at one of the regional health providers,
but all
that seemed to emerge from that episode were vague "nothing to see
here"
claims from these ministers.
For more criticism, a Norwegian language article (and its comments)
linked to
from the above news article is somewhat worth reading:
<https://nrkbeta.no/2020/04/02/advarer-mot-a-installere-fhis-korona-app/>
Here, the Singapore application is mentioned along with indications
that
Germany may also take it into use. There also appear to be
architectural
differences between the way these applications work: centralised
versus
decentralised communication, for instance.
Fundamentally, Free Software means having control over the software
we choose
(or are asked to choose) to run on our devices. Denying us the
ability to know
what that software does is simply exploitative. It is rather telling
that
Simula - the developers of the Norwegian application - don't even
dignify this
fundamental aspect of Free Software in their response to criticism.
And it is
interesting that a country renowed for its surveillance and social
control is
more open about the technology it uses than a country that actively
projects
an entirely different image of itself to the rest of the world.
Paul
P.S. I find it also laughable that the following statement is paraded
early on
in the Simula article:
"Åpenhet og kunnskapsdeling er en del av ryggmargen vår."
("Openness and knowledge sharing is an essential part of who we are.")
As far as I know Simula is part of the software patenting
"innovation" circus
in this country, which is fundamentally incompatible with true
openness and
sharing.
_______________________________________________
Discussion mailing list
[email protected] <mailto:[email protected]>
<https://lists.fsfe.org/mailman/listinfo/discussion>
This mailing list is covered by the FSFE's Code of Conduct. All
participants are kindly asked to be excellent to each other:
<https://fsfe.org/about/codeofconduct>
_______________________________________________
Discussion mailing list
[email protected]
https://lists.fsfe.org/mailman/listinfo/discussion
This mailing list is covered by the FSFE's Code of Conduct. All
participants are kindly asked to be excellent to each other:
https://fsfe.org/about/codeofconduct
