[Parl-user] Hangout at Karsmakers Thursday 29th

Jacques.Verraes at ec.europa.eu Jacques.Verraes at ec.europa.eu
Wed May 28 19:50:07 UTC 2014 

Dear Jonas, All



Thanks for the interesting lunch.
I typed out the ideas that came around on the wiki platform created by Jonas. I hope I pushed the right buttons. If not, herewith a transcript of the text that I intended to upload .



Your comments, additions, recommendations and insights are most welcome.



Best



Jacques

·        DebianParl<https://wiki.debian.org/DebianParl>
·        EC<https://wiki.debian.org/DebianParl/EC?action=fullsearch&context=180&value=linkto%3A%22DebianParl%2FEC%22>
DebianParl used by the European Commission
Debian / Open Source Software in the European Commission
Introduction

By means of SMT Reference (Ticket) Nr IM0012717721 I received the following request: IM0012717721 Dear user, We are working on your help request IM0012717721. Can you please provide the following information to progress your request. Requested information :

Dear Jacques, Refering to our discussion over the phone, please get back to us with an email in which you sum all your thoughts up. We will then forward it to the appropriate team.

best regards,

[name]

Thank you for your cooperation.

purpose of this document

By means of this document, I am submitting my thoughts about the use of Debian, or other Open Source/ Free Software by the European Commission so as to meet operational and bussiness needs but without drawbacks that closed-source software represents, and to prevent therewith potential political fall-out, support a public image of responsible spending of public money, and support user needs.

introduction

I am a user of the Commission IT systems with an interest in security, sustainability and transparency. This interest was educated by my previous professional activities. I was, for instance, the administrator for the project for the design, contracts, building and deployment of large scale police and justice IT systems (Schengen Information System, SIRENE support system, the Visa Information System, and a connection between national Automated Fingerprint Information Systems), for the drafting and negotiation of the counter-terrorism strategy, as well as for the management of the Data Retention and Data Protection Directives.

core needs

The point in case is to provide users of the Commission IT System a secure and reliable environment for their daily work, that is under-friendly and gives reasonable guarantees that the texts and documents sent arrive unaltered at the intended addressees only, and that the documents received are identical to the documents sent by the sender.

Security and reliability guarantees can be given only if the system is fully auditable, which is the case if the source code is known. This is the case for open source software, but not for vendor-provided software. Examples abound of state- and commercial intrusion in personal and non-public data, which can interfere with the need for a secure working environment and the interests of the Commission and the EU.

basic concepts

In my previous activities the investment made in data security was important not only to ensure the legality of criminal investigations and the constitutional rights of second and third parties, but also in the interest of the management of organisations concerned (responsibility, business continuity, liability, success, financial or reputational damage) and of system users. The question that thus came to my mind was whether it would be possible to run open source software on Commission IT platforms instead of vendor-provided software.

a case for open source and free software

I came into contact with a Debian user group in the European Parliament that has similar concerns. It has successfully launched a Debian pilot that provides the guarantees that I mentioned before and that demonstrates that all software needs can be successfully addressed through open source software.

The issue is thus whether a similar approach is possible in the EC, under what conditions and timeframe. It is reassuring that the Commission has already experience with the use of open source and Debian, f.i. for websites developed for Commissioners/Cabinets and …. If could be possible to expand on the basis of that experience.

The use of open or free software has moreover an ethical component that is important for an organisation like the European Commission that operates with tax payers’ money. The need (and possibility) to demonstrate responsible management and use of public funds is an asset that can provide goodwill and additional benefits.

A substantial number of national governments and international organisations [source] has or is looking for those reasons into the possibility to use open source and free software.

At the level of capital and operational expenditure, the use of open/free software that does not have to be written off and can be further developed, shared and re-used is a way to pay investment forward to society. The use of public procurement is used to promote this trend and to wane public authorities of vendor lock-in that otherwise can keep the organisations tied to exclusive provider contracts with the attached security risks and costs.

Debian is free open source software that allows running centralised or autonomous (stand-alone) applications in a secure, transparent and independent manner can end the vendor lock-in conundrum in a way that closed-software applications never can offer. The applications that run on and with Debian can qualify for a TLS or PPP certificate (depending on the user-cultural context) to demonstrate their reliability and security.

conclusion and recommendation

Having regard to what precedes, I am of the opinion that it would be beneficial that the EC would consider a more general use of OS and FS to cover business/operational needs. Interaction with the Debian User group in the EP could help exploration of opportunities and challenges. Since risks inherent to the use of closed-software remain as long as this software is used, a strategy of containment in relation to a phasing out should be guided by a risk/threat analysis ….



-----Original Message-----
From: Jonas Smedegaard [mailto:dr at jones.dk]
Sent: Wednesday, May 28, 2014 6:10 PM
To: VERRAES Jacques (RTD)
Cc: parl-user at lists.alioth.debian.org
Subject: Re: [Parl-user] Hangout at Karsmakers Thursday 29th



Quoting Jacques.Verraes at ec.europa.eu<mailto:Jacques.Verraes at ec.europa.eu> (2014-05-28 15:15:23)

> Thank u all for attending the lunch pledge: the expected pleasure

> materialised. Now that we agree on what we want, we want to agree on

> the text to forward 2 DG Digit. With the help of Jonas we will wiki it

> together.



I created a page here: https://wiki.debian.org/DebianParl/EC



At the top of the page, register yourself.



When done, go back to same web page again, and choose "edit".



To see how to style the page (headlines, bold, links etc.) you can see

how https://wiki.debian.org/DebianParl/GreensEFA looks in raw edit form

at https://wiki.debian.org/DebianParl/GreensEFA?action=raw



If this was a too short and confusing guide, just tell me where you got

lost, and I'll try from there in a slower pace.





This is really great!





- Jonas



--

 * Jonas Smedegaard - idealist & Internet-arkitekt

* Tlf.: +45 40843136  Website: http://dr.jones.dk/



[x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/parl-user/attachments/20140528/cd3d53c2/attachment.html>

More information about the Parl-user mailing list