According to The Sun, Jeremy Corbyn’s plans to make all publicly-funded software and hardware accessible through an open source license would ‘let foreign spooks rob the UK‘. Unfortunately, it looks like no one told The Sun themselves.
Corbyn announced the policy as part of his digital democracy manifesto on 30th August, with the intention of making programming more accessible for everyone. The Sun has called into question the security risks of doing so – while itself hosting its site using WordPress – which is open source blogging software.
Open source is everywhere
The newspaper isn’t the only organisation to place its trust in open source software. Firefox, the web browser by Mozilla, uses open source code. Twitter runs an open source programme. So does NASA.
In fact, the government’s Digital Service Standard already requests that all new source code is made open. According to the site, “all public facing transactional services must meet the standard”. As Greg Dash, who has worked with Corbyn’s team as a member of Coders for Corbyn, says:
incentivising open source development in all publicly funded projects seems the logical next step.
Security risks
The Sun’s primary concern is that the requirement will cover MoD and security service software and hardware. According to their supposed “expert”, Neil Doyle, that could mean “giving the keys to spies and copycat outfits in Russia, North Korea and China”.
He apparently also said it would be easier for hackers to inspect software and hardware for vulnerabilities, in order to steal sensitive data.
It is by no means untrue that releasing code under an open source license gives everyone who accesses it the ability to locate vulnerabilities. However, the UK country manager at Astaro, a unified threat management firm, told Computer Weekly that:
by having so many individuals working with the source code of these projects, potential vulnerabilities and design flaws are uncovered much faster than with programs built on proprietary code.
Ultimately, whether code is open or not, if there is a vulnerability, hackers will find it. Keeping source code open allows others to patch over the vulnerability if they find it first.
This is the idea of ‘security through obscurity’, which has its basis with 19th century locksmiths. Alfred Charles Hobbes wrote in 1853 that he demonstrates lock-picking techniques to the public without fear that he is encouraging people to do so because “rogues are very keen in their profession, and know already much more than we can teach them”.
There are also already security initiatives designed to monitor open source. One such example is Mozilla’s Secure Open Source (SOS) Fund, with its mission to “provide security auditing, remediation, and verification for key open source software projects”.
Plus, having access to the source code does not give you access to that sensitive information. It simply gives you the code to run your own. It is almost a certainty that were Corbyn’s policy to be enacted, secure data would be protected just the same.
What’s more, when changes are made to code, they must be submitted and approved before they become live. This means that any incorrect or malicious code should, by rights, be seen long before it is executed.
Presumably The Sun and their ‘expert’ know all this. What they’re counting on is the idea that their readers don’t. Which demonstrates exactly how much respect they have for them.
Hypocrisy
Not only is The Sun’s argument that using open source software could be considered a security risk disingenuous, the fact that The Sun themselves use the open source software WordPress proves that it is utterly untrue.
Furthermore, after digging a little deeper, EvolvePolitics have uncovered that the ‘expert’ used in The Sun’s article also uses the same open source software for his own personal website.
The expert in question, Neil Doyle, is actually an “Investigative journalist and author” according to his Twitter bio, and in no way an expert in open source software.
Fake journalism
Th Sun’s headline for this latest Corbyn smear contains a rather telling quote – supposedly from their so-called expert. A quote that, for some reason is missing in the article, and very conveniently misses out words to fit within the constraints of a headline word limit.
The phrase in quotes – ‘would let foreign spooks rob UK’ is not actually a quote from their expert. And would a person use this exact phrase in a sentence, omitting the word ‘the’ from between ‘rob’ and ‘UK’? Of course not. The Sun has actually used a quote from themselves in the headline, and they’ve even, quite comically, managed to misquote it by omitting the word ‘the’.
Another telling ‘quote’ from The Sun’s so-called expert is this one:
Open source means code and plans can be accessed and potentially altered and re-packaged by anyone.
The word ‘plans’ has absolutely no place being in this sentence. It is merely used in attempt to dupe the reader into subconsciously assuming that sensitive information could be leaked – which is wholly untrue. The only thing ‘accessible’ is the code. There are no ‘plans’ in open source software.
The Sun’s ‘expert’ also says “Cyber-criminals and foreign intelligence agencies would have a field day.” if open source software was used. Which presumably means that hackers would also have no trouble getting in to The Sun’s computers to find out their sordid little secrets, either.
I truly despair at the state of the UK’s media.
