Source files of,,,,, and Contribute:
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

news-20190205-01.en.xhtml 3.4KB

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <html newsdate="2019-02-05">
  3. <head>
  4. <title>Huawei case demonstrates importance of Free Software for security</title>
  5. </head>
  6. <body>
  7. <h1>
  8. Huawei case demonstrates importance of Free Software for security
  9. </h1>
  10. <p newsteaser="yes">The discussion of the Huawei security concerns
  11. showcases a general trust issue when it comes to critical
  12. infrastructure. A first step to solve this problem is to publish the
  13. code under a Free and Open Source Software licence and take measures to
  14. facilitate its independently-verifiable distribution.</p>
  15. <p>The ongoing debate about banning Huawei hardware for the rollout of
  16. 5G networks, following earlier state espionage allegations, falls too
  17. short. It is not just about the Chinese company but about a general
  18. lack of transparency within this sector. As past incidents proved, the
  19. problem of backdoors inside blackboxed hard- and software is widely
  20. spread, independently from the manufacturers' origins.</p>
  21. <div class="captioned" style="margin: 1.5em auto;">
  22. <figure>
  23. <img src="/picturebase/campaigns/pmpc/201902-pmpc-security-blackbox.jpg" alt="A digital building disallows to audit its code. A metaphor for software blackboxes." />
  24. </figure>
  25. </div>
  26. <p>However, it is unprecedented that the demand to inspect the source
  27. code of a manufacturer's equipment has been discussed so broadly and
  28. intensely. The Free Software Foundation Europe (FSFE) welcomes that the
  29. importance of source code is recognised, but is afraid that the
  30. proposed solution falls too short. Allowing inspection of the secret
  31. code by selected authorities and telephone companies might help in this
  32. specific case, but will not solve the general problem.</p>
  33. <p>To establish trust in critical infrastructure like 5G, it is a
  34. crucial precondition that all software code powering those devices is
  35. published under a Free and Open Source Software licence. Free and Open
  36. Source Software guarantees the four freedoms to use, study, share, and
  37. improve an application. On this basis, everyone can inspect the code,
  38. not only for backdoors, but for all security risks. Only these freedoms
  39. allow for independent and continuous security audits which will lead
  40. citizens, the economy, and the public sector to trust their
  41. communication and data exchange.</p>
  42. <p>Furthermore, in order to verify code integrity – so that the
  43. provided source code corresponds to the executable code running on the
  44. equipment – it is either necessary that there are reproducible builds
  45. in case of binary distribution, or that providers are brought into the
  46. position to compile and deploy the code on their own.</p>
  47. <blockquote><p>"We should not only debate the Huawei case but extend
  48. the discussion to all critical infrastructure." says Max Mehl, FSFE
  49. Programme Manager. "Only with Free and Open Source Software,
  50. transparency and accountability can be guaranteed. This is a long-known
  51. crucial precondition for security and trust. We expect from state
  52. actors to immediately implement this solution not only for the Huawei
  53. case but for all comparable IT security issues."</p></blockquote>
  54. </body>
  55. <tags>
  56. <tag>front-page</tag>
  57. <tag content="IT Security">security</tag>
  58. <tag content="Public Code">pmpc</tag>
  59. <tag content="Huawei">huawei</tag>
  60. </tags>
  61. <image url="" />
  62. </html>
  63. <!--
  64. Local Variables: ***
  65. mode: xml ***
  66. End: ***
  67. -->