Source files of,,,,, and Contribute:
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

83 lines

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <html newsdate="2019-02-05">
  3. <version>1</version>
  4. <head>
  5. <title>Huawei case demonstrates importance of Free Software for security</title>
  6. </head>
  7. <body>
  8. <h1>
  9. Huawei case demonstrates importance of Free Software for security
  10. </h1>
  11. <p>The discussion of the Huawei security concerns
  12. showcases a general trust issue when it comes to critical
  13. infrastructure. A first step to solve this problem is to publish the
  14. code under a Free and Open Source Software licence and take measures to
  15. facilitate its independently-verifiable distribution.</p>
  16. <p>The ongoing debate about banning Huawei hardware for the rollout of
  17. 5G networks, following earlier state espionage allegations, falls too
  18. short. It is not just about the Chinese company but about a general
  19. lack of transparency within this sector. As past incidents proved, the
  20. problem of backdoors inside blackboxed hard- and software is widely
  21. spread, independently from the manufacturers' origins.</p>
  22. <div class="captioned" style="margin: 1.5em auto;">
  23. <figure>
  24. <img src="" alt="A digital building disallows to audit its code. A metaphor for software blackboxes." />
  25. </figure>
  26. </div>
  27. <p>However, it is unprecedented that the demand to inspect the source
  28. code of a manufacturer's equipment has been discussed so broadly and
  29. intensely. The Free Software Foundation Europe (FSFE) welcomes that the
  30. importance of source code is recognised, but is afraid that the
  31. proposed solution falls too short. Allowing inspection of the secret
  32. code by selected authorities and telephone companies might help in this
  33. specific case, but will not solve the general problem.</p>
  34. <p>To establish trust in critical infrastructure like 5G, it is a
  35. crucial precondition that all software code powering those devices is
  36. published under a Free and Open Source Software licence. Free and Open
  37. Source Software guarantees the four freedoms to use, study, share, and
  38. improve an application. On this basis, everyone can inspect the code,
  39. not only for backdoors, but for all security risks. Only these freedoms
  40. allow for independent and continuous security audits which will lead
  41. citizens, the economy, and the public sector to trust their
  42. communication and data exchange.</p>
  43. <p>Furthermore, in order to verify code integrity – so that the
  44. provided source code corresponds to the executable code running on the
  45. equipment – it is either necessary that there are reproducible builds
  46. in case of binary distribution, or that providers are brought into the
  47. position to compile and deploy the code on their own.</p>
  48. <blockquote><p>"We should not only debate the Huawei case but extend
  49. the discussion to all critical infrastructure." says Max Mehl, FSFE
  50. Programme Manager. "Only with Free and Open Source Software,
  51. transparency and accountability can be guaranteed. This is a long-known
  52. crucial precondition for security and trust. We expect from state
  53. actors to immediately implement this solution not only for the Huawei
  54. case but for all comparable IT security issues."</p></blockquote>
  55. </body>
  56. <tags>
  57. <tag key="front-page"/>
  58. <tag key="security">IT Security</tag>
  59. <tag key="pmpc">Public Code</tag>
  60. <tag key="huawei">Huawei</tag>
  61. </tags>
  62. <image url="" />
  63. </html>
  64. <!--
  65. Local Variables: ***
  66. mode: xml ***
  67. End: ***
  68. -->