I’ve been thinking about transparency and security in the public sector. Do you think all government software and platforms should be open source?
Some countries have already made progress in this area:
- Estonia: digital government services with open and auditable APIs.
- United Kingdom: several open source government projects and systems published on GitHub.
- France and Canada: policies encouraging the use of free and open source software in public agencies.
Possible benefits:
- Full transparency: anyone can audit the code, ensuring there is no corruption, hidden flaws, or unauthorized data collection.
- Enhanced security: public reviews help identify vulnerabilities quickly.
- Cost reduction: less dependency on private vendors and lower spending on proprietary licenses.
- Flexibility and innovation: public agencies can adapt systems to their needs without relying on external solutions.
Possible challenges:
- Maintenance and updating of complex systems.
- Protecting sensitive data without compromising citizen privacy.
- Political or bureaucratic resistance to opening the code.
Do you think this could be viable in the governments of your countries? How could we start making this a reality globally?
Yes, in the same way all research funded by the public should be open. If you pay for a dataset to be gathered and only one team gets to use it you have wasted money. Make the dataset open, make all the methods open, and it can be used multiple times, increasing the return on investment. In the same way if someone is working on security auditing for something like OpenSSH anyone who uses it benefits. You pay once for the work but get benefit for all who use it.
This also makes standardising easier because of the common tools so you can have cross department access without unnecessary technical barriers. For example, making a standard format for data in a SQL database means you can access multiple datasets and correlate them, allowing the study of important issues with minimal fuss. You can even create standards for accessing this data to make it much safer to use without exposing people’s personal information.
On the flip side you could have Microsoft and other similar companies decide what is worth investing in and just hope their system will work. If there is a security issue you just have to wait for them to patch it assuming they identify it. If they stop supporting something you can’t keep using it with external support because you don’t have the code.
Honestly, it is also a national security risk. Using a vendor from another country means you have someone who can access your data with software you cannot audit who is potentially influenced by the government of another country and you just have to trust them. I cannot understand the use of Windows in military applications. Honestly, asking the fox to guard the hen house. Why would you let the USA have access to your systems with the plausibly deniability of a company like Microsoft in between? Sounds like lazy writing for a military fantasy novel, not modern foreign policy.