The European Union should finance initiatives that increase security and privacy of open source solutions, and set up certification schemes for essential open source tools, IT security experts recommend in two studies written for the European Parliament. They argue for EU funding of key open source tools and for the financing of bug hunts, to find and fix security issues in open source tools.
The EU should also fund or participate in the development of open source software end-to-end encryption solutions, to make these easier to use, the IT security experts write in a study for the European Parliament’s committee on Civil Liberties, Justice and Home Affairs (LIBE). Using open source is not a universal remedy, they state, but it is an “important ingredient in an EU strategy for more security and technological independence.”
The experts say support for open source will increase the EU’s technological independence.
Their study will be discussed this week Thursday in a committee meeting at the EP in Brussels.
A second study for this committee meeting argues that the use of open source computer operating systems and applications reduces the risk of privacy intrusion by mass surveillance. Open source software is not error free, or less prone to errors than proprietary software, the experts write. But proprietary software does not allow constant inspection and scrutiny by a large community of experts.
As a policy option for controlling mass surveillance, the experts write, “The EU should invest in resilient open source implementations of different encryption specifications that can be verified and validated for correctness.”
Livestream of the EP’s LIBE committee meeting
LIBE report on Mass Surveillance (part 2, Techology Foresight) (PDF)
LIBE report on Mass Surveillance (part 1, Risks, Opportunities and Mitigation Strategies) (PDF)