Why open source?

WHAT IS OPEN SOURCE SOFTWARE?

Open source means that the license to the software is open. There are a few requirements for something to be considered open source:

1. Anyone can copy the code and modify it to suit their needs.
2. There is no central company capitalizing on the code.
3. Anyone can modify the code in any way.

Paid software could be compared to cars: imagine if the cars were welded shut so that you couldn't open the hood, the only thing you could do is normal maintenance: refuel and fill up with oil (from a hatch then). To fix anything else, the company that made the car has to do it. No one else is allowed to open the car and observe the engine.

Open source can be compared to cars anyone can open up and tinker with and make spare parts for.

WHAT IS OPEN HARDWARE?

Open software and open hardware are different things. Open hardware means that we can guarantee that no spy chip has been put in, which we know has been done by both China and the US (Does Your Motherboard Have a Secret Chinese Spy Chip?, 2018) With open hardware, everything is documented about what the architecture of the computer looks like, we have full access to information about what is what and what parts are to be included in the hardware. If a chip turns out to have some extra component beyond what is documented, nothing should happen if you remove it.

EXAMPLES OF OPEN SOURCE

Zoom has become a trend even though the open source alternative Jitsi works just as well. Not only is Jitsi free, but you can set up your own server if you don't want to use someone else's. This means that the government could have its own servers for video meetings in a security room only accessible to authorised people, such as electricians, and other workers who may be needed, instead of needing Zoom or Skype for Business.

Another example is Linux. Windows could easily be replaced with Linux variants that are similar to Windows in how you find programs, navigate and do things. Most often, public sector computing is used only for documentation and web browsers - two things that are included in Linux.

For the office package, there are also good alternatives. One example is LibreOffice, which does the same thing as Microsoft Office, but at no cost.

WHY ISN'T OPEN SOURCE SOFTWARE USED?

The main reasons why so few people choose open source software is because many organisations and individuals are used to various pay-per-use programs, and because pay-per-use programs are the only thing we become aware of through advertising.

Another reason is that companies like Microsoft have a lot of lobbying power. Brazil's public sector was supposed to use open source to avoid the costs of proprietary Microsoft options - this was not the case, Microsoft fought back. (Kingstone, 2005)

1. Unnecessary costs with payment programs
The Windows operating system alone costs public institutions more than 1000 SEK extra per computer. In addition, it costs extra to have Microsoft Office. The cost of software for municipalities is over 700 million, 80% of which is for Microsoft products.

2. Security risks with paid software
It is not safe to put all your trust in the security of software if a single company is responsible for it and the company hides its source code.

Zoom, for example, has been busted for "accidentally" sending all its meeting information through a Chinese server. We know that this was seen and captured by the Chinese government. According to Zoom's owner, it was a bug or error in the code, but we can't know if that's true. (Wood, 2020)

Windows may have a backdoor. If you read their "User Agreement" it says they can take pictures and turn on the computer's microphone at any time without it telling them. It may also look at your activity and documents to "display relevant advertising", imagine if a backdoor in Windows is found by the wrong person and it is used without being detected, then all the information on the state's computers running Windows is at risk.

A few years ago a backdoor was found in Intel's processor, allowing anyone to get into any computer and get information contained in it. Intel knew about the problem for about 10 years but did nothing about it because they didn't think anyone would find it. It took Microsoft a week to fix the security problem before they could update the drivers to make it secure, for Linux it took a day! Why the difference?

Linux is run by a variety of people who all work together, they have several hundred volunteer developers and got some extra help from volunteers if some didn't have time. They are open source so several programmers were able to look in the Linux code about how to fix the security risk. Something similar happened again not long ago (Intel x86 Root of Trust: loss of trust, 2020). Last year there was another similar security breach (Constantin, 2019).

Why is open source more secure?

A common misconception is that code that is hidden is harder to hack and therefore more secure. But this is not true. The criminals who want to access a code to find flaws will access the code in other ways, and then it happens on the black market instead. Also, a secure code uses one-way encryption and SHA, so called hash algorithms which means that even if you see the code as responsible for security, you can't automatically crack it if it is secure without backdoors.

The main reason why open source code is more secure is that code that is hidden cannot be debugged and tested by a community of users and therefore more often contains backdoors and security risks.

Enthusiasts who see security as a challenge often find flaws and notify the company/"owner" directly, even in open source. One example is where people have found flaws in Apple products but instead of fixing them, Apple sued the people who found the security flaws, precisely because it required "reverse engineering" as well as digging up code that is forbidden by the user to look at.