The other IT from another Europe

Also on Consortium News and Huffington Post

Over the last 10-15 years public IT in Europe has not developed in line with public interests, nor does it guarantee the fundamental rights of citizens such as privacy and freedom of expression. Tremendous opportunities in the field of economic development and employment have also been missed. Europe effectively outsources much of its information processing (software & services) to foreign parties at the direct cost of hundreds of billions of Euros (typically around 1% of GNP). The opportunity-cost to local economic growth and employment opportunities are much greater than that. Even more costly than either of these is the de-facto handing over of control of data of governments, businesses and individual citizens to foreign spies who use it for political manipulation, repression of citizens' freedoms and industrial espionage. Although the warnings about the negative consequences of current policies date back at least 15 years, these aspects have been documented in irrefutable detail over the last year by the revelations of Edward Snowden. 12 months later there has not even been the beginning of a policy response.

It could all have been so different ...

In the first 21 months of the 21st century, the dot-com bubble burst and then three skyscrapers in New York collapsed. Between these two events a largely forgotten report to the European Parliament appeared in the summer of 2001. This report described the scale and impact of electronic espionage in Europe by the U.S. and its 'Echelon' partners (Canada, UK, Australia and New Zealand). Besides a detailed problem analysis, the report also gave concrete examples of IT policies that governments could take to significantly limit foreign intelligence spying on Europe.

In the same period was U.S. government won one of the largest anti-trust cases its history, against Microsoft, and the EU followed this victory by launching a similar case that would also be won leading to the highest fine to a company for economic crimes in the history of the EU.

It was against this background that thinking about strategic versus operational aspects of IT in the public sector changed. The report on Echelon made it clear that reducing IT into a merely operational exercise had disastrous consequences on the sovereignty of European states with respect to, in particular, the United States (and perhaps in the near future, China, other technically capable countries or non-state organizations). The economic consequences of industrial espionage against many high-tech and R&D-intensive companies became a major concern for the government.

The IT policy of governments would from 2002 onwards be based first on the political principles of a democratic and sovereign state. This not only meant a very different policy in the field of technology selection and procurement, but also the balance between outsourcing versus in-house expertise and required an extreme degree of transparency from all suppliers. Open data standards for public information were required, and non-compliance resulted in severe penalties (although public ridicule from 2009 onward was generally the most effective). These new frameworks for public IT created a new market for service providers who based solutions on so-called 'Free Software' (previously better known as 'opensource'). The high degree of transparency both in project implementation as the technology itself made for a well functioning market and made recycling of (parts-of) systems the norm. Spending on software fell sharply and the freed up budget was used for the recruitment of highly qualified IT workers under conditions that could compete with the offerings of market.

The full transparency with respect to both the IT projects and the tech itself, combined with a depth of expertise within the government, changed the market for public software and IT services. Quality rose steadily while prices remained permanently under pressure. Since all service providers had full access to all software used in government (with only a few exceptions in defense, justice and home affairs), there was a very open playing field where all providers were expendable (and those who performed below par were replaced regularly).

In addition, computer and IT education from kindergarten to university studies was fundamentally revised. Basic understanding of the operation of computers and information networks became as normal as reading and writing. From 2006 every 14 year-old was taught in school how to encrypt email and what the disadvantages were of using software whose source codes are not published. Through this awareness among young people in Europe the adoption of social media occurred very differently than in the U.S.. Young people not only had end-user skills but real understanding about what was happening to their information when sending a message or upload a photo to websites. Being careful with your private information was considered cool. The social media landscape was not dominated by a handful of U.S. companies, instead there was a landscape of federated services such as Diaspora who competed among themselves but were compatible in the same way as is the case with email. These services were sometimes somewhat centralized but, just as often, completely decentralized and run on micro-servers in many people's homes (such as the UK-invented 35 Euro RaspberryPi).

Due to the high privacy and safety awareness online crime did not have much grip on most European countries. Hardly anyone was naive enough to log on to strange domains or websites in response to a fake email that appears to come from their bank. And the use of customized secure USB drives created by various banks was accepted as obvious for any major online financial transactions. At the level of organisations high levels of expertise and a high degree of diversity in technology implementations made for robust security that was only seldom breached. The large demand for experts in well-paid jobs also kept many would-be criminals from selling their skills for more destructive applications.

This is the IT that Europe could have had if other choices were made over the last 12 years. All the knowledge and technology for these choices were available in the first months of this century. Because these choices were not made Europe has spent hundreds of billions on software licenses and services from American companies, while there were cheaper (often free), more flexible and safer alternatives available that would not operate as a foreign espionage platform. All these hundreds of billions were not not invested in European service, training, education and R&D. The economic impact may be a multiple of the roughly $1 trillion in foreign software licenses spent by Europe this century, while the social cost resulting from manipulated politicians during transatlantic negotiations on trade or environmental matters will probably never be known.

Europe still has everything it needs to develop and implement such policies. It is not too late to turn, no matter how regrettable the policy failures of the last decade and no matter how many wasted billions. Today could be the first day of such a new course. Concrete examples in the Netherlands, Germany, France, Spain the UK and many other places show that this is not only possible, but almost immediately leads to huge savings, improved safety and independence from foreign parties in future IT choices.

It's not often that regaining national sovereignty and the restoration of civil rights can spur national innovation and employment programs simultaneously. The only thing missing is the political will to stop rewarding businesses and governments that use their technological dominance to spy on the entire world. We have nothing to lose but our chains to the NSA.