Nederlands
English
Category: news
Votingcomputer: the zombie that just won’t die
<originally a Webwereld column>
Last month the VVD and D66 political parties (the Dutch equivalent of the Conservatives and LibDems in the UK) again proposed that the Netherlands should re-adopt electronic voting. Earlier this year the Dutch Association of Mayors also called for their reintroduction (don’t you just love it when non-elected officials comment on and interfere with the electoral process :-). While the use of voting computers in the Netherlands has been banned for over four years, even for water board elections, there remains a fundamental misunderstanding of the basic problem with electronic voting.
While the many clumsy security problems (video) or the absence of the source code of the software (in the case of Nedap and SDU voting computers), are excellent talking points for the media and political agenda, these issues are not the core of the problem. And although the voting computer dossier at the Ministry of Home Affairs is now labelled with a bright fluorescent sticker: ‘radioactive, do not touch!", there is still a risk that local authorities or suppliers will continue to feel that voting by computer is best "if we can just iron out a few little bugs”.
The real objections are more fundamental and have little to do with security bugs or open source code. They are the fundamental principles underpinning our democracy, and are threatened by the use of voting computers. In the many discussions on mailing lists and web forums it seems that people have lost sight of these principles.
In the first year of operations of the wedonttrustvotingcomputers work group, there were many reassurances given by government and suppliers that we should not be so suspicious. The Netherlands is a great country, after all, and the suggestion that anyone would commit fraud with something so fundamental as the election was considered ridiculous. It was simply unthinkable, and further discussion or justification not considered necessary. This attitude demonstrates a fundamental misunderstanding of the essence of democracy. That is not a question of trust but distrust of organised power.
Through trial and error we have learned over the past few thousand years that power corrupts, and absolute power can corrupt absolutely. An enlightened dictator can be an efficient form of government, but how do you ensure they remain enlightened once they have the power? To solve this problem we have evolved a complex system of temporary mandate (four years), with checks and balances as the need arises. You can only gain power if the majority of people have said that they really want you there, and even then you will be closely monitored by 150 other people who are also only be allowed to do so because of the vote of thousands of fellow citizens. The system is far from perfect and is plagued by inertia and a focus on what is hot in the media, but we have yet to invent something better. This system makes it difficult to take important decisions publicly without authorisation. And a king or president cannot simply on a whim ruin the country or violate the fundamental rights of citizens – unless those citizens and their representatives agree to it by inaction, but then they only have themselves to blame.
The abuse of power cannot be solved by online publication of a voting computer’s source code because citizens cannot determine whether the published source code actually runs on the specific voting computers in their neighborhood. Even more important is the fact that 99.99% of the population cannot audit the code. Inevitably, it still comes down to having confidence in a very small group of technical experts. And having to trust a very small group (any small group whatsoever!) is precisely what we no longer want. If we have small groups of technicians whom we trust, we might as well make up the parliament based on a sample of a research firm. That saves a lot of time and paper and there is probably a great evening of TV programs that can be built around it.
It has often been said that paper ballots can also be fraudulent, with elections in places like Zimbabwe cited as examples. The important aspect here is not the possibility of fraud but the possibility of detection when it happens. Large-scale, and therefore effective, fraud in a paper voting system is impossible to keep secret and that makes it possible to intervene when small groups try to exploit the system. In most cases, fraud with voting computers is impossible to prove afterwards. The records are erased and there are no ballot papers available for another recount.
This was proven painfully during a local election where the candidate eldermen was also the operator of the voting computer. In the polling station where he was present he received an unlikely number of votes (higher than all other locations in the municipality combined). Yet the justice department was hard pressed to find actual evidence against this potential fraudster. Nor could the man ever prove his innocence. The result is therefore a situation where the integrity of the process itself is called into question, and thus the legitimacy of the ballot. The distinction is thus the detectability of fraud, not the (im)possibility of it.
Even with electronic voting with a printed ballot (the so-called ‘paper trail‘) there can be doubts about the results, and applications for a recount of a paper trail is also an immediate political issue (against winners, losers). At what point do we initiate a paper recount? Which sample is good enough for the loser? How do we determine that there is reason to doubt the electronic result? Is there a basic assumption that the computer counts accurately? So there are inevitable administrative and political barriers to requesting a recount. This, combined with the fact that polling can provide the perception of a "winning" coalition in the Netherlands, makes it attractive to manipulate voting computers. What is it worth to control the election of the 20th largest economy on the planet?
Despite minor incidents with the paper system, the integrity of the Dutch paper voting process has never been the subject of discussion. And even the Interior Ministry and TNO had to admit, after some urging from external experts, that the previous generation of voting computers was not compatible (nor had it ever been compatible) with the Dutch electoral law.
TNO hid the fact that the validation protocol of the integrity of the system had not been examined. Both the responsible officials and TNO’s "experts" were simply not competent to deal with this issue adequately. The OV-chip, EPD and the Diginotar dramas were repetitions of this incompetence, displaying no understanding, no adequate assessment frameworks, and no substantive oversight. And , of course, nobody is held responsible when things go wrong. After voting machines were banned, no civil servants and TNO employees were sacked for their screw up. Therefore there is very little confidence amongst external experts that future assesments on a different technical ‘Solution’ will be adequate.
We must prevent a situation where the integrity of the electoral process itself can be questioned, and thus the legitimacy of the outcome. The vital distinction is the ability to detect fraud, not the (im)possibility thereof. Voting computers create serious problems, are more expensive that the use of paper, and undermine the legitimacy of democratic governments. And as Churchill said: ‘Democracy is the worst form of government, except for all those other forms that have been tried from time to time.’
(this column is a re-write from a 2008 publication I wrote for a Dutch magazine on digital government – now disapeared after site redesign)
Windows 8 does not have to be a disaster
<originally a Webwereld column – in Dutch – also on HuffPo UK>
Gartner, IT-journalists and even former employees of Microsoft agree: Windows 8 will be a disaster. The Metro interface designed for tablets (a market that virtually does not exist in relation to MS-Windows) is unworkable on a desktop with a vertical non-touch screen, keyboard and mouse. Most office spaces still have this and most run legacy applications with interfaces that rely on a Windows PC using a keyboard and mouse. It is precisely the ongoing purchase of desktop PCs with the combination of MS-Windows and MS Office that has kept Microsoft financially afloat over the last 15 years
The combination of legacy applications (mostly proprietary) and familiarity with MS Office, led many IT organisations to automatically buy the new Windows platform, despite the high cost of licences and support. The inevitable result is a world of pain, with new interfaces, a lack of compatibility and the sudden cessation of support for critical components. IT policy is organised around coping with these problems instead of focusing on sustainable alternative solutions. And solving or mitigating these problems requires so much time and money that there is often little left over to plan further ahead. Thus, in many organisations the perfect vicious circle has existed for so long that many IT people can not even see it.
An important point here is that Windows 8 is only a disaster for those who buy it and those who are unsuccessfully trying to sell it. For the rest of us, it is irrelevant. So if you use a Windows7 PC, Mac or Linux machine, is very easy to just let all this misery pass you by. After a disastrous version of Windows is released, another (slightly less) catastrophic version (think ME/XP or Vista/7) will follow, and for those who still genuinely believe that they need a Microsoft operating system, they merely hope that a half-decent version will come along in a few years.
Organisations that (virtually) no longer have platform-dependent applications because they have (to) provide a web interface, have no reason at all to even think about purchasing proprietary operating systems. Organisations that do use these applications are better just sticking with earlier (already purchased) versions of MS Windows, so that all interfaces remain compatible and end users can continue working in their familiar environment. The IT department’s resulting spare time and money can be used to break the vendor lock between applications and platforms.
Most application vendors are now thinking about web interfaces, or APIs for tablet apps (even if it is just to keep company directors happily playing with their iPads). Application vendors who are not yet doing this should understand that in times of tough cuts IT euros can only be spent once, either with them or with Microsoft. Seems an easy choice, right? Fortunately, even company-specific applications do not last forever and when the time comes where there is something new to choose from it is useful to calculate the TCO of applications by including the underlying infrastructure costs (licences, management, security), and compare this to the TCO of applications that do not have such dependencies. Conversely, you can also say to your hoster: “I do not care what platform you run my applications on, but what would I have to pay you if it is an open source stack?”. A little negotiation is always possible in a stagnant market.
As with Vista, the main victims of Microsoft’s iPad-wannabe software are the basic PC consumers – those who buy a PC or laptop from a retailer and get a machine with a pre-installed disaster. In the coming years many IT professionals will have to deal with family, friends and acquaintances crying down the phone because they cannot find or use their favorite or essential PC applications. It will be Vista revisited. Do your friends a favour and downgrade them to Win7 if needed or upgrade them to Ubuntu if possible. The main reason why home users still want Windows is for gaming. Fortunately, people have worked hard on alternatives, including by previously mentioned former employees.
Although I dislike the iPad because of its extremely locked-down platform, tablets (with the first iPad) have presented to non-techies, for the first time in 20 years, a completely different platform to the Windows PC. So for the first time in aeons there is a widespread discussion about possible alternatives. Once we take that mental step, we open the way to discuss IT policy that really starts with the question of how best functionality is achieved at the lowest possible cost (which may also lead to discussing the underlying platform).
If Microsoft’s profit margins on the Windows/Office combo are cut back to 20% (it is currently 60-80%) the TCO figures will be more reasonable. Like IBM, over the years Microsoft will become an ordinary business providing rather boring-but-sometimes-necessary products at more normal profit margins. And that, except for the shareholders, is not a disaster.
Update: in the week after publishing this column a few dozen Dutch governments organisations promptly made my point with the total loss of network functionality from a nasty Windows virus. The infection is still going on and the dataloss and privacy implications of the breach is still being investigated. many sysadmins have been working overtime to contain the problem. Of course there will be another one of these six months from now and so on and so on. This has been going on for years.
The Declaration of Independence of Internet
(Orginal from 1776 here. Orginal from 1581 that is the inspiration for the original from 1776 here)
hen in the Course of human events it becomes necessary for people to dissolve the commercial, legal and moral bands which have connected them with an industry and to assume among the powers of the earth, the separate and equal station to which their most fundamental principles entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.
We hold these truths to be self-evident, that all lives are enriched by the sharing of culture, that citizens are endowed by their democracies with certain unalienable rights, that among these are knowledge, true ownership of their property and the sharing of culture. That to secure these rights, laws are instituted among the people, deriving their just powers from the consent of the governed. That whenever any of these laws become destructive of these ends, it is the right of the people to alter or to abolish them, and to institute new laws, laying their foundations on such principles and organizing their powers in such form, as to them shall seem most likely to effect their safety and happiness.
Prudence, indeed, will dictate that laws long established should not be changed for light and transient causes; and accordingly all experience hath shewn that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same object, evinces a design to reduce them under absolute despotism, it is their right, it is their duty, to throw off such laws, and to provide new guards for their future cultural wealth. Such has been the patient sufferance of the people of the Internet; and such is now the necessity which constrains them to alter their former systems of cultural distribution. The history of the present copyright industry is a history of repeated injuries and usurpations, all having in direct object the establishment of an absolute tyranny over the culture of the people of Earth. These are just some of the effects of the lobbying of the copyright-industry:
The destruction of our cultural heritage by forced obliteration and decay, by forbidding or hindering the reduplication and sometimes even the restoration of cultural artifacts. – The destruction of our future, by frustrating education and the sharing of knowledge, thereby condemning many to lower life standards than they could otherwise achieve, especially in developing countries. – The destruction of the creative process, by legally forcing artists and authors to steer clear of any sources of inspiration, and punishing them for accidental similarities and citations. – The destruction of free access to key, contentious pieces of political information by preventing maximum distribution of this information. – The destruction of human and natural resources, by forcing the re-creation of works that would be perfectly usable with some minor rework, but not allowing such re-use. – The destruction of social and economic order, by allowing the control of much of our heritage to end up in just a few hands. Leading to a society where a few have a lot, and a lot have little. – The destruction of innocent lives by transporting citizens of other nations beyond Seas to be tried for offences that are not even offences in their home nations …
In every stage of these oppressions we have petitioned for redress in the most humble terms: Our repeated petitions have been answered only by repeated injury. Corporations, whose character is thus marked by every act which may define tyrants, are unfit to be conduit of culture for a free people. Nor have we been wanting in attentions to our corporate cultural overlords. We have warned them from time to time of attempts by their lobbying to extend an unwarrantable jurisdiction over us. We have reminded them of the limits of our patience and the growing existence of alternatives to their wares. The most recent efforts of the copyright industry to circumvent our most fundamental democratic institutions leaves us no choice but to defend our culture by taking it out of the hands of these corporations.
We, therefore, the Pirates of the World, do, in the name, and by authority of the good people of the Internet, solemnly publish and declare, that we are free and united, and no longer recognize the legal or moral validity of the copyright claims of aforementioned corporations, that we are absolved from all legal and moral allegiance to these corporations, and that all connections between the people of the Internet and the copyright industry is and ought to be totally dissolved; and that as free and Independent people, we have full power to download, distribute, remix, broadcast, perform and to do all other acts and things which Independent people may of right do. And for the support of this declaration, with a firm reliance on strong cryptological protection, we mutually pledge to each other our lives, our fortunes, and our sacred bandwidth
printable version for those ink-based-real-life signing parties here
IT and government, what to do?
<originally a Webwereld column in Dutch>
Friday a week ago I, along with other "experts", attended a Parliamentary Working Group to answer questions about government IT projects. This was a Parliamentary group of MPs investigating the many IT failures of the government. After the summer (and the sept 12th elections), the investigation should begin with a sharp set of research questions. The invited experts were there to help formulate the right questions.
Here are my blog links to some of the available online advice written by the working group and the video stream (all in Dutch). It was striking how unanimous was the message presented by all the IT experts, given the variety of backgrounds.
Like other columnists and opinion writers, I also emphasised the failings of government and egregious damage to national security, privacy and general public funds. From available data, in terms of the government, the cost to the Dutch has moved from millions to billions of euros annually.
With such a government it is like shooting fish in a barrel for columnists. Therefore it was refreshing on this occasion to make a more constructive contribution. Although it was a pity that such meetings do not occur more frequently and are not better attended by the officials and suppliers who are responsible for all these projects. As 6 billion euros pour down the drain every year (and that is only the out-of-pocket costs – the social impact may be much higher) it might be a good idea to hold consultations more often. While I doubt that the gathering last week has any ready-made solutions for all the problems, I think there is a reasonable degree of consensus about their root causes:
1. Wrong incentives for both government and suppliers; who actually has an interest in completing projects within the agreed time frame and under budget? Nobody. Not the supplier, who could just add many more billable hours, and therefore finds added complexity much more lucrative. Not the responsible bureaucrats, because when a project runs they have a job and a growing staff to do things – the larger your group, the more important you are. And because projects quickly become a political matter, and then a 1000% overspend becomes perfectly acceptable in order to save the neck of some senior official. There are never any penalties for any of the involved parties, no matter what the scale and comsequences of the failures. The same officials continue to hire the same 10 major suppliers.
2. Too little substantive knowledge; allows suppliers to drive the process; because most government departments lack the expertise they allow suppliers to drive virtually all substantive activities. This allows vendors to interfere in advisory roles about the the delivery of products and the implementation of services. This is very profitable for the suppliers, but not so great for the cost or technology choices that are supposed to work in the interest of the government and the citizens.
3. Total lack of oversight and transparency; there is so little transparency that the government does not know what it has, what it buys and how much it costs. Previous attempts by Parliament to get an insight into all this failed. The consequence is that most so-called "business cases" are mostly hot air. If it is impossible to assess what something currently costs and the expense of replacing it, we are sailing blind. Probably on the ‘advice’ of the vendors mentioned in Point 1.
4. Dangerously naive attitude to security risks; the recent incidents involving SCADA systems and many, many other broken online government services show that the security risks are not incidental but structural in nature. Add Stuxnet to the mix, and it is clear that public systems can be easily manipulated. The social consequences of a targeted attack are difficult to predict, and the government has no contingency plan whatsoever. It is not even clear who is responsible for picking up the pieces when certain services fail.
5. There is no discernable ambition to rectify any of the above points; the government remains quite content to define them as an immutable law of nature or fate and therefore outside its ability to influence.
That all sounds terrible. The question remains – is there anything we can do? Yes we. Because if you have read this, you will probably be concerned about government, your hospital that you might need some day, the school where your children go, the pumping station that keeps your feet dry.
The solution starts with recognizing the five points above. It is not good enough to dismiss the scale of the problem with statements like "but it is not always wrong …". A car which sometimes does not explode is not good enough. After recognising the problem, there must be a real will to improve (perhaps spurred on by a penalty imposed by Parliament). The government must have the ambition to seriously revise its traditional modus operandi. In addition, there must be the will to have a real, effective government, not some call centre for a corporation. The government is not a business, so it should stop pretending. This goal should be the visible core of all subsequent behaviour. Greater transparency will sharply expose any lack of expertise and the wrong incentives; as a result targeted action can be taken. Transparency also makes it much easier for other experts to advise government (for example about that naïve attitude to security).
How large, complex and important all these questions may seem to be. Yet the more important questions were asked last month by Professor Eben Moglen in a masterly speech in Berlin: "Why Freedom of Thought Requires Free Media and Why Free Media Requires Free Technology". Under the speech there are now discussions that ‘I Have a Dream‘ meets ‘Band of Brothers‘ (a vision combined with a call to action). That is how this speech should look to anyone involved in IT, and triply so to bureaucrats. I hope that our MPs can also spare an hour to watch it this summer. To waste 6 billion Euros a year is bad, but to throw away the hard-won freedoms of the past 1000 years – that’s really bad.
Parliamentary hearing on IT-projects, security & privacy
On June 1st 2012 the Dutch government’s Parliamentary working group on government IT-projects held a hearing of experts. My written contribution below. Capture of videostream… (in Dutch). Dutch journalist Brenno de Winter published his thoughts here. Column on this published the week after here.
Introduction – IT and the Dutch national government
Universality is an assumption of astrophysics that states that all phenomena, everywhere, behave as we observe them from Earth. I’m assuming that phenomena I have observed in specific government IT projects also occur in government IT projects that I have less infromation about (this is usually caused by the poor implementation of Freedom Of Information Acts, see the notes of Mr de Winter).
IT project management is currently based on a rather naive model of reality – "smart entrepreneurs compete on a level playing field for the favours of the government, which then procures with insight and vision." However, this model does not adequately predict the observed outcome of the projects. Whence this group.
Another model would be "a corrupt swamp with the wrong incentives, populated by sharks and incompetent clowns". This model has the advantage of perfectly predicting the observed outcomes.
The price of outsourcing everything
No vision, no vigour, no knowledge, and especially no ambition to do anything to improve on any of these. This is the overarching theme of all government IT projects I have experienced both on the inside and externally. And I believe is the fundamental cause of the vast majority of practical problems the group wishes to understand.
From Knowledgenet to the National EHR, the Whale project, voting computers, the public transport card, and the failed attempt to break the monopoly of large software vendors – NOiV … the knee-jerk response remains the same: to reduce a social problem to a technical project that can then be quickly outsourced to IT suppliers and/or advisors. The societal aspects are quickly lost once the train of political promises, commercial interests and project logic leaves the station and becomes unstoppable. Even the parliamentary group on IT projects aims to outsource part of its work to an external company. The chances are that the selected external company will already have as its main selling-point an umbrella contract with the national government. Probably this company will already have been advisors on one or more of the projects that may be under investigation.
In my experience as an advisor of a large government project (from the list of projects provided by the work group), I had to advise another consultant on how to hire yet other outside consultants to perform a security audit. The argument that the government has difficulty in hiring and retaining specialised expertise may be true in specific cases, but in reality, most of the hired ”IT workers” have no specialist expertise. Often they are generalists and/or project managers without much substantive technical knowledge. The inability of government to attract competent personnel should be seen as a problem that needs to be solved and not as an immutable law of nature. If we truly want something to change, we really need to be willing to change anything/everything.
Focus of the research proposal: look at the forest, not at the trees
By focusing on individual projects it is likely that the working group will only look at operational issues within these projects. The broader, underlying causes remain hidden, yet that is precisely where many failures begin. Moreover, it is especially important to look at such overarching issues as potential factors in future projects.
If anything has become clear since the Diginotar case, it is the total lack of accountability or sanctions subsequent to the failure of both executive and supervisory organisations and officials. Suppliers and officials who have endangered the security of citizens and the functioning of the state have largely remained in position, free to repeat their mistakes in a few more years. Evaluation, in this context, is therefore only useful if lessons learned from them can be used to prevent a repetition of similar birth defects in new projects in the future.
Analyse context: causes and societal consequences of failure
When the EHR project was cancelled by the Senate, there was great indignation about the "wasted" 300 million Euros that had been spent. In my view, the 300 million is not the issue we should be focusing on. If the figures used by the Health Ministry and Nictiz concerning the need for the EHR system were correct, the real costs of the failure of the EHR system over the past 12 years are more than 20,000 lives and 16 billion Euros.
Therefore the real question is why Nictiz on the one hand did not have either the budget or the required mandate to deal with the problem, and on the other hand why this national disaster was not the most important issue for the Health Ministry to address. Why did the leadership of the Ministry not have its hand on the wheel, with weekly reports to the Cabinet and parliament?
If the publicly-stated figures are incorrect, Parliament has been misinformed for more than 12 years and the project should never have been started. Either way, something went very wrong and it had very little to do with the technical aspects of the project (although there was enough to criticise there as well).
The above example is just one of many cases where the formal administrative motivation for a project and subsequently allocated funds and mandates bear no logical relationship.
Also the projects concerning the introduction of voting computers and the public transport card, had logical holes of Alice-in-Wonderland-like proportions. A very high level of public transparency about new projects here would probably have enabled citizens to provide both solicited and unsolicited assistance to the government in finding these holes.
It would also help to restore some confidence amongst citizens, whose faith has been repeatedly dented. On the one hand the government uses its own incompetence as an excuse for failure, while on the other hand two weeks later it will ask its citizens to rely on its ability to finish a new megalomaniac techno-fix for a complex social issue. The current deep lack of credibility ultimately becomes a question of legitimacy.
Selection criteria for examining IT projects:
- Extent to which the original official motivations and assumptions were not investigated or found not to be substantiated. What was the problem? How would the proposed IT project fix this? Why was the gap between policy and reality not foreseen?
- Social costs of not solving a problem (by the failure of the project); these are often multiples of the cost of the IT project itself.
- Damage to citizens and their rights because of the failure of project or because of incorrect technical and organisational choices made during implementation.
IT projects the working group hould include in the investigation:
- The EHR
- The public transport card
- The NOiV & the NCA investigation into the failure of this policy.
- GOLD / DWR – introduction of the ‘standardised’ workplace for the national government between 2004 and today.
Doublethink, Waiting for the Big One, Doctor doctor, Asbestos, Gran knows why, (my columns)
My Court of Audit questions for investigation into national openstandards and opensource policy 2010
Prof. Eben Moglen explains the big societal picture (45 min speech) – must watch!
Doublethink and Zen
<originally a Dutch Webwereld column>
Doublethink is a concept that was introduced by George Orwell in his famous novel ‘1984 ‘. It is a mental mechanism that allows people to believe sincerely and simultaneously two completely opposing ideas without a problem.
In the ten years that I have been involved with open source and open standards in the Dutch public sector, I have encountered many double thinkers. So for years I have endured “experts” and insiders patiently explaining that the migration to open source desktops within that community would be impossible, because civil servants could not work with other platforms. Asking non-techies to use anything but the Windows + Office desktop they were taught at Dutch schools would lead to disaster. It Just Could Not Happen.
The certainty with which this (to this day) is mouthed as an aphorism everywhere has always amazed me. Previously, the Netherlands had migrated from WP5.2 in DOS to Windows Word 6, yet the Earth kept turning, children went to school and there was water from the tap.
Multiple migrations, mostly outside the Netherlands, have also demonstrated that ordinary users can do their work well with alternative platforms, provided they are given some training and support (something, indeed, that is perfectly normal when migrating to new releases of the usual proprietary systems).
The same people who for years have claimed with great certainty that "It Just Could Not Happen” have been busily rolling out iPads to the many managers and directors, who for many and varied reasons discover they need one. Apparently the adoption of an entirely different platform with a totally different interface is not as problematic as was asserted for all those years. Huh?
The classic “civil service desktop” tribe, led by IT heads of ministries and municipalities and supported by Microsoft, Pinkroccade and Centric, have had many happy years of “standardising” the Netherlands on proprietary tools, the management of which would then be done by the Dutch business partners of Microsoft. When asked why such a vulnerable and expensive monoculture was necessary, the standard reply is "working together!". For “working together”, according to these people, can only occur if everyone works with exactly the same stuff (never mind that millions of people on the internet are working together with very different tools). And that stuff should be consistent with what people already know, because learning something new is ultimately ‘not realistic’.
The Web 2.0 tribe wants everything on "the cloud" so that with iPads they can “work together” from Starbucks with colleagues and consumer-citizens-entrepreneurs. That this places control of state information in the hands of uncontrolled private and foreign parties is not part of the discussion. "We must work with the most modern tools!" When asked what they do in concrete terms, the answer is almost always shifty or there is some muttering about experiments and the importance of “working together”.
Both of the above tribes mix at “e-government” conferences and other such events and hear both perspectives, one after the other, with nobody apparently perceiving these contradictions. It is Doublethink in its ultimate form: simultaneously believing two contradictory ideas without experiencing a conflict: from 11:00 to 11:30 they can believe that a Microsoft monoculture is a necessary requirement for civil servants to “work together”, and then from 13:30 until 14:00 just as happily accept that all hip 2.0 workers, with their privately-bought iPads authorised via LinkedIn, must have access to the State-intranet so that they are finally able to “work together” with other officials. And nobody is pointing to the naked emperor and saying that at least ONE of these two stories has to be nonsense (and probably both).
Despite all this focus on collaboration between government organizations are regularly at odds, working against each other, re-inventing wheels 300 times, or point to each other when things go wrong. Even Caligula or G W Bush could still learn a thing or two from such levels of surrealism.
Proprietary vs. open source in government is just ONE of the examples where sly salesmen from dubious companies appear to be much more attractive than people with demonstrated expertise. Also in the cases of Electronic Health Records, voting computers, the public transport chip card and the security of its own systems, the government actively chose lying, cheating vendors and/or incompetent bureaucrats over its own citizens and academics with a proven expertise.
After last year’s ‘Leaktober month’ and the Diginotar drama, it appeared that some light might finally break in, but now it is clear that one deals with problems by treating them as an immutable fact of reality. With the logic of “as it is now, so shall it remain”, the years-long impetus towards greater vendor independence and diversity of systems ground to a halt. Now the same logic is used as an excuse to defend failure everywhere. It’s a bit like claiming to achieve fire safety by shouting that not every building is on fire, and anyway the fire engines can drive with 130km/hr away – "We react so quickly!". Prevention is seen as difficult and, moreover, "as it is now, so shall it remain – you will never be safe."
Despite this latest capitulation to foreign intelligence services and criminals, yet more megalomaniac IT projects are underway. Citizens continue to entrust the government with all their personal information, despite the fact that the government itself admits to being unable to protect them adequately. When working on such projects, you’d need to remain in a permanent state of Doublethink to avoid a serious moral dilemma.
Once the Netherlands had a government that built the Delta Works to keep the sea out and ensured that the country was ranked in the global top 2 or 3 in the fields of health, education, social security, security, democracy and transparency of governance. Only Sweden and Denmark sometimes did better.
Today feels like the Dutch government is abolishing itself. It knows nothing, wants nothing, does nothing. Perhaps we the citizens should do the same. Give them nothing, ask for nothing, expect nothing. The Zen of the citizen-government relationship. Happiness is low expectations!
Cybercrime; prevention vs. repression
<originally a Dutch Webwereld.nl column>
Cybercrime and cyber-warfare are currently the trendy terms the government throws around to acquire additional laws and powers. If it can also link cybercrime to the distribution of images of child abuse (also known as child pornography), the government has hit political pay dirt and can do pretty much what it wants. What continues to puzzle me is how all this focus on the distribution of such images actually protects the child victims themselves.
Bart Schremer published his opinion piece recently, providing an overview of the issues that law enforcement agencies are facing. On the one hand society (or at least the media) expects law enforcement to solved all crime immediately, preferably on a modest budget. On the other hand most Dutch people would still prefer to avoid a police state along the lines of the North Korean or American model.
But in all discussions on permissible methods of detection, hacking police officers and crime-fight-using politicians is missing, is why cybercrime has grown so enormously. The fact that our reliance on IT is increasingly complex will certainly have contributed. But one other important factor is the huge digital illiteracy among the vast majority of citizens. Aside from some half-hearted campaigns, the government has done little to teach citizens anything of real use or value.
If you have been online for a while (ie more than 15 years), it is difficult to imagine that many Internet users today do not know how a URL is constructed or what is does – and with today’s browsers you don’t need to know. I often see people typing the name of a site into Google (which is set as the homepage) and then clicking on it. And so, without batting an eye, they click their bank details through to helpdesk.br.ru/ING, or something similar. Just because the logo was in the mail, is it still the help desk of the ING bank? If people could understand the difference between a top level domain and the rest of the URL, they could probably work out for themselves if the ING bank is really based in Russia.
One of the main causes of the proliferation of cybercrime is the profound ignorance of most computer users. This ignorance is partly caused by an education system that teaches handy computer tricks rather than real understanding. The "computer licence" is simply a course in MS Windows & MS-Office and provides no insight whatsoever into what a computer actually does or how networks function. Not that everyone needs to be a system programmer, but ensuring a bare minimum of understanding (such as the ‘reading’ a URL) could avoid so much pain.
In addition, the vast mono-culture of computer systems is a major problem that the government is actively propagating. Thus, in the Netherlands, it is virtually impossible to finish high school without access to a system with MS-Windows and MS Office. Running a school and getting it funded is even harder. Studying at many universities without a Google account is rapidly becoming impossible, and a Facebook account is required to function in other institutions
The Lower House listening to the arguments, noted in 2002 that “software playes a crucial role in the knowledge society, and that the supply side of the software market at that time is highly monopolised.” It asked the government to fix this
These are the first sentences of the 2002 Vendrik Paralimentary Motion on the dysfunctional desktop software market. But this malfunctioning market aspect was soon forgotten in many discussions about various open standards and what open source web-system really is the best. But it did focus so primarily to a disturbance of the software market, not the internal management of secondary schools, municipalities and other public sector agencies
A lot of hot air is wasted discussing nebulous cloud systems, but interaction with these clouds still occurs primarily via desktop/laptop systems. And the market for these systems remains almost as monopolised as in 2002. Whoever has control over these desktops, has de facto control over most information processing in the Netherlands. To date mostly criminals seem to be interested in our desktops. And because the desktop landscape of the Netherlands is an extreme software mono-culture, and this makes us vulnerable, and yet for the last ten years the government has done virtually nothing to reduce this vulnerability
Meanwhile the role of IT in the minute-by-minute functioning of our society has greatly increased in recent years. What about hospitals, ports, airports, schools, police stations, and ambulance dispatchers? All of them can only function with working desktop PCs. And those PCs are often running Windows without the latest updates. Criminals or foreign cyber armies can take over these systems, gain a stranglehold on our society and unlike rumbeling tanks we would only figure this out after it was already done (or even much later than that).
If cybercrime and even cyber-warfare were really so vitally important, it would be logical for the government to institute a computer education that really teaches, to dismantle of our software mono-culture, and reduce our high dependency on foreign service-providers. Real advances in these areas would make so much more sense than abrogating yet more power to a government that displays ever more totalitarian tendencies and, at the same time, highly questionable competence.
Update, while writing this column a criminal (presumed to be from Russia) made my point by infecting 100.000 computers via a java vulnerability and a hack of the Dutch news website nu.nl around lunchtime. All infected computers ran MS-Windows. More details in the post-mortum rapport of Fox-IT.