COVID19-Tracing/-Tracking App in Singapore under GPL-3.0
Sebastian Silva
sebastian at fuentelibre.org
Sat Apr 11 03:09:06 UTC 2020
Thanks for sharing!
I just passed it on to a government mailing list in my country (Peru).
I did a quick search and found an article by the Singaporean government
explaining their logic, which I shared also.
<https://www.tech.gov.sg/media/technews/six-things-about-opentrace>
Hope it helps!
Regards,
Sebastian
El vie, 10 de abr de 2020 a las 15:52, Paul Boddie <paul at boddie.org.uk>
escribió:
> On Friday 10. April 2020 12.00.34 Jan Wey. wrote:
>> I was made aware of this just 5 minutes ago. Sorry, if this was
>> already
>> mentioned on this ML in the past few days.
>>
>> Singapore decided to release their Tracing-App under GPL-3.0 [0],
>> which
>> obviously would establish better trust and would benefit other
>> countries
>> and regions as well, as the software (or parts of it) could be
>> re-used,
>> being in line with PMPC[1] as well as the FSFE's call to release any
>> COVID19 Tracking App under a Free Software License.
>
> [...]
>
>> [0] <https://github.com/opentrace-community>
>> [1] <https://publiccode.eu/>
>> [2] <https://fsfe.org/news/2020/news-20200402-02.html>
>
> This is interesting to hear about! Reading the Norwegian news
> recently, it
> would appear that the "app" being developed for this country's public
> health
> agency will not be Free Software. Here's a reasonable Norwegian
> language entry
> point to the news coverage:
>
> <https://www.nrk.no/norge/fhi-appen-smittestopp-gjennomgas-na-av-sikkerhetseksperter-1.14977918>
>
> The justification for this is fairly weak:
>
> <https://www.simula.no/news/digital-smittesporing-apen-kildekode>
>
> One reason given is that making the source code available helps
> people with
> "hostile intent" to do bad things. Obviously, one can also argue that
> making
> the code available allows people with helpful intent to remedy the
> bad things
> that may be in the software, these being there through accident,
> questionable
> judgement or even malicious intent.
>
> To justify their position, the case of the Heartbleed vulnerability is
> mentioned, with it being stated that the bug that caused it lingered
> for two
> years in Free Software without the anticipated scrutiny being brought
> to bear.
> Certainly, those who pitch "open source" largely as an efficiency or
> economic
> tool (the ones who talk about bugs and eyeballs) don't do the Free
> Software
> movement many favours by reducing the spectrum of benefits down to a
> single
> easy-to-sell metric of success.
>
> But as we know, the real reason for things like Heartbleed occurring
> is the
> chronic underinvestment in Free Software by companies making colossal
> amounts
> of money using Free Software. These companies are happy to see "open
> source"
> in broad use, but they are not prepared to adequately invest in the
> maintenance and further development of the software. When the auditing
> audience is burned-out volunteers and bad guys, the situation is
> obviously not
> favourable to those wanting to see high reliability and security
> engineered
> into the code.
>
> The fact is, however, that Free Software characteristics are largely
> orthogonal to how good any software might be. There is nothing to
> stop the
> best quality software being Free Software, and there is nothing to
> stop
> commercially "valuable" proprietary software being complete garbage.
> Sadly,
> academic and research institutions are often bamboozled by predatory
> "innovation" advocacy that equates value with scarcity and secrecy,
> leading to
> the hoarding of research benefits for application within privileged
> niches
> instead of helping to strengthen society at large.
>
> With regard to the news article on the topic, there are various
> attempts at
> reassurance about how serious the developers are taking the work. For
> example:
>
> "Måten vi jobber på er nok veldig likt hvordan åpen
> kildekode-miljøet ville
> jobbet. Det er også den typen folk som sitter i gruppen, sier
> lederen av
> ekspertgruppen."
>
> ("The way we work is probably rather like how the open source
> community would
> have worked. It is also this kind of people working in our group,
> says the
> leader of the expert group.")
>
> In other words, a form of imitation of how Free Software developers
> might work
> is occurring based on a perception of a particular "kind of person".
> Seeing
> how well the industry tends to imitate various recommended practices
> more
> generally, typically failing in a burdensome way, I'm not sure how
> much
> confidence I would have from such reassurances.
>
> Reassurances from the government also seem to be readily forthcoming:
>
> "Vi vil selvfølgelig ikke lansere en løsning hvis det skulle vise
> seg at den
> ikke er sikker. Ekspertgruppens uavhengige vurdering vil selvsagt
> være viktig
> for oss i den sammenhengen, sier helseminister Bent Høie til NRK."
>
> ("We would obviously not release a solution if there were indications
> that it
> wasn't secure. The expert group's independent assessment will, of
> course, be
> important for us in that regard, says health minister Bent Høie til
> NRK.")
>
> I would take government reassurances more seriously if we hadn't
> previously
> heard lazy brushing aside of concerns about attacks on electoral
> processes and
> infrastructure by the prime minister. A while ago there were reports
> of
> intrusions and data breaches at one of the regional health providers,
> but all
> that seemed to emerge from that episode were vague "nothing to see
> here"
> claims from these ministers.
>
> For more criticism, a Norwegian language article (and its comments)
> linked to
> from the above news article is somewhat worth reading:
>
> <https://nrkbeta.no/2020/04/02/advarer-mot-a-installere-fhis-korona-app/>
>
> Here, the Singapore application is mentioned along with indications
> that
> Germany may also take it into use. There also appear to be
> architectural
> differences between the way these applications work: centralised
> versus
> decentralised communication, for instance.
>
> Fundamentally, Free Software means having control over the software
> we choose
> (or are asked to choose) to run on our devices. Denying us the
> ability to know
> what that software does is simply exploitative. It is rather telling
> that
> Simula - the developers of the Norwegian application - don't even
> dignify this
> fundamental aspect of Free Software in their response to criticism.
> And it is
> interesting that a country renowed for its surveillance and social
> control is
> more open about the technology it uses than a country that actively
> projects
> an entirely different image of itself to the rest of the world.
>
> Paul
>
> P.S. I find it also laughable that the following statement is paraded
> early on
> in the Simula article:
>
> "Åpenhet og kunnskapsdeling er en del av ryggmargen vår."
>
> ("Openness and knowledge sharing is an essential part of who we are.")
>
> As far as I know Simula is part of the software patenting
> "innovation" circus
> in this country, which is fundamentally incompatible with true
> openness and
> sharing.
> _______________________________________________
> Discussion mailing list
> Discussion at lists.fsfe.org <mailto:Discussion at lists.fsfe.org>
> <https://lists.fsfe.org/mailman/listinfo/discussion>
>
> This mailing list is covered by the FSFE's Code of Conduct. All
> participants are kindly asked to be excellent to each other:
> <https://fsfe.org/about/codeofconduct>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20200410/327c2dbe/attachment-0001.htm>
More information about the Discussion
mailing list