[FSFE PR][EN] Huawei case demonstrates importance of Free Software for security

press at fsfe.org press at fsfe.org
Tue Feb 5 07:30:08 UTC 2019


 = Huawei case demonstrates importance of Free Software for security =

[ Read online: https://fsfe.org/news/2019/news-20190205-01.en.html ]

The discussion of the Huawei security concerns showcases a general trust
issue when it comes to critical infrastructure. A first step to solve
this problem is to publish the code under a Free and Open Source
Software licence and take measures to facilitate its independently-
verifiable distribution.

The ongoing debate about banning Huawei hardware for the rollout of 5G
networks, following earlier state espionage allegations, falls too
short. It is not just about the Chinese company but about a general lack
of transparency within this sector. As past incidents proved, the
problem of backdoors inside blackboxed hard- and software is widely
spread, independently from the manufacturers' origins.

However, it is unprecedented that the demand to inspect the source code
of a manufacturer's equipment has been discussed so broadly and
intensely. The Free Software Foundation Europe (FSFE) welcomes that the
importance of source code is recognised, but is afraid that the proposed
solution falls too short. Allowing inspection of the secret code by
selected authorities and telephone companies might help in this specific
case, but will not solve the general problem.

To establish trust in critical infrastructure like 5G, it is a crucial
precondition that all software code powering those devices is published
under a Free and Open Source Software licence. Free and Open Source
Software guarantees the four freedoms to use, study, share, and improve
an application. On this basis, everyone can inspect the code, not only
for backdoors, but for all security risks. Only these freedoms allow for
independent and continuous security audits which will lead citizens, the
economy, and the public sector to trust their communication and data
exchange.

Furthermore, in order to verify code integrity – so that the provided
source code corresponds to the executable code running on the equipment
– it is either necessary that there are reproducible builds in case of
binary distribution, or that providers are brought into the position to
compile and deploy the code on their own.

    "We should not only debate the Huawei case but extend the discussion
    to all critical infrastructure." says Max Mehl, FSFE Programme
    Manager. "Only with Free and Open Source Software, transparency and
    accountability can be guaranteed. This is a long-known crucial
    precondition for security and trust. We expect from state actors to
    immediately implement this solution not only for the Huawei case but
    for all comparable IT security issues."

  == About the Free Software Foundation Europe ==

  Free Software Foundation Europe is a charity that empowers users to
  control technology. Software is deeply involved in all aspects of our
  lives; and it is important that this technology empowers rather than
  restricts us. Free Software gives everybody the rights to use,
  understand, adapt and share software. These rights help support other
  fundamental freedoms like freedom of speech, press and privacy.

  The FSFE helps individuals and organisations to understand how Free
  Software contributes to freedom, transparency, and self-determination.
  It enhances users' rights by abolishing barriers to Free Software
  adoption, encourage people to use and develop Free Software, and
  provide resources to enable everyone to further promote Free Software
  in Europe.

  http://fsfe.org


More information about the Press-release mailing list