Dutch Digital Autonomy must be based on Free Software and Open Standards
"The Netherlands is losing grip on internet security, and is therefore in danger of losing control over democracy, the rule of law and the economic innovation system." This warning comes from the Cyber Security Council, a national and independent advisory body of the Dutch government and business community with members from the government, industry and academia.
In the Cyber Security Council's recent advice, they do an urgent call on the Dutch Cabinet to take quick action to prevent that Dutch society and economy becomes too dependent on proprietary technology they can not control.
While Cyber threats are increasing, the Netherlands is becoming increasingly dependent on a digital infrastructure that is dominated by just a small number of monopolistic companies. This could have major consequences for the national and economic security of the Netherlands. That is why digital autonomy should be high on the political agenda, according to the Council. Time is running out. If the Netherlands does not intervene, it risks losing its grip on internet security and losing its own technological knowledge, the council states. According to the advisory body, "time is short" thus "action must and can be taken now to ensure strategic autonomy”.
So much for the Cyber Security Council.
Their timing is right on the spot now a new Dutch cabinet is in the making and plans for the upcoming four years are about to be negotiated between coalition partners. But does their advice actually get to the heart of the problem? When reading the Strategic Autonomy and Cybersecurity in the Netherlands report, it is remarkable that proven best practices like Open Standards and Free Software do not play a central role in their solution and advice. If mentioned at all, it is in a side context.
Any open society is based on transparency. Therefore the digital freedom and rights of every citizen must be transparently protected. Digital autonomy is an indispensable condition for this. Autonomy, in turn, must be based on a solid legal framework that enforces Open Standards and Free Software, so that it can support citizens with public services over a public infrastructure in a transparent, secure and private way. It is crucial that national and European politicians are aware of their continuing obligation to implement all legislation that supports this practice.
Educational, health, and democratic institutions are core to our society. They are public assets and should not be part of any “economic market”, since we simply can not afford them to go bankrupt. So, public institutions will always be supported with Public Money, and any software involved inherently should be transparent by being Public Code. This principle is enshrined in the Public Money? Public Code! campaign of the FSFE, which states that software created with taxpayers’ money must be released as Free Software.
Proprietary companies that act in the “economic market” can go bankrupt. So, it is questionable if a Public Government should ever invest Public Money into proprietary market parties unconditionally. If investments are deemed necessary they should at least be done under the explicit condition that return on investment is for Public Benefit only. Again, as digital assets are concerned, Public Code is one of those conditions.
This public point of view is acutely absent in the institutional domain in which the Cyber Security Council acts and advises on. This is a domain that consist of a great number of interdependent organizations, national and super national, large and small, more and less powerful, that seem to keep each other in deadlock. Opening up to a public perspective would be a good first step for the Council to adapt their initial advice for the benefit of the commons.
The FSFE calls on the Dutch government to stand firm and get a grip on their digital security and autonomy by adhering to Open Standards and Free Software, in line with their earlier commitment to use Free Software by Default.