[FSF India] Re: WB Govt ties up with MSFT

Raju Mathur fsf-india@gnu.org.in
Sun, 5 Aug 2001 12:23:59 +0530 (IST)


Here's a prototype letter which can be sent to any State government
which plans to tie-up with MS for e-governance.  I am making it as
general-purpose as possible so that more people are willing to sign
it: this is not a time for family squabbles.  I'd appreciate any
additions/enhancements which can be made to this letter.  URL's
highlighting the points discussed would also be a great idea.  Not
being an activist, I cannot suggest the proper methods for getting
this letter signed and circulated to the right authorities.

Dear <name here>

We, the Free Software, Open Source and Electronic Freedom proponents
in India are deeply distressed to learn about your Government's plans
to base your complete e-governance infrastructure on a single foreign
company's products.  The history of Microsoft has shown that it has
very little regard for serving any objectives except its own, which
does not augur well for the future of <state name here> in particular
and our country in general.

We request you to kindly consider the following points before making
this relationship permanent:

1.  Security.

Microsoft products have time and again demonstrated a regrettable lack
of basic security features.  Recent incidents which have affected a
sizeable portion of Microsoft-based servers and client systems on the
Internet have served to highlight the fact that Microsoft makes
Insecure Products.

The Code Red worm (computer virus) infected millions of servers on the
Internet in June 2001 and coordinated them (without their
administrators consent) to simultaneously attack the US White House
web site.  The worm is still alive though dormant and no one knows
exactly where and when it will strike again.  Needless to say, this
worm only affects computers running Microsoft's most popular web
server.

Only a few days after the infamous Code Red attacks (on August 5,
2001), another worm which infects Microsoft-based web servers has been
discovered and is at the time of writing being analysed to discover
its potential to disrupt the world's computing and networking
infrstructure.

The SIRCAM virus which replicates itself using e-mail as the medium
has been deemed such a major threat to computing infrastructure that
Microsoft and the FBI have taken the unprecendented step of releasing
a joint warning notice against it to all computer users in July 2001.
Again, the SIRCAM virus only affects e-mail users who use Microsoft's
products -- all other software is immune to this threat.

These are but two symptoms of the general malaise that Microsoft's
products suffer from.  Each time a product is fixed using patches from
Microsoft, new security holes in the product are uncovered, leading to
another wave of infection.  In fact, there have been cases of a
problem fix from Microsoft uncovering older (previously-fixed)
problems and making them active again; there are no signs that these
issues will ever be completely resolved.

2. Total cost of ownership (TCO)

The Total Cost of Ownership of Microsoft's products is much higher
than that of other, equivalent, better technologies.  With their new
licensing model, Microsoft has ensured that those unfortunate enough
to invest in their products keep paying for the product, not only at
purchase time but throughout the lifetime of the product on an annual
basis.  We believe that it is possible to save this outflow and
redeploy it in other areas in the state which need investments.

In addition hardware requirements for running Microsoft are
substantially higher than those of competing products from other
sources.  In many cases a computer running a competing product will
cost half of and handle ten times the load that a computer
configuration running Microsoft products would.

3. Internal security

Microsoft is a company owned by American citizens, having its base of
operations in the USA and subject to US laws.  A clear effect of this
was evidenced in 1999 when it was discovered that some of the security
and cryptography functions built into Microsoft's operating systems
were subject to be used by the US National Security Agency (NSA)
without explicit permission from either Microsoft or the user of the
software.

This is one lone ``feature'' of Microsoft software which came to light
due to the vigilance of a concerned individual.  However it is quite
possible (indeed, likely) that there are other ways in which Microsoft
products are designed and constructed to permit illegal access by US
security agencies.  As concerned Indians, we would wish to be secure
in the knowledge that the software handling our critical information
about Government and individuals will not permit foreign Governments
to spy upon, or, even worse, arbitrarily modify it without the consent
or knowledge of our elected representatives and the Government
machine.

4. Flexibility

India being a unique country it is very likely that we will wish to
adapt the software managing our Government information flows to our
specific requirements from time to time.  With Microsoft products it
will not be possible to do this in any sort of time-bound manner, if
it is possible at all.  For instance, we may want to create cheap
Intel 486-based computers for members of the bureaucracy which they
can use to access their e-mail.  Building such a low-cost computer
with Microsoft software would be impossible since the building blocks
of the software (the ``source code'', which is the blueprint for the
software) is only available with Microsoft.  As users, we will not be
able to customise and modify the software to our requirements.

To take another example, Microsoft is subject to US Government rules
which prohibit the export of some forms of strong data encryption and
decryption (scrambling and descrambling) technologies to India except
under special conditions.  As long as we are using Microsoft products,
these technologies will not be available to us and we will be forced
to use sub-standard, easily breakable techniques to protect our
critical data.

5. Alternatives

Given these facts, we strongly urge you to consider alternative
technologies and sources for software for mission- and
government-critical functions like State e-governance.  The GNU/Linux
operating system (sometimes also called just ``Linux'') suffers from
none of the defects of Microsoft operating systems and applications
detailed above and is already the fastest-growing server operating
system in the world today.

Some of the features of GNU/Linux which make it a viable and desirable
component of any Government infrastructure are:

- GNU/Linux has not to date been subject to any virus attacks anywhere
near the severity of the worms and virii which are infecting Microsoft
systems on a nearly daily basis.

- The operating system itself and all the applications required to
build a safe, secure and efficient infrastructure are available free
of cost and can even be downloaded from the Internet.  The hardware
configuration of systems required to run GNU/Linux is much lower than
that of corresponding systems required to run Microsoft products.
There is no fee at all -- neither one-time nor recurring -- for using
GNU/Linux.

- The source code for the operating system and applications is
available for perusal and modification.  Using GNU/Linux, the
Government can be assured that there are they are not at the mercy of
any foreign government which can arm-twist Microsoft into putting
hidden back-doors into their products.  The Government can also give
this assurance to the electorate.

- Since the source code (i.e. the building blocks) of GNU/Linux is
generally available, the Government can, if it so chooses, modify,
extend and customise the software for its specific requirements.  For
instance, it is quite feasible to replace existing encryption
techniques in GNU/Linux with those certified by the DRDO, leading to
much better and auditable levels of security.  Such enhancemente are
not possible with Microsoft software.

- Many national governments have blacklisted Microsoft products and
specifically selected GNU/Linux to host applications managing and
monitoring State and Central functions.

We request you to critically consider any decision to purchase
Microsoft products in the light of the information given above, and to
give serious consideration to using alternative technologies which
have a much lower cost, are more reliable and secure, and can be
easily enhanced to fit in with our national objectives.

>>>>> "Satyakam" == Satyakam Goswami <goswami@archeanit.com> writes:

    Satyakam> FSF wake up this news comes at a bad time there are
    Satyakam> efforts from different directions to make WB a Free
    Satyakam> Software State. Can we all make a presentation on this
    Satyakam> immediately at least the board members can write
    Satyakam> somethin to this senior official in WBEIDC and explain
    Satyakam> them that they are getting a one way ticket.

    Satyakam> <qoute> A senior official at the West Bengal Electronics
    Satyakam> Industry Development Corp (Webel) said the deal with
    Satyakam> Microsoft would help the state woo investments in the
    Satyakam> information technology sector.  </unquote>

    Satyakam> the closest contact info i could get was the following.
    Satyakam> http://www.wbidc.com/contact.htm

    Satyakam> the Westbengal.com site did not list email id's of
    Satyakam> Ministers and the CM, they had phone numbers listed what
    Satyakam> a ridiculous thing to do.

    Satyakam> I urge we should have a strong presentation from FSF on
    Satyakam> the follwing issues

    Satyakam> 1)Investment Promises which never come, tell them to
    Satyakam> learn from the mistake of others.  2)You have to help
    Satyakam> yourself there will be nobody else helping you.
    Satyakam> 3)How,Why and where Free Software can help achieve there
    Satyakam> objectives.  4)Who is making $$ in this SLACK phase??


    Satyakam> cheers S.Goswami


    >> WB Govt ties up with MSFT
    >> http://dailynews.yahoo.com/h/nm/20010804/tc/india_microsoft_dc_1.html
    >> 
    >> One would think they would be better off tying up with RedHat
    >> or SuSE or the FSF
    >> 
    >> Who wants a government that has to be patched every week....?

-- 
Raju Mathur          raju@kandalaya.org           http://kandalaya.org/