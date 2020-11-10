Proprietary Software Leftovers
New research on Swedish public sector organisations shows that there is a need for more awareness and understanding of lock-in risks when procuring cloud services
In a recent paper, researchers at the University of Skövde in Sweden ask the question: “How do, and by which strategies should, public sector organisations address lock-in effects before use of commercial SaaS solutions?”. This analysis plays into one of the most relevant debates related to open source in the public sector.
Public sector lock-in to proprietary solutions has been central in arguments put forward by advocates for more use of open source software by public institutions. This research follows earlier academic findings showing how lock-in effects can impose many different types of technical, legal, economic and societal challenges for public sector organisations. But this latest paper analyses the awareness of these risks in the processes of public sector procurement of cloud services.
The authors find that municipalities adopt and use cloud solutions from large global suppliers “under potentially problematic contract terms”. The main example given is the City of Gothenburg, who entered into an agreement with Microsoft for adopting Office365. The City uses Office365 for large scale data processing but has not carried out an impact assessment outlining the jurisdictions in which data can be, and has been, processed.
Addressing Lock-in Effects in the Public Sector: How Can Organisations Deploy a SaaS Solution While Maintaining Control of Their Digital Assets?
The study shows a widespread practice amongst PSOs to adopt and use a widely deployed SaaS solution from a global supplier under potentially problematic contract terms. The City of Gothenburg and most other PSOs use their adopted SaaS solution to process data on a large scale with users that are in a position of dependence without having carried out an impact assessment, despite the fact that PSOs are unaware of in which jurisdictions data can be, and have been, processed. Some PSOs identified prior to their adoption and use of their SaaS solution that the terms allow for data processing in several third countries. None of the organisations present any evidence to suggest that they have tried to obtain all necessary patent licences for the ITU-T H.265 standard from third parties which would allow for use of the adopted SaaS solution. Since these licences, in addition to licences for a large number of other standards, would also be needed to allow for implementation of the closed file format standards in software that can be provided by other suppliers it follows that organisations are potentially exposed to significant risks of losing control over their own digital assets.
Findings from the study also show that none of the investigated organisations present any strategy that would allow them to cease using the SaaS solution in a way that exported digital assets can be used and reused by other software applications in the future. The study shows that amongst the few PSOs that present some documented risk analysis there is strong faith that their current supplier will assist in a potential future situation if the PSO decides to abandon their current supplier.
Further, findings show that recommendations presented in the literature for how to maintain digital assets during their entire life-cycle have been ignored by all investigated PSOs. Before adoption of a SaaS solution, none of the organisations had investigated whether digital assets created and maintained in the SaaS solution can be exported in open file formats and open standards to allow use and reuse after exit. Further, none of the investigated PSOs have presented any analysis which addresses how to obtain all licences they require when, and after, the adopted SaaS solution is used. Hence, it is unclear if any of the organisations will be able to interpret their own files without support from their current supplier in a potential future situation when they have ceased to use the SaaS solution.
In summary, all investigated PSOs have failed successfully to address critical issues that need to be considered before adoption and use of a SaaS solution.
How affected was WhatsApp by Pegasus in India, asks SC
One set of petitions challenged WhatsApp’s new privacy policy even when pleas questioning its earlier privacy policy are still pending adjudication. A second set of petitions, including one by Rajya Sabha MP Binoy Viswam, has questioned the steps taken by payment apps run by multinationals like Google, Amazon and Facebook and raised the issue of Pegasus spyware targeting WhatsApp users.
Pentagon May Be Forced To Discontinue With JEDI Cloud Effort
In October 2019, Microsoft won the Defense Department JEDI cloud contract worth up to $10 billion over a period of 10 years, beating out market leader Amazon.
In the paper, DoD says: “Regardless of the JEDI Cloud litigation outcome, the Department continues to have an urgent, unmet requirement. Specifically, the Department’s need for an enterprise-wide, commercial cloud services for all three classification levels, extending from the homefront to the tactical edge, at scale.”
The Department clarified that work on JEDI Cloud would “continue to be paused until the litigation process is complete, and DISA/CCPO remains ready to resume management of the JEDI Cloud work if/when the entire set of litigation is resolved in the Government’s favor.”
U.K. Arrest in ‘SMS Bandits’ Phishing Service
Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name “SMS Bandits,” has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to PayPal, telecommunications providers and tax revenue agencies.
Meet the Ubuntu 21.04 "Hirsute Hippo" Artwork by Sylvia Ritter, Made with Krita
Meet the Hirsute Hippo artwork by Sylvia Ritter, made with the powerful, open-source and cross-platform Krita digital painting and raster graphics software. The artwork is inspired by Ubuntu 21.04‘s codename “Hirsute Hippo” and I believe it shows a mama hippo with her cute baby hippo. Undoubtedly this is yet another masterpiece from Sylvia Ritter, and this time the artwork is made in a format suitable for your mobile phones and tablets since PinePhone has become such a very popular device among Linux fans.
