If we're serious about national security, we need an EU computing platform
If we are going to be distrustful of China, then we ought to be applying the same amount of cynicism to the US
I've been having a lot of chats with colleagues recently about the fundamentals of our computer platforms - the lifeblood of how we do modern work and home life. There is obviously much concern about the use and misuse of data by the obvious players such as Facebook and Google, but also by Amazon and Microsoft. Both of the latter companies are seen as a somewhat smaller threat, but take note that they're moving into new areas such as cloud-hosted healthcare. That's a data minefield that could explode at any time.
Who can we trust? Apple seems to get a pretty good report sheet from most, given its so-far unwavering determination not to just hand over data to government forces or third parties. It helps, of course, that's it's monetising its customer base quite well all by itself. But Amazon, Google, Microsoft? I'm not so sure.
My ruminations have led me to the inevitable realisation that almost everything we rely upon in the software world is headquartered in the US. Manufacturing is, of course, mostly in China. R&D can be most anywhere, and no one should overlook the amazing work done in the UK by the likes of ARM and Raspberry Pi.
Yet the software platforms, cloud systems, and globally sourced data mountains are all owned and run by US-headquartered companies. Now, these companies will squeal that they have R&D centres all around the world. And that is indeed true. But ownership of the data rests at the mothership and that's almost exclusively in the US.
Given the interesting global political moves between the US and China, and the middling position of the EU in these international markets, we need to have a mature discussion about where our IP services come from, where our data is held and where the centre of gravity rests. Many companies have had their eyes opened up to the possibility of Patriot Act attack by the US against data held in the US, or internationally by their international divisions. So maybe it's time to ask where the underlying services come from, who we trust and why?
For example, I'm fascinated by the idea that Huawei is deemed to be untrustworthy for 5G because it might have links with the Chinese government. As if this is somehow worse than the links that almost certainly exist between any American-based corporation and the NSA. And despite the fact that Huawei has been working together with GCHQ on code development for years - it's also working a darn sight harder to show its workings than any American company I can think of.
Of course, I'm not naive enough to believe that Huawei is going to be cleaner than clean - but nor is anyone else. And that's the point. For example, what makes us believe that Kaspersky is an agent of the Russian state, as claimed by the US? By that same rationale, are the hundreds of American companies involved in security beholden to their government? Too much of this debate is pure politics and has nothing to do with engineering, nor the reality of product development and deployment.
In the same spirit of clarity that our beloved politicians repeat ad infinitum on the Today programme, let me be clear. If we are going to be told to distrust the Chinese, whether it be over 5G firmware or the possibilities of hidden code or hardware on motherboards, then we logically ought to be applying the same amount of cynicism to everything from the US. Fair's fair. So this is the question that I'm wrestling with. If we can't trust the Americans, the Russians or the Chinese, why isn't there a public, clear and focused push to build an EU platform for computing?
Take something like Linux Mint and do an EU fork. Do the same with LibreOffice, and then get to work on the cloud services backbones. You might argue, with justification, that such an effort isn't necessary if you work on open-source platforms today, and you would be right. But making a public commitment to a European software platform and technology infrastructure might go a long way to alleviating politicians' fears - if not today, then in the future.
And the future is key. Who really knows what the state of computing is going to be in ten to 20 years time? If we keep heading down our current paths, will we find ourselves ever deeper in the clutches of closed, foreign code? Is the asinine notion that "US Good, China Bad" as ridiculous as something from George Orwell?
And if China can't be trusted, and it's a drum that's being beaten harder and harder, it really is about time that Europe started to put its money where its mouth is, and come up with a new platform that can be seen to be trustworthy in the context of this sort of global shouting match.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Security best practices for PostgreSQL
Securing data with PostgreSQLDownload now
Transform your MSP business into a money-making machine
Benefits and challenges of a recurring revenue modelDownload now
The care and feeding of cloud
How to support cloud infrastructure post-migrationWatch now