ASPI caught spreading misinformation about open-source software

May 8, 2024
Fake news on internet in modern digital age, conceptual illustration with text overlaying hexadecimal encrypted computer code

It’s not often that you find someone writing about open source software and not bothering to make mention of the licences being used. But that’s precisely what Albert Zhang of the Australian Strategic Policy Institute, a lobby group for big tech and foreign agencies, has done.

In an article titled China’s use of foreign open-source software, and how to counter itZhang shows that he has little knowledge about this genre of software, how it is used around the world and how its use is governed by licences and not the whims and fancies of any government.

His takeoff point is an article in the Rupert Murdoch-owned Wall Street Journal which provided details about a Beijing directive to government agencies asking them to replace proprietary foreign software by 2027.

As with many other articles which are published by ASPI, this is also an anti-China screed masquerading as a discussion about the use of open-source software.

Zhang writes that China began pursuing the use of open source software in the 1990s, adding that software can be a risk if vulnerabilities are not patched. This is a fairly obvious thing, something like stating the sun rises in the east.

In this context, Zhang offers the example of Eternal Blue, an exploit developed by the NSA, and used in numerous attacks over the years.

“That’s why Beijing has long been suspicious of foreign operating systems such as Windows and macOS, worrying that foreign governments could be hoarding vulnerabilities that they could exploit to cripple the Chinese government’s computer networks,” he writes.

Zhang appears to be blissfully unaware of the fact that back in May 2017 Microsoft released a version of Windows 10 for use in China after the source code had been vetted by Chinese authorities. It was named Windows 10 China Government Edition.

But this level of ignorance is not surprising when ASPI staff write about software. Elise Thomas, then an ASPI researcher, made similar uninformed claims about Huawei back in June 2019.

Given the amount of money that Microsoft makes in China, it is highly unlikely that the company would do anything to jeopardise its business there. And it is notable that no matter whether the Democrats or Republicans are in power in the US, Microsoft has enough lobbying power in Washington to keep selling to China.

The best example of the clout Microsoft has is its continued sales of Windows to Huawei, despite the American bid to isolate the Chinese company. When Donald Trump was in the White House, Google was unable to obtain a waiver on software exports so it could sell its Android mobile operating system to Huawei. But Microsoft obtained a waiver and continued to sell Windows to Huawei.

Zhang also seems unaware of the close relationship that Apple chief executive Tim Cook has with China. Had he been aware, he would not have made a statement about China fearing bugs in macOS.

Zhang refers to Android as open-source software when only part of the system belongs to this genre. “For example, the first version of Huawei’s mobile operating system, HarmonyOS, had no discernible differences from Google’s Android,” he writes, clearly ignorant of the fact that Android contains several Google apps that are proprietary and not available unless one pays a licence fee. Gmail, Maps, YouTube, Photos, Drive and Wallet are some of the closed-source apps that are part of Android.

Another false statement by Zhang is this: “And OpenKylin is considered to be a remix of Ubuntu, an open-source version of the Linux operating system.” Linux is not an operating system, it is only the kernel. There are a host of other packages which go in to make a Linux distribution. Ubuntu is one distribution, but it is no more or less open source than any other.

Again Zhang writes: “Linux has been one of the most secure operating systems, thanks to a global open-source community of engineers hunting for vulnerabilities and patching software bugs.” This is high-grade BS. If one is talking of software that is secure, then OpenBSD, NetBSD and FreeBSD rate much higher than Linux. But then has Zhang even heard of these operating systems? One doubts it.

Zhang wants democracies to restrict developers from contributing to projects on the Chinese platform Gitee (something like GitHub). How does one do this? Zhang clearly does not know, else he would have told us.

He writes: “This will prevent developers from supplying the next generation of critical software and AI technologies and unwittingly helping Beijing gain a military advantage. At a minimum, democratic governments should raise public awareness of the involvement of China and other authoritarian regimes in emerging open-source software platforms.

“For global open-source communities, there should be an international code of conduct that promotes transparency about project funding sources and contributors, supports ethical decisions and addresses concerns about open-source technologies being used for harmful purposes.”

This is something of a joke; the licences that govern the use of different free or open source software are non-restrictive. Had Osama bin Laden used Linux to plan the bombing of the Trade Centre in 2001, Linus Torvalds, the creator of Linux, could not have done a thing to prevent it.

Zhang ends with this: “Democratic governments also need to reassess which products should not be made open-source because they’re at risk of being weaponised by malign actors. Some cutting-edge software, such as generative AI, is already being co-opted by the CCP [Chinese Communist Party] against democracies in disinformation campaigns.”

There is more than a certain irony in Zhang using the word “disinformation” after all the incorrect data he has provided.

“Lastly, governments should protect and foster the global open-source community of software developers, who are a critical resource in cyber security and other key areas, and do more to challenge authoritarian governments when they ban or censor open-source platforms like Hugging Face and GitHub,” is Zhang’s final note.

Any country can decide what software to use or not use within its own borders. Unless, of course, Zhang asks the US to force some country to do its bidding.

ASPI often makes a song and dance about misinformation. It would be good for the organisation to get its own house in order first. Charity, it has long been said, begins at home.

 

Republished from ITWire, May 02, 2024

Share and Enjoy !

Subscribe to John Menadue's Newsletter
Subscribe to John Menadue's Newsletter

 

Thank you for subscribing!