Guest post by tf
Each French cabinet ministry has its own official responsible for the national defense related aspects of that ministry’s work. For the Ministry of National Education, Higher Education, and Research, that official is Bernard Vors, who, in September, acted boldly to protect France from the malign influence of a dangerous piece of software, banning it from all universities and national laboratories. As Stéphane Foucart reports in Le Monde (my translation):
According to Bernard Vors… the decision was taken with the aim of “protecting the scientific patrimony” of France.
“[The software] is a computer program, the workings of which are not fully known to us,” Mr Vors specified, “It is for this reason that we came to the conclusion that there was a potential risk of negative consequences to data that pass through the system.” These precautions are being taken “as a precautionary measure,” added Mr Vors.
“The workings of which are not fully known to us”? Sounds like Microsoft Windows. But, alas, Mr Vors’ boldness does not extend to striking a blow for the open source movement as a whole. It is narrowly directed at one specific danger to the scientific patrimony of France: the internet telephony program Skype.
As Skype has, in a short time, become one of the standard tools of international scientific collaboration, Mr Vors’ directive is not without consequences. Though there are possible substitute tools, such as the Skype look-alike Gizmo, and Microsoft’s MSN Messenger, or the emerging open-source program openwengo, none of which, to my knowledge, are banned, each one has its niche in terms of the operating systems on which it works, and its reliability in the face of adverse network conditions. Eliminating Skype will make it that much more difficult to arrange a voice conference with colleagues working overseas, or for a visiting professor in France to participate in a dissertation defense back home.
Further, it would seem that no exception has been made for the scientific study of Skype itself. Salman A. Baset and Henning Schulzrinne, of Columbia University, have published a paper analyzing Skype’s behavior from a networking point of view. How will there be follow-up papers from networking researchers in France? If the workings of Skype do become known, it is hard to see how it will be thanks to French research.
Actually, it is hard to know what, precisely, the ministerial directive says, because it has not been publicly released. At least, a search for “Skype” on the ministry’s web site reveals no hits. (Kindly post a comment if you find that this has changed.) Were the costs of the directive taken into account, or just the potential benefits of this “precautionary measure”? Does Skype pose the same balance of trade-offs in a student dormitory as it does in a nuclear research laboratory? Were exceptions considered?
As to the known dangers of Skype, it is not as if they have not been studied. The United States Computer Emergency Readiness Team (US-CERT), which is the recognized clearing house for computer security concerns worldwide, has three current advisories on Skype: Vulnerability Notes VU#668193, VU#905177, and VU#930345. Advisories of this kind are routine for almost every computer program. The solution in each case? “Upgrade Skype.”
Internet security expert Simson L. Garfinkel has written about Skype security. He evaluated the potential for what Vors terms the “negative consequences to data.” His conclusions:
Overall, Skype appears to offer significantly more security than conventional analog or ISDN voice communications, but less security than VoIP systems running over virtual private networks (VPNs).
Perhaps Bernard Vors will ban “conventional analog or ISDN voice communications,” i.e., telephones, next.
This story was first reported by Guillaume Champeau on Ratiatum.com.