Did MS Lobbying Stop NSA Work On SELinux?

inquisitive points to this CNET story on how George Wash Univ. may help Linux gain certification under the Common Criteria, certification required for software to be used in some sensitive government roles. In the same story, though, is an interesting quote from another effort at bringing GPL'd software to the public sector: "'We didn't fully understand the consequences of releasing software under the GPL (General Public License),' said Dick Schafer, deputy director of the NSA. 'We received a lot of loud complaints regarding our efforts with SE Linux.'" Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. 'Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software,' said a source familiar with the complaints against the NSA who asked not to be identified."

Ahh New America

[kenp2002]

It's good to see that we now live in a nation that fears competition, exhaults mediocrity, and rewards the foolish, corrupt, and wicked. Oh what a brave new world! Soma! Soma For All!

Welcome to hell.. The United Socialist States of America. I had hoped my kids whould have had the opportunity to grow up on the USA, looks like we lost the war for freedom.

The article makes at least one mistake

[sheldon]

The article makes this statement, "Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business."

This statement is wrong. If the NSA had wanted to make a secure version of FreeBSD, then the fruits of the research would have been available to everyone. It is because they choose to use Linux, which is licensed under the GPL, that they received complaints because the fruits of the research would be available only to non-commercial entities. [Keep in mind the fruits of the research refers to the source code, not the binaries. A lot of Free Software advocates seem to like to confuse those terms.]

Towards the end of the article they mention some cooperation with Apple on making a secure version of FreeBSD. There are drastic differences between the BSD and GPL licenses, and it is extremely frustrating to see those issues either not addressed, or purposefully blurred. Commercial software developers are not complaining about Open Source, they are complaining about the GPL.

Re:The article makes at least one mistake

[sheldon]

These are certainly valid concerns. It's just not clear to me why people think the GPL is a solution.

If the technology created by the government research is of any use, it's going to be of interest by commercial firms. If you use the GPL that simply means that they will recreate the source via a simple reverse-engineering process. i.e. document the APIs and write flow-charts for method calls and then rewrite from scratch. They may contribute back some comments, but it won't be in the form of source patches because their implementations are different.

Now if the BSD license were used, the commercial companies could integrate the exact source into their product, most likely contributing back updates and suggestions on how to improve it. This insures a certain level of compatibility and similarity between implementations. If they do not contribute back then ohwell, the BSD version is still available and can be maintained by non-commercial entities interested in that. You have not lost anything.

Either way the consumer will have a choice, the free version or the commercial version. It's just in the GPL case you've created a lot of extra work for someone, and it's not quite clear to me what the purpose of that is. If you say it's because it's not fair that a commercial entity would profit off the work, then charge something for it. Government agencies do that all the time to try to recuperate costs. But if it's not available at all, I think a very valid argument could be made that says it is not the job of the government to invest in such research if it is closed off from commercial usage.

This debate appears to me to be taking the form of "We have the GPL, now we must find problems to justify using it!" Rather, why don't we first lay out the problems, and then think of ways to solve those problems which provide an adequate solution to all parties involved?

Most of the arguments seem to revolve around the need to have access to the source code. Understandable, and I think we can find ways to do this with commercial software. Remember, commercial software does not mean closed source, that just happens to be the defense mechanism used today because of abuse. But what if all software were mandated to come with source? Then it'd be pretty easy to look for source code plagarism, and I think it would benefit the entire industry by showing others how to do things. This would also provide some balance with the use of software patents.

In all of these discussion, what I'm not seeing is a justification for the freely distributable point. Other than a desire for a handful of geeks to get software for free, what valid purpose does this serve above and beyond the availability of source code with the product? If I have the source, I have openness and maintainability. What does forcing freely redistributable gain me other than being anti-commercial?

Re:It's a new concept...

[flacco]

NSA has decided not to work on it with you.

Oh fuck off you toadie apologist scumbag.

The article pretty clearly says the NSA backed off on its work because of political pressure from Microsoft.