The recent revelations published by Mediapart, on hacking of the European Parliament's messaging service could have been the occasion for a thorough review of the computer security of the European institutions. Better timing is hard to imagine. Pressed by MPs and associations that have been seeking for years to terminate the contracts binding them to Microsoft, and faced with the revelations of Edward Snowden on the global espionage network set up by the United States, these institutions now have proof of how easy it is to hack into a messaging service. Next year the European Commission, which manages contracts for all the union's institutions, will have the opportunity to renegotiate its contracts with the American software giant, its main supplier for the past 20 years.
For now, the European Commission has turned a deaf ear and does not want to see the problem lurking in the background, dismissing the hacking into the European Parliament as a “technical” problem. Questioned on his motives by Mediapart, the hacker, however, insisted there was a intentional political dimension to his act. He did not, he said, set out to hack into any specific software. Outraged by the politicians’ failure to respond to the Prism scandal, he wanted to ”shake them up a little” to ”raise awareness” and ”who knows, make things better for the next parliament”.
It is this same European Commission that will be responsible for negotiating with Microsoft the two main contracts that come up for renewal in 2014. All the same, the firm founded by Bill Gates has managed to remain the main partner of the European institutions since 1993. [[The contract has been extended six times, in the total absence of competing bidders, because no call for tenders went out before the deal was signed]].
Public procurement is still framed by a “financial regulation” that provides, by default, that any contract must first come up for competitive tendering. The texts, though, also provide for certain exemptions that allow the Commission to choose a company directly, within the framework of a “negotiated procedure”, particularly if that company is capable of meeting all of the demands by itself. And so far Microsoft has always managed to take advantage of one of these “negotiated procedures”.
Newsletter in English
In the 1990s, the main argument advanced for this procedure was that the American company was virtually the only one in the market. Then, as potential alternatives began to appear, the Commission began to justify its choice by claiming that a change-over would be too expensive and be too difficult technically to implement.
This last argument is precisely the one advanced by defenders of free software – ie, open-source software that comes with no strings attached to a licence-holder – who are demanding a genuine break with the current system. “What they (the Commission) are saying in fact is that ‘We cannot buy software from anyone other than Microsoft because it would be too complicated to operate it’. And this leads us to the question of the ‘lock-in’", says Karsten Gerloff, president of the Free Software Foundation Europe (FSFE).”
This near-monopoly of Microsoft is all the more odd given that the European institutions are constantly extolling not only the virtues of competition and the need for transparent government procurement, but also the merits of free and open-source software. Moreover, the various technical teams seem to be fully aware of the issues.
There is, in the European Parliament, an association of free software users, the EPFSUG, that collaborates with the Directorate-General for Informatics (DIGIT). Furthermore, European institutions have already set up several software projects, such as ‘AT4AM’ to handle the amendments. For its part, the Commission launched a "strategy for the internal use of FOSS" back in 2011 in the form of a declaration of intentions. However, the document, which ends in 2013, has not been updated.
Members are constantly questioning their administration on the issue. In 2012 the Parliament requested explanations on the use of free software in the vote on the “discharge”, ie the control of the budget for 2011, when the last contracts with Microsoft were signed. Since then the Green Group has been fighting for an explanation.
[[The details of the contracts signed with Microsoft in 2011 have not been made public]]. "What they say is that they cannot give out the details of the contract because that would violate Microsoft's commercial interests”, says Karsten Gerloff. “Personally, as a citizen, I could not care less about the commercial interests of Microsoft. What interests me, as a taxpayer, are the interests of the European institutions – to know where my money is going, and whether it is being used effectively. The tendency, however, is rather to keep the contracts secret.”
The European Commission is currently bound to Microsoft by two contracts. The first, which goes through a provider by the name of Fujitsu, is directly related to the provision of software for €50m. The second, signed directly with Microsoft for €44.7m, is for “support” – ie, maintenance of the software sold.
Both these contracts come up for renewal next year. Will the Commission, reassessing its dependence on Microsoft, decide to plunge ahead with free software?
Interviewed by Mediapart on its intention to launch, or not, a call for tenders, the Commission has refused for the moment to declare itself. It recalls that “its decisions regarding the choice of software, on the one hand, always fully respect the applicable public procurement law and, on the other hand, are based on cost-benefit analyses to determine the total cost of ownership (and risks) of each alternative”.