By now you probably have heard about the white paper Kenneth Brown wrote. He is president of the Alexis de Tocqueville Institution (ADTI). The paper, “Opening the Open Source Debate,” asserts that open source, particularly software under the GPL license, can and in fact is “anxious” to ruin the software industry’s growth. It also suggests that open source is a security disaster waiting to happen, since so many bad guys would have access to the source code of a program.
My first reaction to Brown’s work was that it is a monumentally stupid paper, rife with tenuous logic and reckless innuendo. (For a fine dismantling of ADTI’s arguments, see The Register.) Then it was discovered that ADTI receives funding from Microsoft. Brown and Microsoft acknowledged this fact as a result of a flurry of negative publicity. So it’s not surprising that many people assume this work is thinly veiled propaganda. And after talking to Brown, I realise that he seems to have a hard time defending the paper himself.
"Ken Brown is not saying proprietary is safer because it’s closed,” Ken Brown says to me, even though that’s exactly what the paper tacitly suggests by questioning open source’s security but never acknowledging arguments against proprietary software’s security. His reason for leaving out evaluations of security risks around proprietary code? “It’s been around for 40 years; everyone knows about it. But ask 100 people what open source is and maybe one or two people know.”
“We are open to debating this topic,” he adds, maybe sensing what a terrible argument that is, and retreating from the white paper a little more. His voice is laced with defensiveness, but also a little fatigue. He’s experiencing his first public castigation from the notoriously relentless open source community. He says, “I will talk to anyone about this. Ask anybody who has talked to me and they’ll say, ‘You know what, Ken’s making points I disagree with, but Ken is talking through the issues.’ All we’re saying in the white paper is [exposing source code] has some costs. It’s a tradeoff. Proprietary code has tradeoffs, too.”
There. A stunning admission. If it had found its way into his white paper, Brown wouldn’t now be erecting what he calls a “wall of shame,” consisting of rebuttals and responses to flames from open source advocates.
Brown should have come to the debate table with something more than fear, uncertainty and doubt. Offer some proof, or at least a reasoned argument. Or he should have acknowledged that proprietary source code is also often shared with the wrong parties (sometimes it’s stolen, and decompilers make any source code relatively accessible for a motivated person). When challenged with this, he again backs down. “In my view, hackers aren’t innocent, and I feel like the open source community is a little too light on these topics. I’ve gotten e-mails that say I’m wrong because open source code is so good and secure. I think that’s naive hubris. But people linked us to saying, in effect, al-Quaida is going to use open source. You are 100 per cent right to disapprove of that. It’s not what I intended to say.”
A couple of centuries ago, some guy said, “In the United States, the majority undertakes to supply a multitude of ready-made opinions for the use of individuals, who are thus relieved from the necessity of forming opinions of their own.”
The guy who said it was Alexis de Tocqueville, the namesake of Kenneth Brown’s think tank, and a man no doubt nauseated from rolling over in his grave.