Wow, thanks for that, this sounds really great! If the translation I got is correct, I ran it through a translation website and got the following translation to English:
State Secretary for Digitalisation Van Huffelen wants DigiD to be fully open source in the future. Something that is not yet the case. Van Huffelen made this known during a debate on the Digital Government Act. In principle, future identification and log-in tools should also be open source.
The Digital Government Act regulates that Dutch citizens and companies can log in safely and reliably to the (semi-)government. Citizens will receive electronic means of identification (eID) with a higher degree of reliability than the current DigiD. In addition, these means of login must be fundamentally open-source. Something that does not yet apply to DigiD.
“It does not work entirely with open source software. That’s because it cannot yet be used securely for all processes. But this must also apply to DigiD, of course, just as it applies to other log-in tools. We want to shape the growth path for this in the coming period”, said the State Secretary.
himself herself calls it “growing towards it”, because not all log-in systems are open source at the moment. “DigiD, for example, is not yet fully open source. It is a login tool that we use and that we consider secure, but it is not fully open source. So we want to make sure that the login tools that private or public parties use and that we want to allow into our system in the future are ideally based on 100 per cent open source.”
During the debate, there was also discussion about requiring only open source login tools in the law. “If you demand in the law that it must always be, that it must be one hundred percent, and it’s not possible now, then you’re already failing to meet the requirement today. Then you would have to stop the DigiD,” Van Huffelen responded. “We are going as far as possible with the open source principle and the obligation, apart from cases where security or continuity is at stake.” The Lower House will vote on the bill and the motions submitted during the debate on 7 June.
Assuming you know Dutch, would you say the above translation is correct?
Is that “security.nl” site trustworthy?
Do you know if there is more to read about this somewhere?
Then I think the Netherlands is way ahead of Sweden regarding insight about the importance of FLOSS for security.
In Sweden, the situation is rather that the government has setup a kind of framework that allows different private entities to connect their eID solutions, which are so far all proprietary with the main one owned by the big banks, and the government has so for shown little understanding of the problem with that. There is an opening in the fact that the framework in principle allows a FLOSS system to exist, but there is no initiative from the government to create such a FLOSS system. So it seems someone else will have to do it, which is what the project I linked to is about.
If in the Netherlands you have government people saying that eID systems should be FLOSS, then that is fantastic and we need to get Swedish politicians to talk to them and learn from them right away!