Much has been said about the complex geopolitical situation, technological independence and even digital sovereignty. However, the software has been left out of public debate. Today we live in digital societies whose dependence on third parties at the level of technology is increasingly greater, while the decision-making capacity of people, companies and States is increasingly less.
We have no control of the software that drives our societywhether at a private or public level. The latest Eurostack analysis brings out the colors of Europe and Spain in particular.
We find ourselves in a situation of dependence on third parties at different levels, including cloud services, where the personal data of any of us is managed, and artificial intelligence, which exposes data and advises with biases.
Let us not forget in all this context that the software has biases that may have been added inadvertently or intentionally.
We need to take back control of the software that governs our daily lives. Again referring to Eurostack, it seems that only the United States and China are prepared to be truly independent at any given time, so their ability to make decisions and face changes is greater than the rest.
This technological dependence is what is generating a new wave of legislation on digital services in Europe to be able, this time, to defend itself in time and regulate third-party services that can be used within Europe under clear rules.
Even so, geopolitical changes are forcing agreements that continue to undermine that decision-making capacity, while the bill for digital services continues to increase year after year. What should Europe’s response be?
Macbook
We have the economic power, the political (in)dependence, the industrial fabric and the necessary talent to carry out a process of generating autonomy and our own digital sovereignty.
Let’s start with the most critical spaces for a State, such as National Defense, and let’s also enter the spaces of people’s daily lives such as, for example, the software that manages our data in public administration.
There are a series of questions that we must always ask ourselves as citizens and that we must ask the public administrations and private entities that manage all our personal data, including health, tax data, professional data, etc.
Who manages this data?
How do you manage them?
Are our taxes being used efficiently?
Europe’s response to this phenomenon of rapid technological and digital evolution that we are experiencing must be aligned with the need for software development models compatible with the transparency of knowing what is developed, who develops it and when it was developed. Always including the possibility of being able to participate in that process if necessary and even take control at a given moment.
We must demand transparency to have visibility and understand what the algorithms decide and, if necessary, be able to improve and modify them. And we have to be able to reuse that software.
If we take this to the example of a tank, we assume that absolutely everything is known about any of its physical components, including its list of materials and the companies and individuals that were used for its construction.
Why doesn’t the same happen with the software that manages these defense systems?
Why don’t we know the list of software elements that third parties introduce into our critical systems?
The number of cyber attacks that States and the systems that manage public services continually receive is overwhelming. and it is increasing.
We are all aware of cyberattacks that put important services for citizens at risk. Part of the problem occurs because the systems are too complex and the list of components and digital dependencies is too large to know and manage effectively.
“We have the economic power, political independence, the industrial fabric and the necessary talent to carry out a process of generating autonomy and our own digital sovereignty”
This includes the inability to act appropriately when there is no due transparency in the management of that information. The average size of digital dependencies in large companies is usually around one hundred thousand components or third-party dependencies.
However, in most public administration bidding processes, what is received from suppliers is either a cloud service or an executable.
We have no ability to modify, improve, or even examine that code to see if there are security problems. The positive part of this discussion is that There is some room for hope.
According to various studies, any modern application contains software that comes from third parties. And specifically free software accounts for more than 80% of these modern applications.
This type of development – already mature in the industry in areas such as the cloud, artificial intelligence, operating systems or cryptography – is still incipient in other industries.
An example is Mercedes Benz, which announced that its car entertainment systems contain up to 3,000 different components that are free software.
This development model has its advantages, but also its drawbacks. Among the advantages, it stands out that all development is done openly and any public administration, company or entity can analyze who is behind it.
This includes analysis of what percentage of the code has been carried out by American, European, Chinese or Japanese companies. That is to say, What technological dependence does a State have on foreign developers. And, if that were the case, what would be the cost of not collaborating in that way.
The fact that everything is done openly allows us to carry out other types of analysis, including vulnerabilities in the source code, which allow us to better secure the digital supply chain, or generate risk models that allow us to better understand possible unexpected behaviors, including code audits to look for security problems.
Furthermore, this development model is not new. It has been in existence for more than 30 years, providing service and functioning perfectly in today’s industrial environment.
In fact, without free software, most of the services of any large company, including large American providers, would simply not exist or would be much more expensive. Free software flattens the curve of the cost of innovation and technology adoption.
On the other hand, from a development point of view, adopting free software without a clear strategy—for the simple fact that it is available, can be modified, redistributed and even commercialized—is a mistake.
At the level of public administration and other critical entities, their suppliers should be required to carry out a detailed analysis of their digital production chain and that said projects be maintained, updated and, if this is not the case, that they have risk management in accordance with it.
“Without free software, most of the services of any large company, including the large American providers, would simply not exist or would be much more expensive”
And let’s remember that most of the chain of digital dependencies is free software, which means that you can analyze who has done what, where and when. And this includes information on which companies, States and individuals have been involved in its development.
For all this, It is absolutely necessary for our public administrations to ask their suppliers for more rigor and to demand complete transparency.
If we also seek a certain technological independence as a State, it will be necessary for there to be other options at the software level and to avoid falling into monopolies.
The freedom to choose a supplier and technology is basic in many areas of our daily lives, but in this case we are tied hand and foot.
And the fact of going to free technologies does not mean that the same companies will not continue to be hired, if they offer a quality service, but it does imply that the decision-making capacity will be much greater.
It is in fact necessary to advance and educate management and management teams wherever possible about the different existing options and to bid with the intention of having more options on the table.
Free alternatives on the market with its commercial ecosystem exist. In fact, there is no law that forces public administrations to choose suppliers with certain characteristics.
Today free solutions provide important competitive advantages and independence. With all this, we will be able to increase the digital resilience of our public and private servicesthrough transparency, the use of appropriate technologies and being able to have more technological independence.
“The freedom to choose a supplier and technology is basic in many areas of our daily lives, but in this case we are tied hand and foot”
This work model not only covers software, we can also talk about collaboration, talent attraction, open science and models that allow faster knowledge sharing thanks to collaboration within Europe and with our neighbors.
The European Union has already taken action on the matter, including the generation of various legal frameworks to improve the cybersecurity of our devices (Cyber Resilience Act), the appropriate use of artificial intelligence (AI Act) or the future reform of public bidding rules.
These legal frameworks will be transferred to Spain, such as, for example, the CRA, which is expected to come into effect at the end of 2027. This will bring more transparency, by law, to the list of digital agencies.
Another notable example of the progress and sensitivity with this matter is the Digital Resilience Forum. An event that will take place at the Círculo de Bellas Artes, in Madrid, on October 29 of this year.
Various governments, including Germany, the United Kingdom, Ireland, the Netherlands or supranational entities such as the United Nations emerging technologies unit, will address the issue of digital resilience and technological independence, while seeking bases to collaborate in the future.
Free software and the need to secure the digital production chain has even reached geopolitics. There are already several articles published by the Elcano Royal Institute on the technological independence of the European Union and the role that free software has in it, whose author, by the way, will also be a participant in the Digital Resilience Forum.
The United Nations’ OSPO4Good initiative – the acronym OSPO means free software office – and the different initiatives to create such offices throughout Europe, currently non-existent in Spain, pose a first step to be able to deal with these problems and have talent specifically focused on this issue.
Much has been said about the existence or not of the famous F-35 button to turn off the systems at a given moment, or the dependence on artificial intelligence issues for Europe, as well as other technologies. Well, all that is software. And furthermore software over which we have no control because we do not know what is behind it.
Transparency and collaboration will be basic within Europe and, of course, with other third States. We cannot reinvent the wheel over and over again. Let’s use existing technology, but have enough independence and decision-making capacity to choose our own path.
***Juan Lobato is a senator and State Treasury technician.
***Daniel Izquierdo Cortázar is CEO at Bitergia and organizer of the Digital Resilience Forum.
The post European digital sovereignty? Its significance and its uncertainties appeared first on Veritas News.
