German Lawyers Call For Their Profession's Bug-Ridden, Soon-To-Be Mandatory, Email System To Be Open Sourced
from the public-trust,-public-code dept
Given the sensitive nature of their work, lawyers need to take particular care when communicating online. One way to address this — quite reasonable, in theory — is to create a dedicated system with strong security built in. That’s the route being taken by Germany’s Federal Bar Association (Bundesrechtsanwaltskammer — BRAK) with its “besondere elektronisches Anwaltspostfach” (special electronic mailbox for lawyers, or beA). However, the reality has not matched the theory, and beA has been plagued with serious security problems. As a post on the Free Software Foundation Europe (FSFE) site explains (original in German)
Numerous scandals and a questionable understanding of security characterize the project, which has been in development for several years. Lawyers should have been reachable through this software since January 1, 2018, but numerous known vulnerabilities have prevented the planned start of the service.
Although a security audit was commissioned and carried out in 2015, its scope and results have not been published to date; the full extent of the faulty programming became known only at the end of 2017. Thus the project, which has cost lawyers so far about 38 million euros, has already lost people’s trust. In view of the numerous errors, the confidentiality of the sent messages can no longer be guaranteed — and this is for software whose use from 2022 onwards becomes mandatory for all court documentation traffic.
Because of the continuing lack of transparency about the evident problems with the project, a number of German lawyers are supporting a petition that asks for an alternative approach, reported here by the Open Source Observatory:
The petition calls on Germany’s Bundesrechtsanwaltskammer (Federal Bar Association, or BRAK) to publish the beA software under a free and open source software licence and open the software development process. “Only in this way can it slowly restore the trust of the users — all lawyers, authorities and courts,” the petition says.
As the petition notes (original in German):
Disclosure of the program code allows independent IT professionals to report potential security vulnerabilities early on so that they can be fixed; it has been shown once more that keeping the source code secret, and carrying out the audits as agreed in the contract [for creating the beA system] does not lead to the desired result. Free software also guarantees much-needed manufacturer independence.
Over and above the increased transparency that open-sourcing the beA code would bring, and the hope that this would allow security issues to be caught earlier, there is another good reason why the German system for lawyers should be released as free software. Since it will perform a key service for the public, it is only right for representatives of the German public to be able to confirm its trustworthiness. This is part of a larger campaign by the FSFE called “Public Money, Public Code“, which Techdirt wrote about last year. Unfortunately, what ought to be a pretty uncontroversial idea still has a long way to go, as the painful beA saga demonstrates.