The Daily Record revealed on 24 July that guidelines which prevented UK secret service agencies spying on devolved governments, known as the Wilson Doctrine, had been scrapped, leaving the correspondence of politicians in the Scottish Parliament, as well as the Welsh and Northern Irish Assembly, open to being hacked.
This has placed urgent emphasis on finding a new solution to ensure Scottish data sovereignty. Even if the Wilson Doctrine was restored it would offer little protection, as it is not enforceable in law.
This paper looks at the implications of whistle-blower Edward Snowden’s revelations of the global nature of US and UK mass surveillance of innocent citizens and businesses. It looks at the case of spying on the Brazilian national oil company, Petrobas, and the response of the Brazilian government. It makes the case for the adoption by businesses and government of publicly auditable open source software to protect Scottish sovereignty, and argues that Scotland could quickly become a global leader in an emerging market for open source software.
The key recommendations of the paper are as follows:
1. A national open source transition plan with urgent attention given to infrastructure critical to national security.
2. Amend government procurement legislation to favour open source software, recognising that software code that is publicly auditable is more trustworthy and publishing code under open source licenses has substantial community benefit.
3. Pay for the open source licensing of existing software. Public sector bodies should, wherever possible, negotiate for existing third-party software to be relicensed as open source.
4. Amend Scottish Enterprise guidelines to better support open source software, including the commercialisation of open source and the development of innovative new user interfaces.
5. Recognise and invest in critical infrastructure by establishing a stream of grant funding for projects deemed critical to Scottish security, sovereignty and commerce.
6. All Scottish Government communications should be sent over encrypted channels, and encryption strongly encouraged in the private sector.DOWNLOAD