How Linux reads your fingerprints, helps national security

Open government
Gunnar Hellekson is a fan of "agile IT". And Linux of course.

Gunnar Hellekson has many awesome-sounding job titles.

He's the chief technology strategist for Red Hat's US Public Sector group, where he works with government departments to show them how open source can meet their needs, and with systems integrators to show them what they can do to provide the government with what it needs.

He's co-chair of Open Source for America, which campaigns for software that has been funded by the tax-payer to be open sourced, so that all Americans can benefit from it. He's also on the boards of the Military Open Source Working Group, Civic Commons and the SIIA Software Division.

He's a clever chap with the ear of some pretty influential people, so we sar down with him for a chat.

Linux Format: First thing: Is the US government in favour of open source, or does it see it as stealing food from Microsoft's children?

Gunnar Hellekson: The government was actually an early user of open source, going back to 1978. You had the US government funding the development of things like the BSD TCP/IP stack; the ping tool was developed by the army research lab, and at some point in the 90s people started to wonder more, look more carefully at open source; and the government started passing rules like the Clinger-Cohen Act of 1996, which formalised the rules around IP acquisition. Suddenly, there were rules, which meant that there were concerns about whether people were following the rules or not.

When we had no rules, open source made sense. When the rules came in, people started to ask: "Wait, can we do open source?" And it wasn't until about 2003–4, when the Department of Defense [DOD] and the Office of Management and Budget said: "Actually, open source is fine. Don't worry about it, open source is just like any commercial software licence."

The irony of this is that while the slow gears of policy were moving, the Department of Energy and DOD, and the NSA [the National Security Agency] were all releasing source code out to the public, uninterrupted. So to say that the government has one position or another on open source is not only inaccurate, but it's impossible to describe, because the government is 12 million people. Some of them are great open source advocates and some of them aren't.

LXF: Didn't the NSA come up with SELinux, which is in the kernel now?

GH: Security Enhanced Linux, in 2001. And the reason why they did that is the classic story, right? They did it for a number of reasons. First, they wanted to relieve themselves of the technical debt of having developed the technology. If they had developed it and kept it to themselves, only they could have maintained it, and that's expensive.

So by putting it out to the open source community, into the Linux kernel, they could get some help, which was nice for them.

More importantly, the part of the mission that everyone forgets is that the NSA is also responsible for protecting the country's information infrastructure and making commercial products more secure. And so by making SELinux highly available – it's in every copy of Linux – it's actually improved the overall security of the country. So there were a bunch of reasons to do it.

LXF: What does your role with Red Hat entail? Are you trying to push this agenda to various government departments?

GH: In part, that's what it is. The best way to describe my job is telling the government what's happening in open source, and telling open source communities what the government is after.

LXF: Right, kind of like a community manager for those 12 million people who work in government?