Two Members of Parliament Ask for Transparency in the "Open Bar" Agreement between the Ministry of Defense and Microsoft
Two members of Parliament, Isabelle Attard, unlisted deputy from Calvados, and Joelle Garriaud-Maylam, right-wing senator for French citizens living outside of France, from two different chambers and political affiliations, asked the minister of Defense, Jean-Yves Le Drian - in writing - about the "Open Bar" agreement binding the ministry of Defense to Microsoft since 2009.
See below for our translations of these questions.
A segment of the October 18th, 2016, episode of the French television show Cash Investigation covered the "Open Bar" agreement between the ministry of Defense and Microsoft. April had then published a summary of the case (in French). The television show introduced the general public to the contradictions and the lack of transparency of the ministry of Defense around this contract, and presented new elements of the case. Elements that prompted the two representatives to ask the Defense minister for more transparency.
Isabelle Attard, after a first written question in 2013, that has yet to be answered, now asks the minister through her written question (n° 101223) published December 13th, 2016, about "the content and subject matter of the 'security agreement' between France and Microsoft". She worries that "French digital sovereignty depends mainly on the the good faith" of the American company even though the National Security Agency "systematically implements backdoors in software products".
April had also requested the publication of this "security agreement" (in French).
In 2014, Joëlle Garriaud-Maylam had already asked the minister about the risks in terms of loss of sovereignty. In her new written question (n° 24267), published December 8th, 2016, she points out the falsehoods in the ministerial response, especially regarding "cost-efficiency". She recalls that "the only option that was advised against was the one that was in the end chosen", according to the director of the comittee of experts tasked with analyzing different options, as he was quoted in the television show Cash Investigation. She also notes that the rapporteur for the state public-procurement commission had raised serious doubts and questions (in French) about this contrat. The senator thus asks that "that detailed information be provided regarding both how this contract was agreed upon and what was behind the initial decision to choose the so-called open bar agreement despite these contradictory opinions". She stresses the importance of answering these questions considering that the contract expires in 2017 and therefore risks being renewed.
These same questions had led April to ask for the creation of a Parliamentary inquiry comittee (in French).
We wish that the minister of Defense break his silence and publicly share the reasons why France entered and renewed such an "Open Bar" agreement, despite the strong rationale against signing it.
Hereafter April's translations of the two written questions :
Question n° 101223 of Isabelle Attard, published December 13, 2016 :
Isabelle Attard asks the the minister of Defense about the content and subject matter of the "security agreement" between France and Microsoft.
In the episode of the television show Cash Investigation, aired October 18th, 2016, the director of public affairs for the French branch of the American giant announced that "the French State [had] a deal with Microsoft to benefit from all technical and safety informations on the software they use". The deputy would like to know what Microsoft's obligations are, how this deal ensures that all security flaws are reported without delay, and what the efficiency of the fixes is. Furthermore, if France were to know about security flaws that could be used for spying on French citizens using Microsoft software, it ought to be it's duty to be make sure that these security flaws are fixed as soon as possible. Isabelle Attard would like to know if this deal takes this issue into account. Guillaume Poupard, director of the National Agency for the Safety of Information Systems ("ANSSI" in French), expressed himself after the airing of the episode of Cash Investigation regarding the existence and content of such a deal. Isabelle Attard considers his answers unsatisfactory given what is at stake. She wonders about the efficiency of a "weakly binding" deal and worries that the safety of the National Defense's information systems are being balanced against the private interest of a foreign company.
These issues would not have to be considered if free software, which does not rely on the confidentiality of its source code, were being used. She stresses that even if computer security obviously cannot be limited merely to the use of free software, free software is still an effective and key component. She also points out that, in a 2008 report, a comittee of military experts mandated to study the "Open Bar" agreement warned that "all American products must be approved by the National Security Agency (NSA) for exportation". The NSA systematically implements backdoors into software products. An information system mainly based on American products like Microsoft would be vulnerable because it could fall victim, in its entirety, to an NSA intrusion. She is thus concerned that French digital sovereignty depends mainly on the the good faith of a foreign company cooperating, willingly or not, with the intelligence services of that country1.
For all these reasons, she considers that it is the duty of the minister of Defense to be as transparent as possible on this matter, and she asks him to communicate the substance of this deal as soon as possible.
Question n° 24267 of Joëlle Garriaud-Maylam, published December 8, 2016 :
Joëlle Garriaud-Maylam asks the minister of Defense about the circumstances that led to the signature of a framework agreement with Microsoft, the so-called "Open Bar agreement".
She notes that one of the main arguments for the renewal of this agreement was cost effectiveness; however, it would seem that the costs rose from 80 million euros for the 1st contractual period to nearly 120 million euros for the second, a rise of about 50 percent. She would like to know why, for the first "Open Bar" agreement, "the only option that was advised against was the one that was in the end chosen," in the words of the director of the comittee of experts mandated to analyze different options. Finally, she wonders why the answer to the aforementioned written question explains that "the opinion of the state public procurement commission was favorable", even though the commission's rapporteur had had questions and expressed strong reservations to the commission in the preparatory document for this opinion (CMPE n° 08-0179).
The senator thus asks that detailed information be provided regarding both how this contract was agreed upon and on what was behind the initial decision to choose the so-called open bar agreement despite these contradictory opinions, and this before any potential renewal of the contract in 2017.
The original "written question" read ; "the intelligence services of France". It was however a mistake confirmed by the team of the deputy