Back in May, us Brits ‘elected’ a new government (in so far as the party with the most votes and the party that came third formed a coalition government). Despite it not being led by the party previously in power, it appears at least part of their IT strategy hasn’t changed.
Under the previous government, an official petitions site was set up and any petition which gained 500 or more signatures would gain a government response. The site is presently closed, with a vague promise of something similar being introduced later this year.
I signed a petition to phase out the use of Internet Explorer 6 on government computers. IE6, as you may recall, was first released in 2001 and has not seen any changes, bar security fixes, since 2004. It was superseded by IE7 in late 2006 and again by IE8 last year – both of which are available as upgrades for those still on Windows XP, which I assume the government is using. Of course, Windows Vista and 7 ship with IE7 and IE8 respectively.
Anyhow, the reason for signing the petition was two-fold:
- Newer versions of Internet Explorer have better security, especially on Windows Vista and Windows 7 where the IE processes are sandboxed; should a security vulnerability be exploited, its impact on the rest of the system should be reduced. While a fully-patched IE6 will be more secure than an un-patched IE7, I have no doubt that IE7 with all security patches will be less prone to exploitation.
Unfortunately, the government seem to be unwilling to move from their support for IE6. In their response, they say there is ‘no evidence that upgrading away from the latest fully patched versions of Internet Explorer to other browsers will make users more secure’. This is at odds with the reports from just about any security research organisation.
IE6 will still be supported by Microsoft until 2014, when Windows XP also reaches the end of its life. Sooner or later any government system will have to be updated. While the government may say that there is a high cost to the taxpayer involved in upgrading its systems, they are only postponing the inevitable. And there’s no guarantee that leaving any upgrades until 2-3 years time will make them any cheaper.
(Note: I work for a public sector organisation where IE7 has been the standard web browser since 2008, if not before)