In a move to enhance transparency and promote an open government, the Dutch Ministry of the Interior and Kingdom Relations has released the second part of DigiD’s app Source Code. This decision follows a request made under the Open Government Act (Woo) in 2022, aiming to make the inner workings of the DigiD system available to the public.
The first segment of the source code, covering the DigiD apps for mobile platforms, was previously released on January 16, 2023. With the recent decision dated May 15, 2024, the government has now published the second part, which includes the underlying software of the DigiD system. The source code can be accessed via the Ministry’s GitHub repository.
Careful and Controlled Publication
Logius, the digital government service, has taken meticulous steps to ensure the safe and responsible release of the DigiD source code. Before making it public, an external organization conducted an extensive study to evaluate any potential risks. This careful approach ensures that the use of DigiD remains secure and reliable for all users.
Interestingly enough, the government explains their methodology on what part of the source code to release:
“The BSNk (security standards) encryption component, specially made HSM (Hardware Security Module) components, and CI/CD configurations for automated testing I do not make public at all, because this information concerns the functioning of the State or other governments (potentially) endangering. The same applies to some parts of the source code, which are marked with the letter ‘S’ (security risk). I find that this interest must outweigh the interest of disclosure, because disclosure of this information (such as keys, passwords, and URLs with sensitive information) affects the DigiD service. From this information, insights can be gained regarding the technical operation, systems, internal functioning of the infrastructure, and configuration of DigiD. Security types and measures can be derived from this, which can be used to attack DigiD. This endangers the continuity of the DigiD service.”
The publication of the source code aligns with the government's commitment to transparency as outlined in the Digitalisation Work Agenda of State Secretary Van Huffelen (updated). The agenda underscores the importance of transparency and security in digital government initiatives, including the software developed by the government.
Transparency and Security
The disclosure of the DigiD source code represents a significant step towards a more transparent government. By making the code available, the government allows for greater public scrutiny and fosters trust in its digital services. The source code release is a snapshot, providing a detailed look at the state of the software at a specific point in time.
The government remains dedicated to maintaining the security and integrity of DigiD, ensuring it remains a safe and reliable tool for all citizens. This balance between transparency and security is crucial for the ongoing trust and effectiveness of digital government services.
Photo by CardMapr.nl on Unsplash