Offerman Consulting
spacer Zone

LocalBox: secure file storing and sharing for public servants and citizens

Author: Adrian Offerman

Case Abstract

Six Dutch public agencies have developed an alternative to cloud-based services for file storage and sharing. LocalBox software allows agencies to set up local systems for public servants as well as citizens to use. Confidentiality is protected by end-to-end encryption and publication under an open source software license.

Case Description

LocalBox is a software package that offers file storage and sharing functionality. It allows public agencies to set up a cryptographically protected local alternative to cloud-based services like Dropbox, Google Drive, OneDrive and WeTransfer.

The software has been developed jointly by six Dutch public agencies. It consists of a Linux server and clients for Android, iOS and Windows. It is currently being tested in pilots at about a dozen public agencies and at some service providers. The makers hope to perform a rewrite of the code this year, followed by an audit, after which LocalBox will be published as open source.

Current work revolves around the governance of the LocalBox project, e.g. securing continuity and organising a community, allowing the software to grow into a mature solution. Public agencies can deploy the software to provide secure file storing and sharing capabilities for both citizens and public servants.

Project Size and Implementation

The idea of a software application for storing and sharing files had been around longer at the Dutch House of Representatives (Tweede Kamer). The disclosures by Edward Snowden about mass surveillance and espionage gave this plan momentum. Popular cloud-based services like Dropbox, Google Drive, OneDrive and WeTransfer are not suitable for storing and exchanging government files for security, privacy, legal and jurisdictional reasons. The level of risk involved with the use of these services was found to be unacceptable.

In 2012, Ruud Vriens, a consultant at the Bureau for Information Management and Projects (Bureau IP) of the House of Representatives, Security Officer Marcus Bremer, and the Court of Audit (Algemene Rekenkamer) got together to define requirements for a solution that could be installed as a local service. Open source was not an explicit requirement, says Vriens, but it followed naturally from the need for openness to review and audit the code. The other most important requirement was the use of end-to-end encryption, hiding the content of the files from the service provider.

Open code is the only way to guarantee that there are no improper things hidden in the software, says Bremer. Anyone can at any moment have an audit done or review the code for quality. Furthermore, it shows how the software is built and where functionality and usability can be improved.

End-to-end security means that the encryption starts and ends on the device. That's the only way to guarantee the confidentiality and integrity of the data to the sharing parties.

From Scratch

The next step was to find out what open source software was already available and whether it matched the requirements, either as a ready-to-use package or as a starting point for development. ownCloud and Seafile are the solutions that seem to match requirements for governmental use the best — the former being a file storage platform with a lot of modules available to extend its functionality, the latter specifically focusing on storing and synchronising files.

In 2012, these packages were not where they are today, says Vriens. We looked at several of them but decided it was better to start from scratch. Three Dutch public agencies participated at this stage to develop a proof-of-concept: the Tax and Customs Administration (Belastingdienst), the Council of State (Raad van State), and the Employee Insurance Agency (UWV) — the latter being less involved these days. These three participated in the development of the software, either by contributing money for external developers or by making programming capacity available. The apps for Android and iOS, for example, are being developed and maintained by the tax office, while the Windows synchronisation is done by the Council of State. All in all, the investment in this project amounts to several hundred thousand euros.

In addition to the parties already mentioned, two Dutch ministries have joined the core team of the LocalBox project:

Impact, Innovation and Results

After completing the apps and Windows synchronisation at the end of 2013, the LocalBox software was ready for testing. Currently, about a dozen public agencies and some service providers have deployed the system as a pilot. The software can connect to Pleio, the Dutch community platform for public servants, so existing accounts can also be used to access a LocalBox system. This allows public servants to immediately start using a LocalBox service. According to Vriens, in the future the software will also feature a connector for DigiD, the identity management platform for Dutch citizens, allowing them also to use the LocalBox sites. Supporting these connectors solves the key distribution problem: there is no need for users to be re-authenticated before they can access the system.

Last year, the LocalBox software underwent two audits. The Dutch General Intelligence and Security Service (AIVD) concluded that the software design was not up to par and that the project needed governance. Another code audit requested by the Dutch Centre for Information Security and Privacy Protection (CIP) and performed by the Employee Insurance Agency was aborted, because the code needed qualitative improvements first.

Deployment

According to Vriens, the software can already be deployed and used, but requires additional work. In September 2014, an audit on the server code was carried out through the Employee Insurance Agency. At the same time, we received the first bug reports. In the course of this year, we want to rewrite the back-end and have it audited again. The current software code is based on Symphony, a PHP web application framework. That was fine for the proof-of-concept stage, but now we want to remove it from the code base. We may even switch to another programming language. If this really takes off, this might be our last opportunity to lift the software design to a higher level. Since the API (Application Programming Interface) remains the same, such a move would not affect the clients. Subsequently, we will give the apps another update. The latest versions of these were just published. Both the Android and iOS app should be available from the Google and Apple app stores anytime now.

Users should be able to create a secure set-up using the guidelines and help files we provide with the software, Bremer says. Furthermore, organisations should have requirements and policies for the deployment and interconnection of packages like this, i.e. an architecture and a security management system like ISO 27001. Like any other application, the secure deployment of LocalBox depends on the correct set-up and the quality of the entire security chain. We provide installation scripts and documents and there is an RPM package available, so the deployment of LocalBox should not be a problem to a UNIX system manager. Furthermore, we have made the software reasonably fool-proof by hiding most of the configuration and key management from the user.

Governance

According to Vriens, the new software will be published as open source under the European Union Public Licence (EUPL), probably in the Joinup repository (OSOR). A collaborative code sharing model, where everyone contributes, allows you to develop the software while at the same time sharing costs.

It would be great if LocalBox would evolve into a dedicated security solution that can be used by governments, citizens and others. We are currently organising the governance for this project, i.e. how to secure continuity, how to organise a user and developer community, and how to turn this into an affordable solution. We will have to find resources for the code audit. And we would like to able to give presentations, organise a yearly LocalBox day, and maybe even a hackaton. All of this is currently being researched.

According to Vriens, there's already interest in this project from other countries, for example from the German Ministry of Defence and the Centre for Maritime Research and Experimentation (CRME). We are open to participation from others.