The below is a letter I have just e-mailed to my MP, the Liberal Democrat Stephen Lloyd, as a response to the recent response from HM Government to a petition regarding the continued use of IE6. I think this is an important issue, and one to which the current response is insufficient.
I am writing to you about something which is rather technical, but I hope to do so without too much impenetrable technical detail. It is a question of software upgrades – specifically, the reliance of many government departments on the 9-year-old web browser, Internet Explorer 6. This may seem a rather specific and specialist issue, but in a world where technology, and the internet in particular, are so important, the attitude of government to progress and new challenges is of vital importance to the country.
A recent petition on the Number 10 e-petitions website raised the issue of government departments upgrading away from this ageng software, both as an end in itself, and as an encouragement to the rest of the country, and ultimately other countries, to follow suit. A response from HM Government has now been published, effectively declining to take any action on the issue. As a professional Web Developer, this troubles me, because this is not an issue which should be lightly dismissed.
I am therefore writing to you in the hope of putting pressure on the relevant arms of Government to formulate a more comprehensive strategy for dealing with this issue.
The petition highlighted two key points: firstly, that Internet Explorer 6, originally released in 2001, is vulnerable to many complex threats that have emerged in the intervening years; and secondly, that supporting such ageing technology is complex and costly for those attempting to create effective websites almost a decade later.
On security, the response contains the following sentence: “There is no evidence that upgrading away from the latest fully patched versions of Internet Explorer to other browsers will make users more secure.” Let us be clear that no copy of Internet Explorer 6, however often security patches are applied, can be described as the “latest version”, since Internet Explorer 7 was released in 2006. Nor is it relevant whether Internet Explorer, in general, is more vulnerable than other browsers. The argument presented is at best an over-statement: security patches from Microsoft, and “other measures, such as firewalls and malware scanning software”, may be a cost-effective way of reducing risk, but “patched software” is just that, and will never be as secure as modern software that has been designed with protection from modern threats in mind.
But from a professional point of view, the issue of having to support this old version in development – which is not addressed in the response – is more relevant to me. Now, 9 years doesn’t sound all that long, and you may be thinking “oh, we’re always being told to upgrade to the latest fancy version”; but go back 9 years further, to 1992, and the World Wide Web didn’t even exist. Remarkably, back in 2001, Internet Explorer 6 already had most of the technologies required to display modern websites; it is possible to build a modern website that supports it – but it is not easy.
All software has bugs, both small and large, and this is why users are bombarded with updated versions. The problem is that for various reasons Microsoft effectively stopped development of Internet Explorer for several years, meaning that there was no version 6.1 or 6.5 to fix the most obvious bugs, and by the time version 7 came along, upgrading was no longer a simple matter.
The bugs in Internet Explorer 6 are not trivial – to give just one example, in some situations, a random section of a webpage will be duplicated somewhere else on the screen, rendering a site unusable; workarounds are possible, but complex and unreliable.
The need to support Internet Explorer 6 carries significant financial costs. In one recent project at the company I work for, it was estimated that a new website took 3 days to build, including support for all modern browsers, but it took a further day of development to support Internet Explorer 6. For this reason, major companies are now dropping support for Internet Explorer 6 from their web applications – including Google and Microsoft themselves. These costs must also be reflected in the cost to tax-payers of government web projects, which are presumably unable to drop support in this way as long as their own employees are unable to upgrade.
The counter-argument generally supplied is that internal web applications have been built with Internet Explorer 6 in mind, and may require costly testing and upgrades to work in other browsers, or more recent versions. There is a cautionary tale here already, which is worth highlighting – what measures are in place to avoid future systems being locked into a particular platform in a similar way?
But even accepting the current situation, as we must, this is not an end to the discussion. Firstly, Microsoft have agreed, under pressure, to continue supporting Internet Explorer 6 until 2014; organizations relying on it therefore have 4 years to migrate to a more modern platform before even the current level of security patches is abandoned. Secondly, users in those organizations are increasingly being disadvantaged if they are forced to use this browser for accessing external resources, as well as the legacy applications for which it is required.
Her Majesty’s Government, and any other organization in a similar position, therefore has several questions to answer, none of which are covered by the recent statement:
- What is the medium-term strategy for testing and upgrading legacy web applications to run on modern platforms?
- What provisions are being made for running new systems alongside these legacy applications, and avoiding the cost of writing new applications which support Internet Explorer 6?
- What provisions are being made for employees to access external web applications which do not support Internet Explorer 6? While it is not generally possible to run multiple versions of Internet Explorer on one computer, an organization could decide to support a different browser, such as Mozilla Firefox, or Google Chrome, relying on Internet Explorer 6 only for those applications which require it.
Thank you for taking the time to consider this matter.
Update – Response from Stephen Lloyd
Last week, I received through the post this very positive response from Stephen Lloyd MP, dated 11 August 2010:
Dear Mr Collins,
Thank you for your email concerning obsolete software in the government’s IT infrastructure.
I can fully appreciate that a nine year old browser is truly ancient in the world of computers. Just as the government and its policies should evolve with the times, so should its tools of administration and implementation. The failure to update this archaic system reflects a poor comprehension of the imperatives of the digital era and its continually changing nature.
I have therefore written to the minister with responsibility for this matter. the Rt Hon. Francis Maude MP, Minister for the Cabinet Office and Paymaster General, to relay your points and request action. Please find a copy of this letter enclosed.1
If there is any other matter that I can be of assistance to you with, do please get in touch.
With best wishes,
Stephen Lloyd MP
Eastbourne and Willingdon Constituency
- Unfortunately, I did not find a copy enclosed, presumably due to an oversight by a member of Mr Lloyd’s staff. [↩]