Feeds

MS-built UK ‘Government Gateway’ locks out non-MS browsers

Users need to be totally certified, it says here (nearly)

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Updated Predictably, Microsoft's 'help' in turning "Britain's e-government vision into a reality" has mysteriously turned into a lockout for users of anything other than IE on Windows. Linux, Netscape and Mac (even with IE, friends...) can look but not touch, because the digital certificate system selected by the developers mysteriously always seems to lead to IE 5.01 or above on Windows.

The developer is, ahem, Microsoft, and the site in question, gateway.gov.uk, is intended to be the portal that acts as "the centralised registration service for all e-Government services in the United Kingdom." Microsoft announced this one in March with much ballyhoo - as well it might. The portal is a core part of the Blair government's ambition to put 100 per cent of government services online by 2005, so this is big bucks.

A detailed investigation carried out by UK magazine Linuxuser* (low bandwidth text version here)
and appearing in a forthcoming issue notes that in some cases non-Microsoft browsers are simply refused entry. This may however have been an early design feature that has now been edited out; we checked it with Netscape 6 on Windows, and got in without trouble. But we've also heard from people who couldn't get in with 6, and earlier versions of Netscape, Opera (even 5.11 pretending to be IE) don't work. We've got one Mac user saying he got in with IE 5 - we don't know how either.

Whatever, the more serious blockages go further than mere version checking, and the site shamelessly admits to them.

"Please note that if you wish to enrol for services that require a digital certificate, you may not be able to use the full range of browsers listed above. For example, Equifax certificates can currently only be used with Internet Explorer 5.01 or later (they do not work on any version of the Netscape browser); ChamberSign certificates can be used with both Nestcape Navigator and Internet Explorer, except they are not currently supported on version 6 of the Netscape browser. Please check your certificate provider's web site for more information about which browsers they support."

The Government Gateway site currently uses certificates from Equifax and ChamberSign, and these don't work with the Mac either. The site is silent on Opera, Mozilla, Linux et al, but one suspects... The Government Gateway doesn't exactly have much up on it at the moment, but the likelihood is that although simple registration by user name and password will give you access to some information services, all of the transactional ones will require use of certificates.

The one service available for individuals, electronic filing of tax returns, certainly does, so effectively only Windows/IE users can currently use it. UK.gov seems to have swallowed the Microsoft pitch whole; according to Linuxuser, the explanation given is that "other browsers do not give proper support for SSL and digital certificates."

But the magazine goes on to point out that this is untrue, giving a detailed explanation of how server-authenticated HTTPS services can be provided with standards-compliant browsers. "The problem with authentication is not the certification as such, but the proprietary PKI software... [which] has the effect of tying the end user into a specific technology that is apparently available only to Microsoft clients."

According to Register sources, there's a sorry tale behind all of this. About a year ago the Blair government was determined to embark on a love affair with Bill and his merry men, and it began to be made clear to the techies (many of them Linux lovers) on government staff that further mention of the L-word would likely be career-threatening. Many of the sites produced prior to the great Government Gateway project were indeed Linux-based, but this would cease.

The CCTA, which was responsible for these atrocities, became a part of the Office of Government Commerce on 1st April this year, and the well-regarded open.gov.uk, whose demise was announced a few weeks later, reverses into ukonline.gov.uk from the 1st July. This is "part of a planned transition from OGC to Office of the e-Envoy," which is the Microsoft-friendly department responsible for commissioning gateway.gov.uk. You may be starting to detect a pattern here.

Microsoft made its big announcement in late March, but the project itself had been in its hands since November. It uses ".NET Enterprise Servers" (we think this is something the marketing people made up), but the actual guts are listed thus: "Microsoft Consulting Services built this solution on top of Windows 2000 Advanced Server using BizTalk Server 2000, SQL Server 2000, Internet Security and Acceleration Server 2000, Application Center 2000, and Commerce Server 2000." It's claimed to be the largest BizTalk Server implementation to date.

The British government would no doubt have us believe that all of this has been happening in accordance with the long range plan, which goes back to 1999 and beyond. Microsoft doesn't seem to have been tactless enough to contradict this, but one of the other lucky winners, Dell, has. If you look here, you'll find a yummy .pdf case study which claims that "in order to meet the British government's target date... Dell and Microsoft worked feverishly to meet a blistering three-week rollout schedule for the first phase." Dell UK account director Michael Brown also reveals how the company cunningly rounded up Pentium III Xeons from all of its factories and shipped them to Limerick, thus becoming the only company capable of delivering for Tony during the shortage. This tale may amuse Dell customers who were trying to get hold of PIII Xeon systems last winter.

But why the rush? Again, it's ever-helpful Dell that tells us that although work on the project had started last June, "the original vendor withdrew from the project four months later." Coyness does set in now, but The Register is able to tell you that the original vendor was Compaq. The precise kit, reason for 'withdrawal' and projected OS we don't know, but somebody'll tell us, and the timing does seem to match the banning of Linux and the onset of the Redmond love affair.

But where will it all lead? It's possibly worth remembering at this juncture that Mr Tony himself is a complete, self-confessed and unabashed technoklutz. He is, furthermore, total jail-bait when it comes to photo-opps with the rich and famous. Which is a disastrous and expensive combination when it runs up against Bill Gates at the head of Microsoft's government sales Spetsnaz.

They pitched it, he bought it, we're stitched, and left pining for those positively geeky politicians that seem to be in such abundant surplus just across the Channel... &reg:

* Because of the high level of interest in the piece, Linuxuser has posted a proof copy. The printed edition is scheduled to be available in about a week's time.

Related Stories

UK Govt shuts e-govt portal
Microsoft's UK e-govt service unveiled

Secure remote control for conventional and virtual desktops

More from The Register

next story
Microsoft to bake Skype into IE, without plugins
Redmond thinks the Object Real-Time Communications API for WebRTC is ready to roll
Mozilla: Spidermonkey ATE Apple's JavaScriptCore, THRASHED Google V8
Moz man claims the win on rivals' own benchmarks
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
Apple's OS X Yosemite slurps UNSAVED docs into iCloud
Docs, email contacts... shhhlooop, up it goes
Was ist das? Eine neue Suse Linux Enterprise? Ausgezeichnet!
Version 12 first major-number Suse release since 2009
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.