The government has said it will not upgrade its departments’ computers from Microsoft Internet Explorer 6 because it would not be ‘cost-effective’.
This was in spite of an online petition posted to Number10.gov.uk earlier this year. It received 6,223 signatures that called for the "Prime Minister to encourage government departments to upgrade away from Internet Explorer 6" due to its alleged vulnerability to attack, and because it requires web developers to specially craft sites to support the browser.
Rather than abandon IE6 entirely, Dan Frydman, the petition's creator and managing director of web design firm Inigo Media, suggested that government allow its staff to install and run alternate browsers. Inside the organisation, they would use IE6, but they would be allowed to access external sites with a different browser, such as IE8, Firefox, Safari, Chrome or Opera.
However, the government insisted that regularly patching and updating the IE6 browser would be sufficient.
In a statement responding to the petition on 30 July, the government said: “It is not straightforward for government departments to upgrade IE versions on their systems. Upgrading these systems to IE8 can be a very large operation, taking weeks to test and roll out to all users. To test all the web applications currently used by government departments can take months at significant potential cost to the taxpayer.
“It is therefore more cost-effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector internet users.”
It added: “There is no evidence that upgrading away from the latest fully-patched versions of Internet Explorer to other browsers will make users more secure.”
Frydman said that the UK government should follow the example of the German and French governments, which have encouraged people to upgrade from IE6.
On his blog, Frydman said he was “disappointed” by the government’s response.
“What I was looking for was a recommendation to upgrade away from IE6. A recommendation isn’t hard, it’s cheap and easy and isn’t an admission of guilt. It puts the onus on the government departments to modernise, to innovate and to take care of their own.
“There’s not much we can do now and I’m sorry to sound defeatist, but in the short term that’s it. Realism
tells me that this is all based on cost, not on security or whether the government wants to make web designers or developers happy," he said.
However, speaking to CIO sister titel ComputerworldUK today, Frydman said that responses to his blog have encouraged to pursue the matter further, possibly with the help of an MP.
"It's an opportunity to crowdsource a response to see whether something can be done and to look at which government departments have a plan to do something," he said.
Calls for IE6's demise have been ongoing for at least a year, but intensified particularly as Google announced that it would stop supporting IE6 on Google Docs from 1 March, after Chinese hackers broke into the company’s corporate network by exploiting an IE6 vulnerability.
The search giant also said it would drop support for the nearly-nine-year-old browser as an editing tool for Google Sites.
The anti-IE6 momentum has also been fueled by attacks that struck Google, Adobe and dozens of other companies. Those attacks, which in Google's case successfully infiltrated the corporate network and made off with company secrets, exploited a then-unpatched vulnerability in IE6.