State Department apparat asks Clinton to let him use Firefox

Last week's Clinton town-hall with the State Department featured an apparat begging to be allowed to use Firefox:
MS. GREENBERG: Okay. Our next question comes from Jim Finkle:

Can you please let the staff use an alternative web browser called Firefox? I just - (applause) - I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn't use this browser. It was approved for the entire intelligence community, so I don't understand why State can't use it. It's a much safer program. Thank you. (Applause.)

SECRETARY CLINTON: Well, apparently, there's a lot of support for this suggestion. (Laughter.) I don't know the answer. Pat, do you know the answer? (Laughter.)

UNDER SECRETARY KENNEDY: The answer is at the moment, it's an expense question. We can -

QUESTION: It's free. (Laughter.)

Town Hall Meeting to Announce the Quadrennial Diplomacy and Development Review (QDDR) (via Memex 1.1)


  1. Their response was that it costs money to support and that again is a lie and an excuse by those who are uninformed and scared of open source software.

    Those who are in embedded positions and who only know how to support Microsoft products are very scared to support NON-Microsoft products and make any excuse they have to NOT to support them even if the product supports itself with automatic updates such as Firefox does.

    You can even enforce them to install the NoScript addon to make it even more secure than IE and train them in the usag of it but this person is obviously less knowledgable than the staff asking for Firefox.

  2. ow wow do we have some knuckleheads and ne’erdowells in the State Department… I suppose he would also think it a terribly expensive cost for people to use Skype also

  3. I think Kennedy was thinking “What’s Firefox?” as he was talking. It sounds like a standard response, since nobody likes to hear about the government spending needlessly. “What are they talking about? oh well say it’s too expensive, that’ll shut em up.”

  4. Why did you not quote the actual response to the question (included below)? The cost to install Firefox on a bunch of workstations is nothing. The cost to upgrade all the internal and vendor systems that are IE only? Who knows.

    Also, “Auto Update” is not something that is ever supported in large deployments. There is actual work involved in QA of patches before they can be rolled out. You might think this is silly, but how unacceptable would a department wide work stoppage be if someone rolled out a Firefox update that conflicted with how an internal system worked?

    UNDER SECRETARY KENNEDY: Nothing is free. (Laughter.) It’s a question of the resources to manage multiple systems. It is something we’re looking at. And thanks to the Secretary, there is a significant increase in the 2010 budget request that’s pending for what is called the Capital Investment Fund, by which we fund our information technology operations. With the Secretary’s continuing pushing, we’re hoping to get that increase in the Capital Investment Fund. And with those additional resources, we will be able to add multiple programs to it.

    Yes, you’re correct; it’s free, but it has to be administered, the patches have to be loaded. It may seem small, but when you’re running a worldwide operation and trying to push, as the Secretary rightly said, out FOBs and other devices, you’re caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can’t do everything at once.

  5. @Xeno : “Their response was that it costs money to support and that again is a lie”

    Ha. Hahaha. Hahahahahaha…

    As someone who has had to guide people from IE to Firefox (and worse, from OE to Thunderbird), I’ll tell you now that you’re simply wrong.

    Change, any change, costs money as the stupid, the difficult or the set in their ways stress, strop or complain their way through using any new software.

    Sure, there’s nothing here that suggests Jim Finkle wanted to force them to use FF, but any non-standardization causes a nervous breakdown in a certain type of user…

  6. Well, large corporations and government agencies have such strange policies or strange ignorance.

    I can’t forget one really big corporation (sorry – will not name it) that by had the opposite policy – the only allowed browser was Netscape !!!

    It would be OK, if it were not the time when Netscape was almost dead, and I can even name the problems and costs such decisions incurred.

    Seems that and such restriction or just ignorance, can cause big problems.

    In any ecosystem – the diversity is what makes it healthier. Needless to add more :-)

  7. Indeed, this habit of partial quoting to skew the quote has got to stop. It’s fine to bring it to our attention, but don’t selectively quote it so that they come off as anti-open source dumbasses.

    And shame on everyone who blindly replied without following the link.

    Actually the best tidbit is that a “Dr. Slaughter” is working with the Office of Religious Freedom.

  8. What a bunch of goofs (just being nice). I cant believe they don’t have some sort of IT person who can explain to them the advantages of Firefox. IE crashes on me quite often. I use Firefox 95% of the time with no problems. Maybe they think it is harder to get rid of their hidden secrets on Firefox. I had an engineer ask me how to delete the temporary internet files on Firefox because he was looking at porn on Firefox and he wasn’t familiar with it. There are some differences, but, like anything else, you just have to get familiar with it.

  9. pft. they make us run IE6 on win2k here at the office. not that i DO, but, you know. retards.

  10. I think the answer was fine. It does take resources to maintain Firefox, even if it is free. Particularly if they are going to take the time to lock down any security flaws, insure that urgent security updates are applied to all machines as fast as possible, and QA a list of permitted plug-ins.

    Probably most people here figure that they can just tell all employees to download FF if they want to, and not to do anything dumb. These people have never worked in large bureaucracies, where there are plenty of people who say “OOOOHHH! A plug-in that displays LOLCats every day!!! Download! What’s this about recording sessions and emailing keystrokes to a third-party server? Who cares! Legalese!”

  11. @#7 – sorry, but the very fact that something like the browser is under strict policies (justified by cost or not) is anti-productive.

    The cost is not the one thing only, as I said before – the organizations that do not allow to diversify their IT ecosystems by selection of browsers, OSes, mail clients etc – pay more in the long run. This is typical to IT in the web era – things you might (maybe) make uniform are no longer OS, broweser or mail client.

    Organizations that understand this are healthier, and in this fact I find more reasons for this post – not in the full (however true it could be) citation of the rest of the respone….

  12. @11. Yup. However, using firefox isn’t the issue. Its giving normal (l)users the ability to install whatever they want on the company/state computers on an internal network and expect things to not get messed up. Locking this down (not giving people admin/sudo rights) is a good thing, since not everybody understands computer security nor do they really understand system administration.

    A good compromise would be allow certain individuals that need the added functionality of installing applications to do so after doing some sort of certification. This way the beauro-cats are happy, and the techno-cats are happy.

  13. sopekmir: You forget that many of the employees of the State Department deal with sensitive data, some of it may be highly classified.

    The problem isn’t Firefox, the problem is always the user, using “password” as their password, IMing sensitive info over non-secure networks, downloading malware, whatever else. These problems are already a given and, while they are not increased by having Firefox per se, they are increased by suddenly giving employees access to tens of thousands of plug-ins to download, many of which may not even have been checked by Mozilla, let alone the State Department. The problems are also increased if security patches are not applied immediately.

    Not all organizations can have a completely Laissez-faire attitude towards employees and therir computers.

    That’s not to say that they shouldn’t have Firefox. Only that, contrary to what you say, strict policies do have to be in place whatever they use.

  14. First Energy is still using Windows 98 (at least here in Ohio). They apparently are buying new machines…and installing 98 on them. I don’t need to point out the problems with that, but apparently their reasoning is that they have old programs that can only be used on 98…

    1. They apparently are buying new machines…and installing 98 on them.

      I worked for a large institution that was using 3.0 in 1999. When they’re buying a license for 50,000 workstations, they save a fortune by buying ancient software.

  15. My wife was a contractor working for the State department and she wasn’t even allowed to change the resolution of her screen even though she is visually impaired. They keep those computers extremely locked down.

  16. Selective quoting demeans your argument by making it look like you have to use false spin to make your point.

  17. All quoting is selective, though: there’s no “non-fictive” quoting that’s completely shorn of the quoter’s use for and repurposing of the quoted material. The trick is to be, as you’re saying above, as rigorous (don’t cut too much) and clear (show what you’ve omitted or elided) and as “honest” to the intent of the original (quote in context, quote generously, quote in the spirit of the original) as possible.

    All language is spin.

  18. a) not everyone is a l33t computer sooperoozer like some of the commenters seem to assume, go to the DMV, those people behind the desk… government employees. any organization that is not focused on software/hardware development and has over a few hundred staffers will have employees that are nearly computer illiterate; and btw the problem users are the ones that think they know a thing or two.
    b) support for large numbers of users is a pain in the arse, the less variables the better. giving everyone admin rights would be a nightmare. unless of course you are ok with databases of SSNs getting swiped all the time. any large organization has data that needs to be kept protected, at the very least the personal information about its own staff.
    c) the stats of many machines used in the field would frighten most computer savy. really, if you knew how much RAM a lot of these computers run on… thus, adding an app with the memory leak issues of firefox to all machines on a network may be a bad idea until the budget is in place to upgrade all users.

  19. Count me in as one more tech-savvy reader disappointed in the misinformation that selective quoting causes (and the biased, pooh-poohing conspiracy theorists that it brings out of the woodwork).

    Cory, there’s a case to be made here that the security win of switching TO all firefox would ultimately be more cost-efficient than staying with IE, even though maintaining FF would indeed require a behind-the-scenes cost. You could have dealt with this appropriately and honestly, in other words, and still made the case for open-source over Microsoft.

    But seeing you take the easy/slimy way out is disappointing, and not up to your usual standards.

  20. I have begged our tech guy to let me run Firefox instead of IE on my work station, even if he wants to approve all addons before they get installed, and he kind of giggles at me. Of course, if I had his passwords, I could do 80% of his job myself.

  21. It [Firefox] may be approved for the intelligence community, but the intelligence community is Other People’s Secrets. The State Department has OUR secrets. If you put a /tape recorder/ next to a State Department computer, guys in badly-fitting suits show up promptly to confiscate it.

  22. #20 posted by Tdawwg:

    All quoting is … rigorous … and clear … and as “honest” to the intent of the original … as possible …

    That’s a bunch of patent nonsense. Everyone selectively quotes; it’s the nature of language itself.

  23. nonsense. I only speak the unvarnished truth with the words of lessers admitted just to keep them from feeling excluded. I am not unkind.

  24. When I speak, I always ensure that I phrase my words such that removing any part of it would still keep the original intent. My words are individually so meaningful, that you could strip away all but one word and still have a perfect understanding of what I said.*

    * Note: It doesn’t work for text. You must hear me speaking to understand the majesty and depth of understanding in each and every one of my words.

  25. Support firefox???

    I just downloaded it years ago and then when it tells me that there is an update, I download that.

    What “support” is required for firefox?mi


    Then you are an incompetent tree monkey as I switched an entire office of 50 just THIS WEEK with no issues to Firefox. They don’t even realize they are using a new browser and are impressed that it is working faster.

    You need to actually know something about what you say before you open your mouth.

  27. Anonymous #32:

    Support firefox???

    I just downloaded it years ago and then when it tells me that there is an update, I download that.

    What “support” is required for firefox?mi

    Many large organizations don’t give their employees administrative control over their own computers, in part to keep the system configurations consistent and in part so the less tech-savvy employees don’t screw something up. I imagine both these issues become more pronounced when you’re dealing with issues of national security.

    So even a relatively minor task like downloading browser updates can become a chore when you multiply it by thousands of computers. I can see the case for switching over to Firefox from IE but I also understand why the department would prefer sticking to one or the other.

  28. The cost to upgrade all the internal and vendor systems that are IE only? Who knows.

    So you just install both. Was it so hard?

  29. As a network administrator I think I have something of value to add here.

    As a conservative who despises Clinton, I think I can be honest when I say they are right.

    The Cost of the browser is one thing, as pointed out, it is free. However, that is hardly the end of the debate. Government computers are fairly rigidly locked down to prevent tampering, hacking, etc. Software that could typically be rolled out from a central location in most cases must be installed by hand and individually to each machine.

    Unfortunately then you come to the problem of government standards. Anything the Government decided to do will cost 10 times what is costs anywhere else. Simply telling your techs that Firefox is now supported is not adequate. First they have to develop the standards, plan the rollout, train the end users, debate endlessly which version and which plugins to use.

    If you don’t believe this, consider this one fact. The Government is spending $18,000,000 to redo the stimulus website.

    If I charged $100,000 for that, I’d feel shameless.

  30. “Free” is not free.

    You can download a “free” movie from the web, but if you’re paying $50 a Gigabyte you’ll soon find you’ve got a $25,000 data bill for your iPhone.

    In a corporate environment new software must be tested thoroughly for compatibility and stability; then it must be rolled out on (possibly) multiple networks. If the IT department is smart, they’ll phase in the new software once it is ready to roll (and new hardware, if required) in some sort of pattern, for example 5, 50, 500–install the software on a few machines, deal with the outraged users, then move on to more, until everybody has the new software and the bugs that haven’t been worked out in the months of testing and configuration can be fixed gradually, in months of training and helpdesk calls and more debugging.

    What this would cost the Department of State is anybody’s guess. How many employees does it have? How many computers (Blackberries, laptops, etc.) does it have? What about other organizations? How many does it have to deal with?

    What about security issues? Every single employee is a security threat, intentionally or accidentally.

    My employer is a small one, much smaller than the Department of State. It’s only got a couple of thousand employees in a score or two of countries.

    You can tell when the systems have been fixed. They stop working.

  31. I work at a fortune 500 and they’ve got the whole company on IE7. Makes me wanna puke

  32. Wow the State Dept. needs NMCI than it wouldn’t be a question since the answer would always be No.

  33. The “Whoop” in the audience is from people who you could roll out FF to.

    The problem is that a good percentage of that audience is as technically proficient as their leader.

    A situation they may want to address.

    If the Secretary was applying for a job today, with her skill set, the crucial phrase should be “Want fries with that?”

    Companies and organizations have tolerated unskilled workers, and especially leadership, for far to long.

    Get trained or get out.

    Company won’t train you? Train yourself.

    Otherwise I have a flac file of the World’s Smallest Violin playing just for you.

  34. Speaking as someone who works for a university where we’re allowed Firefox.. there’s the tiny matter of all of our payment processing and purchasing programs (and lord knows what else) having been designed years ago for IE and nothing but IE, and the presumably substantial cost for everyone of purchasing new licenses to use them if they were redesigned. (Now, talk to me about how ridiculous it is to charge your own departments for your own software to process payments..)

  35. It’s the security, folks. Govt. uses a lot of idiosyncratic programs, some that are specific enough to particular bureacratic functions that there isn’t a whole lot of documentation available… and when there’s a patch that can’t be installed remotely, there is a very limited cadre of techs available with admin rights to load/reload software.

    I’ve been through periods where our IT staff couldn’t keep basic office-type software running. But, in their defense, they have to cope with a constant barrage of new IT requirements (and the angry end users who always seem to lose functionality in the process).

    Lets just say I can’t count how many files I’ve had deleted (or worse, files I still have but can’t open without the specialized software to read it because it was dropped from the baseline image with no warning) during an “upgrade.”

    Under the circumstances, much as I like me some Firefox, I am hesitant to overtax the staff in charge of ensuring I can get my work done without resorting to engraving it in cuneiform on clay tablets.

  36. Ken Creten

    Thanks, Resnovae. What I was thinking was close enough to your thinking that I gave up.

    But I do want to say that this is not a religious issue. There is no Open Source god as far as I know. Well, maybe Stallman.

    What I’m trying to say is, I love Open Source, but I’ve realized that expecting, or demanding, or saying “Open Source” makes more sense isn’t what most people using their computers care about. For them, it’s not a philosophical question. Furthermore, that is exactly what computers should do for people, is get out of their way, and help them do work. These people want their computers to be just like, perhaps, a TV.

    Most people hate dealing with things that most computer geeks of all walks would relish in. Oooooo! A driver problem! Ooooooooo! This software package didn’t quite work! Fun! Yeah. I’m right there. But most people hate this kind of fiddling.

    Some of the responses I’ve heard to my pointing this out are, “they should learn about it,” or, “My Mom uses Ubuntu and it’s great.” While, in the real World, though I’ve been waiting for years and years, Open Source hasn’t made any dent in desktop computing.
    This link is a typical number game with this.

    I want Open Source to rule, but who takes it to the last finish where all the crappy work that must be done to make an OS useful for even people who hate computers is done? With OS X, Solaris, and Windows, ulimately, this would be the CEO. That person says, “we have to go at least this far – so do it. Otherwise people will be too irritated by it.” No matter what everyone says, millions are spent, by Microsoft and Apple in particular, to test users responses to various changes, as well as pay hordes of very good QA testers to beat the programs and OSs. As with Vista, mistakes can be made, but Windows 7 is looking much better, and there’s nothing like a big slap in the face to get a company moving in a different direction, as we’ve seen them move.

    I’m beginning to think that the kind of work to finalize the GUI under one set of ideas comes by paying developers work that they probably wouldn’t want to do for free. That ittly piddly API work to make sure, for the 1,000,000 time that the interactions work on some really boring level.

    Firefox is among the top Open Source apps that passes the “users who don’t care about open source can use it and not be too irritated” test, and there’s a lot of Open Source that passes this test. But, many applications do not. In the business world, applications like that die. In Open Source… I haven’t really thought about what can happen.

    Anyway, I do think that no matter if a program is free, changing a company or organization to be able to accommodate a program change can be, depending on the situation, very costly.

  37. @#33

    Oh beautiful… called an “incompetent tree monkey”. That’s made my day. Thank you.

    So… because your users are dense enough not to notice the difference in web browsers and mine are dense enough not to work out how to use it, that makes me incompetent? Yeah…

  38. @ Anonymous: If the Secretary was applying for a job today, with her skill set, the crucial phrase should be “Want fries with that?”

    How nice that these discussions always dissolve into “who can show off their utter ignorance and say the most clueless thing they possibly can.”

    Clearly her lack of knowledge about Firefox is going to come up in nuclear disarmament talks.

  39. New programs and strategies require implementation. Not everyone wants to migrate and it’s usually expensive to migrate folks who want to stay behind. If you’re in the minority, then yea, it *is* too expensive to switch.

    If you’re in the majority though, it’s too expensive *not* to switch. IE can be a difficult to use program for some.

  40. EPA gives you the choice of Firefox or IE. I think that’s mainly because all the tech guys use Firefox. I don’t think I’ve seen any other employees besides me use it….

  41. As stated it does cost money. Support, packaging for deployment, break/fix testing, locking down the app. We recently rolled it out to our company (15k+) it took time (which costs money) to develop the deployment package, and then on some workstations it wouldn’t install for various reasons so a field tech had to go look at it (more money). Granted once it gets rolled out and things are smoothed over then it’s better, but when the next update comes up, there’s testing, and more deployment and more support. Nothing is free….

  42. It seems most of the commenters here have very little experience administering a managed environment, much less one that has to meet various government security standards. The individual merits of firefox vs. IE as an end user matter very little and rightly so – what matters is how the browser has been validated and how it can be managed.

    1. IE has been submitted for Common Criteria rating – Firefox has not, and this will likely continue to be the case with the rate that the Mozilla foundation puts out new versions and drops support for old versions. CC rating and validation MATTERS for something like the state department

    2. MS has wonderful centralized management tools for IE, it is probably the single biggest feature of the product that would make it attractive to IT departments. Policies pertaining to zone settings, sites that belong to trusted zones, password storing, etc can easily be remotely managed and maintained. Firefox, to put it kindly, is behind the curve with regards to that.

    3. MS has a predictable patch schedule and excels at communicatin with clients/customers. The Firefox schedule is ad-hoc at best, and to be blunt, their communication sucks. Verification of patches, testing, and deployment are far better with IE. For individual users an argument could be made for the firefox ad-hoc scheme but for an enterprise you don’t talk about fixing individual vulnerabilities, but rather about risk. A vulnerability presents a certain risk, but so does applying an unverified patch. IT departments work to balance these two risks, and the MS approach to patching allows them to prepare for the risk that a patch presents and make an educated decision about how to deploy it. Firefox has a long way to go in this regard.

    On top of all of that there are considerations for legacy sites that render poorly in firefox, sites that employ custom activex controls, etc and from a business perspective the arguement for firefox is very poor. That you as a user may prefer it matters not at all (if companies cared about user preference lotus notes would be extinct).

    Finally, on a purely product to product security comparison quite a bit depends on the environment and the concerns of the organization. If they care about client machine security and are running vista, to be blunt, they are insane to run firefox. The low integrity protected mode of IE 7/8 on vista offers significantly greater protection against zero day attack, the fewer vulnerabilities discovered in IE 7/8 (give the NVD a whirl, firefox has a much higher discovery rate than IE though to counter that it has a lower exploitation rate – but for the state department the concern is targetted attack rather than random malware so the lower exploitation rate is inconsequential) reduce the occurances of a zero day, and the relatively few plugins coupled with the ability to lock down plugin installs reduce vulnerable third party code (though really Acrobat, Quicktime, and Flash will likely be installed regardless of browser, and all three are the most likely attack vectors considering the relative crappiness of adobe and apple code). From a web security standpoint (XSS, CSRF, Clickjacking, and similar attacks) Firefox has an edge *IF* noscript is installed (the XSS filter in IE 8 makes it a bit more secure by default but it is doubtful that the state department is using it either, and noscript is far and away superior to the XSS filter).

  43. Some apps simply won’t work on Firefox. My employer is large – 13,000 employees – and uses a timekeeping system and a purchasing system that are built on an Oracle foundation. You can use ’em on IE, and they have seizures and die if you try to use them on the fox. Sad but true.

  44. Some of you have mentioned this already, but it is true that a lot of companies have special tools that they use day in and day out that were designed to work with a specific version of IE. That is why there are so many IE6 users still: the companies can’t afford to hire programmers to rebuild all of their specialized tools to work with a new browser, because hey, if it works, why fix it? Plus, a lot of people have to use IE at work, but use something else at home (which is why FireFox usages increases on the weekends, see


Comments are closed.