Government refuses non "straightforward" IE6 upgrade demands despite security fears

The government has refused to upgrade departments from Internet Explorer 6 to Internet Explorer 8, the latest version of Microsoft’s web browser, as it would not be a “straightforward” process.

Over 6,200 signatures were gathered by an ePetition, which ran on the Number 10 website until 6 June, calling for the government to implement an upgrade programme.

Citing the encouragement of both the French and German governments to upgrade to Internet Explorer 8 (and other up-to-date browsers), the ePetition argued, “When the UK government does this, most of Europe will follow. That will create some pressure on the US to do so too.”

In a statement issued on the Number 10 website, the government said it takes internet security “very seriously,” something it claimed was evident through the ongoing merger of the Information Security and Assurance team and the Office of Cyber Security within the Cabinet Office. On completion, the body would provide a “joined-up approach to information assurance and cyber security strategy and policy”.

The government defended the decision not to upgrade to the latest browsers, and stated “There is no evidence that upgrading away from the latest fully patched versions of Internet Explorer to other browsers will make users more secure.”

PublicTechnology.net contacted Google for comment on whether it believed other browsers – including its own Chrome – would make user activity more secure, but the web giant declined to speak specifically on the topic.

The government’s statement continued, “It is not straightforward for HMG departments to upgrade IE versions on their systems.  Upgrading these systems to IE8 can be a very large operation, taking weeks to test and roll out to all users.”

Claiming a requirement to test all web applications currently used by the government “can take months at “significant potential cost to the taxpayer,” the statement added, “It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector internet users.”

The sixth iteration of the browser is infamous for the number of security concerns surrounding it; in February 2010 security advisory company Secunia identified 24 outstanding and unpatched vulnerabilities within IE6. Ryan Gavin, head of the Internet Explorer business group confirmed to PC Pro back in May, "Part of my job is to get IE6 share down to zero as soon as possible.” News of the government’s stubborn stance will surely now prove a significant challenge to Gavin’s ambitions.