softwarechoice.org has a series of well thought out recommendations for software procurement in the public sector:
All software products offer varying benefits and costs. Public entities should procure the software that best meets their needs and should avoid any categorical preferences for open source software, commercial software, free software, or other software development models.These policy statements may sound ever-so-sligthly pro-commercial software and anti-open source. That shouldn't be surprising, since the three US signatories on this multinational policy are CompTIA, Intel, and Microsoft. Then again, isn't mandating free/open source software to the exclusion of all other types of software a rather extremist stance? Where's the open source analog for SAP R/3, ArcView, AutoCad, SAS, iMovie/Premiere/FinalCut Pro, or a certified secure operating system?-- Procure software on its merits, not through categorical preferences
Policymakers should not make rigid intellectual property licensing choices a precondition for eligibility for procurement, nor should they discriminate between developers that choose to license their intellectual property on commercial terms, and developers that choose not to charge licensing fees.
-- Maintain a choice of strong intellectual property protections
Lobbying to get equal treatment for free/open source software during the evaluation cycle is one thing. Demanding that public agencies (in the US, Venezuela, Peru, Bolivia, Germany or California) use non-proprietary software exclusively produces an intellectual monoculture as dangerous as an all-proprietary one.
In what sense do you use the word monoculture? The relative ease (technically and legally) of reimplementing an effective substitute for an existing open source package seems to me to be an (albeit theoretical) antidote. Put another way, doesn't the right to fork ameliorate this threat?
I suspect we just mean slightly different things.
Re:Monoculture?
ziggy on 2002-09-09T13:21:26
There's an emergent meme that governments are public organizations funded with public funds to do the public's work. Therefore, all government work should be open to the public; using proprietary software with proprietary data formats that may be unreadable at some point in the future (simply because they are proprietary, and therefore undocumented data formats) is an abuse of public funds and does not serve the public trust.In what sense do you use the word monoculture?I forget where this meme first surfaced -- California, Peru, or Venezuela. I'm pretty sure it was the foundation of one of the bills to use only free software in government procurement.
Here, the threat of monoculture isn't from the technical perspective -- reimplementing open code. It's more a danger from a policy perspective -- the idea that only free software is suitable to fufill the government's mission of acting in the public interest.
Re:Monoculture?
nicholas on 2002-09-09T14:16:13
Here, the threat of monoculture isn't from the technical perspective -- reimplementing open code. It's more a danger from a policy perspective -- the idea that only free software is suitable to fufill the government's mission of acting in the public interest.I believe that there is an important distinction bewteen governments and any other organisation - I can make a free choice not to interact with any commercial organisation for any reason I like. Not interacting with certain government departments can cause me to go to jail. Hence I believe it is wrong for a government department to mandate that I must communicate with it in a specific fashion that requires I use a specific proprietary product. At the level of communication, I'd be quite happy with a government that said "you should communicate in this format, this format is documented here, and you are free to create data in this format provided it is validated by this validation software with source freely available for inspection". (Note, I don't mind them using any format native to any form of software, proprietry or not, but I don't trust any vendor, closed source or otherwise to implement their documented format perfectly, however good their intentions, hence the validator. And the validator needs to be open, even if the rest of the software is closed)
However, this doesn't mean that I trust the closed source software the government is running to process my private data (such as my healthcare records or financial sitation) not to have manufacture supplied trojans capable of leaking the data back to the mothership. Hence I think (but I may be wrong) that the only trustworthy thing (as if a government is ever trustworthy) is for the government to only run software with source code open to inspection by all. That way, we can all look and see that there are no trojans - ie that our data isn't sneaking off somewhere else. Note that this is not necessarily free or open source software - it can be commercial software, that is subject to normal (sane) copyright protection, only usedable by its (paid up) owners. The important part is that it has to be open to inspection.
Re:Monoculture?
ziggy on 2002-09-09T14:58:15
"Government" is a very loaded term here. I'll constrain my remarks to the US Federal Government, rather than lumping the governments of the US, UK, Peru, Venezuela, Germany, California and Indiana into the same boat.Hence I believe it is wrong for a government department to mandate that I must communicate with it in a specific fashion that requires I use a specific proprietary product.In my experience the US Government really does have a clue here. Preaching what government should be doing usually involves some measure of ignorance of what the government has done already.
For example, it is because the government was focused on interoperability that we have open standards such as COBOL, POSIX, ADA (yeah, I know), SGML (especially CALS), TCP/IP, Telnet, FTP, SMTP, and a good chunk of the rest of the internet. Much of the online documents produces by the US Federal government that I see are produced in PDF, SGML, HTML, GIF/JPEG/PNG, or open data formats invented by the government such as TIGER.
All of this chestbeating in the abstract about vendors and open formats is a veiled argument to oppose the production and requirement of Microsoft Office documents. That's a fine and noble cause, but once the discussion gets abstracted two or three levels, it loses all touch of reality. The SEC, for example, drove adoption of SGML in the 1990s by requiring electronic submission of all financial documents. I daresay the FDA is doing something substantially similar with new drug applications. And let's not forget that the government funded the CALS table model in SGML and the TIGER data format.
Do you trust the government to use closed source software to process it's own data? That is, why should the government be penalized by being a government entity, thus preventing it from using reasonable payroll, HR, or inventory software? What about the agencies that wisely chose to cut costs and consolidate their resources by replacing hundreds of servers with a single StarCat or StarFire? Should they be prohibited from running Solaris and forced to use Linux/NetBSD/OpenBSD (which don't scale to anything near this configuration)? And if Oracle/Sybase/DB2 were to be phased out tomorrow, who would be funding the migration to MySQL/PostgreSQL, and would that be the best use of limited public funds?However, this doesn't mean that I trust the closed source software the government is running to process my private dataThere are lots of specific areas and specific reasons why government should adopt open source software. But mandating an all-free-software government ecosystem simply ignores what it means to "do the people's business" today.
That said, some of the recent moves in the UK towards eGovernment (through Microsoft-funded projects that only run on/with/through Microsoft software) are quite reprehensible. Most governments are not as large nor as involved with the tech sector as the US Federal Government. The US Government produces PDF and other accessible files out of common sense (as far as I can tell); efforts in Peru, Venezuela and other Latin American nations are quite sensible, given their particular circumstances. But one "government" policy that mandates or requires open source in all circumstances and doesn't adapt to local concerns is just foolish.
