
Governments should adopt and invest in FOSS - nivenkos
http://jamesmcm.github.io/blog/2020/09/12/foss-government/#en
======
majkinetor
Since its taxpayers money, any custom made software for gov MUST be FOSS or we
can equally abandon any logic whatsoever - citizens payed for it, gov
employees were working with implementation team on shaping it, so it belongs
to them. This doesn't have to be so for supportive domains such as databases
but I would personally prefer that also (i.e. Postgresql instead Oracle db).

There are many more reasons for this then mentioned, including keeping more IT
experts locally, better connections with academia, higher salaries for gov IT
guys, less corruption etc.

The MAJOR thing is actually that gov companies and their systems are usually
quite complex and not something that can be easily (or at all) correctly done
by external team of any kind - you need to be there, on the spot, and live
that system for years to know how to program it, improve it, and make it good
for the country and its citizens. I worked for gov 15 years, and did many huge
projects with various companies - IBM, Microsoft, Oracle, Cisco etc... almost
all being complete garbage, especially for the usual multi billion price that
is payed to those corps yearly. There is an illusion that big names mean big
and qualified team, good responsibility delegation (there is the 'nobody got
fired for choosing IBM' thing) and that high price means quality, but in
practice it never works like that, reality is quite the opposite (except
responsibility delegation/dispersion which is totally true).

The major reason that proprietary software is so prominent in gov is
corruption.

~~~
ocdtrekkie
> The major reason that proprietary software is so prominent in gov is
> corruption.

I'd like to see more open source software in government, but the main reason
we select proprietary solutions where I work is support. If more open source
tools had support staff, maintenance agreements, etc. more government
organizations (and businesses) would consider them viable. I may be fairly
code-literate IT, but I don't understand a given product as well as the
support staff from the company that made it.

~~~
pabs3
You can also hire local Linux enthusiasts to create an in-house support team.
That keeps the money for the support costs within the local economy and
potentially they could even give back to the open source projects and
represent your local interests within the open source community.

~~~
ocdtrekkie
So I can tell my boss we should hire a six figure salary employee instead of
buying a four or five figure annual proprietary product?

Honestly, as a taxpayer, I'd hope not.

And that's the problem, for more open source products, the available support
is "pull requests welcome".

~~~
pabs3
Usually the costs for proprietary software in government are much larger,
usually in the millions.

~~~
ocdtrekkie
This is a very bad assumption. You are ignoring the fact that government
includes municipal, county, state, and federal levels of government, and
entirely forgetting that most of the software governments use isn't custom-
built through super expensive contracts.

Many are purpose-built for government use but are sold to a large number of
organizations at pretty ordinary pricing models.

------
eddietejeda
If you are interested in this topic, checkout
[https://code.gov/](https://code.gov/)

“The Federal Source Code Policy (FSCP) called for the establishment of the the
Code.gov program office and corresponding technical platform of a website and
application programming interface (API). The program office assists agencies
with policy, acquisition, and code inventory creation. We are a small but
mighty team with five members with expertise and beliefs pertaining to
discovering, sharing, and open sourcing the People's code.”

You may also want to read up on 18f.gsa.gov. They publish and share lots of
open source code.

I started at 18F and now run [https://github.com/cloud-
gov](https://github.com/cloud-gov)

~~~
petepete
Also have a look at the GOV.UK/GDS[0], which strongly influenced the US
Digital Service. Pretty much everything digital that government departments do
is open by default[1]

[0] [https://www.gov.uk/government/organisations/government-
digit...](https://www.gov.uk/government/organisations/government-digital-
service) [1] [https://github.com/alphagov](https://github.com/alphagov)

------
MattGaiser
I work for a government software development team (At least for the next
week). I have other friends in other governments on other teams.

I can’t see a government being able to build generalized software or
contribute effectively to it. Governments don’t tend to have people who say no
to feature requests. The end result is not a generalized good solution, but
extremely specific solutions built on a generalized platform of if statements
and endless configuration setups with special cases weaved through.

Governments are used to getting to decree everything from the button shade to
the location of the buttons (different departments might ask for different
button placements and get it) to the database type used (for the same piece of
software) to the cloud vendor to all manner of additional features that
require threading them through the core software. They want piles of
exceptions and special cases. They want every possible scenario from the paper
based days to be included in the software or it is not sufficient for their
purposes. They want to specify date formats. They want to have very custom
reports.

To use OSS, you basically need a generalized thing many people can use. But
each government department will rapidly make it far from generalized.

~~~
oska
You're assuming the government controls the development process. That's not
the objective (and frankly, FOSS licences works against control, as any party
can fork the code). Rather, the suggestion is for governments to _support_
FOSS developers, just as they do the arts community, without directly
dictating what work they do. If they want a project extended in a certain way
they can pay directly for that development, but they should do it on the back
of an existing product that serves the general community and feed useful
development of the software from their extension back into the general
development tree.

~~~
paulryanrogers
Standards may help commoditize the more fundamental parts. It was the
government that created ASCII and SQL after all. At least back when they cared
about competition.

------
sien
Government does use and create a great deal of open source software.

Github has this list of government and community organisations that use Github
:

[https://government.github.com/community/](https://government.github.com/community/)

The organisation that I work for has over 200 Github repositories.

The Australian government alone from that Github list is literally supporting
thousands of open source repositories. It looks like many other governments
around the world are doing the same.

It would be worth going out and working out how many open source repositories
governments are supporting.

~~~
sien
Australia's CSIRO has their own bitbucket repo:

[https://bitbucket.csiro.au/repos?visibility=public](https://bitbucket.csiro.au/repos?visibility=public)

(CSIRO also has quite a few repositories on Github as well)

------
specialist
"Citizen owned software."

Phrasing I used on the stump, both campaigning and as an activist.

Overwhelming support. One of those 90/10 issues.

People just get it. Resolutions, petitions, platforms practically write
themselves.

Forewarning for any future advocates: Appeal directly to the rank & file, Jane
Public, editorial boards. Organize bottom up. I can't recall any elected or
appointed person supporting (publicly).

Free advice (and twice as valuable): You must have solutions. Real code. My
topic was election admin. I couldn't resolve the chicken & egg problem. Any
green field efforts would need $10m just to wage the legal battles
(certifications, in every jurisdiction). So figure out a way to get existing
code into the light.

~~~
pc86
How did you square this goal with nearly every election expert (I'm talking
academics here, not politicians) being against using more technology in
elections?

~~~
specialist
There's a lot more to elections than just the tabulators.

Maps, databases, candidate filings, calendars, ballot production, voter
guides, signature management, poll books, reports, ballot tracking,
translation services, etc.

Since the collapse of the touchscreen business, the new business model is rent
seeking on steroids. Charging jurisdictions per unit prices for every single
one of those tasks and artifacts. Every voter every election, whether the
voter cast a ballot or not.

On the stump, I explained that "citizen owned software" applies to both the
intellectual property and the business model.

------
just-juan-post
No mention of what is the greatest government contribution which is SELinux
from the NSA

[https://en.wikipedia.org/wiki/Security-
Enhanced_Linux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux)

SELinux is what keeps an attacker contained after they exploit and break into
the system.

------
MrsPeaches
See also the Dutch Ministry of Health has it's own GitHub account[1]

Their coronavirus tracking app is open source [2]

And their Minister for Health made the commit to send the app website live [3]
(though he did push to master on a Friday. I guess you can do that if you're
the Minister...)

[1] [https://github.com/minvws](https://github.com/minvws)

[2] [https://github.com/minvws/nl-covid19-notification-app-
ios](https://github.com/minvws/nl-covid19-notification-app-ios)

[3] [https://github.com/minvws/nl-covid19-notification-app-
websit...](https://github.com/minvws/nl-covid19-notification-app-
website/commit/ce16c03b221c1ba1f18035f3a11907039c663871)

------
natmaka
In France this is exactly the goal of an association founded in 2002, see (in
French)
[https://adullact.org/index.php/association](https://adullact.org/index.php/association)

~~~
tasogare
It seems they just focus on the cost while the real problem is of sovereignty,
and need to include an European dimension. The US have been found spying on
the whole world (including their own citizens), so it’s warranted Europeans
push back against US hardware and software the same way it’s done with China
(Huawei).

~~~
pjmlp
The problem is that to sort it out properly we need a complete EU based stack,
starting from the hardware.

~~~
snvzz
>starting from the hardware.

There's absolutely no need to start from the hardware. In fact, both hardware
and software can and should be done in parallel.

------
remir
I have said this for years: all the building blocks are here. What's missing
is the integration, UX/UI polish, and of course, the resources to do so.

If enough public administrations are on board with this, then this could be
game changer. We could have something that trickle down to the general
population. Something on the same level of polish as Windows or MacOS.

------
systematical
I work as a government contractor. We've fixed bugs in OSS that we've used,
but been unable to contribute the fixes back. This is a huge hassle because we
are now on a fork and have to deal with merges from upstream, it will get
worse over time.

More recently I developed a missing (in my view) extension to a piece of
software. Too make this OSS-able would take a few extra hours and I wouldn't
mind doing that step on my own time. But that's a nope.

So we can use OSS, we can modify OSS, but we can't contribute PRs or new
software. At least for the three letter agency I work with. Lots of the type
of applications being developed in the public sector aren't really any
different then private sector. They take data in, they do something with it,
and they output data. If the software doesn't require a security clearance,
you should be able open source it IMO or at least contribute PRs.

~~~
executesorder66
Why are you unable to merge your changes upstream?

~~~
systematical
I was given some nebulous answer and well I have my own OSS projects on the
side that I care more about so I don't care to push that. WTS. I would be
happy to do the last mile on my own, but I am not going to fight for it. It
should instead be encouraged buts its not. So here we are. I have good
contributions to make but don't. Some good OSS projects losing out and by a
thin proxy, many other three letter agencies.

The most I do is contribute to OSS documentation on gov time and just don't
bring it up. Also fix issues by replying to issues since thats not code.

~~~
executesorder66
Well I'd say it would be totally worth it to push back on that and insist that
you be allowed to merge your stuff upstream.

Even if it's for no other reason than ease of maintenance, so you don't have
to keep merging upstream to your fork.

------
2Gkashmiri
I have a question here. How do you combat lobbying when you have the likes of
Microsoft so deeply entrenched in a government, the likes of Germany and Limux
and the whole deal there. Same in India. The government has set aside a proper
budget to spending towards buying Microsoft products for office use when 10%
of that sum could build world class software but lobbying. I once pitched
libreoffice to a head of a India government department and I was told in as
many words "the central government gives us a proper budget for this. If we
don't spend it, it will lapse. Let it be. "

Next, I use some taxation software provided by central government but its all
excel based. Why cant they essentially switch to the likes of using Foss
software because the chain effect of the cunsumers of these software have to
stick to excel. On and on. If anyone can help pass the message, let me know

------
afarrell
I think one easy mistake to make is thinking about this as an investment in
software as a technical artefact. Which is more valuable for deterring war:

A. An $80 million fighter jet with dysfunctional communication among its
maintenance, logistics, and air combat teams.

B. An organisation which can resiliently perform effective aerial interdiction
and communicate the resulting intelligence clearly and swiftly.

B, right? So too with peaceful investments.

Governments should invest in teams with the capability to:

1\. Understand the needs of the public, prioritised through some healthy
democratic-representative process.

2\. Write and refactor high-quality software as that nourishes the public
good.

3\. Empower members of the public to educate themselves on how to contribute
to this public commons.

Open-Source code itself? Eh, writing code is fun. When you take care of the
team, the team takes care of the code.

------
pkz
1\. I think many public sector organizations in Europe lack basic knowledge of
FOSS and have IT managers that don't even know what it is.

2\. In many ways it is surprising that generic software like cloud office
functionality in reality only have two suppliers, both from the US, in the
public sector. The amount of money that is being paid by tax payers every year
for that across the EU is staggering.

Maybe the Schrems 2 court decision will change #2 eventually but for the time
being I see very few alternatives.

~~~
ghego1
> 1\. I think many public sector organizations in Europe lack basic knowledge
> of FOSS and have IT managers that don't even know what it is.

Confirmed. Source: I teach these topics in University, including in post
graduate courses for public officials, and most of the students don't have a
clue of what OSS means (the whole words), and don't even realize why the F
matters. I usually explain what source code is, and from there all they way
down to that F.

I am deeply convinced that one, if not the the most, worrying problem of our
times is a general lack of proper education in all levels of societies, except
for a small portion of the population.

~~~
pkz
I clicked the upvote on your comment but wanted to put a sad emoji...

------
alien_
FOSS is a Commons, in my opinion every organization, government and company
should use it as much as possible and invest in it a fraction of their IT
budget, even if just 1%.

This would add up to resolve the current FOSS funding problems and the FOSS
ecosystem would thrive.

They could do it by hiring developers or FOSS companies and/or funding
targeted to the projects they use with a subscription like Tidelift.

------
dhruvio
Wanted to share that my province, British Columbia, is pretty good about this.
My team was hired to build BC’s Digital Marketplace
([https://digital.gov.bc.ca/marketplace](https://digital.gov.bc.ca/marketplace)),
which procures teams to build software for government that is licensed under
the Apache 2 License!

------
clintonb
I agree. I’ve seen a few models work in other industries. MIT’s OpenCourseWare
(OCW) and edX initiatives relied on partnerships with other universities and
institutions. They all pay in to fund the development of the underlying
platform. OpenEdX has individual and institutional contributors that help
improve it.

Smaller credit unions join forces to form credit union service organizations
(CUSOs) that provide a service (e.g., IT support, or lending services) to all
member credit unions.

I would love to see US state and local governments do something similar. Start
with everyone’s favorite state office: the DMV. I’ve lived in three states.
The DMV experience for all three has been pretty bad. This is more frustrating
as an software engineer because it is painfully obvious where a bit of
software could have a huge improvement. It makes no sense that 50+ states and
territories have 50+ systems for the DMV, business registration, taxes, etc.
when the basic functionality is most likely the same across all of them.

~~~
shadowfox
> It makes no sense that 50+ states and territories have 50+ systems for the
> DMV, business registration, taxes, etc. when the basic functionality is most
> likely the same across all of them.

While this is likely true, this being the US, you are also very likely going
to end up in an ideological (for the lack of a better word) rabbit hole about
freedom and state's right to do their own thing.

~~~
microcolonel
This is why the _open source_ angle is so crucial. If the expertise is
distributed well between the stakeholder states, it can produce _more_ state
sovereignty, because it is at least plausible to fork.

It serves the best arguments of both nativism and globalism, without really
harming the values of either.

------
29athrowaway
IMO, essential FOSS projects should be seen the same as infrastructure. It is
not unheard of to see millions spent on bridges, highways, etc.

Well, office suites, operating systems, and the myriad of FOSS projects used
every day are as useful as that physical infrastructure. Especially in this
day and age.

------
NomDePlum
GDS, a department of the UK government already advocates the use and creation
of open source software: [https://www.gov.uk/guidance/be-open-and-use-open-
source](https://www.gov.uk/guidance/be-open-and-use-open-source)

Including publishing a lot here:
[https://github.com/alphagov](https://github.com/alphagov)

A lot of the philosophy of their approach on this is around making the code
public and inspectable given it was funded by tax payers. Not to say reuse
isn't part of it but it is an interesting angle on why some code should be
open sourced.

------
fallat
So the reasons are: cost, contributions, and audits.

I'm playing devil's advocate here and think this could be an interesting
thought exercise.

There is no evidence or proof any of the above are advantageous to
governments.

1\. Cost - Does it cost more for an existing solution, that maybe other
governments and companies have paid toward, than adding features to a solution
without all the bells and whistles?

2\. Do you want other governments to receive the improvements?

3\. Do you want other governments to be able to audit your ("you" being the
government) software? It is more effective to hire a specialized audit team or
have random code readings by random people?

~~~
spurdoman77
My toughts:

2\. Yes, in areas where other governments profit isnt your loss. I think there
are lots of these. For example, if you have software which makes people more
healthy, you wont lose if people in other countries get healthier as well.

3\. Yes, similarly in many areas others auditing the software is harmless.

~~~
sjy
I have found that not everyone in the public sector would agree with (2). By
giving away the software you lose the ability to sell it and recover some of
the money you spent on it. Similarly, funding the development of proprietary
software involves less capital expenditure because the developer can charge
less than they spend and still profit by selling to others. I don’t believe
that either of these arguments are sound, but it’s hard to respond to them
when the experts on how software development should be done are the
contractors who benefit from these arrangements.

------
earthboundkid
A lot of this discussion is thinking about government procurement, and yes
absolutely, custom software that the government commissions should be OSS
unless national security prevents it, and in that case, they and not the
contractors should retain the copyright.

But there’s another issue: government should approach funding OSS like funding
scientific or medical research. If you want to cure cancer, you find a
government grant, write up a proposal, get your proposal scored, and if all
goes well get to conduct your research. The exact same process should apply
for OSS.

------
oska
This is exactly how Europe (and other parts of the world) can avoid having
their IT services monopolised by US American companies. And build up
ecosystems of expertise around the free software projects.

------
edoceo
Oof, see the disaster that is regulated cannabis software. $3M for stuff that
was hacked the day after launch and still routinely fails two years later. And
the government has simply changed the definition of success so it looks like
it wasn't. All the while the agency is rebuilding the reports the taxpayers
paid for, and we're supposed to be delivered 24 months ago with Excel - and
training LEOs how to ignore and filter out garbage data from the system to do
their job.

------
jokull
Iceland is doing this (in a big way). TypeScript stack, 18 teams from
different companies working together in the same open source code base and
design system. HMU if you want to know more. Was an advisor on it.

------
fouc
Let's go further than this though. Governments should all follow the China
model and have their own firewalls, support their own software industries, and
splinter the internet.

Also support institutes that do work in FOSS.

------
SergeAx
Lots of software commissioned by Italian govt is open sourced:
[https://developers.italia.it/en/](https://developers.italia.it/en/)

------
atakiel
I think the largest barrier for FOSS is still that the greater public doesn't
know about FOSS, at all, and even less at the concept level. Because FOSS
largely is still not on the daily political agenda, there's no actual talk
among the wider masses about the reasons why FOSS is important, or what it
actually means. Without wider discussion it's harder for it to gain foothold,
as it is very much a political question, when it comes to use of FOSS in
government.

Although, this seems to be slowly changing. In Finland, YLE (the national
broadcasting company) has recently been systematically bringing up the open
source nature of the national Covid app in their reporting.

I think there's a larger cultural revolution waiting for its turn, behind the
current open source revolution that has been happening so far mostly in the
software field.

In its core, open source is a cultural thing, and maybe a political one, one
that due to reasons that were, did found rooting and cultivation initially in
the field of software. Regardless of its origins, it's a wider movement that
could disrupt every aspect of content creation, if realized as such. E.g. the
same discussion that is being had in this thread and in the original article,
about FOSS in government, largely applies to a wide field of other types of
content created by governments.

One of the larger, self created obstacles for open source lies in the
definition itself. Open source is still being defined primarily in the realm
of software, and through software. Names and definitions such as FOSS (Free
and Open Source Software) reprise this problem by anchoring the concept to the
world of software, and in this case, it happens already in the name. Instead
of FOSS, maybe we should be talking about FOS software?

I think the world could do well with a concept of open source that could be
unleashed on all types of content created [1]. FOSS could probably do well,
with the larger umbrella concept of FOS hitting daily discussion.

Interestingly, open source as a term doesn't have this package, as source can
mean more than just source code.

[1] Creative commons already exists, but that's mainly a license, to be used
in certain fields of content creation, not a wider definition for the concept.

------
holidayacct
You're looking for Germany and Suse Linux.

------
ryaan_anthony
Starting with voting machines!

------
BlueTemplar
jamesmcm.github.io

The author criticizes a lot Microsoft and hypes FLOSS, while being hosted on a
closed source, Microsoft-owned platform.

~~~
waldohatesyou
This has nothing to do with his point

------
browserface
I hope some governments adopt my FOSS remote browser isolation product:
[https://github.com/dosyago/OuterShell](https://github.com/dosyago/OuterShell)

------
GartzenDeHaes
Unfortunately, that isn't how government works. Whether it's F35's or
Microsoft Office, putting money into the pockets of political cronies is what
drives the purchase. FOSS doesn't benefit anyone with power, so it's useless
to the government.

~~~
an_opabinia
I’ve got news for you dude, cronyism is a lot worse when selling to
corporations.

~~~
xapata
When people complain about government inefficiency I always wonder if they've
ever worked at a large company.

