Women in Technology

Hear us Roar


Weblog:   The Growing Politicization of Open Source
Subject:   Misunderstandings
Date:   2002-08-16 15:47:39
From:   cinabrium
Mr. O'Reilly's anonymous correspondent writes: "... But what we're getting is attempts to *require* use of Open Source software - effectively criminalizing an official's decision to buy commercial software to meet their needs. First in Peru, and now here."
I apologize for not knowing in depth the DSSA proposal, but i can speak about the rationale behind the Peruvian project (and, BTW, the Argentinian and Colombian ones). According to all these projects, no official would be punished by licensing propietary software [1,2] as far as he/she can convincingly prove that no free/open-source solution exists for his/her needs. The projects just mandate the usage of open formats, and the usage of use of free/open-source software when and if it can satisfy a specific need (please see Article 5 of the Peruvian project, Article 4 of the Argentinian Project), and establishes the alternatives in case a free solution is not available: 1. development of a free solution, if there are no time/cost constraints; 2. usage of a non-free solution (within some established piorities).
Viewing this as a menace to freedom is propagation of FUD. It seems that MS's message has reached farther than expected.


Agreeing with his correspondent, Mr. O'Reilly says that "...having government specify software licensing policies is a bad idea." Unless one also holds as an immutable truth that having a corporation specify software licensing policies is a bad idea, i'm afraid that Mr. O'Reilly falls into a contradiction. After all, the projects just say what kind of software is going to be used in governmental organizations. And the reasons for that, well explained in the projects and in several other documents including Congressman Villanueva's reply to MS/Peru, are:
* Free access to public information.
* Permanence of public data.
* Security of the State and citizens.
The defense of these three basic principles might imply the adoption of a certain licensing policy, in the same way that the defense of your right to not be hit by a car when crossing a street implies the adoption of a certain traffic regulation policy.


Mr. O'Reilly writes: "No one should be forced to choose open source, any more than they
should be forced to choose proprietary software." I fully agree, when speaking of *individual* choice. Even when speaking of *corporate* choice.
So... Why a goverment shouldn't be able to choose what software is going to be used for the government as a whole? Mr. O'Reilly's assertion could be misleading: any individual, any corporation in Peru (or Argentina, or Colombia) have full freedom of choice about the software they are going to use for their own purposes. Why should we deny that freedom to the government?


On the other hand, the governments must guarantee the basic principles stated above. Those are overwhelmingly more significant that the supposed freedom of choice of a public servant. And the public IS better served if the government uses free software.


Getting deep into a new contradiction, Mr. O'Reilly says that his new thoughts on the issue are based on his "version of Freedom zero". According to Mr. O'Reilly, Freedom zero is: "the freedom to offer your work to the world on the terms that you choose, and for the recipients to accept or reject those terms." Well stated! But according to his new thoughts, the definition of Freedom zero should be, as from now: the freedom to offer your work to the world on the terms that you choose, and for the recipients to accept or reject those terms, except when the recipient is a government, in which case the government must accept whatever licensing terms you wish to impose to your work. Or, in simpler terms: freedom zero for all, zero freedom for the government.


In any case, the freedom of a certain civil servant to choose a piece of software over another doesn't bother me as a citizen. But I'm way more concerned about my freedom, and that of my fellow citizens, to research how my vote is accounted or my taxes calculated. And about my rights that my personal data are used only in authorized ways. And about the security that no corporation or government whatsoever has planted any backdoors in software used for critical processes. And about the security that the information I give to the government because of a legal duty is not being held hostage by proprietary and arcane storage formats or a foreign corporation. The list of "ands" could take several pages, but I hope I have clearly stated my point.


Despite any good intentions of Mr. O'Reilly and his anonymous correspondent, assimilating the idea of use of free software in the government with the idea of banning freedom of choice could be seen as an unexpected (and hopefully unwilling) contibution to MS's FUD.
Full Threads Newest First

Showing messages 1 through 3 of 3.

  • Misunderstandings
    2002-08-16 16:00:48  cinabrium [View]

    I forgot the notes. My apologies :)
    ---
    NOTES:
    [1] Licensing, not purchasing. Unless you own the intellectual property of the software, you *NEVER* buy it. You just get a permission from the owner of the IP to *use* it within certain restrictions.

    [2] Proprietary, not commercial. There is a lot of free software which is traded for profit (e.g. any "commercial" Linux distribution, as good as a lot of propietary software at no cost (think of distributed.net's clients).
  • Misunderstandings
    2002-08-16 16:13:33  korwin [View]

    "According to all these projects, no official would be punished by licensing propietary software [1,2] as far as he/she can convincingly prove that no free/open-source solution exists for his/her needs."

    First, this assumes that open-source software and free software are the same thing. Shouldn't this be rewritten as "no official would be punished by licensing propietary software [1,2], as far as he/she can convincingly prove that no free solution (whether open- or closed-source) exists for his/her needs."?

    Second, this puts the price of the software solution as the most important factor. What about the scenario where there is open-source software that is free and will do the job, but nobody can guarantee that it is secure enough and would not pose risk for the IT infrastructure of the government? Should this software be preferred to a closed-source software whose vendor is willing to guarantee the security of it's solution?

    The open source does not intrinsically guarantee any of these principles:

    * Free access to public information.
    * Permanence of public data.
    * Security of the State and citizens.

    Furthermore, the open source software has nothing to do with these principles. Will any open source program actually guarantee to me that the public data will be permanent or secure if maintained by it to the degree that i could sue the software vendor (who would that be in the case of gcc btw)? In fact, these bills in it's current form put the second and the third principles at stake since they mandate that the government officials make their choice based on whether the software is open source and free and not whether it conforms to any levels of acceptance (as it should be).
    • Misunderstandings -- replying Korbin's objections
      2002-08-16 17:04:18  cinabrium [View]

      First:
      The assumption of free software = open source was done for (over)simplification only. Anyways, the projects speak about "software libre" (free as in
      freedom) but the definition is a subset of the open source definition (see http://www.opensource.org/docs/definition.php )

      Second:
      The price of the software is *NOT* a factor in any of the projects. Let me kindly remind you that Internet Exploder is free as in beer. In your scenario, the government could get the open-source software and thoroughly inspect it and/or hire a bunch of maintainers or a company able to keep it up and running OR believe the proprietary closed source software vendor's promises... What would you do? How does the vendor guarantee the security of its solution?

      Third:
      No software "per se" (free or proprietary) guarantees the principles. But you can't guarantee them without open formats and source availability, unless you are willing to assume the costs of reverse engineering (sometimes prohibited by licensing conditions) any time you want to migrate or any time the vendors decide that they are not going to support a certain piece of software anymore. What happened with your nice spreadsheets in Visicalc or with those beautiful essays you wrote in Wordstar?
      And furthermore:
      I prefer to be sure of how the tire was built instead of suing Firestone after my neck is broken. But i must concede that quality assurance of the software could be reached by more means than mandating the availability of the source code. However, no quality assurance procedure will be correct and complete unless the code can be openly inspected and tested. As a cryptographer, I follow the principle that no algorithm, protocol, system, is deemed secure before open and deep scrutiny by the entire scientific community[1]. The same holds for the software.
      Regarding "ex-post" liability, I think that if the law mandates that software vendors are liable for *any* damages arising from software failure, I would feel more comfortable signing such guarantee for gcc than for any closed-source compiler. In any case, software vendors won't accept such liability (have you read any EULAs lately?) so the argument goes byzantine.

      Many tanks for your well reasoned observations!

      --
      NOTES:

      [1] Skipjack, an algorithm designed by the NSA (the best troupe of cryptographers around), was kept secret. When NSA finally decided to make it public, serious flaws appeared in less than three months (see e.g. http://www.cs.technion.ac.il/~biham/Reports/SkipJack/ )
Showing messages 1 through 3 of 3.

Recommended for You
 
Sign up today to receive special discounts,
product alerts, and news from O'Reilly.
Privacy Policy >
View Sample Newsletter >