@Photo by Alex Holyoake on Unsplash
An open source software 101 for public officials
In April 2020 the Dutch government announced its support to open source software. State secretary for the Interior Raymond Knops wrote in a letter to the Parliament: “My appeal to public services is to release the source code, unless they have good reasons not to”. The usage of open source software has been increasing within governments all over the world. In this blogpost, we’ll discuss the advantages of open source software compared to proprietary equivalents. Furthermore, we will show some excellent examples of public organisations that are currently using open source software. Governments have realised that working with open source software comes with many benefits, or in the blunt words of the former head of UK Government Digital Service Mike Bracken: “big IT doesn’t work”.
Types of open source software
There is an important difference between free software and open source software. The difference is often explained by making the distinction between “free as in beer” and “free as in speech”. Free as in beer means free to use, just as if you would receive a free beer in a bar. However, the provider of the beer is still in control of which “beer” you will be served. Translated to software: free as in beer means that you cannot change the source code or even have a look into it. Free as in speech is a matter of liberty, whereby a provider can choose to grant users extensive rights, for example to (1) look into the source code, (2) run it however they want, (3) redistribute it and (4) improve it.
In order to make use of the “freedom of speech” without being at risk of takedowns, shake-downs, or litigation, a license is needed; otherwise the software will be under exclusive copyright by default. There are different licensing options. For example, the MIT License is a short and simple license that allows users to do almost everything with the code. If the open source software of choice has a GNU GPLv3 License, it means that users can do everything they want with the code except for distributing closed source versions. There are many more types of these licenses and all have their specific characteristics. Therefore it is important to evaluate the specific terms and conditions of each license in order to pick the solution that is best suited to your needs.
Advantages of open source software
Creating and using open source software has many advantages for both businesses and governments. In the following we discuss the most important of those advantages.
No vendor lock-in
“Often companies are holding the government [and companies] hostage by non transparent software” says Datalab Director at the City of Amsterdam Berent Daan. By using open source software, organisations can overcome this so-called vendor lock-in. A vendor lock-in occurs when a customer is dependent on the vendor and is not able to move to another product without suffering significant costs. Although any product comes with some switching costs, open source software gives organisations more freedom of choice and flexibility. This flexibility can also be leveraged in case of sudden changes within your organisation, such as unforeseen changes in the amount of users.
Available for everyone
Another great advantage is that by open sourcing software, it and corresponding knowledge becomes available for everyone. This is an excellent way of distributing the benefits of software. Furthermore, depending on the license that is used, other organisations can also modify the software and adjust it to their needs.
Open source software has security advantages as well. Some argue that as the code is available for everyone to see, the software is vulnerable to attacks. This line of thought has a name: “security through obscurity”. However, this assumption has provoked discussions for over a century (the first criticism dates as far back as 1851) as it can give a false sense of security which can ultimately lead to security shortcomings. As open source software is out in the open, (good) developers have no choice but to take a “security by design” approach; the source code needs to be designed from the ground up to be secure. Furthermore, open source software can be constantly monitored by a large pool of developers to find bugs, also called “many eyes”. This does not mean that all bugs are always detected. The source code should be checked on a regular basis by experts and even then a bug can potentially go undetected for years. Still, by open sourcing the code we believe that chances of finding security breaches early will significantly increase.
Another potential security advantage is that, in the event of a security breach, problems can be resolved without waiting on the response of a software provider if the user invested in their IT capabilities. The other side of the coin is that hackers can misuse the vulnerability fix against people who haven’t updated the software yet. Security remains a kind of cat and mouse game whereby attackers and defenders try to find all vulnerabilities as fast as they can.
Giving employees a sense of pride
Working with open source software can give your organisation a competitive advantage on the job market. Open source software makes your organisation more dynamic and challenging as problems in the used software can be solved by in-house developers themselves; it can create a more interesting workplace. Besides, developers tend to provide better and cleaner code because the complete developer community will be able to judge their work. According to Facebook this results in the fact that developers “ work with more pride […] because they know they can open source their work.”
Potential cost savings
Last but not least, depending on the license, making use of an open source software solution could save costs. This lower cost results from the i.a. following aspects: (1) possibly zero purchase price and (2) lower costs for upgrades. In practice, the actual savings depend on many aspects, from the specific IT and management capabilities in the organisation to what kind of software is used.
Open source in public organisations
In short, using open source software comes with many advantages. A question remains: are public organisations using open source software already? We will take a closer look at the usage of open source software in this type of organisation from all over the world.
Open source strategies around the world
The City of Amsterdam is a big fan of open source projects. Their projects range from “a 360° panorama processing system to an OAuth 2.0 server written in Go”. They believe that “being a part of the Open Source ecosystem – in which we, [the City of Amsterdam], are both a user and contributor – is an essential enabler to the development of our digital services.”
The City of Amsterdam publishes its projects on GitHub.com/Amsterdam and luckily they are not the only governmental body that is participating in the open source community. https://government.github.com/community/ shows a range of governmental bodies that use GitHub to share their projects and to collaborate with people from all over the world. There are repositories of a very diverse group of countries. From Venezuela to Poland and from Saudi Arabia to South Africa. To pick out just one example: the repository of the South African Economic Development Department shows its “government digital strategy”. Browse around to find more interesting projects yourself.
Important in making these public institutions aware of the benefits of open source software are NGOs, such as OpenForum Europe (OFE) and Free Software Foundation Europe (FSFE). OFE is a non-profit organisation, “which explains the merits of openness in computing to policy makers and communities across Europe”. Fsfe, also non-profit, has a similar goal, but a somewhat broader approach. They help “individuals and organisations to understand how Free Software contributes to freedom, transparency, and self-determination.” The work of these and similar institutions have been important in the establishment of an official European Union (EU) open source strategy. Some of the key aspects of this strategy are:
Equal treatment in procurement. In other words, open source solutions and proprietary solutions will be assessed on an equal basis.
The European Commission (EC) is increasingly supporting and contributing to open source software communities.
The EC is giving EC developers legal guidance and advice how to deal with the intellectual property issues relating to open source software.
Another EU initiative is the Free and Open Source Software Auditing (FOSSA). FOSSA’s goal is to increase the security and integrity of critical open source software. It aims to (1) set up bug bounty programmes, (2) organise hackathons and conferences, and (3) engage with developer communities.
To sum up: a growing number of public organisations is using open source software and is publishing their open source software efforts. This allows organisations from all over the world to reap the benefits of their open source efforts.
Open source software has not always been promoted in such a manner as described above; in 2004, then Member of the Dutch Parliament Zsolt Szabo opted, on behalf of the political party VVD, for “a full stop of open-source projects”. The VVD believed that the recent increase in usage of open source software came out of a “negative sentiment towards larger suppliers”. And even as recently as 2017 some Dutch public officials thought that open source software was being crafted by a single person in his/her attic.
However, in recent years the tone has changed and there have been many examples throughout the world that showed the success of using open source software in public institutions. In the Netherlands, Pleio is an excellent example of a successful open source project that is implemented within a government. Pleio is a platform for collaboration and has around 400.000 users per month. The U.S. National Geospatial-Intelligence Agency has also been adopting and leveraging open source best practices for their geospatial technology for years.
Yet another success story is Notify. Notify is a public sector messaging system that was first successfully used by the UK and is currently used by hundreds of public organisations in the UK. After witnessing this success, the Canadian government is now using the same application, but changed it (e.g. translated it into French). The key take is that applying open source software can be beneficial for multiple governments at the same time.
In this blogpost, we showed the benefits of open source software: open source software can give organisations more flexibility, potentially increasing efficiency and security. We also discussed open source initiatives of public organisations all over the world and found that the interest in such software is rapidly growing, both on a national and on a regional level. Summitto also strongly believes in the benefits of open source software. That’s why we will open source our software once we reach production phase. This will enable countries all over the world to use our system and to combat VAT fraud in an efficient and confidential way. You can already have a look at our open sourced PGP Packet Library here: https://github.com/summitto/pgp-packet-library. Soon we will publish a blogpost in which we discuss why we chose to build it. If you would like to know more about our open source strategy, please let us know via firstname.lastname@example.org
Hillenius, G. (2020). Dutch government encourages public services to share their software code. Retrieved from: https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/legal-barrier-be-removed.
Garrison, J. (2014). What do the phrases “Free as in Speech” or “Free as in Beer” really mean. Retrieved from: https://www.howtogeek.com/howto/31717/what-do-the-phrases-free-speech-vs.-free-beer-really-mean.
Choose an open source license (2020). Retrieved from: https://choosealicense.com/.
van Hoytema, B. and Groenen, J. (2018). Gemeente Amsterdam doet ‘t zelf(s). Retrieved from: https://ibestuur.nl/nieuws/gemeente-amsterdam-doet-t-zelfs.
Olson, G. (2017). Why using open source software helps companies stay flexible and innovate. Retrieved from: https://www.linux.com/news/why-using-open-source-software-helps-companies-stay-flexible/.
See for a more extensive discussion about security through obscurity: Papagelis, A (2012). Open-source and the “obscurity through obscurity” fallacy. Retrieved from: https://www.efrontlearning.com/blog/2012/04/open-source-and-the-security-through-obscurity-fallacy.html.
King, B. (2017). Is security through obscurity safer than open source software? Retrieved from: https://www.makeuseof.com/tag/security-obscurity-open-source-better/.
See for a list of CEOs commenting on the advantages of open source software: Open Source Initiiative (2020). Strategic advantages of open source: https://opensource.org/strategic.
See for an even more extensive discussion of the benefits of open source software: gbdirect (2020). Benefits of using open source software. Retrieved from: https://open-source.gbdirect.co.uk/migration/benefit.html.
City of Amsterdam (2020). Open source at the City of Amsterdam. Retrieved from: https://amsterdam.github.io.
These are just two of such organisations, there are many more in different countries throughout the world.
OpenForum Europe (2020). About OFE. Retrieved from: http://www.openforumeurope.org/about-ofe/.
FSFE (2020). Our work. Retrieved from: https://fsfe.org/work.en.html.
European Commission (2014). Open source software strategy. Retrieved from: https://ec.europa.eu/info/departments/informatics/open-source-software-strategy_en.
Anonymous (2004). VVD wil stopzetting open source-projecten. Retrieved from: https://www.security.nl/posting/20356/VVD+wil+stopzetting+open+source-projecten.
PBLQ (2017). Rapport Kenniscentrum Open Source Software. Retrieved from: https://www.pianoo.nl/sites/default/files/documents/documents/rapportkenniscentrumopensourcesoftware-februari2017.pdf
Delta 10 (2017). Succesvolle open source projecten binnen de overheid. Retrieved from: https://www.delta10.nl/blog/3/succesvolle-open-source-projecten.
Deparday, V. and Soden, R. (2017). Leveraging open source as a public institution - new analysis reveals significant returns on investment in open source technologies. Retrieved from: https://blogs.worldbank.org/opendata/leveraging-open-source-public-institution-new-analysis-reveals-significant-returns-investment-open.
For an excellent overview (in German) of the usage of open source software by public institutions see: Wikipedia (2020). Open-Source-Software in öffentlichen Einrichtungen. Retrieved from: https://de.wikipedia.org/wiki/Open-Source-Software_in_%C3%B6ffentlichen_Einrichtungen.