The Strange Case of the Disappearing Open Source Vendors
Pages: 1, 2

Open Source in Government

And then there's the biggest IT end user of them all: government. Governments around the world are increasingly showing an interest in the cost savings and increased control by end users that open source provides.

At the conference, Todd Ogasawara tells how shifting budget priorities pushed the state of Hawaii to move away from commercial software solutions to Linux, Apache, MySQL, Zope, Python, and PHP for its Intranet portal. Lisa Nyman and Rachael LaPorte Taylor explain how the FedStats.gov site was built with Perl, Apache, and MySQL. Kim Brand and Matthew Hartmann talk about open source opportunities in schools. (Their work is with a small group of Catholic schools in Indianapolis, but as Matthew Szulik, CEO of Red Hat, points out: "The average technology expenditure per student is $105 per year--money that should be stretched as far as possible." It's in the public interest for public schools to use publicly available software whenever possible.)

And of course, as with the commercial sector, conference attendees span a wide range of national, state, and local government agencies, from the Department of Defense, the Census Bureau, and the EPA all the way down to Medina County in Ohio.

Ever prescient about marketplace threats, Microsoft was the first to realize that government was perhaps the key battleground between open source and proprietary software. It began its public campaign against Linux and open source in early 2001 with much publicized remarks by Jim Allchin ("Open source is an intellectual-property destroyer") and Steve Ballmer ("Linux is a cancer"). These were not attacks on deep-pocketed Linux backers such as IBM and Hewlett-Packard, but an attempt to undermine support for Linux by U.S. government agencies. The focus on Linux in government has continued and intensified in recent months, with salvos against the Pentagon and the government of Peru.

Not content with direct attacks, the Microsoft-funded Alexis de Tocqueville Institution released a "study" claiming that open source might undermine our national security:

In a paper to be released next week, the Alexis de Tocqueville Institution outlines how open source might facilitate efforts to disrupt or sabotage electronic commerce, air-traffic control, or even sensitive surveillance systems.

Unlike proprietary software, open source software does not make the underlying code of a software confidential.

"Computer systems are the backbone of U.S. national security", says Fossedal, chairman of the Alexis de Tocqueville Institution and its Committee for the Common Defense, which will release the study. "Before the Pentagon and other federal agencies make uninformed decisions to alter the very foundation of computer security, they should study the potential consequences carefully."

This is FUD of the highest order, because, of course, it is Microsoft's software, not open source software, that has been the focus of security breakdowns so common as to become routine. Most security experts believe that open source software is likely to be more secure than proprietary software, because it doesn't rely on obscurity for security, but on effective, secure systems design.

The de Tocqueville paper consists of little more than unsupported assertions about the danger of open source, and has been refuted at length elsewhere. What is germane to my argument here, of course, is that Microsoft has correctly identified government as one of the key axes of open source adoption, and the fierceness of their attacks indicate just how concerned they are about it.

The willingness to make scurrilous accusations ("open source might facilitate efforts to disrupt or sabotage electronic commerce, air-traffic control or even sensitive surveillance systems") is symptomatic of the disregard for the truth afflicting corporate America these days. The willingness to harness misinformation as a tool of corporate strategy springs from the same "me first at all costs" mentality that led us to the Enron debacle. Just as Enron thought it was appropriate business practice to manipulate the California energy markets to raise its profits, Microsoft seeks to influence public policy to raise the costs of software and prohibit government support for a low-cost alternative.

The national security threat promised by the de Tocqueville press release turned out to be nothing more than a few inflammatory paragraphs buried in a much larger document repeating and expanding on Microsoft's attacks on the "business-unfriendly" nature of the GPL.

The chief argument appears to be that code covered by the GPL can't be combined with proprietary code because doing so requires the resulting product also to be released under the GPL. Of course, this argument trades on ambiguity. It implies that, as Steve Ballmer said last year in his "Linux is a cancer" interview, GPL'd software "attaches itself in an intellectual property sense to everything it touches", when in fact, the "viral" effect of the GPL applies only if the code from a GPL'd program is actually incorporated into another program. And of course, Microsoft code can't be incorporated into other products either, under any terms at all (or at least without paying substantial sums to Microsoft), while GPL'd code is useful for any public or private sector projects that care to play by its rules.

As I've long made clear, I prefer BSD- or Apache-style licenses, or dual-licensing schemes such as the SleepyCat license, because I believe they allow for a richer ecology of open source and proprietary commercial development. Of course, this preference is within the context of support for all licenses, from the most proprietary to the most free, since my primary belief is in the right of developers to set the terms for the reuse of their code in an way that best serves their objectives. And that includes Microsoft's right to set the terms under which they license their own software--but only so long as the user is free to accept or reject those terms in a fair marketplace.

While it may not seem so from this article, I'm actually a big fan of Microsoft. They had a vision early on of cheap, ubiquitous personal computing, and the fact that computers are so widespread today is in part a tribute to their singleminded pursuit of that vision. And now, with .NET, they have a new vision, of an Internet-scale operating system, which is driving the industry forward into uncharted territory. Despite the many knocks on them from the open source community, they are an innovative company. But they are also an arrogant company, and one that has fallen into the trap of assuming that they somehow have a right to profit levels that they've enjoyed in the past, and that any method to maintain that profitability (even when growth slows) is legitimate.

I part ways with Microsoft when they seek to restrict the choice of their users, whether by unfairly using their monopoly position to extinguish competitors, or by undermining industry standards with non-interoperable extensions, or by locking in users, or by seeking to influence public policy to shut out open source software.

The vehemence of Microsoft's attacks on the GPL have led me to believe that GPL advocates may be right that it is the public's best defense against companies that want to take from the commons without giving anything back, or worse, block the commons so that people will have to buy their products. As a result, I've invited Richard Stallman to keynote at this year's Open Source Convention. Richard's uncompromising vision that software should belong to its users so that they can repair and extend it as needed is a refreshing corrective to the excesses of an industry that pits itself against its customers in order to extract maximum profits from them.

The concept that the GPL is "business unfriendly" is based entirely on the concept that only software vendors make money with software. If in fact, the great majority of software is developed by users of the software, and not by vendors, then open source is very good for business, and a policy that encourages lower-cost alternatives to high-cost proprietary software is a good public policy. It is no accident that inside Microsoft, decisions that lead to software lock-in are referred to as "the strategy tax." This tax is imposed not just on Microsoft's own developers, but on corporations and government institutions.

Customer lock-in is the real enemy of business, not the GPL.

In a recent piece on the difficulty of extracting his mail and contacts from Outlook 2000, Dale Dougherty wrote a paragraph that ought to be studied hard by decisionmakers at Microsoft:

Nike is running a series of bold, new commercials featuring Tiger Woods, who says his contract with Nike doesn't require him to use its equipment unless he finds it to be the best in the market. He says with amusement that it puts the pressure on Nike to be the best or else. If Microsoft is the best at what it does, then it shouldn't have to resort to this kind of lock-in of its contract with users. Let us choose the best.

This is the very same point made by Peruvian Congressman Edgar Villanueva Nuñez, in his letter to Microsoft responding to their protest against his bill to have the Peruvian government mandate use of free software:

"To guarantee the free access of citizens to public information, it is indispensable that the encoding of data is not tied to a single provider. The use of standard and open formats gives a guarantee of this free access, if necessary through the creation of compatible free software.

To guarantee the permanence of public data, it is necessary that the usability and maintenance of the software does not depend on the goodwill of the suppliers, or on the monopoly conditions imposed by them. For this reason the State needs systems the development of which can be guaranteed due to the availability of the source code."

(Incidentally, I've invited Congressman Villanueva Nuñez to be my guest at OSCON. I'm hopeful that he can take part in the session we have planned on Open Source in Government. Microsoft is also invited to send a representative.)

My concern to air the issues around open source in government was triggered not just by the de Tocqueville piece, but because I've heard tales that intense Microsoft lobbying is making some open source advocates in government keep their heads down. This pressure has hit several of our planned speakers at the Open Source Convention. Below are excerpts from two recent mail messages I received from one of the conference planners. Names and other identifying information are deleted to protect the privacy of the individuals in question, who already appear to be in trouble:

I have been talking with name deleted. Long story short, other speaker name deleted called this morning and said he can't do the talk. I got the impression he was in deep doo doo with his bosses. He asked me to jerk him off the web site quickly, along with any reference in the description to name of government agency deleted. He said the talk can in no way appear to represent agency.

and

name deleted is the speaker for session title deleted I called him earlier in the week to ask how things were going. He said that he just ... walked into a beehive. Said he was thrown into [his boss's] office and told that he may not speak about anything having to do with name of agency deleted. So, he said he can speak on a different topic if you like, or cancel. He is planning to come to the conference regardless of the outcome and will pay if he must.

Now, I can't say that these two about-faces from speakers who were originally eager to proclaim their agency's use of open source have any relationship to the fact that Microsoft is pouring money into lobbying against open source as anti-competitive, anti-American, and a potential aid to terrorism. But the recent FUD sure can't help open source advocates in government. (It's also true that government officials are under strict regulations about what they can endorse, in order to keep a level playing field.) Nonetheless, it seems to me that there's a real need to understand what's going on. Government procurement and standards-setting systems are byzantine and impenetrable, so it's hard to follow the money or find out who makes decisions about software, and on what they base those decisions.

I'd like to see more serious debate about public policy regarding software. Like most members of the industry, I believe that less government intervention is better, but once the government does get involved, and companies with full time lobbyists (like Microsoft) are working the issues, it behooves us all to make sure that our voices are heard and the issues thoroughly explored.

If you have information (either positive or negative) about the use of open source in government, or about the pressures that are placed on its advocates, please post the information in the talkback at the end of this article, or if you need to keep some or all of the details private, send me mail (tim at oreilly.com).

And of course, government agencies that use open source software to reduce costs or serve their customers, as well as companies, universities, research labs, and individual users, should stick the course, choosing the software that best meets their needs, rejecting software that unfairly limits their choice or seeks to extract too high a price for the value it delivers, and continuing to share with others, in a cooperative marketplace, tools that can make the pie bigger for everyone.