Open source - accelerating e-government:
the Bulgarian electronic governance act
Bozhidar BozhanovAdviser to the political cabinet of the deputy prime minister for coalition policy and
public administration and minister of interior
● Senior software engineer and architect
● http://techblog.bozho.net
● Adviser to the deputy primer minister of Bulgaria about e-
government, open data & technology
● Realistic idealist
About me
“You can’t make the ladies behind the desks use LibreOffice and Linux!!
Open Source for the Government??
You can, but that’s a different story...
It’s not about Linux...
● The government is constantly procuring both specific and generic software
● The government ignores the “rule”o if the problem is widespread - use open source softwareo if the problem is rare - use an existing commercial solutiono if the problem is unique - order a new piece of software
● The government doesn’t have the personnel to adapt and implement even ready-to-use open source projects.
Custom software
● Vendor lock-in● Abandonware● Low-quality software● Bugs and security holes
o egov.bgo (forest) logging registry (?the_wife_of_my_cousin=1)o ...who knows what else?
● Most of that software is owned by the governmento ...and sits on CDs in basements
● Even projects using WordPress, Drupal, Joomla are de-facto closed source
● Questionable, opaque spending
Status quo
● Websites of ministries/agencies/municipalities/programmes● Registries● General clerk software● Specific information systems● Accountancy software● egov - middleware, registries, portal, e-services
Types of government software
● what’s the relation between “government software” and “electronic governance”?
● The problems of electronic governanceo Lacl of coordinationo Lack of qualityo Lack of vision
Electronic governance
(almost) all new projects must be open-sourced
A solution?
We proposed article 58a, which mandates:
• All new custom-built software to be open source• Developed in a public repository from day 1
The electronic governance act
● Reusability● Higher quality● Easier extension and support
o from a government “system integrator”o from other companieso from NGOs and even citizens
● Transparencyo What did the government spend the money ono “but...nobody will be watching those projects!” - there are people that
will be watching them, don’t worry :)
Why?
● UK- http://github.com/alphagov (330 projects)● US - http://www.govcode.org/ (2000 projects); Federal source code policy● Estonia - e-voting, egov, X-Road
o “All our key projects become open source, including the systems for health care, police, business portals and document exchange” Siim Sikkut, ICT Policy Adviser
● Switzerland● The European Commission● European Parliament called for “the systematic replacement of proprietary
software by auditable and verifiable open-source software in all the EU institutions, and for the introduction of a mandatory open-source-selection criterion in all future ICT procurement procedures”
Experience around the world
● Every company, implementing software ordered by the government uses a public repoo must use it actively (and not just synchronize an internal repo with it)o git or mercurial
● Public documentation● Stable master● The licence used must be approved by FSF or OSI
o EUPL by default. Allowed: GPLv3, AGPL, Apache, MIT, etc.
Procedure
● no difference for the company writing the software - even now the product is owned by the government in most cases
● no difference for the government - 10 lines more in the technical specification.o and we prepared a template for that
● total cost of ownership is the same in the worst case● new business models
Why would that work?
“Are you listening to yourself, the government can’t open their systems?!”
● Only the source is publicly available; not the server passwords● A small portion of the government software is highly critical; a small
portion even have a publically-facing interface.o The law doesn’t apply to systems regarding national security and
classified information● WordPress is more secure than any website that any company will build.● Open-source software is more secure
o ...except for openssl, bash and small, unpopular projects … :)
Security
● not applicable to existing closed-sourced software● good code != good software● not every project can be monitored carefully by society● won’t solve the problems of e-governance, coordination, corruption● can see opposition in the face of malicious companies
No silver bullet...
● Proprietary components?o Allowed
● Entire proprietary systems or proprietary base?o Allowed, but must prove TCO will be lower
● Does it mean the database can’t be Oracle / MS SQL Server?o No.
● Will we switch to Linux and LibreOfficeo No – a lot of migration required – desktop software, ActiveDirectory,
trainingso But we will switch to ODF
Typical questions
● The amendments to to the electronic governance acts passed and are in force!
● We have set up an agency to oversee the process● We have prepared templates and answers to regular questions● http://github.com/governmentbg
o Soon – an on-premise system, mirrored to GitHub● EU programs explicitly require open source
So far...
● Administration not knowing they should do ito We already have tenders that do not conform with the lawo We have prepared templates and answers to regular questions
● No responsible body for enforcemento We have set up an agency to oversee the process, not yet operational
● Companies may develop “privately” and push at the endo http://github.com/governmentbg , soon – an on-premise system,
mirrored to GitHub● It can be ignored
o “No open source – no funding” works (EU programs explicitly require open source)
Potential issues
● Put it in the law● Be explicit that it applies to all projects (websites, registers, information
systems)o “It does not apply to us” phenomenon
● Find or create a responsible body● Also put it as a prerequisite for funding● Talk● Answer questions
Advice
● Too early to say● Depends on willingness to enforce● I will share our experience within a year
Will it work?
Open and transparent projects should bring better quality and lower TCO
(image taken from http://exequiel09.github.io/symposium-presentation/)
Questions?