The Open Source Dilemma for Governments

Sam Hiser writes "Tom Adelstein, open source consultant and Member of the Open Government Interoperability Project ("OGIP") working group, offers another incisive article in which he discusses the costs in the terms of lives and dollars when local governments do not deploy open standards-based software for data sharing. Asks Adelstein, 'Can local governments afford to create redundant applications to meet new Federal standards for first responder alerts, emergency services, law enforcement, broadcasters?' He posits that Open Source collaborative initiatives may provide the only solution for the US if the people want to create a safer environment."

The Open Source Software Institute...

[tcopeland]

...is a big supporter of this sort of thing. Check them out here [oss-institute.org]. The OSSI is chaired by John Weathersby, who seems to have a good handle on how to communicate effectively via standards, reports, certifications, and so on with folks in the U.S. government.

Text for the soon to be slashdotted..

[Anonymous Coward]

The Open Source Dilemma for Governments

by Tom Adelstein
January 04, 2004

If someone told you a hole existed in the competitive landscape for a large and highly addressable US market segment you would call them a niche miner. If I told you the cream of that niche totaled $56 billion and could be addressed in a three to five year time frame you might wonder how you missed it. Don't feel bad, it seems that the major computer companies have missed it too.

In a nutshell, the local government software market has not drawn large software firms. Also, independent software vendors (ISV's) have failed to adequately satisfy this market's needs as they lack the resources to serve the large geographical base. People have viewed this market as fragmented, requiring too much one-off customization with long sales cycles. Since the tragedy of September 11, 2001 those barriers and the poor economics of serving this sector have changed. You might call this a new opportunity.
What's At-Stake

Local governments must upgrade their computer infrastructures. That means additional taxes, levies and bond issues lie ahead. They could ignore their ailing systems and that means putting people's lives at risk. If the American public understood this problem one might see some intense interest at town hall meetings. If mayors and city councils really understood this problem they might panic. Perhaps some of us also wonder how much frustration US agency and department personnel feel as they hurry to make a bigger impact in a faster time frame and run into muck of local government.

An example of the problem local governments face exists on the website of the US Department of Justice - Office of Justice Programs, under the Global Justice Data Model http://it.ojp.gov/topic.jsp?topic_id=43. On that page, the authors write:

Approximately 16,000 justice and public safety-related data elements were collected from various local and state government sources. These were analyzed and reduced to around 2,000 unique data elements that were then incorporated into about 300 data objects or reusable components. These components have inherent qualities enabling access from multiple sources and reuse in multiple applications. In addition, the standardization of the core components resulted in significant potential for increased interoperability among and between justice and public safety information systems.

Many of those 16,000 fields contain the same type of information with a different naming scheme. For example, some databases use the field " name_first" and others use "first_name". Then you might find "firstname" or "givenname" or "given_name".

As you go through the local government databases, you find a myriad of schemes for everything from last_name to zip_code. Obvious, the nation's information stores contain massive redundancies. These redundancies make it difficult to share data and provide alerts.

So, add all the separate naming schemes of local government databases together and you get 16,000 variations. Create a standard and it goes down to 2,000. Put those into categories of reusable components and you wind up with 300 database elements. That's why they call it a standard. It allows disparate systems to work together. It starts to open the window of a manageable task when the interoperable elements number 300 instead of 16,000.
Non-Compliance Problems and Their Costs to You and Me

Recently, I received two requests to assist a local government and a university in the same area of deploying justice databases. The requests involved implementing a new, comprehensive application to provide services and a tracking system using a web-enabled database-driven application. The requirements of the applications seemed simple and with the use of the Global Justice Data Model, I estimated delivery within 90 days. In both instances, the people controlling those projects dismissed implementation of the standards-based model.

What should one do when government entitie

Re:The Open Source Software Institute...

[dasmegabyte]

Apache is more secure than IIS because:

• Apache generally runs as an unprivliged user -- IIS by default runs as the local system and on some systems I've seen has been set up to run as a privlidged network user (to get around problems with content on networked drives).
  
• Apache is designed to do less than IIS. Comparing the two isn't even fair...IIS is a web server, an email server, an ftp server, etc etc. It's designed to do EVERYTHING. So it's not apples to apples...more like apples to an appleseed.
  
• By default, Apache only installs a few basic modules. Almost everything is optional. IIS, designed to be an end-to-end solution for internet servers, installs everything. If you lock it down, remove the crap you don't use, it's much better off.
  
• Apache has more people working on it and more frequent bug releases. MS has to worry about massive overhead and support costs with every release...so they space them apart further. My company does the same thing.
  

Anyhow, this article is a lot of FUD. I write software for local governments, and at least in this state (which is one of the richest in the US), OSS wouldn't save any money nor eliminate any problems. "Code Security" is not a big problem in local government -- as local governments generally only use their digital systems to warehouse and process publically available information. These guys keep paper records going back to the 18th century, and if anything seems out of the ordinary they check the paper. Heck, if tax rolls come out twenty cents unbalanced from the invoice, we have to audit the programs line by line. And if asked, we readily turn over our code to local auditors. Very rarely do we do this. Nobody cares about anything except getting the software to cut down on their workload.

And that's the biggest problem in this market: accountability. Small companys come in, install software, and then disappear. So when laws and regulations change, there's nobody to update the old software. Most of these people don't have IT departments (some don't even have computers in some departments, or use their own personal machines...the assessor in my home town runs a computer shop and that's how he got the job!). There is so little money, that only by relying on companys to help with everything from installing printers to writing custom tax logic for way less than the standard consulting rate (hoping to get a chance to use it somewhere else) can these towns get their software written.

Can you imagine the accountability headaches associated with asking a "community" to write custom tax logic? With not having a responsible party you can call when stuff breaks? You'd still have to pay somebody out of your budget (which is sometimes set five or more YEARS in advance) to support the program, only they wouldn't have any real interest invested in fixing the program quickly. There's incentive with private software to deliver the best, easiest to use stuff you can for whatever price you can get.

Don't get me wrong...I like the idea of getting more eyes on my code...but I can't imagine injecting community code into a hectic development schedule like we maintain. It seems like it'd be inviting too much uncertainty in an arena that only thrives with a stable support structure. My boss would surely never go for it. Of course, I don't expect many of the OSS acolytes to agree with me...some people don't seem to understand that the minimum wage people working without possibility of overtime at the county clerk's office don't want to visit the newsgroups for help when they have bugs preventing their license software from printing.

Re:The Open Source Software Institute...

[dasmegabyte]

Oh. I almost left out the key to interoperability concerns: Governments have had them for years. Speculation over open standards aside, the way they've been best met so far is when the government agency requesting the data creates the spec and a reference implementation itself. I do not think there is any benefit to relying on an Open group to do this...as the current method works really well. I'm thinking specifically of the tax assessment software we use in this state...I wrote an application which integrates with it and produces data update requests, and this was possibly one of the easiest things I've ever done despite the fact that the database structure was a little dumb. There is no problem, so there's no need for an Open solution to one! Besides...the last thing these poor goverment people need is a fancy programmer's solution to the human problem of data integration.

Besides, all it takes is a single government agency in the pocket of some software company (*cough* California *cough*) to trump any attempts at creating a single universal solution. So we may as well accept that there's going to be some conversion necessary, and not waste our time trying to hold back the deluge of incompatible formats. Far better to be the flexible party who can bring them altogether...

Author is misrespesentative

[geekee]

"Mr. Bray has determined that Open Source Software appears as a bad idea as he further writes: (So what's wrong?) Plenty, if you're Microsoft or Oracle, or any of the thousands of smaller companies that make closed-source software for government agencies. According to the research firm IDC Corp., federal, state and local governments spend $34 billion a year on software. If Kriss's (Open Source in Government) ideas were to catch on across the land, a lot of that revenue disappears, and much of what remains won't go to firms like Microsoft, which refuses to offer open-source products."

Bray never says open source is a bad idea. He merely says companies like MS and Oracle will lose revenue as a result of OSS. Why should I believe an author who can't even interpret a quote correctly,

Re: The reverse would seem to be true

[dzelenka]

No way. The one programmer is going to look like a productive dynamo. And without the programmer, there will be nobody to compile and implement the product, to say nothing of the maintenance phase.

Re:Huh?

[nathanh]

So the Internet works because it "follows standards", and we know MSIE (price: free) has the largest share of the browser market.

They achieved that marketshare through illegal use of their x86 operating system monopoly. That's a fact as determined by the US courts.

So MS hasn't broken the Internet. Can someone give an example of what he's talking about?

He didn't say Microsoft had "broken" the Internet. Let's read it again:

Why must the public have to pay for those technologies once again because companies like Microsoft adopt them and then resell them as proprietary software?

Adopt and resell. Not break. His preceding paragraph about following standards makes no mention of Microsoft. You are trying to put words into his mouth.