FOSS Government Policy/Strategic Importance of FOSS

Many countries are contemplating the promotion of FOSS via legislative, policy or government procurement methods [1] If FOSS were just another method of developing software, governments would have little reason to specifically advocate FOSS. However, FOSS brings many compelling benefits to a nation, especially a developing nation with limited resources.

Various governments have different motives for their FOSS initiatives. Since each country’s circumstances are different, there is a wide variance between their motives. Nor are these reasons, necessarily, similar to the often-cited reasons for private sector adoption of FOSS. FOSS brings additional benefits that are not relevant to the private sector but critical to developing nations.

The most common motives are:

Strategic Benefits

  • Developing local capacity/industry
  • Reducing imports/conserving foreign exchange
  • Enhancing national security
  • Reducing copyright infringements
  • Enabling Localization

Economic Benefits

  • Increasing competition
  • Reducing Total Cost of Ownership
  • Enhancing Security
  • Achieving vendor independence

Social Benefits

  • Increasing access to information

Strategic Benefits

edit

Developing Local Capacity/Industry

edit

Developing local capacity falls into two main categories: the capacity to use and the capacity to develop software. Although interrelated, FOSS assists in their development in different ways.

Using Software

edit

The local capacity to utilize ICTs is traditionally held back by the high cost of both hardware and software. The ability to participate in the information society and build local knowledge communities is severely constrained when the cost of a basic operating system is equivalent to several years’ wages for the average citizen [2] FOSS alleviates this situation (though it can never totally eliminate it) in two ways: zero licensing cost and free redistribution. It is possible to obtain FOSS for almost any conceivable purpose without any licensing costs, thus reducing the cost barrier. FOSS is also freely redistributable, meaning that anyone can share software with a neighbour in need. Free (the F in FOSS) Software, in particular, holds this as one of its fundamental principles. Traditional proprietary software, no matter how low the costs, often cannot be freely redistributed in this manner.

Developing Software

edit

A common problem faced by developing nations is the lack of development capacity. Where does a country obtain the human capacity required to sustain an ICT infrastructure? In this area, FOSS excels. For most developing countries, it is not that FOSS will make a non-existent industry more competitive but, rather, it allows a developing nation to kick-start its ICT industry and advance to a stage where it can begin to fully utilize the benefits of ICT internally.

It has been noted that there is a positive correlation between the growth of a FOSS developer base and the innovative software capacities of an economy. A report from the International Institute of Infonomics lists three reasons for this.[3]

Low barriers to entry
FOSS, which encourages free modification and redistribution, is easy to obtain, use and learn from. Proprietary software tends to be much more restrictive, not just in the limited availability of source code but also because of licensing, patent and copyright limitations. FOSS allows developers to build on existing knowledge and pre-built components, much like basic research. On the other hand, existing proprietary software is often the result of years of building and refinement that a software company in a developing country has little chance of developing a competitive system and selling it.
FOSS as an excellent training system
The open and collaborative nature of FOSS allows a student or software engineer to examine and experiment with software concepts at virtually no direct cost to society. Apart from the source code and software tools that FOSS provides, there are many technical manuals, guides and ‘how-tos’ provided in every FOSS distribution. This documentation is the equivalent of thousands of dollars of manuals and textbooks, all available and freely redistributable. A student can also tap into the global collaborative FOSS development network that includes massive archives of technical information and interactive discussion tools. Proprietary systems are usually closed and do not encourage this experimentation and learning.
FOSS as a source of standards
FOSS often becomes a de facto standard by virtue of its dominance in a particular sector of an industry. By being involved in setting the standards in a particular FOSS application, a region can ensure that the standard produced takes into account regional needs and cultural considerations. For instance, proper word wrapping is still an issue with many non-roman alphabetical languages and holds back the development of word processors, browsers, databases and other software tools for these languages. However, the Chinese language, although based on a radically different system from that of western languages, is decently supported in FOSS systems due to the involvement of Chinese-speaking FOSS developers.

Additionally, the current business models structured around FOSS are primarily based on services, rather than on products. This makes it much more likely that a FOSS based company will have the majority of its staff in the country that it sells to and will thus reinvest its profits there.

Reducing Imports/Conserving Foreign Exchange

edit

A significant portion of the global proprietary software industry today is centralized in only a small number of countries. Companies based in the United States produce an enormous proportion of the world’s operating systems (IBM AIX, HP-UX, Solaris, Microsoft Windows, etc) and business applications (Oracle, PeopleSoft, Adobe Photoshop, etc). Countries that have to license this software, other than the originating country, end up importing software licenses. The large cost of these licenses places an enormous burden on the financial resources of a developing nation, resources that can be used on other development needs. Fortunately, alternatives exist.

FOSS, by the nature of its licensing terms, can be obtained at little or no cost, and therefore, saves a massive amount of foreign exchange. But this is not the only benefit. As noted in the European study, “Free/Libre and Open Source Software: Survey and Study”:[4]

The costs of this more service-oriented model of open source are then also normally spent within the economy of the governmental organization, and not necessary (sic) to large multinational companies. This has a positive feedback regarding employment, local investment base, tax revenue, etc.

Whatever money is spent on FOSS in a country usually stays in that country, which leads to the previously mentioned benefit – the development of local industry.

This is reportedly one of the major motivations behind Brazil's FOSS policy. In its 2002 balance of payments report, Brazil actually spent more money on “royalties and licenses” than it did on “computer and information”.[5]

While software licenses only represent a portion of royalties and licenses, any reduction in licensing fees would improve Brazil's balance of payment situation. It has been argued that the current balance of payment situation has negatively impacted Brazil's economic development.[6]

Other countries or economies that are reported to have similar motives include South Africa, Taiwan (province of China) and South Korea.

Enhancing National Security

edit

Proprietary software is normally distributed in binary format; therefore it is difficult to reverse-engineer and to understand exactly what a program does. Although the opaqueness of the binary format offers limited protection to the intellectual property of the software maker, it engenders mistrust and suspicion. Could there be hidden back-doors or holes in the software, possibly allowing a remote attacker to easily compromise data? In the case of governments other than the United States of America, there is some mistrust of Microsoft’s software, especially after the infamous “NSA Key” incident.[7]

Other recent cases include the acknowledgments by both Netgear [8] and Cisco systems that there were secret user names and passwords hard-coded into certain models of their wireless routers.[9] The user could not be disabled, allowing anyone with the right username/password combination to connect and take full control of the router. Both Cisco and Netgear later issued a fix but there is no way to verify that other back-doors do not exist.

There have been previous cases where vendors “fixed” such a vulnerability by merely changing the username/password combination and hoping that no one would find out about the new combination.

Mistrust of “black-boxed” foreign software that cannot be audited has been cited as one of China’s reasons for its adoption of FOSS [10] and one of the reasons why other governments are considering FOSS.[11]

edit

Copyright infringements in the form of unauthorized duplication of software (often called software piracy) are a problem in almost every country around the world. The Business Software Alliance estimates that unauthorized software copying in 2002 alone costed US$13.08 billion. Even in developed nations where software is affordable in theory, software copyright infringement rates were as high as 24 percent in the United States and 35 percent in Europe. The rates in developing countries, where lower incomes make software far more expensive, are upwards of 90 percent.[12]

Copyright infringement and lax laws can and often do hurt a country in many ways. A country with a poor track record in copyright protection is not as attractive to foreign investors. Membership in the World Trade Organization (WTO) and access to its benefits are strongly influenced by the level of protection given to copyrights and patents in a country. Bilateral and multilateral trading agreements with developed nations often involve requirements to reduce copyright infringements as well. A culture of copyright infringement hurts local software development, as there is less incentive for local software developers to create a local product.

Copyright infringement issues have been cited as a major motivator for Viet Nam’s FOSS policy. A trade agreement with the United States signed in 2001 and Viet Nam's goal of joining the WTO by 2005 make it imperative that the copyright infringements in that country be greatly reduced.

Enabling Localization

edit

Countries where English is not commonly spoken can be at a serious disadvantage when it comes to the uptake and dissemination of ICTs. If the country and language are not deemed to be commercially important, proprietary software makers may not choose to produce a localized version of their software, thereby increasing the barriers to ICT usage.

Localization is one of the areas where FOSS becomes a preferred option because of its open nature. Users are able to modify FOSS to suit the unique requirements of a particular cultural region, regardless of economic size. All that is needed is a number of individuals possessing the technical capability to create a minimally localized version of any FOSS. While the construction of a completely localized software platform is no small feat, it is at least possible. Microsoft’s decision in 1998 against producing an Icelandic version of Windows 98[13] would have made computing in Iceland’s national language almost impossible if it were not for the emergence of FOSS alternatives.

Few countries cite localization as a motivating factor but localization efforts exist in most non-English speaking countries throughout the Asia-Pacific region.

Economic Benefits

edit

Increasing Competition

edit

The software industry often has high barriers to entry, especially in mature software markets. Modern software applications have taken hundreds, if not thousands, of human years to research and develop. This is an investment that no fledging software company can afford. Yet, once built, the marginal costs of producing additional units of software are miniscule. This grants significant first-mover advantages to initial market entrants and keeps competitors from entering the market at later stages, effectively limiting competition in the market to a few large, established organizations.

FOSS breaks down the barriers to entry by providing to software companies a feature-rich, high-quality base of software to build on. When utilizing FOSS, software companies compete on the services and additional innovations that they add to the existing FOSS base, rather than reaping financial benefits from research and development performed many years ago. Depending on the FOSS license and corporate business model, these benefits often find their way back into the FOSS base, resulting in a larger base of software for new entrants to build on. New entrants into the software industry do not need to spend decades reinventing existing software. Instead, they are free to focus on innovations and the additional functionality that the market demands.

There is significant evidence that FOSS is bringing new competition into markets that have traditionally been dominated by monopolies. Analysts have predicted that competition from FOSS will significantly challenge Microsoft’s (dominant on desktop computers and office productivity software) profit margins.[14] Microsoft has also been forced to give significant discounts to stay competitive where companies, organizations and governments have been aware of the availability of FOSS competitors.[15]

Reducing Total Cost of Ownership

edit

FOSS applications save money in several ways. The most obvious is through the lack of licensing fees, since FOSS can be freely redistributed without licensing fees. However, FOSS also lowers costs through means that can be much harder to quantify, such as better security, ease of administration, cross-platform availability, and others.

While the Total Cost of Ownership (TCO) debate still rages between the advocates of FOSS and proprietary software (mostly Microsoft), many organizations have reported significant cost savings from their own implementations of FOSS. Intel reportedly saved US$200 million from a move to GNU/Linux from Unix, and Amazon reported a savings of US$17 [16] million from switching their servers to GNU/Linux. Major financial institutions such as Credit Suisse First Boston, Morgan Stanley, Goldman Sachs and Charles Schwab are moving a significant portion of their infrastructure to FOSS systems to reap these cost savings.[17]

There are only a limited number of TCO studies showing the total cost of running FOSS systems versus proprietary systems. These studies analyze multiple cost factors other than software licensing costs, including maintenance, personnel and opportunity costs from service disruptions. Several have been very positive towards FOSS:

  • A TCO study performed by the Robert Frances Group showed that GNU/Linux costs roughly 40 percent of Microsoft Windows and as low as 14 percent of Sun Microsystem’s Solaris.[18]
  • NetProject reported that the TCO of GNU/Linux was 35 percent of Microsoft Window’s TCO.[19] Even more interesting was that the saving was due not just to licensing costs but also various other costs, including reduction in the number of support staff and software updates that results from using GNU/Linux.
  • Gartner reported that using GNU/Linux in a “locked” configuration resulted in a roughly 15 percent lower TCO compared to Windows XP.[20]

Merrill Lynch, a major financial management company, recently reported that using GNU/Linux could reduce costs dramatically. Surprisingly, their TCO study revealed that the largest cost saving was not from software licensing costs but from personnel and hardware costs.[21]

Government institutions that have reported significant cost savings to date have been few and mostly in relatively developed countries. For example, the city of Largo in the United States has reported savings of over US$1 million a year, with the city running its IT infrastructure on a budget that is only 40 percent the size of comparable cities.[22] The Government of Sweden has identified savings of US$1 billion a year while the Government of Denmark has identified savings of between US$480 million to US$730 million.[23]

Reduced Costs: Sweden

A feasibility study conducted by the Swedish Agency for Public Management concludes:

  • Increased competition.
  • Improved interoperability.
  • Reduced costs.

for administration in the public sector.

Free and open source software is not any makeshift phenomenon, but instead a fully adequate and dependable competitor to existing proprietary products and solutions.”

Full report available online at: http://www.statskontoret.se/upload/Publikationer/2003/200308A.pdf

Enhancing Security

edit

There is no such thing as a perfectly secure operating system or platform. However, factors such as development method, program architecture and target market can greatly affect the security of a system and consequently make it easier or more difficult to breach. The following studies indicate that FOSS systems are superior to proprietary systems in this respect:

  • A study found that FOSS applications fixed problems faster than their proprietary counterparts. The contrast is much more apparent when the application is extensively used by the FOSS developer.[24]
  • A comparative study of FOSS code and proprietary equivalents found that FOSS had lower defect densities. The FOSS database MySQL had one sixth of the defects found in proprietary equivalents. The study was conducted by Reasoning, a company that produces automated software inspection and auditing tools.[25]
  • “Hacker Insurance” issued by J.S. Wurzler Underwriting Managers costs five to 15 percent more if Windows is used instead of GNU/Linux or Unix systems. Walter Kopf, senior vice president of underwriting at J.S. Wurzler Underwriting Managers, says, “We have found out that the possibility for loss is greater using the NT system.” [26]

FOSS distributions usually include a wide variety of security tools that allow a competent system administrator to scan their own network for vulnerabilities, detect outside attacks, and protect internal systems. In some cases, FOSS tools prove to be far superior to their proprietary counterparts.[27]

The security aspects have already encouraged many public organizations to switch or to consider switching to FOSS solutions. The French Customs and Indirect Taxation authority migrated to Red Hat Linux largely because of security concerns. China, Japan and South Korea also cite security as a major driving force in their FOSS initiatives.[28]

Security: United States of America

A report prepared by the MITRE Corporation for the Defense Information Systems Agency found that in the area of security:[29]

“Banning FOSS ... would have immediate, broad, and in some cases strongly negative impacts on the ability of the DOD (Department of Defense) to analyze and protect its own networks against hostile intrusion.... It would also remove the uniquely FOSS ability to change infrastructure source code rapidly in response to new modes of cyber attack.”

Achieving Vendor Independence

edit

Many organizations are finding that they are tied to their existing software vendors. Due to intentionally incompatible data formats, large investments in legacy systems and patent restrictions, switching to a different supplier can often be a costly and lengthy undertaking. These organizations are then almost held hostage by their software vendor, forced into purchasing bundled systems that they do not need or upgrading when there is no need to do so.

The authors of the paper “Free/Libre and Open Source Software: Survey and Study” [30] produced by the International Institute of Infonomics in the Netherlands argue against use of proprietary software in government. They say:

...Consequently one major argument against the implementation of proprietary software in the public sector is the subsequent dependency on proprietary software vendors. Whenever, the proprietary standards are established the necessity to follow them is given. Even in an open tender acquisition system, this requirement for compatibility with proprietary standards makes the system biased towards specific software vendors, perpetuating a dependency.

Vendors who use FOSS systems have a much harder time locking in their clients. Most FOSS systems use open, documented standards. Even when this is not the case, the availability of the code makes it far easier to reverse-engineer any data format or standard. Purchasers of FOSS systems are not bound to stay with their supplier. They can easily engage another company to develop the systems or build an internal team of technical staff.

Using FOSS systems as a means of gaining vendor independence has been raised in several areas. A report to the UK Government concludes that “the existence of an OSS reference implementation of a data standard has often accelerated the adoption of such standards, and recommends that the Government consider selective sponsorship of OSS reference implementations”. The UK health system became aware of the dangers of vendor dependency when the insolvency of a major supplier forced it to migrate systems to a FOSS platform.[31]

Vendor Independence: United Kingdom

The United Kingdom’s policy on the usage of Open Source Software (OSS) in government includes the following key points:

  1. The UK Government will consider OSS solutions alongside proprietary ones in IT procurements. Contracts will be awarded on a value-for-money basis.
  2. The UK Government will only use products that comply with interoperability requirements and that support open standards in all future IT developments.
  3. The UK Government will seek to avoid lock-in to proprietary IT products and services.
  4. The UK Government will consider obtaining full rights to bespoke software code or customizations of COTS (Commercial Off The Shelf ) software it procures wherever, this achieves best value-for-money.
  5. The UK Government will explore further the possibilities of using OSS as the default exploitation route for Government-funded R&D software.
Source: http://www.ogc.gov.uk/embedded_object.asp?docid=2498

Other countries or economies that have cited vendor independence as a driver for their FOSS initiatives include the Taiwan Province of China, the German city of Munich, the Australian state of New South Wales, Brazil and South Africa.

Social Benefits

edit

Increasing Access to Information

edit

Although the social value of FOSS is not highlighted by proponents from public and private sectors, it can be a passionate issue among the many advocates from civil society.

Software, especially FOSS, represents knowledge – the rules, procedures and methods of manipulating data. In today’s knowledge society, knowledge drives not only productivity and economies but also shapes the future. Many experts and opinion leaders advocate that knowledge should be shared as widely and as freely as possible. Steve Weber argues:[32]

A regime built around the free diffusion of tools has an interesting characteristic: the degree to which a software tool can be utilized and expanded becomes limited only by the knowledge, learning, and innovative energy of the potential users; not by exclusionary property rights, prices, or the power of countries and corporations.

In the process of considering the most commonly reported benefits of FOSS, it is best to keep in mind that its subtle social values (derived in part from the unfettered sharing of knowledge) are often ignored.

Footnotes

edit
  1. A listing of some of these countries and their efforts can be found in Free/Open Source Software: A General Introduction.
  2. Ghosh, R. A., “License Fees and GDP Per Capita: The Case for Open Source in Developing Countries”, First Monday, 28 November 2003; available from http://www.firstmonday.dk/issues/issue8_12/ghosh/
  3. Ghosh, R.A., Krieger, B., Glott, R., and Robles, G., “Free/Libre and Open Source Software: Survey and Study. Part 2B: Open Source Software in the Public Sector: Policy within the European Union”, June 2002; available from http://www.infonomics.nl/FLOSS/report/FLOSSFinal_2b.pdf
  4. Ghosh, R.A., Krieger, B., Glott, R., and Robles, G., “Free/Libre and Open Source Software: Survey and Study. Part 2B: Open Source Software in the Public Sector: Policy within the European Union”, June 2002; available from http://www.infonomics.nl/FLOSS/report/FLOSSFinal_2b.pdf
  5. Data downloaded from http://www.bcb.gov.br/ftp/NotaEcon/NI200401sei.zip
  6. Jayme, F. G. Jr, “Balance-of-Payments Constrained Economic Growth in Brazil”, Revista de Economia Política, Vol. 23, No. 1, 2003; available from http://ideas.repec.org/p/cdp/texdis/td155.html
  7. In 1999, a security researcher found a key in Microsoft Windows code named _NSAKEY. The NSA was assumed to refer to the American National Security Agency and a wide amount of publicity was generated. Microsoft denied the allegations that the key gave the NSA access to data on Windows systems but mistrust still lingers. There are many references to this incident, including on CNN.com, at: http://www.cnn.com/TECH/computing/9909/03/windows.nsa.02/
  8. Knienieder, T., “Netgear WG602 Accesspoint Vulnerability”, securityfocus.com; available from http://www.securityfocus.com/archive/1/365069
  9. “Cisco Security Advisory: A Default Username and Password in WLSE and HSE Devices”, cisco.com; available from http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml
  10. Loyola, R., “China: The Republic of Linux”, program aired 13 August 2003; available from http://www.techtv.com/screensavers/linux/story/0,24330,3395670,00.html
  11. Kettman, S., “Germany Denies Microsoft Ban”, Wired News, 19 March 2001; available from http://www.wired.com/news/politics/0,1283,42502,00.html
  12. Roberts, P., “Software Piracy Declines 10 Percent”, Infoworld.com, 3 June 2003 ; available from http://www.infoworld.com/article/03/06/03/HNpiracydecline_1.html?security
  13. Walsh, M. W., “Microsoft in War of Words”, Los Angeles Times; http://wayback.vefsafn.is/wayback/20020425111638/www.tungutaekni.is/ymis_frodleikur/war_of_words.html
  14. Kotadia, M., “Open source 'pressuring' Microsoft pricing”, ZDNet UK, 18 February 2004 ; available from http://news.zdnet.co.uk/software/windows/0,39020396,39146640,00.htm
  15. There are many cases of organizations, especially governments, receiving significant discounts from Microsoft after considering or running pilot tests using FOSS. Some notable instances: Munich: http://www.usatoday.com/money/industries/technology/2003-07-13-microsoft-linux-munich_x.htm Newham Borough Council: http://web.archive.org/web/20040208013617/http://www.vnunet.com/news/1152422 Telstra: http://australianit.news.com.au/articles/0,7204,10313791%5E15306%5E%5Enbv%5E,00.html Microsoft also has a special fund that is meant to prevent high profile switches, especially of governments, to FOSS. Many articles exist about this fund, including at The International Herald Tribune: http://web.archive.org/web/20031204193728/http://www.iht.com/articles/96496.html
  16. Shankland, S., Kane, M. and Lemos, R., “How Linux saved Amazon Millions”, 30 October 2001, CNet News.com; available from http://archive.is/20130628220314/http://news.com.com/2100-1001-275155.html">news.com.com/2100-1001-275155.html
  17. Sisk, M., “Linux Woos Wall St.”, Bank Technology News, August 2003; available from http://www.banktechnews.com/cgi-bin/readstory.pl?story=20030801BTNC617.xml
  18. Orzech, D., “Linux TCO: Less Than Half The Cost of Windows”, CIO Update, 7 October 2002; available from http://www.cioupdate.com/article.php/10493_1477911
  19. “netproject – Cost of Ownership”; available from http://www.netproject.com/opensource/coo.html
  20. Maguire, J., “Windows vs. Linux: TCO Feud Rages On”, Newsfactor Network; 01 August 2003; available from http://www.newsfactor.com/perl/story/22012.html
  21. Lemos, R., “Merrill Lynch: Linux saves money”, CNet News.com, 7 June 2003; available from http://archive.is/20130628220712/http://news.com.com/2100-1016_3-1014287.html?tag=fd_top
  22. Miller, R., “Largo loves Linux more than ever”, Newsforge.com, 9 December 2002; available from http://newsforge.com/article.pl?sid=02/12/04/2346215&mode=thread&tid=19
  23. Glover, T., “Microsoft losing market grip as rivals go on the offensive”, Scotland on Sunday, 18 May 2002; available from http://www.scotlandonsunday.com/business.cfm?id=562032003
  24. Kuan, J., “How to Succeed in Business with Open Source Software”, Infonomics.nl; available from http://www.infonomics.nl/FLOSS/workshop/papers/kuan.htm
  25. “Reasoning Study Reveals Code Quality of MySQL Open Source Database Ranks Higher than Commercial Equivalents”; available from http://www.reasoning.com/newsevents/pr/12_15_03.html
  26. Luening, E., “Windows Users Pay for Hacker Insurance”, CNet News.com, 29 May 2001; available from http://news.com.com/2100-1001- 258392.html?legacy=cnet
  27. Forristal, S., “Vulnerability Assessment Scanners” Network Computing, 8 January 2001; available from http://www.networkcomputing.com/1201/1201f1b1.html
  28. Ghosh, R.A., Krieger, B., Glott, R, and Robles, G., “Free/Libre and Open Source Software: Survey and Study. Part 2B: Open Source Software in the Public Sector: Policy within the European Union”, June 2002; available from http://www.infonomics.nl/FLOSS/report/FLOSSFinal_2b.pdf
  29. “Use of Free and Open Source Software in the U.S. Department of Defense”, MITRE Corporation, available from http://www.egovos.org/rawmedia_repository/588347ad_c97c_48b9_a63d_821cb0e8422d?/document.pdf
  30. Ghosh, R.A., Krieger, B., Glott, R, and Robles, G., “Free/Libre and Open Source Software: Survey and Study. Part 2B: Open Source Software in the Public Sector: Policy within the European Union”, June 2002; available from http://www.infonomics.nl/FLOSS/report/FLOSSFinal_2b.pdf
  31. Ibid.
  32. Weber, S., “Open Source in Developing Economies”, Social Science Research Council; available from http://www.ssrc.org/programs/itic/publications/ITST_materials/webernote2.pdf