Workshop on “Open Standards for ICT procurement” [updated]

Yesterday I participated in a workshop on “”Open Standards for ICT Procurement: Sharing of Best Practices”. This was organised by PWC for the European Commission’s DG CNECT, and forms part of an EC-funded project on “Guidelines for public procurement of ICT systems“.

The invitation read:

Under Digital Agenda, the European Commission commits itself through Action 23 to provide guidance on the link between ICT Standardisation and Public Procurement in order to help public authorities use standards to promote efficiency and reduce lock-in.

As a matter of fact, using ICT open standards results in:
-       Higher savings when procuring ICT

-       An increased level of competition among suppliers

-       Being compliant with EU Public Procurement directives

Not much to quibble with here, except perhaps a slightly excessive use of bold font. As the goals for the event, the invitation stated:

-       Share some good practice examples about ICT procurement;

-       Stimulate the debate around the next steps / new ideas for DAE Action 23;

-       Present a first set of insights on the state of the art of ICT public procurement using standards through Europe.
Best practice examples have been carefully selected to match the needs and wants of all potential participants.

So, how did this go? For some of the talks, I’m really not sure what to make of them. This goes especially for the presentations of EU-funded projects like Fi-Ware, on which the EC has so far spent EUR 300 million, according to the CNECT person on the panel. Most of the Fi-Ware stuff is apparently meant to be Free Software. When I asked about specific licenses, and where to find code, the speaker replied “oh, it’s all open source”. I did end up finding something called the “catalogue of generic enablers“, which has links to source code for a bunch of projects, under various licenses. Well, that’s something – but I’ll leave it to others to decide whether this is worth the money invested.

Some talks were more valuable, like the one on standard contract clauses for software development contracts, which enable public bodies to re-use and share the software they (i.e. the taxpayers) have paid for. And some were quite excellent, such the one by Linda Humphries. Linda is a Senior Technology Adviser within UK’s Government Digital Service. She talked about the UK’s Open Standards policy (which she helped to build), and the effects of that policy.

My favourite moment of the day came when I tweeted that under the new policy, more than half of the government’s IT spending is going to SMEs. [Update: Stephen Quest has kindly pointed out that this refers only to the UK Government's IT spending on cloud services. It's still an impressive figure. -- thanks!] One of Linda’s colleagues in GDS pointed me to a page that doesn’t just show more figures. It also has the raw data on government IT contracts, by month, in CSV. I wish more governments were like this.

Quite a few of the participants commented that the main target audience of the workshop – people who are actually doing public procurement in ICT – wasn’t really there.

As so often, the real value of the event was in the people who were there. The workshop provided an opportunity for the small community pushing Free Software and Open Standards in procurement to meet and share updates. I managed to introduce a few people, especially from the Commission, to outside experts they should definitely be talking to.

What else could the Commission do to drive the take-up of Free Software and Open Standards in public procurement?

At the workshop, DG DIGIT’s Pierre Damas talked about updates he’s making to the Commission’s notoriously weak “open source strategy“. He specifically mentioned that in future, EC developers (perhaps even including contractors) will be allowed to contribute to outside Free Software projects, and that the EC would adopt a “free software first” policy for internal developments. Both steps are obviously useful, though a good time to take them would have been perhaps a decade ago.

From the presentations and several private conversations, it became clear that the EC’s main problem is their reliance on proprietary document formats. Awareness of this seems to be slowly growing, though I have yet to see any concrete steps proposed to deal with the issue.

Oh well, here at FSFE, we’ll keep pushing. If you’d like to support our work on public procurement, please sign up as a Fellow, or make a one-time donation. Thanks!

Preview: what FSFE did in 2014 [update]

The year is almost over, and it’s reporting season. Here’s a sneak peek at list of things we achieved in 2014. A full report will follow shortly.

We want to keep doing these things, and more, in 2015. To continue operating at our current level in 2015, we will need €420,000. We have already secured €230,000 from our Fellows, donations, and merchandise sales. We need another €190,000 to finance our work next year. If you like what you see here, please consider joining the Fellowship or making a donation!

Public procurement [update]

We pushed hard for the European Commission to improve the way it acquires software, in order to open up opportunities for Free Software and Open Standards. Using the EU’s “freedom of information” mechanism, alongside parliamentary questions from MEP Amelia Andersdotter, we got the Commission to release documents about the way its contracts with Microsoft and other providers of non-free software are structured. We also obtained a document outlining the EC’s desktop software strategy for the coming years. This effort has opened the doors to several meetings with high-level IT decision makers in the Commission and the Parliament, and has enabled us to start a constructive conversation with them about what steps to take next. The Commission has asked us to provide input to the next version of its “open source strategy”

Free Software Pact / Ask Your Candidates

For the European elections in May 2014, we organised the Free Software Pact campaign together with the French Free Software association April. We invited candidates in those elections to sign the pact, asking them to commit to using their European Parliament mandate to promote Free Software. 33 of the pact’s signatories are currently serving as Members of the European Parliament. We will repeat this effort for other elections. Preparations are currently under way for Switzerland’s 2015 elections. With more resources available, we could put more time into following up with signatories, and using the contact we’ve built through the campaign to let them know what they should do in order to improve the situation for Free Software.

Compulsory Routers

In 2013 and 2014, we have followed developments on the issue of compulsory routers. We have published position papers, and documented the arguments and the process in both German and English. We supported other organisations with arguments and technical expertise, such as the Federation of German Consumer Organisations. Germany’s ministry of economics is currently working on a draft law to enable free router choice for consumers, and prohibit compulsory routers.

Information materials

We are currently sending out ten information packs per month on average. People can order these free of charge through our website. Both our introductory Free Software leaflet and our F-Droid leaflet are available in five languages. We recently added a flyer on “email self defense” in German and English; demand for this has been so great that we have already done three print runs of this.  Volunteers distributed this flyer at the premiere screenings of the movie “Citizenfour”.

Public relations for Free Software

We continously work to push the Free Software across Europe, in local languages wherever possible. During the past year, our monthly newsletter was translated into six languages on average.

Device sovereignty

On “trusted computing” and “SecureBoot”:  In 2014, we discussed this issue with Germany’s Federal Information Security Office, and with the ministries of economics and interior. At the EU level, we initiated conversations about alternatives such as CoreBoot. We are pushing to ensure that consumers have the possibility to install alternative operating systems on the devices they buy and own. Our goal is to use the progress we have made in Germany to create progress in other european countries, and finally put device owners in full control of their hard- and software.

Events

We explained Free Software in talks, workshops, panel discussions, radio shows and several times on TV. In addition to the usual IT conferences and events, we expanded our reach to cover street festivals in Munich and Düsseldorf (Germany). This new outreach angle worked well, and we want to be present at many other such events this year.

Free Software Legal Issues

FSFE facilitates the world’s largest network of legal experts on Free Software, with currently more than 360 members (up from 320 last year). Participating experts come from a wide range of backgrounds, from corporate legal departments to lawyers in private practice, and engineers with legal skills. The network serves to develop and spread best practices around Free Software, and increase acceptance. Several participants have called the network’s annual meeting, the Free Software Legal & Licensing Workshop, the best event of its kind in the world.

Document Freedom Day

Working with volunteers from around the world, our Document Freedom Day campaign explained and promoted Open Standards at 51 events in 21 countries around the world.

Help keep us going!

If you’ve made it all the way down here, you probably really are interested in the work we do at FSFE. So let me just point you to the Join the Fellowship and Donate pages again.

Thank you for any support you can provide!

Free Software for the European Parliament: FSFE comments at DG ITEC forum

Today, the European Parliament organised a conference to inform MEPs about the IT services available to them. It featured a panel discussion led by Adina Valean, the new EP Vice President in charge of ICT, with a contribution from Giancarlo Villela, the director of the EP’s IT department.

After the panel discussion, I got the chance to contribute a few brief remarks. Here they are.

FSFE is a charity that works to put users in control of technology. Free Software means being able to use, study, share, and improve your software.

The EP has taken some important steps towards Free Software and interoperability: It has committed to being able to receive and send documents in the Open Document Format (ODF). The Parliament has also released some Free Software of its own.

These are very good beginnings. But there remains further work to do:

  • We need to enable interaction with citizens: You can’t force citizens to buy certain products in order to interact with you. Please make sure that the EP is fully accessible for citizens and public bodies that use Free Software. It’s currently very difficult for Free Software users to watch live streams from the Parliament.
  • As the EP continues to digitise, rely on Open Standards and Free Software. Make sure that Parliament doesn’t get locked into certain vendors and service providers. Today’s star gadget is tomorrow’s landfill. Today’s best-in-class app will be an old hat tomorrow. Stay independent as you digitise. Free Software and Open Standards let you do this.
  • Here in the Parliament, the DebianParl project has built a fully free and open desktop for MEPs and staffers. It works great; but to become fully usable, DG ITEC needs to offer access to mail servers via the standard IMAP protocol. That’s a simple step to take, and it should be taken as soon as possible.

You can count on the European Parliament Free Software User Group (EPFSUG) to help you in this effort, and I’m glad to offer FSFE’s support as well.

Let’s be clear. The European Parliament is the EU’s greatest democratic institution. European citizens are right to expect the Parliament to live up to this standard. Let’s all work together to help the Parliament on this path.

Some common-sense recommendations on cloudy computing

Today, Brussels-based lobby organisation ECIS released a report on
“cloud” computing and interoperability. It highlights the importance
of open standards, open data formats, and open interfaces in a world
where more and more of our computing happens on machines owned and
operated by other people.

The report is aimed at public and private organisations that want to
rent computing resources rather than buying the necessary hardware
themselves. It covers three different scenarios – Software as a
Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a
Service (IaaS).

Pizza as a service

The main report highlights questions that buyers –
including public sector procurement people – should ask before
signing on the dotted line.

The policy recommendations that come with the report common sense, and
boil down to caveat emptor. For example, the report asks policymakers to
“[e]stablish sets of criteria that help customers analyse and evaluate
migration and exit concerns before adopting and deploying cloud
computing solutions.” This basic bit of due diligence – assessing the
future cost of getting out of the system you’re buying – is something
that FSFE has long asked public bodies to undertake.

While the recommendations are hardly revolutionary stuff, Europe’s
public sector would be much better off if it took this advice to
heart. In reality, the most common scenario is likely to be an
underinformed public sector buyer facing a highly motivated vendor
salesperson. In order to avoid falling into future lock-in traps, it
will be essential to properly train procurement staff.

The report does have a couple of shortcomings. The authors are not
named, so the content perhaps deserves additional scrutiny. More
importantly, the report makes no mention of the data protection issues
that come with moving your data, and that of your customers, through
different jurisdictions. In the accompanying press release, ECIS gloss
over this issue with a tautology:

“[T]he value of the cloud lies in its global nature, and
fragmenting the cloud will inhibit the cloud.”

I asked about this issue at the event where the report was presented,
prompting the speaker, IBM’s Mark Terranova, to take prolonged
evasive action. There currently is no good answer to this
question. Buyers and users of these services should acknowledge that
as a problem.

At the heart of all this is the question of control. When you’re a
company that signs up for a service, who has control over your data,
your software, and your processes?

Even more lock-in?

While these services offer ease and flexibility, they also come with
the potential for even greater lock-in than the traditional model.
Being able to take your data to another service provider isn’t
enough. You also need to be able to carry along the associated
metadata that actually makes your data useful – if you just receive
your data in one big pile, a lot of the value is gone. If you’ve built
applications on top of your vendor’s service offering, you’ll want to
be able to move those to a new platform, too. Ian Walden pointed out
that these aspects don’t usually receive enough attention in contract
negotiations.

Pearse O’Donohue, who just moved from being Neelie Kroes’ deputy head
of Cabinet to a post as Head of Unit in DG CNECT, said that in the
EC’s own procurement, transparency and vendor-neutrality would be very
important in the future. He noted that with new EC, responsibility for
the EC’s procurement has moved from DG ADMIN to DG CNECT, under
Commissioner Oettinger and Vice-President Ansip. O’Donohue
highlighted that the new Commission is committed to “practicising
what it preaches” in public procurement.

Now that would certainly be welcome.