Open source software (OSS), has always had the advantage that it is inherently more adaptable than its commercial packaged equivalents. It is also true that, compared to commercial packages, it can appear inexpensive (at least initially). It is not surprising therefore that public administrations around the world are embracing the revolution and moving away from the traditional proprietary based software models. The Irish public administration has been something of an exception to this trend and historically has approached open source with some caution. Compared with other European public administrations, Ireland appears to be somewhat behind in its adoption of OSS.
What is OSS?
OSS is computer software whose source code is available under a licence or some other arrangement that permits users to use, change, and improve the software, and to redistribute it in modified or unmodified form. It is often developed in a public and collaborative manner.
Perhaps the best known examples of OSS are the various distributions of the Linux operating system, such as Red Hat, SuSE and Ubuntu, and the Apache web-server application that runs on many of them. The popular Firefox Internet Browser, Thunderbird e-mail client and AVG anti-virus package, all of which run on Windows, are also examples of OSS. OSS already runs in a great many Irish public sector organisations, but is rarely seen by staff, or what are often nowadays known as ‘clients’, because it is used mainly at the server level, running web, file and database servers and other specialised systems. The vast majority of workstation computers (desktops and laptops) in Ireland, in both the public and private sectors, make use of proprietary commercial software, in most cases produced by Microsoft.
There are many different definitions of what constitutes OSS, but the Open Source Initiative (OSI), perhaps the foremost organisation dedicated to promoting OSS, has defined a number of criteria which are broadly accepted. They include the following requirements.
The ‘source code’ must either be included or freely obtainable. Without the source code (the sequence of computer programming commands that make up the software) modifying the software can be difficult or impossible. Proprietary software is usually made up of ‘object code’, ie software which has been ‘compiled’ or converted to a form that the computer’s processor can use. Object code is typically made up of sequences of numbers that are very difficult for a human to understand and practically impossible to alter successfully. While object code can sometimes be converted back to comprehensible source code, it is rarely an easy task. Most proprietary software licences discourage this or heavily manage licensees seeking to do so, reflecting the rights of the copyright owner and the law in the area of managing decompilation of computer programs.
The software must be freely given away or sold without restriction, ie the distributor is not allowed to restrict who receives it.
Redistribution of modifications must be allowed, to allow distribution of modifications and repairs.
Licences may require that modifications are redistributed only as patches, so that the original author’s source code is left unaltered, or that modified software be distributed under a new name, to protect the original author’s trademark.
It should be noted that there is no prohibition on selling OSS (in fact, the OSI positively encourages it). This distinguishes OSS from Free Software, which must always be distributed freely.
Open source as an approach has been sufficiently successful that Microsoft, formerly one of the software developers most wedded to the closed model, has recently taken significant steps to embrace it. Indeed, public statements made at the highest level at Microsoft have suggested that the current operating system under development to replace Windows 2003 will probably be the last produced by the company under the classic closed model.
How is OSS Different?
In classic type software development, the work is performed behind closed doors by the developers programmers, whether employees or contractors. The source code developed is usually kept under tight control and released to third parties only reluctantly. In the past, most of the major software development companies - Microsoft, Lotus, Adobe etc. - have utilised this model. The advantage of this model for the developer includes the fact that it allows them to plan developments with a reasonable degree of assurance that they will become available within a certain time and to a certain specification. Keeping code ‘closed’ also allows them to charge a premium on the software. In the eyes of the open source community, this approach allows developers to restrict competition and stifle innovation in the relevant market.
The open source model does away with the centrally planned model, replacing it with open networks of individuals and organisations. Every participant can build on the work that has been done by others in the network, which can lead to greater innovation and faster development times. The greatly diminished proprietary element of the software, it is argued, also leads to a much more efficient marketplace for the software (indeed, in one well known description, the model has been compared to a Middle-Eastern bazaar). It has also been pointed out that flaws and vulnerabilities in OSS are corrected or patched much more quickly than proprietary systems. This is because there are generally far more developers looking for such vulnerabilities and working on ways to fix them.
There are certain disadvantages to the model, however, which include the following.
While some of the more established OSS projects, such as the Linux distributions or the Open Office initiative (an alternative to Microsoft Office), have governing bodies guiding and sponsoring their development, other less well supported development initiatives can simply die and fall out of support, which can cause major problems for organisations relying on them.
The apparently conflicting issues of restricted choice and project ‘entropy’ arise. At one end of the problem, the open model means that all open source development in a particular area can become focussed on a single application (for example the Apache web-server). The application becomes so complex that it is difficult for a parallel group to develop a different ‘product’ performing the same function. This tends to retard innovation in key areas and can slow development, because OSS developers will be less interesting in working on ‘stale’ older technology than on something new and more interesting. At the other extreme, too many developers can take too many different paths in developing an application, which can make it difficult to decide which of the competing versions to choose. Of course, a process of ‘survival of the fittest’ eventually will weed out the weaker versions of the software, but this can take some time.
It is an unfortunate fact that, largely because it is developed by highly skilled IT enthusiasts, OSS is often more difficult to implement and use than conventional software. This effect is less pronounced than in the past, and there are many applications, such as Open Office and Firefox, that are extremely user-friendly. Yet many server-based OSS applications lack the simplicity of use of their proprietary rivals.
A further issue is that, without the commercial backing of the large software development companies, it is more difficult to obtain training in the use of OSS operating systems and applications than proprietary ones. Making matters worse is the tendency for OSS to be typically less well documented than its proprietary equivalents. While OSS proponents will enthusiastically develop code, few seem willing to work on the user instructions afterwards.
As a consequence of these factors, there are fewer IT personnel familiar with OSS applications and systems than there are trained in proprietary ones, and those who can be found are often more highly skilled than their counterparts. Consequently, while the purchase cost of OSS is often considerably lower than its proprietary equivalents, there is often a considerable cost premium in staffing IT infrastructures that rely heavily on OSS components, whether through in-house or bought-in resources.
Open Source Licensing
OSS is distributed with varying degrees of proprietary control, ranging from free software developed by altruistic programmers, to software with an open ‘core’ but significant proprietary elements. The more freely licensed software is often governed by the ‘GNU General Public License’ (usually abbreviated to GPL) which allows full access to the source code of the software at the price that any additions made by a user must also be freely available to the public. One of the most recent forms of this fully open source is the recently developed and highly popular Linux variant Ubuntu.
At the other end of the spectrum, another form of open source licensing allows free access to source code but allows developers extensive proprietary ownership over software they write utilising the base code, and to modifications of the base code itself. Perhaps the best known example of such software is the Berkeley Standard Distribution (BSD) of Linux. Large numbers of portable devices use operating systems based on BSD which have been extensively modified and are largely proprietary as a consequence. The Leopard operating system running on most recent Apple computers is, at the core, BSD.
There is also a third, middle ground, exemplified by the Mozilla Standard License or MSL. Under the MSL any modifications to the open source code already available must be freely shared with all, but additions to the code can be proprietary.
Suitability of OSS for the Public Sector
OSS possesses several inherent qualities which render it particularly suitable for use in public administration. The major attraction of open source is that it is highly versatile and adaptable. Given the fact that the public administration carries out a broad range of unique functions across a broad array of administrative offices, sophisticated tailor-made software is often required. This allows for greater flexibility than ordinary commercial software, as the software is designed to meet the specific needs of the administrative office. Of course, this flexibility comes at the initial cost of developing the applications, together with the ongoing cost of maintaining (and retaining) large IT support groups, with highly skilled personnel.
OSS can potentially result in significant cost savings for public administrations. As the source code is freely available with OSS, it is possible for end-users to adapt, modify, upgrade and repair bugs, resulting in a decreased reliance on external support services. Because many public service bodies are large, they can benefit from economies of scale that will allow the maintenance of large OSS support teams, while at the same time avoiding the cost of licensing proprietary software on large numbers of workstation and server computers. Conversely, there is some question as to whether OSS is practical for smaller public sector bodies in the absence of appropriately skilled IT personnel.
Citizens and businesses too can potentially benefit from OSS in public administration. In theory the adoption of OSS means that citizens and business are not required to purchase commercial software just to interoperate with public administrations, resulting in a greater transparency and ease of access to public services. In practice, however, until OSS becomes more user-friendly, and the public perception of the usability of OSS improves, the public is not likely to migrate to OSS in large numbers.
One major advantage of introducing OSS is that it will tend to break-up the ‘monoculture’ of operating systems and applications that exists in most Irish enterprises, and in doing so will greatly improve the security posture of the organisation. Viruses and other malicious software thrive where all computers are running the same software. It has been shown, however, that where fewer than 30% of computers run the same software on a network, the spread of malicious software is greatly attenuated (in much the same way that the spread of a disease is greatly slowed in a population where two out of three people are immune). Of course the disadvantage of a network with many different operating systems is that the overhead from maintenance and training is considerably higher.
Open Source in Ireland and Europe
As mentioned already, the Irish Government appears to have adopted a cautious approach to OSS. Back in 2004, the then Minister of State with responsibility for the Information Society, Mary Hanafin, stated that ‘….the use of open standards is critical to the government’s plans….But that it is important to remember that open standards are not the same as open source’. In terms of the cost of developing and adopting OSS, the Minister stated that ‘…. the long-term cost of open source may outweigh the short term saving’. This could hardly be described as a resounding endorsement of OSS by the Minister. In 2005, the Minister for Trade & Commerce, Michael Ahern, stated that ‘….open source software is used quite widely and successfully across the Irish public sector. Ultimately it is used wherever it makes operational and economic sense in Departments and Offices and to date it has been used for operating systems, desktop productivity tools, web and application servers, content management systems and Internet browsers to name but a few’. He again reiterated Mary Hanafin’s view in relation to the importance of open standards in the development of Irish e-government. Therefore, it would appear from the various statements coming out of Government that while it has not fully embraced open source, it has at least experimented with it to some degree.
It would appear that Ireland lags behind much of the rest of Europe in terms of the adoption of OSS. One notable and well-documented exception is that of Beaumont Hospital on Dublin’s north side. Beaumont implemented OSS throughout its IT structure, including Red Hat Linux, Star Office, SuSE mail, the Xope content management system and open source x-ray technology. Perhaps the most startling results of the adoption of this software is that the implementation of these savings will result in ‘astonishing cost savings of €13m over five years’. Obviously, it is not possible to say with any degree of certainty that implementing OSS will always result in cost savings, but the implications of such findings are such that, were similar results to be achieved in other public sectors, the cost-benefit of implementing OSS would result in greater economic efficiencies and could well result in putting the taxpayers’ money to more effective use.
Where OSS is used quite widely in Government departments and offices is in areas such as mail and web servers, content management software, server operating systems, embedded systems such as secure gateways and network attached storage, and ‘middleware’ systems which allow communications between different systems (and is often needed to allow communication between different government departments). For example, various government departments and bodies have made use of OSS operating systems and programs, such as the use of Linux by the Department of Enterprise, Trade and Employment and the Department of Health and Children and the use of OpenOffice for the Parliamentary Workbench. The Department of Finance has been using OSS since 1995. In that regard, the civil service Internet access infrastructure, which has been under the Department of Finance’s control since 1996, is operated almost exclusively using OSS for mail relays, web and caching servers, operating systems and firewalls. Another good example of the use of open source in the public sector is the adoption by many public sector web sites of the open source content management system ‘Plone’, which is released under the GPL.
Many higher education institutes utilise OSS. One of the most common examples is the adoption by many schools and universities of the course management system (CMS) ‘Moodle’, which is an open software package designed ‘to help educators create effective online learning communities’. Examples include the Athlone Institute of Technology, Dublin City University, Dundalk Institute of Technology, IT Sligo, Trinity College, Cork Institute of Technology and several post-primary schools throughout the country. Many universities and institutes of technology utilise OSS operating systems such as Red Hat’s Linux, as well as the more traditional proprietary operating systems (Microsoft Windows XP/Vista etc). Quite often universities use what are known as dual-boot systems, whereby it is possible to start up PCs using either Linux or Microsoft Windows (examples include National University of Ireland Galway, University College Cork, University College Dublin and Dublin City University).
At local government level, the Local Government Computer Services Board (LGCSB) was established in order to help coordinate the development of information and communications technology. Its mission statement is: ‘It is our aim that through the quality, commitment and continuous development of our staff, the LGCSB will be the partner of choice for Local Government initiatives in the delivery of quality services through the optimum application of information and communications technologies within the National Information Society framework’.
Within the LGCSB, the ‘Architecture Office’ is charged with the function of introducing ‘standards to ensure Local Government systems remain current, relevant, guarantee interoperability with future systems and readily incorporate appropriate future technologies’. In order to ensure this happens, the Architecture Office has created a Software Applications Framework. This framework is designed to incorporate all aspects of software standards, code standards, data integration, scalability and application security. One of its key goals is to ‘….. develop and deliver the software framework in which all applications and components will operate; through a consultation process with Local Authorities, this will incorporate an agreed, robust set of standards and overall architecture for the delivery of Local Authority e-Government’. In relation to OSS, the LGSCB will ‘….work with its Technical (ICT) Division in the management and testing of open source alternatives to mainstream applications to ensure maximum benefit is accrued from Government investment in software and produce a report before any major investment in software’. The Government would appear to be anxious to explore all avenues and carefully weigh up the pros and cons before committing to developing and implementing OSS in the public sector.
Public administrations throughout Europe have been turning to open source technology to help meet IT needs. Having said that, the adoption would appear to be primarily at local government levels rather than following uniform national approaches. In the UK, the UK Office of Government Commerce released a number of case studies outlining how OSS has been used in the public sector. For example several local authorities, such as the London Borough of Camden and Powys County Council in Wales, have adopted OSS. The Ministry for Defence has also endorsed the use of OSS. The story is the same throughout the rest of Europe with various cities and regions/provinces, such as Amsterdam (Netherlands), Gdansk (Poland), Vienna (Austria), Salzburg (Austria), Munich (Germany), Extremadura (Spain), Genoa (Italy) and Brussels (Belgium) adopting an OSS policy.
Various initiatives are being undertaken across Europe examining the feasibility and possibility of implementing OSS in public administration. The European Commission has established the Interoperable Delivery of European e-Government Services (IDABC) and has fully endorsed and encourages the implementation of OSS in Member States. In fact, the Commission recently approved a European Public Licence, as a licence to be used for the distribution of software developed in the framework of the IDABC programme.
The European Commission has recently published a comprehensive report by UNU-MERIT (the combined United Nations University (UNU) and the Maastricht Economic Research Institute of Innovation and Technology (MERIT)) on the economic impact of OSS. The report shows that there has been considerable market penetration by OSS in the EU and EEA, and in particular there has been a significant uptake of OSS in the European public sector. The report states that in 2005, 126 OSS policy initiatives were launched in Europe. In all the countries surveyed, 60% of respondents plan to increase their OSS usage. However, the report states that while OSS ‘….systems play a very important role for local governments in Europe…with regard to operating systems there is still a prevalence of proprietary systems’. The report estimates that the existing base of quality OSS applications would have cost almost €12 billion to reproduce internally and that OSS-related services could reach a share of 32% of all IT services (public and private) by 2010.
The Consortium for Open Software in the Public Administration (COSPA) was established to analyse the effects of the introduction of Open Data Standards and OSS for personal productivity and document management in European public administrations. The COSPA is made up of 15 European participants (from Italy, Hungary, Denmark, UK, Ireland and Belgium) and 3 international ‘observers’ (from Canada, New Zealand, UNESCO). The Irish participants are the University of Limerick, Beaumont Hospital and the South West Regional Authority. Therefore, while the uptake in OSS in the Irish public sector at the moment is quite slow, at least several bodies are looking to implement OSS and pass on their findings to other public institutions.
It would appear that, while the rest of Europe appears to be embracing developments in OSS to varying degrees, the Irish public sector has adopted a more cautious attitude. Ireland currently appears to favour the adoption of OSS standards as opposed to OSS itself. However, it would seem that the Government is prepared to explore the opportunity of implementing and developing OSS initiatives for the future. The general trend seems to be towards increased take-up of OSS in Irish public administration, with the main question being the speed and extent of the take-up across the sector.
Pearse Ryan is a partner in the Technology Group at Arthur Cox, Dublin: www.arthurcox.com. Andrew Harbison is a Senior Manager – IT Forensics and Litigation Support, in the Enterprise Risk Services Group at Deloitte, Dublin: www.deloitte.com.