Thoughts from the eGovOS Conference

by David Sklar

Related link: http://www.egovos.org/march-2003/index.html



I spent three days in Washington DC this week at the Open Standards/Open Source for National and Local eGovernment Programs in the U.S. and EU conference.


The conference started off with Whitfield Diffie, looking like Gandalf in a
3-piece suit
, describing some of the security benefits of open source
software and transparency in general. This boils down mostly to the notion
that a secret which is difficult to change is a vulnerability. Cryptosystems
are time-consuming and expensive to develop, so if your security depends on
the secrecy of the system, then you have big problems if that secrecy is
breached. Keys are easier and cheaper to regenerate. If you have to come up
with and distribute a new encryption key because one was compromised, you
have a much smaller headache.


Peter Loscocco talked about NSA's SELinux project, which adds a
Mandatory Access Control framework to the Linux kernel. What was most
interesting to me about this talk was the discussion of technology transfer
as an explicit part of NSA's mission. Linux provided a more effective means
for them to accomplish this than previous efforts.


A session presenting the results of a survey of Open Source software in the
Department of Defense
revealed plenty of examples. However, it seems that
concern about licensing hinders its use. This is story that has been
repeated many times here. A commercial or government organization convenes
their herd of IP lawyers to decide whether using Open Source products would
imperil their rights. Yet hardly any of these organizations are planning to
modify the OSS, and even fewer have redistribution plans. The licenses
shouldn't be such a concern, but they are. The absence of caselaw regarding
Open Source license enforcement makes this an even murkier area.


Fixing unneeeded licensing concerns is mostly a perceptual problem, but a
more substantive one is indemnification. Johan Goossens of
NATO and Rob Page of Zope Corp. gave an presentation of the NATO intranet
system developed on top of Zope. One of the reasons that NATO chose Zope was
that a company stands behind to indemnify the components in case of patent
problems or other issues. The existence of a corporate backer wasn't crucial
for support, release management, or other traditional factors cited in
defense of proprietary software (although those are nice), but solving the
indemnification issue was necessary.


Jim Willis gave an excellent talk about products he's developed for the
State of Rhode Island that enhance citizen access to public data. Public
interest groups and lobbyists both appreciate the ability to track rules,
regulations, and pending legislation with e-mail alerts, calendaring, and
various kinds of searching. Using PHP to glue together existing open-source
products, Jim produced impressive results in just a few months. One of his motivations is the very important point that his government has a very real responsibility act as a custodian for data that belongs to its citizens. Storing the data in open formats and building open source tools to access that data are a crucial part of that custodianship.


Jesse Kornblum from the Air Force Office of Special Investigations Computer Investigations and Operations Branch demonstrated some forensics tools that he uses to gather evidence. His team has released the source code to their customized versions of dd and md5sum. His talk highlighted another asset of open source software: easy independent verification of results. If his investigation produces evidence that prohibited material was found on a computer, no one (prosecution or defense) has to take his word for it. He can provide the disk image he worked on, the tool that found the prohibited material and the source code to that tool. His results can be reproduced and verified by others. He can even provide the source code to the tool that ensures that the disk image contains the same data as the original computer being investigated. Open source ensures that the conclusions of investigators aren't black box "take it from me" assertions, but well-justified statements of fact that can be independently verified and duplicated.


My talk on PHP went well. I had a cheering section in the folks from the OU Sinapse project. They've built (and open-sourced) a huge campus portal project with PHP and have many universities both deploying it and collaborating on development. There were plenty of other examples of PHP users I ran into at the conference such as the US Defense Department, the US Census Bureau, and the Mexican federal government.


There were a number of sessions and discussions that debated the relative security merits of open source and closed source software. The typical response to "open source => more eyeballs => security holes are found and fixed" was that "open source => more enemy eyeballs => security holes exploited before they're widely fixed." Mostly overlooked was the fact that a sufficiently well-funded and well-connected attacker will have the source code to a "closed source" product. Microsoft has signed a shared source agreement with the Russian government. How likely is it that copies of the source code might make its way out of the government? Would it be that difficult to get a job with the company that Oracle hires to empty its trashcans and bring a FireWire DVD burner to work with you one night? Security is always a tradeoff, never an absolute. But when governments are discussing repelling attackers, they have to be prepared for the best attackers. For those folks, everything is open source.

What are your thoughts on or experiences with government and open source software?


8 Comments

anonymous2
2003-03-23 03:31:45
EGOVOS Sell Out - NY Fair Use Action
Responsible Leadership: Tony Stanco's Egov-OS problem


New Yorkers for Fair Use (http://fairuse.nylxs.com), costumed as the
American Founding Fathers, left the warm comfort of our homes at 4AM on
March 17th, 2003, and headed down to Washington DC, in full regalia, in
our 15 person passenger van, to George Washington University. The purpose
of our trip was to protest the mismanagement of the EGOV-OS conference
held there from March 17th to March 19th. The central problem which
has galvanized New Yorkers for Fair Use is the increasingly negligent
means by which Free Software and open source advocates have been
putting together marketing conferences for Free Software businesses.
EGOV-OS was a conference which was supposed to market and advocate
the use of Free Software and Open Source software in all levels of
government, national, local and even internation. The conference had
the potential to open up a stubbornly closed potential market with the
federal government and all around the world, by laying out the legal,
moral and practical foundation for the use of Free Software products in
everyday government. Instead, the conference was turned into a photo
opportunity and platform for misinfomation by the Microsoft organization.
This is the inevitable result when a 40 billion dollar corperation
which has made every effort to destroy Free Software at it's root
is invited to make a presentation in such a venue. And as expected,
Microsoft didn't let their shareholders down. Most of the only press
that came out of this conference was on Microsoft's 'Shared Source'.
Microsoft's money has brought them deep loyalty in the tech press.
In a conference with little press coverage, "E-Week" ran a full article
on Microsoft's misdirections under the headline "Microsoft's Matusow:
No Right Way to Create Softwar" which does eveything it can to blurr the
issue between Free Software's advantages and the closed anti-competitive
methods used by the Redmond based company. All of this is fodder for
the next 100 million dollar mailing to every CTO in the nation. All of
this takes food off the table of our Free Software developer community,
as well as the consulant industry which has been built up to support Free
Software products. Worse, their presence comes at the direct expense
of people who sell Free Software for a living, and who can make clear,
unadulterated messages from the use of Free Software to the uninitiated.


Bad Leadership: Right Advocacy


When New Yorkers for Fair Use first became alerted to the problems
occuring at the EGOV-OS conference, it was through the mailing list
of NYLXS and was building on our experience at this years Linux
World Expo in New York City. At the Expo, NYLXS member and Bayonne
lead programmer, David Suger, had made a point to voice his concern
that his product won a second place award for Best System Integration
Software, second to Microsoft: for Services for Unix 3.0. That Friday
after the show, NYLXS had its annual dinner with 'The Linux Journal'
editor, Don Marti. We talked about the award and its implications to
our membership. Something didn't seem right, but Don seemed to have
had a reasonable explanation for the turn of events. NY Fair Use had
an impromtu discussion on this matter and the rumblings coming from SCO
which seemed to indicate that it might be ready to sue the GNU/Linux
community for Unix patents. We decided there to keep an eye on upcoming
developments on both fronts. And not more than a few days later, David
Sugar is emailing the list about problems with Microsoft presenting at
egov-OS. We quickly had a board, cross mailing list vigorous discussion
on the problem which included most of the Washington DC area groups,
many people from California, members of the Free Software Foundation,
NY Fair Use, GNU Enterprise, The Open Office Marketing List, several
interested reporters, NYLUG, and eventually, Bruce Perens who is on
the egov-OS oversite committee. As a result, I had found my mailbox
filled with hundreds of private emails from people across the east coast
volunteering to protest against Microsoft at the conference. NY Fair
Use had a private discussion about the situation, and we decided that the
last thing we wanted was an unweildy demonstration in front of hundreds
of government officials looking at Free Software for the first time.
However, we needed to reverse this trend of Microsoft being given a free
public relations boast at the expense of genuine Free Software developers
and advocates at venues designed to highlight our own goods. In the
end, we decided that NY Fair Use is most effective when we have a tight
message, with a small and effective group. We turned down most calls
for a broad and raucus protest. Instead, we planned a smaller event.
As it was, if everyone showed up for our protest who wanted to, we would
have out numbered the participants at the conference.



But still, we had to answer the question of how to attrack attention,
raise the issue, putting the Free Software 'leaders' on notice that we
were watching, and still not turn the conference completely upside down.
The answer NY Fair Use came up with was exciting, fun and useful.
Fortunately we have associates who work on Broadway. They hooked us
up with costume designers who dressed us up as Colonial American's
circa 1776. Suddenly everything came together, and NY Fair Use was
ready to move in a constructive manner. The core of the New Yorkers
for Fair Use action was Joe Grastara, Dave Williams, Cesar Vargus,
Sunny Dubby, Tim Wilcox, Ruben Safir, Marco Scoffier, Vincenzo and
Ray Connolly. Dave Williams and Joe Grastara helped us construct
an effective concreate message which eventually became our pamphlet.
Ray arrainged for transportation, and drove both ways, for over 12 hours.
Cesar, Sunny, Ray, Tim and Ruben dressed as Founding fathers. Marco and
Vinnie helped everyone get ready and dress. And the entire enterprise
was unwritten, as always with NY Fair Use, by NYLXS. Most of us met in
Brooklyn and stayed overnight at Ruben's home where an installfeast was
going on from the previous day until 4AM. Ray, as the driver got several
hours sleep while the rest of us got final preperations was made. At 4AM,
NY Fair Use embarked on the trip to Washington. We arrived safely at
9:30 in the morning, fully dressed in costumes and ready to make our case.


Reaching our Audience: Confronting Hostile Guards



On arriving to George Washignton University, the apperance of 7 highly
decorated American heros astonished people. Picture bulbs flashed all
around us and after we picked up our badges and began to hand out our
pamphlet, people started to flow out of the main auditorium and colapsed
on us, inquiring about what we were handing out. We brought about 400
pamphlets, which all but a dozen where given out. Each NY Fair Use
member became a center of attention. We managed to talk personally
with nearly every member of the conference accept for Brady Kuhn, who
refused to talk to any of us for some reason. Our pamphlet strongly
condemded the organizers of the conference for not representing us,
the Free Software Community, adequately, and for caving in to self
interests over the good for the community by giving Microsoft a free
public relations opportunity to blur issues and to promote their 'Share
Source' disinformation campaign. The conference itself, while filled with
luminaries from the international Free Software Community, overall was
limited in its attendence. At the time we were there, no more than 750
people were attending the meeting, although the numbers might have been
more like 300. However, the limited numbers meant that NY Fair Use was
able to contact nearly every event participant personally. We had nearly
100% penetration of conference participants, both atendees and speakers.
Many of us spent several minutes talking to individuals. I personally
had the pleasure of speaking about 20 minutes with European Union Minster
Philip Aigrain, who I met in Bourdeux France this year about the problem.
In addition I spent a few minutes talking to Georg Greve of the European
FSF, David Axmark of MySQL who attended the NYLXS dinner, Sara Brown from
Public Knowledge among many others whose name I failed to get. The same
was true for all the members. At one point, early in the giving out
of pamphlets, the guards came through. Searching for the leader of the
protest, they approached me and asked where the leader was. I waved him
off and he became very anoyed. He asked me my name, so I smiled and said
"George... like in Washington and your in my University". I spotted the
reporter Grant Gross and I said, "Look Grant, their throwing us out of
here". Grant took out his notepad, and the press cameras gathered around.
The result was that the guard backed off and confered with Tony Stanco.
At this point, they decided it was better to let us procede then face the
bad press. A few minutes later Tony Stanco seeked me out to talk to me.
And later Bruce Perens introduced himself. I spent a couple of minutes
with Mr. Stanco. Mr. Stanco asked me if I got everything I wanted out
of this. I told him I'll know in a few months if Microsoft is still
getting a free ride in the Open Source community to push their wares.
Mr Stanco reassured me that what we were doing was OK. Having his
approval was not reassuring. But I told him it wasn't our intention
to have a blood letting. Our purpose is to get a message across to
the leadership of what we needed from them and what standards we hold
them to. Mr Stanco then pointed to the crowd, and said, "You see these
people, you'll never get through to them with screeming and yelling."
I said, "Maybe, it depends on the need. In this case, we don't need
to screem. In another situation, a louder voice might be needed."
Mr Stanco then said, "Have you ever heard Microsoft talk. Their going
to be the best promoters of Free Software when they open their mouths."
I reiterated my points. Microsofts presense at the EgovOS conference
takes attention from other more deserving individuals. Mr Stanco refused
to recognized the problems he created. He also failed to understand
that this was part of a broader trends that the community faces with
the increasing encroackment of Microsoft and venues designed to sell
Free Software to the public. The public deserves better.


By 2:00PM, we had essentially talked to everyone we could at the
conference. We'd made a lot of contacts, and in addition to handing
out pamphlets, members handed out literature about their own offerings
for Government and business. In fact, we took about 30 folders for
the Free Software Chamber of Commerce, the local New York Free Software
consultants network. All the folders were handed out. We had a long
discussion with the head of Hewitt Packard reseach in Europe, who was
very upset with us because he believed we opposed the commercialization
of Free Software in general. So we spent some time explaining how this
was not the case, and how we were only upset that our leadership was
giving Microsoft a free pass to the Free Software movement before making
them contribute to the community.


Repeatedly over time, people have asked why NY Fair Use discriminates
against Microsoft in it's eire. But NY Fair Use makes no such
determination. Our approach to Microsoft is the same as it would be for
any company which would warn CTO's to get their legal teams to investigate
the GPL closely before implementing any Free Software (as if a standard
Microsoft License would withstand real legal scrutinty), they further
publish detrimental lies such as this from the current Microsoft website:



The GPL is designed to prevent commercial development of software
distributed under the license. It does this largely by requiring
licensees to make available, at little or no cost, the entire source
code for any program that incorporates any amount of GPL code. Given
that requirement, commercial developers cannot recover their research and
development investments by charging reasonable and appropriate fees for
their original software if it uses any GPL code. Free-software developers
have every right to pursue this anti-commercial objective.
Microsoft's concern is the resulting degradation of the software
ecosystem that would be triggered by widespread acceptance of the GPL,
particularly within the governmental and academic research sectors. This
ecosystem has sustained unparalleled innovation throughout the industry
for the past quarter-century. The principal role of government and
universities in the ecosystem is to undertake basic research and to
dispense the findings both into the societal base of technical knowledge
and to private enterprises and individuals capable of developing these
innovations commercially. Commercial enterprises, in turn, engage in
applied research to develop products that advance the state of technology,
generating jobs, profits and tax revenues that boost the economy (funding
additional basic research in the process). Commercial enterprises also
disseminate innovations directly into the larger technical-knowledge base.


In addition Microsoft used their licensing to twart Free Software
products like SAMBA such as when they banned companies from releasing
their CIFS products under the GPL, or when they participate in a huge
Digital Rights Management scam which can end pratical use of Free Software
through their Pladium 'trusted computing' platform.


In the end, it's not so much Microsoft we are upset with in this instance.
Here we are mad at people like Tony Stanco who would discriminate against
Free Software developers and distributers for their own personal ambition.
And we let them know it.


As a footnote, after our trip to George Washington University, NY
Fair Use made a trip to Capitial Hill while dressed in our costumes.
And we got big smiles all along the halls of Congress, especially
at Congressman Wieners office, who is sitting on the sub-comittee on
intellectual property and the internet. We have a handshake to install
a GNU/Linux system in their office, so stay tuned....



sklar
2003-03-24 07:39:35
The misguided efforts of "NY Fair Use"
The chief gripe of the NY Fair Use folks (who, to give appropriate credit, did have snazzy colonial-era-looking costumes) seems to be that a Microsoft employee gave a talk at the conference about "shared source". I sat through the first five minutes of the talk but left after it seemed like nothing new or interesting would be presented there.


Despite antics like this, lots of people in the government *still* embrace open source software. Aside from folks like the NY Fair Use crowd and vigorous debates about "my language is better than yours", I suppose there aren't many other religious-zealot-style absolutists in the technology world. Which is good for the rest of us. I have strong opinions about how much more appropriate open source development is for lots of types of software, but I'm confident that the better software developed that way will eventually win without the need to prevent proponents of inferior approaches from speaking their mind.

adamsj
2003-03-26 17:32:14
State government?
Hi, David,


I gave this a skip this year because I was disappointed in the small number of presentations on state government use of Open Source software--only three, two of which I was somewhat familiar with.


Did you hear anything outside those presentations that was aimed at state government?


Thanks,


John A
see me fulminate at http://www.jzip.org

anonymous2
2003-03-29 18:29:13
The misguided efforts of "NY Fair Use"
The NY of Fair Use people were right about this
and they are not zeolots. You should open your ears and listen to what they're saying because your reply indicates that your mind is closed.


Does Microsoft give equal time for their commercials?


Are you promoting Free Software or yourself. It sounds to me like your promoting yourself.


sklar
2003-03-31 11:47:48
State government?
There was a talk by a guy from a company that sells an online "Register of Deeds" type thing (and uses PHP for it) which was aimed at the sub-state level (counties). Are you including that in your count of three?


A lot of the "federal" level talks, however, had info that I think could be very useful on the state level: the forensics in Jesse Kornblum's talk, general discussions of security, and certainly the debate surrounding how use and/or promotion of open source software is mandated by the ethical responsibility a government (at any level) has to its citizens.

anonymous2
2003-04-01 10:38:21
NY Fair Use: right on target
The NY Fair Use protest seemed to be targeting
the egov-os organizers, not Microsoft. In this,
they are right on target and absolutely right.


I'm not wondering if David Sklar can actually read. If their is any zelots, Sklar, and those who consider the giving away publicity to an organization dead set on destroying Open Source software seems to be the fanatics.


David - I have a bridge to sell you in Brooklyn.

anonymous2
2003-06-22 22:34:24
Misrepresentation by Ruben Safir
Ruben Safir does not represent New Yorkers for Fair Use. New Yorkers for Fair Use is at http://www.nyfairuse.org, has always been there, has had numerous very successful actions, and had nothing to do with this action at eGovOS.


Ruben Safir left New Yorkers for Fair Use last September against the advice of other members of the group, and then asked the group's co-founder, Brett Wynkoop, to shut down their web site. When Brett refused, Ruben then declared that he had been the sole founder of the group among the members of his own organization, NYLXS (http://www.nylxs.com).

anonymous2
2003-07-26 11:07:43
Misrepresentation by Ruben Safir
Oh Bull Shit


There is no evidence of Mr Wynkoop doing anything to start NY Fair Use aside from MAYBE, registering a domain. Mr Safir clearly was the only organizational force to NY Fair Use (fairuse.nylxs.com) and Mr Wynkoop is a cybersquater.