I’ve been thinking about transparency and security in the public sector. Do you think all government software and platforms should be open source?
Some countries have already made progress in this area:
- Estonia: digital government services with open and auditable APIs.
- United Kingdom: several open source government projects and systems published on GitHub.
- France and Canada: policies encouraging the use of free and open source software in public agencies.
Possible benefits:
- Full transparency: anyone can audit the code, ensuring there is no corruption, hidden flaws, or unauthorized data collection.
- Enhanced security: public reviews help identify vulnerabilities quickly.
- Cost reduction: less dependency on private vendors and lower spending on proprietary licenses.
- Flexibility and innovation: public agencies can adapt systems to their needs without relying on external solutions.
Possible challenges:
- Maintenance and updating of complex systems.
- Protecting sensitive data without compromising citizen privacy.
- Political or bureaucratic resistance to opening the code.
Do you think this could be viable in the governments of your countries? How could we start making this a reality globally?
OP, what do you mean by the following two challenges
- Maintenance and updating of complex systems.
- Protecting sensitive data without compromising citizen privacy.
Yes. Public money public code and all that.
However…
For security reasons, I wouldn’t feel comfortable if every one who wanted to could just contribute to it. It would need to be a closed developer group with security clearance. We can all look at what they’re doing, but we can’t insert our own patch commit requests to them ad nauseaum.
Don’t forget VistA. It’s the EMR used by the VA. https://en.wikipedia.org/wiki/VistA
I agree, all software developed or used by governments should be open-source.
There might be few cases where there is a legitimate reason for it not to be open source (no open source software available, need a proprietary software for running old legacy equipment …). In this case the decision should be voted on and the arguments exposed publicly.
Public money, public code.
Imagine governments adding to foss. Would be awesome.
Why would it be more difficult to maintain and update a complex system?
They don’t have to accept outsider contributions on their mainline nor employ less people to work on it.
Estonia: digital government services with open and auditable APIs.
What makes an API auditable?
Someone can look at it, it’s implementation, and verify it does what it claims.
Public money, public code.
Its really that simple
Not only should the source code be available, but they need to be Free Software (licenses such as GPL, Apache, etc.).
Do you mean software created by the government, or simply used by the government?
In the US, I believe the standard is that the software would be public domain if it’s an official government publication.
Yes, I think all
governmentsoftware should be FOSS.(Ok, ok. Not all. I don’t think it should be mandatory to distribute software. But if you do distribute software, I think the source code should be required to come with it and there shouldn’t be any intellectual property restrictions on modifying it or distributing it, with or without modifications so long as you include the source code. Aside from that, distributing versions with malware included without sufficiently advertising that fact should be considered some sort of fraud or vandalism.)
But I’m under no illusion that there’s any likelihood of that happening any time in my lifetime. One can hope, though.
Of your “possible challenges”, the first two are complete fiction. FOSS would make it easier to properly maintain and update systems, complex or otherwise. And databases and code are two different things. Beyond that, I’ll say that distributing software only in compiled form doesn’t make anything more secure or hide anything about how the code works.
Edit: Oh, I also think a right to attribution is a good thing. It can be done poorly. (Like some of the earlier BSD licenses that would result in pages and pages of attribution for a single code project.) But done well, I think it’s a worthwhile thing.
Yes, with an exception for military and law environment branches
*limited exceptions. You can’t trust law enforcement. If you give them any leeway they will abuse the he’ll out of it, so you still need some serious oversight to make sure they aren’t trampling people’s rights in the name of “safety”.
Within reason.
A nice little application to calculate tax and benefits? For sure.
A detailed model on how a nuclear attack would behave depending on the wind direction and tidal waves? That shit needs to be kept secret.
That should def be open source
Yes. Public funds for only public code. Any and arguments involving security are invalid.
Ken Thompson’s nightmare scenario was solved by a couple people who were enjoying their hobby in their free time and not by any of the military programs that have to date spent over $22 Billion and have achieved far less.
Ken Thompson’s nightmare scenario was solved by a couple people who were enjoying their hobby in their free time
Could you elaborate further, please? I didn’t found anything about this story
Public funds spent on anything that generates something that could be considered “intellectual property” should be public domain. Beyond software my first thought is pharmaceutical and general medical research.
