Proposed legislation in the state of California, supported by Raleigh, North Carolina's Red Hat Software, would add a new dimension to the debate. This legislation, called the Digital Software Security Act (DSSA) would require state agencies in California to selectively buy software only from companies that don't restrict the use of or access to the source code of the application. Agencies would be allowed to make copies of the software they license or purchase and to distribute them freely. These requirements would mean that it was no longer good enough for an application to "do the job." In addition, the licensing of the software would relinquish the control of the intellectual property that is currently held by the developer.
Anatomy of the Digital Software Security Act
The objectives of the DSSA are to provide security and open standards, while obtaining the greatest value for money spent by the State of California. In addition, it's the stated purpose of the proposed legislation to stimulate competition within software development, support, and implementation. All software developed for use or used by the State of California or its agencies would have
- Unrestricted use of the program for any purpose
- Unrestricted access to the respective source code
- Exhaustive inspection of the working mechanisms of the program
- Use of the internal mechanisms and arbitrary portions of the software, to adapt them to the needs of the user
- Freedom to make and distribute copies of the software
- Freedom to modify the software and distribute the resulting modified software under the license of the original software
The provisions and requirements for previously purchased software would not change, but any future enhancements or upgrades to software licensed by the state would need to follow the new requirements.
The proposal was drafted by Walt Pennington, a lawyer in San Diego, in response to a number of pieces of proposed and existing legislation that limit civil liberties and programming freedom such as Security Systems Standards and Certification Act (SSSCA), the Digital Millennium Copyright Act (DMCA), and the Uniform Computer Information Transactions Act (UCITA.) San Diego assemblyman Juan Vargas has expressed interest in introducing some sort of legislation focusing on the use of open-source software, though not likely as it is currently drafted, according to representatives from his office.
The Allure of the Open-Source Initiative
If your company is an independent developer of software, the issue of open source seems fraught with conflicts. After all, your company has invested in the development of a viable software package, so there's a natural incentive to make the code that controls the package as proprietary as possible.
Yet, at the same time, with the increasing number of application areas dominated by a few large mega-corporations, there's also the natural allure to the marketing hype surrounding the open-source movement. First of all, according to the Open Source Initiative (OSI), an open-source application tells the customer that the application has "nothing to hide." A customer can be assured that there are no proprietary gimmicks that will require them to buy future services or packages from the developer. The customer may hire others to maintain the code, without relying upon the developer for future enhancements or fixes. Finally, if there is a portion of the code that needs to be customized to the customer's specifications, there are no restrictions to enhancing the package to meet those requirements.
Is Open Source New?
Of course, long before the term "open source" was coined, purchasing the source code for an application was the wise choice by which most companies obtained their applications. Purchasing the source code of a mission-critical application was--and is--the ultimate hedge against a bankrupt software vendor or a change in the business rules that govern how a company must do its computing. It has only been in the last 15 years, with the rise of PC-based computing networks and the Microsoft desktop monopoly, that the model for software licensing has become radically restricted. Today, particularly for PC-based applications, customers don't purchase the software that runs on their machines, but only a license to run the application. No source code is included, and no ability to modify the functions of the code is provided without active participation from the vendor.
Open Source vs. Public Domain Software
However, there is a significant difference between purchasing the source code from a vendor and the "public source code." The OSI uses the mechanism of open-source peer review to encourage the rapid evolution of code and the standards that support the use of that code. By making the code available for peer review, the OSI contends that the security of the code is actually enhanced, allowing programmers to freely delve into the possible bugs and flaws that might exist within the code of an application. Furthermore, by making the code available to the widest possible audience, the base of potential developers who might enhance the code is manifestly larger than the development resources that would normally be available to a single, independent software developer.
Yet as the OSI quickly acknowledges, "The Open Source Initiative is a marketing program for free software." But "free" doesn't relate to the price of the software; it's about the rights of the individual who purchases the software.
To be OSI certified, the software must be distributed under a license that guarantees the right to read, redistribute, modify, and use the software freely. Clearly, it is not designed to make the software developer millions of dollars; the goal is to protect the value of products from the artificial fluctuations of a software market that is dominated by a single company (Microsoft) and to create a development community through which software technology can freely evolve and proliferate.
By comparison, software that has become part of the public domain requires no licensing and is subject to no restrictions whatsoever. Anyone can re-package software that is in the public domain and create a new product or a derivative without the knowledge or support of the original developer.
Beyond Ideology: Running a Business with Open-Source Products
Of course, the introduction of the Linux operating system kernel--the PC-based, UNIX-like operating system that is licensed through the GNU organization--changed the entire landscape of the open-source movement. In the blink of an eye, the number of opportunities for developers to create exciting, standards-based software suddenly exploded. These applications don't rely upon Microsoft's proprietary operating systems or its APIs at all. They run under a freely distributed Linux operating system that supports open international standards. As a result, Linux has radically altered the scope and the breadth of applications that were available to businesses and has inspired software giants like IBM, Oracle, and others to become supporters of the open-source movement.
IBM Support of Open Source
For its part, IBM is using Linux and the open-source mechanism to provide its customers with product choices that are both standards-based and non-proprietary. But in truth, it's doubtful that IBM's customers are choosing Linux and other open-source software for the opportunity of doing significant customization to the code--especially operating system code like Linux. Instead, customers who are embracing open-source applications see the movement as an opportunity to obtain quality software that is backed by a significantly larger and less proprietary development community than Microsoft, often at a significantly lower cost. And instead of feeling compelled to upgrade application suites on a schedule dictated by Microsoft, customers can feel confident that their open-source applications are less susceptible to the volatility that is inherent with each new upgrade coming out of Redmond. In a word, the open-source movement is putting the customer back in control of the computing environment.
However, IBM is not keen on supporting any legislation that would limit or prevent a government agency from purchasing any software, whether proprietary or open source, and the reason is simple: IBM's own proprietary operating systems and application suites would also be excluded by such legislation.
Meanwhile, Red Hat and other supporters of the DSSA and the OSI have pledged to march in Peru, Germany, the UK, New Zealand, and Finland to draw attention to their cause and the perils of existing legislation that limits civil liberties and programming freedom.
Feedback: What Do You Think?