Why public money software is not open source?
This is one of the questions I ask myself each time I see the same story every few years in Poland.
We have extreme amounts of money from our taxes spent on many things. We can dispute about hard problems like privatization of the health sector or universities, about highways rebuilt every few months because all the time someone took the money and disappeared… But there are some problems that can be solved so easily, but it will require some actual competence from this or any other governments.
So, there is one of the biggest public institutions in Poland called ZUS, which is the unit responsible for (oversimplification) retirement insurance. In theory this unit is standalone, but obviously, it is huge pyramid scheme fraud and each year they receive rescue donations from the government to keep retirements money flow. But it’s not the point — every ageing country face this problem and Poland was never in the economic position like western Europe.
But there is a case called “ZUS digitalization” which is a huge initiative to create a new system to replace one from the 90s. The budget, (not sure exactly how much) is hundreds of millions PLN, but to be honest — it can be many times more and it probably will be worth it, considering how many useless jobs it produces.
There are two major IT companies in Poland, Comarch and Asseco, the latter created original software old days. No matter which one will eventually sign the next contract, there are few points worth to mention:
- The budget required is really high and the public sector can’t really disagree on that — they have to comply.
- There are only 2 companies who are big enough to compete on this deal, which is bad for free market concurrency — they can basically agree on doubling the estimated budget and our taxes will be spent…
- Everything is happening behind the curtain.
- The software is extremely hard to estimate and the more people can comment on actual progress, the better.
- And the worst of it — the software’s source is closed, which is the main problem I have in this article.
The problem with the closed source software
OSS is great — everyone can see the code, contribute to it, review, learn and maybe one day — become a maintainer.
Closed source means that whole know-how stays inside the company. You might think that well, a private company paid for this knowledge, nothing bad with it and I agree. But when you order a software, design, whatever, it’s very reasonable that you ask for the source — it’s required to maintain it right? You don’t want to be chained to the original company the whole lifecycle, you have the right to do with the software whatever you like after it’s delivered to you and paid for.
So if the source is provided to the government and they can build and maintain (I’m not sure if it can be otherwise), we might want to ask a question — whose money was spent for this software? Well, the government doesn’t have its own money — it’s taxes. So who is the owner? Something about 38 million Poles have an equal right to this huge piece of code.
So, close software limits the public knowledge of how software work. Another problem is lack of transparency — no-one can verify the decisions made and what was actually done for that money.
Next point will be the security — open source software allows the community to find bugs and solve it, people can report them, often for free, sometimes for money (some bug bounty hunters like Google etc). Now we can only guess what monsters are hiding there.
Finally — closed software only encourages current duopoly, because no-one can even try to get this big domain knowledge. They can say no matter how big prices and they will just get paid.
What we can achieve by making public software open source — by law
- Private people, hackers, developers, companies — everyone can review the code, find security leaks and contribute.
- All companies are able to learn how the system works. They can build their own ideas and knowledge and one day breaks the duopoly. Costs will be lower and quality higher.
- Private developers will be able to write plugins, use APIs etc, which will (probably for free, just name many hackathons initiatives) create a lot of great software — for people, by people.
- Any frauds, stealing, cheating and bad solutions will be detected and escalated.
Of course, experiment like this shouldn’t be tested on multi-million projects, but there are many smaller initiatives from the public sector that just have to be done. It’s so simple for me…
I believe everyone should spread this approach and maybe one day it will have some effect. For now, I’m going to investigate if any more modern country (Scandinavia?) already introduced this approach.