May 12, 2003

Open Source Law in Peru

In early 2002, several pieces of legislation were introduced in the Peruvian legislature to mandate free software on all government computers. A summary of the bills is available on the web site of GNU Peru (which provided technical advice to the authors of the bills).

The first bill introduced was number 1609. The law was quite specific (and fairly restrictive) on what constituted free software. Although I do not like the requirement that only free software be used, the discussion in the bill did focus on open data formats as one of the primary benefits of free software.

Discussion of bill 1609 led to a FUD-ish letter [3/21/02] from Juan Alberto Gonzalez, the head of Microsoft Peru, to Edgar Villanueva Nunez, the Congressman who had introduced the Bill, which in turn inspired a long response [4/8/02] from Villanueva.

An article in Wired [4/22/02] covers the story, and you can also read an interview with Villanueva [5/24/02].

According to someone at GNU Peru, the law never went anywhere because of lobbying [7/27/02] by Microsoft and others.

Read on for discussion of the bill and the two letters.


The original bill
Microsoft response
Response from Edgar Villanueva Nunez
Lobbying and Current Status

The original bill (translation)

The bill is straighforward in its objective: "Employ exclusively free software in all the systems and computing equipment of every State agency." Furthermore, it states:

The Executive, Legislative and Judicial branches, as well as the autonomous regional or local decentralized organisms and the corporations where the State holds the majority of the shares will use free software in their systems and computer equipment.

Although I do not approve of the proposed solution of requiring free software, the language in the explanation is fairly reasonable and is primarily concerned with issues that would be solved by requiring open data formats. As the bill says early on:

"The discovery of new information technologies, among them Free Software, has become an ideal instrument to assure the preservation of the State's data".

The text points out that the Peruvian constitution guarantees people access to data they need, while keeping personal information private. The principles the Bill wants to protect are summarized as:

  • Free Access of the citizens to public information
  • Perenniality of public data
  • Security of the State and of the citizens

Which are each expanded on in turn:

To guarantee the citizens' free access to information, it is indispensable that the coding of the data not be tied to a sole provider. The use of standard and open formats guarantees this free access, making possible the creation of compatible software.

To guarantee the perenniality of public data, it is indispensable that the use and maintenance of software does not depend on the good will of the providers, nor of monopolistic conditions, imposed by them. Systems can be guaranteed by the availability of the source code.

To guarantee national security it is vital to have systems that are devoid of elements that allow remote control or the transmission of non-desired information to third-parties. Therefore, it is required to have systems whose source code is freely accesable to the public, so that its inspection be allowed by the State, the citizens and a great number of freelance experts in the world.

Thus the first two are talking about open data formats, although the second states that having the source code is enough to guarantee preservation of data (which is what the translator undoubtedly meant when using the phrase "perenniality of data"). I would much rather have technical documentation of the data format than source code.

The third argument, about not having spyware, is a bit of a scare tactic, and I think the free software movement overstates the likelihood that experts will actually examine all source code. The bill expands on this theme later on, without pointing out that individual citizens will not be able to go in and modify the actual code that is running on government computers. They will have to take it on faith that the source code they are looking at is actually what is running on the computer. And of course the government could spy on its citizen's data no matter what kind of software it is running. This just removes the chance that the company that wrote the software is also going to spy on the data, which seems a very minor concern.

The bill goes on to point out the licensing benefits of free software, a paragraph that involves a bit of hand-waving:

The project clearly states that any given software in order to be acceptable for the State must not only be technically adequate to carry out a given task, but must also fulfill some requirements in license matters without which the State could not guarantee the citizen the adequate processing of data, the monitoring of its integrity, and the confidentiality and its permanent accessibility, all of which are critical elements for fulfillment of the project.

The bill then mentions that using free software could create jobs for local programmers, and also eliminate the issue of government liability if it is caught using unlicensed proprietary software (!). To its credit, while it does mention cost, it downplays it, and does admit there would be migration costs.

So what to do if no free software is available? The bill offers several choices, in descending order of desirability:

  1. The first choice is to use software that has the source code available and has no intellectual property liens, but which does not allow you to distribute modified copies. This would exclude Microsoft's "Shared Source" license.
  2. The next choice is if "no programs of the preceeding category were available, those that exist in a free project of advanced development shall be chosen." The translation is unclear but I gather it means the next best choice is to use a late beta of free software.
  3. Failing that, the government can use proprietary software, but must check every two years to see if a free software alternative is available. Furthermore, the department using the proprietary software must "guarantee the storage of data in open formats, without prejudice of payment for the proprietary licenses." Open formats are defined later as "any manner of digitally coded information that satisfies both existant standards and the following conditions:
    • Its technical documentation is publicly available.
    • The source code of at least one complete reference implementation is publicly available.
    • There are no restrictions for the creation of programs that store, transmit, receive or access data codified in such way."
    which is a fairly restrictive definition, since it requires source code to be publicly available, which again would disallow Microsoft's "Shared Source" license. Once again, I disagree that having source code public is necessary; in my opinion the first and third conditions should be sufficient to be considered "open format". In fact, this requirement is more stringent than the one for complete free software, since with free software it is assumed that "the code tells all" and there is no explicit requirement in the bill that technical documentation be publicly available (although in practice it likely will be).
  4. FINALLY, there is an exception to use proprietary software with a proprietary data format, but it has to be announced on the goverment web site together with a risk analysis.

Microsoft response (original letter, translation, another translation)

On March 21, 2002, Juan Alberto Gonzalez, the General Manager of Microsoft Peru, sent a letter to Edgar Villanueva Nunez, the congressman who introduced Bill 1609.

The letter gives a very weak argument against Bill 1609, which reflects Microsoft position vis-a-vis open source back then--that open source would go away if Microsoft just put its weight behind a few token arguments. The letter claims Bill 1609 would be discriminatory. and does not consider "the dangers that this can bring from the point of view of security, guarantee, and possible violation of the intellectual property rights of third parties." It also claims the issue of cost is not important, and includes the following doozy: "One of the arguments behind the bill is the supposed freedom from costs of open-source software, compared with the costs of commercial software, without taking into account the fact that there exist types of volume licensing which can be highly advantageous for the State, as has happened in other countries." So Microsoft is basically saying sure we charge for software, but we may be able to charge you a bit less! How thoughtful.

Response from Edgar Villanueva Nunez (translation, another translation)

The letter from Microsoft was an easy target, and on April 8, 2002, Villanueva responded, in a long letter that shreds Microsoft's points in turn. He points out that the cost issue is a minor one (and in retrospect, he may wish he had left it out, since it just gives Microsoft ammunition). He also explains that the bill is talking about "free software", not "open source" (free software has to really be free, beyond just having the source code available -- the Free Software Foundation's website has a page that attempts to explain the difference).

Villanueva says the law would not be discriminatory (not being an expert on Peru's laws, I have no idea if this is true). He then points out a couple of issues with proprietary software that were not included in the preamble to the original bill: forced upgrades and cessation of tech support. "And as the whole infrastructure is based on proprietary data formats, the user stays 'trapped' in the need to continue using products from the same supplier, or to make the huge effort to change to another environment (probably also proprietary)."

To Microsoft's concern about "security, guarantee, and possible violation of the intellectual property rights of third parties", he responds:

  • Security: "But it is also well known that the bugs in free software are fewer, and are fixed much more quickly, than in proprietary software."
  • Guarantees: "In the great majority of cases the guarantees are limited to replacement of the storage medium in case of defects, but in no case is compensation given for direct or indirect damages, loss of profits, etc... If as a result of a security bug in one of your products, not fixed in time by yourselves, an attacker managed to compromise crucial State systems, what guarantees, reparations and compensation would your company make in accordance with your licensing conditions?"
  • Intellectual property: "The inclusion of the intellectual property of others in works claimed as one's own is not a practice that has been noted in the free software community; whereas, unfortunately, it has been in the area of proprietary software. As an example, the condemnation by the Commercial Court of Nanterre, France, on 27th September 2001 of Microsoft Corp. to a penalty of 3 million francs in damages and interest, for violation of intellectual property (piracy, to use the unfortunate term that your firm commonly uses in its publicity)."

I'm not sure about free software having fewer bugs, but he does a good job of reducing Microsoft's argument to ashes. These aren't arguments for using open data formats, but he is only bringing them up because Microsoft did.

He goes on to talk about support costs, since Microsoft brought that up (saying the cost of software is only 8% of the total cost of using it):

Now the use of free software contributes significantly to reduce the remaining life-cycle costs...

This reduction in the costs of installation, support etc. can be noted in several areas: in the first place, the competitive service model of free software, support and maintenance for which can be freely contracted out to a range of suppliers competing on the grounds of quality and low cost. "

In the second place, due to the reproductive characteristics of the model, maintenance carried out for an application is easily replicable, without incurring large costs (that is, without paying more than once for the same thing) since modifications, if one wishes, can be incorporated in the common fund of knowledge.

Thirdly, the huge costs caused by non-functioning software ("blue screens of death", malicious code such as virus, worms, and trojans, exceptions, general protection faults and other well-known problems) are reduced considerably by using more stable software; and it is well known that one of the most notable virtues of free software is its stability.

This is actually a fairly weak part of his letter, but again he is only addressing it because Microsoft brought up the cost issue. I doubt the market for free software support is more competitive than that for Windows support, since the Windows market is bigger. The argument about bug fixes being shared may be true, but it also may be harder to not hear about fixes (unlike with proprietary software, where the fixes all come from one manufacturer who is aware who is running its software). And I think people should be wary of saying "open source software is better/faster/etc" since this is the kind of battle Microsoft can fight with its current software, and may just turn into a war between different research reports. As opposed to, say, open data formats, which Microsoft would have to change its policies to support and would have a much harder time arguing against.

Finally, Villanueva states:

We agree that in the private sector of the economy, it must be the market that decides which products to use, and no state interference is permissible there. However, in the case of the public sector, the reasoning is not the same: as we have already established, the state archives, handles, and transmits information which does not belong to it, but which is entrusted to it by citizens, who have no alternative under the rule of law. As a counterpart to this legal requirement, the State must take extreme measures to safeguard the integrity, confidentiality, and accessibility of this information.

Exactly! A great argument for open data formats.

Lobbying and Current Status

One aspect of this lobbying was two letters sent from the American embassy [6/17/02 & 6/19/02]. One letter was from John R. Hamilton, the America ambassador to Peru, to Carlos E. Ferrero Costa, the President of the Congress, and cc'ed to Gloria G. Helfer Palacios, President of the Education and Technology Commission, and to Pedro A. Morales Mansilla, president of the Consumer Safety Commission. This letter claimed that the law could have a serious effect on the Peruvian software industry, which had the potential to create 15,000 jobs, and would also send a confusing message to foreign companies looking to invest in Peru. Enclosed, according to the letter, was a factsheet from Microsoft discussing its concerns over open source software. The second letter was from Stephen M. Liston, an economic advisor at the American embassy, to Pedro Morales, which was just a cover letter for another copy of the factsheet.

It was not officially proven that Microsoft was behind the letters, but it certainly looked suspicious. Around the same time, Microsoft also donated $550,000 in software and services [7/15/02] to the government of Peru. I exchanged some email with Jesus Marquina-Ulloa, webmaster of the GNU Peru site, who said that the lobbying succeeded: the bill was discussed in committee but never came to a vote, and is currently in a dormant state, although it may be revived in the future.

There was also an exchange of letters sent from the General Manager of the American Chamber of Commerce of Peru to the President of the Congress; the letter from AmCham Peru [5/27/02] and Villanueva's response [6/7/02] are online, but no translations are available.

A Babelfish translation of the letter gives the general gist, which is (i) to warn about migration costs, (ii) point out that software costs are a small part of the total cost, (iii) mention that government gets good deals on commercial software, and (iv) warn that free software does not have enough of a service industry to support the government . Plus the arguments about the law being discriminatory, hurting local companies and discouraging foreign investment. It also includes a somewhat dismissive response to the advantages that open data formats give to ensuring the preservation of data: "evidence does not exist that free software is superior to commercial software. On the contrary, it is possible to argue against free software on such criteria." Of course, he does not attempt to actually make such an argument.

A Babelfish translation of Villanueva's response shows that Villanueva merely pointed out that the letter had essentially the same points as the one sent by the General Manager of Microsoft Peru, and his response is to enclose a copy of that letter.

Posted by Adam Barr at May 12, 2003 12:23 PM