May 15, 2003

Oregon and Texas: Stealth Open Data Format Laws?

Oregon and Texas have extremely similar bills being considered by their legislatures in 2003. The Texas bill, SB 1579, was in the Senate State Affairs committee and had a public hearing on May 8. The Oregon bill, HB 2892, was referred to the House Ways and Means committee and had a public hearing on April 3.

What it interesting about these two bills is that they are being presented by their sponsors, and reported in the press, as "open source" bills. However, in some ways they are much closer to "open data format" bills, and as such may be the first of their kind.

Unfortunately, while the Texas bill was in committee it was replaced with a substitute bill that chopped it down to almost nothing, and now says nothing about open data formats. The Oregon bill was deemed unworkable in its current form and handed off to a working group for further discussion, although it is unclear how much discussion will actually take place.

CONTENTS

The bills
Suggested improvements
Current status

The bills

According to its history page on the Texas Legislature's site, the Texas Senate bill, sponsored by Republican Senator John Carona and titled "Relating to software acquisitions by state agencies," had its first reading on March 20; the Oregon House bill (the Oregon Legislature's bill status site does not provide unique URLs for search results), titled "Relating to software acquisitions by state government" and sponsored by Democratic Representative Phil Barnhart, had its first reading on March 5.

The Oregon bill was submitted at the suggestion of Ken Barber, a Microsoft Certified Systems Engineer from Eugene; the Texas bill is not identified as being the brainchild of any particular everyday citizen, and the general consensus is that it was based on the Oregon bill. In any case, the text of the bills is essentially identical, although the Oregon bill includes a preamble and the Texas bill goes on to amend some other sections of the government code to mention compliance with the new bill.

The bills are certainly promoted as open source bills. In Oregon, Representative Barnhart's site lists ten articles about the bill, all of which mention "open source" in the title. The EFF-Austin's site mentions open source repeatedly (EFF-Austin, incidentally, is independent of the main EFF).

Nonetheless, a closer reading of the bill reveals the fact that although they both require that the government only "consider" open source software, they state that the government should "avoid" products that do not use open standards.

The bills define five rules that the government must follow:

  1. Consider acquiring open source software products in addition to proprietary software products
  2. Except as provided in (4) and (5), acquire software products primarily on a value-for-money basis
  3. Provide justification whenever a proprietary software product is acquired rather than open source software
  4. Avoid the acquisition of products that do not comply with open standards for interoperability or data storage
  5. Avoid the acquisition of products that are known to make unauthorized transfers of information to, or permit unauthorized control of or modification to state government's computer systems by, parties outside the control of state government.

Open source is defined using the same six rules that were in the California bill, whch are the same six rules that were in the Peru bill:

  • Unrestricted use of the software for any purpose;
  • Unrestricted access to the respective source code;
  • Exhaustive inspection of the working mechanisms of the software;
  • Use of the internal mechanisms and arbitrary portions of the software, to adapt them to the needs of the user;
  • Freedom to make and distribute copies of the software;
  • Modification of the software and freedom to distribute modifications of the new resulting software, under the same license as the original software.

Open standards, meanwhile, must be defined such that they:

  • Are available for all to read and implement;
  • Do not lock the user into a particular vendor or group;
  • Are free for all to implement with no royalty or fee except for a fee or fees required by the standards organization for certification of compliance;
  • Do not favor one implementer over another for any reason other than the technical standards compliance of an implementation;
  • Do not prohibit the implementation of extensions, but may employ license terms that prevent subversion of the standard through predatory practices.

This is a pretty reasonable definition; although it is written with an eye towards definitions produced by standards bodies, it does not require this; it states that that formats must be disclosed to the public, not just the government; and it is not particularly onerous, since any company could simply release their internal data format documentation for all to see and they would be in compliance (unless the part about "Do not favor one implementer over another" could be construed to mean "must not be defined by a single company that is also implementing the standard"). I might suggest tightening up the "Are available for all to read and implement" with some languages such as "and would allow one skilled in the art to fully interpret any data file using such an encoding."

Of the five rules set by the bills, item #1 (consider open source products) got the most press, and items #2 (acquire software on a value-for-money basis) and #3 (justify purchases of proprietary software) got the most flak from opponents. However, I think #4 (avoid the acquisition of products that do not use open standards) is the most interesting, and it's the only one (along with #5, avoid spyware) that sets a hard-and-fast rule on what the government should do. The fact that it was not the main thrust of opponents' arguments demonstrates that it is difficult to argue against the benefits of open data formats (as opposed to arguing against standards-based data formats, which is much easier).

It's not clear what the legal meaning of "avoid" is. Because the other thing that is on the "must avoid" list is spyware, which is a bit of a stretch to worry about, somehow in my mind this makes "avoid" seem more like "try to stay away from because it's just common sense" rather than "never buy", but I can see why legally "avoid" would be interpreted the latter way, and require the government to buy only software that supports open data formats.

As a result, while these bills are publicly touted as open source bills, they seem to be closer to open data format bills. The press seems to have missed this; writeups of the bills refer to only open source, and perhaps to open standards as a secondary goal. The Oregon bill was discussed, for example, by the Register [3/7/03] and Slashdot here [3/6/03], here [4/8/03] and here [4/18/03]; the Texas bill was discussed on Slashdot when it was submitted [3/15/03] and again when a hearing was held [5/10/03]. In all cases they were presented as bills that simply required consideration of open source.

Suggested improvements

The bills could certainly be improved by focussing them more on open data formats and downplaying or removing the open source requirements. The summary of the Oregon bill states that it "Requires state government to consider using open source software when acquiring new software. Sets other requirements for acquiring software." The "other requirements" (open data formats) should be expanded and emphasized.

The justification of open source in the preamble of the Oregon bill is fairly open to attack. For one thing, it hand-waves the cost issue by merely stating "The acquisition and widespread deployment of open source software can significantly reduce the state's costs of obtaining and maintaining software" which is of course extremely open to debate.

Meanwhile, it makes the point about open data formats: "It is necessary to the functioning of the state that computer data owned by the state be permanently available to the state throughout its useful life" but then rather than use that to point out the benefit of open data formats, it instead uses it as the lead-in to an attack on proprietary software manufacturers: "To guarantee the succession and permanence of public data, it is necessary that the state's accessibility to that data be independent of the goodwill of the state's computer system suppliers and the monopoly conditions imposed by these suppliers".

It then makes two statements: "Open source software guarantees that its encoding of data is not tied to a single provider" and "Open source software ensures interoperability through adherence to open, platform-neutral standards" which are both at worst false and at best an easy target for opponents to gum up the debate. The first one works much better if you simply substitute "Open data formats" for "Open source software", and although open data formats are not necessarily open and platform-neutral, they do go a long way towards ensuring interoperability.

Current Status

The public hearings on the two bills had different outcomes.

According to Chris Sells, who testified against the bill [4/4/03] at the hearing (only because of provision #3, requiring justification of purchases of proprietary software, which would put too much of a burden on government employees), the result of the hearing was that the bill was referred to a working group "to come up with a bill that the committee could actually consider submitting for a vote". Chris also points out in his writeup that "open source didn't mean open standards or open data formats" (although the bill not just depend on "the source tells all" to guarantee documentation; it explicitly defines and requires open standards, in fact much more than it requires open source, as I have discussed).

The Oregon bill was scheduled for discussion at a House General Government Committee work session on April 17, but due to opposition it was passed over [4/18/03]. Along the way, provision #3 was dropped after opposition from industry and the government's central purchasing agency. According to the author of the bill, the Speaker of the House eventually killed the bill [5/2/03] due to "powerful out-of-state corporate interests."

In Texas, according to an account of the hearing [5/8/03] from Chip Rosenthal at EFF-Austin, "Sen. Carona has put forward a substitute bill. That means what we've been looking at as SB 1579 no longer exists. The substitute bill is much simpler. It just adds the following paragraph to Texas law:

The [Department of Information Resources] shall publish guidelines relating to the information a state agency must consider in determining whether the agency should acquire open source software products in addition to proprietary software products."

The hearing went well, evidently because the substitute bill surprised opponents of the original one and rendered their arguments (one of which was complaints about provision #3) moot. This may be a win for open source, in that the bill is now so innocuous that it stands a chance of passing. But it says nothing about open data formats, unless the guidelines happen to mention them. Plus, it now only applies to one department instead of all state agencies.

Posted by Adam Barr at May 15, 2003 04:36 PM

Comments