Open Software and Public Administration: online the Guidelines for software acquisition and reuse
When it comes to open source, Italian laws are among the most advanced in Europe. We work to make them work.
Questo articolo è disponibile anche in italiano
After a close and fruitful collaboration with AgID, we announce the new “Guidelines on the Acquisition and Reuse of Software” (hereafter Guidelines).
In this document, we outline the new processes that all public administrations will have to follow, by law, when they are preparing to acquire or commission software development and subsequently make it available to other administrations, free of charge, by publishing through open source.
An advanced law for the reuse of software
Despite the limited practice of software reuse, Italy has one of the most advanced laws in Europe regarding the use of open source within the Public Administration, aimed at sharing software and saving public spending.
As Digital Team, we have worked with the Ministry of Public Administration to improve the Code for Digital Administration, a process that lasted months and ended with a final approval by the Council of Ministers in December 2017. In the course of the revision, we also intervened on the articles that regulate the ways in which administrations acquire software and make it available among each other.
Already for some time, all administrations have been required to release, under a free license, all the code they own, making it freely available for other administrations to customize and use it. Since 2005, article 69 of the Code for Digital Administration, clearly indicated in paragraph 2, the obligation to “make the source […] code available, complete with documentation, released in public repertoire under open license, for free use by other public administrations or legal entities that intend to adapt them to their needs.”
In reality, however, this rule was never applied because the procedures and tools to do it were missing. It was first necessary to create a document explaining in detail the processes that needed to be followed: these are the Guidelines. We developed them by soliciting suggestions and improvements not only from the entire Developers Italia community but also from those who care deeply about this issue.
Within these Guidelines, we have also codified the comparative assessment process that administrations must perform before acquiring software, simplifying previous processes and reiterating the priority given to the adoption and evolution of reused software.
Let’s take a moment to analyze the context in which we are operating today and go over the reasons for which we think this can really be a turning point.
Spending on public software
The Italian Public Administration spends hundreds of millions of euros on the execution of projects related to the world of software. Although it is difficult to extract a precise figure, the survey carried out by AgID, as part of the work done for the Three Year Plan, has counted a € 621 million expenditure in the three year period 2013–2015, which was carried out by the central offices (ministries and bodies) of about twenty large administrations*.
This money is largely spent on the creation of new software projects, which are usually implemented from scratch. Although some applications, by their very nature, represent a unique national landscape (take for example the central ANPR registry, or the tax system of the Revenue Agency), it’s easy to imagine the huge savings that can be achieved by involving systematically more administrations so that effort and investments can be shared among them. Instead, administrations communicate very little among themselves and when they do, it is in an unstructured way. It’s difficult for two big cities to begin exchanging acquired software.
The “re-use of software” (the so-called mechanism of sharing software within the public administration) is today practically non-existent.
Open source as a virtuous process
On the other hand, the world of industry has aligned itself with the use of open source as a mechanism for building incremental value for software. Instead of starting from scratch every time they write a program, all the big names in the software world draw heavily upon the vast selection of components and semi-finished products available on platforms like GitHub. These kinds of products are released in large quantities so that their development can be carried on in a collaborative way with software developers mutually benefitting from the improvements.
This is the model we have chosen to use in Developers Italia: creating and publishing ready-made components under open license. In our case, the goal is to help integrate the enabling platforms of the country’s Operating System (like SPID and PagoPA). It’s a process which anyone can contribute to, as experienced during Hack.Developers. During this hackathon, which we organized last September, more than 800 developers came together to create code. Some of this code is already being used by software houses to create a new generation of public services.
With the Guidelines, we broaden this model. From now on, the administrations will be able (and have) to: publish on the platform Developers Italia all software purchased in the past years and all software to be acquired in the future; choose an open license among those certified by Open Source Initiative; follow the Technical Guides containing all the details of the procedures that we’ve attached to the Guidelines and which will be regularly updated.
For all new procurement contracts involving the creation of software, the Guidelines reiterate to the administrations that they must always acquire full ownership of the software that is being developed, and attach Technical Guides made to tender specifications; thus, the supplier has the responsibility, as part of the contract, to release and maintain the product in open source. In the case of a contract, the supplier is charged with the task of following closely the technical process in order to publish and maintain the software in open source, making it fully available to the other administrations.
The Advantages of Reusing Software through Open Source
Think of all the advantages of creating a real wealth of open source software for the public administration.
- Savings: we repeat, why buy something twice when you can buy it once?
- Incremental Improvement: rather than starting from scratch, administrations will be able to (and will be obligated to) evaluate existing open source software before commissioning other projects to see whether it can be customized and evolved to suit their needs. In this way, public software assets will be constantly updated and expanded.
- Sharing costs: if many administrations share the same software, why shouldn’t they agree to divide maintenance costs, for example? Or maybe harmonize requests for new features so as to make them useful for everyone. All of this will finally be possible.
- Supplier accountability: the administration will be able to inspect a software’s source code as it is being written, thus being able to audit the quality of work performed.
- Transparency towards citizens: according to the principles of Open Government, everyone will be able to see software that has been developed and study its function. Technicians will be able to report anomalies and malfunctions, or even help, for example, their municipality, intervening with an improvement on a voluntary basis.
- Education: university and high school students will be able to study the source code that creates the services they use every day. They will learn about the most often used technologies “in the field” and acquire important digital skills in the Public Administration. Universities will be able to offer thesis projects on the public code, collaborating directly to improve the lives of all citizens.
- Security: without prejudice to the proprietary system that can offer suitable guarantees of security, thanks to the use of open source, it will be easier and cheaper to carry out important audits on security problems as well as perform massive scans of all public software. For example, think of all the university research centers that can help identify potential or actual problems as a result of their studies.
- Creation of a service market for SMEs: open source software will not always be ready for use, because, like all custom-made software, it will always require customization, installations and training. However, since the software is free, anyone can study it, deepen his/her own knowledge and make his or her services available to administrations. To facilitate the crossover between supply and demand, we are considering integrating Developers Italia with Consip’s MEPA (the main platform for Public Administration purchases).
Some technical notes
Our vision is making the public administration’s software ecosystem as close as possible to that of an open source community: an ecosystem of small large businesses and a community of public hackers who can finally cooperate to innovate the country, starting from its digital foundations.
To achieve our goals, the first and most essential tool is the choice of license, which in turn encourages contributions and reuse. While deciding to leave the administrations free to choose any license they want (as long as it’s certified by OSI as an open-source license), we also wanted to prepare a list of recommended choices, to help administrations choose between licenses, thus simplifying reuse. We have chosen EUPL and AGPLv3 for all software applications, BSD for libraries and SDKs, and CC-BY for documentation and code examples. We believe this is the best way to guarantee to all citizens that the software commissioned by the Public Administration remains open and for the benefit of all.
However, even a good license would be useless in constructing a true ecosystem of open development without tools and models of collaboration. Therefore, each public administration must elect (and make indexable) its own “code hosting” platform; the choice should be made among those options that are already allowing open and collaborative software development. In other words, we are talking about the most popular platforms which are characterized by public registration such asGitHub, Gitlab, BitBucket, Phabricator, Gitea, Gogs.
Each repository will be surveyed and indexed through a YAML metadata file: publiccode.yml (format developed in the context of a European community of insiders), which any open source project can adopt, and which will allow for the creation of a software search engine for reuse by public administrations. A search engine, developed as part of Developers Italia, will search and index these files, thus, offering a catalogue of software reuse available for administrations, easy to consult, and exposed in open data with API documented for anyone who wants to do an analysis or study it.
We have also given some detailed instructions to encourage a collaborative system that evolves the code base in a shared way:
- All software must contain technical instructions for clear installation and configuration, by providing automated deployment tools where possible: for example, Makefile, Dockerfile, Ansible playbook or CMakeLists.txt, so that it is easy to test and evaluate software.
- The documentation must be distributed in an open format that allows for changes made to the document to be traced. This can be done using systems such as Doxygen, Readthedocs, Markdown or LaTex.
- Administrations will indicate to the software houses how to carry out maintenance by means of a ready-to-use guide, to be attached as an example according to tender specifications. This would also include the creation of a role of maintainer of Open Source software whose task would be to respond to reports and evaluate improvements and technological developments (pull request) coming from other administrations (or from third parties).
- Also by means of a ready-to-use guide, the administrations will indicate to software companies how to modify an open third-party software, trying to align with the main version as much as possible and contributing changes to the main development branch (that is, without creating a fork).
As we explained in the best practices, the development of the guidelines in consultation was open as well. In fact, you can consult them anytime as the sources are on GitHub (in Italian only).
For the more technical among you who want to know more, we suggest you watch our talk at FOSDEM 2018.
*This figure refers to the aggregate of costs incurred for the projects under the categories “Intangible Infrastructure” and “Ecosystem”, which refer to projects relating to software.