Open source software (OSS) provides local authorities with a dilemma. At one level, it provides a local authority with opportunities to increase choice, competition and efficiency, to achieve long-term savings and to avoid lock-in with suppliers. At another level, there is uncertainty surrounding its use at an organisational level: is it reliable? Is it secure? Is it expensive to support and maintain? Will using it expose the authority to all manner of intellectual property risks?
Used properly, OSS presents local authorities with significant cost savings and the potential to innovate and demonstrate best value in its use of IT. Like any IT project, an implementation of OSS within a local authority will pose a certain number of legal risks. However, such risks are manageable and can be mitigated by means of an effective procurement process, proper due diligence and a fair allocation of risks between the local authority and its chosen OSS provider.
What is open source?
OSS is software where the source code is freely distributed with the right to modify such code at no or minimal cost to the end-user. In other words, use of OSS does not require the payment of a licence fee or royalties to the owner of the intellectual property rights in the software or to the supplier of such software (although it is not unusual for a supplier to charge a nominal sum to cover software distribution costs).
The range of OSS available to end-users is broadly comparable to the range of proprietary software available. Among other things, it is possible to use OSS to meet your local authority's operating system, firewall, anti-virus, server hosting, internet, email and office productivity needs.
Which local authorities are using open source?
Local authorities already use OSS in key parts of their IT network. Many, if not most, local authority websites, will be hosted on a server configured to run what is known as a 'LAMP' stack. The acronym stands for Linux Apache MySQL Perl - software components which are firmly rooted in the open source community.
In 2004, the Office of Government Commerce (OGC) confidently described OSS as "a viable and credible alternative to proprietary software for infrastructure implementations, and for meeting the requirements of the majority of desktop users". In 2005, the Office of the Deputy Prime Minister launched the Open Source Academy (the OSA), an online repository of open source best practice aimed at encouraging the use of OSS by local authorities through knowledge sharing and practical advice.
Key contributors to the OSA currently include Birmingham and Bristol city councils, Cheshire County Council and Shepway District Council. The London Borough of Camden has been developing OSS since 2001 and Powys County Council has been using OSS, in conjunction with the University of Aberystwyth, since the mid-1990s. Guidance and lessons learned from all these local authorities can easily be found on the Internet.
The case for open source
The key arguments in favour of using OSS can be summarised as follows:
- Simpler, cheaper licensing: Most instances of OSS are licensed under terms which require that the software should be available for free, or at most for no more than the cost of distributing the software. As such, most OSS can be used without requiring the payment of licence fees to a supplier. A further benefit is that the open source licence model does not require a local authority to maintain the necessary administrative processes associated with proprietary software, such as tracking who in the organisation is using licenced copies.
- Extracting best value from existing systems: Some proprietary software implementations require local authorities to carry out an expensive technical refresh either at the beginning of the implementation or mid-way through the life of the contract to allow the authority to get the full benefit of the system. One of the noted advantages of OSS is the manner in which applications can be developed to run efficiently on existing or even legacy hardware. Such software can be used to great effect to harness the potential in an authority's existing IT set up, which has additional environmental benefits - less hardware needs to be produced and fewer old machines end up in a landfill site.
- Achieving a better technical solution: OSS can provide local authorities with a system that matches or even excels proprietary systems in terms of security, reliability, robustness and flexibility. OSS is normally distributed with its source code which avoids the need to enter into an escrow arrangement with a supplier and enables a local authority to take the code to a new supplier should the original supplier disappear or withdraw support of the OSS.
But what about the risks!
In terms of the type of risk encountered, an OSS implementation presents many of the same types of risk that a local authority would encounter as part of a proprietary software implementation: due diligence, implementation delay, operational performance not meeting the necessary standard, the financial standing of the software provider, change management, force majeure, loss of data, business continuity etc. These risks are manageable for a proprietary software implementation and are equally manageable for an OSS implementation.
More notable are the risks which are, perhaps unfairly, commonly viewed to be attached to using OSS. The following risks merit particular mention:
- Migrating from proprietary software to OSS is an organisational nightmare.
- Using OSS exposes an authority to risks surrounding ownership of IP and infringement of third-party intellectual property rights.
- Support for OSS is fragmented and difficult to obtain.
- OSS providers lack the financial standing to provide local authorities with the level of security they need from their suppliers.
- OSS providers do not provide warranties in relation to OSS. In the event of a problem all risk would be left with the local authority.
As noted at a Westminster Open Source seminar, the perception of such risks creates an unholy trinity of fear, uncertainty, and doubt and stops public sector bodies from taking the plunge into OSS.
Many of these risks are misguided. The fact that the organisational challenge of migrating from proprietary software to OSS can be overcome is demonstrated by successful case studies from public sector bodies in the UK, the EU and US. Many large IT suppliers, including IBM, Sun and HP have invested considerable effort in developing and bringing to market OSS solutions for large organisations. The open nature of OSS promotes inter-operability and open standards such that smaller IT suppliers can compete with larger IT suppliers to provide local authorities with OSS support.
Managing open source risks
Tangible risks can be managed. The procurement process, particularly the competitive dialogue procedure, can be used to identify all risks attached to an OSS implementation and allocate responsibility for these risks to the party who is best able to either resolve the risk or deal with the consequences of the risk. As with the transfer of risk in the procurement of proprietary software, if a local authority wishes to transfer a greater share of risk to an OSS supplier, it should expect to see this transfer reflected in the fees payable to the OSS supplier. The end result should be a contract between the local authority and OSS suppliers that delivers innovation, best value, efficiency savings and a robust solution that meets the local authority's IT needs.
The true dilemma to local authorities is not whether to use OSS but how to use it effectively within the organisation. One of the OGC's key recommendations in its 2004 report of OSS was that public sector bodies should "examine carefully the technical and business case for implementation of OSS and the role which OSS could play in current and future projects".
The opportunities presented by OSS are important and it is expected that it will have a very influential role in the transformation of local authority IT in the next five to ten years. Local authority lawyers will play a key part in this transformation - staff and members will look to them for reassurance that the risks attached to OSS are acceptable and manageable. On analysis, it seems fair to say that they are.