Parliament’s questions to the Court of Audit

Actieplan HeemskerkPreamble
The Lower House of the Dutch Parliament has asked the Court of Audit to investigate the problems and opportunities related to the adoption of open standards and open source software for the government’s information systems. The Court has invited various experts to give their views. This blog post is my contribution.

The questions are being asked to the highest supervisory body of the country, rather than the departments responsible for implementing this policy – the Ministries of Home Affairs, and also Economic Affairs, Agriculture & Innovation – eight years after the government’s first unanimous vote on this issue and the expenditure of about 5 billion euros on licensing fees. The impression given to the outside world is that Parliament is not impressed with the progress of the last eight years and believes that the relevant government departments could benefit from the external scrutiny of a neutral and objective body.

Each of the following five questions implies a series of unspoken assumptions. In order to answer the questions, it is necessary to identify and, where neccesary, challenge these underlying assumptions in order to reach a sensible answer.

The five questions
Here are the answers to the questions raised by Parliament. There is so much interdependence that subsequent responses will sometimes refer back to earlier parts.

“You cannot solve a problem with the same thinking that created it”

1.What possibilities and scenarios exist for the reduction of closed standards and the introduction of open source software by the central government (ministries and related agencies) and local authorities?

The Netherlands is a modern western country and has the same access to knowledge, skills, technology and comparable budgets for IT as Germany, France, Spain and Finland. It is a fact that all these countries have already implemented large-scale adoptions of open source and open standards in government. The implementation requirements of the Dutch government are also very similar to these countries. The reason that The Netherlands has not moved further in this area, eight years after the original, unanimous Parliamentary vote, can therefore be attributed to nothing more than the administrative culture and our Atlanticist political orientation.

There is no fundamental reason why the achievements of these other countries cannot be replicated in The Netherlands, especially as the  groundwork has already been done. Barriers to migration have often been treated as immutable laws of nature rather than just a problem to be solved.

  • Parliament should no longer accept that a high dependence on one supplier is an adequate excuse not to move away from that very dependency (as the Cabinet did in response to parliamentary questions in 2004 and 2006 and 2008). The dependency itself is the problem that must be addressed, not an enshrined principle that IT departments must endure.
  • Parliament should no longer accept that the acknowledged lack of technical or organisational knowledge amongst the 60,000 government IT professionals (and their suppliers) is an excuse for the lack of progress. It is implausible that the Dutch government is incapable of replicating the successful work of its European counterparts. Any governmental IT or management staff who do not have the requisite skills to carry out the very reasonable requests of Parliament should be replaced or retrained. Incompetence is grounds for dismissal, certainly not an excuse for refusal to do the necessary work.
  • Intrinsic motivation works better than coercion. Administrators and IT staff who understand the wishes of Parliament can embrace it with real conviction and are likely to want to produce better results than those who only work under duress.  Such an approach will select and promote suitable people to the right jobs. The staff whose policies and  behaviour have caused our current problems are probably not going to the ones who find the necessary solutions.
  • The link between HR and remuneration policies for IT professionals and achieving technical certification related to proprietary software from a handful of suppliers must be completely severed.

“When you find yourself in a hole, stop digging”

2. What part of closed standards and software can be replaced by open standards and open source solutions and what cannot?

This question has yet another unspoken assumption: that central government has a realistic oversight of all systems, applications and related standards. It does not. As a result, questions about the number of systems that can be replaced are very hard to answer and have little relevance to achieving lower costs and greater independence in the foreseeable future – primarily because of the very large differences in costs that are associated with different standards. The government would do well to focus on the most common, generic issues, for which proven alternatives already exist. The original 2002 Vendrik Parliamentary motion already asked for this.

Key points to identify: what are the most expensive closed source areas where functional open source alternatives already exist and are already being used successfully elsewhere? What are the closest functioning areas that can result in successful migrations?

Migration plans should be drawn up in these areas as a matter of high priority – and this means halting or delaying other projects that may block these migrations and accelerating projects that play a supporting role.

For instance, in 2005 the former Ministry of Economic Affairs produced a document management system which has made it virtually impossible for years for the Ministry to use other web browsers, word processors or desktop operating systems. This is particularly surprising as, in 2004, the government itself announced that such closed systems in the work environement were harmful and undesirable, and were therefore going to be actively addressed as per the wishes of Parliament.

A current, concrete example within national government is the introduction of SharePoint. There is a significant risk that this investment, once made, will be (ab)used yet again as an excuse not to migrate to open and available alternatives. That would take us up to 2016 (14 years after the initial Parliamentary decision!) before any real work could begin on migration.

“Not everything that can be counted counts, and not everything that counts can be counted.”

3.What are the current costs? What are the predicted up-front and structural costs costs of moving from closed standards and the introduction of open source software? What are the projected savings?

NL software importThe Dutch government currently spends about one billion Euros on proprietary software licences annually.  These licences are mainly foreign, and the income tax and VAT on this expenditure flows into the Irish exchequer, because most European branches of American software companies are based there. The total Dutch expenditure is eight times more. Both governmental and general software expenses grow by about 10% per annum and are therefore unsustainable.

A significant portion of these annual costs can be saved or ploughed back into the local economy through Dutch SMEs, and so this cost will be an investment in the Dutch knowledge economy. With the government as the leading customer in this new market structure, it is feasible that The Netherlands could save billions per year.

In addition to these direct costs, various indirect savings could increase this amount many times over: the costs of management and security for vulnerable mono-cultures; the cost of merging old legacy systems and new applications; and social costs caused by security failures and easily avoidable software security problems. Every month there are Dutch hospitals whose primary processes are severely disrupted by computer viruses – a direct result of monoculture.

Moving beyond the financial, it becomes more difficult to quantify the social impact of the high dependency level of Dutch society on certain foreign, privately-owned companies.  However, if more than 80% of the PCs in The Netherlands can be remotely controlled or even switched off, what does that say about Dutch national sovereignty? Is it politically acceptable for foreign software suppliers or government bodies to have an On/Off switch for ministries, municipalities, police, hospitals, water works, supermarkets, schools etc…?

“The best moment to plant a tree is 25 years ago, the next best moment is now.”

4.How would the reduction of closed standards and the introduction of open source software be realised?

With not only the right mandate (which Parliament actually voted for eight years ago!), but also the right expertise significant results are attainable within 24-36 months. This requires making this area a priority issue and a break from the old attitudes, excuses and methodologies of recent years (see answer to question 1). Successes abroad can serve as templates for our projects.

One area where we could make a rapid start would be primary education. Currently we are actively strengthening existing monopolies via this sector with public money. If by 2011/12 the first two years of primary school use open systems and then a higher class is switched each year, The Netherlands will have the first generation of citizens who are trained in vendor-neutral systems entering the workforce in 12 years, easily capable of working with multiple systems and applications. De ‘Rosa Boekdrukker’ primary school in Amsterdam clearly shows how this can be done.

Dutch hospitals in The Netherlands could follow the example of the Antonius Hospital in Nieuwegein.  Many other hospitals can share in this success.   And because it’s already been shown to work, the risks and costs for the next 100 hospitals are much lower.

It will take at least a decade before the full potential of open source and open standards can be utilised.

“Go out on the limb, that’s where the fruit is”

5. Beyond the cost, what other advantages, disadvantages, risks and opportunities should the Court of Audit factor in? What conditions must be met to make possible the implementation of open standards and open source software?

Benefits & Opportunities

  • Savings of billions per year in direct costs for all citizens and IT-using organisations in The Netherlands.
  • Redirecting a stream of funds from Ireland / USA into Dutch society as a huge and permanent investment in our knowledge economy.
  • Government investment in software will result in free, reusable software and knowledge available to our whole society, rather than controlled by privately-owned and usually foreign companies.
  • Security is strengthened through greater diversity of IT, competition, and the possibility of custom code audits.
  • National sovereignty is reinforced when the government has complete control over its systems.
  • General IT competence will dramatically improve, ensuring fewer spectacular and expensive failures such as the 2006 ‘Walvis’ Tax project, national medical records, public transit chip cards and, most recently, the new police system to name but a few.

Disadvantages and risks

  • The current, fragmented IT policy of the Dutch government means that a thousand little fiefdoms may need to be broken up.
  • The apparent lack of skills amongst IT management may have consequences for personnel. No doubt there will be resistance.
  • Significant investment is probably needed in re-training government IT professionals.
  • Angry phone calls from Washington DC when the flow of licensing money is shut off.

Preconditions

  • See answers to question 1.
  • Be realistic about the positioning and motivation of software companies. Companies seek to maximise profits, control markets and will therefore exploit any leeway that the government offers them. We do not invite the turkey to discuss the Christmas dinner. Therefore why do we accept “advice” from software companies and their interest groups about the best software strategy?
  • We need to break away from the idea that  extensive outsourcing is necessary, effective or desirable. The raison d’etre of government is to justly serve the legitimate needs of its citizens; it should therefore have detailed and inherent control over information systems. Stop the corporate-speak and ‘playing business’ by civil servants. Government is not a business, nor should it pretend to be. Outsourcing the control of information processing systems is contrary to the very principles of a democratic state for exactly the same reasons that outsourcing the military forces or the judiciary would be.
  • Make a clear distinction between political and administrative goals and the means of achieving them. Cutting costs can be realised in many ways, regaining national sovereignty in only one.
  • As long as desktop projects implemented under the guise of “efficiency through economy-of-scale” result in each desktop costing 6600,- Euros per annum, this kind of bullshit-bingo is completely risible. Keep IT managers and other decision makers who don’t know the difference between desktop-standards and a "standard-desktop" away from such projects.