Public Procurement and Open Source

Steve writes "Open code in public procurement is an interesting take on free software and open source software in a federal or state environment. Pawlo: 'It is time that public bodies and governments look over their public procurement policies. The policy should guarantee competition, not stifle it.' Thinking of the latest Bill Gates rant this make sense."

A major problem

[interstellar_donkey]

As somebody who works in procurment from time to time, I can say that open source work is'nt something that is too appealing.

Basically, it comes down to accountability. When the RFP responses come back, the government agency needs to see that there is a clearly defined orginization that it can access to resolve issues. If they see 'free' or 'open source', red flags will go up. "You mean anyone can change this? No thanks"

It's a standard way of thinking for government agencies. They will never adopt open source unless it first becomes general practice in the commerical sector.

Procurement people are least qualified to procure

[Astrorunner]

Its true. Mostly. People in Procurement generaly have some idea as to what it is their job is about, and some idea about the items they need to buy. Sure, anyone can buy trash bags and styrofoam cups, but you expect them to pick an open-source package over, say, a Microsoft package?

Its not very likely to happen, mostly because of the FUD factor, and that, IMHO, Microsoft is a "sure thing" at least in terms of keeping their jobs. For example, choosing Windows over Linux -- the buyer knows Microsoft will be around tomorrow, and thats what everyone knows, so damnit, if it costs more and its insecure, its what people want and expect. Except the people "in the know."

It comes down to the people who need the software to sit down and convince the buyers why this or that open source package is comparable, if not superior.

Don't get the government involved

[globaljustin]

I've worked in government at the local and national level doing data entry among other things. Now listen you open source die hards, the people who would be using the cheap open source software you tout so much actually need the uniformity and technical commonality that microsoft provides.

The typical government computer user can barely use basic microsoft products. And before you counter with "well linux is easier" remember the computer background that most of these people have. A home pc for checking email and that's about it.

When open source can offer some real compatablility and uniformity then maybe using it in government applications can be feasable. Right now, it is not even on the table

formats

[Alien54]

isn't this why we have SMGL and HTML etcc in the first place?

It seems that this is "merely" a matter of enforcing existing standards. But then, I am not a bureaucrat.

BSD is the open source model to use.

[jhines]

Look at the license of the BSD's, this is what software developed with public money should be released as.

The TCP/IP stack, which has been adopted by just about everyone, to great benefit is the prime example.

The GPL folks can use the BSD code, as can MS, and the rest of the commercial world. If the taxpayers have paid for the developement of the code, it should be free across the board from there, as its paid for.

Re:Procurement people are least qualified to procu

[Global-Lightning]

Tell me about it. About three years ago, four of our servers were at the end of their useful life and needed to be replaced.
After doing some intensive research, we found a package that satisfied our current and future needs. Top of the line dual processors, maxed-out memory, dual RAID controllers, the fastest harddrives, etc, at quite a nice price
So we write up the paperwork and send it off to the procurement folks. About 9 weeks later (this is considered blindingly quick in the federal govt) The boxes finally arrive. Upon opening them, however, we discover these aren't the systems we requested. They had less memory, and more importantly, no RAID nor harddrives. We contact Procurement to let them know there has been an error. A week later, they call us back to inform us that there was *no error*. It turns out they took our request, and duplicating our effort, researched what was available. Taking it in their hands to decide what was best for us, they found and ordered these 'comparable systems'. Total savings: $39 per server.
Long story short, we had to purchase everything else we needed seperately. Your tax dollars at work...

The procurement system in the government has long been known to be broken. It's a system that was designed for the industrial age to acquire massive quantities of commodity goods. Applying this obsolete system in the 'Information Age' betrays its shortfalls:

• Beaureucratic documentation and approval processes that adds no value. What they succeed in is adding weeks and months (and sometimes years) to the procurement cycle.
• This system inherently favors large corporations over any other source. Instead of overhauling the process, the government tinkers with legislative band-aids such as small and minority business requirements
• By design, the people with the knowledge to make intelligent purchase decisions are not allowed to make the purchases!

The problem is that no one with any real influence has a true desire to fix it. While elected leaders decry waste and inefficiency, most of those wasted dollars is spent in someone's district. The beaureucracy doesn't want to change the system since it creates jobs which are a nightmare to eliminate. Lastly, the system creates a strong 'profit motive' for large business to work with the governent since inflated purchase prices go directly towards the bottomline.
In the end it's just another means of creating pork, only much more difficult to see

Peru and OpenSource

[opkool]

Hi,

Peruvian Congressman Villanueva has proposed this law (in Spanish. Use the Fish) that will change the way Peru buys its software. The origin of the Law and it's "travel" within the Peruvian Congress is in this timetable

Congressman Villanueva's Law will ask for any software to be bought by the Government of Peru to provide data in open formats. It will also ask for the source code and the hability to modify the code, to adapt it to the necessities of the Peruvian Republic.

The idea behind this is (liberal translation from Spanish):

"We, the Governemnt, cannot allow any company -foreing or domestic- to ship software that can hide spyware. We, the Government, cannot allow a private company to own the data that belongs to the People of Peru. We, the Government, have special needs and obligations: provide the best 'bung for the buck', allow any Peruvian to audit the source code of our applications to make sure there's nothing hidden that endangers Peru, and to make sure that the data is available even if we change the software supplier. Any software that do not abides by this law will not be used by any Peruvian Government agency".

Also, check what Microsoft Peru had to say about it. And what Congressman Villanueva answered to them.

Go, Peru!

The process isn't designed for open source

[Bowfinger]

Background: I have some experience with government IT procurement. I worked for a state agency several years ago. I was responsible for several UNIX and PC-related procurements for my agency since those were my areas of IT responsibility. Then, because I had both technical expertise and experience with our procurement process, I was part of several procurement committees for other agencies and for state-wide contracts. These activities were all led by a centralized purchasing group.

In my experience, the purchasing process itself discourages open source software. This isn't through malice, and it isn't even necessarily that management needs someone they can make responsible for problems. It's more of side-effect of the rules established to ensure open and fair use of public money. Other jurisdictions have their own rules with their own quirks, but I'll bet a lot of my experiences are common to others.

For example, in order to be invited to submit a proposal, the vendor usually needs to be on the state's vendor list. The state requires this to be sure that vendors are qualified and legitimate - they don't want some bureacrat's buddy to hijack a bid through inside information. To get on the vendor list, a company must usually approach the state and provide qualification documentation. Large companies have sales and marketing groups that seek opportunities like this. They follow up with whatever is necessary to become a qualified vendor, just for the potential chance to be approached and asked for a bid someday. Open source interests don't have the resources to do this on a wide scale.

Another obstacle for open source is the proposal process itself. When we issued an RFP (Request for Proposal), we typically provided dozens of pages of requirements and specifications. To ensure a level playing field for all vendors, every vendor had to provide a response for every one of our requirements, and every vendor had to rigidly follow every rule: deadlines, format of response, number of copies, and often some sort of up-front money as a performance bond.

As you can guess, responding to an RFP can be expensive. You can't just mail in a brochure with a price list. A compliant response routinely required 50 to 100 pages of information. A response to a major RFP might contain two or three binders full of information, much of it custom-written to answer our specific questions. Even worse, we required that the vendor submit one complete copy for each person on the procurement committee, as many as ten or twelve copies (up to 36 binders total). In other words, responses came in boxes, not envelopes. That's a lot of up-front expense for a slim chance of giving away software.

Other hurdles included mandatory in-person vendor conferences for each RFP, extensive reference requirements, contractual and legal requirements for vendors (are open-source interests prepared to certify EEO, ADA, OSHA, etc. compliance?), and on and on. In short, a massive bureaucracy of rules, regulations, and requirements, all enforced to make sure that the government agency can document that their public dollars are spent fairly and effectively.

The paradox, of course, is that this process is so burdensome, it actually only rarely results in effective use of money. Even worse, because the process is so convoluted, it is more ripe for abuse by insiders who know how to play the game.

The good news is that it is possible to bring open source software into government. The whole procurement mess only takes over when you try to buy products. If someone within the organization takes the initiative to make a decision, to select, download, and implement "free" (as in beer) software, there is no purchase, so there's no purchasing process. For example, while I worked in government, I brought in sendmail and Elm for our e-mail system. (I also had a lot of fun with Nethack, but that's another story.)

If you want to use open-source software in your agency, your best bet is to just do it. The formal purchasing process is heavily slanted towards expensive products from large companies with deep pockets. Your only other hope is getting someone like IBM to propose the open-source software as part of a package of hardware and services.

Cygnus / RedHat Support Models Can Work

[billstewart]

Yes, the "We'll just download it off the internet" model isn't very confidence-inspiring to a government procurement officer, and it doesn't provide the necessary chain of responsibility to get things fixed. Businesses often have similar concerns about using it. But there's a fix for this - Open-souce support companies!

• Cygnus, one of the originals, provided lots of custom support, ports to new hardware, driver development, etc. This model works well for customers that need more customized support. Of course, they've been bought by Red Hat.
  
• Red Hat and similar mass-market operating system packaging companies provide uniform environments for customers that need uniformity rather than customization. It's supported at least as well as Microsoft, because in addition to the random developers in the background, there are people at the packaging company who develop pieces that are needed for the mass-market install&upgrade market as well as doing extensive testing. ... Ok, maybe this is a bit optimistic (:-), but I haven't had Linux crash on me even weekly, compared to at least daily for most Microsoft OS's, and keeping the kernel and the window system separate means that even though I've seldom had a window system crash on Linux, it does much less damage than a Microsoft Windows window system hang, and somehow vi and emacs never carried viruses like Word and Excel, and /bin/mail and its more clueful GUI friends never got into the rampant virus epidemics that Exchange / Outlook get.