Preliminary comments on Royal Decree 4/2010, on the National Interoperability Framework

03-April-2010

On 29 January this year, the Spanish Official Bulletin published Royal Decree 4/2010, of 8 January, which regulates the National Interoperability Framework in the field of Electronic Government.

Interoperability

This RD 4/2010 is interesting in two respects. Firstly, its main objective is to determine the criteria for security, standards (standardization) and conservation of information systems for Public Administrations, in order to ensure the “organizational, semantic and technical interoperability of data, information and services”. Therefore this RD establishes a detailed regulatory framework for the National Interoperability Framework, implementing Law 11/2007, of 22 June, on electronic access of citizens to public services (LAECSP).

As stated in this Decree, interoperability is "the ability of information systems and procedures to which they provide support, to share data and exchange of information and knowledge amongst them." And for that, the RD establishes a set of common criteria, including the use of open standards, modular architectures, multiplatforms, and publication of administrative information inventories and the exchange of data models, the use of interoperable electronic signatures, etc.

Open Standards

In this part of the RD, what is of interest is the obligation attached - in almost all circumstances, and perhaps the RD here fails to achieve full openness - to use open standards, for example, for documentation and services, in non-discriminatory conditions. The use of non-open standards is limited to cases in which "there is no available open standard that would meet the functionality satisfied by the non-open standard in question" and only "while this functionality is not availible." In other words, there seems to progress from the previous position (the use of open standards as well as those "which will be generally used by citizens"), because the new framework delimits the circumstances of use of those that are not open.

The definition of open standards (always a subject of debate) reflects that established as by the LAECSP: as being "one which meets the following conditions: (a) is public and its use is available free or at a cost which does not imply any difficulty to access, and (b) its use and application is not conditional upon payment of an intellectual or industrial property”. This is not an ideal definition, as it argues that an open standard also requires that there has been transparency and participation in the standardization process, but at least it does not talk about the “RAND” (reasonable and nondiscriminatory access) conditions.

We shall see exactly how this will be implemented in practice.

Release and reutilisation of software

The other interesting element of this Royal Decree (the bit that is more interesting to me, from a free software perspective), is chapter VIII "Technology Reutilisation and Transfer." This chapter develops on Articles 45 and 46 of the LAECSP, as well as Additional Provisions 16 and 17 of Law 56/2007 of 28 December, on Measures to Promote the Information Society (LISI). Basically, it confirms the possibility for the Public Administration to release applications under free software licenses (or "open source") and under what conditions. But it adds some interesting details.

The LAECSP confirms the possibility of sharing between Administrations (without needing formal agreements) computer programs of their own property (i.e. not talking about third party programs), as well as the possibility of "declaring" these as "open source". The Real Decree specifies the conditions under which the PAs may release these applications.

Firstly, the objective of any release will be to benefit from use and reuse of software (in the context of NIF, the use of a same application by two administrations ensures interoperability of the data and systems). This is also one of the goals of the free software movement.

A second objective is to protect the program against its "exclusive appropriation by third parties." Read, "use a copyleft license." This is reinforced by Article 16.2, which lists the rights that the PA should guarantee, including

   - Running the program for any purpose (usage rights without discrimination)

   - Knowing your source code (the distribution cannot be only in a binary form)

   - Modifying or improving the program (the right of conversion)

   - Ensuring that it can be redistributed to other users with or without changes, ensuring that the derivative work retains the same four safeguards (i.e. the right of reproduction, modification and distribution or public communication, but subject to conditions that we call "copyleft")

The latter criterion thus obliges the Administration to use a copyleft license, i.e. stating that the recipient/licensee of the code must use the same license or a similar one and which is compatible, in the event of redistributing the program or an improvement or transformation (derivative work) thereof. It therefore guarantees the "freedom" of the code at all times.

Currently, we can think that the GPL, CPL, Eclipse PL, Mozilla PL, OSL and LGPL (and others of the same style, in its various versions) meet this criterion: they all have a degree of copyleft on the code released and for their derivative works (but with different effects in terms of composite works which include this code, or for works uses this code ...a debate that we will not enter into here).

In paragraph 3 of the same Article 16, the RD states that the PA should "attempt" to use the European Union Public License (known under the acronym EUPL), but without prejudice to other licenses that guarantee the same rights. That is, the preference would be for the EUPL, but the Administration may use another with copyleft for example like the GPL (as was done by the Catalan Government for the "EinesTIC" suite). The EUPL 1.1. is a license drafted at the European Commission's request for the release of the Commission's software as well as any other software. It is recognized as "Open Source" by the Open Source Initiative. It is more appropriate for the "European" legal framework and has an annex of specifically compatible copyleft licenses including the GPLv2, the OSL 3.0, Eclipse / Common PL and French license CeCILL (allowing the use of the EUPL1.1 software in or by code under these licenses).

The idea of ​​using a copyleft license seems to be to ensure that if someone uses a code released by the Administration, for example to create a better or more complete application, he/she is not entitled to "sell" it back to the Administration (provided it is a "derived" work): it must re-distribute this improvement (to the same Administration or any other) under the terms of a free/open source licence.

While understanding these objectives, this philosophy is not necessarily shared by all: with a permissive license, the code of the administration will always be available to the public, so no one can "close" the code originally released. But it is true that this does not necessarily guarantee that derivative works (improvements, adaptations, etc.) of this code will be made available. However, a release of a copyleft licensed program may also be a disincentive for consultants and solution providers, who may be reluctant to work with this code in circumstances where improvements must be free (not jus the part that is owned ​​by the Administration, but the results of their efforts for improvement or adaptation).

Directories

Finally, Article 17 of the Royal Decree implements the obligation established in LAECSP to create directories of applications (federated at national level and internationally) to enable the free reuse of this software. It is understood that these directories are within the public Administration – they are not necessarily directories open to all.

Paragraph 3 goes beyond the LAECSP and states that Public Administration should "take into account the solutions available for free reuse that can fully or partially meet the needs of new systems and services or for the improvement and updating of those already implanted”. I understand then that before purchasing a new solution or improving an existing one, an Authority should consult these directories to see "what is there". Should they also consult open repositories like Sourceforge, Freshmeat or Google Code? It will be interesting to see how they implement this obligation: what internal processes are established. Besides, a decision could be attacked from one Administration to purchase a non-free software (or a development that uses non-free systems - operating systems or databases), because there exists other free with the same benefits, which "have not taken into account "?

Finally, in section 4, another novelty: Administrations must ensure the publication of software code, under development or completed, in the software directories set up for free reuse "in order to promote actions to share, reutilise and collaborate for the benefit of improved efficiency”. The publication of completed applications (although an application is rarely "finished!") and which have some stability and security levels and certification makes sense in light of the preceding paragraphs.

What is interesting is the publication of code in development phase: the opening of the development process to other administrations appears to be a form of incentive to implementat the free software development model (open development, progressive, incremental, modular) in Public Administration. Through this, other administrations can download the code posted and start doing their own versions and upgrades. It does not specify if the directory must have version control tools, management of Bugs, and third party "commit" processes, to enable other administrations to participate in the development. Once again, we will wait to see how this system works, especially for example in cases where a private provider of the Administration is responsible for managing the application development, and how it will manage the risks and responsibilities.

Conclusions

In summary, although the Royal Decree does not establish any "preference" for the acquisition of software products based on free / open source licenses, it does propose improvements for use within the Administration and above all for the reuse and freeing of the public administration software.