Law and technology

Preference vs protectionism

Labour MP Clare Curran has entered the Kiwi Jobs Bill into the private members’ ballot. The bill aims to “determine whether the NZ Government can have a policy that gives preference to local procurement without breaching our international trade obligations”. The bill would apply to IT procurement, which has prompted some differences of opinion from the industry. For something as universal as IT, anything that is simply protectionist would be irrational and detrimental. But an increase in transparency and the promotion of open standards (if the Bill does that) would be welcomed.

IT & the new Limitations Act

Under the Limitation Act 1950, the general rule is that a person cannot bring a claim in contract or tort more than 6 years after the cause of action arose. As a result, business records (including electronic data) should generally be kept for at least 6 years (although other acts impose specific rules, for example 7 years for certain accounting information under the Tax Administration Act). However, over the years many quirks and wrinkles have been introduced into the picture, resulting in some uncertainty.

A replacement Limitation Bill received its first reading earlier this month. The bill tidies up and simplifies limitation periods. Importantly, it proposes to introduce (for most matters) a “longstop” limitation period of 15 years. As a result, prudent businesses will want to keep some records for 15 years. This sounds like a very long time and, of course, raises some practical issues, but expanding storage capabilities mean disk/cloud space should not be burdensome for most businesses. However, there can be a downside to keeping records – in that they may be discoverable in litigation – so this rather dry subject does require some thought in each case.

Record keeping risk?

On a related note, a new survey shows that most Kiwi businesses do not have documented procedures for recovering from an IT disaster. Besides the business interruption risk, there could be significant third-party legal risks from a catastrophic data loss. For example, a firm that has assumed responsibility for holding records for clients (e.g. accountants, architects, engineers, lawyers, etc) could be liable in negligence for their clients’ business interruption following the record-holder’s data loss, in certain circumstances.

ISP search concerns

Is the Copyright (Infringing File Sharing) Bill a wolf in sheep’s clothing when it comes to secret surveillance? Civil liberties lawyer Michael Bott thinks so, and wants better notification requirements for electronic searches.

Computerworld reports:

A requirement that a component of a government IT tender be open-source has sparked debate on whether such a specification is appropriate.

The relevant part of the RFP (for the State Services Commission) puts the requirement as follows:

We are looking for an Open Source solution. By Open Source we mean:

• Produce standards-compliant output;
• Be documented and maintainable into the future by suitable developers;
• Be vendor-independent, able to be migrated if needed;
• Contain full source code. The right to review and modify this as needed shall be available to the SSC and its appointed contractors.

The controversy is whether this is a mandate of open source licensing (which it isn’t). The government should not mandate open source licensing or proprietary licensing on commercial-line tenders. More precisely, it should not rule solutions in or out based on whether they are offered (to others) under an open source licence. The best options should be on the table.

The four stated requirements are quite sensible. As the SSC spokesman said, there is nothing particularly unusual about them in government procurement. These requirements (or variations on them) are similarly common in private-sector procurement and development contracts. In the public sector in particular though, vendor independence and standards-compliance help avoid farcical situations like the renegotiation of the Ministry of Health’s bulk licensing deal.

Open standards and interoperability in public sector procurement is gaining traction around the world. Recently, the European Union called for “the introduction of open standards and interoperability in government procurement of IT”. And in the recent UK election, all three of the main parties included open source procurement in their manifestos.

So why the controversy in this case? Most likely it’s the perhaps inapt use of the term “open source” in the RFP (even though the intended meaning is clarified immediately afterwards). The term “open source” is a hot-button word that means many things to many people, but today it generally means having code licensed under a recognised open source licence, many of which are copyleft. Many vendors simply could not (or would never want to) licence their code under such a licence, and it would be uncommercial and somewhat capricious for a Government tender to rule out some (or even the majority of) candidates based on such criteria.

However, it is clear that the SSC did not use the term in that context, and does not intend to impose such a requirement. An appropriate source-available licence is as capable of meeting the requirements as an open source licence (see my post on source available vs open source). The requirement for disclosure of code to contractors and future modification can be simply dealt with on standard commercial IP licensing terms.

A level playing field for open and proprietary solutions is the essential starting point, with evaluation – which in most cases should include open standards and interoperability – proceeding from there.

Technology policy and law is featuring prominently in the UK election campaign currently underway, with issues such as cloud computing, open source procurement and data protection finding their way into manifestos:

• Lib Dem manifesto focuses on ‘better’ IT procurement

“The Liberal Democrats’ election manifesto published today (14 April) called for improved government IT procurement, including the use of cloud computing and open-source software.”

• Tory manifesto: We will freeze new government IT spend

“The Conservative party has reiterated its plans to freeze major new IT spending and make changes in government procurement in its election manifesto… The Tories also pledged to create a “level playing field” for open source IT in government procurement, and to break up large IT projects into smaller parts to enable SMEs access to contracts.”

• Labour manifesto’s IT pledges: A triumph of hope over experience?

Labour repeatedly highlighted the importance of IT in its election  manifesto, which was launched today, but made few new IT-related promises.
The Labour Party stands on strengthening the digital economy, using open source in government IT …

• Election 2010: Pirate Party on tech (which deserves a mention as a tech-specific party!)

“Despite the name, the Pirate Party isn’t just about file sharing. Yes, it wants to ensure a right to file share, as well as format shift – such as moving songs from CDs to iPods, which is currently technically illegal. It also wants to cut copyright from 70 years to 10 and put labels on products to warn of the “defect” of DRM… On top of that, the party would ban spying on communications, end “compulsory ID cards” and toughen up data protection laws.”

More links on tech policies from: the SNP and Plaid Cymru, and the Greens.

Clearly, IT is figuring much more prominently in the upcoming UK election than in New Zealand’s last election in 2008. One reason is that the UK has suffered a number of major IT project blow-outs in recent years (such as the disastrous £12.7 billion NHS National Programme for IT) that have basically become minor election issues.

There are signs that technology is featuring more prominently in New Zealand’s political scene, though hopefully this will not be due to scandals over failed government IT projects.

However, the cynical last word must go to the Inquirer:

In short if you want to vote for someone on the basis of their enlightened IT policy you would be better off spoiling your ballot.

IT industry supports ban on software patents

InternetNZ, the New Zealand Computer Society and the New Zealand Open Source Society issued press releases yesterday in support of the ban on software patents:

• InternetNZ agrees – no to software patents
• ICT Profession Supports Removal of Software Patents
• NZ Open Source Society Congratulates Government on Patents Bill Stance

The Labour Party also issued a press release supporting the decision and Minister Simon Power’s earlier endorsement:

• Software exclusion will encourage Kiwi innovators
• Power to delete software patents

Meanwhile law firm Chapman Tripp issued a press release criticising the decision:

• Excluding Software Patents Will Stifle Innovation

Privacy Commissioner slams Google’s “experiment”

New Zealand’s Privacy Commissioner, Marie Shroff, has criticised Google Buzz as being a “commercial experimentation on New Zealanders and other internet users, involving the release of significant personal information”:

[Google's actions] violated the fundamental, globally accepted principle that people should be able to control the use of their personal information.

The comments follow Ms Shroff’s signing of a joint letter to Google, stating:

It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world.

These comments, including constructive requests that organisaions collects and process “only the minimum amount of personal information necessary” and create “privacy-protective default settings”, are admirable. Ms Shroff does a great job in standing up for New Zealanders’ privacy rights.

The difficulty, as I have written previously, is that people happily trade privacy for functionality. Millions of people willingly pour personal information into different websites every day. To what extent can Google be criticised for finding new, creative uses of information it has been willingly given, in accordance with terms agreed to by users? And to what extent is it necessary or right for governments to intervene?

Open standards in Government procurement

Earlier this year I commented that “the Government must properly mandate open standards and multi-vendor capable solutions for future state-sector IT procurement”.

European Union ministers have now called for “the introduction of open standards and interoperability in government procurement of IT”. This comes as part of an ongoing development of procurement frameworks.

The report states that some groups claim the proposal has been “so watered down due to intense lobbying by the proprietary software makers, to such an extent that the document will have no impact on the market”. Other industry groups have praised the proposals as “well balanced”.

Today’s report of the “successful” renegotiation of the Ministry of Health’s bulk licensing deal with Microsoft provides a text-book example of why the Government must properly mandate open standards and multi-vendor capable solutions for future state-sector IT procurement. From the article:

Mr Hesketh says the health sector is paying slightly more for software licences under the new three-year agreement. …

“We got the best possible deal out of Microsoft we could have got at this time.” …

The commission has encouraged government agencies to investigate alternatives to Microsoft products, including open-source software, but this was not an option for the sector as Microsoft is heavily embedded in its infrastructure, says Mr Hesketh.

There is no suggestion that Microsoft software is not perfectly suitable, and in all likelihood the best, choice for the Ministry at present time. But it makes a mockery of the idea of “renegotiating” a deal when an alternative supplier is, by the purchaser’s own admission, “not an option”. By definition, monopolies do not compete. At least when there is a viable alternative (even if not an ideal one), it enables price and other such factors to be negotiated to some degree and a competitive assessment to take place. Not so in a one horse race.

Nor would it be fair to criticise the current management for the single-vendor dependent situation it finds itself in. In fact, it is very likely that Microsoft was the best choice at all relevant times in the past, resulting in the current situation through no fault of anyone (and commendably smart business and great products by Microsoft). The point is that it provides an example (if another is needed) of why proprietary lock-in in the taxpayer-funded (public) sector should be avoided where possible going forward.

It would be interesting to hear some further explanation as to how the MoH can possibly claim the outcome as a “win”, when the result was it ended up paying more than the old deal – especially when the State Services Commission all-of-government negotiations broke down over price.

The article says the “win” claimed by the MoH is that each department did not need to “go through their own legal process of vetting the agreement and doing the negotiation process. We did that once rather than 24 times”. This is a highly dubious claim for several reasons:

• In what way were the “negotiations” possibly going to be different for each department? A supplier in a monopoly position, who has already hard-balled the biggest Government procurement agency, is hardly going to negotiate 24 much smaller deals. The commercially sensible premise is “take it or leave it”.
• If the SSC had no ability to leverage on price, there is no basis for claiming as “savings” the cost of not negotiating 24 much smaller sub-agency agreements.
• The “marginal cost” of legally vetting an agreement of the type negotiated here should not be significant for a lawyer familiar with software procurement and licensing issues. 90% of it would be boilerplate, standard terms and disclaimers (see The allure and illusion of commercial software support). If the agreement was identical to an already “vetted” version, as would seem likely, the marginal cost would be around zero.

Equally as dubious is the claim that the deal allows “licences to be transferred between the participating health sector agencies at no extra cost should they be reformed or reconfigured”. How much of a benefit is this? Let’s see:

• The standard EULA’s in Microsoft Office 2007, SQL Server 2008 and Windows 7 Ultimate (to pick 3 examples) allow no-cost transfers to a third party.
• At law, the benefits of a contract can (generally) be transferred freely “by default”.
• In the case of any statutory reforming / reconfiguring departments, legislation is able to deal with assignment of assets (including intangibles) to the new entities.

So how is the free transfer of licenses, already provided for in the standard EULA’s, regarded as a “win”?