Law and technology

Computerworld reports:

A requirement that a component of a government IT tender be open-source has sparked debate on whether such a specification is appropriate.

The relevant part of the RFP (for the State Services Commission) puts the requirement as follows:

We are looking for an Open Source solution. By Open Source we mean:

• Produce standards-compliant output;
• Be documented and maintainable into the future by suitable developers;
• Be vendor-independent, able to be migrated if needed;
• Contain full source code. The right to review and modify this as needed shall be available to the SSC and its appointed contractors.

The controversy is whether this is a mandate of open source licensing (which it isn’t). The government should not mandate open source licensing or proprietary licensing on commercial-line tenders. More precisely, it should not rule solutions in or out based on whether they are offered (to others) under an open source licence. The best options should be on the table.

The four stated requirements are quite sensible. As the SSC spokesman said, there is nothing particularly unusual about them in government procurement. These requirements (or variations on them) are similarly common in private-sector procurement and development contracts. In the public sector in particular though, vendor independence and standards-compliance help avoid farcical situations like the renegotiation of the Ministry of Health’s bulk licensing deal.

Open standards and interoperability in public sector procurement is gaining traction around the world. Recently, the European Union called for “the introduction of open standards and interoperability in government procurement of IT”. And in the recent UK election, all three of the main parties included open source procurement in their manifestos.

So why the controversy in this case? Most likely it’s the perhaps inapt use of the term “open source” in the RFP (even though the intended meaning is clarified immediately afterwards). The term “open source” is a hot-button word that means many things to many people, but today it generally means having code licensed under a recognised open source licence, many of which are copyleft. Many vendors simply could not (or would never want to) licence their code under such a licence, and it would be uncommercial and somewhat capricious for a Government tender to rule out some (or even the majority of) candidates based on such criteria.

However, it is clear that the SSC did not use the term in that context, and does not intend to impose such a requirement. An appropriate source-available licence is as capable of meeting the requirements as an open source licence (see my post on source available vs open source). The requirement for disclosure of code to contractors and future modification can be simply dealt with on standard commercial IP licensing terms.

A level playing field for open and proprietary solutions is the essential starting point, with evaluation – which in most cases should include open standards and interoperability – proceeding from there.

IT industry supports ban on software patents

InternetNZ, the New Zealand Computer Society and the New Zealand Open Source Society issued press releases yesterday in support of the ban on software patents:

• InternetNZ agrees – no to software patents
• ICT Profession Supports Removal of Software Patents
• NZ Open Source Society Congratulates Government on Patents Bill Stance

The Labour Party also issued a press release supporting the decision and Minister Simon Power’s earlier endorsement:

• Software exclusion will encourage Kiwi innovators
• Power to delete software patents

Meanwhile law firm Chapman Tripp issued a press release criticising the decision:

• Excluding Software Patents Will Stifle Innovation

Privacy Commissioner slams Google’s “experiment”

New Zealand’s Privacy Commissioner, Marie Shroff, has criticised Google Buzz as being a “commercial experimentation on New Zealanders and other internet users, involving the release of significant personal information”:

[Google's actions] violated the fundamental, globally accepted principle that people should be able to control the use of their personal information.

The comments follow Ms Shroff’s signing of a joint letter to Google, stating:

It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world.

These comments, including constructive requests that organisaions collects and process “only the minimum amount of personal information necessary” and create “privacy-protective default settings”, are admirable. Ms Shroff does a great job in standing up for New Zealanders’ privacy rights.

The difficulty, as I have written previously, is that people happily trade privacy for functionality. Millions of people willingly pour personal information into different websites every day. To what extent can Google be criticised for finding new, creative uses of information it has been willingly given, in accordance with terms agreed to by users? And to what extent is it necessary or right for governments to intervene?

Open standards in Government procurement

Earlier this year I commented that “the Government must properly mandate open standards and multi-vendor capable solutions for future state-sector IT procurement”.

European Union ministers have now called for “the introduction of open standards and interoperability in government procurement of IT”. This comes as part of an ongoing development of procurement frameworks.

The report states that some groups claim the proposal has been “so watered down due to intense lobbying by the proprietary software makers, to such an extent that the document will have no impact on the market”. Other industry groups have praised the proposals as “well balanced”.

Don’t forget the domain names

Securing key domain names likely to be associated with a venture is business-101. Unfortunately for Tourism Australia, they launched their new “Nothing like Australia” campaign without registering www.nothinglikeaustralia.net, which has now been setup as a spoof site. They are now investigating legal action against the site for alleged misuse of a trade mark.

This raises the question of whether parody is a defense to trade mark infringement (for a local situation, see here). In New Zealand, there is no specific parody defence in the Trade Marks Act 2002, although a trade mark must generally be used “in the course of trade” for infringement to occur. A 2007 case, Solid Energy New Zealand Ltd v Mountier raised the question of whether use of a trade mark was use “in trade”. It found that the parody was not “in trade” for the purposes of the Fair Trading Act 1986, but did not reach a conclusion on the trade mark aspect. It also found that the trade mark owner had an arguable case for “exclusive use” of the trade mark, which (assuming a broad application what is “use”) would seem to prevent a parody defence. Whether or not the Bill of Rights Act 1990 (section 14) would override that is yet to be seen.

Cost of world-wide advertising campaign: AUD$150 million. Cost of not registering obvious domain names: $19.95. Parody site: priceless.

Gene patent ruled invalid

For the first time in the US, a judge has ruled that a human gene patent was invalid. This casts doubt on the validity in general of gene patenting in the US, the key market for biotechnology.

New Zealand’s in-progress Patents Bill (reported back from select committee last week) does not expressly exclude gene patents. It does exclude patents contrary to morality, which cover some biotechnology applications. However it does add a requirement for “usefulness”, which will prevent gene-related patents from being granted when no specific use has been discovered or disclosed (as has happened previously). But the value of a gene patent in a particular market is of questionable value, if it cannot be patented in key worldwide markets. The US case (which is sure to be appealed) is therefore of major importance to the biotechnology industry worldwide.

Online health records coming to New Zealand

2014 has been set as the target date for an online national health records system in New Zealand. Meanwhile, ISO (the International Standards Organisation) recently released new standards on electronic health records. From the press release:

Together, the two documents provide a powerful comprehensive solution to address e-health data integrity, including ethical and legal concerns, privacy protection, regulations concerning access and disclosing of records among other needs specific to the industry.

It will be interesting to see if the New Zealand programme achieves ISO compliance from the outset. The Privacy Act 1993 requires that reasonable safeguards be used to protect personal information, and in the case of service providers, that “everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of the information”. It would be difficult to argue that failure to acheive “reasonable compliance” with an ISO standard (representing best, or at least good, practice) meets that standard.