Linux in Government: Federal Contracts, a New Era of Competition
Earlier this year, a major open-source event came and went without much community notice and with little media attention. A Cabinet-level federal agency released a software product under the GPL, making it the first tool of its kind to be licensed by the US government free of charge to public and private sector organizations.
Although the Open Source and Industry Alliance praised the effort in a letter to Secretary Elaine Chao, some of us wonder if this kind of event will happen ever again. This story received little to no attention by the media, yet it created quite a stir within the government software vendor community. The backlash might have government officials thinking twice the next time the subject comes up.
Opportunities seem rare in the case of the government releasing GPL software. First, the government wants industry to bring solutions to government problems rather than have government agencies develop their own software. That makes it difficult for procurement officials to find their "best value proposition". Secondly, open-source vendors do not have the funds, organization and alliances to educate procurement officials the way proprietary firms do. So, government agencies buy licensed software products almost universally.
So, when a government agency does put GPL software on a Web site and let people download it for free, that's an important milestone. It's not one we should take lightly.
Peter Gallagher, of DevIS worked diligently for several months to have the first federally funded GPL project released. When he finally saw light at the end of the tunnel, he realized he achieved his goal but not without a high degree of difficulty. It took nine months of negotiations, extensive legal fees and many sleepless nights--a high cost for a small business. He still wonders if he created a model agencies can follow in the future. Peter explains:
Our experience working with the Dept. of Labor to have our work released under an OSS license was telling. Here we are talking about software development that was funded by the government as opposed to buying a license in an existing product. The Federal Acquisition Regulations (FAR) have something called "Rights in Data" that are part of any Federal contract. The basic clause says authors generally have the right to their copyright--this applies to a research paper as well as software although it does get complicated.
To release under the OSS license you need to have a copyrighted work, and the government generally does not create copyrighted works. So in the case of the DoL, DevIS transferred our copyright to the DoL who released the work. I think it would have been easier to just have us release the code directly as a small business. Developing the copyright transfer document cost us over $20,000 in legal fees but in this case our customer, the DoL, wanted the responsibility. The important thing for us was that a product we developed, primarily with federal funds, was now released on a .GOV site as OSS.
Companies should be able to release such code without difficulty. When DevIS requested its copyright, the customer hesitated and decided not to release the copyright. That began rounds of negotiations, which ended with DevIS giving the copyright to the DoL, which in turn placed the product under the GPL, albeit awkwardly. You can download the software after you agree to the license and register with the agency--not exactly a FLOSS approach.
Many of us seem confused about the federal government's ability to fund, copyright and release code under the GPL. I discussed this topic with a number of people who pointed me to the United States Code, Title 17, Chapter 1, Section 105. It states:
Subject matter of copyright: United States Government works: Copyright protection under this title is not available for any work of the United States Government, but the United States Government is not precluded from receiving and holding copyrights transferred to it by assignment, bequest, or otherwise.
In many cases, assuming the software is not proprietary, the work is available to the whole government for unlimited use and it falls under the public domain. Public domain materials can be requested by anyone, but in practice the people who know about an internal government project are limited. Thus, being available to the public does not mean anyone would know to ask [for it]. So is it really public?
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- Open-Source Project Secretly Funded by CIA
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Humble Hacker?
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide