Recently in IT legal developments Category

Open standards: UK dithers over royalty question

| No Comments
| More
Prime Minister David Cameron - Reform - backwards.pngUK and Portugal are both about to decree a list of open standards that must be used in all public computer systems. But while the UK is still trying to decide what an open standard is, Portugal has already passed a definition into law.

The UK has been paralysed by disagreement over the matter. The crux has been whether an open standard should permit royalty payments - whether an open standard should be both free as in speech and free as in beer.

Portugal answered the question by fudging it. The British Standards Institution, backed by the International Standards Organisation (ISO), has been pressing the UK to do the same. If it gets its way it would force the coalition government into a damaging reversal.

BSI has been in a face-off with Cabinet Office over its definition of open standards since May. They met last Tuesday. But neither twitched. The problem remains unresolved, even after the publication Friday of a progress report on Cabinet Office's ICT Strategy.

Cabinet Office can't back down without either conceding defeat or admitting it made a dreadful mistake. It made the UK definition of an open standard official in February. Open standards became the keystone of its ICT Strategy in March. They have long been the fulcrum of Prime Minister David Cameron's rhetoric on government IT failures and the Big Society.

Crisis

But it poses an existential crisis for BSI. It lives off money it makes selling access to standards specifications. It supports companies who want to claim royalties from people who need to interoperate with their devices. It can't back down without a game-changing modification of its business model.

Their differences seem irreconcilable. Then late last week, BSI took an interest in Portugal's Open Standards Act, which passed with cross-party support in May. BSI thinks Portugal might show a way out. Don't count on it.

Portugal's approach appeals to standards traditionalists and the software patent lobby because it is vague. It is vague enough not to offend those who don't want open standards, though that does depend on your definition of an open standard.

Portuguese flag.pngBSI thinks an open standard is what Portugal's Open Standards Act says it is: something formulated through an open process, described in a specification that is freely available, comprised only of parts that are also freely available and for which intellectual property rights are made available to the state "fully, irrevocably and irreversibly", with no restrictions to its implementation.

Free, in other words as in speech. But not as in beer. It introduced no explicit prohibition on royalties.

Sand in the oyster

Open Forum Europe, an industry group campaigning for open source software and open standards, said last week this was "one of the most enlightened laws of its kind in Europe".

Portugal does claim to favour royalty-free standards. But its law leaves a lot to the imagination - and to the discretion of those civil servants responsible for implementing it.

Gonçalo Caseiro - AMA.pngGonçalo Caseiro, board director of Portugal's Agency for Administrative Modernisation (AMA) with responsibility for implementing the Open Standards Act, told Computer Weekly the government's official preference is for royalty-free standards.

His office has discretion over what standards are officially deemed open standards and, like the UK, is drawing up an official list of them.

"The standards we are choosing now are 99 per cent royalty-free," he told Computer Weekly.

He also has discretion over an exception clause. If a public body thinks it has no choice but to use a standard deemed non-open under Portuguese law, it can ask Caseiro for permission to use it. He will err on the side of open.

Yet Portugal's law is "enlightened" only as long as Caseiro is himself. His administration's preference for royalty-free standards may change.

Then it will become apparent that Portugal's definition has been circumscribed by monopolistic interests. This is tragic from the point of view governments assumed when formulating these rules: that they were pulling down barriers software suppliers build with proprietary standards in technology markets.

European policy initiatives have conjured an image in which trade barriers such as import tariffs become a metaphor for royalties on standards. They say mandating open standards will save public money, and promote innovation and competition; and then fail to mandate open standards. Portugal's definition appears no more "enlightened" than that implemented in the most recent version of the European Interoperability Framework (EIF), the lowest common denominator set last year in Brussels.

Royalty-free caveats

One of the most progressive examples of this policy is to be found not in Portugal but the UK: in the bold definition Cabinet Office sent to procurement officers across the entire public sector in February.

The UK said open standards must be royalty-free. It was, as good as damn it, a clean statement of definition.

Portugal compromised its definition with caveats to placate those seeking to claim royalties on standards. An open standard could be encumbered with royalty claims.

The UK saved its caveats for a separate clause concerned only with rules of implementation: open standards would be used "wherever possible", it said. Standards encumbered by royalties might in other words be permitted in public systems if there were no choice. But those standards would not be deemed open by the UK definition.

Computer Weekly understands BSI liked Portugal's exception clause. If the UK clarified the loose exception built into its "wherever possible" caveat, BSI might see a way forward.

Tim Berners-Lee.pngBut it would not be satisfied. Portugal's definition has given BSI hope that UK's definition might also encompass those standards encumbered with royalty claims - charged at the "reasonable" rate determined by RAND patent terms, as they were explicitly under EIF. BSI wants royalties written into the UK definition explicitly.

Cabinet Office seems to have got itself in a twist. The issue is so much simpler when seen from the perspective of the source of its enlightenment, Sir Tim Berners-Lee's World-Wide Web Consortium (W3C).

New and old testaments

W3C attributes the Web's success to Berners-Lee's making his intellectual property rights to the Web royalty-free in 1993. It demands members sign away royalties if they want to contribute to its standards. Royalties, says its promotional office, place too great burden on a standard.

This is what European governments had in mind when they started talking about a freely interoperable market of public sector computer systems and getting on the open standards bandwagon.

Things are not so simple when you delve into the nuts and bolts of the internet. But nearly. The Internet Engineering Task Force, the forum where internet standards are agreed, has no hard and fast rule on royalties.

Jorge Contreras - IETF and ISOC - legal council.pngJorge Contreras, IETF attorney, told Computer Weekly it had instead a strong royalty-free culture.

Its contributors were mainly hardware suppliers with strong traditional interest in patents. It was moreover fifteen years old. It's processes were established with different parameters than the naturally less encumbered software preoccupations of the W3C. They were well established, and not likely to change, said Contreras. It nevertheless required companies contributing to internet standards disclosed their terms.

"If engineers are uncomfortable about the terms they will design around it. Companies who don't want their patent designed around will make it royalty-free," said Contreras.

Fudge

The Internet Society (ISOC), the IETF's incorporated avatar, summed this policy up at last month's Internet Governance Forum in Nairobi. It was similar to Portugal's fudge.

Internet standards would be freely accessible. Specifications would be available without fee or restriction. It would be "possible" for standards to be implemented royalty-free.

But it is, for the IETF, a statement of reality. "Open standards mean a great deal to the IETF. The approach they take to IPR is felt to be the most constructive and the most realistic solution, given all the competing pressures," said Matthew Ford, ISOC technology programme manager.

ISOC does not have a firm grip on which of the IETF's 6,000 Requests for Comment (official forum notices) describe standards encumbered with royalties. Nor if the internet relies on any of those in its fundamentals - whether, that is, the internet is encumbered, or whether it is as pure an enlightened public space as is imagined popularly and in government policy. (The information is there for anyone who wants to trawl for it).

Some hardware standards consortia do adopt explicit royalty-free policies. It is becoming more common, apparently. The Wireless Gigabit Alliance is a recent example. (It had its first plugfest, where members demonstrated pre-release hardware implementations for interoperability under WiGig specifications, on Monday).

Ali Sadri, WiGig Alliance president and Intel's director of 60 GHz standards, said Intel helped found the consortium with the intention of encouraging industry-wide adoption of a royalty-free approach to standards, to plug the drain patent lawsuits had become on innovation.

Ali Sadri - Wireless Gigabit Alliance.png"When there's no concern for IP then the technology will be developed to the best because contributions will be by their quality rather than the [number of] votes a company has to push its own IP into a standard," said Sadri.

"I think Intel is using us as a guinea pig. I have heard they are re-using our policies in other consortia as well," he said.

Bulimic standards institution

The example of these IT consortia should intensify BSI's existential crisis (though only in relation to its IT work, which is insignificant, as we shall see).

A comparison provides useful context for UK policy.

The consortia are typically not-for-profit and often cover their administration costs by charging membership fees to companies that want to contribute to standards. They distribute standards at the "zero or low cost" rates preferred by Cabinet Office and challenged by BSI.

W3C for example doesn't charge implementers of its standards. They are strictly royalty-free. Though it charges corporate contributors, it invites hundreds of experts to develop standards without paying a contributors' fee. It charges only those with a financial interest in shaping the market in their image.

BSI Group claims to be "not-for-profit" on the basis that any money it earns is invested back in the business. It is nevertheless a £235m business dedicated to "growth through acquisition".

BSI Logo.pngIt earns over half its income from certifying companies under things like environmental and safety standards. It has an £18m training business and a £34m testing business. Companies can contribute to its standards free-of-charge. But it charges for access to its specifications. In 2010 it made £46m from the sale of access to 55,000 standards at up to £2,000-a-pop for everything from zoom lenses to food packaging and the .pdf document format.

In 2010 it launched One-BSI, its "platform for accelerated growth". This would involved cross-selling its services. It would sell a standard specification to a customer, then sell training to implement the standard, then charge them for certification under the standard and for software to manage the process.

UKAS Quality Management logo.pngThe consortia have elaborate rules for preventing royalty claimants hijacking their standards. WiGig has made some attempts to outwit patent trolls. Royalties would raise the costs to anyone seeking to implement their standards; these would then from their point of view not be open.

BSI earned £12m from its own royalties and copyrights in 2010. Its gross margin was 50 per cent. It made a £20m Operating profit and generated £35m in cash. It spent £9m on acquisitions of competing certification bodies.

(Big-heads vs. bell-ends)

The 111-year-old BSI is undoubtedly a great British Institution. It's kite-mark, introduced in 1903, may be the only insignia of Britain's imperial age with its reputation still intact. It's a certified international super-brand. But its profit motive and strategy of acquisitive growth raises a question about its opposition to UK IT policy.

The conflict between the old and new standards worlds has been playing out between BSI and W3C as well, though neither might describe it that way.

Governments typically sanction only standards certified by ISO and its national outlets (such as BSI). These bodies have not typically recognised standards developed by consortia like W3C and IETF. Now governments are making more powerful decrees on IT standards, the consortia need approval by ISO and co. The standards bodies meanwhile need to sanction the consortia to stay relevant.

W3C thus submitted its first suite of standards (for Web services) for certification by ISO last month. The terms are royalty-free. IETF is meanwhile waiting for a European Commission edict on consortium standards. Internet standards are not officially sanctioned in Europe. The Cabinet Office open standards definition gave equal weight to standards developed by standards bodies and industry consortia. But it is not yet official.

As Contreras said, engineers tend to work around contributions encumbered with royalties. W3C has perhaps been working round the standards bodies even as it signs licensing deals with them.

It launched a "community process" in August, providing free facilities for a preliminary standards process open to all without charge. The terms are royalty-free.

W3C says it is popular among vertical industry groups for whom internet standards have become important but would not normally have a reason to contribute to the W3C process. BSI may have come across a form of competition it can't acquire.

ISO-compliant world political map.pngSome in the UK have meanwhile grown fearful that the open data movement also championed by Berners-Lee (and adopted by Cabinet Office) will be undermined by profiteers at the Open Data Corporation, which has been incorporated like BSI by the Department for Business, Innovation and Skills, the arm of government that has traditionally dealt with standards.

Computacenter row threatens blockhead end for open source in Bristol

| 1 Comment
| More
IT giant Computacenter has raised the prospect of legal action against a small open source supplier for complaining to Parliament about its "Microsoft bias".

The veiled threat followed a letter sent to MPs on the Public Administration Select Committee (PASC), in which Mark Taylor, chief executive officer of Sirius, described a project involving Computacenter he said exemplified the the government's declamation of large IT suppliers: that they dominated the market and crowded out competiton.

Computacenter stated on learning of the letter it was seeking "advice" because it was "potentially libellous". It now says making such a statement did not in itself constitute a threat.

That depends on your perspective. Mark Taylor, chief executive of Sirius, which with a £2.3m turnover is about one-thousandth Computacenter's size, was scared stiff when he heard about this. Yet if Computacenter did sue him for being a whistle-blower, it may prove his point.

The Parliamentary committee to which Taylor sent his letter is exploring allegations that companies like Computacenter abuse their market power by punishing small suppliers when they don't keep in line.

The big IT suppliers are so powerful, it is said, they control the vast majority of public sector IT, which is done in their commercial interest. That may count as quid pro quo from supplier's perspective. But when that supplier is part of an oligopoly servicing a monopoly, it is a little unfortunate for anything trying to breathe outside that comfortable little world that has become known as government IT.

This must be most upsetting from Computacenter's point of view too. It has a certain Blue-chip reputation it must present to its customers. Anyone trying to daub the façade with graffiti must be firmly stamped on.

Computacenter has declined to say what offence it has taken with Taylor's letter. It is seriously perturbed, however, at being identified as one of the boo-hissstems integrators that are said to treat SMEs so poorly.

The multitude of winds that have whipped up the current bout of government IT reviews and inquiries (in the name of SMEs, agile, procurement reform, open software, open standards and open markets) threaten an existential crisis for the large suppliers.

Microsoft bias?

Wintel laptop.jpegTake for example the question of whether Computacenter has a Microsoft bias. It's like asking if the Pope is a Catholic.

Computacenter built its business selling "Wintel" computers and infrastructure. When it made 30 employees millionaires overnight on the occasion of its 1998 flotation (link: sic), it was thanks to the Wintel computing boom. It has branched out a little over the years: it now does services too: though mostly on farms of Wintel computers for big corporations. And while it has its customers' interests at heart, it is essentially like a great, huffing bull with Microsoft branded on its balls.

Computacenter's boom years were the late 90s when the corporate mantra was economies of scale. Customers got the economies of its scale by buying thousands of Microsoft computers. Now the market has gone sour and the typical contract has become so large that only Microsoft suppliers can satisfy them because only they are large enough.

Sirius discovered this after writing Bristol City Council's ICT strategy this time last year. Bristol was down with its open source angle and adopted its recommendations. Sirius then couldn't pitch for the work because it wasn't on the official procurement lists. It went in with Computacenter but was shown the door, said Taylor's letter to MPs, when he protested over the Microsoft bias CC had put in Bristol's proof-of-concept open source pilot.

It would be a terrible irony if the project failed because Bristol had no choice but to ask a Microsoft reseller to demonstrate how an alternative to a proprietary infrastructure might be feasible. It would also be shameful for Bristol, a City that that has made the Zeitgeist its identity: multicultural, ecological, collaborative, egalitarian, open. That's what people from Bristol say about their own City. So if not Bristol then where?

If Computacenter's pilot finds against open source, more than seven years of work at Bristol would have been for nothing. Bristol's entire infrastructure would be based on infantilising proprietary technology and its vision of being a Digital City regenerated by a small army of creatives up to their arms in collaborative computer code would be somewhat obscured.

To understand how awful that would be, imagine Bristol's vision being one of municipal authority as bountiful Big Society fount, its computer systems built open and spread like nourishing tributaries throughout the City. Or imagine, conversely, great multinational corporations sat atop the globe like gluttonous octopuses, their proprietary software systems sucking the life and inspiration from the computing generation.

You might detect a little bias there. It's merely one point of view, though one Computacenter is unlikely to plaster over mail outs funded by its next injection of Microsoft marketing development money.

Corporate image

That doesn't mean Computacenter can't get with the programme. But Microsoft and its reseller Computacenter, the model of the noughties corporation, represent the antithesis of the Bristol zeitgeist: monocultural, rapacious, tight-lipped, dog-eat-dog, proprietary.

Granted, Computacenter looks fairly enlightened when viewed from within the retarded world of the City of London. In its last financial results, Computacenter chairman Greg Lock proudly declaimed how the corporation had achieved enlightenment: it had adopted the UK Corpote Governance Code, "not simply because we must do so, but rather because it is the right thing to do."

And bravo. Don't worry that the Code's key principles read like the listing for the soundtrack of Thatcher's Britain: "Leadership, Effectiveness, Accountability, Remuneration, Relations with Shareholders".

If a corporation is an organism and the board of directors its brains, the Code is comparable to one of the first great periods of human enlightenment, when prehistoric man first started organising into paternalistic clans governed by power tempered with honour.

It is progress a little in advance of that earlier enlightenment when pre-prehistoric man learned to adulate the heavens. Ug. Heavens: glorious. Me: glorious. You: cower, worm, before my competitive mastery. Though its morality is essentially tribal.

This may explain why Taylor this week accepted a post on an SME board being established by the Cabinet Office to help them tackle the problems they are too scared to air in public. There might be safety under the shadow of reforming minister Francis Maude.

Since Taylor was one of the key players behind both the coalition government's and Bristol's ICT strategies, you would imagine him wily enough to deal with a lumbering corporation like Computacenter on his own. That is assuming Computacenter's Microsoft bias has indeed scuppered Bristol's open source pilot. Both Bristol and Computacenter say the game's not over. Taylor says Computacenter elbowed him out and submitted assessments that had been fixed to favour Microsoft.

After slogging away for 30 years by the rule of Mammon, Computacenter may have just lumbered innocently into the midst of a political thorn bush. It might now look up and see how much is riding on Bristol's pilot. It's failure will mark the failure not just of Bristol's ICT strategy but of Maude's and Taylors.

Computacenter would do well to back up and consider while licking its wounds how the idea of software freedom has taken hold in mainstream politics. If it does anything else it will end up looking like the ignorant box shifter it has long tried so hard not to be. Why not give Bristol what it wants?

EC concludes backroom deal with Microsoft

| No Comments
| More
The European Commission has renewed software licences worth up to €50m with Microsoft for another three years after opting not to open the business to competition.

The Commission is expected to announce the deal next week in written answers to questions raised by members of the European Parliament over the purchase of Microsoft software without a competition.

The Commission justified doing a back-room deal, called a negotiated procedure, with Microsoft because it claimed that under Article 126 of the European Financial regulations an upgrade of Microsoft XP to the latest Windows 7 operating system on over 36,000 PCs across the EC and another 54 European agencies would be deemed no more than "a partial replacement" or "extension" of existing software installations.

Further justification was claimed under the same regulation because changing from Microsoft to another software supplier would force the EC to acquire software with such different technical characteristics that it "would result in incompatibility or disproportionate technical difficulties in operation and maintenance".

The Commission will tell Mary Honeyball, Labour MEP for London, and Bart Staes, a Belgian MEP for the Greens, that criticisms of the deal are unfounded.

The deal is justified under European law, it will say, asserting claims it is trapped or "locked in" to buying Microsoft are untrue. It will also claim it supports interoperability standards prized for the way they facilitate a change of computing platforms without raising those difficulties the Commission has used to justify its negotiated deal with Microsoft.

It will answer criticism from open standards campaigners by stating commercial software operators such as Microsoft are capable of creating interoperable software. But it will not seek to claim their software actually is interoperable. It is still fighting Microsoft in court over a 2004 penalty it imposed on the firm for preventing competitors from interoperating with its ubuquitous Windows software platform. Since competitors were unable to access communication protocols used by Microsoft network server software, they were prevented from producing alternative products (notably Samba) that customers could slot in to the corporate network ecosystem dominated by Microsoft.

Microsoft took the European Commission to court this week to appeal a record €899m fine the Commission imposed in 2008 for failing to comply with a 2004 order to make its software interoperable. Microsoft did not contest the 2004 anti-competition rap this week, said reports. It merely claimed the terms of the 2008 fine were unfair because it was not given clear directions about what it must do to comply with the 2004 interoperability order.

While claiming the anti-competitive uninteroperability of Microsoft's software should justify its purchase without a competition, the Commission will attempt to further justify its Microsoft deal this week by claiming its expenditure with Microsoft is trifling in comparison with its total IT budget.

The software licence deal neither involves paying Microsoft money or committing to purchase any software. But the deal sets favourable terms of purchase that are used to formulate actual exchanges of money that the licensing regime makes a forgone conclusion.

The Commission's last negotiated deal with the software giant, a 2007 software licence agreement that runs out on Tuesday, was consummated with a €49m deal with Microsoft reseller Fujitsu in 2008.

The deal does however involve paying money direct to Microsoft, again using a back-room negotiated procedure. The Commission allocated €44m for payment to Microsoft on 5 May for the provision of  software support services, a move it said in the award notice was justified because no other company could provide such services for the support of Microsoft software.

In December, the Commission decided  in a series of closed meetings that it would use its renewed Microsoft licences to upgrade its computers from the Windows XP to Windows 7 platform.

The software licence deal also secured licenses for other Microsoft software, including its SharePoint content management system, server software of the sort subject to the 2004 anti-competition case, database and security software.

The Commission will say next week that it's decision to buy Microsoft licences was separate from its decision to upgrade its computers to Windows 7. The licence that ran out this week would have accommodated the upgrade and the EC could have chosen to do it at any time. But the administration would have been unable to continue using what Microsoft software it did have if it did not conclude another licence deal before 1 June.

The licensing agreement requires European agencies to purchase their Microsoft software through Fujitsu under another contract that has also been the subject of some controversy. Fujitsu was appointed after the Commission held a competition for a "Microsoft" reseller. It is usually forbidden to specify a trade name in a procurement call. Open Forum Europe (OFE), a campaign group, said this week 13 per cent of tenders called in February and April 2010 requested trade names.

OFE also criticised the increasing use of negotiated procedures like the ones struck with Microsoft and called for more transparency of such arrangements. It is usual practice for the EC to justify negotiated procedures by quoting legislation, not providing specific reasons.

International alarm rings over UK ICT policy

| 2 Comments
| More
International standards.pngInternational standards bodies have raised an alarm over the UK's game-changing techno-economic policy, breaking with protocol to fire warning shots at the Cabinet Office and calling for a reversal of the open source commitments it made the backbone of its ICT Strategy.

The policy has pitted competition honchos, invigorated by the reforming tide of networked ICT, against trade policy wonks, who preside over a system of international standardisation that encompasses intellectual property law, an immense bureaucracy of engineers, and age-old trade flows.

Back home it already threatens a rift between Cabinet Office and the Department of Business, Innovation and Skills which usually sets standards policy. The British Standards Organisation, operating under BIS mandate, has taken the unprecedented step of warning government to scrap the offending policy or risk breaching its international obligations.

Three European standards bodies have meanwhile written to the Cabinet Office warning its policy is untenable, and the International Standards Organisation is preparing to take the same, unprecedented step of interjecting directly.

The row is emerging over a technocratic definition of systems interoperability standards and the seemingly innocuous Cabinet Office promise to create a level playing field for open source software in public procurement.

But the policy is far more significant, being central to government's pledge to halt expensive government IT failures, break the stranglehold big IT businesses have over the public purse, and create opportunities for small, local firms in a world dominated by US software monopolies. It is also a vital element of the Big Society reforms.

The government wants open standards of interoperability to replace the proprietary software application interfaces that software companies use as a technocratic means of protecting their markets. It has proposed an open computing infrastructure in which competing systems, or entities such as Big Society service providers, can be swapped in and out without proprietary data protocols deciding who can and cannot participate.

Juan Carlos López Agüí - chairman of the CEN-CENELEC-ETSI Joint-Presidents Group.pngWarning shot

Juan Carlos López Agüí, chairman of the Joint Presidents' Group (JPG) of European ICT and electronics standards bodies CEN, CENELEC and ETSI, wrote to Cabinet Office minister Francis Maude on 4 May, warning that its ICT policy would isolate the UK from the rest of the world's system of standardisation.

"The definition of "open standards"...used by the UK government, is on a road towards excluding standards from the majority of the most important standards bodies...from being used in UK public procurement," said the JPG chairman.

"This belief is based on the fact that the definition refers exclusively to standards that have intellectual property made irrevocably available on a royalty-free basis," he said in the letter, obtained by Computer Weekly.

The letter fingered a Cabinet Office Procurement Policy Note of 31 January which decreed government should purchase systems using open standards that comprised only of royalty-free intellectual property.

David Bell, who as head of external policy leads BSI relations with government and international bodies, said if the government tried to reference international standards in its systems without paying royalties, "it would break quite a number of international conventions".

"If the Cabinet Office were to follow through and say that all the standards they reference, including British standards and international standards, have to be made available free of charge, we will be kicked out of the international standards-making community," said Bell.

The open systems movement is striving to prevent rights holders damning information flows by claiming royalties on data protocols.

New age

Gerry Gavigan, chairman on the Open Source Consortium and member of a BSI ICT standards committee at the centre of the furore, said: "If you charge royalties for a standard, are you a cartel? If you require to use a standard and you have to pay money to play, that feels so much like a cartel to me."

Andy Updegrove, a Boston lawyer specialising in standards, said the UK was one of a number of countries refusing to relinquish the royalty-free interoperability principle despite the European Commissions' retreat under intense lobbying from rights holders.

The EC erased the royalty-free clause from its European Interoperability Framework last year, putting it in line with the preferences of large software companies and international standards bodies. It had introduced the clause in 2004, the same year it prosecuted Microsoft for preventing competitors accessing proprietary interfaces used its market-dominating software.

The motivation of UK ICT policy was illustrated last year when Bristol City Council gave up trying to use alternatives to Microsoft Office because it was impossible to operate without using proprietary Microsoft document standards. It has committed to buying Microsoft instead.

Councillor Liam Maxwell.pngLiam Maxwell, councillor for the Royal Borough Council of Windsor & Maidenhead, told a meeting of the British Computer Society's Open Source Group last night how the Big Society envisioned service providing units being swapped like cassettes.

"It will only work if we have a set of standards," said Maxwell, who co-wrote Conservative technology policy.

A Cabinet Office spokeswoman said the open standards policy was "not set in stone" and the UK definition of an open standard had been up for consultation since it invited the public to complete a survey on the matter in February.

A BIS spokesman said in a written statement:" BIS is aware of the Cabinet Office documents relating to the use of Royalty Free open standards for government ICT procurement and note their views in this regard."

Agile will fail GovIT, says corporate lawyer

| 58 Comments
| More
In a guest blog, corporate IT lawyer Alistair Maughan argues that Agile development is an evangelical fad ill-suited to government IT.
 
Maughan_Alistair High Res.jpgThe Government ICT strategy had some good ideas. Agile project management isn't one of them.

The Cabinet Office expects Agile will reduce the risk of ICT project failure. It's a nice idea in theory. But it won't work in government IT. It won't work in the real world.

Two of the most cautionary examples of failed ICT projects in recent years demonstrated the drawbacks of Agile.

The court battles of BSkyB v EDS and De Beers v Atos Origin showed that when Agile projects go wrong, they can go spectacularly wrong.

The Agile methodology is meant to deliver IT projects flexibly, in iterations. It's meant to involve customers more directly and adapt quickly to their changing needs. This means the final system only emerges gradually. It means customers don't pay a fixed price for a complete project. They pay for a commitment of resources.

But the lack of clearly defined project roles and requirements is a problem for Agile.

Agile evangelists argue fiercely that the conventional waterfall development methodology is unrealistic. They say the sheer scope of work required by its pre-set deliverables often leaves it unable to fulfill expectations. They set themselves up to fail, say the evangelists, when they should be working collaboratively for success.

I'm prepared to accept on trust that, if all goes well, Agile may reduce the risk of project failure. But Agile simply won't work in the real world of government ICT. We need a Richard Dawkins to bust the myth of the Agile gospel.

Sceptical

There are four clear reasons why Agile won't work in government ICT. The most obvious is that government customers want to know up-front how much a system will cost. That's not so unusual, is it?

Under Agile projects, you pay a given amount of money for a set amount of effort. But you can't guarantee a specified outcome for a specific price.

This won't work in government. Departmental budgets are managed very tightly, and they must be approved. Agile implies that charges for time & materials should be open ended. Government departments won't accept that.

Government is also legally required to follow open procurement rules.

That means comparing different bidders on a like-for-like basis, and deciding on best value for money. Agile can't give you a clear specification of outputs up-front. Nor can it give a definitive up-font price.

So how are government bodies supposed to make Agile comply with the legal requirement that public procurements are fair and open?

Unprotected

As if that isn't problem enough, Agile offers insufficient means of remedy if things go wrong.

This is a particularly sensitive issue for government, where departments suffer public opprobrium if their project isn't a resounding success. The press, the National Audit Office, and the Public Accounts committee (PAC) will give government a kicking if they can't make suppliers pay for the damage they caused.

Agile makes it hard to apportion blame because the customer is intimately involved in the work. Since Agile contracts lack clear contractual delivery obligations or remedies, how do you enforce properly? How do you recover loss or damage if there's a problem?

I wouldn't want to be the first Permanent Secretary to admit before the PAC that his or her department has no real right of legal recovery from a failure.

Poor fit

Agile is fourthly not suited to public sector management structures.

Decision-making is centralised in government. Civil service structures ensure every important decision flows up to senior levels. The Cabinet Office has under the current government taken even greater power over ICT projects. But Agile decision-making (over requirements, for example) flows down. This is key, so small devolved teams can react quickly and adjust to new scenarios.

It is inevitable that Agile decisions will go through management hierarchies in central government. This will be like kryptonite to Agile projects.

Agile projects rely on decisions based on mutual trust. They are therefore well suited to in-house projects. But the faith they ask customers to have in service providers makes them ill-suited for external developments.

You can have an ICT project with a watertight contract, clear deliverables, openly and legally procured, with a fixed price and appropriate remedies if you don't get what you want. Or you can have an Agile project. You can't have both.

I do appreciate that as a lawyer specialising in large ICT projects, you may think, "Well, he would say that, wouldn't he?". But my job is the help create successful projects.

I've seen too many projects flounder for a lack of trust between customer and supplier to think the answer to government's ICT problems is the Agile credo of, "Let's trust each other some more".

Partner and head of Technology Transactions at international law firm Morrison Foerster, Alistair Maughan has advised on large public and private IT contracts including HM Revenue & Custom's controversial 10-year £8.5bn deal with Capgemini. Follow him on twitter @ICToutsourcelaw

G-Cloud: introducing the neo-database state

| No Comments
| More
Now the Home Office has destroyed its prototype ID database in a publicity stunt, the government is putting the finishing touches to plans that would put the real Identity Scheme databases at the heart of a powerful government data sharing system.

The Government Cloud (G-Cloud), an ambitious Cabinet Office scheme to share IT resources and data across the whole of government, is seeking to remove all technical and organisational barriers to public sector data sharing.

Reports published last week by the Cabinet Office describe how G-Cloud will exhume the data sharing systems that underpinned ID Cards, along with the fatal data security risks that went with them. The principles will be applied to all government data. The plans have been overseen by the same executives who oversaw the ID Scheme's data-sharing system, the ill-fated CISx.

Damian Green Destroying ID scheme Hard Disks - February 2011 - 500 by 415 dpi.jpgThe reports state that the only limits to data sharing between government departments in the G-Cloud would be those imposed by law. It is presumed that whatever sharing is required will be permitted.

The principle was established a year ago in the G-Cloud Vision, which was drafted by Martin Bellamy, the same civil servant who advised ministers to proceed with the CISx as one of two core components of the ID scheme.

Bellamy's Vision cited the CISx as an example of the sort of data sharing that would be possible within the G-Cloud. The CISx plan had involved turning the Department for Work and Pensions Customer Information System database (CIS), which contains personal details of everyone in the country, into a system that could be accessed across the whole government.

"As it develops, the G-Cloud will become the repository of a significant portion of Public Sector data," it said.

Linking data

Bellamy's Vision laid out architectural principles explored in greater detail by G-Cloud working groups under the coalition government last year. The most fundamental was that the government should seek to ensure that data items were harmonized across government so they could be linked.

The G-Cloud seeks to harness the power of the internet to create a network of interchangeable and interoperating systems. It is envisaged that the near entirety of public computer systems would be assimilated by the G-Cloud programme in 10 years.

John Suffolk clarified the vision before he stood down as government's chief information officer last year. The government CTO Council would oversee the development of common data standards G-Cloud required.

"These standards will also ease the process of sharing data between different public sector organisations," he said.

After Joe Harley was appointed CIO in January this year, his division of the Cabinet Office put its stamp on the most up-to-date of the draft G-Cloud plans, the G-Cloud Services Specification.

The specification took the idea of G-Cloud as crucible of government data sharing and rebranded it as system for "Information Access". This involved different public bodies sharing one another's applications in order to access one another's data.

Threads and shreds

It used precisely the same language as the year-ago G-Cloud Vision to describe the framework within which G-Cloud data sharing would operate.
 
"This service will only be permitted where statute allows the data to be shared with the requesting public body," said the reports.

The only other data sharing proviso would be that "information assurance requirements for the data are adequately supported across the G-Cloud," they said.

Shredded ID Database parts - Home Office - February 2011 - 5433789496_eeb5941e9b.jpgThis lesson will be fresh in the minds of those in the Cabinet Office putting the finishing touches to the G-Cloud strategy. Harley was CIO at the DWP when the CISx plan was devised and was still there when it was scrapped last year. Ian Watmore, his boss at the Cabinet Office, spearheaded the Transformational Government strategy by which the Labour government had sought to increase public sector data sharing. The CIS got a special mention in the Transformational Government strategy as well.

The Home Office said last week its minister Damian Green (pictured) had destroyed Labour's ID database. But he only destroyed the temporary system the Home Office erected in a hurry so it could get ID cards on the streets before the 2010 election. It had still not proceeded with integrating the real ID databases because it was still trying to work out how to resolve their excruciating data security problems.

The photographs of Green shredding hard disks on an industrial estate in Essex were a publicity stunt staged to destroy a publicity stunt. It was always said the ID cards were a only a token of the sort of computer systems that have already become well established instruments of government.

The databases still exist. The government still has a plan to integrate them. And the security problems inherent in public sector data sharing have still not been resolved.

The trouble with Europe's software megadeal

| No Comments
| More
The Free Software Foundation Europe thinks there's some serious trouble with the European Commission's largest ever software contract.

The contract is not quite as guilty as charged. But the FSFE's attention has exposed greater problem, of eurocratic proportions.

The FSFE said the EC had signed its €189m SACHA II contract in "direct contradiction" with decisions and guidelines designed to prevent EU bodies being tied into parasitic contracts with proprietary software vendors.

The sad thing is that SACHA II contradicts only what people like FSFE president Karsten Gerloff wished the Commission's decisions and guidelines said. The guidelines themselves are too weak and wishy-washy to change anything but people's perceptions.

The SACHA II contract tied up the lion's share of the EC's software purchasing with one company, Dutch middleman PC Ware. This was in direct contradicted of Europe's Digital Agenda, said the FSFE.

Was it?

The Digital Agenda contained some fine words. It decried a "lack of interoperability" in European computer systems and the "weak" standards that presided over them.

It even declared how the Digital Agenda, "Europe's strategy for a flourishing digital economy by 2020", wouldn't get anywhere without interoperable standards and "open platforms".

It really did give the impression it was going to do something about the way public procurement favoured proprietary software vendors. But its only relevant proposal was the production of a report next year.

European Interoperability Fudge

This might all change with this week when the Commission is expected to publish V2.0 of its European Interoperability Framework. If the Digital Agenda beats the drum, the EIF plays the tune. The Digital Agenda said European Union countries should adopt the EIF by 2013.

But the open source lobby is bracing itself for the EIF to be one almighty fudge. Early drafts were hopeful, they say, with high-fluting talk of open standards. Intense lobbying by software companies that own money-making rights over standards is said to have forced a number of revisions that will make the final version about as effective as a battalion of United Nations peace-keepers under siege.

Don't expect the EIF to have any teeth. It's not as though Brussels has the political clout to mandate open standards like they did recently in India.

What you can expect from Europe is spelled out quite clearly in its Malmö and Granada Declarations on interoperability and standards. The Digital Agenda said EU countries should implement these declarations by 2013 as well. EC's SACHA II contract was in direct contradiction with them as well, said the FSFE.

A mug's eyeful

But being declarations, they are little more than more high-fluting talk. European ministers declared at Granada on 19 April that they should "consider...promoting" open standards.

They declared at Malmö on 18 November 2009 that they would "promote" open specifications. Their commitments to open systems were even more vague than bolder declarations that in the UK have never amounted to much despite their repetition.

While all this ineffectual chatter goes on, big software contracts like SACHA II two are tying the major software vendors up with cosy contracts that will keep them in sports cars and transatlantic travel for another half a decade or more.

This is no problem if you subscribe to the belief that public policy is determined not by the letter of the declaration but by its frisson. If enough people believe it, it may happen. Like salvation.

That is why it is interesting to hear that the FSFE will be taking a closer look at the procurement regime of these big contracts. It's most scandalous charge against SACHA II was that it discriminated in favour of proprietary vendors, sending them off on a €189m gravy train while everyone else chatted in the sidings about the inequities of software procurement.

But the FSFE hasn't specified how this discrimination was carried out. It ought to present its case if it wants to stop the train.

How to win an Oracle contract - Part II

| No Comments
| More
Now we've rattled the black box in which the European Commission keeps its €10m Oracle contract, its Directorate-General for Informatics (DIGIT) has attempted to answer our questions about it.

How, we asked, did the Commission legally justify striking a €10m, three-year deal with Oracle without opening it up to tender, so anyone to have a pop?

A spokesman for the Commission said today in a written statement that it struck the three-year Framework Agreement as a "direct consequence" of Oracle's acquisition of BEA Systems.

DIGIT awarded the Oracle contract on 18 December 2009. Oracle completed its acquisition of BEA Systems almost 20 months earlier, on 29 April 2008.

Hobson's choice

The spokesman said the Commission used BEA WebLogic software on "about 300 information systems". He implied that the Oracle deal was done in order to upgrade BEA Oracle licences. He said:

"The Commission assessed alternative platforms available on the market and concluded that the cost of migrating the existing base of information systems was more than 7 times higher than the cost of continuing to use the Weblogic product range."

In other words, the simple conclusion that replacing an embedded system would be too expensive was enough to deter an open competition for an alternative. EC competition rules are designed to prevent this sort of Hobson's choice, rife as it is in the technology sector.

Hobson's contretemps

But the Commission failed to provide a precise justification of the Oracle deal. This would include an assessment of the prior state of the BEA licences, whether they were up for renewal in December 2009 or whether their renegotiation was done as a result of a change of terms imposed by Oracle after its acquisition.

If Oracle had changed its licence terms, it may have been unable to impose the new terms until the told licences expired. Either way, it is not clear from the EC's answer how an acquisition would create a logical need for licence renewal 10 months later without an open competition. Neither can it be assumed the Commission got a good deal.

Big picture

Indeed, Computer Weekly did not ask merely how the EC justified the Oracle deal legally. As it happens, the EC did not do even that: it provided a description of its justification but not the documentation by which it actually justified the deal under Article 126 of the European Financial Regulations.

On these pages, we also asked the broader question of the technical and competitive efficacy of the Oracle Framework.

How, we asked, could the Commission justify striking shoe-in deals and shrouding them in secrecy when the market could only evolve in full awareness of those instances where it had failed so significantly that such deals were necessary?

Hobson's apologist

The Commission did not tackle this point. But it did give some context that can only lead to greater dissatisfaction for those who believe that procurement transparency and open standards are the two unexpendable components of a healthy technology market:

"Because Oracle had become the owner of the products formerly sold by BEA Systems, the Commission conducted a negotiated procedure with Oracle. This enabled the Commission to protect its past investments by securing the best possible conditions. This is both in full conformity with the procurement legislation and in the interest of the EU taxpayers."

Leaving aside the unsettled matter of whether the EC did indeed strike a good deal, the question still remains whether an open competition might have contributed to the generation of alternatives that, if not in 2009, and if not in 2012 when the Oracle contract is up for renewal then simply maybe, might encourage competition.

The EC statement in full:

"The procurement procedure to which the contract notice in question relates is a direct consequence of the acquisition of BEA Systems by Oracle in 2008. Products from the BEA Weblogic range were in use at the Commission for about 300 information systems supporting both administrative processes and EU policies in various areas.

"The Commission assessed alternative platforms available on the market and concluded that the cost of migrating the existing base of information systems was more than 7 times higher than the cost of continuing to use the Weblogic product range.

"This is a clear case in which the provisions of Article 126(1)(b) of the Implementing Rules of the Financial Regulation apply. Because Oracle had become the owner of the products formerly sold by BEA Systems, the Commission conducted a negotiated procedure with Oracle. This enabled the Commission to protect its past investments by securing the best possible conditions. This is both in full conformity with the procurement legislation and in the interest of the EU taxpayers.

How to win an Oracle Contract

| No Comments
| More
Step 1: Make sure you're Oracle. Are you Oracle? Good. You win.

That's how Oracle won the €10m Oracle contract the EC offered Oracle this time last year.

It did so, according to the Contract Award Notice, "without a call for competition". In other words, the EC simply gave the business to Oracle.

It did this not merely because the contract was called "BEA/Oracle -- Oracle licences", although that did make Oracle a bit of a shoe-in.

It won because Oracle was apparently the only IT company that could possibly do the work.

You may think that European competition law prevents contracts being handed out to great ugly software behemoths without opening the ring up for anyone who wants to give them a fair fight.

No comment

Oracle itself is all for fairness, particularly towards its EC cash cow. Perhaps it would justify why the €10m deal was done in secret? No, said an Oracle spokeswoman today:

"Oracle does not comment on the internal procurement procedures of its customers."

It must be difficult for them. Deals done in secret create the impression that they might be hiding something embarrassing. The EC hasn't published a justification for the deal either. Neither has it answered our request for one.

No documentation

The EC does normally publish the documentation for its ICT tenders. Good thing too, considering the amount of public money it spends on them. But those deals it strikes without going to tender are hush hush, even though they are the very deals most in need of closer examination.

No explanation

Such deals as the Oracle contract (a framework agreement, to be specific) are permitted in European law. But only in exceptional circumstances, and with very clear justification that, were it ever to be challenged in court, would be interpreted very strictly.

"You can't just say you are relying on these grounds because you feel like it. You really have to show good reason why you are not opening this for competition," said a legal source close to the Commission, who preferred not to be named.

No room for manoeuver

This strict justification was one of two important rules the European Court of Justice established over these deals, he said. The other was that if anyone did challenge the deal, the burden of proof would lie with the contracting authority.

The Oracle contract award gives the stock justification for its secrecy, simply citing the rules that provide the justification. It has not provided the actual justification.

So the contract is for the "provision of Oracle licences, maintenance and Oracle highly specialised informatics services". It cites Article 126 of the European Financial Regulations, giving "technical reasons" or "reasons connected with the protection of exclusive rights". It doesn't even say which it is.

No progress

This lack of public justification is intriguing to say the least. We might imagine in its place a world where companies like Oracle had their markets so tied up that public authorities had no choice but to buy their technology. Open standards hoped to break the mould. But we have been kept guessing over what gave Oracle the power to strike this deal. Until detailed justification of such arrangements is published routinely, companies like Oracle may be the only ones capable of fulfilling the requirements of contracts like the Oracle contract next time they are up for renewal.

Lawyers like Mark Henley, director of technology law Wragge & Co, are meantime not convinced there is a need for such a contract.

"The Commission ought to be procuring licences for database or ERP software having certain performance or functional characteristics," he said, "rather than simply asking for Oracle licences.

"Identifying Oracle forecloses competition for all other database or ERP companies," he added.

It is not as though there is any shortage of other ERP and database firms. Though if we get carried away with ourselves, we might imagine a world in which Oracle had bought them all.

Microsoft could be barred from tenders

| No Comments
| More
Microsoft could be barred from taking part in public tenders, Computer Weekly can reveal.

But Microsoft's market position may be so strong that it prevents public bodies from deploying their blacklisting powers. EU competition law may be useless in the face of technical monopolies that draw their power from the control of interoperability standards.

The question of blacklisting Microsoft was first raised in 2008 when the European Commission signed a €49m Microsoft contract with Fujitsu. MEPs asked whether the contract should be barred under competition rules. As though to punctuate their point, the contract was enacted within days of the Commission fining Microsoft €899m for failing to co-operate with previous orders to address its market abuse. The same contract is up for renewal in February.

MEPs learned that Microsoft could not be blacklisted automatically. But the law allowed public bodies to bar Microsoft contracts on a case by case basis.

The Office Of Government Commerce confirmed that public purse holders have the same powers under the 2006 Public and Utilities Contracts Regulations. This gave them discretion to exclude suppliers that have "committed an act of grave professional misconduct in the course of his business or profession".

It gave UK bodies the same option to blacklist suppliers for a breach of competition law as was established in the original EU directive under which MEPs hoped to bar the Fujitsu contract.

The UK's Office of Government Commerce said: "It would fall upon the individual contracting authority to consider on a case by case basis whether it is reasonable and proportionate to exercise its discretion to exclude."

Blacklisting

Whether it would be reasonable and proportionate to blacklist Microsoft would depend on the seriousness of its offences, their relevance to a particular tender, and whether it had absolved itself with remedial steps and by paying its fines.

This is untested territory, and not the least because no-one has yet to try and bar Microsoft.

The closest example in UK law occurred last year when the Office of Fair Trading fined 103 construction companies for price fixing. The OFT advised that public procurers should resist the temptation to bar these 103 from tenders. The was because price fixing was endemic to the building industry. It wouldn't be fair to bar only those few who were caught.

This provided no direct parallels with Microsoft. Microsoft was not one for price fixing. And one cannot say Microsoft's crimes were endemic to the market. Microsoft is the market. It's crimes were for monopoly abuse.

Simon Taylor, antitrust lawyer at Wragge & co., says purse-holders should bear in mind that "it might be proportional to blacklist someone for a limited period", but that to do it for too long "would be disproportionate". 

Microsoft

Microsoft's case is still open. It was found in abuse of its dominant market position as long ago as 2004, and upheld against Microsoft's court appeals in 2007. And Microsoft also paid €777m of EC competition fines.

But on 9 May 2008, Microsoft appealed the final €899m fine in the General Court. 30 months later, the case has still not been brought before the court. It usually takes 18-24 months before a hearing.

The fine Microsoft is appealing was imposed ultimately because it tried to extend its "near monopoly" in desktop operating systems into servers and multimedia by exerting its powers over interoperability standards.

Microsoft took steps to stem these abuses in 2007. But the question of the power it exerts over interoperability standards is still pertinent today, as open source advocates at Bristol City Council found recently to their dismay.

Bristol was just the sort of Council that might blacklist Microsoft. But it learned the hard way that Microsoft's market power cannot be denied. It's power over standards is so strong that even a public body that like Bristol, which wanted to use open source software on the desktop, simply had to give up and buy Microsoft because everyone else used Microsoft software and Microsoft standards.

Similar problems stopped MEPs in their tracks when they raised a ruckus over the Fujitsu contract.

Powerless

"Microsoft was the first company in fifty years of EU competition policy that the Commission has had to fine for failure to comply with an antitrust decision," said the Commission on 27 February 2008, two and a half weeks before it officially awarded the €49m Microsoft contract to Fujitsu. 

Might the EC have used its discretion to bar the Fujitsu/Microsoft contract? Might it even find reason to bar the contract's renewal when it comes up in February?

It's an amusing question. Because that tender used a get-out clause to specify "Microsoft" against the rules of competition. How on earth could anyone hope to bar Microsoft from a bid that specifies the supplier must be Microsoft? EU and UK competition law looks about as useful as a Tiger Moth in fight with Godzilla.

Neither could another software supplier have a hope of winning the business. A public body wouldn't have a hope of barring a monopolist. Elected MEPs have found they have no hope of doing anything about it.

If EC competition rules can't prevent public money from being used to sustain a market-stagnating monopoly, then what will?

Microsoft was unavailable to comment. The EC has asked Computer Weekly to stop asking questions about its multi-million-Euro public contracts.

Subscribe to blog feed

Archives

-- Advertisement --