Okay.
Let's welcome our next speakers on the news with open source law.
Yes, good evening everybody.
It's a great honor to be here at this conference at the FOSSTEM.
It was many years ago when I was here last time, but now I'm glad to be back and I'm
very happy to present together with Rika Koch our new law that we achieved basically getting
in Switzerland.
It has been a long journey and it's great that we can now present this and we are very
interested also for your feedback in the end if something similar is existing in other
countries or how we also have to continue in this journey.
So briefly just our background.
We are academics from Berlin, Switzerland, but from my side I'm also an activist since
almost 20 years when I wrote my master thesis about open source community building and I'm
very glad that we can now present this to you and Rika will start.
Good afternoon from my side as well.
My name is Rika Koch.
As Matias mentioned, I'm a law professor at the Benefach Hochschule in Bern and I want
to speak to you today about the regulation, the legal side of open source software in
Switzerland for the public sector.
Here it is again.
So in the beginning when we talk about regulation of open source in the public sector there
was literally nothing.
And I wrote here dark past but we're not talking about the so far past.
We're talking about 10, 20 or even two years back.
Although there was a strategy of the Swiss federal government that said well basically
open source software would be nice because it's economically efficient and it produces
good quality but there was nothing in the law.
We had a strategy.
So when there is nothing regulated you don't really know whether you can do it, whether
it is allowed for the public sector to develop their software open source, licensing it open
source or not, which is called in legal terms there was a lot of legal uncertainty.
So developers or the private sector who offered their software to the public sector didn't
really know whether it was possible or not.
So the crucial question here is can the public sector develop and also distribute open source
software or do they have to do it closed source?
Well if you ask the IT experts probably all of them tell you yes of course they can but
in comes the spoilers, the legal persons, the lawyers and they say wait a second it's
not that easy.
So the Swiss government was in this situation where the IT experts please do open source
software and the lawyers say no no it's complicated please don't and what do they do?
They ask they pay a lot of money for of course the legal experts for a legal opinion.
Oh sorry I hand over to Matias to explain first why the pressure arose.
Thank you so basically from a historical point of view this is interesting because it was
being done open source by several state agencies for many years so from the IT side obviously
there were lots of open source activities on GitHub from different agencies however as
Rika said it was not legally allowed and so when actually we started from our group of
parliamentarians it's called parliamentarian group for digital sustainability, Paul Deghi
we started basically lobbying for open source release from the Swiss government in 2011
so it was back then when we had our first initiative and asking politicians to actually
support the release of open source software by the government and it seemed like a natural
thing although the federal government rejected this that there will be no additional support
it was basically clear to us that it will take place anyway and even more actually the
Swiss federal court is very open source minded for many years they actually are completely
based on open source software they host their all entire stack it's they use LibreOffice
back then it was open office and all the federal court lawyer federal judges they use LibreOffice
for their activities so and they even wanted to open source their back then their court
management system called OpenEustizia it still exists OpenEustizia.ch it actually is still online
this website but something happened very little Swiss Bernese law company IT law company they
actually objected to against this release of open source software by the federal court because
their business was jeopardized basically they were afraid of this government competition because
they actually had a market of local courts where they sold their proprietary court management
systems too and when actually federal court the big court actually releases open source they were
obviously afraid that this government would destroy their market and what they did actually
they asked another politicians to hand in to hand in actually another question on political
side that would ask what is basically the aim of the federal court would they want to destroy the
market for IT companies and then basically compete with small companies and this basically
actually was the beginning of this legal dispute for last 10 years and now I hand over to the
lawyer again and she will explain to you what the lawyers said about this story. Yeah maybe you
know the saying we have in German two lawyers three opinions and it was exactly that so we had a
first legal opinion issued in 2014 with the crucial question can the government develop and
distribute open source software and this legal opinion said basically no why there is in the
Swiss constitution and I'm sure in other constitutions as well the principle of competitive
neutrality this means that the government should not mess with the private sector to the contrary
that the government should make so-called favorable conditions for the private sector and they said
that this is not the case when the government publishes open instead of closed source software.
Now it gets a bit legal they said that distribution of software by the public sector is a so-called
economic acts that would per se distort the free market. This would actually be allowed but only
if there is a sound legal basis and if it's proportionate which means also necessary and these
two quite old law professors they said no it's not written in the law okay that's that was true at
that time but it's not necessary at all because everything you want to do with public software
or software by the public sector you can might as well do with closed software it's even more
it's even better suited suited to reach the public tasks so it's private basically but
luckily some persons thought okay let's just ask another lawyer and paid for another legal
opinion three years later and I when I say some persons I look at Matias so this second legal
opinion said well we're not too sure whether publishing open instead of closed source software
really is an economic and distorted act per se we might call it also an auxiliary services so
you can't do the software because it serves the fulfillment of a public task and whether you do
it with closed or open source software it does not really change the fact that you have the
legitimation to do so so they said it's an auxiliary service does not distort the market and we do
not even need a legal basis with this in mind this was government after long consultation they
issued a law although you do not really need a legal basis they thought yeah we might as well make
legal basis better saved than sorry and they negotiated the so-called federal law on the use
of electronics means for the fulfillment of governmental tasks and there they did not only
put the possibility to make open source software but a mandatory requirement this is the text we
will look at this now and I will speed it up a bit so here it says the public bodies subject to
this law shall disclose the source code of software that they develop or have Dilla developed by
third parties unless the right of third parties or security related reasons preclude this so we
have the first sentence is the principle that opens our software is by law mandatory for software
that the public sector develops or for developments that they buy via third parties and the private
market so not for software that already exists so if they they can still buy pre-existing
software on the free market so and there's the rule and there's the exception the exception is you
do not have to make it open for software if third right parties would preclude that that's clear
that's usually intellectual property rights closed licenses maybe or for security related reasons
and I personally really don't know what this should mean I've been told by people with more IT
knowledge than I have that they do not need her so if someone of you knows what this could be please
please raise your hand afterwards and give us this input and this was paragraph one the principle
of mandatory open source software there are a lot of other principle paragraphs I don't delve deeper
into that but just to show you that we've come from open source software is really distortive and
against market neutrality of the Swiss government to also this and this is paragraph four and five
and they said so the public sector they can develop the open source software and they can also offer
supply services other services to other governmental bodies for if they charge for it so they have to
take money usually but they can also also make provide other services which is then not deemed
market distortive thank you Rika so basically here we have the issue about is the federal court
this are the background of this whole clauses is the federal clause a court allowed to actually
make community building basically help other courts to use their software and maybe answer some
questions and also participate in the community and this is actually now also a legal basis for
community building on the federal level now we have the law so what does this mean so a law is not
helpful if it's not implemented it's and this is basically the activities of my next 10 years to
make this law alive so one aspect and this is where also Rika comes in because she's a specialist in
public procurement now we hope actually to find in the next few years more and more public tenders
where actually the government procuring IT solutions will have to include different criteria
which actually support the open source the release of open source software and the community
building so this is actually a real excerpt from one of them public tenders it's actually not
with the new law but I think it could actually serve as a good example from my point of view
because it says that first one of the issues is that the software which is being built by the
company is providing the solution has to be open sourced under an open source license on the
GitHub account of the city of burden then actually they have to use not just any license but a
copy left license including you PLH EPL so we heard about that thank you Bradley and we also
have then the need for companies with experience in open source software development and community
building and actually the community management is also one of the services provided by this
IT distributor so from my point of view it looks quite nice that it's really something which should
be in the future being used as one of them open source role models or good practices at least
for for IT procurement nevertheless we have not much not as much activities in Switzerland
compared to other countries especially Germany and we have a few activities so one thing was
during pandemia that there was the federal IT administration which released the COVID
certificate app as open source software which was then actually used by the Austrian government
and used for their national COVID certificate and this is I think a very nice example of how
governments can also interchange source code another example includes the Swiss map agencies
Vistopo they produced open they supported open layers in the past and collaborated with some
institutionalized crowdfunding with other agencies the first development of open layers
another aspect is from a company initiated in swissland at Finis they actually started an open
source project Kaluma and some workflow component framework and they supported now several canton
several local departments of swissland to use this company to use this software and they founded
this in osco community and this is also another good example which I think shows that even swiss
people are able to produce open source software in a good way and the last the last thing you have
heard all the railway activities open rail association today this was also partly driven by
the swiss federal railway association I think it could also be a good example how swiss government
or government companies can collaborate with others so hope there's still hope for switzerland
and their open source activities and maybe with and especially if they'll you know there should be
more activity soon there's one monitoring thing which we do osasbenchmark.com this is a very
hobby pet project of mine which where we collect basically the the open source repositories of
organizations from swiss government and companies and look how many repositories are released by
which kind of company and here again you can see basically of 150 agencies and institutions how
much open source they are already providing on github now what I hope in the future will also help
us is the the the the also the high level political environment around digital sovereignty and
digital sustainability so a few years ago we created the report on data colonialism where
we pointed out this is danger of the big tech companies appropriating and privatization of
data and also obviously of software and nowadays I'm working on a new report for the digital
sovereignty strategy for the government where they have to actually release some some new
recommendation by the end of this year and so we hope that this again also will help open
source software development in switzerland now we are very interested in your feedback for the
for discussion because first of all we would be interested on do other countries have similar
laws in this way where it actually is not just allowed to open source software but it's really
actually the default second question what is the potential and the challenges of this new swiss law
what do you think could be also something in other countries being implemented and from the
operational and the implementational point of view we know of several activities of other countries
but so what in your opinion would be the best to do next in switzerland because now we have the law
now we do need to do other things is our parliamentary group okay so that's it for the moment and
very very interested in your feedback thank you very much I was a little bit irritated that you
mentioned within the tender that you're demanding copy left while for some organizations within
their own code if they want to contribute it for this to reduce their costs having a copy left may
actually be exclusionary because some people using code that under a different license more
permissive license may not be willing to put their stuff under a copy left in other words what's
wrong with actually saying a copy left or a apache or a bsd or one of these other more permissive
licenses so this basically as if I understand you correctly so the question is why is copy left
license being recommended which actually excludes a number of organizations who may want to
develop software with a much more permissive license than copy left well it doesn't exclude them
well it can be integrated into copy left and final product
so maybe someone else can add on this but
um do you want to are you responding to that Bradley yeah please so so what it sounds like
you're saying is that if it if it has a must on copy left then they might just have to upgrade the
license that's under you know under mit to be copy left when they put the solution forward right
yes so as far as I understand if you have the end product the final product this is include
permissive license software and but you still can use the the less permissive the less restrictive
license software thank you for the great talk you just mentioned that there was this argument of
that providing open source software does market distortion that somebody gave that argument
like the right of a private enterprise to make money on licensing fees is above other things
shouldn't there be an argument that the government should make best use of taxpayer money rather
than blowing taxpayer money on licensing fees and isn't this a good enough argument to reject that
yeah absolutely I mean I did not understand myself the argument that why this should I mean just
enable some companies to pursue a business model in a certain ways does not mean to be market
competitive so I think we to the contrary I mean to enable the government to make a software that
has the best return of use money for value value for money sorry for the taxpayers should be
the first public interest so and that's how the interpretation of term competitive neutrality
changed luckily
okay you mentioned that the slow is forced in 2017 am I right sorry the law was the law
like six years ago no no the law started on February January 1st 2024 this this year okay
because I've got the question that's how often can be used that's security reason because there are
you mentioned there are two reasons like it's third party and the second is security reason when
there is exception so when it comes for like minister of defense the software could be perhaps
proprietary software but if it's like pretty new so so I don't know if it's off or no yeah
so this is this is exactly the point so the law is very new so we don't know yet how strongly
will be implemented and fulfilled we we know that the government is kind of behind on releasing
some guidelines and they're right now actually providing some guidelines but it will still take
a few months or maybe years to really get it going on okay so on on the security issue I've
so it should be used very sparingly right but there there are arguments that can't be made like
Bradley mentioned when you're looking for people who're trying to evade like taxes
there you can make an argument that people knowing how the government looks for tax evaders
makes it easier to actually like beat these algorithms right so I think it's a good thing
that's in the law while at the same time security by obscurity is a very bad thing and it should be
like we should use that very sparingly but I think it's good that it's in the law so just from a
like cyber security guy point of view and then the actual question do you know what the because we
have the same argument in Austria where it says like the government may not publish open source
because it it like distorts the market of proprietary companies profiting of proprietary
software can you summarize what like the other side of the argument was and what what claims
the lawyers made why this is not an issue actually you mean the pro side the like how was that how
did they debunk that hopefully like you know ps yeah a good thing that you're from Austria so I
can just send it to you the little penny but um to summarize they just said only real economic acts
can distort the market so they compared it if it's open source or closed source is like if you
write using a pen or your laptop it's just a means to help you doing your work so an auxiliary service
and even if it was market distorted then you just have to have the legal basis okay but but then
it's still necessary for to have better quality so very quickly I've seen other laws in other
countries that were open source by default failing so it's good that you have already clarified that
for instance security can be a way to circumvent this I wonder if there are some regional I'd say
regional car valves like this is federal can a city or a canton or whatever avoid to apply this
law because it doesn't apply to them uh yes so I have to say this is only for the federal government
this is binding only for the federal government sub federal governments can do whatever still
but what I would would also expect that usually in Switzerland at least the what the federal
government is doing the canton's and also the non let's say the non federal players are also
looking at so when they see there are benefits and there are obviously benefits otherwise it
wouldn't be here so then I hope that people will be more used to actually procure open
source software services and build communities okay let's let's thank you Mattias and Rita