Switzerland Now Requires All Government Software To Be Open Source (zdnet.com) 60
Switzerland has enacted the "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG), mandating open-source software (OSS) in the public sector to enhance transparency, security, and efficiency. "This new law requires all public bodies to disclose the source code of software developed by or for them unless third-party rights or security concerns prevent it," writes ZDNet's Steven Vaughan-Nichols. "This 'public money, public code' approach aims to enhance government operations' transparency, security, and efficiency." From the report: Making this move wasn't easy. It began in 2011 when the Swiss Federal Supreme Court published its court application, Open Justitia, under an OSS license. The proprietary legal software company Weblaw wasn't happy about this. There were heated political and legal fights for more than a decade. Finally, the EMBAG was passed in 2023. Now, the law not only allows the release of OSS by the Swiss government or its contractors, but also requires the code to be released under an open-source license "unless the rights of third parties or security-related reasons would exclude or restrict this."
Professor Dr. Matthias Sturmer, head of the Institute for Public Sector Transformation at the Bern University of Applied Sciences, led the fight for this law. He hailed it as "a great opportunity for government, the IT industry, and society." Sturmer believes everyone will benefit from this regulation, as it reduces vendor lock-in for the public sector, allows companies to expand their digital business solutions, and potentially leads to reduced IT costs and improved services for taxpayers.
In addition to mandating OSS, the EMBAG also requires the release of non-personal and non-security-sensitive government data as Open Government Data (OGD). This dual "open by default" approach marks a significant paradigm shift towards greater openness and practical reuse of software and data. Implementing the EMBAG is expected to serve as a model for other countries considering similar measures. It aims to promote digital sovereignty and encourage innovation and collaboration within the public sector. The Swiss Federal Statistical Office (BFS) is leading the law's implementation, but the organizational and financial aspects of the OSS releases still need to be clarified.
Professor Dr. Matthias Sturmer, head of the Institute for Public Sector Transformation at the Bern University of Applied Sciences, led the fight for this law. He hailed it as "a great opportunity for government, the IT industry, and society." Sturmer believes everyone will benefit from this regulation, as it reduces vendor lock-in for the public sector, allows companies to expand their digital business solutions, and potentially leads to reduced IT costs and improved services for taxpayers.
In addition to mandating OSS, the EMBAG also requires the release of non-personal and non-security-sensitive government data as Open Government Data (OGD). This dual "open by default" approach marks a significant paradigm shift towards greater openness and practical reuse of software and data. Implementing the EMBAG is expected to serve as a model for other countries considering similar measures. It aims to promote digital sovereignty and encourage innovation and collaboration within the public sector. The Swiss Federal Statistical Office (BFS) is leading the law's implementation, but the organizational and financial aspects of the OSS releases still need to be clarified.
Third-party rights or security concerns pre (Score:5, Insightful)
"...unless third-party rights or security concerns prevent it.
This is the clause that will neuter the entire objective.
Re: (Score:2)
exactly what i wanted to quote. this move makes absolute sense, it's even something to applaud in this time and age ... but that gaping hole is why it's moot and they were allowed to do it in the first place.
Re:Third-party rights or security concerns pre (Score:5, Insightful)
Agreed. And here, I was going to congratulate them on being considerably smarter than we Americans (I still think they are, but I guess that's open for discussion). No government should ever be foolish enough to trust systems it cannot inspect and secure end-to-end. No exceptions.
Temporary exemptions for those bits we can't write or get for ourselves - but I mean temporary, and only with hard-core, drop-dead (i.e., no extension) deadlines for compliance. Not asking a lot here, just due diligence from the governments of the world.
Re: (Score:2)
As a user and honestly enjoyer of Windows I do agree with this, public operations should be on open source platforms as much as possible, and like you said they should commit resources to develop tools as needed with those platforms.
Imagine if the government built a competitive linux based version of Active Directory and all that framework that companies love, could disrupt the whole business IT market.
Swiss government bank's currency trading algo (Score:2)
Would like to see one or more of the 'market stabilization' algorithms the Swiss government uses to 'influence' financial markets made public.
Re: Third-party rights or security concerns pre (Score:1)
Re: Third-party rights or security concerns pre (Score:2)
I am shocked, SHOCKED to learn the title of a /. Article didn't reflect the actual contents of the article!
"All Government Software" will NOT "Be Open Source" - any software that is developed and paid for by the Swiss Government will have its source code available to anyone that wants it. It does not mean they won't run Windows, it doesn't mean they won't run Microsoft Office, and it doesn't mean they won't run Peoplesoft, Oracle, or any other proprietary software they want
Re: (Score:2)
It makes sense that software commissioned and built with public money should be open source and for a benefit of the public (including companies).
It makes less sense to mandate that anyone wanting to sell software licenses to the government, do so only with an open source business model.
Re: Third-party rights or security concerns pre (Score:1)
It wonâ(TM)t be open source, it will just be available. Just like most proceedings of the government are available if you know what and where to ask for it, willing to wait, wage legal fights and pay for its reproduction.
And at best you then get something akin to the COVID tracker applications, a bunch of nonsense that doesnâ(TM)t even compile, has gaping holes and isnâ(TM)t even the product actually in use.
Re: (Score:3)
"...unless third-party rights or security concerns prevent it.
This is the clause that will neuter the entire objective.
Maybe not. It looks that way from a North American perspective, but maybe European countries won't be looking to jump through loop-holes just to connect themselves to a leash held by Microsoft. Also, as I pointed out in another comment: In Germany, Munich is moving back to Linux, and Schleswig-Holstein is also switching to Linux.
It's too soon to tell, but there may be a trend here. Microsoft has pissed off a lot of people and continues to do so.
Re: (Score:2)
I happen to know a few people that do cyber threat work for an European government. A major concern is Microsoft and its products and not only the low product quality, but also that all of it is controlled form the US. That is a dependency that is not acceptable when infrastructure becomes that critical. For the longest time this aspect got ignored. But my guess is that time is over. O365 is certainly a factor in all of this.
Re: (Score:2)
Do the few people you know in Europe that do cyber threat work for their governments have any thoughts on the EU forcing Microsoft to grant third-party security software unfettered access to update kernel software in Windows OS? Do they wonder if allowing, oh say, someone like cloudflare the ability to inject their code right into the OS kernel is still a good idea?
I suspect there are a few EU Windows users that wish cloudflare would have handed their kernel update to Microsoft for review/approval before in
Re: (Score:2)
It's as good an idea as trusting MS to not fuck up in their kernel.
Preventing 3rd party access only reduces user control. The end user should always have the ability to do whatever the fuck he wants with the system.
Re: (Score:2)
Do the few people you know in Europe that do cyber threat work for their governments have any thoughts on the EU forcing Microsoft to grant third-party security software unfettered access to update kernel software in Windows OS? Do they wonder if allowing, oh say, someone like cloudflare the ability to inject their code right into the OS kernel is still a good idea?
If I understand the situation correctly, Microsoft already gives this access to some companies. The recent CrowdStrike debacle is an example. I don't know enough to say for sure if that qualified as "unfettered access to update kernel software", but CrowdStrike was able a driver working at the kernel level to access and incorporate a file at the user level. This file was corrupted, effectively borking the driver and preventing boot.
That doesn't answer your question, but might inform it a bit.
Re: (Score:2)
Yes, but then they went back to Linux (at least the ones I heard about. Munich was the big one).
Re: (Score:3)
Didn't a few cities in Europe try doing their own F/OSS alternatives, winding up with budget overruns, and come crawling back to Microsoft, and going back to their products?
That's not the whole story. At least part of Munich's decision to go back to MS was their Mayor's desire to have Microsoft move their headquarters here. For more info see my other comment here: https://slashdot.org/comments.... [slashdot.org]
Re: (Score:2)
No, the Europeans don't put up with the childish "but if i interpret this with malice I can stick to the letter of the law and avoid consequences" stuff we do in NA. Trying to avoid the clear intent of a ruling by such means will land you with non-compliance rulings against you.
Re: (Score:2)
No, the Europeans don't put up with the childish "but if i interpret this with malice I can stick to the letter of the law and avoid consequences" stuff we do in NA. Trying to avoid the clear intent of a ruling by such means will land you with non-compliance rulings against you.
Um, it's literally written that way, and for a reason. This is only requiring them to share source with the public for any government developed software. It's not requiring them to dump proprietary software. At all.
Re: (Score:2)
Right, they don't have to dump Windows because of this, but trying to use that clause when it's not warranted will not fly in Switzerland. The clause doesn't neuter the intent of the law, unlike what would likely happen in the U.S. say.
Plan 'B' - decade-old Dilbert (Score:2)
"Round," as they say, "two"
Re: (Score:2)
It was the "competition keeper" missiles.
https://blogger.googleusercont... [googleusercontent.com]
I miss the days when Scott Adams was genuinely funny and insightful and not a complete lunatic.
Re: Plan 'B' - decade-old Dilbert (Score:1)
Yeah but you have to admit those last few strips before he got canceled were hilarious. He introduced a new character and pointy haired boss was all excited because he was black and would help him hit his quota, but the new guy identified as white, and then PHB actually takes the L. Gold. I wish the archives were still online.
Re: (Score:2)
Yeah but you have to admit those last few strips before he got canceled were hilarious.
I do? I stopped reading years ago, because it stopped being funny years ago.
He introduced a new character and pointy haired boss was all excited because he was black and would help him hit his quota, but the new guy identified as white, and then PHB actually takes the L. Gold.
That sounds more like a Scott Adams identity politics grievance than an astute observation on the workplace. I read it for the pisstaking of workpla
Public money, public code (Score:5, Informative)
As many of you probably know, the FSFE has long campaigned for this, see https://publiccode.eu/ [publiccode.eu]
Great to see it enacted, and I hope more are to follow this example set by Switzerland. Kudos to the Swiss!
Re: Public money, public code (Score:1)
It isn't what you think it is, its not a pledge to only use Open Source software, it's commitment to make the software they gave written for them released as open source - so, you know, if anyone else wants to run their custom tax collection software, they can...
From the summary:
Switzerland has enacted the "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG), mandating open-source software (OSS) in the public sector to enhance transparency, security, and efficiency. "This new law requires all public bodies to disclose the source code of software developed by or for them unless third-party rights or security concerns prevent it," writes ZDNet's Steven Vaughan-Nichols.
Re: Public money, public code (Score:2)
if anyone else wants to run their custom tax collection software
This isn't the US. In much of Europe, for many years that "software" runs on govt servers. One logs in using eID (yes, we have FLOSS repo's for browser plugins) then does that online, either directly or, when tax gets a little more complicated, via an accountant.
Re: (Score:2)
As soon as it works reasonably well in one country (and the Swiss do good engineering), others will follow. Unless you want to do PC gaming, MS does not have anything hard to replace.
Re: (Score:1)
MS does not have anything hard to replace.
Except for their OS and an ecosystem of proprietary software that does boring things like manage doctors offices, maintain medical records, and a few thousand other verticals that Linux and macOS developers find too boring to write software for.
The windows world has a lot more software besides Office, Teams, and SQL Server.
Oh, and this new regulation only says that if the Swiss government pays someone to write custom software for the government, the software is to be made available as open source, it doesn'
Really? (Score:3)
Didn't Germany try something similar? (Score:4, Informative)
...it didn't go well. Some argue MS intentionally sabotaged it through a combination of techniques.
Re:Didn't Germany try something similar? (Score:5, Insightful)
Re: (Score:3)
Direct democracy is what kept the last canton in Switzerland from allowing women to vote. Women in Appenzell Innerrhoden were in the end granted the vote by a court decision.
Re: (Score:2)
Re: (Score:2)
I don't think it was all of Germany. I think the Munich city government tried it twice, and both times they eventually gave up after about a year or so of complaints from entry-level staff about problems configuring printers and document formatting incompatibilities with Microsoft Office.
Re: (Score:3, Informative)
Some very good open source software comes from German authors these days, ProxMox and NextCloud come to mind. NewPipe and Conversations on Android are outstanding value right now. There's also good support for Linux in the commercial datacentres there, from what I've seen. Competitive prices. Not much to complain about. Good "freedom" movement too. People who take privacy and other quaint ideas from the barely 20 years ago, seriously. Private
Re: (Score:3)
Also, because you would then be essentially giving Google permission to scan/ingest all your government documents and information?
Google OWNS every bit and byte of information that enters it's network or lands on its servers, read the TOS.
Re: (Score:1)
> Google OWNS every bit and byte of information that enters it's network or lands on its servers, read the TOS.
A larger gov't entity may be able to negotiate such away.
Re: (Score:2)
I'm sure Google and the others would love to have a long long chat with the decisionmakers and promises will be made.
The old saw, "its better to ask for forgiveness, than permission" comes to mind.
As a counterpoint, Governments have all the taxation power in the world, is there any REAL reason why they couldn't build their own systems?
It was only less than, I'm sounding long in the tooth surely, 40 years ago that was the case. If you're old enough to remember, ther
Re: (Score:3)
...it didn't go well. Some argue MS intentionally sabotaged it through a combination of techniques.
Munich did it in 2006, then decided in 2017 to move back to Windows by 2020. But the May 2020 ZDnet article I'm looking at says:
In a notable U-turn for the city, newly elected politicians in Munich have decided that its administration needs to use open-source software, instead of proprietary products like Microsoft Office. "Where it is technologically and financially possible, the city will put emphasis on open standards and free open-source licensed software," a new coalition agreement negotiated between the recently elected Green party and the Social Democrats says.... The agreement was finalized Sunday and the parties will be in power until 2026. "We will adhere to the principle of 'public money, public code'.
BTW, it seems that the reversal was motivated at least in part by the mayor wanting Microsoft to move their headquarters there. Furthermore, just this April they've decided to ditch MS and return to Linux. Additionally, according to another ZDnet article, this April the state of Schleswig-Holstein has also decided to move to Linux.
AFAIK, the whole country of Germany has never switc
Latest in a long trend (Score:3)
Re: Latest in a long trend (Score:4, Informative)
This law in no way requires Swiss officials to give Open Source software any preference, it simply says that any software developed with tax payer funds should be made available as open source - that's it.
There is nothing in this new law that precludes them running Windows, MS Office, Oracle, Peoplesoft, etc... What this means is anyone that wants can get the source code for any govt funded software developed for the govt - wow, I can finally run the software Zurich runs to manage the municipal water system, YAY!
Re: (Score:2)
Well other cities could use it to run their municipal water systems rather than pay to have their own software developed.
Re: (Score:2)
In theory, sure - but that is not what most commenters think it is about, they think it's a call to abandon Windows, Office, Oracle, etc and it is not. How much Time & money does the Swiss government save when Belarus decides to translate the Swiss Water Management software to run the Belarus Municipal Water System? Answer - none. It's a nice gesture, but not much more than that.
Re: (Score:2)
They had one job.... (Score:1)
One, just one company had to just not be crap to make this unfeasible. They did did not have to be the best just not do the equivalent for smearing crap on people's infrastructure when they turn their backs.....
this should make Richard Stallman happy (Score:1)
Re: (Score:2)
i think its a great idea, make closed source software illegal
You really think that's what this is about? Did you even read beyond the (misleading) headline? It does nothing to prefer open source software over proprietary, it does not preclude the use of proprietary software, and Al it does is says that custom software written for the Swiss government shall be made available as open source software, unless there is a reason not to.
Re: (Score:2)
Making closed source software illegal is a terrible idea.
Let the open source model compete in the free market with closed source. And let the best business model win.
Microsoft software cannot be replaced... (Score:3)
I feel dirty by mentioning this, but there are things that one cannot replace and are vital once a business reaches a certain size:
Active Directory and Entra. FreeIPA can handle a few hundred nodes, but when you are dealing with millions of users, millions of objects, GPOs, policies, audit logs, and so on, there isn't anything that comes close to replacing it.
Similar with GitHub Enterprise. Gitea is nice, but it couldn't scale to the needs of what a government needs.
Then, there are implementations and services. Every large business is pretty much chained to Exchange or M365, unless it is IBM (which, IIRC is on M365 now as well). Zimbra Mail and Google Workspace are great... but again, they don't scale.
What Switzerland, and the EU need to consider in general is to see what stuff forces them to have to have commercial products as the foundation of their infrastructure... then donate and get F/OSS efforts to deal with this. It isn't like this has been done before. CERN http/httpd for example, as no private company would have done that protocol, for the most part.
Re:Microsoft software cannot be replaced... (Score:5, Informative)
This is not about replacing proprietary software with open source software, it's about sharing custom code written by Swiss Govt programmers.
It's amazing how many people fail to comprehend what is written:
"This new law requires all public bodies to disclose the source code of software developed by or for them unless third-party rights or security concerns prevent it," writes ZDNet's Steven Vaughan-Nichols. "This 'public money, public code' approach aims to enhance government operations' transparency, security, and efficiency."
That doesn't say "dump Microsoft" it says that code paid for with govt money is to be made open source, nothing more.
Massachusetts tried this (Score:1)
Microsoft did a smear campaign on the head of IT in Massachusetts, who was demanding that all government records be ISO standards compliant. So Microsoft funded a whole bunch of teensy nations to send delegats to the next standards convention and *rammed* through OOXML for Microsoft Office documents, a standard which not even Microsoft could follow, to "comply with requirements" and prevent Massachusetts from switching to OpenOffice.
Expect a repeat of the same corrupt ion and outright bribery applied in Swe
Honest Question: ERP Open Source Solution (Score:1)
So, what's the big Open Source alternative for an ERP that is on par with PeopleSoft, Harding Lawson, Oracle Financials, Microsoft Dynamics, etc?
What are the commercial support options for that open source alternative?
How well does it all actually work?
Maybe it may manifest itself... (Score:1)
I've worked at companies where a specific vertical market vendor, who was the only one to choose one was so pricy and incompetent, with support pretty much blowing off everyone in the entire market because they were the only game in town.
What happened was that a number of companies, some of which were dire rivals, got together, and for about six months, shared developers, and built themselves all a working replacement, with the IP belonging to all the companies part of the effort, and they could license or
Re: (Score:2)
What does this have to do with this story?
This regulation doesn't force the Swiss to find open source alternatives to commercial software like peoplesoft, oracle financials, etc.
oops (Score:2)
I accidentally checked the launch codes into Git.