Strengthening digital infrastructure: A policy agenda for FOSS

"A @EU_Commission sponsored report found that in 2018, #EU companies invested roughly €1 billion into #FOSS creation, which resulted in up to a €95 billion benefit for FOSS users in the EU. Similar estimates for the #USA investment in FOSS were $33 billion in 2019. However, despite these attempts we have only scratched the surface of truly understanding the value FOSS provides to the economy and modern life"

@lightweight @humanetech @EU_Commission This is why it’s important for public schools to use #FOSS. The taxpayer must fund schools & when schools buy proprietary s/w it’s a total loss for the taxpayer. But if the school invests in FOSS, the value of enriching the commons from the FOSS investment can be a reciprocal benefit to the taxpayer.

@koherecoWatchdog @lightweight @humanetech @EU_Commission I would have expected the investment into FOSS to be way higher in the EU compared to the USA! Very surprised. Does it have to with business investment vs org + gov investment?

@stragu @EU_Commission @humanetech @lightweight I suspect it may simply be that the tech sector is much bigger in the US. I don’t think it mentioned costs on proprietary software which is also probably higher in the US.

@koherecoWatchdog @EU_Commission @lightweight

I wondered the same and thought that maybe it was maybe badly formulated and the 95 billion Euros are compared with that amount.

@humanetech @lightweight @EU_Commission @stragu the corporate culture in the US is to outsource like crazy largely so middle managers can offload responsibility and redirect blame if something goes badly.. to have a scapegoat. They tend to favor commercial products because it’s impossible to hold FOSS volunteers accountable.

@stragu @EU_Commission @lightweight @humanetech The European management style is not to scapegoat, but managers have a bias for the look & feel of proprietary s/w like msword, and they expect everyone below them to use the tools they use. So because the managers use MS Word, the engineers down in the trenches must use that garbage too, instead of proper engineering tools which are largely in the FOSS domain.


@koherecoWatchdog @stragu @EU_Commission @humanetech I like the angle of 'loss of sovereignty'. The EU has given away, in practice, most of its sovereignty to US tech corporations which are literally in control of all of the levers of power. (The same is true in most other gov'ts of the world). Any anti-trust deposition against Microsoft is written in MSFT Word on computers totally controlled by the Microsoft Corporation. It's a sovereignty issue.See too:

@lightweight @koherecoWatchdog @stragu @EU_Commission @humanetech Here in the USA, we have the same problems; I don't know that we could frame it as "loss of sovereignty" since Microsoft is based here, but all the effects are the same. Are there ways that Americans and Europeans can work together, and adopt like language, to fight this battle we both must fight?

@jgoerzen @lightweight @koherecoWatchdog @stragu @EU_Commission

I've tooted before about this group of institutions and organizations in the Netherlands who dedicate to breaking the stranglehold of MS and others.

They just started with a manifesto and a petition for Dutch government, focusing on lower education first.


I'll CC @fsfe @waag and @ppdelft who are part of that group (see the petition for more participants)

@humanetech @lightweight @koherecoWatchdog @stragu @EU_Commission @fsfe @waag @ppdelft I am very glad to see this! I have been at a loss really of how to proceed here, where my children are required to use locked-down, school-issued Chromebooks.

@jgoerzen @humanetech @EU_Commission @stragu @lightweight The problem with that battle is the US gov has been pimped to the tech giants. Just as banks, oil companies & the NRA finance republican war chests, tech giants finance the dems. And I don’t see US republicans going against tech giants either b/c they love giant corporations & republicans view everything as a competition (e.g. they see Microsoft dominance as US dominance).

@koherecoWatchdog @jgoerzen @EU_Commission @stragu @lightweight

Think much can be done by going bottom up, and having some schools that have the freedom to host open software be examplary cases for others to follow.

Schools can't implement this alone and fostering an environment where small businesses and organizations help give proper support must be part of the equation.

In Netherlands we have that trend starting on the level of municipalities who are adopting FOSS-first policies.

@humanetech @lightweight @stragu @EU_Commission @jgoerzen In the US it can be attacked from both ends, in principle. The US feds have a #FERPA law that’s supposed to protect the privacy of students nationwide. I believe schools are breaking that law by subjecting students to surveillance capitalism. The problem is the feds don’t enforce FERPA… it’s just a prop. So a top-down approach is to pressure the feds to enforce it.

@jgoerzen @EU_Commission @stragu @lightweight @humanetech The bottom up approach needs to happen as well, but that will be quite slow. When a teacher is clung to Windows & teaching what they know, it could be a hard sell to get them to adopt both new philosophy and knowledge. It might even be more practical to get FOSS techies into teaching (a path I am considering).

@humanetech @lightweight @stragu @EU_Commission @jgoerzen I asked a boss “why are we using MS Word and not LaTeX?” He said “because no one here knows LaTeX”. Then I asked a prof “why aren’t the students using LaTeX?” He said “because it’s not used in industry”. In this vicious cycle, I blame the school. The school should be /ahead/ of industry teaching what the industry needs to learn, not be a follower to industry.

@koherecoWatchdog @jgoerzen @humanetech @EU_Commission @stragu yes, it's crazy, really. I wrote about the NZ situation (which is, I'm sure, pretty universal among gov'ts): it's diabolical.

@lightweight @koherecoWatchdog @stragu @EU_Commission @humanetech when your school kids use windows for all their machines its a safety/security issue with each vulnerability disclosure and ransom attack that shuts down a school or city gov

@lightweight @koherecoWatchdog @stragu @EU_Commission @humanetech Wow. I love the way you framed the problem as a legal, practical one, rather than an economic, values or ethical opinion. I'll share this with two #edtech startup #CEO s that I'm pushing to adopt #FOSS and data protections to partially mitigate these risks for students and #schoolboard s.

@hobson @humanetech @EU_Commission @stragu @lightweight US schools are even more reckless. Parents don’t even get a tickbox. In one school I read about, a teacher actually signed up for all the individual google accounts and agreed to all the terms, then distributed account credentials to the students. Google probably has a rule against on person having multiple accounts & password sharing.

@lightweight @stragu @EU_Commission @humanetech @hobson Wherever I read about that, the author was criticizing the idea that students would be held to terms they never read or agreed to. But I would think a court would find that the students are not bound by those terms & it’s not their account. It’s the school’s accounts and the school is bound by the ToS.

@hobson @humanetech @EU_Commission @stragu @lightweight Either way there’s a problem b/c the school likely breached the agreement the instant they created an account for the 2nd student on the roster. And if students aren’t bound they break the ToS all they want, and the school is liable.

@lightweight @stragu @EU_Commission @humanetech @hobson It’s a worthwhile angle of attack, but will it work? The outcome we would hope for is the school goes the FOSS direction. But another possible outcome is that Google creates an academic sitewide terms of service which still pushes the same policy, and schools simply mirror Google’s terms in the school’s code of conduct.

@hobson @humanetech @EU_Commission @stragu @lightweight If I were a pro-Google school admin, I would probably not only get an academic campuswide agreement w/Google, but then to fend off parents who don’t like my expansion of the code of conduct, I would give students the option to use a school account or to bring their own acct & write the digitech section of the code of conduct to apply only to school-provided accounts.

@koherecoWatchdog @humanetech @EU_Commission @stragu @lightweight yea that's a real risk. Hard to beat Google legal team and their advocates on school boards.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu here in NZ, public schools have a statutory obligation to educate students in their 'zone'. If they impose software with a requirement to indemnify the supplier by accepting terms of use, parents always have the right to reject them... and, I believe the school is obliged to provide an alternative the parents do accept.

@lightweight @koherecoWatchdog @humanetech @EU_Commission @stragu that's good, but it adds additional hurdles for you: outreach , education and SEO so that individual parents can see through the fog of the information bubble created by Google to portray their products in the best possible light and downrank all compeitiors (including FOSS). And they know more about parents and students than you do.

@hobson @koherecoWatchdog @humanetech @EU_Commission @stragu that's possible... although I think Google's position is quite fragile. I sense that a general awakening about the dangers of surveillance capitalism will occur at some time, and from that point it'll result in incredible discomfort in most institutions in the wealthy parts of the world.

@lightweight @stragu @EU_Commission @humanetech @hobson How does the public school’s obligation to educate go when a school has a code of conduct? E.g. there’s probably a dress code, so what happens when girls try to go to school in transparent clothing, or lack of clothing? Or what about when a school admin wants to impose rules against porn or malware, for example, in a FOSS-centric school?

@koherecoWatchdog @stragu @EU_Commission @humanetech @hobson good questions. There's a difference, though - those are 'first party' requirements, imposed by the school... but the Ts&Cs of Google/Microsoft are the school imposing a *third* party's requirements...

@lightweight @hobson @humanetech @EU_Commission @stragu Right but as I mentioned if I were a pro-Google admin, I would strike an agreement w/Google to /mirror/ Google’s rules /in/ the school’s code of conduct so students would have an option that does not require students/parents having an agreement w/Google. Google would agree b/c they’re still in the game, & in fact Google might even like relief from having the enforce the terms.

@lightweight @stragu @EU_Commission @humanetech @hobson It’s a normal practice. Not sure about schools but if you work for an agency who works for a client, the agency you work for directly will mirror the client’s reqs in your contract w/the agency. A lot of shit is getting outsourced these days, & that often leads to ToS mirroring in the customer-facing ToS. A school will likely argue you can’t block them from outsourcing.

@hobson @humanetech @EU_Commission @stragu @lightweight The US has FERPA (though weak [if any] enforcement). #FERPA says a school can outsource but stipulates that the school must put in the contract that student data cannot be shared further on, to prevent a long outsourcing chain of data sharing. That in particular is unenforced. E.g. California schools outsource transcripts to a 3rd party who then outsources to #Cloudflare.

@koherecoWatchdog @lightweight @hobson @humanetech @EU_Commission @stragu isnt this why schools can procure Google Suite / Work?
With (sort of) separating Google consumer accounts from work/school accounts?
I dont say I trust them but once procured there is no legal need for parents/students to consent or agree?

@koherecoWatchdog @lightweight @hobson @humanetech @EU_Commission @stragu I must add I struggle with Mastodon threading / reply interface so Im not sure I read everything previously said.

@joeldebruijn @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu Yes I think this B2B relationship helps Google and Microsoft sidestep consumer and child protection laws in the US.

@hobson @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu

Google and MS accounts for consumers must be for persons of 13 years and older? And for schoolaccounts of pupils they can be younger. But then school is responsable too.

@hobson @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu

In EU its a bit different (GDPR has its perks but can come in handy) I guess. Because Schools have to procure services with dataprotection requirements.

@hobson @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu

Also Dutch associations for schools had a DPIA which made both MS and Google adjust certain things. Easier for MS then for Google by the way. And new DPIA with other scopes within Google their suite underway.

@koherecoWatchdog @lightweight @stragu @EU_Commission @humanetech I don't see the connection. ToS and Code of Conduct have different purposes & effect. A FOSS-based military academy can enforce whatever behavior norms they want that dont violate FOSS licensing (e.g. the Hippocratic, Do No Harm license). And a provider of services based on FOSS (like #gitlab #codeberg or a #nextcloud host) can create unrelated TOSes

@hobson @humanetech @EU_Commission @stragu @lightweight The connection is the school can outsource & the school controls the code of conduct. With those powers, the outsourced company can demand that the school update the code of conduct in a way that’s favorable to the corp, assuming the corp has that much leverage (i.e. the school admin wants the outsourcing). The corp can then agree to serve a school w/out direct student agreements.

@lightweight @stragu @EU_Commission @humanetech @hobson This is likely what FOSS advocates will face when trying to get schools off the platforms of surveillance.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu Here in NZ, individual school policy decisions and *responsibility* are divested to elected school boards. The NZ ministry arranges the all-of-NZ contracts with MSFT and Google but takes no responsibility. So, in our case, the elected boards need to make those decisions. Which might be to ' advantage.

@koherecoWatchdog @lightweight @stragu @EU_Commission @humanetech What exactly are you suggesting as a strategy for school boards, parents, or prosocial businesses - those that want to combat the harm to students caused by big corp exploitation of students for profit?

@hobson @humanetech @EU_Commission @stragu @lightweight I advocate the “public money → public code” paradigm, and public schools should operate in the commons w/FOSS software. Schools should resist /following/ industry and instead /lead/ industry. Schools should avoid teaching vendor-specific concepts & avoid developing brand loyalty. Apparently NZ law has not developed in favor of that, so laws need to be updated.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu agreed that it's effective corruption (in my opinion) for a mandatory public service to require a 3rd party, proprietary tool with deep privacy implications. So yes, we need to have a change to legislation here in NZ.

@lightweight @koherecoWatchdog @hobson @humanetech @EU_Commission interesting conversation, happy to still be included even though I don’t chime in much. Our childcare uses Storypark, our 5yo’s school uses Class Dojo and already teach the kids how to use computers (99.9% sure it’s Windows computers). I wish I had more time to get involved in trying to change the mentality, but moving from Australia to France soon means I can’t. Keen to see how different it is there though.

@stragu @EU_Commission @humanetech @hobson @lightweight France has the #GDPR which will be mostly helpful. But it also backfires in way. The tech giants can more readily invest in become GDPR compliant so a lot of EU govs are outsourcing email to Google & MS as a result. Effectively they are outsourcing the GDPR compliance to precisely the corps people distrust the most. And the tech giants have big enough bankrolls to withstand fines.

@koherecoWatchdog @stragu @EU_Commission @humanetech @hobson yup, these days the Frightful Five are very supportive of new, stringent gov't regulation, because a) they help shape it, and b) only they can afford to comply.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu @lightweight I wonder how broadly 'public money -> public tools' could be pushed.

Any school that accepts any government funding, even just 1%? Possibly.

Any organisation with a low/no tax status? Doesn't seem unreasonable.

Companies that accept tax incentives? Probably not reasonable.

@LovesTha @lightweight @stragu @EU_Commission @humanetech @hobson The phrase comes from Italian law & it’s more narrow than I would prefer. The law says when the gov finances a software development project then the resulting code must be public. But the law does not prevent the gov from simply buying proprietary COTS s/w. IIUC, if the gov can see the code, so can the public. IMO the concept should be pushed further than that of Italian law.

@hobson @humanetech @EU_Commission @stragu @lightweight @LovesTha I think schools should be given a blank check to acquire whatever FOSS they want, but when they want to acquire proprietary software then in principle there should be a rigid approval process. They should have to convince an independant body that the requirements they need the software for are unmet by FOSS & also that they published a FOSS bounty that’s gone unanswered.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu @lightweight not a bounty, a tender to get the software written. A bounty has too much risk to get people to commit to producing. Winning the tender means you will get paid if you produce.

@koherecoWatchdog @LovesTha @stragu @EU_Commission @humanetech @hobson here's what we have in NZ (I helped develop some of the policy wording along with a bunch of other adherents): - we discussed it and collaborated on it using a FOSS platform developed in NZ called Loomio.

@lightweight @hobson @humanetech @EU_Commission @stragu @LovesTha I rejected #Loomio the instant I came across it yrs ago b/c it was an exclusive #Cloudflare site. It’s still a Cloudflare site but a little less restricted now. Anyway, it looks like the nzgoal-se project is focused on cases where a gov agency has the power to hold a s/w copyright. The intro hints that in some cases a gov agency does not hold the copyright for s/w it creates.

@LovesTha @stragu @EU_Commission @humanetech @hobson @lightweight It would be interesting to know what cases are. In the US, I think the gov is not even allowed to be a copyright holder, which I think is most sensible. The purpose of copyright is to incentivize creation of works. But no incentive is needed for the gov to create software so it makes no sense that the gov would even have the power to hold a copyright.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu @LovesTha the thing I find disappointing is that it's merely an (easily ignored) 'recommendation'. And yes, it doesn't do anything about so-called COTS (which, in many cases, is anything but - it requires extensive "configuration" by eye-wateringly expensive vendor-registered 'consultants'. They're just writing software.) .

@lightweight @LovesTha @stragu @EU_Commission @humanetech @hobson The natural progression would be to track gov agencies that do not follow the recommendation and shame them and get the public to pressure them. And give positive exposure to agencies that follow the advice.

@koherecoWatchdog @LovesTha @stragu @EU_Commission @humanetech @hobson yes, I think we managed to do that with the gov't funded covid app. They open sourced it after a bit of pointed protest and people reminding them of their NZGOAL-SE 'opportunities' to gain more trust from software that wasn't very well regarded initially. I assured them I wouldn't use it until it was open source in a useful form.

Show newer
Sign in to participate in the conversation
Mastodon - NZOSS

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!