Strengthening digital infrastructure: A policy agenda for FOSS

"A @EU_Commission sponsored report found that in 2018, #EU companies invested roughly €1 billion into #FOSS creation, which resulted in up to a €95 billion benefit for FOSS users in the EU. Similar estimates for the #USA investment in FOSS were $33 billion in 2019. However, despite these attempts we have only scratched the surface of truly understanding the value FOSS provides to the economy and modern life"

@lightweight @humanetech @EU_Commission This is why it’s important for public schools to use #FOSS. The taxpayer must fund schools & when schools buy proprietary s/w it’s a total loss for the taxpayer. But if the school invests in FOSS, the value of enriching the commons from the FOSS investment can be a reciprocal benefit to the taxpayer.

@koherecoWatchdog @lightweight @humanetech @EU_Commission I would have expected the investment into FOSS to be way higher in the EU compared to the USA! Very surprised. Does it have to with business investment vs org + gov investment?

@stragu @EU_Commission @humanetech @lightweight I suspect it may simply be that the tech sector is much bigger in the US. I don’t think it mentioned costs on proprietary software which is also probably higher in the US.

@koherecoWatchdog @EU_Commission @lightweight

I wondered the same and thought that maybe it was maybe badly formulated and the 95 billion Euros are compared with that amount.

@humanetech @lightweight @EU_Commission @stragu the corporate culture in the US is to outsource like crazy largely so middle managers can offload responsibility and redirect blame if something goes badly.. to have a scapegoat. They tend to favor commercial products because it’s impossible to hold FOSS volunteers accountable.

@stragu @EU_Commission @lightweight @humanetech The European management style is not to scapegoat, but managers have a bias for the look & feel of proprietary s/w like msword, and they expect everyone below them to use the tools they use. So because the managers use MS Word, the engineers down in the trenches must use that garbage too, instead of proper engineering tools which are largely in the FOSS domain.

@koherecoWatchdog @stragu @EU_Commission @humanetech I like the angle of 'loss of sovereignty'. The EU has given away, in practice, most of its sovereignty to US tech corporations which are literally in control of all of the levers of power. (The same is true in most other gov'ts of the world). Any anti-trust deposition against Microsoft is written in MSFT Word on computers totally controlled by the Microsoft Corporation. It's a sovereignty issue.See too:

@lightweight @koherecoWatchdog @stragu @EU_Commission @humanetech when your school kids use windows for all their machines its a safety/security issue with each vulnerability disclosure and ransom attack that shuts down a school or city gov


@hobson @koherecoWatchdog @stragu @EU_Commission @humanetech I wrote this to describe a problem we have in NZ, but I suspect is pretty universal... maybe it's useful to others?

@lightweight @koherecoWatchdog @stragu @EU_Commission @humanetech Wow. I love the way you framed the problem as a legal, practical one, rather than an economic, values or ethical opinion. I'll share this with two #edtech startup #CEO s that I'm pushing to adopt #FOSS and data protections to partially mitigate these risks for students and #schoolboard s.

@hobson @humanetech @EU_Commission @stragu @lightweight US schools are even more reckless. Parents don’t even get a tickbox. In one school I read about, a teacher actually signed up for all the individual google accounts and agreed to all the terms, then distributed account credentials to the students. Google probably has a rule against on person having multiple accounts & password sharing.

@lightweight @stragu @EU_Commission @humanetech @hobson Wherever I read about that, the author was criticizing the idea that students would be held to terms they never read or agreed to. But I would think a court would find that the students are not bound by those terms & it’s not their account. It’s the school’s accounts and the school is bound by the ToS.

@hobson @humanetech @EU_Commission @stragu @lightweight Either way there’s a problem b/c the school likely breached the agreement the instant they created an account for the 2nd student on the roster. And if students aren’t bound they break the ToS all they want, and the school is liable.

@lightweight @stragu @EU_Commission @humanetech @hobson It’s a worthwhile angle of attack, but will it work? The outcome we would hope for is the school goes the FOSS direction. But another possible outcome is that Google creates an academic sitewide terms of service which still pushes the same policy, and schools simply mirror Google’s terms in the school’s code of conduct.

@hobson @humanetech @EU_Commission @stragu @lightweight If I were a pro-Google school admin, I would probably not only get an academic campuswide agreement w/Google, but then to fend off parents who don’t like my expansion of the code of conduct, I would give students the option to use a school account or to bring their own acct & write the digitech section of the code of conduct to apply only to school-provided accounts.

@koherecoWatchdog @humanetech @EU_Commission @stragu @lightweight yea that's a real risk. Hard to beat Google legal team and their advocates on school boards.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu here in NZ, public schools have a statutory obligation to educate students in their 'zone'. If they impose software with a requirement to indemnify the supplier by accepting terms of use, parents always have the right to reject them... and, I believe the school is obliged to provide an alternative the parents do accept.

@lightweight @koherecoWatchdog @humanetech @EU_Commission @stragu that's good, but it adds additional hurdles for you: outreach , education and SEO so that individual parents can see through the fog of the information bubble created by Google to portray their products in the best possible light and downrank all compeitiors (including FOSS). And they know more about parents and students than you do.

@hobson @koherecoWatchdog @humanetech @EU_Commission @stragu that's possible... although I think Google's position is quite fragile. I sense that a general awakening about the dangers of surveillance capitalism will occur at some time, and from that point it'll result in incredible discomfort in most institutions in the wealthy parts of the world.

@lightweight @stragu @EU_Commission @humanetech @hobson How does the public school’s obligation to educate go when a school has a code of conduct? E.g. there’s probably a dress code, so what happens when girls try to go to school in transparent clothing, or lack of clothing? Or what about when a school admin wants to impose rules against porn or malware, for example, in a FOSS-centric school?

@koherecoWatchdog @stragu @EU_Commission @humanetech @hobson good questions. There's a difference, though - those are 'first party' requirements, imposed by the school... but the Ts&Cs of Google/Microsoft are the school imposing a *third* party's requirements...

@lightweight @hobson @humanetech @EU_Commission @stragu Right but as I mentioned if I were a pro-Google admin, I would strike an agreement w/Google to /mirror/ Google’s rules /in/ the school’s code of conduct so students would have an option that does not require students/parents having an agreement w/Google. Google would agree b/c they’re still in the game, & in fact Google might even like relief from having the enforce the terms.

@lightweight @stragu @EU_Commission @humanetech @hobson It’s a normal practice. Not sure about schools but if you work for an agency who works for a client, the agency you work for directly will mirror the client’s reqs in your contract w/the agency. A lot of shit is getting outsourced these days, & that often leads to ToS mirroring in the customer-facing ToS. A school will likely argue you can’t block them from outsourcing.

@hobson @humanetech @EU_Commission @stragu @lightweight The US has FERPA (though weak [if any] enforcement). #FERPA says a school can outsource but stipulates that the school must put in the contract that student data cannot be shared further on, to prevent a long outsourcing chain of data sharing. That in particular is unenforced. E.g. California schools outsource transcripts to a 3rd party who then outsources to #Cloudflare.

@koherecoWatchdog @lightweight @hobson @humanetech @EU_Commission @stragu isnt this why schools can procure Google Suite / Work?
With (sort of) separating Google consumer accounts from work/school accounts?
I dont say I trust them but once procured there is no legal need for parents/students to consent or agree?

@koherecoWatchdog @lightweight @hobson @humanetech @EU_Commission @stragu I must add I struggle with Mastodon threading / reply interface so Im not sure I read everything previously said.

@joeldebruijn @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu Yes I think this B2B relationship helps Google and Microsoft sidestep consumer and child protection laws in the US.

@hobson @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu

Google and MS accounts for consumers must be for persons of 13 years and older? And for schoolaccounts of pupils they can be younger. But then school is responsable too.

@hobson @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu

In EU its a bit different (GDPR has its perks but can come in handy) I guess. Because Schools have to procure services with dataprotection requirements.

@hobson @koherecoWatchdog @lightweight @humanetech @EU_Commission @stragu

Also Dutch associations for schools had a DPIA which made both MS and Google adjust certain things. Easier for MS then for Google by the way. And new DPIA with other scopes within Google their suite underway.

@koherecoWatchdog @lightweight @stragu @EU_Commission @humanetech I don't see the connection. ToS and Code of Conduct have different purposes & effect. A FOSS-based military academy can enforce whatever behavior norms they want that dont violate FOSS licensing (e.g. the Hippocratic, Do No Harm license). And a provider of services based on FOSS (like #gitlab #codeberg or a #nextcloud host) can create unrelated TOSes

@hobson @humanetech @EU_Commission @stragu @lightweight The connection is the school can outsource & the school controls the code of conduct. With those powers, the outsourced company can demand that the school update the code of conduct in a way that’s favorable to the corp, assuming the corp has that much leverage (i.e. the school admin wants the outsourcing). The corp can then agree to serve a school w/out direct student agreements.

@lightweight @stragu @EU_Commission @humanetech @hobson This is likely what FOSS advocates will face when trying to get schools off the platforms of surveillance.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu Here in NZ, individual school policy decisions and *responsibility* are divested to elected school boards. The NZ ministry arranges the all-of-NZ contracts with MSFT and Google but takes no responsibility. So, in our case, the elected boards need to make those decisions. Which might be to ' advantage.

@koherecoWatchdog @lightweight @stragu @EU_Commission @humanetech What exactly are you suggesting as a strategy for school boards, parents, or prosocial businesses - those that want to combat the harm to students caused by big corp exploitation of students for profit?

@hobson @humanetech @EU_Commission @stragu @lightweight I advocate the “public money → public code” paradigm, and public schools should operate in the commons w/FOSS software. Schools should resist /following/ industry and instead /lead/ industry. Schools should avoid teaching vendor-specific concepts & avoid developing brand loyalty. Apparently NZ law has not developed in favor of that, so laws need to be updated.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu agreed that it's effective corruption (in my opinion) for a mandatory public service to require a 3rd party, proprietary tool with deep privacy implications. So yes, we need to have a change to legislation here in NZ.

@lightweight @koherecoWatchdog @hobson @humanetech @EU_Commission interesting conversation, happy to still be included even though I don’t chime in much. Our childcare uses Storypark, our 5yo’s school uses Class Dojo and already teach the kids how to use computers (99.9% sure it’s Windows computers). I wish I had more time to get involved in trying to change the mentality, but moving from Australia to France soon means I can’t. Keen to see how different it is there though.

@stragu @EU_Commission @humanetech @hobson @lightweight France has the #GDPR which will be mostly helpful. But it also backfires in way. The tech giants can more readily invest in become GDPR compliant so a lot of EU govs are outsourcing email to Google & MS as a result. Effectively they are outsourcing the GDPR compliance to precisely the corps people distrust the most. And the tech giants have big enough bankrolls to withstand fines.

@koherecoWatchdog @stragu @EU_Commission @humanetech @hobson yup, these days the Frightful Five are very supportive of new, stringent gov't regulation, because a) they help shape it, and b) only they can afford to comply.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu @lightweight I wonder how broadly 'public money -> public tools' could be pushed.

Any school that accepts any government funding, even just 1%? Possibly.

Any organisation with a low/no tax status? Doesn't seem unreasonable.

Companies that accept tax incentives? Probably not reasonable.

@LovesTha @lightweight @stragu @EU_Commission @humanetech @hobson The phrase comes from Italian law & it’s more narrow than I would prefer. The law says when the gov finances a software development project then the resulting code must be public. But the law does not prevent the gov from simply buying proprietary COTS s/w. IIUC, if the gov can see the code, so can the public. IMO the concept should be pushed further than that of Italian law.

@hobson @humanetech @EU_Commission @stragu @lightweight @LovesTha I think schools should be given a blank check to acquire whatever FOSS they want, but when they want to acquire proprietary software then in principle there should be a rigid approval process. They should have to convince an independant body that the requirements they need the software for are unmet by FOSS & also that they published a FOSS bounty that’s gone unanswered.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu @lightweight not a bounty, a tender to get the software written. A bounty has too much risk to get people to commit to producing. Winning the tender means you will get paid if you produce.

@koherecoWatchdog @LovesTha @stragu @EU_Commission @humanetech @hobson here's what we have in NZ (I helped develop some of the policy wording along with a bunch of other adherents): - we discussed it and collaborated on it using a FOSS platform developed in NZ called Loomio.

@lightweight @hobson @humanetech @EU_Commission @stragu @LovesTha I rejected #Loomio the instant I came across it yrs ago b/c it was an exclusive #Cloudflare site. It’s still a Cloudflare site but a little less restricted now. Anyway, it looks like the nzgoal-se project is focused on cases where a gov agency has the power to hold a s/w copyright. The intro hints that in some cases a gov agency does not hold the copyright for s/w it creates.

@LovesTha @stragu @EU_Commission @humanetech @hobson @lightweight It would be interesting to know what cases are. In the US, I think the gov is not even allowed to be a copyright holder, which I think is most sensible. The purpose of copyright is to incentivize creation of works. But no incentive is needed for the gov to create software so it makes no sense that the gov would even have the power to hold a copyright.

@koherecoWatchdog @hobson @humanetech @EU_Commission @stragu @LovesTha the thing I find disappointing is that it's merely an (easily ignored) 'recommendation'. And yes, it doesn't do anything about so-called COTS (which, in many cases, is anything but - it requires extensive "configuration" by eye-wateringly expensive vendor-registered 'consultants'. They're just writing software.) .

@lightweight @LovesTha @stragu @EU_Commission @humanetech @hobson The natural progression would be to track gov agencies that do not follow the recommendation and shame them and get the public to pressure them. And give positive exposure to agencies that follow the advice.

@koherecoWatchdog @LovesTha @stragu @EU_Commission @humanetech @hobson yes, I think we managed to do that with the gov't funded covid app. They open sourced it after a bit of pointed protest and people reminding them of their NZGOAL-SE 'opportunities' to gain more trust from software that wasn't very well regarded initially. I assured them I wouldn't use it until it was open source in a useful form.

@LovesTha @koherecoWatchdog @hobson @humanetech @EU_Commission @stragu sadly, in my experience, no one involved in gov't procurement 'gets' this... Here's my characterisation of the problem:

@lightweight @LovesTha @koherecoWatchdog @humanetech @EU_Commission @stragu yea, most IT *professionals* in the US don't even appreciate the negative impact of proprietary standards. Even open standards like ECMA HTTP GPRS LTE 5G because they are corrupted with patents and obfuscation etc

@lightweight @LovesTha @stragu @EU_Commission @humanetech @hobson Consider the case where a school uses AI software that collects data on students and then predicts which students are likely to cheat. You wouldn’t be able to suggest a #freeSoftware alternative for that.

@hobson @humanetech @EU_Commission @stragu @LovesTha @lightweight To my surprise, this is actually happening. I had no idea how bad it has gotten till I read this article → That article also states that #FERPA is not only unenforced, but it has also been weakened by the #USDoE (who does not have the authority to do that).

@koherecoWatchdog @lightweight @LovesTha @stragu @EU_Commission @humanetech There are free open source plagerism and cheating detection software packages used in Europe and the US. They could be used in NZ too. Yes corporations and their political allies will try to prevent that to maintain their monopolies. Horrible that FERPA is being bypassed.

@hobson @koherecoWatchdog @LovesTha @stragu @EU_Commission @humanetech for something with such serious implications, gov'ts should fund development, to ensure there're no vested interests and that they're transparent. Proprietary options are really indefensible in that context.

@lightweight @hobson @koherecoWatchdog @LovesTha @EU_Commission @humanetech I agree that especially for cheating/plagiarism detection tools, there should be complete algorithmic transparency so the they can be studied and checked for various kinds of bias.

Show newer
Show newer
Show newer

@lightweight @koherecoWatchdog @LovesTha @stragu @EU_Commission @humanetech You reminded me: in the US we've given up on oversight and #transparency in the case of weapon systems' #AI. So in rare cases in #EdTech, cheat detector AI proprietary algos might be defensible if there's an arms race between cheater assistance software and cheater detectors: machine generated essays that evade #FOSS algos

Sign in to participate in the conversation
Mastodon - NZOSS

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!