Friday, November 24, 2006

Some thoughts on HB5769

House Bill 5769, otherwise known as the Philippine FOSS Bill, has been making the rounds of both the legal and technical for a few weeks now. As it steps up to its final reading in congress, discussions around it are heating up for both pro and con.

Thus far, I've been sitting on the sidelines watching the arguments fly. Not a very good position to take, I know. The fact is, so far, I've been ambivalent about the matter. It's a stance partly borne out of cynicism. Recognition of FOSS is a good thing, but in practical terms, there are many ways around the proposed provisions. And I'm not sure that the proposals will not introduce more problems than solve them.

Nevertheless, sitting on the fence is never good. Albeit belatedly, here are my thoughts on the bill.

Definition and Recognition of FOSS licenses
To me, this is the highlight of the bill. It's a positive step in the recognition of FOSS licenses as valid contracts in the country. Section 5, in particular, says: "The government shall recognize the validity and legitimacy of FOSS and FOSS licenses, subject to the provisions of existing laws, rules and regulations."

This, I think, is one of the fundamental components of the bill. That said, the bill has to go into the particulars as to which FOSS licenses to recognize. Is it a blanket approval of FOSS licenses? Whose definition of FOSS should we use? Should any license claiming to conform to FOSS be considered as such? As I write, there are 58 open source licenses listed by the Open Source Initiative.

We need not cover all FOSS licenses, just the key ones in use by fundamental open source products. These would be GPL, Apache, and FreeBSD. The rest can be provisional components.

Mandating the use of open standards
This is another key provision, and one which should brook no exception. Section 6.1 says: "The Government shall use only ICT goods and services that are, support, and are interoperable with open standards, protocols and specifications." Some rewording here may be necessary. I like Bong Dizon's proposal: "The Government shall only use, adopt, procure, fund and support ICT goods and services that are, support and / or interoperable with open standards, protocols or specifications."

That said, open standards are a motherhood statement in the industry. Microsoft, for example, can claim that they use open standards even though they often add extensions. Therefore, the bill needs a stricter definition of open standards. Bong Dizon proposes the definitions proposed by the Berkman Center for Internet and Society as well as the International Open Source Network.

Open standards, in particular, should refer to document formats used in Government in all its transactions. That is, they should be readable and editable in the same form by any software, whether open source or proprietary. This definition should include documents displayed on web browsers.

However, it admits a blanket exception in Section 6.3.1: "Where there is no reasonably available ICT good or services supporting open standards in the field, area or activity that the Government intends to enter or participate." This is simply unacceptable.

And what about existing systems? Again, there is a loophole. Section 6.3.2 says: "Where a particular government agency or office has an existing, widely-used and widely implemented proprietary ICT system and there are no reasonably available technology using open standards that can be used with the said proprietary system."

The section on open standards is significant enough that it should probably be given as a separate section. It should not be confused with FOSS.

Provisions against Software Patents
Section 11 seems to go in that direction, but it doesn't go far enough. Section 22.7, for example, proposes to protect FOSS-licensed software from patents: "ANY STANDARD, PROTOCOL, SPECIFICATION, AND COMPUTER PROGRAM / SOFTWARE, WHICH HAD GENERALLY BEEN KNOWN AS FREE/OPEN SOURCE SOFTWARE OR FORM PART OF EXISTING OPEN STANDARDS, OR ANY OF THEIR DERIVATIVES.

Why not extend the same to all software, including algorithms?

To be continued.