Free software needs free thinking
I recently participated in discussions at Open Forum Europe’s EU Open Source Policy Summit, FOSDEM and Open UK’s State of Open conference. All of these discussions touched on how governments and open source vendors need to work together and, specifically, how public sector organisations can help fund open source development.
How to fund free and open software is as old as the tides
We all know the central dilemma; ‘free’ is a multifaceted word, and the free in Free and Open Source Software equates to ‘free as in liberty’ not ‘free as in beer.’
Now of course ‘free as in beer’ has great merits, not least in that it helps drive adoption. It’s also hugely important if one wants to provide an alternative to Big Tech’s ‘free as in beer’ surveillance capitalism; products that turn end-users into products, and in doing so cause huge societal issues such as mass misinformation and political instability. The mistrust around Big Tech - which these days covers the likes of Google, Meta, Microsoft and TikTok - stems from invasive algorithms, unclear use of users data, and, for most of them, ad-driven business models, which associated with the code being a black box can only create suspicion. On top of this are concerns about vendor lock-in, especially for public and private organisations, where data travels or is located, and the governmental ties any specific vendor may prioritise.
In contrast, what FOSS delivers is ‘free as in liberty’ by giving the end-user (or the end-user organisation) technological independence; as open source software is, of course, made publicly available. That knowledge transfers power to the end-user, and in doing so automatically helps guard against vendor lock-in. Code that is available for inspection also means that users can be sure about the integrity of the software. With a product like ours, for example, that means being able to be confident there are no backdoors. It ensures better security standards as there’s far more scrutiny than code that is hidden from external view. Open source also encourages an innovative and competitive ecosystem, again benefitting end-users - something Matrix turbo-charges by being an open standard.
The current phrase that encapsulates this level of technological independence is ‘digital sovereignty.’ Many governments - especially those in the EU, and the EU itself - are proactively encouraging public sector institutions to ensure their digital sovereignty. At a time when NATO is pushing governments to adopt a wartime footing, the thought of governments entrusting their communications - messaging apps, collaboration tools, voice and video - to a single (probably US-HQed) cloud-based vendor is quite rightly viewed as foolhardy. Governments should own (self-host) and control (admin) their communication platforms. Open source is a huge part of that and, in the case of Element, is further enabled through the decentralised Matrix open standard.
The challenge is that developing open source software - particularly the end-user facing and enterprise-grade software governments require - costs a substantial amount of money. The vast majority of that cost is the salaries of those developing and maintaining open source software. So, typically, a for-profit company employs the bulk of developers on a specific open source project. In years gone by the model was based around the upstream vendor providing additional services (essentially Time & Materials contracts, which is unpredictable and low margin these days, or support).
In the SaaS dominated age of ‘annual recurring revenue’ the more common model is that the majority of development is released as software available without cost, with a little bit held back by the ‘upstream vendor’ as a complementary proprietary product that ensures a revenue stream to cover salaries. In Element’s case, this revolves around the enterprise-grade features that a public sector organisation needs; and most specifically huge nation-scale deployments that support millions of end-users.
When the tide goes out, you can see who’s been swimming naked
So we have a situation whereby the open source Matrix protocol - which provides a secure, decentralised open standard for real time communications - is incredibly popular with governments because it provides digital sovereignty, supports self-hosting, interoperability and includes end-to-end encryption by default.
More than 90% of the main Matrix server (Synapse) and of various SDKs are developed by people employed by Element. To maintain and develop Matrix, Element needs more revenue coming on than it has salaries going out. Element therefore offers a server-side solution, with the additional enterprise-grade features needed by public sector organisations such as nation-scale performance and efficiencies, corporate oversight and control, and the capability to ensure the system meets compliance requirements. On top of that, of course, are continuous improvements and - most important - carefully packaged security updates. In short, the exact enterprise requirements that public sector organisations happily pay to non open source software vendors such as Microsoft, Oracle, Salesforce and all the others - vendors that, remember, deliberately vendor-lock governments into their proprietary software stack.
And yet we continually find that public sector organisations who are attracted by ‘free as in liberty’ cannot help but to then get side-tracked into insisting ‘and free as in beer, yeah?’ So instead of subscribing to Element as an upstream vendor, the vast majority of public sector organisations we see decide to use ‘the community version’ (meaning free of licensing cost, because it’s designed to support individuals and small to medium sized organisations) and then spend vast amounts of time and money reinventing the wheel to turn a free of charge community product into an enterprise-grade solution. It is far quicker - and considerably cheaper - to subscribe to the enterprise-grade version designed specifically for large-scale use in the public sector, but the truth is many organisations would rather maintain or increase headcount than purchase enterprise-grade open source software. There they choose to build on community software with in-house resources. That’s one way public sector organisations deprive vendors committed to open source.
The most common, and most frustrating, trait of public sector organisations adopting open source software is the use of standard procurement procedures for software which isn’t standard to proprietary software. The classic govt tender or RFP unwittingly rewards free-riding systems integrators who - free from the cost of developing open source software - usually put forward the lowest cost solution. Not bad for the tax-payer one might think, until it turns out the solution put in place is the standard community version with no enterprise-grade features and poor support from a free-rider systems integrator that’s not familiar with the software, its capabilities or limits. To compound things, those solutions usually end up dated pretty quickly when the systems integrator fails to keep the solution properly maintained and up to date. That’s the second way public sector organisations undermine open source projects.
The third failure mode is when government organisations compete with the open source project itself; creating and distributing competitive forks that don’t support enterprise-grade features. Innovation is fabulous, contributions are warmly welcome, but derailing the overall project is at best naive and at worst deliberate sabotage.
In our case, with public sector organisations free-riding systems integrators undermining the overall open source project, we moved to protect Element code by adopting AGPL licensing which makes life much harder for free-riders. It has cost us a lot of support from within the FOSS community, who lost faith in our good intentions, but we are now seeing commercial organisations trickle down a level of funding. It’s not our preferred choice; we feel it stifles the ecosystem; an ecosystem that could help governments ensure their citizens have a genuine alternative to Big Tech’s products and thus better address the destabilising power of surveillance capitalism.
A new wave of thinking
There’s plenty of scope for new thinking. Some governments advocate open source solutions but, mistakenly, have decided to use FOSS (as in ‘free of cost’) only and therefore can’t subscribe to any of the upstream vendor’s products; as the professionalised version is usually a proprietary subscription. This is a flawed strategy as it stops funding for the development and maintenance of said software; it’s also unjustifiable when those very same governments are simultaneously paying licenses to proprietary (and generally US HQed) vendors such as Microsoft and other vendors; the very same ones that regulators feel are too large and too powerful.
What makes far more sense is advocating the use of open source software for the benefits of ‘free as in liberty’ but ensuring that upstream vendors are paid to supply enterprise-grade builds for public sector organisations. The underlying open source project is then far better funded, building a better ‘free as in beer’ community version for all. This could be done directly, or a stipulation within the government tenders that outlaws free-rider systems integrators. RFP criteria should require the principal service provider to pay an upstream vendor that supports the overall open source project.
The public sector should also ensure that support for the open source project is primarily financial, rather than through code contribution, which in practice distracts the core team as code contributions need review and coordinated input that can easily be at odds with the rest of the project. Another solution, albeit less sustainable, is as simple as having sovereign wealth funds underwrite or invest in open source vendors.
Thankfully there are forward-thinking governments and public sector organisations that consciously ensure the good of the overall open source project. One excellent example is ZenDiS, Germany’s Center for Digital Sovereignty created by The Federal Ministry of the Interior (BMI). ZenDiS is driving the creation of an office productivity suite based on open source software, called openDesk. It selected best-in-class open source products and has committed to purchasing sufficient licenses to help fund the upstream vendors. As a result, the openDesk product has the commitment of those vendors to collaborate on a single solution while simultaneously helping them drive their respective popular open source projects forward. A win-win for all involved.
ZenDiS is a crucial part of helping to support Element, and ensuring we can continue to drive the development of Matrix. The commitment to licenses allows us to plan with confidence as it gives us the stable ‘annual recurring revenue’ that open source companies need in the age of SaaS.
Sweden’s Försäkringskassan, the country’s social insurance agency also understands its role in supporting the overall Matrix project and partners with us, an upstream vendor, through subscription-based licences. NATO (via NATO ACT) and the United Nations (UNICC) deliberately chose Element’s enterprise-grade products rather than building on the community version. Sweden’s Tele2 is a fine example of an established service provider that chose to build its secure communication solution for the public sector incorporating our enterprise-grade product, rather than free-riding. It simultaneously ensures a better service for its customers, easier service provision and helps fund Matrix development.
Governments see and understand the importance of open source software, and we’re incredibly fortunate to be working with trailblazers like ZenDiS, Försäkringskassan, NATO, the US Department of Defence, United Nations and Tele2. We ask other governments and public sector organisations to think carefully about how they, too, can best support the open source vendors that are working so hard to help deliver their digital sovereignty.