On 5 March 2014 EPFSUG held its last meeting in the 7th legislature with an invitation to "TRUST YOUR FRIENDS". EPFSUG founding Patron Indrek Tarand and "Linux grandfather" EPFSUG Patron Nils Torvalds opened the meeting welcoming EPFSUG supporters and members, as well as prominent guests (e.g. DG ITEC and EDPS representatives), to a discussion "almost on the spot and almost on the right time" on the use of encryption in the European Parliament. The timely context set by the LIBE Committee's work on Edward Snowden's testimony and NSA mass surveillance put civil society participation to find solutions in the centre of the debate. We hope that EPFSUG will continue the dialogue in the 8th legislature with the outstanding support from the Debian community and the DebianParl initiative under the leadership of Debian developer Jonas Smedegaard. Lastly, the compelling case for Free Software in the European Parliament was contextualised with a fantastic overview by OSOR news editor Gijs Hillenius - have a look at The State of Free Software in the Union. We'll keep on knocking! :-)
Links to video(s) and transcript from the meeting follows below (to be completed).
0:00:00 Speaker 1: To the European Parliamentary software User Groups. Last meeting is registered here. And we're very, very happy that both the EPFSUGs founding patron is here, Indrek Tarand, and equally prominent, Linux grandfather and also EPFSUG patron Nils Torvalds. I will be short and say we're just waiting for one more person that hasn't arrived yet, so we will [0:00:40] ____ when he comes, and give the word to Nils and afterwards a short introduction by Indrek Tarand.
0:00:49 Speaker 2: Okay, thank you. In the poster, I have the title of Grandfather of Linux, which is sort of a joke.
0:01:08 Speaker 2: I was given that title as a journalist in Moscow, and eventually the Russian Linux user group, and they thought that was great fun. I must confess I'm not so sure if my oldest son thinks this is a very good, well-earned title. But anyway... I have from my personal life, I just gave Indrek some comfort. I actually have five great-grandchildren; three of them in the States and two back in Finland, and the sixth is arriving, probably on my birthday. So that's called good planning.
0:01:55 Speaker 2: I will start to wish you all very welcome to this discussion about encryption and confidentiality and authentication in the European Parliament. I would also like to thank the EPFSUG for their initiative and for the work needed to make this happen. Without their eager hounding of me, I wouldn't probably be here. Data protection and issues concerning our citizen fundamental rights have always been high on the agenda of the European Union and especially on the European government and Edward Snowden's allegations of NSA spying rightfully took this discussion to a whole new level and resulted among other things, in a call for an inquiry into mass surveillance of EU citizens and so on. It's probably worth noting that the member states aren't too eager to go off their organizations, spying on their or their neighbouring citizens. And I think there is a message there because most of the secret organizations are actually forbidden to spy on their own citizens. So today the joke in the other group meeting where we discussed the thing was that, "Okay, they... If the Swedes spy on the Finns, then the Finns can spy on the Estonians, and the Estonians can spy on the Russians, and the Russians will spy on the Danish, and so on. That's the merry-go-round, and nobody is sort of breaking their laws.
0:03:55 Speaker 2: The legal committee here in the Parliament has worked on this since September 2013, and we are now seeing the final stages of this. The committee adopted its enquiry report on the US National Security Agency and the EU member state surveillance of EU Citizens in mid-February this year, and the final vote on this report will be held next week during the Parliament session in Strasbourg, so you are almost on the spot and almost on the right time. One of the outcomes of this enquiry that might be the most the relevant for our discussions here today with regards to security of our own IT services? The enquiry report stresses that the EU needs a digital new deal to be delivered by the joint efforts of EU institutions and member states and research institutions and NGOs, yeah. And probably, first and foremost, civil society.
0:05:04 Speaker 2: I've been known to... Through the last, let's say 30 years, I've been writing and speaking extensively on the civil society because I'm pretty sure that without the civil society, we would be very much worse off than we are today. And if you look at Europe as a whole, or Ukraine or Soviet or Russia, then you can see that the lack of civil society section is creating more problems than you're usually able to see. One of the reasons that one observer wrote that we're gonna need a Maidan, Council for a number of years is just that you don't have a functioning civil society outside there.
0:06:00 Speaker 2: So we have to ensure a high level of ET security for European citizens both inside and outside the European institutions. According to an announcement made by the European Commission last week, EU funding of 85 million will be made available in 2014 to help finance projects for improving online security as a part of the Horizon 2020 research program, so there should be actually money for those coming up with good solutions. And I think that those solutions... A Linux solution can offer... You probably know that some of the most securitized organizations in the States organized, or made a secure Linux already at the very start of this century. So there is... If you go to NSA and ask what they are using when they are spying across, they probably use a secure Linux.
0:07:18 Speaker 2: The Commission is seeking to develop trust with the ICT solutions guaranteeing a securer digital environment in Europe. This 85 million planning this year comes to a total 350 million already, are marked, in total funding of about €500 million. This is of course that you could use as strengthening cyber security privacy on-line are also part of the objectives you have included in the Horizon 2020 program. But in order to manage this high level of IT security we need full cooperation, a support for new secure measures of communications also between ourselves to the European Parliament or the European Commission cannot achieve this on its own. But we can, we can, and should be the forerunners of a high level of IT security. So in this regard initiatives like this one is very very welcome and we would be proud to see the results of it in the future. I wish you all a very fruitful discussion and Indrek actually asked me when I... If I had some communication going around [0:08:42] ____ not always so listening, so I sent him an email the day before yesterday saying that we are organizing this, He usually doesn't answer but... It's good to know that he knows that you are here. Thank you.
0:09:07 Speaker 3: Yeah, good afternoon. I hope you have sent him a secure email.
0:09:14 Speaker 3: So the others won't know. Well, to be very brief... The three points I would like to make in today's meeting is that the European Parliament should have its own free software distribution. And thanks to Erik and thanks to Allen, I'll talk to you later. Thanks to Erik we have been asking for that opportunity for five years I think. And gradually we are still alive, we are still here, we are still knocking at the door. But perhaps today is my moment where thanks to Jonas Smedegaard we will really have this opportunity and he will later introduce us to the new Horizon. We have been asking for many times, many times during these long five years and it is still 10% of my life spent here at the European Parliament with no tangible results. And we think that it is still possible to make our demand and our request visible, more visible than it has been perhaps, and if the authorities would say we move to Open Document Format, that day is the day I can send an email to my children and die so to say, "Because the work is done."
0:10:59 Speaker 3: And if the European Parliaments, Bureau and Conference of Presidents and all the secretariat and all those institutions or structures which have the power to decide, will take that decision, it would be our day. And EPFSUG has, I think, thanks to you and our members, done an invisible but rather influential job inside this building or buildings. So I hope that one day we will have a real innovation and real procurement. Three years ago, I think vice-president Nirj Deva invited Bill Gates here to give a speech not about free software but about the African problems. And Nirj was kind enough to introduce me to Bill Gates, and the first question he asked me was, "Why do you fight against Windows, Microsoft?" I didn't even know that I had done it, but later I learnt that in speeches written by you, Erik, I had mentioned it.
0:12:28 Speaker 3: So, that was my, so to say, high point. Okay. Just not to waste more time...
0:12:38 S?: What did you answer him?
0:12:40 Speaker 3: I said, "That's my mission." And as we can all see here today, not that crowded. We actually have more supporters and members than we have here. If we compare our meeting to any other one, let's say, devoted to programs in Ukraine and Crimea, they might be more crowded. But let's be honest. There is... I'm not hopeless, but still, I'm a realist. There is very little we can do with goodwill to help Ukraine, but that's pretty much that we, everybody here, can do to bring about the needed innovation and free thinking into our everyday business. And, that would be a good example and achievement not only to Ukraine but for ourselves as well. Thank you.
0:13:58 Speaker 1: Jonas, the floor is yours.
0:14:04 Speaker 4: Thank you.
0:14:11 Speaker 3: You are our future. I am the past.
0:14:42 Speaker 4: Thank you Nils, and thank you Ingrid, she's not here. I'm very excited today that I can announce a version 1.0 of a new operating system. And, the geeks in the crowd here maybe know that it's a joke to talk about a 1.0... A 1.0 means that it's really, really crappy. It doesn't really work yet. And, it's just a marketing stunt to talk about 1.0. If I was really a geek, I would have called it 0.0.1 and I would have number 17 be the superior one that has been tested for 10 years. But, it doesn't matter so much to me because the other trick is that this is really nothing. I have nothing new to bring because this super fancy new distribution is just a subset of the existing grand old man called Debian that's existed for 20 years. I think it's almost as long as Linux. And, it's still going strong, and a lot of people today know the Ubuntu distribution, the European Parliament is using, deploying Ubuntu as an option for the staffers here in the members of parliament. Ubuntu is also a subset or a derivative of Debian, and what I set out to do here is to make something that is more tightly bound to Debian, so tightly that you cannot even set it apart.
0:16:32 Speaker 4: The goal hasn't been reached yet, not version 1.0. I'm cheating a little bit. I actually deriving a little bit from the staff of Debian, to me that is a flaw. Thus, it's not a bugless system I am presuming today. It's a system that has slight little bug which is that I cheated. I made something customized, because what my [0:16:56] ____ is that, I don't even do it anymore. I let go of it and let Debian maintain our system ports. I'm talking about the subject here, so to describe what is this system, the name of it is DebianParl as you maybe saw from the title here. DebianParl is framed as being a computer system optimized for the parliamentary workers. So, people working in a parliament somewhere in the world. Could be the European Union, could be some other parliament in the world. And people could rightfully ask what is so special about parliamentary workers? Isn't it just standard office packages and standard email and standard web browsing, and you could rightfully say, "Sure, it is."
0:17:48 Speaker 4: So, there's nothing special about this one. But then you realize when you dig deeper, when you... As I've done working with Erik and working with the other people in EFPSUG, I've been involved with EFPSUG for a couple of years now and there's already enthusiasts messing around and trying to make things work with free software department and I had this, "What are you doing? Why are you treating it as something special? It's just a house, it's just an office building, a very, very big one." But it turns out that there are some awkward things, some odd things in the parliament building. The very thing that it's a very, very big technical structure makes some constraints and the thing that you have applied some principles about multiple languages also add some constraints and you have even an odd thing of... Like you have customized keyboards for some of the computers in the building that is unique for the European Parliament, you can't go out in a shop and buy the same keyboards, they are designed for the parliament. So, you have a unique parliamentary keyboard.
0:18:54 Speaker 4: So these kinds of things, it just adds up, and in the end, you have got a lot of things that is custom for parliamentary use even if, in principle, it was not supposed to be that way. I mean, ideally, parliaments shouldn't produce keyboards. I mean, that shouldn't be the purpose of the Parliament but that's not for me to dictate or to tell. I can advise maybe, if I may, that the technical staff in a place like this may try to steer away from producing customized keyboards but to make that advice, I should first know what am I advising about, what are these needs.
0:19:32 Speaker 4: So, for a practical stand point in principle, DebianParl is just another operating system. It's the same as windows. It's the same as Debian. It is the same as Ubuntu. Just done right. I mean it should be understandable to use. It shouldn't be weird for non-technical people, people are too busy to learn something new here so people are currently knowledgeable about windows so if you give them a new system, it should look somewhat the same and it should be usable out of the box. It shouldn't be something that you need to tune and tweak a lot of things.
0:20:19 Speaker 4: Then I apply another rule that says that it should operate in strict rules, should roles and with that I mean that when you say that you have a laptop user which is the first part of the system that we deploy here. When you have a laptop user that owns a machine. Then the owner is really the owner of the machine. There is no one else, there is no administrator there is no one else who is like the boss of the user. You own your own device, same as you expect to do on a phone, as [0:20:50] ____ with now. That you expect that it's yours. You own the device.
0:20:56 Speaker 4: You can get into the details, like, really Apple owns that device and whatever but it is the same way you could argue that Debian really owns my device, yes, 'cause if Debian was really nasty then they could cheat me into writing something crazy on my machine because it has a security update but still I'm talking about there's the producers of the software, then there's the technicians who are running the software and then there's the user who are using it in the end. And in the Parliament here the normal thing that people are used to is that there is some technical staff that does this magic on the machine so that I can get it to work and what I am doing is I am saying if we're deploying a laptop for a user then the user owns the laptop. There is no one else who is doing magic on the machine because the chance where I am taking here is that we want to use this machine for trusted purposes. We need to be able to trust the machine so we cannot have magic going on in the machine.
0:21:56 Speaker 4: So, the principles that I applied to this machine, the constraints I could observe to the way we are setting up this machine is, the reason I am choosing Debian, the reason I am using these tools is that I'm saying that it must be using open standards. Some of these things may be boring for people here, I don't know but if you have heard these terms before, open standards, the things that define the Internet, as we call them today, and a free software so that you can have transparency and you can have the proofreading of what is really going on, you can even take it apart, you can hire someone to take it apart and change it if you want to and then common practices. Common practice is that I don't... I'm not a specialist in all of the things setting up with my machine so I am borrowing, a lot of patterns of what other people have found out is a good way, a sane way to do things.
0:22:56 Speaker 4: So, if you look around... Among geeks that are developing computer systems then I'd say most of them, 80% or something, they use the same kinds of tools as me, they use old standards, they use free software but they do it in a weird way. They do it in a custom way that it's optimized for their own experimentation including myself. But what I am trying to make here is something that is boring. The whole purpose of the machine is that it should not ever be surprising. So I should not try to experiment and do new stuff, exciting stuff, break some new frontier. The pseudo-frontier that I'm breaking here is that there is... I am stepping 10 years back or at least two years back and saying we installed the things from last year, so this laptop on which I installed DebianParl, I could boot it up and you will see that it's just very, very boring... It's Debian Linux from last year.
0:24:00 Speaker 4: Debian Linux was released last year, the stable version of Debian. It hasn't been changed for a year and it won't be changing for another year to come. So it's not the very, very used version of things. But it's the things that are stable, the things that are solid. And then another important point is that Debian has a rule of independency. If you install this machine and then you cut off from the Internet, for whatever reason, if you are on a sailing boat or something, then things on this machine must work on its own. Of course, you cannot Google if you don't have access to Google, you cannot email your friend if you don't have connection to your friend. But all of the things you take with you, you don't have other ties. I mean if you have your Apple phone, then there might be some kill switch, that if Apple don't get a signal every 10 minutes for 24 hours, it may shut down your phone because you have cheated. They cannot monitor you anymore. I don't know if they have such a kill switch but it might very well be. And the same thing is with Google. They also provide free software tools using open standards, but it's tied to them. Their design is that you are hooked up with them.
0:25:22 Speaker 4: And Debian doesn't have this fundamental design that you must stay with Debian. So I designed the system so that it is Debian. It is 100% Debian what is installed on this machine. But if you choose to do so if the parliament here, if the European Parliament chose to say, "Well thank you, UMS, now we'll do our own way, now we'll customize it for our own laptop, for our own keyboard designs, now we do something else." They can cut the boundaries to me and to Debian and move in their own direction. So they're not locked in with me or Debian. And that, to me, is a very important point.
0:26:05 Speaker 4: From security point of view, there's a lot of people who are saying, "Great now we have this free software system, this is the real thing. Now we can do all this security structures that we're dreaming about. We can lock down the things so nobody can spy on you, we can make sure that nobody can even see you, so you have stealth. We can make sure that if they get you and you did something that maybe you could get caught for, they cannot prove it because it vaporizes." The machine is just going up in smoke or whatever. All of these fancy tricks that you can do with computers if you're really, really clever. We can put all of these things into these devices because then we can fight back against NSA or whoever is trying to steal our data or monitor our activities. All of these people will be very, very disappointed with what is DebianParl, because DebianParl is not a 007 machine.
0:27:03 Speaker 4: Because, as far as I understand, the majority of these members of parliament the majority of staff workers in the parliament, they are not 007s. They are actually just doing a practical task, sorry to say, a boring job of changing the world through politics instead of changing the world through pens that can explode or things like that. So this software is, what I call it is for ordinary users. Or maybe not ordinary because ordinary users is the kind of users who expect magic to happen on their laptops. If they turn on their machine and it doesn't do as expected, they call either their brother or their technician often or all the time. They give up even before trying. That's a little too harsh to say. But I mean what I call it is, this system is for ordinary plus users. Users who are a little demanding. They want to have control over their system but not more than that. They don't want to dive in and become geeks.
0:28:14 Speaker 4: And it's also for ordinary content. Or maybe not the very silly content that is the most of the content of computers today. So again, ordinary plus content, the serious content but not classified content generally. I mean, normal people, I guess also people who are members of parliament and staff workers here which is the target users of this system. I don't imagine that you on a daily basis have these super classified documents stuffed into your laptops.
0:28:46 S?: They don't share them with us.
0:28:48 Speaker 4: Apparently you're not giving these stuffs.
0:28:49 S?: Yeah.
0:28:51 Speaker 4: So you know any reference to documents. You know they just sit somewhere but it's other people that use that it's military people or stuff like that that handle these special documents. So it's for special people. You're special too, sorry.
0:29:07 Speaker 4: So and then also I'd say that these are systems for ordinary environments. And again, maybe not the kind of environments where you are sitting at a party and spilling drinks onto the laptop keyboard and then your friend is grabbing your keyboard and, just for fun, typing in some cool joke in your name. That's not the kind of ordinary I mean. So again, ordinary plus environments like serious environments where you're using your computer because you use it for work, not for play, and you don't throw it around. So, but still it's like, you could imagine that you go to a cafe and then you continue to work. You open up your laptop in a cafe and then you type in your password and then you just look around maybe. Maybe, if you remember, but it's not like... You don't go into a room with a floating floor and attic and something in the corners, and then there must be some neon on top of it, before you even turn on the machine.
0:30:16 Speaker 4: That's not the kind of environment we're talking about, from all the people in the parliament here... So, what I mean with all this is that there's a lot of things that you can do with the security that is irrelevant for the kinds of work that you're doing in a parliament. The people in a parliament are just ordinary people like the rest of us, doing ordinary stuff, but doing it seriously and not liking this information to leak. When that article... So, they're losing control over communication just like the rest of us. So, it's just like the rest of us. DebianParl could be useful for anyone. But it's not for 007 agents.
0:31:07 Speaker 4: When you then run this machine, and sometimes now there's an error. There's a flaw in the system, it happens all the time. It happens with Windows, it happens with Debian, and you need to update the system. Then, in a parliamentary structure system, you would have people like... I keep pointing at Demetrius, because I know that he's doing this on daily basis. He's running around and fixing the computer systems for us.
0:31:35 Speaker 1: You should point at [0:31:36] ____, he's the...
0:31:39 Speaker 4: Oh?
0:31:39 Speaker 1: The Greens computer guy.
0:31:44 Speaker 4: All right. The Debian system has... We have a team in Debian, where they're monitoring and fixing bugs, and offering them on the network, on the Internet. So then you can download and update the packages, and we separate between what is fancy, exciting new stuff, and what is boring, boring, boring. Very boring only fixing the errors. And then, DebianParl machine is set-up to automatically update the boring stuff. So that keeps as it is, it doesn't change, it only fixes the bugs. Or, should I say that's the theory, because I just turned it on a few days ago. And I haven't had any bug fixes since then, so I don't know exactly what. The thing is... The main idea is that when I work on my own laptop, of course I mess around and I explore, and I do a lot of the geeky stuff, so there's some of the things that I have difficulties testing very well myself, because I just forget what my fingers have been doing, just almost by themselves, when they're running a system update. Every morning around, I check my mail and I do my system updates.
0:33:01 Speaker 4: So, I can't test it. It does... Because I just have to do it. So, this is version 1.0, it will evolve. One hour ago, I typed in the... What is it, 12 official languages of the European Union?
0:33:21 S?: 34.
0:33:22 Speaker 4: 34? That's why I thought it was long list. So, I'm pretty sure it's something all of them except for Multics. Debian is not friendly to Multics. I don't know why.
0:33:34 S?: It does the Multics.
0:33:36 Speaker 4: Because it's a... Of course, Debian itself is not...
0:33:40 S?: Actually, ask Humphrey Bogart.
0:33:42 Speaker 4: Humphrey Bogart? He's on that?
0:33:45 S?: He was actually in Falcon [0:33:47] ____ phone, right, on the...
0:33:51 S?: I'm sorry, I have to go.
0:34:06 Speaker 4: I think actually, I will stop here, and this... I could talk for hours about what is Debian. I would also talk for hours about what the details of my choices of what to select from within Debian, but I think I would rather try to have you throw questions at me and also to tune into what angles of this are you most interested in. Is it most interesting to look at what are the safety, security focus of this machine and how do we deal with things there? Or this specific pilot that we're doing with the Green TFA in the parliament, deploying 10 laptops with DebianParl. So, I think I will stop my own talk here and... Is there any questions? Quick questions now? I don't know if Chris or you would give your talk first or we should check around now? You control the room.
0:35:16 S?: I would like to ask you immediately about encryption and two things, do you generate... Is it set up so that you make your key for mail encryption? And the second question is this disk encryption issue. What have you chosen for the first version here?
0:35:43 Speaker 4: The first half was...
0:35:46 S?: How would you do with generating a key on the machine for PGP or...
0:35:54 Speaker 4: Yeah.
0:35:56 S?: So, what is the encryption setup that you've chosen?
0:35:58 Speaker 4: Okay... The first profile of DebianParl that I've been focusing on is handling trusted emails, and specifically together with the Greens/EFA group to deploying these 10 laptops, this is laptop number 11 or laptop number zero, if you are a team who counts from zero. This is the prototype for this pilot. We are using PGP or GNUPG implementation of PGP. And when you start up the machine, you create a new key, fresh key on the machine yourself. So when you turn on the machine, the first time... Ideally what I would have hoped is that I give the machine blank to each participant and then the participants themselves install DebianParl, so that I am not even involved, I'm not cheating. But that's why these small little details that I ran into a security problem of this is not possible to do, dead simple. You need to type something into a console because Debian cannot bootstrap with optimizations using HTTPS, for those of you who know that.
0:37:19 Speaker 4: It's like you can fetch my guidelines for the optimization of Debian in a secure way. So you need to bypass the installer and type something on the console. So what I do practically is I install the machine. The first thing they do is they turn the machine on and then they change their password so it's a personal password, and only they'll know their own password. I have promised them that I have not installed any back-doors or any cheats. They have to trust me. So trust has to start anywhere. Anyway it always has to start somewhere. If they download from Debian, they need to trust that anyway. And on Debian, I could have put in a back-door on Debian, if we had dared. When they then start using email, then there's a plugin for Mozilla, Thunderbird, or Icedove as it's called in Debian. In email, the kick starts GNUPG and generates key with no technical guidance, without messing with the advanced settings, this is a 2048 key which is not the most secure guidelines-preferred advised thing today. But in my judgement, it is fairly fine, adequate, based on discussions in the technical world that the old 2024 length keys are too weak. It will, in some years, will need to be broken. The double ones will not be able to be broken in coming few years I would expect. So the short version is using standard PGP generated on each machine itself.
0:39:15 Speaker 4: I don't have, yet, guidelines for how to do backups, how to do the building trusts, a chain of trusts that in the e-world is done by a dance that's called the key exchange that we do in collaborations when we do our meetings, staff meetings, conferences. I have ideas how to draft some guidelines for that so that non-technical people can follow what is the logic of establishing trust and growing trust. But really it's not me inventing things. It's more that I try to connect what are the less geeky guidelines that are still technically correct ways to do things.
0:40:03 Speaker 4: Specifically about the full disk encryption, the hard drives are encrypted. I was hesitating a lot and maybe that's why you were asking also that until the last moment, until a week ago, I was still saying that I don't really know and I don't think I will encrypt these disks. The dilemma I had in this is that, and it is fine that we're collaborating with the Greens here because the dilemma, the challenge that I put out here is that well, if you setup a machine so that whatever you do, both secure stuff and non-secure stuff, if you do anything tedious, then you must do a lot of computation, so that you hide it from the whole world. That is wasting a lot of computer power, that is wasting a lot of energy in the end. That is not an eco-friendly computing.
0:41:01 Speaker 4: So I see a clash between blindly encrypting everything even if you don't know if it is relevant and then actually having something that is eco-friendly. So these two things were testing for me, and I kept feeling that I don't need it. We don't really need to lock down the whole machine. Until I realized what is the good comparison here is the full disk encryption, encrypting the whole hard drive. I can see it as a comparison to locking your door when you're leaving your home. And the thing is I don't live in an apartment in a big city where if you don't lock the doors, then it's very very easy for a random fly-by burglar to just take all the handles and the ones that are open, you just walk in and see if there is something you can steal.
0:41:54 Speaker 4: So it is a very very low way, simple way to grab data. Without being NSA, without being a spy, without being very very advanced, you can grab data very easily. And the reason that I didn't think much of that is that I'm weird in this way, I'll lock my door. I didn't do it when I was living in the city and that was crazy. And also I lost a very expensive bag at some point because there was a burglar just walking in through the window and grabbing my stuff. But now I live on an island far away from the big cities and I don't really need... They need to really walk far to grab my hat and realise that I hadn't locked the door. Or they need to watch this video tape of me.
0:42:40 Speaker 4: So that's why I realized that, "Okay, most other people, they actually are the kind of people who lock their door when they leave their home, that's the kind of people who should probably waste this energy encrypting everything all the time. Until I find a better solution. But I am still thinking of a design that splits the hard drive in parts so that you can choose to do security stuff, waste more energy or you can choose to not do sloppy stuff and save energy in the world, but that's more advanced. Yeah?
0:43:14 Speaker 1: Yeah. Is there any plans for the Parliament to provide support for this distribution. Am I correct in saying that for now this is a Parliament project in the Greens/EFA and so, if I'm a user in the Parliament with the Green group, I can get support for this if I choose to use this distribution. What if I am from another group, is it possible to use this?
0:43:37 Speaker 4: Good question. There are two parts, there is the, can you work on a machine and can you exchange with your peers, so things like, "Oh, can I use work documents together with OpenOffice documents. Can it be... We all have experienced these things that in theory it works but it doesn't in practical steps and similar things happens when you are sending and exchanging emails that sometimes you just get a blank email if you have very shitty Microsoft email program, it just shows up PGP signed email as a blank email with the two attachments. An ASC attachment and an another one which is the document. So, there is odd things going on independently from the infrastructure of the Parliament.
0:44:31 Speaker 4: So, even if they approve all they like, that doesn't help these issues of... So that's one part of it. It's to let you work, together with people who don't use these things. Now is that... You probably will collaborate with others that haven't switched yet to DebianParl. So, that's one part, that's the part that we are... That is the most important as I see it really. Because the other part is that we are collaborating with the DG ITEC, the technical staff of European Parliament to make sure that we don't have surprises both ways, we don't have surprises in the sense that we as DebianParl employers that we feel that the IT is working against us, it's shutting us down, it is setting up barriers to cheat us, to annoy us. And also the other way around that, DG ITEC don't feel that we are trying to undermine their systems or that we are trying to reveal secrets of the infrastructures so that others can hack the systems that has happened with the WiFi set up recently. Things like that.
0:45:40 Speaker 4: I am drawing a mean picture both ways here because the thing is, the reality is that I have no intentions of annoying or circumventing the DG ITEC setup here. And I know that the DG ITEC also have no intentions of annoying this project and on the contrary they're very interested in what we are doing. Because they want to adopt some of the things we are doing but at a cost. It's nice that we are doing some of the things for free and without them having to promise anything, so we... A pilot like this is excellent for them because they don't get their [0:46:20] ____...
0:46:21 S?: But as a user, if I'm encountering a problem, who can I go to if I'm working on DebianParl?
0:46:27 Speaker 4: Ah! Okay. You cannot go to anyone. You cannot go to the DG ITEC and have help with your DebianParl machine. Forget about it. The same thing you get from the DG ITEC. The thing you get from the official structures that are very very very expensive to run, is that you can go to someone and say "Fix it." Because they have very very strictly designed procedures of what do they promise, how do they promise it and what are the boundaries of what did you do. "Oh you charged this button, oh but it says on page 27 that if you press this button you're fucked. It is your problem, here you go. Machine back I don't help you." But most likely, they cannot find page 25 and they have to fix it anyway.
0:47:10 Speaker 4: So they might give a [0:47:11] ____ or two, whatever they do which is their procedure. I said something not very nice there, but generally I think... I believe that it's working in the Parliament. What they are doing works, but what they're doing does not include trusted emails, it is not possible to use PGP in the Parliament and it is not possible to use digital signatures, even if you believe in TLS states, [0:47:39] ____ signatures you cannot set up your own trusted network with the systems that you have in the parliament. So that's something you cannot do with the infrastructure that they are offering. Which might be so compelling for you to work with that you take your chances and use DebianParl.
0:48:01 Speaker 4: You work without this safety net of the well tried out and promised and sure systems. There's no staff for DebianParl. I work as a volunteer, at the moment, the only volunteer to guide and help the users of DebianParl. And the users of the DebianParl will be the 10 pilots, and it will be whoever steps up and wants to try. I would love there to be other people also. It's not exclusively for the people in the Greens group, but technically, they have an advantage in being officially a project. Which means that when I go talk to the DG ITEC and say I represent this official pilot project in the Greens group, they might treat that project differently from random people who want to try out messing with Debian. But much as I can, of course I want to have it cover all of the DebianParl users. And the DG ITEC, they are also interested in not jocking it down, but they are just very, very keen in not promising anything they cannot... They don't have any procedures on. They want to stick everything out to procedures. They're looking for the procedures that fit the pilot project. When they have found these procedures, hopefully those procedures happen also to pick lone runners that use DebianParl.
0:49:37 S?: In the meantime, are people contacting you for support or...
0:49:43 Speaker 4: The DebianParl project has a website https: //wiki.debian.org/DebianParl, and on that page is a mailing list. You can subscribe to the mailing list and ask for guidance. There's also instruction on how you can install it yourself, but as I said, unfortunately, it's a little geeky at the moment so it needs time also. Thanks for pointing it out. Is anybody steering me in time? I know that all 30 laws are protecting something, I don't want to steal too much of your time, but I would love to discuss more...
0:50:25 S?: Well, maybe I should say something about the Greens laptop project. So we have ordered a couple of... Well, 10 laptops, actually or 11 with that one. So to create the... To make it possible for a volunteer like Jonas to actually help us to get into using this system, so the laptops are all the same. So there will be no surprises in terms of whether the sound card doesn't work if you browse and then listen to music or whatever. To make it possible to when there is something that doesn't work, it doesn't work in the same way for all of the participants. And also, we hope that of course, that our experiences can be documented and shared with others, so we will try to participate with Jonas on the mailing list set up for the purpose of talking about this. But it's up to each pilot, and I will be one of them to communicate in public about this what we're trying to do. But then, if that works out, I guess that you can then install and use DebianParl on any laptop, and the question is then how much support you can get from the free software community depends of course how, which problems you run into.
0:52:23 S?: But I think it's... The idea that you combine an official project by the Greens or by a political group with an external activity like this is... It's like... Actually it's like EPFSUG itself, but it's on another level. So EPFSUG is a... This user group has patrons or MEPs that believe in certain values that are expressed in different forms, what happened in the license of... That's in the free software license that most projects use, the GPL. And also with the vision to increase transparency and to have proper procurement, etcetera, and avoid lock-in and more, better localised ICT industry and more SMEs whatever. But MEPs are just politicians, and they can just do so much politically to support this project. But what is unique with the Greens project is that its political group doesn't take the decision to work together inside the house, together with DG ITEC.
0:53:56 S?: There is a cooperation going on inside the institution, with an external agent, in this case Jonas, as the project leader. And this kind of forum or this formula is a bit unique and new. And I think, it's a necessary intermediary forum to get from a completely volunteer-based activity into something that, in the end, would look more like... If you know EMAS or EMS, there's an environmental...
0:54:37 S?: What's it called?
0:54:40 S?: There's a... Based on a decision by the Parliament, there's an institution, inside institution, set up to improve the digital... No, the carbon footprint, not digital footprint, to lower, so there's water taps in different rooms. There are continuous evaluations of how the institution, as a whole, is improving in terms of the carbon footprint. And at some point, I think open standards of free software will be also part of the institution's own agenda and at some stage be formalised and institutionalised. And then EPFSUG will not be a voluntary-based activity but something that is actually happening based on decisions by the Bureau or by the DG ITEC. And so this intermediary forum, I hope we will be successful so that we can take the next step, which I don't really know exactly how to go through with that. But so far, the response from DG ITEC, in particular Director General Giancarlo Vilella, has been absolutely overwhelming. I also see colleagues here that have been supportive throughout the years, and but may be I should talk more about this in my last part of the meeting, so I'll stop there.
0:56:18 Speaker 4: I would just add a little bit to that, is that, yes, I see there is a... You said there is an extension to EPFSUG. I see it as a different level similar to EPFSUG, in that the European Parliaments has 10 pilot users of a global project called DebianParl in the same way as EPFSUG has a couple of users experimenting with Linux within the European Parliament and big institutions. So, DebianParl is not a European Parliament project. It just starts here because I happened to have some ties with this Parliament. And I have absolutely no ties with... Actually there are... I have a friend who has shown some interest to maybe, and I cannot mention names yet. But maybe in a country in South America, next year or the year after, we'll try out DebianParl.
0:57:23 Speaker 4: And in last weeks, I have had conversations with a Taiwanese school project who is trying to model their modernization of their structures for deploying... Similar to DebianParl. So there are things going on in different areas in the European Parliament as well, and that's... Ideally, if it works out, that means that the kind of help you can get is not the same as if you have a lot of paid people staff to fix your problems. But it means that if there's enough volunteers, then that is even more efficient. They can help you when your staff would have been home, 'cause they live in different ways in the globe. So if you have a problem at three in the morning, then someone's awake somewhere else in the globe. That's the dream.
0:58:22 Speaker 1: Alright, I think, Gijs, do you want to ask something or do you want to take over from here? Are there questions to Jonas before we move to the state of the free software in the Union?
0:58:39 S?: Actually, I have one question for Jonas or for you, Erik. Repeating all that I was trying to ask, are there any other European Parliament groups that have expressed interest to join this pilot?
0:58:55 Speaker 2: Only individual MEPs in actually all political groups, yes, all political groups have shown interest and been supportive. But I'm not aware of that a political group on the administrative level, other than the Greens, that have taken as concrete steps as we have in Greens. And of course, I work in the Greens, so it's not that strange, but I hope that... Well, I know that at the administrative level, there are communications at that level that are much more, they may be not visible but very efficient in those, maybe because they are not visible, I don't know. But I see it as completely plausible that other groups will start similar projects, maybe not in this legislature but definitely in the next.
1:01:17 S?: Aaron gave me the title, which I just quickly shift away. Here's a short introduction. This is what I'll try to do. Doing the talk about what happens in Europe on the state of open source or free and open source software is not easy because the question is...
1:01:41 S?: Because what kind of overview would you want? Would you want it by type of public administration? Would you want it by size of the software solution? Would you want it by member states ? So, I'll try to do all of those, and I'll try to be as quick as I can. So, I'll give a few big trends. I'll give you lots of examples. Of course, I have to thank the EPFSUG for making it possible for me to talk here, and all the names in the presentation, I can't divulge. You can't call this one, I guess. To all the items for that I've written thanks to the actual... For the things they've done. It's a very resourceful, and I have to briefly introduce you who I am and why I can talk about these topics.
1:02:24 S?: So, my name is [1:02:25] ____. I'm an IT journalist. I hail from the Netherlands, but that you already heard. I work for a project at the European Commission called "The Open Source Observatory and Repository." I try to follow what happens with member states on the topic of open source, limitations, policy decisions, what have you. And it's also is one of the projects that's a somewhat larger project at the European Commission called "Join Up." The "Join Up" is about the sharing and the reuse of ICT Solutions, so in the broad sense. So we are an alternate for repository, one of the things that the "Join Up" has is a large repository with about 4,000 applications made by public administrations, made for public administrations, and the vast majority is available as open source. Sharing and reuse is just very easy if you do it under an open source. So, the big trends... Feel free to read that course, but the big trends are that public administrations are increasingly turning to free open source solutions. It's really a ground stroke.
1:03:32 S?: It used to be that they hadn't heard of it, and I had to call them, and I had to explain to them first what it was, and then I would have to go and talk to the IT department, and then they would come back with an answer, "Yeah, maybe we're looking at possibly you heard or we're possibly thinking of something like Apache." And then, it became a hype in the early year... So, five years ago, it became a hype, and then all of a sudden, all the ministries did a press release that they actually installed a Linux machine somewhere or a... Or that they had done it offsite on an open source project, and it was easy for me to write on it. But now it is hidden again and now I have to call them, again, and then they say, "Yeah, of course, we use open source." That's not even a question anymore.
1:04:16 S?: And as you can see here, it's used for everything. Content management systems, document management systems, the whole enchilada, everything. You can find examples for all of these on the [1:04:28] ____. So, it's used across all sectors. It's used in the European institutions... I wish that I could point you out the latest things that I'm writing because the European Parliament is actually a big user of Jahia, an open source computer management system. The majority of the websites in the parliament and I think about eight of the outside oriented sites of the European Parliament are using Jahia, a French open source system. But the Parliament is still thinking of the new [1:05:00] ____, so it hasn't been published yet.
1:05:02 S?: So, we can see an item many people of the working at an European institutions would have seen, ultimately, prior procurement solution developed by the European Commission? A lot of the tools developed by the EC are now available as open source. And it's literally everywhere. It's in ministries. All these things, again, will tell you they're applicable. We'll give you examples, but I'll tell you a little bit about what's going on in France as we zoom out on all these headlines. Because in France, there is an MEP, Isabelle Atar from European Publishing. And she and many last year asked all the ministries in France to detail, to just write down, what they do on open source, and it's really a very amazing collection that you get there.
1:05:54 S?: For example, the most interesting example is the Ministry of Education because they have been using Linux and Apache and other open source tools for over a decade. 23,000 servers have moved to Linux since 2001 in all schools across the country, used for network for security systems, file servers, back-up servers, VPN, thin client application servers. The ministry itself has over 4,000 Red Hat Linux servers and has been using OpenOffice and LibreOffice for most of the desktops, and this is what they use for communicating to their students. It's also in many towns, I will give a few of the names in here, and we'll come back later. For example, Munich... I'll have to stop there in a bit. In the end all these names are tick-able, and there's literally, in any EU member state, you can find examples. So, of course, that's interesting. Spain has a national policy on e-governance that mandates the use of open standards.
1:07:07 S?: That was our [1:07:07] ____ this is a very interesting tool because it means that they feel supported by the national government. To say, "Look, we're going to move to OpenOffice or LibreOffice." And they have a combination of those things on their desktops. And switching from OpenOffice to LibreOffice for them is like not a problem, because they use ODF, and ODF across those two suites is interoperable and there's no loss of information. But they often, like many other member states, public administration security, they get documents from their commission, they get documents from citizens, they get documents from companies that will not be in ODF. And when it comes down to communicating with public administration in Spain, so of course, I will then tell them "Look, guys, national law, open standards, so we're using ODF. If you can't view it, it's not our problem."
1:07:55 S?: Very effective there. It's used across all sectors, health care, many examples. It's used in education, in kindergarten, I thought it was cute. It was just last week that I was covering... But the big value here is a quote from Malcolm Moore, from the Weston High School, in the UK, you can read it for yourself. But it's true, right, if our students need to go and work in CERN or invent the next Google or invent the next Facebook or invent the next Skype, these are all run in Linux. Even Bill uses Linux. Of course, he won't say it out loud. And it's in defense, NATO's standardized in ODF, and I thought with Ukraine and Crimea coming up, I should maybe point out that even Russia is investing a lot in using Linux all over the country.
1:08:57 S?: However, it's not all good news, there are a few problems. The first big problem, and everybody knows this, the elephant in the room, is the desktop. Everybody, including the European Commission offices obtained the Green almost [1:09:18] ____ link will bring you to the most recent discussions between the European Parliament and the European Commission on its problems with procuring its office solutions and its workstation, desktop workstations. This continues. And the second problem is procurement. Of course, these two things go sort of hand in hand. Again, in many ways, and [1:09:46] ____ has been quite active for the last few days.
1:09:51 S?: So, that's what these are all common, but I would like to quickly move around... These are the two links for anybody who's interested in desktop extension either here or somewhere else. It's a YouTube presentation or read. I'll quote a little bit from [1:10:11] ____, he's a lawyer in the Netherlands, he works at the University of Groningen, I'm the only one that can pronounce it. And he has been looking into procurements, ICT procurements at least in the Netherlands. He's worked with the Dutch government on this, and he's done his PhD. And in 2011, he was in Paris, I heard him speak there, and there he looked at the European Commission's way of procuring its desktop operating systems and its office solutions.
1:10:38 S?: And he basically concluded that the European Commission creates its own rules, when it's going on this procuring. Because with the Commission, and I think 65 other institutions, they have this negotiating procedure because they have no alternative but then to buy Microsoft. We perhaps looked at the way they are used and he says they're doing something very funny. See, when you have an alternative for your desktop suite and for your operating system, you cannot do a negotiating procedure. But they're doing both. First, they specify that they want Windows and they need Office. And they say, "Since we have no alternative, we will do a negotiating procedure." Then he says the combination is, it's not allowed on the Linux, so he's been trying to reach people in the Commission that [1:11:26] ____.
1:11:30 S?: And just this morning, the European Commission gave more details on its current procurement of Office solutions to the Freedom of Information Request by the Free Software Foundation, Europe. It's published on the Ask The EU site, I haven't been able to read it yet. But I promise you to give a few big trends and... Can I go back? The top three most visible open source implementations in public administrations, and when I say most visible, I have to talk about the desktop. Don't get me wrong, there are much larger scale of limitations that are not in the desktop. But the French Gendarmerie, everybody here would have heard about them, 72,000 Ubuntu Linux desktops, using LibreOffice for this summit. They now have 37,000 running and they're adding I think 5,000 per month. And of course all these guys are... They didn't used to say very much about what they're doing. But this project started a decade ago when one of the IT staffers was messing around with OpenOffice, doing things in a spreadsheet. Microsoft heard about it and they called the General because they wanted to put a stop to this experiment and the General was smart and he thought, "I should invite both the [1:12:57] ____ research and the IT guy to show me what's this about."
1:13:00 Speaker 2: And so the IT guys brought the spreadsheets. So here are the things that I do every month and I do it now in OpenOffice and it works, the calculations are correct and we have salary slips printed, it doesn't cost anything. Then the General said, "Hey, if it doesn't cost anything then we should do this across the whole board." That's not the only good that came out of the Gendarmerie. They used to have a police officer, it's an armed force. Police officer would fly to Polynesia and travel from island to island to island to island to islands to update the anti-virus solutions on all the desktops. It took him a year. By the time he got back, they gave him a new disk, he would fly out again. Now they have switched to Linux they don't need this. This guy is no longer travelling to Polynesia. I guess that's not... That maybe a disadvantage.
1:13:55 S?: I already mentioned the qualities of the Gendarmerie. Stephan Demont, he spoke in Lisbon, but they don't really speak out in public, but this was a fantastic speech. He was doing the numbers and he says, "The total cost of ownership our open source desktop systems is 40% lower than the proprietary solution we used before," 40% lower. I would say that's something that no government could [1:14:24] ____ think. And he says so we have the maintenance, cause they can do it centralised, it's so much easier that this whole licence is just the top of the iceberg, the whole system becomes so much more easy to run. That's when the view there is... Second in terms of numbers of desktop systems, what [1:14:43] ____ 42,000 desktops, they're working on it. They actually already have 70,000 desktops running with Ubuntu Linux in hospitals and schools. Sorry it's 70,000 in schools and it's a 115,000 in hospitals. So it's not bad, it started. The problem with Extremadura as in many other regions in Spain, they have no one to do things.
1:15:08 S?: And if you have no money, the best thing is to not try to do something new. So for them switching to Ubuntu could be a bit hard in the near future, which is why I said eventually, right? Not sure whether they are making a lot of progress. But probably the world's most famous example is the City of Munich. 14,800 Ubuntu linux desktops as of say last month. And they have also... What is also interesting about the Munich, is that they are actively developing open source solutions that they're contributing upstream. They have organised two rounds of public finance for improvements to the LibreOffice and OpenOffice support for Microsoft's XML format, they call it an open standard but there is no implementation of the real standard. There is only implementation of Microsoft's variations of the standard. And this is causing a big headache for Munich because they get a lot of correspondence from other public administration including European Commission, and often they open it, and what was a bullet list, became a numbered list and if you have for example a Land Act then it's like a real issue.
1:16:24 S?: So they spent a lot of money together with French Ministry of Culture to increase the interoperability of those two documents at once. One of the big problems therefore was mixing two standards. But is also very good to know about Munich as an example of how we need political support to do this. They have a Mayor, Christian Ude who knows exactly how this works. He says, explains, he talks often about this and to explain how he decided to change to open source was when 'cause they were using antique, and the support ran out and Microsoft called, "You need to spend so much because your system is no longer... " and he wanted an alternative. And he discovered that he could not do anything but continue to do what he had been doing. It's just a discussion that all the public administrations have.
1:17:15 S?: And he says, "No other sector suffers from this kind of vendor lock-in, not even an industry specialised with something very special, such as building tunnels. It's worst than IT." And so his support was key to make the Munich migration work. They have 25 offices including the fire department, including hospitals and schools. To get all these departments to switch, you need a lot of talking, you need a lot of negotiation. And of course, there was a lot of resistance, there is resistance even now. And every time they run into a big problem, they could go to Mayor Ude in Munich, and sit down and then the mayor said, "Look guys, we are moving to Linux, we are moving to LibreOffice, so deal with it."
1:18:00 S?: And that made it a success. He said more famous things, I'll get to that later. I'll also give you five striking examples of business methods, approaches, procurement thoughts, policy limitations that will give you an idea of how in some countries this is being tackled. And one of my last slides will tell you this, this is being tackled in all the European States. And these are really interesting ones. In Sweden, they have written an approach to IT procurement. I can't handle all this stuff, it's too much. So I have to browse through my notes to find it. So they have made it easy for municipalities and other public administrations to use a framework agreement to buy support for open-source solutions. And most of them actually just use it, they use this procurement to buy Alfresco, to buy [1:19:03] ____, to buy Red Hat, and not to do what they had hoped would be development work in municipal applications for example.
1:19:14 S?: But it is a very interesting framework agreement nonetheless, because this is the only one that I've seen so far that discusses how do I deal with contribution through public administrations to software projects in the open. How do I make sure that code is developed in a municipality? Code should be given to the upstream developers. How do I arrange the copyrights? How do I arrange distribution rights? And they fixed all those in their procurement. Not only that, the other thing that is really interesting about this procurement is that it's a big team of five big, five Swedish open source specialists that may hire all the specialists they need, all those... All three years in the program. All branches together are 75, and this framework involves, therefore, the biggest open source company in Sweden, and also the smallest. It's a one-person specialist. But they can all be hired by public administrations, by municipalities, to help them with their solutions.
1:20:18 S?: Now since Swedish are not [1:20:20] ____, except for maybe a few people here, but luckily we've been speaking about this framework approach and the people in Switzerland are very interested in it so they translated everything into German. So maybe it's a good idea also for Germans to look at this. Norway is actually a bit of a dark cloud, because I think cloud... I see cloud computing which is all the rage these days, and it's good to have negative consequences for public administrations [1:20:49] ____ for open source. Norway, there's a whole bunch of municipalities that are offering cloud solutions based on open source solutions. Help desk, ticketing systems, systems to book meetings in meeting rooms. But it's done as a cloud solution so even though they're signing up multiple other municipalities, those other municipalities have no idea that this is an open source solution and it might sort of break the link between contributing to open source or using open source.
1:21:25 S?: And while we're on this topic, there are a lot of public administrations using Ubuntu Linux and I think there's only a few of them that think about the degree to which still a company needs to be run and if nobody is paying for it, eventually somebody's going to pull the plug. So there's one French city that was dominating one year ago for Ubuntu desktop, but I don't think that's going to pull up. But it's a start. Belgium, there are a lot of Walloon municipalities that are all working on Python and Zope to open source solutions to do their administration and websites, the public administration, administrative systems, and they decided to all pool this. So now there's a company that was previously part of the movement, it's now a private company, [1:22:18] ____, and they offer all these services and they have 200 to 300 municipalities that sign up there. It's a very sweet move.
1:22:28 S?: France is really on top of all my top three lists. It has an open source culture. You can find examples in any state, in any region, in any municipality. There's a lot of French movements that a public administration is using open source. And in Denmark, I thought I should add that, it's a very practical, no-nonsense approach there that they take. There's a lot of municipalities that decided to move to Drupal, for example, so they all got together and now we have a Drupal working group. There's a lot of libraries that are using open source. There's all kinds of areas so they decided to get together, now you have [1:23:05] ____ PINK. And these are slowly expanding the reach of open source in the and various public administrations.
1:23:15 S?: But it's not only good news. I should tell you right off the bat that all my examples are piecemeal. This is still nothing compared to... We're talking hundreds of thousands of public administrations, and I'm only giving a handful here and a handful there. This is not the, there's no, there is not an entire country that has moved, there is not an entire big entity that has moved. And sometimes things go wrong. Actually, it doesn't go wrong very often, and when it goes wrong, I try to get the details. It's not usually the fault of open source, I've never seen a fault of open source. There's always resistance. We're all resistant to change.
1:23:53 S?: This is my desktop, you changed the item, sorry, it doesn't work, I can't do much. That you see, and that frustrated the Ministry of Foreign Affairs in Germany, so they decided to stop that. Started in 2004, they had no budget so they said, "Well, look for something that's cheap. Hey, hang on, there's something that's free." It worked really well. They had secured their laptops, they had encrypted their hard disks, and rolled them, and they unrolled it, and then are back to using the usual maintenance office solutions. Oops, I see an estimation. Friedberg, Mannheim, same difference. In Friedberg, they were ready to roll to LibreOffice but the people were so fed up with the IT department in general that they didn't want to handle another change. Mannheim, the CIO there knows very well what he is doing, and he says I hope nobody ever asks that we're breaking old procurement rules because this... I need this because otherwise the box won't work, and if the box won't work, then I'll be fired. So don't ask any questions.
1:24:59 S?: Helsinki, it went the other way. I would have been interesting. In Helsinki, the city politicians are asking for open source and the IT department is resisting. They just don't... The city is also [1:25:14] ____ Linux, they rolled back their projects, and this is on failure, the last one, but it is an interesting case I should mention. [1:25:22] ____ is a document management system developed by Court, the National Court in Switzerland, and it is so good that many of the county courts are now trying to use it, are actually switching to using it. And it brought them into problem with a proprietary vendor of document management system saying "Hey, we have a public administration basically competing in the market," so they went to court, they lost. Systems open sources out there, but this is a little bit... I haven't seen much. I have seen it twice.
1:25:55 S?: The open source solution lost?
1:25:58 S?: No, no open source solution won.
1:25:59 S?: Okay, so what is the problem then, after that?
1:26:04 S?: You have proprietary vendors that resist the shift to an open source service model. They see their revenue stream drop and they resist. And here is a document management system which is also developed for the county courts but not as good as this one. And so there's choice in the market, so the [1:26:24] ____ Thompson says, "We'll switch." The proprietary vendor then accused the courts of illegally... They are supposed to be negotiable. They're not supposed to be a software firm. But the guy said yeah it was already there, the only thing we did was move it from here to the Internet. We're not the firm, we're not supporting it, but people resisted anyways. And now there's a healthy community of software firms in Switzerland offering services on the open sources. Just this week, the ISA project that I introduced already, published their reports.
1:27:03 S?: They've been looking at all the policies and sharing and reuse and all the initiatives in sharing and reuse, and I told you already, all the member states have thoughts about this and half of them have legislations, laws, or policy documents that, policies that implement sharing and reuse in public administration because they have all seen that this is the way to go, and they started by listing standards for example, in the Netherlands, in the UK, they are working on lists of open standards that are mandatory across ICT solutions or it's with the [1:27:33] ____ policy such as the one in Spain which I mentioned the e-government, or the one in France, the IO memorandum, which is a very well thought-through document on why open source is smart and why public administrations should switch to it. That's again all these are critical if you want to know the details. In Italy called on provincial administration, they have made an impossible to make a comparison to propriety solutions and open source solutions published a month ago, but it's in Italian. We're trying to get an English translation out that there but it's not happening. Because it's sort of a benchmark tool.
1:28:20 S?: UK government, Dutch government, and German government, they've all been working on this software. So you use Windows, you need to switch to Linux. You use Microsoft Office then you can switch to LibreOffice. You use Outlook, then you can switch to... So they are making this where people can decide, they're not really that easy to compare. Especially, when you go deeper into the system. Especially when you pick up and you are looking more at public administration tools, [1:28:45] ____. The Italians frankly have fixed a few of those questions, how do I compare it. I'm anxiously waiting for the English translation. The Spanish government well, I already mentioned that. The Basque one is interesting because many regions in Spain that take up on it... I already mentioned Zaragoza. There's a nice quote from the former CIO of Basque Country, Serafin Olcoz.
1:29:15 S?: Because he sees that if you're in public administration and you're using open source, it actually changes how you should book ICT costs on your budget. When you are doing open source, you are contributing to the economy and you are improving productivity of the economy in general, and that becomes a catch, whereas the costs to proprietary licenses are sunk costs, it's done, it's booked off. It doesn't give anything back to the society as a whole, and that's a OpEx. He... Just before he was let go, because the government shifted, he was asking for European [1:30:00] ____.
1:30:03 S?: I've already mentioned the French [1:30:04] ____ Memorandum, it's very very very far, it was written by all the ministers that I already mentioned above and they are using open source in all parts of their IT infrastructure and with the guys at [1:30:15] ____ which is a voluntary group of all the system administrators in France that are working for the government and are interested in free software. The United Kingdom is working really hard on its policies. They gave their open source policy procurement kits a few years ago, and since 2011, their official position is where appropriate, they will prefer open source. To be honest, it's not that easy for me to find good examples in the UK. There, again, the change is really hard, but they're working on it and there's a conference in April, I hope to get a lot of nice examples. In the Netherlands, there was a very famous cloud project, you can check right there, and the nice thing is they translate everything almost automatically in English so it got a lot of attention and then the project disappeared as the political wind shifted. A lot of times, it happens, they basically embedded it somewhat deeper in the government, so there is a few projects that are carrying out this policy and you will see a lot public administration that are simply switching to open source because it's no longer efficient, especially in the area of open data or geographic information systems, servers that size, that's all.
1:31:38 S?: And the interesting bits in the European Commission is [1:31:41] ____ agenda item #23 against smoking. There is a lot going on there... There is a few very interesting documents that came out of the procedure. It's a part of crucial agenda and they published a guide to help people procure in IT solutions, figure out how to procure it in the correct way, you should read [1:32:09] ____, and how to avoid being locked into a technical solution and a [1:32:15] ____. For example they discussed the SQL standard, there is an international SQL standard, but they didn't look at it very well. Now they see now this solution says it's on quality of the standard, but if I then drop in the replacement it won't talk, because there are variations even within the standards. Then they make the problem even bigger from themselves, because then they said document standards we cannot choose one, we'll choose two.
1:32:44 S?: The one OXML and the one Open Documents Format, so now we have... They sort of made their problem even bigger. And it's interesting to watch that space what happens in ODF. The UK has been asking the public for opinions because they basically want to move to ODF and they want to make sure that this is the right move and that debate is really [1:33:04] ____ "Guys, really we need also to look at OXML" and then a lot of people say: "There is no actual implementation for OXML Yeah, there is Microsoft version, but that's the whole problem, that's why we're going to ODF". So that's there. And this problem of documents echoes around the EU when we speak to the guys in Munich, and also when we speak to the people in France, and also when we speak to the people in Spain, also this is a really important decision, so when the UK moves that could be something.
1:33:48 S?: Yeah. In the same document that I just started talking about, the European Commission's DAA23 there's these two quotes with which I'm going to leave the room to you. So guys...
1:34:00 S?: What does it say?
1:34:03 S?: Regular organizations are locked into the ICT's systems so that when they need to buy a new component to a licence there are only a few potential suppliers, or just even a single one. This lack of competition leads to higher prices and so 1.1 billion Euro per year is lost unnecessarily in the public sector alone. It's a lot of...
1:34:26 S?: Not 1.1...
1:34:28 S?: Billion Euro, per year.
1:34:31 S?: Okay.
1:34:31 S?: Thanks.
1:34:38 S?: And my projects are precious. I can speak about this as long as he can speak about the...
1:34:46 S?: Seriously. There is a lot of examples that I didn't mention. I mean, I decided... What was it? The 30 minutes?
1:34:59 S?: I find it very exciting, these presentations, these examples you bring up. Do we just go to the General website and then there's gazillions of just similar ones are... That do tell all the good stories there is. So how to navigate around if we're not you who has it all in your head all...
1:35:18 S?: I wish I had it all in my head. I have to often read my article again. Sometimes I discover a news item and I think, "Wow, I didn't know about that." And then I find out I wrote it...
1:35:26 S?: So that happens quite a lot. I've been doing this 2007, so I have a memory the size of a goldfish. I try to find them all.
1:35:40 S?: That is your goal...
1:35:41 S?: That's my goal... And so I met this old timer and as soon as I discover a hospital in [1:35:49] ____ for example that's by accident says somewhere on the forum that they also use Linux I started calling the IT department. They also don't understand why I'm calling, and I develop a news item and then it becomes an issue.
1:36:00 S?: Because one hospital here and an hospital there and an hospital there, before you know it, I can put all those hospitals in touch with each other, I can do that too and say, "Did you know that in [1:36:11] ____ or in Malta or in Spain there's hospitals or in Portugal and then they... "No, we didn't. Would you like?" And then they start the discussions. Who knows what will come of it? So I mentioned the Munich people who are developing; this is actually a nice quote, so I'll read this one. They developed a tool that helps everybody in Munich to manage their documents, document templates, the macros. I don't do many documents. I don't know what else comes and I'm not so equipped, to generate letters, to generate a license to cut the trees, to generate the building permit. That is all now Ubuntu, it used to be, they call them U-boats. So the IT department was trying to move Munich. They stumbled across an application and the guy said, "Sorry, I need that. Because if you take that away, the whole building application system will not work, because this is how we generate the permits." So we looked at the macro. It was of course unmaintained, undocumented, unclear, unwritten, no version, no nothing. Nobody knew about the document.
1:37:19 S?: So they made an new tool called Volnux [1:37:22] ____, it's a local joke, I won't explain it. It's available as open source that has been for years, the most popular application on the open source where everybody looked at this. I don't think there's many that actually then started to lose it because you need LibreOffice or OpenOffice. But there are actually quite a number of public administrations including medical institutions generally that are using Volnux to manage their documents. In fact, the tool has public administrations generate procurement requests and it does it so well that when the people at [1:37:55] ____ said, "We don't want this LibreOffice open source stuff." Two weeks later they came back, well we do want Volnux, and of course, yes, you can't one without the other, so now there's a few [1:38:07] ____ that are like pulling out their hairs thinking maybe we should have stayed with LibreOffice because we've lost a very nice tool... Was that an answer to your question? It was more than what you asked for.
1:38:21 S?: It was different from what I asked for. I was thinking if I would want to follow in your footsteps, look around in it, not your brain but your papers. Is it a nice website...
1:39:16 S?: And your focus is on deployment of resources, right? It's obviously not mentioned...
1:39:25 S?: I'm also talking about... I write about public administrations that are developing open source.
1:39:28 S?: Yeah.
1:39:31 S?: And then of course... So for example the suites that had four parts, how do I contribute to open source projects. The Ministry of Foreign Affairs Amendments said open source, sure, but community? We're a ministry. But how do I do this? And European Commission thought, "So we're paying [1:39:50] ____ to develop code that then becomes open source. I will not [1:39:58] ____." So for a while we were doubting whether it actually contributes, the developers code, to the outside the walls of the Commission. So that's solved, that's fixed. The Commission has made a licence in the email which is a fork of the GPL, available in two different languages, very interesting. Don't underestimate. And it has the same legal value. You can publish it in Maltese, and in French and [1:40:22] ____ for people to read... Again, what I also tried to do is bring the people together and say, "We're all working on the same solution, each in your own country, try to do this cross-border and try to do this together."
1:40:41 S?: Are you also thinking in linking these public institutions that are investing money and time in both the [1:40:43] ____ and then the... The other organization, the free organizations like Debian, I know for instance that you've been talking about medical deployments and medical development, we're talking money. Then I said, "The community, there are needing examples of how they can experiment with... Sorry that sounds like bad word...
1:41:12 S?: Not entirely so. One of the main things here is, talking about I think it's... Swiss and German doctors are using open source, Debian-based systems to do operations logistics. To look at the photographs and so on, and enter the notes, it's been used in Australia to help the people [1:41:30] ____ flyover...
1:41:34 S?: That's what I was saying, the specific concrete one, I was thinking of first actually, that's [1:41:38] ____ friend of mine...
1:41:42 S?: On e-health, on health... There is actually quite an intensive group of people in the medical industry, in the medical public administration that are interested in open source, and they're well connected also to companies, and to Red Hat.
1:41:53 S?: Okay.
1:41:53 S?: I wasn't gonna promote again. Again, you're associating this cross-collaboration between the free spirit folks and the organised structure.
1:42:04 S?: It's not very organized, but it is there. And when I see it, I will put people in touch. Anybody else?
1:42:18 S?: There was one slide, I think, a while ago now, that's mentioned that the Commission next to vendor look in, with a link.
1:42:32 S?: Do you want to see that thing?
1:42:33 S?: I would like to, yes.
1:42:36 S?: And it is slide number 13. I happen to know that this one's open source or it's [1:42:41] ____ I think.
1:43:07 S?: So, this was a lot of work for me to figure out. I spent a few weekends in Antwerp going over all the items that I wanted to see, where in EU, which member state is, which public association is using OpenOffice and LibreOffice and how good are they at describing their experiences. Because the European Commission is saying we can't move to OpenOffice or LibreOffice because its multi-lingual support is not so good. Turns out, it is actually the opposite. So, here I have an [1:43:36] ____ further down an item saying, sorry, Romanian and Czech, in Windows Office, it's ghastly. The first time I have ever used the word ghastly in writing. But I have lots of public administration in Czech Republic and plenty of them in Romania that are using LibreOffice and OpenOffice without a problem. So... Anybody?
1:44:04 S?: So, can I see where the Commission admits to being locked in?
1:44:09 S?: Yes, you need to go there. The first link that corresponds between [1:44:20] ____, it's a link to a site, there all the documents are there, and then one of the documents she says it, "Look... ".
1:44:29 S?: Excellent.
1:44:31 S?: We are going to do three things. We're gonna, A, stay with the same because the box needs to run, right? So we can't shift. It doesn't make sense. We can't shift from yesterday to today. And they are also going to try and disrupt this lock in. They don't exactly say how and I think that they are going to try to move everything to the cloud because then you're done with it.
1:45:02 S?: So all the links are there, there is a link by [1:45:04] ____ from the LibreOffice community who just shows that the language support is very good.
1:45:12 S?: Yeah, if I can contribute a thought more that that. Question... Starting from what you mentioned about moving to the cloud. This is a concern that I've had for a while now that the General tendency is that your email is no longer on your computer or tablet or phone. It's in the cloud and your documents are in the cloud, and your contacts are in the cloud, and your calender is in the cloud and there is... I fear that at a certain point, we will win or partially win the battle to have free software run on our devices. But they will have become basically thin clients so you will be running Linux and Firefox and whatever you want, but everything that you wanted to be able to have as free software or free standards will be on a server that is not free software and you got what you wanted. It's all free software now, why? What is the problem? I don't see... I am concerned about this possible future.
1:46:26 S?: But it's not only... When you talk about public administrations, it's not just the applications that we see on our desktop. So, the rest of the applications that are in the cloud will probably go to the cloud because it is just easier. There are a lot applications that are not going to go through the cloud because you can't. This discussion is a multi-faceted discussion. It's not just about the desktop, but it's also about how the public administrations actually deal with their capabilities for reading and writing their material, all of it, and then you have all these big database systems, they are not going to go to the cloud. There are lots of them that are in a cloud and are not calling it a cloud. There is a big German application used by the federal states in Germany, developed by the federal government, and it's a cloud-based distributed server system but they don't call it a cloud because then it's a whole different category of headaches and they don't want to go there, but when there is cloud acceptance in Germany and it's [1:47:33] ____. It is not an easy thing for governments to do. Everybody would like to go to the cloud, but after Snowden you have a few other problems, [1:47:46] ____ problems, but it's not going to go fast. I don't think so.
1:47:52 S?: If people like European parliamentarians keep asking the right questions. What is interesting is the battle between people that are making IT, the IT department, this is what I often see, and the politicians. I said Helsinki, you see the same in Amsterdam, you see the same in France. You have politicians that understand the problem, but then ask the IT department to fix the problem and the IT department says, "Yeah. Ha Ha. No way. I can't do that because that's not what you hired me for." And that's interesting. And the other thing that I often see is that when you start talking to them, this is about computers, and people are used to computers not doing what they want because they have [1:48:35] ____ software. And, so they think, "Oh dear, no. Then it probably won't work any more and then I have to ask my nephew or the IT department, and I don't want to do that because they are very strange people." And so they don't want to go into this debate. The whole point to this debate is about, it's almost about human rights. It's almost about public domain rights. It's about, that's the same drivers for open data, drives the open source... I'm speaking too much.
1:49:08 S?: That's okay. Thanks.
1:49:15 S?: Alright.
1:49:16 S?: Could I squeeze in a comment?
1:49:19 S?: You have one minute and 15 seconds. Two minutes.
1:49:24 S?: I'll take half of that. I just want to throw in that part of this thing, the issue of the cloud, the fear with the cloud, is, for the public part, for the non-private data, there is a key word that can be used so it's just the same open standards, there's something called linked open data, and be very careful that there is another term called linked open data which means something else. There is two terms. One is [1:49:58] ____ or into open data, and the other is called linked open data only called linked open data and means open linked open data. So, that's a little tricky, but that's the same as, in essence, it is free to use, free software, bit it's an open source approach to PCS Soft and all of these.
1:50:23 S?: I thought I had the perfect bridge to close the meeting with the last words from Keith, for what he was saying was almost talking about fundamental rights, Now I've to make that palindrome of something on open open data that is actually famous. Anyway, terminology and definitions have always been at the core of this discussion of free software and open source software. At the other end of the spectrum, users have always been at the core, and if you read the license that I referred to earlier, the General public license, it talks about users and giving users freedoms, the four freedoms. And, that's where it comes as close as Keith mentioned to fundamental rights, participation in society, democracy, working institutions, etc. So, we're in a really, really complex policy space. The dependency on technology is absolute almost, and, we really need to take away as much unnecessary dependence as possible to not knock society or ourselves down. And, we need to work together, and we need to be individuals, and we need all the things that we think a good society should bring to everybody and each person.
1:52:12 S?: The European Parliament Free Software User Group has been shaped and started with friends from inside the parliament and outside the parliament. In the beginning, as an experiment, or more like as a result of a long experience from colleagues outside the parliament that it is very difficult to achieve change that you want to see in ICT from the outside. So, there has been petitions and goals, and politicians have asked the right questions in different communities, and the Commission has made statements, and we have lots of good policy developed, and we have guidelines, etc. But when the seventh legislature started, we were a bunch of people that tried to see, what if we tried to start a user group on the inside, and users at the center of this discussion that try to use free software? Can that make a difference? And, at least, we're still here.
1:53:38 S?: And by believing that it is possible to use free software in an institution that is not only very big, but also complex with layers of bureaucracy and procurement decisions that are far, far from each individual. Still, it turns out that when you have that perspective, dialogue starts. And last time we had the meeting where DG ITEC were present, that dialogue was explicitly mentioned as one of the things that EPFSUG could contribute to. And I think we have. And, well, talk is always nice and maybe it's cheap, but EPFSUG was also started with a purpose to actually use, to run it, to run, to have something to show.
1:54:45 S?: The three principles or the three items you need: Proof of concept, running code and present community has been the principle for change according to some bureaus that we all know. And EPFSUG was started with the running code called TMail, where we could actually use mail in the parliament thanks to the workaround and the bridge and an external server that made it possible for us to read, write, work with a free software laptop with our parliamentary email address. We could even encrypt and sign emails. So everything has been really based on that it's actually possible. And that must be impossible throughout the seventh legislature up until, for me, late November last year when my email system was updated to Windows 2000 or to... Yeah, the...
1:55:57 S?: Windows 7. Windows 7.
1:55:59 S?: Yeah, Windows 7, where suddenly the bridge didn't work anymore. So we end this legislature with like a success story that we have had a dialog that is now... This is the last meeting. And it's clear, patrons still come. We still make hopeful statements about the future. But the next legislature will start technically from another point. We will have difficulties to get to use free software without the workarounds that were available before. At the same time, we're starting with DebianParl. We have a Debian distribution tailored for us who work in the parliament. As Jonas has tried to explain it's very basic. It will just do boring things, but at least it will be free. I'm happy to be using boring software if it's free. And if the alternative... And it also gives you like a glimpse of how those 1.1 billion Euros that are locked away in inefficient administration and lack of competition and whatever, even maybe corruption, that money comes back, trickling... Maybe not trickling down, but that they don't disappear in bad administration and lack of knowledge that there are alternatives and that there are better ways to build IT systems for institutions.
1:58:03 S?: The supporters and members of EPFSUG and the patrons, I think we will have a great new start after the elections. I think we will have new patrons, and maybe some will stay. I think we will have more members, and I think we will have more supporters. And all these simple things that maybe you who work in the parliament maybe you know that we're always used to being invited to conferences and seminars or whatever and maybe there's sandwich and there's coffee and maybe even there's a little champagne afterwards. The organizers, they give you materials and you push whatever has been printed for you in it. So everything you see on the table here is made by the supporters. And the operation of making stickers for this event with Maurice, so pick them up and outside our... And it was designed by Seire and posters made by Seire and it's... A lot of the server is kept alive by Juris. We're European Parliament's Free Software User Group, we're a user group for the parliament. But we are completely, so far, based on the voluntary work from the supporters, not only those who have registered and said "I'm a supporter" but in a wider perspective also, in the Free Software Community and... They will, the community's still there and if we are still here, I think we have... The eighth legislature after elections will be a great legislature for free software in the European Parliament. Thanks for coming and see you next time.