(no title)
berkes | 4 days ago
It is probably unintentional. I work and worked in such projects (in The Netherlands), and the process is -rightfully- chaotic.
Governments typically don't have a central single team that builds all their android apps. They usually write a tender with loads of requirements and app-agencies will then build it. Or freelancers. Or volunteer teams. Or all of that. So there's no central team governed by one minister who can dictate what should happen today. There's hundreds of companies, teams, freelancers, interims, running around trying to make deadlines
Between writing a spec and the delivered app, there's chasms: could be a year between the specs are written and the first app pushed onto a phone. In a (trump)year a lot can change. But also between how specs are requirements or wishes in real life. "No user data may ever reach a google server" (actual specs are far vaguer and broader) may sound good, but will conflict directly with "user must receive push notifications of Foo and Bar". Or "passport NFC data must be attested for login", requiring a non-rooted, android, signed-by-google hardware attestation thingymajick.
So no, this is not malice. Nor incompetence. This is a sad reality, where we've allowed the monopoly to dictate what we, and users, expect, and to have that monopoly be the only option to provide those expectations.
teekert|4 days ago
Btw, NRC has a nice podcast series on the topic. One thing hampering the sovereignty effort is the enormous amounts of Azure/AWS/GCP certified people. Their career is build on these platforms.
berkes|4 days ago
Currently I'm involved in projects surrounding https://developer.overheid.nl/kennisbank/security/standaarde... . Have a look there. It's not FLOSS in the way that you can just provide PRs of things you'd like different, but FLOSS in the way that you can get in touch and with enough expertise, have people listen to you.
electrosphere|4 days ago
berkes|2 days ago
- All governments under EU (on almost all levels) are "required" to use and/or produce software as Open Source. The source of "that government app" should be available somewhere (though quite likely is not)¹ So go hunt for the source and start there.
- Look at underlying standards. EU regulation, trickling down into local laws and guidelines, rely on Open Standards almost always. That app you use to log into your tax environment quite probably uses (a weird, hard to recognize) variation of OAUTH2 or OpenID connect, SAML or such. The app that shows the time+dates for garbage-collection, quite probably uses a simple ical-feed under the hood. With that knowledge, you may be able to develop/fork/use open source alternatives without too much effort².
- Show (local) representatives the alternatives. Listen to them. Learn from them. Most representatives are suprisingly open to you as expert. But, I cannot stress enough, learn and listen foremost. IT experts and open source community in particular have an (IMHO well deserved) reputation for being arrogant, know-it-all unfriendly and rediculously single-minded. So don't lecture that councillor for using Twitter instead of Mastodon, riduculing them for not using GPG or scoffing at their insistence on using Microsoft Word over Vim with Markdown (My younger self was such an arrogant neckbeard; I am now convinced I have done actual harm to the Open Source community that way). But ask why twitter, have they tried mastodon, or bluesky? Why not? Why did they leave? What features in MSword do they require? Did they know that Jitsi is an option? Maybe you can show how they could use Nextcloud for at least their own files? Sometimes you can answer some of their questions and help them. More often, you learn a few things that you could use to improve sovereign and open source alternatives and align them slightly more with whats needed.
¹ The details, interpretations and implementations are a mess, but the idea is "open source, unless..." for any software that any government buys, rents, builds, etc. In practice almost all projects fall under "unless...". I spoke to a MSFT account-manager for several local govts and he told me they have f*in training material to "help" govt officials write tenders/requirements in such a way that Open Source is practically excluded and Microsoft the only option. I am appalled, but also not that surprised.
² The ical-finding is how I got my local garbage-collection schedule into my calendar app. And when I told this to someone who happened to work at the municipality, they realized that publishing the urls and docs online helped a lot of citizens. Ironically, the push-back, according to this person, was from a civil-servant whose career was influenced on the success (install counts) of the "municipality app" and who was afraid that if people could add the calendar to their outlook/google cal/ical/other-cal, might no longer install the app. Again, I was appalled at such perverse incentives.