Digital Software Security Act

PREAMBLE

The State of California seeks to improve the security, interoperability and quality of its software while lowering the cost and invigorating competition among suppliers.  To guarantee the succession and permanence of public software and data, it is necessary that the usability and maintenance of the software be independent of the goodwill of the suppliers, or on the monopoly conditions imposed by them.  California's software integrity and security is jeopardized by proprietary software systems whose security and product enhancements are provided solely by the software's vendor.  In these situations, vendor caprice, instability or bankruptcy subject the State of California to incalculable risk that its computer systems may be vulnerable to attacks by malefactors whose actions can be prevented only by the vendor.  Further, vendors having exclusivity to provide security maintenance for their proprietary software systems have the ability to charge monopoly prices.  For these reasons, the State seeks systems the development and maintenance of which can be guaranteed in absence of magnanimity of its suppliers and despite its  malfeasance. 

California finds that open source software that can be examined by the vendor of California's choosing for security and maintenance will stimulate competition and reduce vendor dictated obsolescence. Proprietary software that can only be upgraded by the vendor creates an incentive for vendors to cease maintenance of older products for the purpose of forcing their customers to buy new products.  Therefore, the State of California seeks open source software that can be read, revised and upgraded by any software vendor under the licensing of California's choosing. 

To guarantee the security of the State, it is required that systems not allow control from a distance or the undesired transmission of information to third parties. Systems must be open and allow inspection by the State itself, its employees and contractors and by the citizens to enable the State to audit its security and integrity.  These goals necessitate that the encoding of data is not tied to a single provider. The use of standard and open formats in open source software gives a guarantee of this security and integrity access. 

This law is limited to establishing the conditions under which the State and its agencies will obtain software in the future, that is, in a way compatible with these basic principles.  Once passed:

The law does not forbid the production of proprietary software; The law does not forbid the sale of proprietary software; The law does not dictate which software to use; The law does not dictate the supplier from whom software will be bought; and The law does not limit the terms under which software can be licensed.

The legislative intent is that for software to be acceptable to the State it is not enough that it is technically capable of fulfilling a task, but that the contractual conditions for purchase and/or licensing must satisfy a series of requirements regarding the license.  Without such requirements the State cannot guarantee its citizens adequate processing of its data, watching over its integrity, confidentiality, and accessibility throughout time, as these are very critical aspects for the software's normal functioning.

Section 1 - Objective of the law

This law has three objectives; security and open standards, obtaining the greatest value for funds spent and stimulation of competition within software development, support and implementation. 

Section 2 - Scope of Application

For all new software acquisitions, the State of California and all of its agencies and branches shall acquire software meeting the requirements of Section 3.

Nothing in this act shall require the State to change or modify any current software.  All future software purchased, developed by or for the State or in any way acquired, that is used to enhance, replace, upgrade or implement shall comply with the terms of this Act. 

Section 3 - Source Requirements

All software developed for use or used by the State or its agencies shall have:

  1. Unrestricted use of the program for any purpose.
  2. Unrestricted access to the respective source code.
  3. Exhaustive inspection of the working mechanisms of the program.
  4. Use of the internal mechanisms and arbitrary portions of the software, to adapt them to the needs of the user.
  5. Freedom to make and distribute copies of the software.
  6. Modification of the software and freedom to distribute said
  7. modifications of the new resulting software, under the same license of the original software.

Section 4. - Responsibilities

The highest administrative authority and the technical and information technology authority of each agency of the State assumes the responsibility for the fulfillment of this law.

Section 5. - Implementation

The executive branch of the government will establish, within a 180 day deadline, the conditions, deadlines and forms in which the current status quo will be changed to one which satisfies the conditions of this law, and will guide, in that sense, all future contracts, negotiations and software development.

Section 6. - Glossary of terms

Program or Software -Any sequence of instructions used by a digital data processing system to carry out an specific task or to solve a given problem.  Execution or use of a program, as the act of using it on any digital data processing system to carry out a function.

User - That natural or legal person who makes use of the software.

Source code, or source code program - The complete set of instructions and digital source files created or modified by those who programmed it, plus all the digital support files such as data tables, images, specifications, documentation, and any other element that is necessary to create the executable program. As an exception, all those tools that are usually available as open source software in other media may be excluded, for example: compilers, operating systems and libraries. 

Open source software or program - That which guarantees the user, without further cost, the following:

  1. Unrestricted use of the program for any purpose.
  2. Unrestricted access to the respective source code.
  3. Exhaustive inspection of the working mechanisms of the program. 
  4. Use of the internal mechanisms and arbitrary portions of the software, to adapt them to the needs of the user. 
  5. Freedom to make and distribute copies of the software. 
  6. Modification of the software and freedom to distribute said modifications of the new resulting software, under the same license of the original software.

Proprietary software (closed source software) - That which does not fulfill all the requirements listed in Open Source. 

 

Copyright 2002 - San Diego Linux Users Group. All rights reserved.
You can reach us at info@sdlug.org