The Tragedy of the Anti-Commons

or Why Government FLOSS Purchasing Policy is Misapplied

Summary

Misapplication of “value for money” requirements when purchasing software results in poor value for money – Government purchasing policies for software tend to support the creation of monopolies.

Government purchasing has effects on the price paid by citizens for the product purchased. In some cases purchasing produces volume which permits scale discounts and therefore a net benefit to citizens who also purchase the product. However, in the case of lock in software* Government purchasing can create a monopoly in the software which leads to increased costs for citizen purchasers and a net detriment for society as a whole. It is not appropriate for value for money policies to be assessed on a per acquisition basis when software is being acquired. Doing so will almost certainly create net costs for the community when considered in the aggregate.

A Tale of Two Widgets

Consider the case where the government must buy one of two types of widget (called Widgets A and B respectively). Assume also that both widgets are more or less equivalent. Not only do both widgets meet the government’s needs, but they would also both meet the needs of most general purchasers of widgets. Assume further that the government price for Widget A is about half that of Widget B. At this point take out your taxpayers hat and place it squarely on your head and think about which widget you’d like the government to buy. That is, would you prefer the government to take more of your money and spend it on Widget B or would you prefer it to spend your money on the cheaper Widget A?

It was the Best of Times

Did you choose Widget A? Surely, based on what I’ve told you, that must be right! You’d think government would need to be mad, bad or corrupt to purchase Widget B in those circumstances. Not surprisingly this purchasing preference is reflected in government procurement policies. For example:

• The Commonwealth Procurement Guidelines require Australian Federal Agencies to secure value for money in procurements. This is stated to be a “core principle”.
• The UK policy on OSS states that contracts will be awarded on a value for money basis (at page 4).

Let’s assume now that the Government does purchase Widget A and take the scenario further to analyse some of the assumptions we made in arriving at the purchasing decision. What if Widget A is used to lay roads? What if Widget A is not interoperable?

What if Widget A has been specifically designed so that if it is used to lay a road, then to drive on the road a car must also be fitted with Widget A? (Assume, for the sake of fairness, that Widget B also requires a car to be fitted with Widget B). Would you still be happy for the government to buy Widget A? Maybe you would – Widget A costs half of Widget B. Presumably you’ll be no worse off. You will need to buy one of the two Widgets and you’ve already paid half** the price of Widget B when the government used your taxes to buy Widget A, if you have to pay half the price of Widget B again, you’re square with the price of buying Widget B – in fact you’re better than square because if the government had bought Widget B you’d pay the full price for it with your taxes and you’d have to pay the full price for it in order to drive your car.

It was the Worst of Times

There is a but – and it is unrelated to the characterstics of Widget A and Widget B, their functions, design and operation. That “but” is the availability of Widget A and how it can be priced. Assume that Widget B is made by lots of different people and there is fierce price competition in relation to it. Assume also that Widget A is only available from a single vendor. The vendor of Widget A (Vendor A) is able to set different prices for Widget A in different markets (the vendors of Widget B are not able to do so, because of the assumed competition in the market). Vendor A can choose to set a very low price for Widget A for Government purchasers, knowing that governments build a lot of roads. They can then choose to set a higher price for other purchasers – the prices given above were prices for government purchasers (not for chumps like you and me). Want to drive on a government road? Sorry, that’ll be 10 times the price of Widget B.*** Now, any way you cut it you are out of pocket. Assuming most roads are laid by the government, over time Widget B will be pushed out of the market or at very least relegated to small niches.

Intermediate Conclusion

We can conclude from the above that it is not possible to make a judgment as to value in isolation. Something which seems to be good value in a particular purchase scenario can lead to extremely poor value from public expenditure.

What’s the Problem

Government procurement can both create and reinforce a monopoly in goods and services which it is acquiring. Anecdotal evidence suggests that bureaucrats look at “value for money” type formulae and assess it against the cost to Government on a purchase-by-purchase basis. This approach is fine in respect of goods and services which are easily substitutable (such as hammers, screws, cars etc). In respect of goods which are specifically designed to prevent substitutability – eg devices which are not designed to be interoperable it is an extremely hazardous approach. If those goods also tend to be a natural monopoly (such as software in general, but particularly that which is designed not to be interoperable) this approach is absolutely the wrong one. The reasons should be obvious:

• the vendor of the product can almost always underprice competitive offerings – even when competitors are loss leading;
• the Government, bound by its bureaucrat’s incorrect understanding of the value for money policy is required to purchase the monopolist’s product;
• over time network effects enable the monopolist to crowd out competitive offerings;
• the vendor, now a monopolist, can charge what it likes to the rest of the community safe in the knowledge that, because of the preponderant use by Government others have no choice but to acquire the product;
• ironically, over time the monopolist will even be able to charge the Government more because of the its huge installed base and the previous elimination of competition.

The Tragedy of the Anti-Commons

A prospective monopolist has a period of vulnerability before it has established the monopoly product in the market in which this strategy is risky (because it must carry the costs of underpricing). However, the tragic (ie fatalistic) nature of the process, coupled with the huge rewards to be had from playing the game makes it inevitable that sooner or later a monopoly will be established – it only requires one prospective monopolist to succeed for a monopoly to become entrenched. No number of failed attempts will prevent the next attempt and the winner take all nature of the scenario will continually draw in new prospective monopolists.

What is a Better Approach?

Government may have many roles in the procurement of goods and services but supporting, establishing and maintaining unregulated monopolies is not one of them.

While the value for money requirement is fundamentally correct, to elevate it to the status of gospel or taking it out of context is not. Value for money must be determined by reference to the price paid in the aggregate by the community for the Government’s acquisition, not to the price paid by Government or authority for the acquisition. This value for money assessment is further complicated by the fact that the assessment must necessarily:

• be an ongoing one. A purchase today has no immediate cost impacts on the rest of the community – those impacts are all in the future and some of them may be in medium or long term;
• involve a review of pre-existing Government acquisitions (as a previous (acceptable) acquisition may be unacceptable when taken in combination with a proposed acquisition); and
• involve a review of things other than the software – in particular whether the vendor is likely to be in a position to manipulate the market.

Of course, the complexity of issues to be addressed by a value for money assessment make it difficult to apply with any consistency or certainty. In relation to lock in software it may only be a feel good term with little real substance. Any doubt should be resolved against the creation of monopolies.

If the licence terms permit perpetual use of each copy and permit the Government to onsell each copy of the software acquired and to do so independently of any hardware acquired in conjunction with the software that would reduce some of the monopolistic impact of the arrangement. Unfortunately the structure of copyright law usually forbids this arrangement in practice and, in any event, would not eliminate all monopolistic effects.

Particular Example – Whole of Government Purchasing

Whole of Government acquisitions of lock in software provide especially poor value for money on this analysis. Such acquisitions provide a vast installation of the software across government and effectively create an environment in which incremental improvements are net costs rather than net savings. For example, if the software has been purchased for the whole of Department X, then using a cheaper product for some users will not result in any cost savings – on the contrary since there is an effective doubling up on the licensing to the small group it costs more to use cheaper software! Further they create an entrenched installed base which increases the costs in the next round of acquisition (because this installed base effectively dictates purchasing requirements in that acquisition round).

Particular Example – Key Resources

Government acquisitions of software for key services or resources also provide especially poor value for money on this analysis as well. In these cases the importance of the relevant project (for example, the provision of public information by a health body, broadcaster or library) creates a lock in because of the general need of the public to interact with that body. That need for interaction will create in the public a need to acquire the software in order to access the resource, with the consequent establishment of a monopoly. It is a dangerous vanity for public resources to adopt lock in technologies in the provision of information or services through public facing interfaces.

Note on Formats, Standards and Protocols

This discussion has focussed on software primarily because it is more familiar and is conceptually easier to understand. However, the arguments presented apply equally to the adoption of products which require the use of a particular data format, standard or protocol if that format, standard or protocol has the lock in characteristic. Indeed, ultimately the issue is not so much in the software which manipulates data but in the manner in which data is stored and exchanged. In many instances software (and particularly lock in software) has a direct mapping against a specific data format and can therefore be identified with that format. If no lock in data format is used, the negative effects of the acquisition of lock in software is greatly reduced.

Notes

* For the purposes of this paper “lock in software” refers to software for which: the licence for that software ties the licensee to the licensor or to any third party either implicitly; or the software is designed to effect such a tying and there is no capacity either at all or in practice for the licensee to avoid or remove that tying. Lock in software includes software: which is not interoperable (eg doesn’t save to a standard format in its default configuration) or not interoperable outside the product set for a specific vendor or set of vendors, for which there is only one manufacturing source (multiple sales channels don’t count) and that source of the software has a substantial degree of market power in the relevant software market. By definition, lock in software does not include software which meets the open source definition.

** Technically probably less than half. It’s only half if the Government must buy one widget per car on the road.

*** The price will be determined by the demand for Widget A and may not be (but also might exceed) 10x. If, as in the case of software, the law prevents on sale, Vendor A will also be able to price discriminate, by charging each individual consumer as much as they are willing to pay.

Finally, a “widget” in this context is a placeholder term for some object the subject of discussion.

[Note initially made available for review on 7 January 2008]

IP Issues with OOXML (DIS 29500)

Who’s Afraid of the GPL?

Out of all the free and open source licences which are available, there are two which are disproportionately chosen by FOSS developers when licensing their software. Those two are the GPL and the LGPL. Of these, the GPL is disproportionately favoured over the LGPL.* If there are issues with GPL implementations then there are IP issues with OOXML. Any assurance that excludes implementation under these licences is just cause for the FOSS community to voice concern.

The FAQ on the OSP has this to say about the GPL:

Q: Is this Promise consistent with open source licensing, namely the GPL? And can anyone implement the specification(s) without any concerns about Microsoft patents?

A: The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement the covered specification(s). We leave it to those implementing these technologies to understand the legal environments in which they operate. This includes people operating in a GPL environment. Because the General Public License (GPL) is not universally interpreted the same way by everyone, we can’t give anyone a legal opinion about how our language relates to the GPL or other OSS licenses, but based on feedback from the open source community we believe that a broad audience of developers can implement the specification(s).**

Imagine if you were standing next to someone’s land and there was a sign with the details of an open access promise (OAP), setting out when you are allowed to enter the land. It just so happens that the owner of the land is standing right beside you. You turn and say to them “So, this OAP, I’m here you can check me out, can I enter or not?”. They reply, “Well, I can’t really help you on that, you’ll have to read the OAP. It’s expressed in a simple and clear way – oh, and talk to your lawyer”.

If one thing is certain from that conversation it is that there are issues with you entering the land.

Similarly it is clear that there are issues with GPL implementations of DIS 29500. If there weren’t the answer would be phrased “A: Yes”. In fact, they still can. Microsoft can change the OSP right now by adding “and by the way any GPL implementation is permitted”. But they haven’t and I suspect they won’t.

If there are issues with GPL implementations then there are IP issues with OOXML. Microsoft implicitly concedes there are issues with GPL implementations.

Notes

* These figures are based on data from Sourceforge and relate to the numbers of projects licensed, without being weighted by popularity or maturity of the project.

** This FAQ indicates that those writing the FAQ believe that the OSP clearly permits implementation by some developers but not others based on the licence chosen by the developer. This raises the question of whether or not the OSP is really “non discriminatory” in effect.

DIS29500: BRM Process Unfair for SMEs?

The Issue

The fact that ECMA dispositions on National Body comments are only being made available through a password protected website has been widely reported (one example of many). The BRM convenor notes that this is due to the confidential nature of National Body comments (scroll down to the heading ECMA secrecy). While I had been aware of this before it has only occurred to me this week (while preparing for an informal working group meeting on DIS29500 arranged by Standards Australia – I am an OSIA representative) how difficult this makes it for small organisations to participate sensibly.

The reason is that, during the first phase leading up to the vote, it was easy to leverage off those parts of the specification that other people had commented on publicly. This, in effect, meant that everyone could take the benefit of everyone else’s work. Small organisations could therefore identify relevant issues from those identified by others. Not only did it allow taking the benefit of others’ work it also permitted the incremental improvement of it.

BRM Process Makes Review Much Harder

The BRM process radically changes that dynamic. Now the documents are confidential and, if they are confidential it is hard to comment on them publicly. As such each organisation which is pariticipating in a National Body consultation process is on its own.  With each prevented from interacting with others – collaboration is, in effect, banned. Each is left to trawl through the large number of dispositions to try to make what sense it can out of them. Without seeing other people’s views on the various dispositions it is very difficult to know which are significant and why (and which are insignificant and why not) – or even which dispositions relate to important issues identified in the lead up to the initial vote. The comparatively short time between the availability of the dispositions and the BRM (about 6 weeks or so) compounds this difficulty.

Of course, this gets back to the size of the document. A document one tenth of the size would probably be manageable under this process – even by a small organisation although it wouldn’t necessarily be pleasant. DIS29500 simply inspires despair. Presumably National Bodies will also be in a similar situation. Unless they have a substantial team that they can devote to the process how can they hope to adequately parse the dispositions – and any regressions that they create?

Is this Process Unfair to SMEs?

This creates the additional complication of whether a National Body, if it is required to take into account the interests of small and medium businesses and/or consumers, can reasonably fulfill that obligation under this process (for example, in Australia, the Productivity Commission’s November 2006 Research Report on Standard Setting and Laboratory Accreditation recommended that Standards Australia should “improve the balance of interests represented on technical committees by… increasing the participation of small business,…and other community interests“). If SMEs cannot parse the disposition in the time available, they cannot adequately understand its consequences and cannot therefore adequately represent their own interests to their National Body.

More on the OSP

I have not seen any official document summarising the outcome of the OOXML seminar at UNSW last year. However, the main thing that I have heard unofficially in relation to the open specification promise is that pains were taken to compare its wording to the wording of similar promises made by IBM.

To make such a comparison presupposes that when two people say the same thing they ought to receive the same reception. Is this justified?

Microsoft on Patents

Microsoft’s recent history on patents (particularly since the Novell deal in November 06) has a particularly public persona:

Microsoft General Counsel Brad Smith and licensing chief Horacio Gutierrez sat down with Fortune recently to map out their strategy for getting FOSS users to pay royalties. – Fortune

“Novell pays us some money for the right to tell customers that anybody who uses SuSE Linux is appropriately covered,” Ballmer said. “This is important to us, because [otherwise] we believe every Linux customer basically has an undisclosed balance-sheet liability.” Techworld

“We’ve had an issue, a problem that we’ve had to confront, which is because of the way the GPL (General Public License) works, and because open-source Linux does not come from a company — Linux comes from the community — the fact that that product uses our patented intellectual property is a problem for our shareholders. We spend $7 billion a year on R&D, our shareholders expect us to protect or license or get economic benefit from our patented innovations. …
“… we agreed on … essentially an arrangement under which they pay us some money for the right to tell the customer that anybody who uses Suse Linux is appropriately covered… They’ve appropriately compensated Microsoft for our intellectual property, which is important to us. In a sense you could say anybody who has got Linux in their data center today sort of has an undisclosed balance sheet liability, because it’s not just Microsoft patents.”

Steve Ballmer on SeattlePI Blog

Microsoft’s latest licensing push stems from its claim that FOSS infringes on 235 of its patents, and that those patents are intellectual property that should result in fair compensation to Microsoft in the form of licensing fees. LinuxInsider

Microsoft chief executive Steve Ballmer has warned users of Red Hat Linux that they will have to pay Microsoft for its intellectual property.
“People who use Red Hat, at least with respect to our intellectual property, in a sense have an obligation to compensate us,” Ballmer said last week at a company event in London discussing online services in the UK. VUNet

Mr. Ballmer once called Linux a form of intellectual-property cancer. While he has since dialed back the rhetoric, the subtext remains in nearly all Microsoft discussions of Linux: Use it, and you run the risk that Microsoft will sue you [for patent infringement]. Post-Gazette

So the two top level points [about the Novell-MS deal], as Ron whispered to me, technical interoperability and patent peace of mind, and we’re trying to provide both of those things to our customers in a way that works for the business interest of the open source development community, and the Microsoft development community. – Steve Ballmer at the Press Conference announcing the Novell-MS Deal.

… Steve Ballmer has claimed that Microsoft signed its patent peace deal with Novell because Linux “uses our patented intellectual property” and Microsoft wanted to be “appropriately compensated.” Business Review Online

The efforts of Microsoft to pressure the Linux community over alleged and unspecified patents is akin to “patent terrorism”, according to an executive for Sun. ZDNet

Microsoft’s patent push is stimulated by a number of factors. One is competition and trying to make sure that Microsoft’s rivals don’t get access to key innovations. However, the company also began a broad intellectual-property licensing push several years ago, under which it licenses technology to many companies big and small. The company has signed a slew of patent cross-licensing deals since then, the most recent being Tuesday’s deal with Japan’s JVC. CNet News.com

For those who have access to Google, there are others in a similar vein. Perhaps those who are not in the open source community will not be as aware of this history.

IBM on Patents

IBM’s public history in respect of patents is a little different (I have not included any references to IBM’s patent promise from last year):

IBM is playing a pioneering role in the World Business Council for Sustainable Development’s program to open environmentally-responsible patents to the general community. IT-Wire

Following up on a promise last August to not use its vast patent portfolio against Linux users, IBM pledged in January to give 500 patents to open source developers. Linux-Mag

The Open Invention Network was formed with undisclosed investments from IBM Corp. [and others] …When the Open Invention Network acquires patents they will be available to any company, institution or individual that agrees not to assert its patents against the Linux OS or certain Linux-related applications, it said in a statement. PC-Welt

The Nub

My guess is that the Open Source Community would see it in roughly these terms:

Two people want to come onto your land but you’re concerned that they don’t fish in your lagoon. The first one has spent the last 18 months talking about how he has rights over those fish and he’s mapped out a strategy to get them and if you want peace of mind you’d better give him some of those fish. The second one has made some non specific noises about fish and some off hand comments to the effect that fish ought to be left alone. Both of them tell you if they come on your land they won’t fish in the lagoon.

Should you take each of them at their word equally or should you be more cautious with one of them?

[edit 20/1/08 adding three headings]

Cyberlaw OOXML Seminar 14 December

Tomorrow (Friday, 14 December) the Cyberlaw Centre at the UNSW is holding a day long seminar on OOXML issues. The morning session is devoted to technical issues, while the afternoon reviews legal issues. The key documents are:

Microsoft’s Open Specification Promise (OSP); and

Microsoft’s Covenant Not to Sue (CNS) – except that the covenant doesn’t appear to be there anymore. The URL redirects to a site about the ECMA process. The page mentions the CNS, but doesn’t provide (as far as I can tell) any way to get there. The current URL might be here but who knows?

There are some analyses of the CNS and OSP floating around out there. I don’t intend to repeat the issues here. Rather, I thought I’d approach it from the point of view of the cynical pedant reasonable developer who is considering implementing OOXML or part of it. These are off the top of my head thoughts unsupported by anything in the way of research…. perhaps a better knowledge of US law or ISO rules might clear some of these issues up? So, what are some observations we can make about the CNS and the OSP?

Who Gives?
First, they are both given by Microsoft. Given that “Microsoft” is a number of different companies (and other structures – MS Licensing GP) within a broad corporate group the fact that these are given by “Microsoft” is less than completely illuminating. Presumably they mean Microsoft Corporation? This becomes particularly relevant because the scope of the promise/covenant is limited to the patent claims held or controlled by “Microsoft”. To be meaningful a person relying on these claims would need to be able to assess exactly which patents were held or controlled by Microsoft. The prudent developer at this point would try to identify how patents are held within the Microsoft corporate structure.

[edit 14/12: Conversely neither states that anything will be done to prevent related bodies corporate from bringing actions]

Patents Only?
Second, both the CNS and the OSP are limited to patent claims – which seems to be inadequate. I understand, for example, that “microsoft” appears in part of the OOXML namespace, so presumably trademark issues will arise. It seems hard to believe a decent copyright lawyer could not also construct a copyright case in respect of the specification per se. Perhaps there is some ISO rule which covers these aspects?

When?
Third, both are silent as to the time at which the ownership or control of the relevant patents is to be assessed. If Microsoft controls a patent today, but that control ceases tomorrow, can an implementer breathe easily or not? Is there scope for Microsoft to sell a patent to someone like Acacia Research Corporation and for them to then be able to assert that patent against implementers of the standard?

Licence v Promise?
Fourth, and leading on from the third, neither is expressed as a licence. While Microsoft had the luxury of being able to use words such as “permit” or “license” they specifically chose not to. Rather, they structured the statement as a forebearance from suit. The reason for this is unclear, but it does seem worthy of further thought. What if the effect of this structuring is to preserve the underlying rights including the right to sue? If that were the case, then the right would stay alive if transferred to a third party. The third party, which has not given any such covenant would therefore be at liberty to commence suit.

Can Equities Prevent Sharp Practice?
Fifth, each document has a rider excluding other rights including rights by way of estoppel (the OSP words are “No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise”). You might think that transferring a patent to a third party in order for that party to sue under it was sharp practice and surely there would be an equity that would stop it. Who knows? Could the exclusion wording in the CNS/OSP be used to argued against such an equity? If the CNS/OSP is considered at law to be a licence then a third party would be in a much worse position as the developer could plead a valid permission.

Criminal Law?
Sixth, and also leading on from the third, if the OSP/CNS are not licences within the meaning of the patent law (something I express no view on at the moment other than to return to the observation above that the word “license” could have been used and wasn’t) then they will be inadequate in any jurisdiction which has criminal penalties for patent infringement. The reason being, that a private party cannot waive the commission of a crime. That is something for the State. That is, if the patent is not a licence, then the relevant conduct will be infringing conduct, albeit not actionable in a civil action by virtue of the OSP/CNS. If the conduct is criminal in the absence of a licence, then a promise not to sue will not convert the criminal conduct. That is, there is no way to rectify criminal conduct after the fact. Rather, the conduct must be licensed beforehand so that the conduct does not become criminal.

Third Party Patents?
Seventh, both expressly refrain from making any statement that OOXML is free from third party patents. This is hardly surprising given that both are designed to apply to a number of different specifications rather than just OOXML. However, this raises the issue – what assurance does a developer have that such a large specification is not the subject of third party patent claims? The pedigree of the specification is certainly no reason for hope, Microsoft has been the target of third party patent claims for some time now including some high profile losses in patent suits. The fact that the specification has been developed behind closed doors and on a fast track means that there has been no adequate opportunity to evaluate the likelihood of third party patent claims against the specifications. The sheer size of the document suggests there will be at least a couple hiding in there somewhere.

Where is the Love?
Eighth, both lack any feeling of warmth. Each has been drafted by lawyers, is designed to be used for a number of different specifications and to give rights only over what is absolutely necessary. In short they are clinical documents – not the sort of things which inspire trust.

ISO up to Standard?
Ninth, the ISO is apparently happy, having reviewed the OSP, to sprinkle the holy water on it and absolve OOXML of any IP issues (I understand that this is on the basis that the OSP meets the ISO’s requirements for IP licensing). On this we must give pause to consider exactly when the ISO requirements for IP licensing were last reviewed. If they don’t cover copyright and trademark issues (which, since the OSP is a patent only document, they don’t appear to) surely they must be in need of a refresh?

A Hint of Mystery
Exactly what is the effect of these words: “you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise”. Thoughts?