There has been a petition filed to place on the May ballot an amendment to the City's charter that would force the city to put some of it's day-to-day business online. This charter amendment aims to bring accountability and transparency to the higher levels of municipal government, where the primary targets are City Council members, the City Manager, Assistant City Managers, division level managers and their respective staffs. The amendment requires some very specific conditions (I'll highlight the technical ones below) but first a disclaimer.

Although I currently work for the City of Austin, I am in no way representing or advocating *any* official position of the City in this matter. I am writing this as a concerned citizen of Austin who would like to see our government as transparent and efficient as possible and I am using information that is publicly available elsewhere to make my points.

With that in mind, this is a theoretical plan so assumptions have been made which could be incorrect. At this time, I am neither for nor against the proposed Charter amendment. My focus with this post is to try and bring a technical solution to the mandated goals of the Charter amendment in which to serve as a base for discussion with the Austin community. This opinion is put forward in the hopes it will facilitate discussion and will bring other concerned citizens into the mix and to showcase the alternative technical ways to satisfy the Charter amendment if passed. So please, do not read anything into this post that is not explicitly stated.

And with that, off we go. Here are the relevant sections (italics are direct quotes from the amendment; regular text is my opinion):

• The City must, as expeditiously as possible and to the greatest extent practical, make all public information available online in real time and accessible to the public.
  OPEN ACCESS TO CITY BUSINESS
  • Within one year of the date this Amendment takes effect, applications and proposals for any permit or contract of significant value must be provided to the City in an electronic format.
  • The City must maintain a system for electronic notification (such as email lists) to interested persons of any event or new information relating to the matter.
  • All written communications between the City and the applicant relating to the matter must be posted online in real time in a manner searchable by the public.
  OPEN ACCESS TO CITY CALENDARS
  • For all matters involving City business, the following people must maintain calendars of all meetings and maintain logs of all telephone calls: (a) City Councilmembers and their staff; (b) City Manager and his or her staff; (c) Assistant City Managers and their staff; and (d) all department heads.
  • Calendars and logs must be posted online in real time and be accessible to the public.
  • This provision must be implemented within six months of approval of this amendment.
  OPEN ACCESS TO CITY ELECTRONIC COMMUNICATIONS
  • In order to better preserve written electronic communication for public disclosure, the City must establish a system that automatically archives all incoming and outgoing electronic communication that deals with City business to and from the following people in their official capacity: (a) City Councilmembers and their staff; (b) City Manager and his or her staff; (c) Assistant City Managers and their staff; and (d) all department heads.
  • The above people are prohibited from discussing City business via any form of written electronic communication, such as a private email account, that is outside of the City’s automatic archiving system.
  OPEN ACCESS TO CITY FUNCTIONS
  • All public information that has previously been released to someone making a public information request and which, because of the nature of the subject matter, the City determines is or is likely to become the subject of a subsequent public information request for substantially the same information
  EFFECTIVE ACCESS TO INFORMATION
  • The City must create and maintain online tables of contents and indexes to enable the general public to easily find and access online City documents and public information. Information must be searchable, and be able to be located by author/submitter, individual recipient, date, and subject matter.

These are some pretty tough technical requirements but they are possible. If the city stays with its current technology (articles are located here, here, and the City's Cost Estimate) which is comprised primarily of proprietary, closed technology, this will be a *very* expensive endeavor. But, using Free Software and open standards, the city can put togther a long-term, cost-effective solution that would meet all of the above technical requirements.

The primary requirement of this plan is that all data will be created/stored/transported in XML formats. Once in XML, there are ways to work with the data that will satisfy the amendment.

• Jabber - This will be the core transport piece and the legacy application data connector. Jabber is essentially an XML router and can act as the "bridge" from older client/server applications to the charter mandated goals.
• Zimbra - This is the email/calendaring piece. At its heart, it's an XML processing engine.
• Zope/Plone - This provides the public presentation framework as well as the internal data workflow paths for data classification and dissemination.
• OpenOffice.org - This would be the city's standard productivity application for creating/editing data. All data would be stored in OpenDocument format which is basically a zipped XML file (well, actually, it's 3 files zipped into one). All citizen correspondence with the city would also be in OpenDocument format.

The Charter Data Flow diagram below shows a stylized data path and where the repositories reside in the model. It is important to remember this same model allows for a real-time and stored data repository that is controlled by the users of the system in the Plone workflows. This allows classification/declassification of data to be handled by the data custodians themselves, effectively streamlining the process. That very same system is also the frontend used by the citizens to gain access to the data. So let's break down the pieces one-by-one using the above amendment goals as an outline...

OPEN ACCESS TO CITY BUSINESS
• Within one year of the date this Amendment takes effect, applications and proposals for any permit or contract of significant value must be provided to the City in an electronic format.
• The City must maintain a system for electronic notification (such as email lists) to interested persons of any event or new information relating to the matter.
• All written communications between the City and the applicant relating to the matter must be posted online in real time in a manner searchable by the public.

If the city decides to commit to an open standards based format like OpenDocument immediately, the one year timeframe is a doable, although still a difficult timeline. As long as the city continues to accept binary, closed formats, it only pushes the timeframe of conversion and subsequent Charter amendment compliance futher into the future. OpenOffice is the perfect choice for an end-user tool as the city is not requiring the purchase of a particular company's software package to facilitate communication between its citizens and their government. Purchasing an office suite, even though it's the "market leader," puts an arbitrarily high hurdle in the way for those citizens who lack the funds to purchase the software. These disenfranchised citizens are now compelled to violate copyright laws in the attempt to communicate to their own government. With OpenOffice, the city could customize both the programs and templates required for effective communication. The city can create the exact functionality needed internally as well as customizing the functionality for its citizens externally while offering those tools to the public for no charge (for example, putting the software on a cdrom for those w/o Internet connections; creating live CDs that contain all the software and templates that can run on old, recycled machines, etc).

Further, to satisfy the electronic notification clause, a mail list management system is being integrated into Plone and there is already software available. Mailman is the most widely used mail list manager on the Internet and can be easily extended with just a bit of python code (Mailman, Zope, Plone all use python as the development language. Zimbra and Jabber can extend functionality using python so the city can standardize on one internal development language.)

And, as mentioned before, if the city standardizes on OpenDocument, incorporation of the contents of all submitted documents can be easily indexed once entered into the system (by entered I mean "saved to the storage medium.") Because OpenDocument files are just gzip'd text files, an index process can be used to unzip the files and pull just the text content (one file of the 3 contain just the content of the document w/no formatting) and make searching the repository more efficient and immediately available to the public.

OPEN ACCESS TO CITY CALENDARS
• For all matters involving City business, the following people must maintain calendars of all meetings and maintain logs of all telephone calls: (a) City Councilmembers and their staff; (b) City Manager and his or her staff; (c) Assistant City Managers and their staff; and (d) all department heads.
• Calendars and logs must be posted online in real time and be accessible to the public.
• This provision must be implemented within six months of approval of this amendment.

Access to city calendars through Zimbra should be facilitated quite easily. Either using replication within the system to provide a daily look in a downloadable format (like iCal) or the system can be setup to show real-time calendars on demand for key personnel. Public access would be facilitated through the Zope/Plone system while the actual data resides in the Zimbra Collaboration server. In regards to the phone logs, the members of government that the Charter applies to could be switched to a VoIP system in which the calls are stored in the repository with XML descriptions and metadata which would facilitate near real-time access to the actual phone calls for public review.

OPEN ACCESS TO CITY ELECTRONIC COMMUNICATIONS
• In order to better preserve written electronic communication for public disclosure, the City must establish a system that automatically archives all incoming and outgoing electronic communication that deals with City business to and from the following people in their official capacity: (a) City Councilmembers and their staff; (b) City Manager and his or her staff; (c) Assistant City Managers and their staff; and (d) all department heads.
• The above people are prohibited from discussing City business via any form of written electronic communication, such as a private email account, that is outside of the City’s automatic archiving system.

Once again, using the Zope/Plone products, the system can be designed in a way that all information is kept within the repository and using Plone workflows, access can be facilitated.

In respect to the prohibition of those City personnel using external means to facilitate communication, there is really no way to stop this unless it is made into a law that carried some form of legal consequence. Currently, the city has too many ways to bypass the restriction (information security staff can't block all webmail sites [common sense dictates that]; councilmembers and other staff targetted in the amendment can bring in their own personal laptops and attach to the public wireless network [reference here], etc) but I would propose that the staff in which this amendment is targeted be moved on to a centralized thin-client based system to allow for easier accountability. One way to approach this would be to provide these employees with wireless tablets/laptops that tie-in to a backend thin-client system where the installation of unapproved software and traffic can be monitored. With a centralized thin-client system in place along with a legal mechanism, the system could better provide the compliance and accountablity the Charter amendment strives to achieve.

OPEN ACCESS TO CITY FUNCTIONS
• All public information that has previously been released to someone making a public information request and which, because of the nature of the subject matter, the City determines is or is likely to become the subject of a subsequent public information request for substantially the same information

This goal is already an inherent part of the envisioned system. Plone workflows will allow for the classification of data so once an Open Records request is made and the results known, the data from that request can be entered into the system and classified as public data. It could also be tagged with metadata that would enable classification of the data into Open Record groups so subsequent searches could use the narrowed down datasets.

EFFECTIVE ACCESS TO INFORMATION
• The City must create and maintain online tables of contents and indexes to enable the general public to easily find and access online City documents and public information. Information must be searchable, and be able to be located by author/submitter, individual recipient, date, and subject matter.

Again, this goal is already envisioned within the Plone content management architecture. Metadata tags can be added at will to provide the criteria needed for efficient searches.

PROS & CONS

I think the Pros of this system are self-evident as it is basically a transparent interface into the people's government. Redundancy of data and repetition of action have been minimized in the current design making the system as efficient as possible for the lowest possible cost. There are also savings by using products such as OpenOffice which can function in multiple roles thoughout the data collection/generation process as well as the obvious benefit of no ongoing software licensing fees.

Also, this plan does not replace any existing or upcoming applications like those listed in the City's cost estimate. This plan works with those systems to bring a centralized and efficient workflow with data classification to the already existing data collection process.

But there are a few Cons of the proposed design:

• Cost - There would be a hefty upfront cost for hardware and existing data conversion. The current official estimate is $24 million one-time cost and $11 million ongoing. Without getting into the specifics of cost, I feel the official costs might be slightly high as I think there could be some savings in one-time consulting fees, software licensing costs and ongoing staffing (possibly as much as $6mil in the one-time category). But the costs to implement a system like this would be high, make no mistake about it. This nut can't be cracked cheaply.
  One thing that I'd like to bring up which isn't specifically called for in the Charter amendment is data conversion costs to the OpenDocument format. Although the Charter amendment does not call for all city data to be accessible online, I would like to mention that it would be time and money well-spent. Although I couldn't find an "official" conversion efficiency rate for Microsoft Office to OpenDocument, I have found numerous articles (here's one) hinting the conversion rates are quite high. My own testing of the few hundred Microsoft formatted documents on my hard drive showed about a 90% conversion rate (by that I mean 9 out of 10 did not complain about conversion and the docs I opened up looked formatted correctly).
  So working on the assumption there is an effective 85% conversion rate, if the city has 2.5 million documents, that leaves 375,000 documents that would need some form of "hand-holding" to convert. If one employee can convert 20 documents a day, they would get through the problem documents in 51.37 years. To bring this down into the timeframe required by the Charter amendment (just for argument's sake: 1 year), the city would contract close to 50 people for document conversion (50 x $35,000/yr for a temp = $1.75 million). To me, this is a relative bargain as the city would have the bulk of it's data in a non-proprietary, easily convertible and manipulative format.
  Now, there are much better people than I to figure out total costs for a plan like this (and I would love to work with someone on this, just email me) but suffice to say, the city's official $24mil estimate would be sufficient to cover the costs of this plan. The city's official cost estimate provides for new positions (which would be needed for more python programmers, etc) so I think the cost estimate is a good attempt to "herd cats" but could be just a bit high. The silver lining is that the city should be able to recoup some (not all) of the one-time costs over the long-term with the savings of having the data in machine manipulative formats, an efficient and defined data workflow path (enhancing employee productivity) and the ongoing savings in license fees for the proprietary software replacements.
• Momentum - By that I mean that getting any large organization to change takes time. There are sure to be groups/departments/managers that are hostile to these types of ideas. But the Charter amendment demands specific goals within specific timeframes so this is the best type of pressure for a government agency (external pressure is always the most efficient). Having worked in government for the bulk of my career, I can make a safe assumption that a plan this agressive will meet with much resistance internally. It may very well take upwards of the first proposed year just to convince the parties targetted by this amendment to agree to the changes of workflow. But with public pressure and hopefully, media coverage, a change like this can be successful.

So, in summary, I believe the City of Austin can achieve the goals set forth by the Charter amendment although some additional time will be needed to allow for such massive infrastructure changes. It's important to keep in mind this proposal is just a theoretical model and may not even be possible with the aforementioned products. I'm assuming quite a bit (like ZODB will scale or can be broken into manageable chunks, the city's internal departments agree on a common plan, etc) so please take this post as a suggestion and not a roadmap. My experience in working with and for different government agencies as well as with Free/Open Software leads me to believe that the city can satisfy the requirements of the Charter amendment in a timely fashion and can provide to the public the most transparent and efficient government possible.

As always, I can be reached through comments or by email at scott(dot)brown(at)opennetworks(dot)org.

My last post put together a theoretical system that should be able to handle a near "real-time" posting of information in an online format if required. It was meant merely as a basis for discussion; to set the technical parameters of a system so we can break down specifically and in more detail, the functionality of the system in specific situations. In this post, I'll try to highlight and explain exactly how this system *should* work in situations that have been mentioned publicly. But first, a standard disclaimer:

Although I currently work for the City of Austin, I am in no way representing or advocating *any* official position of the City in this matter. I am writing this as a concerned citizen of Austin who would like to see our government as transparent and efficient as possible and I am using information that is publicly available elsewhere to make my points.

With that in mind, this is a theoretical plan so assumptions have been made which could be incorrect. At this time, I am neither for nor against the proposed Charter amendment. My focus with this post is to try and bring a technical solution to the mandated goals of the Charter amendment in which to serve as a base for discussion with the Austin technical community. This opinion is put forward in the hopes it will facilitate discussion and will bring other concerned citizens into the mix and to showcase the alternative technical ways to satisfy the Charter amendment if passed. So please, do not read anything into this post that is not explicitly stated.

I'll first discuss the situations mentioned in the ballot language proposed by the City Council. Here is the language that will be going on the ballot this May (italics are direct quotes; my responses are normal text. Further, I've changed the format of the language to make the points more clear [I don't think anyone can read big, run-on sentences very well]):

City Language

Shall the city charter be amended:

1. to require that all private citizens emails to any public official be placed on the city website in real time, including emails or electronic communications between private citizens and public officials in all City departments, including the library department, police department, city health clinics and city departments handling utility bills and code enforcement, and limit the ability of citizens to keep private the details of these communications;
2. to require that the heads of all city departments, including the police department, parks department, library department, all city manager s staff and all city council members and their staff post online in real time information about all meetings and phone calls with private citizens;
3. prohibit the city from exercising state law protection for information that could expose the city and taxpayers to greater financial and legal liability and risk;
4. to require the city to create at taxpayer expense an online electronic data system for most city communications and documents, which for the most part are already available to the public; and
5. to install and permanently operate such a system at an estimated cost of approximately $36 million initially and $12 million annually thereafter if fully implemented, which could require a tax increase equivalent to three cents per $100 valuation or a reduction in city services?

First, let me say that there are those that feel the ballot language is not an accurate portrayal of the amendment's goals. I won't comment publicly my thoughts on the language at this time but I will address the technical concerns of the ballot language in the proposed system.

a) to require that all private citizens emails to any public official be placed on the city website in real time, including emails or electronic communications between private citizens and public officials in all City departments, including the library department, police department, city health clinics and city departments handling utility bills and code enforcement, and limit the ability of citizens to keep private the details of these communications;

Email is already subject to Open Records requests and state document retention policies so the only difference in this clause from a restatement of current policy is the "real time" bit (which I will address). Further, the amendment does not require breaking any existing federal or state laws in its effort for transparency (i.e- City health clinics, police departments and utilities are bound by federal laws like HIPAA and the USA Patriot act which supercede the City Charter's authority for online posting of information.) Privacy laws (whether federal or state) still supercede any authority the city charter may have (an important concept that seems lost within the context of the current ballot language).

The relevant section(s) from the amendment is:

SECTION 2: Privacy Protected. Nothing within this amendment should be interpreted in a manner that would violate an individual’s existing constitutional or common law rights to privacy.

and

(C)OPEN ACCESS TO CITY ELECTRONIC COMMUNICATIONS

(1)In order to better preserve written electronic communication for public disclosure, the City must establish a system that automatically archives all incoming and outgoing electronic communication that deals with City business to and from the following people in their official capacity:

1. City Councilmembers and their staff;
2. City Manager and his or her staff;
3. Assistant City Managers and their staff; and
4. all department heads.

The amendment merely calls for an archiving system for the above personnel and does not require "real time" capabilities. The city currently follows all state document retention laws which require email archiving for a period of no less than 2 years.

As it is correct to legally interpret the language of the amendment as broadly as possible, the current ballot language does not recognize that the ultimate authority of "real time" resides with the city council and not with this amendment. Interpreting the amendment as broadly as possible, it is correct to assume that "real time" posting of email would be a goal if that action was practical (that is the keyword from the amendment). The city council is the determining body of the "practicalness" of any issue that falls outside the explicit conditions set by the amendment. Hence, in this limited example of "real time" email, because it falls outside the explicit condition set by the amendment, it should be referred to council for determination of how practical the idea is (the key clause from the amendment is "expeditiously as possible and to the greatest extent practical,"). If the council found it was practical, it would then be up to the council to determine the action to best fit the situation.

Further, the OGO amendment only mentions "real time" in two explicit circumstances; calendars of the city council, city managers, division heads and their staff and written communications between the City and businesses and individuals seeking ecomonic development benefits. Anything outside the scope of the following sections would be referred to council for a practical definition. The amendment *does not* require "real time," online posting of email (even though the press continually miss this point).

SECTION 3: Open Government Online

(A)OPEN ACCESS TO CITY BUSINESS

(4)All public information concerning the matter subject to Section 3(A)(2) must be posted to the website. All written communications between the City and the applicant relating to the matter must be posted online in real time in a manner searchable by the public.

(B)OPEN ACCESS TO CITY CALENDARS

(3)Calendars and logs must be posted online in real time and be accessible to the public.

(I like to think of this situation as the city council's "Mars Mission." Even though a manned mission to Mars is possible, it still is not practical and the council could rule for various reasons [the cost is prohibitively expensive; no one is trained for the mission; the chemical rockets are not powerful enough to make it to Mars, the citizens don't want the extra $.03 per $100 valuation tax increase, etc] that the "Mars Mission" would not take place.)

The proposed system could meet the goal of "real time" posting of email if required by council at a later date. On email reception, the email is "tagged" with an OGO compliant label (the label is contained within the metadata for that message). Retrieval and display of those messages would be a simple ad-hoc query from the Zope application server to the Zimbra MySQL-based metadata store for the appropriate tag (pseudo-SQL: SELECT msg WHERE msg.tag MATCHES "OGO" AND msg.user MATCHES "Council Member"). Dependent on the tags, messages could also be grouped so a query could pull up not just one member's email messages, but a whole group (psuedo-SQL: SELECT msgs WHERE msg.tag MATCHES "OGO" AND msg.group MATCHES "city council" WHERE msg.date MATCHES "last week"). The nice thing about this approach is that by tagging the messages with metadata as they come in, we can do efficient ad-hoc querying from the Zope server to the message store while utilizing a single data repository. Furthering enhancing system performance, Zope will cache any queries on the Zope server so multiple queries for the same data will not need multiple "trips" to the message store.

I am having trouble finding where the council feels that the amendment is " ... limit(ing) the ability of citizens to keep private the details of these communications;". The closest section I can find is the waiver of rights in section 4(B). That section does not deal with the public-at-large though; it only deals with those individuals and businesses that are seeking economic benefits from the city and does not deal with private citizens email. I'm at a loss for where the council found that clause applicable under the "real time" section.

The next section from the ballot language:

b) to require that the heads of all city departments, including the police department, parks department, library department, all city manager s staff and all city council members and their staff post online in real time information about all meetings and phone calls with private citizens;

And the relevant section(s) from the amendment:

(B)OPEN ACCESS TO CITY CALENDARS

1. For all matters involving City business, the following people must maintain calendars of all meetings and maintain logs of all telephone calls: (a) City Councilmembers and their staff; (b) City Manager and his or her staff; (c) Assistant City Managers and their staff; and (d) all department heads.
2. These calendars and logs must contain the time, date, subject matter, and persons involved in all meetings and telephone calls involving City business. These calendars must be used to schedule and record all past and future meetings that occur after the implementation date of this section.
3. Calendars and logs must be posted online in real time and be accessible to the public.
4. “Meetings” includes all informal and formal meetings including but not limited to telephone conferences, videoconferences, happy hours, and luncheons.
5. This provision must be implemented within six months of approval of this amendment.

In the proposed model, this requirement is already addressed in the current product line. Zimbra has partnered with another open source product, Asterisk to provide VoIP and PBX functionality within the collaboration server. Asterisk is a full-featured, enterprise-class PBX so the logging of calls in or out should be easy and display of those calls should be the same as the calendar view (more information is here and here.)

The next section from the ballot language:

c) prohibit the city from exercising state law protection for information that could expose the city and taxpayers to greater financial and legal liability and risk;

There are no technical issues required within this clause but, for completeness, here are the relevant amendment sections:

SECTION 4: Public Information.

The term “public information” means information that is required to be produced under Texas Government Code § 552.021. Public information also includes the following categories that must be produced in response to a public information request:

1. INFORMATION RELATING TO CIVIL LITIGATION. That the City is a party to litigation does not render information relating to that litigation less important; rather it often means the information is a matter of heightened public interest. Therefore, the City must not withhold information relating to civil litigation under Texas Government Code § 552.103, but it may withhold under other Public Information Act exceptions.
2. ECONOMIC DEVELOPMENT INFORMATION. Information relating to economic development assistance or incentives is public information to which the public has a right of access.
   1. The City must require all businesses and individuals seeking to engage in the type of economic development negotiations referenced in Texas Government Code § 552.131 to execute and deliver to the City a waiver of any rights to prevent the public disclosure of all information exchanged with the City. The City is without authority to engage in economic development negotiations with any company that has not first executed a waiver.
   2. The City is without authority to shield economic development offers under Texas Government Code § 552.131(b).
   3. Nothing in section 4(B) prevents a City from withholding documents under Texas Government Code §§ 552.104, 552.105, or 552.108.
3. AGENCY MEMORANDA. Open government in Austin ensures the people have access not only to the final decisions made by government officials but also to the process by which those decisions are made. The City must not use Texas Government Code § 552.111 to withhold information reflecting advice, opinion, and recommendations on policymaking matters, except the City may withhold attorney work product.
4. PERSONNEL FILES. The City of Austin must not maintain an optional personnel file as authorized under Texas Local Government Code § 143.089(g) for employees of the Austin Police Department, nor does the City have authority to enter into any meet and confer or other agreement with any police officer association that requires creation or maintenance of a separate file that is closed to the public.
5. EMAILS RELATED TO CITY BUSINESS. Email or other written electronic communication to or from a public official concerning City business is public information, including communications to or from privately owned email accounts or computers.

I'll address the next two ballot language sections together:

4. to require the city to create at taxpayer expense an online electronic data system for most city communications and documents, which for the most part are already available to the public; and
5. to install and permanently operate such a system at an estimated cost of approximately $36 million initially and $12 million annually thereafter if fully implemented, which could require a tax increase equivalent to three cents per $100 valuation or a reduction in city services?

The proposed model does not require any new systems to be purchased outside of the one's listed in my first post. Jabber serves as a "bridge" to connect the various existing datasources into the display architecture while the "agents" speak the "native" application language to the existing datastores (once again, I'll mention the CAPWin project of Washington, DC.) Some of the cost in the City's official estimate is for software licensing ($6mil alone just for the document management system). As I've stated in my past post, the cost estimate from the city is a good attempt at "herding cats" but until specifics are laid out, noone actually knows how much the initiative will cost.

For example, the model I propose is heavier into programming than software licensing. Most of the products I've used in this model do not have an initial or ongoing software licensing cost (however, service contracts will still need to be procured). So it can be assumed that this model will be less expensive in software licensing than the city's official estimate. I have yet to fully breakdown the initial and ongoing costs for this model (I'm more concerned about the technical issues and not cost; I leave that for people more skilled than I at cost estimation) but a quick rundown of the products listed and their software costs:

Cost estimation
Product	Initial Software Cost	Ongoing Licensing Cost	Service Contract required
Zope	$0	$0	Yes
Plone	$0	$0	Yes
Jabber	$0	$0	Yes
Jabber agents	$Unknown. Based on how many systems need to be tied in.	$0	Yes
Zimbra	$28/user	$0	Yes
OpenOffice.org	$0	$0	Yes

Please keep in mind that the service contracts will cost money as well as hardware would need to be purchased (the city's estimate on server hardware is fair and reflective; the city would not have to replace 1,540 PCs under this model saving an additional $1.2mil). Without delving further into specifics, between just EDIMS licensing and the replacement PC costs, there is a savings of $7.1mil off the projected one-time cost of $24mil and at least $1.1mil off the recurring cost of $11.6mil. (I feel the ballot language is wrong when it states $36mil upfront costs. That figure combines the one-time cost at $24mil and the recurring cost of $11.6mil. The recurring cost would not have an effect on the one-time purchasing cost of the first year. Again, if anyone is interested in fully fleshing the costs of this model out, please email me.)

So, in sum, I hope that the technical model I propose shows the flexibility and expandability sought by the OGO amendment to provide a transparent window into the people's government. I would like to re-emphasize that this model should *not* be taken as a roadmap but merely as a discussion of the salient technical issues the amendment seeks.

Or at least that will be the lasting sentiment from this story. And, you know, that's fine with me. I've been *intimately* involved with this particular issue as my wife and I were affected by this personally.

Almost 2 years ago, I learned that Travis County had published our marriage license online, which included our names, addresses, social security numbers, birthplaces and driver's license numbers. For most people, the standard marriage license form doesn't include that information and so it's fit to publish online. What we did different from most people was we filled out a "Declaration of Informal Marriage," a form that legally recognizes a common-law marriage. This was required by my employer (the City of Austin) so I could extend healthcare coverage to my wife.

So when I found out this form was available online and the state required redaction of the social security numbers had not been done, being intimately familiar with this subject (I'm an Information Security Analyst at the City), I called the County Clerk's office and asked to speak to someone who would be able to pull the graphic. Over numerous phone calls to at least a half-dozen different people, I couldn't seem to get a hold of anyone that understood what I was asking for. After about a week of calling and talking to people, the "official" solution (and I'm calling that "official" as this was the highest level person that I could get a hold of even though I asked on numerous occasions to speak directly to Ms. DeBeauvoir herself) was that I would have to file a petition with the court to have the record changed from public information to private (at a cost of at least $300). This was crazy, I explained. Because I do this exact same thing at my day job (look at vendor's applications for weaknesses and re-engineer them to fit the City's security policies), I knew there was some kind of technical disconnect to the person I was talking to. As I kept explaining, I wasn't trying to change the status of the record. I had no problem with it being public. My problem was that this system was publishing records online in violation of the State of Texas' Public Information Act ( § 552.141. CONFIDENTIALITY OF INFORMATION IN APPLICATION FOR MARRIAGE LICENSE) and that Travis County could be held liable for any security breach that could be traced to their website. After all, I wasn't asking to invalidate the record; I was asking for the stupid web application to not publish the one pdf file that contained the information.

So I asked to speak to one of the programmers as I knew I could convey exactly what I was trying to get across to someone technical. I was told I couldn't speak to a programmer as it was an application developed by a vendor and I had no way I could talk to them directly. My concerns would be relayed to them, I was told. So, almost 2 years later and after my wife picked up the phone tag baton, putting multiple 90 day freezes on our credit knowing our information was easily available to any and all, I'm glad to see that the clerk's office is finally doing the right thing. Kudos to you and your staff Ms. DeBeauvoir. I only wish that I could have talked to you directly oh, so many years ago...

But you would think I would end the story there, but I'm not. I'm going to use this as an example of something that is very close to my heart as well as put a few warnings out there. The application that the clerk's office uses, Public Access .NET, is a proprietary application which the clerk's office probably doesn't have rights to access or change the source code. I'm assuming from all my conversations with their staff that no one at the clerk's office has access to the source code of the application much less the right to change the functionality of the application itself (remember, I don't know this for sure; I'm *assuming*).

So I'll offer up this first warning to government officials. Proprietary software and government do not mix well. As Ms. DeBeauvoir states, "I am a strong supporter of open government; however, my obligation as an elected official is to respond to legitimate public concern and to do everything within my authority to protect people now." So, if the public's best interest is the priority, by doing everything in her power, that application should be open and accessible to other programmers outside of the company that developed it. This allows the government entity the option to work on their time schedule and not the agenda of another company. So if a pressing security issue crops up (like publishing social security numbers online), the entity has the option to call a local programmer and immediately address the concern. Like I said before, from my understanding of the application and how these things are put together, this could have been as easy as changing a single field in the database and not a whole rewriting of the application itself. This concept, called open source, is the perfect fit for any government entity who espouses their belief in open government because it practices what it preaches. It allows for the open review of the code by independent 3rd parties and allows changes to the functionality on the government entity's time schedule. I can say that most of the online projects that the City uses have either been developed in-house by our talented programmers or we have access to review the code if needed. We love it from a security standpoint as we can see exactly what is going on and can tailor the app to fit within the City's strict security policies. It's a win for the people's government and a win for the developer.

My second warning goes along with the spirit of the first. The company that developed the application, Hart Intercivic, also developed and programmed the voting machines used in all elections here in Travis County. Hart Intercivic keeps the programming code of these machines as well as the tablulation software proprietary and thus secret. If I could think of any application in the world that needs to be open sourced, it's voting machine software. As shown by the last few election cycles and in numerous other instances, the software has come under scrutiny as irregularities become more prevalent. So, if we value our democracy and if Ms. DeBeauvoir really believes in open government, we need to petition to have a true independent code review of the voting machines we use here (and don't believe the results from the ITA or "Independent Testing Authority" that all these machines must subject themselves to. The ITA is actually just three companies which are paid by the voting machine manufacturers themselves. An article by probably the most prominent voting machine expert, Avi Rubin discusses this "independent" setup). So please, if you value democracy, email or call the Travis County Clerk's office and pressure them to have Hart Intercivic release the code to a true independent party for review. If Hart Intercivic was publishing all my personal information online in direct violation of state law, who knows what the *truly* secret code is doing...

Ok, since I haven't made a post about geek stuff in awhile, I'll give a quick review of what I've been playing around with lately. Now, I've been using Linux as my primary operating system for close to 10 years now. In fact, as soon as I got my MCSE (Microsoft Certified System Engineer) back in '97, I abandoned Redmond and followed my heart and principles and put myself permanently in the upstart OS's hands, destination be damned. Since then, I've been privileged to be part of a Linux startup, part of active local user community and hired in my current job primarily as open source expert (which, in reality, you can't be a good information security analyst without a deep understanding of open source technologies, including Linux). I was the lead engineer for the City of Austin's Linux pilot projects, Open Office trials and first forays into public wifi (which the units we spec'd ran Linux) back in '03. But during most of that time, I had never really recommended to anyone that the average computer user was ready for Linux, primarily because Linux's strength is paradoxically it greatest weakness (it's flexiblity). Oh, sure. It's great from an enterprise standpoint where it's inherent network and multiuser support as well as upkeep far outshine anything from Microsoft. And in the hands of a knowledgeable administrator, a great desktop experience could be crafted together. But now I'm ready to change that policy for the average home user.

Now I've tried just about every combination of window manager and user environment. I'm a huge fan of Mac OSX from the usability and eye candy aspect (I've got a G4 iBook and had a dual proc, dual head G4 PowerMac for awhile as well) and also love it's UNIX underpinnings (FreeBSD). On Linux, I started out using KDE pre-1.0 and quickly moved to my first cherished desktop environment; WindowMaker. I loved the combination of simplicity and eye candy that was available for it (I still have some WM themes up on freshmeat.net). Since KDE 3.0, though, I've pretty much used KDE exclusively, especially when GNOME decided to start "dumbing down" their environment in favor of usability vs. customization. But, just for the fun of it, a few days ago, I changed my desktop over to the latest GNOME in the Fedora Core 5 repository and sparked up my first use of GNOME in close to 4 years.

And the result? In a word: impressive. Now make no mistake about it. I'm a Linux power user by any definition of the term. That was probably the main reason why I stayed away from GNOME as I figured that any environment that limited what I could do on *my* OS just wasn't worth my time. Not to mention the fact that it just seemed that KDE was always ahead of the curve on the all-important eye candy front (that's one of the big reasons for me which separates Linux and Mac from that lame excuse of an OS, Windows).

Since I loaded up GNOME on my meager home machine (P4 1.5Ghz, 512MB RAM, dual head Nvidia+MGA vid cards), I've been impressed by its snappy performance and sharp rendering of fonts and widgets (metacity seems to have come a long way since they made the switch from sawfish oh-so-many years ago). GTK2 (the widgeting library) is light years ahead of the last time I played around with GNOME and GTK, easily rendering colors, buttons and menus with ease. And I have to say that I'm quite impressed with Fedora's array of extras (themes, backgrounds, etc) and the graphical interface to Fedora's software installation and update tool, yum.

I was so impressed with this setup on my home machine that I decided to take the ribbing from my co-workers and load up GNOME on my slightly more powerful work machine (P4 2.4Ghz, 512RAM, Dual head 32MB Nvidia vid card). Now, the thing to note here is the video card. That card, unlike my mix of cards at home where only the Nvidia is 3d capable, allowed me to install a different window manager, XGL. And let me tell you, my friends, *this* is how computing in the 21st century is supposed to be...

Don't let Microsoft's upcoming marketing of Vista fool you. There is nothing in Vista that will even come close to XGL. Besides Vista's bloated hardware requirements, it just doesn't have anything in it close to this functionality. So what is this miracle window manager? It's a hardware accelerated desktop which shows the potential of where this free operating system is going and why Microsoft *really* needs to think about getting out of the "for-pay" operating system market altogether (esp. if the rumors are true that Apple might be working to position OSX as an alternative OS for new PCs). After all, if you can get all of this for free, why would you pay for anything else?

Now, the movies of XGL are impressive, especially considering that it's really just a late alpha to early beta release. But even in this early stage, it's absolutely usable as an everyday desktop. It features "wobbly" windows and menus (windows and menus that shake and distort based on movement or focus), true alpha blending with user defined window transparencies (you can even have different transparency levels on each window), fully rendered drop shadows (I find them better than OSX as you can define how much shadow and offset you like), OSX-like "expose" and fully rendered mini app windows on the alt+tab key combo and the jaw-dropper for most people, the "cube" desktop switcher.

The cube is a virtual desktop switcher and by using that definition, it seems to trivialize it's function. An easy way to think about what it the cube is imagine that your computer screen is just one face of a cube that extends behind your monitor. On each face of that cube, you can have another desktop containing whatever applications running you like. Now, virtual desktops have been part of UNIX for the better part of 30 years but XGL has a major difference; its performance. Because is uses hardware rendering to draw the windows and effects, to quote some of my bretheren in Boston, it's "wicked fahst." And as this video shows, the cube floats in space when you change desktops or grab the desktop with the mouse and the ctrl+alt key combination. Add in the fact that you can customize the picture that goes on the top of the cube and in the background as well as many other customizations (like standing inside the cube looking out instead of looking at the cube from the outside) and you have some major eye candy sure to make your Windows friends weep in envy.

And because this feature is so responsive, it makes this implementation of a virtual desktop switcher worth using. Software based virtual desktops, to me, have always suffered from slowness. So much so that I didn't care to use them. XGL is the first one I've ever used where I can switch desktops and focus an app faster than I can actually think about it doing it.

Now, to be honest, XGL also works just fine with KDE. But the combination of GNOME and it's clean, almost sparse lines with this new functionality as well as GNOME's focus on usability just seems to fit better. It feels leaner and meaner.

But eye candy is great, you might be saying, but what is prompting you to say that Linux can now be used by the great computing masses? Linux's biggest detraction over the years was the supposed lack of applications on the platform. That is no longer the case. Nowadays, you can find an application to do exactly what you need to do natively on Linux or, if you want, probably can run that same Windows app on Linux using Wine or it's commercial counterpart, Codeweavers Crossover. And since Vista will be breaking backwards compatiblity in some ways, you won't be guaranteed that your preferred app will run if you upgrade. Add in that XP is scheduled to be end-of-lifed in 2008, the lofty hardware requirements needed to even run Vista and the RIAA/MPAA pushed DRM (Digital Rights Management) which take your rights away from your legally purchased content, it all adds up to a big fat "why do I need that? And you want me to pay for it as well? Yes, sir... Can I have another?" Geez...

So now I humbly urge you that if you have never given Linux a try, now's the time. There are numerous LiveCD distros available so you can try Linux/GNOME/KDE without damaging your current Windows install. And for those of you wanting to try an XGL-based experience, the only LiveCD I know of is located at Kororaa.org (btw, kororaa is a species of penguin, Linux's mascot) and it is heavily dependent on which video card you have installed. Good luck and let me know your experiences!

Update: Seems that Business 2.0 magazine is recommending *not* to buy Vista when it comes out. From the article:

"Boycott Vista. Keep your old Windows XP PC around. Don't buy a new one. That's the only way we have to let Microsoft know Vista is an overhyped, late, and pointless update to XP - a perfectly fine operating system."

Not exactly a ringing endorsement. Just another reason to give Linux a spin...

Update II: A friend sent me a link (h/t Harris) to another story about the inevitable death of Windows. From the article:

"The Vista saga has two interesting lessons for the computer business. It raises, for example, the question of whether this way of producing software products of this complexity has reached its natural limit. Microsoft is an extremely rich, resourceful company - and yet the task of creating and shipping Vista stretched it to breaking point. A lesser company would have buckled under the strain. And yet while Microsoft engineers were trudging through their death march, the open source community shipped a series of major upgrades to the Linux operating system. How can hackers, scattered across the globe, working for no pay, linked only by the net and shared values, apparently outperform the smartest software company on the planet?"

And it goes downhill from there...

Ok, I don't use Windows as a primary OS and haven't for going on 10 years now (with the exception of a few programs I'm required to use at work, I would never touch it). I find it a terrible OS with a horrible UI and just plain ugly to look at (esp. when compared to Mac OSX and the XGL-based GNOME). So, when designing this site, I followed the Internet standards (CSS, primarily) as they should render the pages the same on all browsers, right? After all, Plone does accessibility and other things like that for you...

So check the screenshots. The one on top is IE 6 on XP Pro; the one on bottom is Firefox on Fedora Core 5. The same page that renders wonderfully on all browsers I've tested (Firefox, Mozilla, Opera and Konqueror on Linux; Safari and Firefox on Mac) renders horribly only on Internet Explorer. I just found that out today as one of my friends who uses IE at work showed me. IE just does not follow standards and so now I have to try and figure out how to get these pages to render right in just IE. I'm very tempted to just put a link to Firefox on the page an just blow off IE. From what I understand, they've supposedly fixed these CSS rendering problems in IE7 so that might be easier than trying to figure out how to essentially send 2 pages. Argh! This just pisses me off!

Please, for the good of the Internet. Ditch IE and download Firefox. Not only will you be more secure but you will have more features to use and will be supporting Internet standards at the same time.

Update: Seems the guys who develop Plone have figured this problem out and put up a CSS page that fixes most of the problems (IEFixes.css). Thanks Jon for pointing me in the right direction. It's still not perfect but it'll do...

Well, I guess this makes it official. The patent can viewed here. This was a long, hard slog for us and especially our patent attorney (Thanks, Jeff!) At one point, we really thought the patent wouldn't go through as it was just taking too long (you can see that the original patent we filed this under was in May, 1999. This particular patent, which deals with our distributed firewall and communication system was filed off the original patent application in July, 2000. So it took 6+ years to get it through.)

Now comes the question, "What do we do with it?" Jon Crain (another of the co-founders of that business) and I have been thinking real hard about that. I've tossed a few ideas out there on starting another business that could utilize some of the claims within the patent and I think we'd both like to go there again someday. Originally, Triptych Microsystems (that was our company) was formed in late 1998 around an idea to build a set-top tuner/DVR/computer atop a full Linux OS (think back in mid-1999 when the Netpliance I-Opener came out and other companies were building limited use Internet appliances at a loss in an attempt to subscribe customers to their Internet service.) Our set-top was different in many ways and some of those differences made it to other companies current products.

For example, one of our differences was installing applications. At the time, most applications on Linux were still being complied but some distributions, like Red Hat and SuSE, were using packages called RPMs. We decided that we could compile all the applications for our platform (which was StrongARM based) and "wrap" the complexity using a GUI through a web-browser (this idea pre-dated any of the now many GUI package managers for example Synaptic or pirutby a good 2 years). In our specific embodiment, the user would open a browser and go to our web site, search for the application they wanted to install and then click on the link provided. Then the application would be installed all off the one-click (which is what our internal name for that service was called, "One-Click.") Now, we don't claim that we "invented," so to speak, that process; that idea grew organically from the Linux commons. But that exact process is still being used today by one of the major distributions, Linspire in their "Click-N-Run Warehouse." We had tons of other ideas for that set-top system (a cheaper "satellite" system that would allow you to watch your recorded videos on another tv in the house using wireless (at that time, 802.11a/b/g wasn't as prevalent and we were designing the system around Symphony/Proxim 56k RF wireless cards. Try shoving a 640x480, stereo video recording through a 56k modem. T'wasn't easy... :-) We also developed a Java-based system management program called in-house "Teresa" (a mashup of the real name Triptych Remote Support and Administration = TRSA). That in it's own right could have had it's own company formed around it (doing remote support and maintenance for Linux machines).

Ultimately, though, we decided to "split out" our unique security system we designed for the set-top, a "distributed" and connected firewall system into it's own distinct product called StrongNet. It was a hardware-based firewall that was designed to be an open hardware / open source unit that we were going to give away. Our business model had us making our money on the backend subscription service. The patent covers this device in its preferred embodiment including the electronics that comprised it and it's unique feature; it was able to "report" back what it thought were attacks to our central expert system. We could then correlate events in that expert system and send out updates to all of our subscribed units to protect against those attacks. An example would be a cracker attempts to crack one of our devices. The attacked device would block and detect the attack, send the relevant attack information back to our expert system using encrypted communications where we would then send the attack neutralizing rulesets back to all our subscribed units using a still-waiting-to-be-patented communications protocol. In this way, each firewall was a node in a million-plus unit and growing distributed firewall. From the expert system, we would be able to see how attacks develop, block DDOS attacks from infected clients behind the firewall as well as notify users when they were infected. It was really a neat system.

We also had a road map that got into next generation implementations of the idea. Gen1 was the projected $30 hardware device that you plugged into your broadband modem (and remember, at the time in late 1999/2000, people were just getting on-board for security protection on their broadband nodes as the saturation of broadband hadn't made it very far). Our business model had us giving as many of those devices away as possible and they would have been released under a "hacker's license" which would have stated you could crack open, tweak, microwave or do anything you wanted with the device if you didn't want the backend security service. The units weren't very powerful or expensive so we figured there would be enough subscribers to make up the difference in our "loss leader" business model. Gen2 was designed to have all of the features of the hardware unit on a few chips. That way we could embed the security service into other products like ethernet cards and routers and vendors could outsource their security needs. Our Gen3 product would be specifically designed for mobile devices using a single, low-power chip that could be embedded in PDA's, mobile phones or any device that needed secure communications.

But, alas, we ran out of angel money in mid-2000 and even though we were doing some heavy talking with industry players, they knew that a small start-up like ours wouldn't survive without that first round of venture capital (we actually turned down a first round because the vulture capitalist wanted 75% of the company for a few million dollar stake. We were unwilling to give up control of our company so we turned it down, keeping our pride but not the doors open.) Over the years, Jon and I decided to keep the security patent applications going (abandoning the other 5 patent applications we had written on such cool things as keyboards with application dynamic key remapping...) and today, one of the two patent applications left finally issued.

We really enjoyed the start-up and are absolutely convinced that had we a little more time, our company would still be in business today with a great little 4th or 5th generation product. We still have our business plan and this idea is still just as relevant today as 6 years ago so if any of you venture capitalists would like to talk, just drop me a line. I've got a great idea on how to combine an IPS with this patent... ;-)