Why India Needs To Fuss Over FOSS
Did you know that over 85% of India’s Internet runs on FOSS, or Free an Open Source Software that strikes at the heart of software patents?
If your answer is ‘No’, you may be pleasantly surprised to know that India now ranks 3rd in the world in terms of FOSS usage, according to GitHub. In fact, some of India’s largest government projects, many technology startups, and some of India’s largest software services companies extensively us FOSS, according to a recently-released report titled ‘The State of FOSS in India’ by CivicData Lab.
FOSS communities in India, according to the report supported by Omidyar Network India, have also organized themselves to solve India’s challenges like digital inclusion by creating Indian language fonts, dictionaries and other essential tools that are widely used across the country.
According to Abhishek Singh, CEO of MyGov India, “Many large Government IT applications like Aadhaar, GSTN, Digilocker, UMANG have been built on FOSS and what is needed is to dispel the misconception that open source means anyone can access it and change your code and overwrite it., On the contrary, what we have is a large vibrant community of developers who are going to use their wisdom and their intellect to make sure government technology projects become better.”
Despite these achievements, India still lags “the global landscape in building sustainable home-grown projects and needs a strategic plan to incubate and proliferate domestic FOSS innovations worldwide”, notes the report. For instance, the report points out that despite India having the largest base of developers in the world, its contributions to the global pool of source code have been miniscule. Globally, too, technologies like Artificial Intelligence (AI), the Internet of Things (IoT), and 5G are being built on FOSS, etc., but “these same technologies are sold to us with proprietary wrappers at markups that are 60% or more”, the report adds.
But what exactly is FOSS?
It is software that is freely licensed to use, copy, study, change, improve, and redistribute. FOSS broadly covers both ‘free software’ and ‘open-source software’. While there is a substantial overlap between the two models, they are similar but not the same.
To begin with, the ‘free software’ model, advocated by the Free Software Foundation (FSF), focuses on the fundamental freedoms that a software must give to its users. ‘Open-source software’, on the other hand, as described by Open Source Initiative (OSI), emphasizes business-friendly development, and use of code. Both these models allow for the source code, or building blocks, to be made openly available for everyone to tinker, tweak, and improve upon to build other things.
As an example, 4G data users in India recently crossed 598 million, of which 96% access the internet via open-source based mobile operating systems (primarily Android). India’s contact tracing app ‘Arogya Setu’, too, is also a FOSS product.
Source: ‘The State of FOSS in India’ by CivicData Lab & Omidyar Network India
Not an overnight success
The origins of the FOSS movement in India can be traced to community efforts in the early 1990s by pioneers such as C.V. Radhakrishnan, the late Atul Chitnis, Nagarjuna G, K. S. S. Nambooripad, Satish Babu, and Raj Mathur. By early 2000s, the report notes, India witnessed germination of a variety of Indian Linux User Groups (ILUGs) groups and Free SoftwareUser Groups (FSUGs) spanning different cities and towns.
The Kerala government took the lead in supporting FOSS. As a result, many government agencies in Kerala including the Kerala State Electricity Board as well as the Government Secretariat adopted machines that ran fully on Linux. In 2009, Kerala set up the International Centre for Free and Open Source Software (ICFOSS). These changes, according to the report, have been saving the Kerala government about Rs 300 crore every year. Two years later, the Indian Supreme court moved all its activities to Ubuntu and encouraged all the other courts in thecountry to transition as well.
FOSS got a further fillip in 2015 when the Indian government announced a “policy on the adoption of open source software for the Government of India” as part of its Digital India programme.
But it was not smooth sailing always
One may recall the intense global industry debate over ‘open standards’ till about eight years back. On the one hand, we had Microsoft’s Office Open XML (OOXML) file format backed by Apple, Novell, Wipro, Infosys, TCS and Nasscom. On the other was the Open Document Format (ODF), supported by the likes of IBM, Sun Microsystems, Red Hat, Google, the Department of Information Technology, National Informatics Centre, CDAC, IIT-Mumbai and IIM-Ahmedabad.
ODF proponents opposed OOXML on grounds that ‘multiple standards’ are not good, while Microsoft argued that OOXML — a recognised standard by ECMA International too — is a response to evolving technology formats in line with continual evolving technology systems. India said ‘No’ to OOXML (but which was accepted by the International Organisation for Standardization as an international standard). States such as Delhi, Kerala, and others from the North-East were heavy adopters of ODF file formats which are open and free (excluding maintenance and support).
It’s altogether another story that companies like Microsoft now embrace open-source software.
Security concerns persist, though
A December 2020 survey done by the Linux Foundation’s Core Infrastructure Initiative (CII) and Laboratory for Innovation Science at Harvard (LISH), indicates that about 75% of FOSS contributors are already employed full-time and nearly 52% of these are “specifically paid to develop FOSS”.
The survey simultaneously acknowledged that “there is a clear need to dedicate more effort to the security of FOSS” but adds that “the burden should not fall solely on contributors”. “Understanding open source contributor behaviors, especially as they relate to security, can help us better apply resources and attention to the world’s most-used software,” said David A. Wheeler, director of open source supply chain security at the Linux Foundation, in a December 8, 2020 press statement. “It is clear from the 2020 findings that we need to take steps to improve security without overburdening contributors and the findings suggest several ways to do that.”
Addressing security concerns, typically involve improving existing code by addressing security issues, rewriting code, and incorporating security into new code. The survey, however, notes that “…In all of these cases, developers are not interested in dramatically increasing their time on security, so identifying ways to reduce or distribute the effort will be important”, since developers do not want to become “security auditors”.
Hence, the survey recommends that the vulnerabilities must be identified (e.g., using audits and tools), and then the appropriate fixes must be developed and proposed. It also insists that the success of FOSS will hinge largely on incorporating security into new code in the FOSS ecosystem, and this “needs to become a priority for all FOSS stakeholders”. The survey also underscored the fact that “corporate involvement in FOSS should be made clear to reduce accusations of hidden agendas”.
Next steps
This decade has also seen the rise of homegrown FOSS projects like Calibre 32, ERPNext 33, Chatwoot 34, according to the CivicData Lab report. Going forward, however, the report concludes that the FOSS movement will need more support from individual volunteers and consultants, FOSS groups, schools, higher educational and research institutes, online educational actors, micro small and medium tech enterprises, global tech firms, local and state governments, national governments, FOSS funders, and FOSS investors.
