Government tech and the proprietary software lockbox

Sun 29 September 2013

The request

In July, the City of Las Vegas Municipal Court (LVMC) denied my records request for electronic court records because its data was “proprietary and owned by [its] vendor, NevSys” (PDF). In response I cited the Nevada Electronic Filing and Conversion Rule 5(j)(2), but to no avail. I was advised to review the contract between the City and Nevsys governing the development of “COURTassist,” the LVMC’s Case Management System.

On 29 July I visited the City’s Purchasing and Contracts Division at City Hall and I asked to inspect CLV Contract No. 040396 (PDF). After some initial confusion about whether or not citizens may scan a record, or a portion thereof, during such an inspection (they may), I was informed that the staffer responsible was not available and I would be unable to inspect the contract that day. I got in touch with the staffer and set an appointment to inspect the contract. This was followed by a rather tedious series of reschedulings over the following weeks.1

The City finally turned over 378 pages of contract documents on 19 September. These documents are embedded below.

Contract highlights

The project to develop COURTassist was overtaken by events and was delivered over budget and several years behind schedule. In short, City:

  • paid NevSys \$1,037,966 to develop the software;
  • provided them office space and at least three full-time City employees to develop it;
  • signed over its ownership to NevSys in exchange for a 2% royalty payment;
  • now pays \$134,000/year (indexed to the CPI) to NevSys for support and maintenance.

Also turns out that there are several manuals that were responsive to the original request. As a comparison, I’m asking other courts in the area what their licensing and deployment costs were, but I suspect that the City didn’t do as badly as I had originally thought.2

Issues

As reflected in the contract documents, the City’s experience during the development of the Municipal Court’s CMS spotlights several fundamental problems with how it and the NPRA treats software and electronic records.

The City ought to have retained ownership of the COURTassist source code

In my view, the City lost an important opportunity by relinquishing its ownership in the CMS to NevSys. While the City has until 2016 to recoup its investment it seems unlikely that it will do so; as far as I can tell, the only other jurisdiction which adopted this software was Boulder City, Nevada, and that was at no cost.

Ceteris paribus, for what the City has paid it could have kept ownership of the source code and made it freely (both free as in freedom and as in no cost) available to other cities, with the contractor providing support just as they are now. Practically speaking, doing so might have saved taxpayers money in cities across the country and gone some way to diversifying the market. With the software open, users could customize it to meet their specific needs, and benefit from the continuous improvement by the community of users. NevSys could have filled—and still can—a niche in the market by adopting an open source business model, such as Red Hat’s subscription model.

Proprietary software and open governance

The difficulty I’ve encountered obtaining data during the course of the Arrests project underscores the risks to open governance posed by proprietary software. I only received two outright denials, one from the lvmpd, and the other from the LVMC. Both claimed that even a mere listing of the data elements present in their databases constituted proprietary information that could not be released to the public.3 Both the NevSys and IAPro contracts make broad assertions of confidentiality that are immediately followed by clauses weakly acknowledging the Nevada Public Records Act. These contortions are required because the democratic principles of openness and public access which are enshrined in the NPRA are in conflict with the business model for proprietary software.

The principled argument that free (as in freedom) software should generally be preferred to closed source proprietary software is one that I would hope resonates with public sector policymakers and IT managers. Government agencies need to insist on free software in order to preserve their control over their own computing. Most government activities now depend on computing, and an agency’s control over those activities—and the data they generate—depends on its control over that computing.

While the IAPro contract egregiously cedes total control over the release of information to the vendor, CI Technologies,4 the NevSys contract simply obligates the City to submit public records requests to NevSys for review. The company has two days to object; if it does so, the company has a week to file for a temporary restraining order to prevent the release of documents and seek judicial review.5 The government has a responsibility to the people to maintain control over its data and the computing it does on their behalf, and must never cede control to private vendors.

A tad simplistic, perhaps. Practical considerations and an aversion to perceived risk mean that government IT projects often fall short of this standard, although trends suggest that this is changing.6

Preserving public access to government data

One pernicious effect of the reliance upon proprietary software is that public records (data) may become “inextricably intertwined” with the software and thus inaccessible to the public without paying for the use of those programs.7 Recently, in Sierra Club v. County of Orange the California Supreme Court unanimously overturned a 2011 appellate decision allowing agencies to charge licensing fees for GIS data.

Preserving public access requires that sunshine laws keep pace with technological advances. Florida law provides an excellent model policy:

119.01 General state policy on public records.

(a). Automation of public records must not erode the right of access to those records. As each agency increases its use of and dependence on electronic recordkeeping, each agency must provide reasonable public access to records electronically maintained and must ensure that exempt or confidential records are not disclosed except as otherwise permitted by law.

(b). When designing or acquiring an electronic recordkeeping system, an agency must consider whether such system is capable of providing data in some common format such as, but not limited to, the American Standard Code for Information Interchange.

(c). An agency may not enter into a contract for the creation or maintenance of a public records database if that contract impairs the ability of the public to inspect or copy the public records of the agency, including public records that are on-line or stored in an electronic recordkeeping system used by the agency.

(d). Subject to the restrictions of copyright and trade secret laws and public records exemptions, agency use of proprietary software must not diminish the right of the public to inspect and copy a public record.

(e). Providing access to public records by remote electronic means is an additional method of access that agencies should strive to provide to the extent feasible. If an agency provides access to public records by remote electronic means, such access should be provided in the most cost-effective and efficient manner available to the agency providing the information.

The State of Connecticut’s Bureau of Enterprise Systems & Technology published system design guidelines to help state agencies and municipalities to comply with Connecticut’s FOIA provisions relating to electronic public records.8 These include:

  1. Ability to access, manipulate and report data currently available in any applications which are being replaced with a minimum of “translation” or modification of tables, parameters, or other factors;
  2. Clear identification of that information in the database which is not exempt from FOIA;
  3. Use of separate tables for exempt and non-exempt data;
  4. Use of a database which allows security at a field level;
  5. Use of non-proprietary data structures and reporting tools;
  6. Data “backups” which ensure availability, including catastrophic loss of primary data, disaster or business interruption;
  7. Permanent copies of data stored on optical or other non destructible media where possible;
  8. Compliance with any applicable standards-setting body for data creation, data sharing, management or communication in the field;
  9. Source code ownership by the municipality or the State of Connecticut and source code escrow by the vendor;

These are both good places to start. The City of Las Vegas is headed in the right direction; it established an open data portal as part of its participation in the National Day of Civic Hacking, and posts its GIS data online as well. So it seems that the problem here isn’t with the intentions of the City, but with the approach that’s been taken thus far. Its announced open data policies pertain to particular data sets, cherry picked by the government, but leave the great majority of the data generated by its day to day operations locked out of sight. The City must adopt appropriate policies and guidelines to ensure that requirements for future IT projects incorporate safeguards for citizens’ access to public records.


Documents produced in response to request no. CLV-20130728


  1. Read the email exchange (PDF). 

  2. I had drawn some negative inferences from the mishandling of my requests by the Municipal Court, and the fact that NevSys removed any mention of COURTassist from its website (current version, cf. June 23, 2013 version) some time after my request in June 2013. 

  3. However, at the very least, NRS 239.010 and the fair use provisions of federal copyright law allow public records to be made available to the public for examination and inspection purposes only. 

  4. See IAPro item #2, and page 8 of the IAPro contract documents (PDF). 

  5. And any documents produced are presumably forwarded as well; an envelope identical to mine, but addressed to “Javed Buttar” (NevSys’ owner), was at the City Attorney’s Office front desk when I picked up the CD. 

  6. See the OGPL, based on Data.gov, and the Veterans Health Administration’s VistA electronic health record

  7. State ex rel. Gambill v. Opperman, 2013 Ohio 761 (OH Supreme Court 2013), Pfeifer’s dissent: “The county engineer in this case has intertwined public records with proprietary software and expects citizens seeking public records to pay an exorbitant price to untie the knot. A person seeking public records should expect to pay the price for copying the records, but not the price for a public entity’s mistake in purchasing inefficient software. Will every citizen asking for what relator, Robert Gambill, seeks—access to records that the majority acknowledges are public records—also have to pay \$2,000? The holding in this case encourages public entities desiring secrecy to hide public records within a software lockbox and require individual citizens to provide the golden key to unlock it.” . 

  8. Found via Braydon Fuller. Fuller has argued that taxpayer-funded software should be available to the public and compiled a helpful list of how state public records laws treat software