Your SlideShare is downloading. ×

Open Source Use in Law Enforcement


Published on

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Providing Unbiased and Objective Technical Assistance Enabling Criminal Justice Information Exchange Modernizing Criminal Justice Processes Open–Source Software Use in Law Enforcement NOBLIS TECHNICAL REPORT NTR-2007-024 Contract Number 2001-LT-BX-K002
  • 2. NTR-2007-024 Noblis Technical Report Open Source Software Use in Law Enforcement June 2007 Mun-Wai Hon Gregory A. Russell Michael J. Welch Supported Under Cooperative Agreement 2001-LT-BX-K002 Office of Science and Technology National Institute of Justice Office of Justice Programs U.S. Department of Justice The opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the Department of Justice. The products and manufacturers discussed in this document are presented for informational purposes only and do not constitute product approval or endorsement by the U.S. Department of Justice. Noblis strives to provide the latest and most complete information in its documents and makes such documents available for informational purposes only. Reproduction or other use of this document or its contents for commercial gain is expressly prohibited. Noblis is not responsible for the use of the information provided herein. Cover design by Mary Brick, Noblis ©2007 Noblis. All rights reserved.
  • 3. Open Source Software Use in Law Enforcement Executive Summary This report provides an overall picture of how some law enforcement practitioners are turning to the use of open source software to respond to growing information technology (IT) needs in the midst of shrinking budgets. After a brief introduction to open source software, this report covers how some law enforcement practitioners currently are using open source software in areas ranging from basic office automation functions to hosting their computer-aided dispatch system. Based on a literature search, national survey results, and site visits, this document provides guidance to answer a number of questions: • What is open source software and why is there so much excitement about it? • Have any law enforcement agencies deployed open source software, and if so, how successful has the deployment been? • What are some open source software products for desktop operating systems and databases? • Do open source solutions exist for common law enforcement applications, such as records management? • Has there been any total cost of ownership or other analysis that shows advantages to using open source software? This document describes how agencies might use open source software to meet their operational needs and how open source software presents an alternative to traditional closed source software packages. The challenges encountered when using open source software – organizational, functional, and cost constraints – are also presented, including first-hand comments from the agencies that the Noblis team visited. In preparing this document, a national survey was conducted that gathered data on the extent and current state of law enforcement use of open source software. Key trends and common themes are highlighted from the survey, as well as important items for agencies to consider as they plan to implement open source software. The survey also attempted to rank the law enforcement operational areas that may be best positioned to benefit from the use of open source software. A number of observations can be made based on survey results, including: • National Survey Result Response 1. Interoperability with Microsoft applications is a key concern for agencies interested in using open source software. • National Survey Result Response 2. Open source software can offer capabilities beyond closed source software packages in areas such as computer forensics. • National Survey Result Response 3. Open source software provides a low-cost to no-cost barrier to evaluating and operating new applications. • National Survey Result Response 4. Agencies that do not purchase closed source applications are considered cheap by end users even if the software functions are comparable. The survey results support the general findings by the Noblis team based on its interviews with law enforcement practitioners. Of the agencies actively using open source software, the majority agree that using open source software would benefit law enforcement functions. ii
  • 4. Open Source Software Use in Law Enforcement This document concludes by providing interested agencies with recommendations that will help to shape the direction of an open source software implementation while avoiding pitfalls and maximizing the effectiveness of the conversion. Primary recommendations are listed below: • Recommendation 1. It is essential that law enforcement become aware of what is available in open source software and what their colleagues are doing in this arena. • Recommendation 2. The majority of agencies contemplating a move to open source software should consider a hybrid approach that leverages current hardware and software with open source enhancements. • Recommendation 3. Agencies moving to open source software need to get their community leaders on board with the idea early and be ready to demonstrate the benefits and the interoperability of the selected system. • Recommendation 4. Agencies new to open source software and those with more experience need to create common resources for the benefit of other law enforcement agencies interested in exploring the use of open source. iii
  • 5. Open Source Software Use in Law Enforcement Acknowledgments The authors would like to express their appreciation to the following individuals for openly sharing their experiences. Much of the information contained in this report came from them and their dedicated staff. We appreciate their candor and collaboration. Person Affiliation Charles Kalil Director of Information Technology, City of Garden Grove, California Harold Schomaker Chief Information Officer, City of Largo, Florida Trooper Jon Nelson Task Force Leader, Computer Forensics, Pennsylvania State Police John Weathersby Director, Open Source Software Institute, Oxford, Mississippi Helen Hall Director of Information Technology, City of Fullerton, California Chris Overtoom Information Technology Specialist, City of Fullerton, California The authors would like to acknowledge the contributions made by the agencies and staffs interviewed over the course of this project. Most notably Mr. Harold Schomaker, CIO of the city of Largo, FL who gave us tremendous insight into an alternative architecture. Mr. Charles Kalil with the city of Garden Grove, CA, provided access not only to his agency, but also – on short notice – arranged a meeting with colleagues at another agency who were able to address additional areas of concern. Ms. Helen Hall at Fullerton, IT Director of the city of Fullerton, CA, made herself and her staff available on short notice and providing us with insight into her city’s IT background, architecture, and systems. Mr. Chris Overtoom, Fullerton City Police IT Specialist, demonstrated the city’s CAD (running on an OS platform) and answered numerous technical questions. Trooper Jon Nelson demonstrated numerous open source applications that are currently in use in his computer forensics lab. Mr. John Weathersby arranged for us to view an open source jail-management system. The authors are also indebted to the hundreds of agencies who received and responded to our request for information/survey on the use of open source software in the law enforcement community. Their participation provided a great deal of insight not available from other sources. The authors would also like to express their appreciation to the following individuals without whom this document would not have been possible: Mr. Jeffrey Michaels, Senior Technical Librarian at Noblis, for his extensive research of pertinent subject matter; Mr. John Dobiac, Senior Principal at Noblis, for his careful review and recommendations on technical issues; and Ms. Lynn Dargis, Senior Principal at Noblis, for her unbiased draft review and assistance in making the overall document more coherent for the reader. iv
  • 6. Open Source Software Use in Law Enforcement TABLE OF CONTENTS 1 INTRODUCTION 1-1 1.1 Definition 1-1 1.2 Background 1-1 1.3 Document Scope 1-1 1.4 Assumptions and Constraints 1-1 1.5 Document Organization 1-2 2 PROJECT APPROACH AND METHODOLOGY 2-1 2.1 Phase 1: Literature Search 2-1 2.2 Phase 2: Collecting Data from Law Enforcement Organizations 2-2 2.2.1 Developing a National Survey 2-2 2.2.2 List of Top Survey and Questionnaire Respondents 2-2 2.3 Phase 3: Site Visits 2-2 2.4 Phase 4: Conducting Lab Trials and Building Feature Comparison Matrices 2-2 2.5 Phase 5: Consolidating Findings and Documenting Study Results 2-3 3 OPEN SOURCE SOFTWARE 3-1 3.1 What is Open Source Software? 3-1 3.1.1 Key Terminology 3-1 3.1.2 Types of Open Source Software 3-1 3.1.3 Defining Open Source Software 3-2 3.1.4 Open Source Software Licensing 3-3 3.2 Operating System Overview 3-3 3.2.1 Open Source Operating Systems 3-3 3.2.2 Support for Open Source Operating Systems 3-5 3.2.3 Linux Introduction 3-6 3.2.4 Popular Linux Distributions 3-6 3.3 Misconceptions about Open Source Software 3-7 3.4 System Architectures: Closed Source, Open Source, Hybrid 3-8 3.4.1 Closed Source Architecture 3-8 3.4.2 Open Source Oriented Architecture 3-9 3.4.3 Hybrid Architecture 3-11 4 OPEN SOURCE SOFTWARE – IS IT APPROPRIATE FOR LAW ENFORCEMENT? 4-1 4.1 The Business Readiness Review for Open Source Model 4-1 4.2 Political, Economic, Social, and Technological (PEST) Analysis 4-1 4.2.1 Political 4-1 4.2.2 Economic 4-2 4.2.3 Social 4-2 4.2.4 Technological 4-2 v
  • 7. Open Source Software Use in Law Enforcement TABLE OF CONTENTS (continued) 4.3 Strength, Weakness, Opportunities, and Threats (SWOT) Analysis 4-3 4.3.1 Strengths 4-5 4.3.2 Weaknesses 4-6 4.3.3 Opportunities 4-6 4.3.4 Threats 4-7 4.4 Considerations for Adopting Open Source 4-8 4.4.1 Financial Considerations 4-8 4.4.2 Transition/Environmental Considerations 4-8 4.4.3 Political Considerations 4-9 4.5 The Adoption of Open Source 4-9 4.5.1 Challenges for Open Source 4-9 4.5.2 Areas Requiring Improvement or Change 4-11 5 CHARACTERISTICS AND OVERVIEWS OF AGENCIES CURRENTLY USING OPEN SOURCE SOFTWARE 5-1 5.1 Garden Grove, California 5-1 5.1.1 Open Source Workstation Software 5-1 5.1.2 Open Source Databases, System Links, and Police Records Management System 5-2 5.2 Largo, Florida 5-3 5.3 Pennsylvania State Police Computer Forensics Task Force 5-3 5.4 Open Source Software Institute, Mississippi 5-5 6 EVALUATION OF SELECT OPEN SOURCE DESKTOP OPERATING SYSTEM DISTRIBUTIONS, APPLICATIONS, AND DATABASES 6-1 6.1 Open Source Operating System Evaluation 6-1 6.2 Open Source Application Evaluation 6-2 6.2.1 Common Open Source Applications 6-3 6.2.2 Law Enforcement Specific Applications 6-4 6.2.3 Open Source Application Evaluation Criteria 6-4 6.2.4 Open Source Application Evaluation Results 6-5 6.3 Open Source Database Evaluation 6-6 6.3.1 Evaluation Criteria Reference and Customization 6-6 6.3.2 Open Source Database Evaluation Criteria 6-7 6.3.3 Open Source Database Evaluation Results 6-7 7 RECOMMENDATIONS 7-1 7.1 Using Open Source Software 7-1 7.1.1 Law Enforcement Specific Software Remains Lacking 7-2 7.1.2 Costs: Not All Savings Are Monetary 7-2 vi
  • 8. Open Source Software Use in Law Enforcement TABLE OF CONTENTS (continued) 7.2 Recommended Approach for Open Source Adoption by Law Enforcement 7-3 7.3 Advice from Practitioners for Using Open Source Software 7-4 7.4 Final Thoughts 7-5 APPENDIX A GLOSSARY OF ACRONYMS A-1 APPENDIX B WEB SURVEY OF LAW ENFORCEMENT AGENCIES B-1 APPENDIX C SITE QUESTIONNAIRE C-1 APPENDIX D COMPONENT PACKAGES IN THE “POPULAR” DISTRIBUTION D-1 APPENDIX E DATABASE FEATURE COMPARISON MATRIX E-1 APPENDIX F REFERENCES F-1 vii
  • 9. Open Source Software Use in Law Enforcement LIST OF TABLES Table 1. Open Source Applications Used by Garden Grove 5-2 Table 2. Open Source Applications Used by Largo 5-3 Table 3. Open Source Applications Used by the Pennsylvania State Police Computer Forensics Task Force 5-4 Table 4. Common Open Source Applications and Functions 6-3 Table 5. Open Source Software Packages 7-3 Table 6. Law Enforcement Functional Areas Without Mature Open Source Options 7-4 Table 7. Open Source Software Implementation Advice 7-4 viii
  • 10. Open Source Software Use in Law Enforcement LIST OF FIGURES Figure 1. Project Approach 2-1 Figure 2. The OSI Certification Mark 3-2 Figure 3. Typical Small to Medium-Sized Agency Closed Source Architecture 3-9 Figure 4. Thin Client Architecture 3-10 Figure 5. Largo Thin Client Device 3-10 Figure 6. Hybrid Open Source and Closed Source Architecture 3-11 Figure 7. PEST Analysis 4-1 Figure 8. SWOT Analysis 4-3 Figure 9. Survey Results on Reasons to Use Open Source Software 4-4 Figure 10. Survey Results on Reasons Not to Use Open Source Software 4-5 Figure 11. Survey Respondents View of Open Source Software Implementation Approach 4-10 Figure 12. Survey Results on Open Source Software Problems Encountered 4-11 Figure 13. Survey Results on the Areas of Improvement for Open Source Software 4-12 Figure 14. Sites Surveyed that Use Mature Open Source Software 5-1 Figure 15. The Penguin Sleuth Kit Logo 5-5 Figure 16. Screenshot of Open Source Jail Management System 5-6 Figure 17. Survey Respondents Ranking of Open Source Component Importance 6-1 Figure 18. Web Survey Setup Screen B-1 Figure 19. Completed Web Survey Question Form B-2 Figure 20. Agency Information Screen for Open Source Survey B-3 Figure 21. Open Source Survey Setup Diagram B-3 Figure 22. Open Source Survey Question Screen 1 B-4 Figure 23. Open Source Survey Question Screen 2 B-5 Figure 24. Open Source Survey Question Screen 3 B-6 Figure 25. Open Source Survey Question Screen 4 B-7 Figure 26. Open Source Survey Question Screen 5 B-8 Figure 27. Example Raw Data Spreadsheet Generated from Open Source Survey Application B-9 Figure 28. Example Analysis Chart Generated from Open Source Survey Application B-10 ix
  • 11. Open Source Software Use in Law Enforcement 1 INTRODUCTION Law enforcement agencies are relying more and more on technology to assist them with collecting, analyzing, and sharing information. Currently, many systems are proprietary and require extensive customization that only a specific vendor can perform due to licensing and patent restrictions. Upgrades, software fixes, and new functionality often require agencies to invest a significant amount of time, money, and other resources. Small and medium-sized agencies often lack such resources, yet their need for information technology (IT) tools continues to grow. Faced with little funding and aging technology components, some law enforcement practitioners have turned to using open source software as a cost- effective solution for meeting their technology needs. 1.1 Definition Open source software is software that is provided with the source code used to create the software application. This allows a technologically savvy user an opportunity to fully explore the makeup of the application. Open source software is licensed such that the user has the right to view, modify, and redistribute the code – in original or modified form – as long as they don’t prohibit the same use by others. 1 This type of software is contrasted with proprietary or “closed” software, which does not make the source code available or allow modifications. Another common difference between the two is that proprietary software is updated infrequently via “releases,” while open source software is often under continuous development – including daily updates. Sets of updates are then provided to interested parties as “distributions.” 1.2 Background The purpose of this study is to determine what open source applications exist and which law enforcement operational areas – regardless of agency size – could benefit from the use of open source software. These areas range from performing basic office business functions to gathering and analyzing computer forensic information. The use of open source software to meet information-sharing and other unfunded mandates has attracted the attention of the International Association of Chiefs of Police (IACP) and the National Institute of Justice. Open source software also has the potential to support the modernization of small and rural law enforcement agencies. These agencies typically lack the IT skills and funding available to police departments in metropolitan cities. 1.3 Document Scope This document provides agencies with an introduction to open source software. The document focuses on existing law enforcement applications built using open source software, but it also serves as a guide to help the reader understand the background for successfully deploying open source software. Feature comparison matrices and lab trials of several database and desktop open source packages are included to provide practical, hands-on insight to the study. Details on the specific open source distributions examined and sites visited are found in the Appendices. 1.4 Assumptions and Constraints This document is not a full study of all open source software products and their applicability to law enforcement adoption. Rather, this study should be considered an outline of considerations that should be made prior to adopting an open source software approach. The open source software products reviewed are presented to provide an awareness of the maturity of open source software within the operating 1 A number of additional criteria are required to be “certified” as an open source product, see Section 3. 1-1
  • 12. Open Source Software Use in Law Enforcement system, office suite, and database environments. The reviews also identify the features of the reviewed products. Specific recommendations cannot be made, as recommendations need to be based upon the features required of the individual law enforcement organization. 1.5 Document Organization The remainder of this report describes key areas of open source software and law enforcement sites that use open source software. Section 2 discusses the project methodology used in this study. Section 3 provides an introduction to open source software and examples of information system architectures that use open source components. Section 4 outlines the analysis on whether open source software is appropriate for law enforcement use. Section 5 provides an overview of some agencies currently using open source software. Section 6 presents the features and evaluation results of selected open source software packages. Finally, Section 7 gives recommendations to law enforcement agencies on using or migrating to open source software. The document includes a set of Appendices. Appendix A provides a glossary of terms. Appendix B describes the design and use of the open source web survey software in collecting data for this project. Appendix C provides a copy of the site visit questionnaire. Appendix D shows components included in popular open source distributions. A summary of open source database features is included in Appendix E. References are included as Appendix F. 1-2
  • 13. Open Source Software Use in Law Enforcement 2 PROJECT APPROACH AND METHODOLOGY The phased approach shown in Figure 1 was followed to investigate how open source software is currently being used in law enforcement agencies. Figure 1. Project Approach In the first phase, a literature search was conducted to gather background information consisting of previous studies, published examples, and a concise list of agencies currently experimenting with open source software. Concurrent with this effort, a short survey on open source interest, adoption, and concerns 2 was distributed to more than 1,300 randomly selected members of the law enforcement community. For Phase Two, the project team collected data from the law enforcement agencies and organizations identified in Phase One. In Phase Three, the Noblis project team contacted the top four organizations to arrange visits or conference calls to gain an understanding of how their use of open source software evolved and to solicit recommendations that these early adopters would offer to other agencies. Phase Four involved lab trials of open source operating systems, desktop environments, database applications, and office suite packages mentioned by the surveyed sites and research findings. The final phase consolidated findings and documented the study results. 2.1 Phase 1: Literature Search The literature search consisted of three sources: trade journals, internet searches, and research reports. It involved identifying the different types of open source software that were relevant to this study. This study limited its scope to open source operating systems, system utilities, databases, office suites, and law enforcement specific applications. These types of applications provide either the back-end software required to run an application, the software used to help maintain the applications, or the software to perform spreadsheet and word processing functions. In addition, the study was interested in identifying any law enforcement specific applications. The literature search was further constrained by limiting it to certain types of articles. Specifically, this study focused on articles that addressed one of the following aspects of open source components: • Reviewed an open source software component • Compared/contrasted the features of one or more open source components • Discussed the total cost of ownership of one or more of the open source components • Discussed the adoption/use of the component within the law enforcement environment. • Discussed the adoption/use of the component within state/local government • Discussed the adoption/use of the component within industry at large 2 This survey is presented in Appendix B. 2-1
  • 14. Open Source Software Use in Law Enforcement 2.2 Phase 2: Collecting Data from Law Enforcement Organizations Several weeks into the literature search, the project team had background material and a sense of which law enforcement agencies were using open source software. This background material helped the team develop survey questions that would solicit the necessary data for the study. 2.2.1 Developing a National Survey Using the open source survey tool described in Appendix B, a national survey form was created to identify the extent and current state of law enforcement interest, adoption, and use of open source software. The national survey questions addressed such areas as what open source software deployments exist and how law enforcement agencies view open source software. It also facilitated a ranking of law enforcement operational areas that may be best positioned to benefit from the use of open source software. Section 5 incorporates survey result graphs that highlight key trends and common themes from the interviews and national survey. These trends and themes are important items for agencies to note and factor into their open source software implementation planning. 2.2.2 List of Top Survey and Questionnaire Respondents The national survey identified four organizations for the project team to contact and learn about their open source software efforts: • City of Garden Grove, California: Led by Director Charles Kalil, Garden Grove has leveraged many open source software products in support of the police department. • City of Largo, Florida: CIO Harold Schomaker often hears of how Largo is cited as a leading adopter of open source software; Largo has the largest use of open source software found in this study of the continental United States. • Pennsylvania State Police Computer Forensics Task Force: Trooper Jon Nelson responded to the national survey and described the ways he was using open source software as the computer forensics task force leader. • Open Source Software Institute: Using Department of Defense funding, Institute founder John Weathersby created an open source based Jail Management System (JMS). Building upon the national survey results, the project team created a set of interview questions to standardize the meetings with each of the four organizations. These interview questions aim more toward best practices and lessons learned in using open source software. Appendix C has a copy of the interview questions that map to sections of this document. 2.3 Phase 3: Site Visits The project team contacted the top four organizations to arrange visits or conference calls to see how their open source software use evolved and to solicit recommendations that these early adopters would pass along to other agencies. The site visits helped the project team narrow the scope of open source packages to those that law enforcement agencies have tested and currently use. The information gathered from practitioners during the site visits also provided the basis for the recommendations and best practices found in later sections of this document. 2.4 Phase 4: Conducting Lab Trials and Building Feature Comparison Matrices Phase Four of this study consisted of a series of lab trials to add first-hand experience with the open source software packages used by law enforcement practitioners interviewed for this study. Using a 2-2
  • 15. Open Source Software Use in Law Enforcement standard system configuration, project team members installed and examined the features provided by desktop operating systems and open source database applications. The lab trials were not extensive evaluations nor were they intended to show that open source applications provided functionality superior to closed source equivalent programs. Instead, the trials focused on the clarity of the installation instructions, product performance and completeness (based against published descriptions), and flexibility of the software package. Hardware and software compatibility, speed of execution, and perceived ease of use were also evaluated. Section 6 presents some background on and discussion about evaluating the database and operating system software distributions. 2.5 Phase 5: Consolidating Findings and Documenting Study Results The last project phase consisted of consolidating findings, notes, and observations in order to create this document. 2-3
  • 16. Open Source Software Use in Law Enforcement 3 OPEN SOURCE SOFTWARE It is important that law enforcement agencies develop an understanding of the formal definition of open source software and how the different licensing systems operate. Once they have this basic understanding, law enforcement agencies can begin to separate the facts about open source software from the many misconceptions. 3.1 What is Open Source Software? The following sections provide a brief overview of open source software. Readers unfamiliar with this technology will be able to understand the basic principles that are discussed in greater detail in the remainder of the document. 3.1.1 Key Terminology This document uses a number of terms that are common in the realm of open source software and systems that may not be familiar to all readers. In an attempt to “level the playing field” for readers of all familiarity levels, the following terms are defined at the outset: Open Source Software that requires the distribution of its source code along with the applications. Closed Source Proprietary software that forbids the viewing of the source code or the reverse engineering of the application. Component Blocks of software code that are connected for utility, convenience, or both – not always as a necessity of function. Unlike “traditional” software (Adobe Photoshop, Microsoft Vista, RealPlayer, etc.) that is presented as a unified system, open source software is essentially a series of interconnected pieces. Frequently – though not always – components can be added or removed from software “systems” on an as- needed basis either by the user or by the software provider. Build A software version – frequently used for software under active development. Distribution A software release. Open source software under active development may have numerous distributions, including daily builds. 3.1.2 Types of Open Source Software Open source software is found across the spectrum of software availability. Operating systems, databases, business applications, applets, security and utility programs, education, and games are all available in the open source environment. Open source software runs everything from small notebook computers to large server farms. Open source applications provide desktop environments, calendars, word processing, firewalls, web servers, and much more. The website SourceForge 3 tracks more than 146,000 current open source projects. Although it is not as well known, open source software is prevalent in other environments from the embedded software in sensor systems to cash registers to the flight entertainment computers on aircraft. The benefits of open source software are becoming apparent to many industries. 3 3-1
  • 17. Open Source Software Use in Law Enforcement 3.1.3 Defining Open Source Software As mentioned above, open source software is software that requires the distribution of its source code along with the applications themselves. It is this factor that makes it significantly different from proprietary or “closed” software. Allowing other programmers to view the source code of an application allows complete insight into its function. Individuals who want to use the software can inspect it for weaknesses or security flaws – whether intentional or not. Frequently, the license provided with open source software allows the application to be modified to suit the needs of other users. This modified application can then be used and, in general, distributed to others for use and further modification. Changes to open source software may have to be returned to a centralized site that controls dissemination of the software, again, depending on the license the software was distributed under. An important concept about the open source approach is that open source software should be thought of as "free" as in "free speech" and not “free food.” 4 According to the Free Software Foundation, free software is a matter of the users’ freedom to run, copy, distribute, study, change, and improve the software. 5 The non-profit Open Source Initiative (OSI) expands upon this definition and stipulates that open source software must comply with the criteria summarized below: 6 • The software must be freely available • The source code must be included • Modifications of the software is allowed • The original source code must be identifiable • The license must not allow discrimination against people or fields of use • Licensing rights need to be consistent to all persons and not require additional licensing • License must not be specific to another product nor restrict other software • The license must be technology neutral In an effort to encourage developers to voluntarily comply with the open source criteria, software distributed with a license that conforms to the OSI definition is allowed to carry a certification mark, OSI Certified, as illustrated in Figure 2. As a sign that this mark has value among academia and industry, this certification mark is seen on software distributed by Apple, Computer Associates, IBM, MIT, NASA, Nokia, and Sun, among others. Figure 2. The OSI Certification Mark 4 5 6 - Version 1.9 3-2
  • 18. Open Source Software Use in Law Enforcement 3.1.4 Open Source Software Licensing The GNU General Public License (GPL) is the most widely used open source license in industry. Its terms are straightforward, and yet there are two commonly held misconceptions that often leave people confused and at risk for making incorrect decisions. The first misconception is that the GPL requires free distribution of both source code and binary code – it does not. The second misconception is that once software has been distributed under the GPL, GPL is the only license under which the software can be distributed. In fact, there are no limits on how many ways you can license material for which you hold the copyright. 7 3.2 Operating System Overview Operating systems are the programs essential to the operation of any computer. The operating system accepts input to the computer, provides for the output response(s), manages data storage on the hard drive and memory chips, allocates tasks to various computer components, and controls nearly all essential computer resources. The components of an operating system often extend beyond what is required, such as controlling and allocating memory, into what is useful in the more robust systems. For example, it is common to include word processing, audio, and video tools; email, and web browsers in addition to the essential hardware and software operating code. In the early days of “mainstream” computer use, people spent time providing instructions to the computer via the command line. The Disk Operating Software, or DOS, that was common at that time allowed users to give the PC simple instructions and receive calculated replies in return. More complex tasks evolved, including rudimentary word processing, database, and simple text-based internet communication. To make the interface a bit more user friendly, a simple color interface was added that, with the aid of a mouse, allowed users to interact quicker and more efficiently with the computer. This Graphical User Interface (GUI) was expanded on machines running Amiga, Apple, or Microsoft Windows 3.1 software. These interfaces allowed a richer interaction with the computer, allowing for the development of WYSIWYG 8 word processing applications, “drag and drop” file manipulation, consistent printer functions across various machines running similar word processors, and a host of other amenities that made the computer more accessible. This interface also allowed the development of some of the first graphical, remote connection discussion groups and chat systems, including AppleLink, the precursor to America Online. Today, computer users are offered a rich GUI with the ability to customize how they work and interact with the machine based on options that the operating system vendor provides or via add-ons that are created to provide for modifications. 3.2.1 Open Source Operating Systems Open source operating systems have traveled a similar development path, from strict command line interface to minor GUI enhancements to full-fledged desktop environments that are fully customizable. The pre-packaged interfaces available on many distributions today allow a great deal of user-defined flexibility. A user seeking more customization is able to add additional packages or adjust ones already in place to suit their needs. As with larger commercial operating system packages, many of the open source operating systems available today install with the ability to identify all of the system’s hardware components, printers, monitors, network connections, web cameras, and other peripherals and have them all up and running at the completion of the installation process. 7,7211,40394,00.html 8 What You See Is What You Get 3-3
  • 19. Open Source Software Use in Law Enforcement Examples of the most commonly known open source operating systems are: • FreeBSD. The FreeBSD operating system was developed from a derivative of the BSD UNIX operating system created at the University of California, Berkeley. It runs on a wide range of hardware and positions itself as a high-quality, no-cost competitor to larger commercial UNIX systems. FreeBSD can be run both on the workstation and the server. • OpenSolaris. OpenSolaris is a derivation of the code written for Unix System V Release 4. As a project of Sun Microsystems, it has the backing of a large corporation and a foothold in the academic community. • Linux. Linux is the best known of the open source operating systems. Originally looked at as server software, Linux has developed into a full-fledged competitor to Mac OS and Windows on the desktop. Due to its popularity and ease of entry-level use, this operating system was the focus of Noblis research. Appendix D provides descriptions of a number of Linux-based operating systems, along with details of the basics the systems provide and the extras that distributions offer, as described below: • Operating System Basics. Covers the essential material of the distribution, such as kernel information, release date of the distribution covered (Note: distributions can vary widely on content based on release date), supported processors, 9 type of installation methodology, etc. • Networking and Security. Discusses the network connectivity provided, printer interface service, security, and compatibility packages found in the selected distributions. • Programming Tools. Five programming tools were selected that are common to distributions. Two work specifically with the operating system; the remaining three are cross-platform applications that can allow a programmer to write applications useful to Linux and other operating systems. • Desktop/GUI. Provides information on the desktop(s) included in the distribution as well as methods available to interact or modify it. • Applications/Email/Browsers. A small list of representative applications that are packaged with the operating systems that allow for accounting, word processing, instant messaging, email, and web browsing. While none of these applications are essential to an operating system, they allow the user to work immediately after installation by providing the basic framework of applications in common business use. • Databases. The ability to use a database package without spending a great deal of money up front ranks heavily with distribution developers. Each of the distributions reviewed provide a minimum of three database packages that can be selected. • Audio/Video Applications and Services. Additional services that are frequently packaged with an operating system include audio and video applications and services. These allow users to listen to music, watch video files, sort images from a digital camera, and possibly manipulate such files. 9 While some distributions can run on a wide array of processors, we’ve limited ourselves to processors common in servers and desktops. 3-4
  • 20. Open Source Software Use in Law Enforcement 3.2.2 Support for Open Source Operating Systems It is important to repeat that open source software has a larger degree of freedom than commercial software in the way it is used, modified, and redistributed. However, within this freedom lies a good deal of risk, especially to the mission-critical environment of law enforcement. This is particularly true with open source operating systems. Complex modifications, such as adding a wireless communication component, must be made by persons knowledgeable in software security so that the system is not compromised. The ability to access the latest open source operating system by download or on compact disc (CD) gives nearly any agency the ability to participate and investigate open source systems. At the simplest level, this is an excellent place to start. On a single machine with no impact to the operation, a great deal can be learned by experimenting. The downside is that this option comes with no corporate support. However, for those willing to experiment at this level, there is a robust user community to aid the user when problems arise. Limited Support Assistance For users who require more support, many of the common operating system distributions can be obtained from the developer with a limited support package. Staff may be available by email or phone to assist in the installation and running of the operating system. However, while the developer can typically provide excellent and quick support with issues specific to the operating system, it is important to note they may have little or no experience in dealing with the law enforcement applications the agency is running. Commercial Support Assistance The successful implementations of open source systems that were reviewed on site visits highlighted that while there are many benefits to using open source software, the staff required to make it successful is key. Departments with strong, open source focused technical support staff have few problems implementing their desired systems. Such staffs have the training and knowledge needed to install, modify, and maintain the open source systems. These agencies, while often successful, are not alone in their desire for an open source environment. So how would an agency lacking such technical staff attempt the migration toward an open source architecture? That’s where commercial implementations can be very helpful. The basic code underlying the open source operating systems provided by vendors such as HP, IBM, Novell, Red Hat, and others is the same as the code that can be downloaded and used for free. Enhancements to the software – including fault tolerance and automatic rollover – are services that these companies can provide to paying customers. In combination with the enhancements, extra services that these companies offer may make them a desired partner in implementing open source software at enterprises that lack specific technical expertise but have adequate financial resources. HP can provide its customers with both the hardware and the software necessary to implement an open source environment. The Linux distributions they offer are certified by their engineers to function on specific hardware, and the company will put its full support infrastructure behind it. They can provide a “one-stop shop” of consulting, engineering, hardware, software, and support all under a single well- known entity. IBM provides technical services to customers that are interested in an open source environment based on their long history in this environment. While IBM is well known and well regarded in “mainstream” computing, they have also invested heavily in the open source community – claiming more than a $1 billion investment in Linux development alone. 10 They also participate currently in over 120 different open source projects and have released 500 of their technology patents to a “patent commons” where 10 3-5
  • 21. Open Source Software Use in Law Enforcement developers can make use of the patented material for open source applications without concern of patent infringement. 11 Novell also participates in a number of open source projects using their vast corporate resources. They guide the development of the openSUSE Linux distribution while providing the SUSE Linux Enterprise to paying customers. Novell’s consulting, engineering, training, and support services add to their appeal as a for-fee partner to novice open source users. Red Hat, providers of the free Fedora open source operating system, also provides enhanced enterprise- level packages designed to run both client and servers. They can provide the Red Hat Application Stack that combines their Enterprise-class operating system, application server, open source databases, and web server to interested parties. Consulting, engineering, training, and support are additional services that make Red Hat a frequent partner for entities that want to implement an open source architecture. The extra services these companies offer, while at a cost, may be enough to aid a law enforcement agency in convincing their public oversight body(ies) that moving down the open source path is not only cost- effective in the long run, but it is safe to do so under the guidance of professional technicians backed by multi-national corporations. 3.2.3 Linux Introduction The most popular open source operating system is based on UNIX or the derived Linux, commonly referred to as *NIX. While other operating systems are open source, none have the market share of the *NIX variations. This is reflected in the survey that was conducted during this research – where all respondents using open source operating systems used the Linux operating system or a proprietary operating system with open source elements running on top of a proprietary operating system. The Linux operating system was developed by a team under the guidance of Linus Torvalds in the early 1990s. This still-evolving operating system allows a high degree of flexibility for the technically inclined. Anchored by a central kernel, the operating system can be bound to various drivers, utilities, and applications – all at the developer’s discretion. The stability and speed of the kernel, combined with the correct packages, can result in a small, fast, and highly reliable operating system geared toward a specific enterprise. 3.2.4 Popular Linux Distributions No recognized source exists that can definitively list the most “popular” Linux distributions, but an effort has been made at a tentative listing. As provided by DistroWatch, 12 a review of download habits, user groups, and support boards suggests a potential list of the most “popular” Linux distributions: • Ubuntu: Ubuntu – the most recent of the “popular” distributions – claims its origin from an ancient African word, meaning "humanity to others.” This distribution, available since October 2004, is based upon Debian Linux and utilizes the GNOME desktop. A key goal that drives the development of the software is that the “software should be available free of charge, that software tools should be usable by people in their local language and despite any disabilities, and that people should have the freedom to customize and alter their software in whatever way they see fit.” 13 The project is underwritten personally by Mark Shuttleworth, the founder of security company Thawte, which he sold in December 1999. 11 12 13 3-6
  • 22. Open Source Software Use in Law Enforcement • Mandriva Linux: Continuing in the international vein, Mandriva Linux is an open source operating system based in France that was developed in 1998. Mandriva claims a large and active developer group that allows it to generate “Cooker Snapshots” – temporary yet stable releases of the operating system that are made available twice a year. • OpenSUSE: OpenSUSE is the publicly collaborated version of Novell’s open source operating system. Available since the early 1990s, this distribution began in Germany and was based on a German language version of Slackware Linux. In the early 2000s, the software was acquired by Novell and branched into both a free, open source version and an enhanced enterprise version. Both versions have been highly regarded in trade journals as this distribution has found its way into many differing environments. • Fedora Core: Fedora Core is the community-based operating system guided by Red Hat, which also maintains a commercial version of open source software. This publicly developed software is a continuation of Red Hat Linux, which was discontinued in 2003 in favor of the Enterprise version of the software. Due to the popularity and wide base that Red Hat Linux had obtained, Red Hat allowed the project to continue under the Fedora nameplate, a nod to the hat worn by Red Hat’s iconic “Shadowman.” • Debian: The Debian operating system has been available since mid-1993 when the first distribution was released by Purdue University student Ian Murdock. Based on the objectives of the GNU Project, this operating system has continued to grow and enjoy a very active developer community. Debian currently claims in excess of 15,000 precompiled packages available for inclusion in their system. In addition to Ubuntu, Debian has also spawned other “children,” including, Xandros, Knoppix, Damn Small Linux (a very compact OS), and Linspire. 3.3 Misconceptions about Open Source Software In order to take advantage of the benefits of open source software, agencies must understand the facts behind the media-generated misconceptions about open source software. These misconceptions include cost, end-user responsibility, and scalability factors, as well as the readiness of the open source software to perform mission-critical applications. • Open Source Software Is Free. The most common misconception about open source software is the cost. Open source software is provided, with its source code, free of charge to the end user. As defined by the Open Source Initiative, “The license [of open source software] shall not require a royalty or other fee for such sale.” 14 The definition does not provide a guarantee that the software will be of use. The need to have assistance in software installation, hardware compatibility, training, and maintenance all can prove costly. Depending on the complexity of the project and the capabilities of the staff, implementation costs of (an) open source component(s) may be absorbed within the agency’s current structure or may require external, for-fee, support. • Open Source Requires a Lot of Effort from the User as the User Has To Return Something to the Community. Whether you have to return something to the community depends on the license of the software and how you use it. Not all open source licenses require you to return patches and improvements. Other licensing agreements either encourage or require that modification made to the source code be contributed to a common repository for the benefit of other users. 14 3-7
  • 23. Open Source Software Use in Law Enforcement • Open Source Development Is Something New. Open source software is actually as old as computing itself. Academic labs routinely created computer code and passed it on to other labs in a cooperative effort. This cooperative environment has been credited with the success of the Defense Department’s ARPANET, the precursor of today’s internet. 15 • Open Source Developers are Hobbyists and Students. Developers of open source software include hobbyists and students, most of which have a very strong interest in computer science and work to develop the finest programs possible in a cooperative environment. A study done by the Boston Consulting Group 16 found that more than 45 percent of those participating in open source projects were experienced, professional programmers, with another 20 percent being system administrators, IT managers, or academicians. The study also revealed that over 30 percent of these programmers were paid by their employer to develop open source software 17 indicating that corporations devote substantial programming assets to open source development. • Open Source Software Is Low Quality. A number of open source applications have been recognized as being of the highest quality. The Apache web server is the predominate web server application in use world-wide while the Firefox web browser routinely scores comparable to, or ahead of, Microsoft’s Internet Explorer. As another indicator of quality and acceptance in the corporate environment, Dell has begun selling computers with the Ubuntu operating system. Additionally, anyone concerned about the quality of open source software can examine the computer code behind it (or task someone else to do it) since the code behind the software is readily available. 3.4 System Architectures: Closed Source, Open Source, Hybrid Open source software can support various types of system architectures. This section presents three system architectures and the benefits and issues associated with each. Information system architectures typically consist of tiered components that provide services to a community of users. While many law enforcement agencies have invested in proprietary, closed source solutions, such as Microsoft products, the national survey results and site visits revealed that a growing number of agencies have some degree of open source software use. 3.4.1 Closed Source Architecture Outside of the law enforcement specific functions, such as dispatching and records management, 80 percent of law enforcement systems support basic office activities such as e-mail, word processing, and data entry and retrieval. A small to medium-sized police agency would typically have the architecture shown in Figure 3. 15 16 17 3-8
  • 24. Open Source Software Use in Law Enforcement Figure 3. Typical Small to Medium-Sized Agency Closed Source Architecture Figure 3 illustrates an architecture that has three main tiers: User, Application, and Network • User Tier: This tier refers to the workstations and end-user applications. Basic office functions such as report-writing, time-sheet accounting, and data-entry interfaces operate off this tier. Small and medium agencies typically use the version of Microsoft Windows included in the purchased workstation package. However, open source desktop operating systems present a mature alternative for performing the same basic office functions. • Application Tier: The application tier in this case groups the email, server-based programs, and the database together. Workstations in the User Tier access applications and data sources found in the Application Tier. Mature open source application-tier products are available for this tier, which includes database, email, and web server packages. • Network Tier: This tier refers to the underlying network components that tie together the backbone of the information system. The Largo Police Department and the Garden Grove Police Department are just two examples of small agencies that use open source for network routing and firewall protection. An architecture based on closed source software provides a number of benefits and issues, as many agencies realize. The benefits come from a large, established base of users in the law enforcement community. Agencies using the same vendor product can often send files and data seamlessly, reducing the need for interoperability conversion. Closed source software products also benefit from having a wide base of training courses and existing work products available to current users. Although the benefits seem attractive, agencies have recently found that closed source software creates a dependency on a particular vendor that can lead to problems if the vendor imposes a proprietary format to their systems. As a result, sharing information among different vendor packages becomes difficult and possibly expensive due to the need for developing customized interfaces. Closed source software may also require more advanced technical knowledge that further locks an agency into a single vendor’s proprietary format. 3.4.2 Open Source Oriented Architecture Although it is not practical to only use open source software in a system’s architecture, since a completely open source based environment could face interoperability problems with the Microsoft proprietary file formats used by other jurisdictions, cities such as Largo, Florida, have created a variation of the typical law enforcement architecture that uses more than 50 percent open source products. Largo developed the architecture shown in Figure 4. 3-9
  • 25. Open Source Software Use in Law Enforcement Remote Desktop Email Server City Hall Server Internet Filtering Router Firewall Application server Public Web Thin Client Server Workstations Database Server Figure 4. Thin Client Architecture A system architecture with a majority of open source components provides similar services as the typical closed source based law enforcement architecture. For Largo, remote open source desktop operating systems on thin client workstations reduced the user tier administration needs and therefore reduced the amount of supporting administrative labor. The consolidated open source desktops also allowed for central data backup, patch management, and application version control mechanisms. The client can rest alongside the terminal or be mounted out of the way, as no user intervention is needed. Figure 5 shows Largo’s set up on a training station and the internal components of this compact unit. Figure 5. Largo Thin Client Device Agencies looking toward an open source based architecture need to consider both the benefits and the possible issues associated with making such a move. Open source software components do offer lower financial barriers due to the initial acquisition, licensing, and update costs. Practitioners cite the large development community that often offers support and responses to product problems in less time and for less cost when compared to similar closed source software support. Using a primarily open source based architecture can introduce problems with exchanging information with outside systems that may require proprietary file formats and protocols. Due to the installed base and extensive home use of Microsoft 3-10
  • 26. Open Source Software Use in Law Enforcement products, users may be unfamiliar with the open source interface and be resistant to learning a different computing environment. Even though a large development community exists, an open source based architecture will also require advanced technical knowledge due to the need to interface open source programs with external closed source systems for sharing information. 3.4.3 Hybrid Architecture Many agencies approach leveraging open source in a hybrid fashion using Microsoft components along with other components. Users in Garden Grove, California, have Microsoft Windows desktop workstations that interact with open source application hosts. Although they do not use the thin client with remote open source desktop approach, Garden Grove leverages the PostgreSQL database, Scalix email, and open source software development tools. The hybrid environment accommodates police department users and other city agencies that may be familiar with a Microsoft Windows environment while providing open source application and network components to city IT specialists at an affordable cost. According to survey results, police agencies around the country – finding themselves with less grant funding and limited budgets – are conducting similar hybrid pilots of open source components; for example, piloting open source office productivity suites and open source web servers. Figure 6. Hybrid Open Source and Closed Source Architecture The hybrid architecture presents agencies with the ability to leverage the advantages of both open source and closed source software. Targeted use of open source software provides the cost benefits while minimizing the need for extensive end-user and administrator training. Workstations using Microsoft operating systems that front-end open source based databases, application servers, and network devices leverage bundled software and make using open source software almost invisible to end users. A hybrid approach allows a gradual transition to using open source software in place of closed source applications in typical business functional areas such as web browsing, document processing, and even email services. The hybrid approach does increase the complexity of the agency architecture, which may require a broader mix of skills from the IT support staff. Adopting a hybrid architecture would also require an agency to ensure the closed- and open source software components meet the same level of stability, security, and performance set by internal IT policies. With this basic understanding of open source software now established, Section 4 addresses its applicability within the law enforcement community. 3-11
  • 27. Open Source Software Use in Law Enforcement 4 OPEN SOURCE SOFTWARE – IS IT APPROPRIATE FOR LAW ENFORCEMENT? Many agencies currently use some form of closed source software, with Microsoft as the biggest vendor. Introducing open source software causes concern for sharing information and interoperability with existing closed source software files. This section presents a business case analysis model that can be used to evaluate open source. The analysis model is followed by a brief discussion of the financial factors and the section concludes with a discussion of the challenges for the adoption of open source. 4.1 The Business Readiness Review for Open Source Model Organizations that are considering using open source software should use a formal methodology to evaluate the suitability of open source software for their business needs. The methodology should require that weights be assigned to criteria to assess the suitability of a particular open source software package within the organization. In the evaluation of open source software for law enforcement, it is important to consider the business environment, as well as the readiness of open source software for law enforcement applications. For purposes of this study, the team performed a variation of the business case analysis model used by the MITRE Corporation to assess open source software within the Department of Defense (DOD) in the A Business Case Study of Open Source Software. 18 The MITRE report conducted strength, weakness, opportunities, and threats (SWOT) analysis. For the open source analysis, a Political, Economic, Social, and Technological (PEST) analysis was also conducted prior to the SWOT analysis. When this is done, the PEST analysis provides an assessment of the business environment. The output of the PEST analysis is an assessment of the open source market. 4.2 Political, Economic, Social, and Technological (PEST) Analysis Figure 7 contains the results of the PEST analysis. The table represents a list of the factors that were considered for a business assessment of the use of open source software within law enforcement. Political Economic • Agency willingness to change • Hardware, licensing, and support costs • “Don’t break it under my watch” • Migration and training costs • City/county/state pressure • Hardware comes with pre-installed software Social Technological • OS interface different than what users are • Integration with law enforcement environment familiar with • Staffing and skill sets • Change management—users resist change • Product maturity • Perception of cheapness Figure 7. PEST Analysis 4.2.1 Political Political factors can have a direct impact on the way law enforcement agencies operate. In some agencies, such as Sheriff’s departments, the agency head is elected. In addition, the agency may be overseen by the 18 4-1
  • 28. Open Source Software Use in Law Enforcement state, county, and/or municipality in which the agency resides. In this case, the law enforcement agency is typically reporting to an elected official. • Agency willingness to change. Those in charge of the law enforcement agency infrastructure must be willing to consider moving to open source software. • “Don’t break it under my watch.” Law enforcement agencies can be headed by an elected official who must sign off on IT infrastructure changes. These officials may be reluctant to support a change to open source software for fear it may not work. • City/county/state pressure. The governing organization within which the law enforcement agency resides – as well as any higher level jurisdictional organizations – may exert pressure on the law enforcement agency. This pressure could be to move towards adoption of open source software, to move to another non–open source software solution, or to keep the current environment. 4.2.2 Economic As previously stated, open source software is not necessarily free, and as such, the expenditures should be weighed against other operational costs such as vehicle and equipment purchases and maintenance. Examples of some open source costs to consider are: • Hardware, licensing, and support costs. Some or all of these costs may be sunk costs that extend forward such as previously purchased annual maintenance fees for legacy software and hardware. A change to open source could necessitate walking away from these costs or paying early termination fees. • Migration and training costs. Changing to a new application may require data migration. It may also require user and/or support staff training. • Hardware comes with pre-installed software. Hardware purchased from vendors can come with pre-installed applications. 4.2.3 Social Implementation of any new software application has social implications within an agency. The social factors to be considered include how the officers and administrative personnel respond to the software. • OS interface different than what users are familiar with. Users may be familiar with other software from using it either at home or at another law enforcement agency. • Change management. People are resistant to change. They become comfortable with “status quo” and are reluctant to change. • Perception of cheapness. People have the perception that open source is free and has less capability than commercial applications. There can be a perception that the law enforcement organization is not willing to spend the funds required to help officers and law enforcement staff perform their jobs. 4.2.4 Technological Technological factors to be considered relate to interfaces that the law enforcement agency must maintain and the capabilities of the employees who will maintain and use the software and hardware, as well as the maturity of any new software applications. 4-2
  • 29. Open Source Software Use in Law Enforcement • Integration with law enforcement environment. The open source software may not be able to integrate easily with other agencies within the jurisdiction or with other local/state/national organizations. • Staffing and skill sets. Changing to open source software may require a change to the number of staff supporting IT. This could be a change either up or down. In addition, depending upon the platform that the open source software runs on, staff with other skill sets may be required. In addition, if the agency plans on taking advantage of open source software and making application changes, programming staff may be required. • Product Maturity. The open source solution may not be as mature as a commercial product. This can potentially result in more frequent software updates as new releases are made. It can mean that there has been less time to build interfaces with other related products. 4.3 Strength, Weakness, Opportunities, and Threats (SWOT) Analysis The SWOT analysis (see Figure 8) builds on the results of the PEST analysis. This SWOT analysis incorporates consideration of three categories of open source software that can be utilized within law enforcement. The first category is open source software that is used to support the overall IT infrastructure. Software included in this group includes operating systems and relational database management system (RDBMS) software. The second category is open source application software that can be used within any business environment, such as OpenOffice. The last category is law enforcement specific open source software, such as jail management, records management, and computer aided dispatch software. Strengths Weaknesses • Less reliance on a single vendor • Lack of technical support • Lower costs • Microsoft-accustomed users • Development community size • Lack of open source applications • Quick release rate • Hard to originate Opportunities Threats • Replace legacy software with open source • Lack of training • Reuse older legacy hardware • Lack of patches, updates, and documentation • Ability to choose support vendor • High life cycle costs • Opportunity to develop specialized applications • Lack of compatible applications Figure 8. SWOT Analysis The following SWOT evaluation categories are applicable to each of these software categories. However, the criteria are not equally applicable to each open source software category that can be found within law enforcement. When a factor is not equally applicable, it is noted in the discussion. The results of the national survey illustrated in Figure 9 and Figure 10 were used to help construct the SWOT analysis. The responses to Figure 9, Reasons to Use Open Source Software, are included in the Strengths and Opportunities sections of the SWOT analysis. Figure 9 indicates that a majority of law enforcement agencies see lower costs and reduced reliance on a single vendor platform as the driving factors for using open source software. The emphasis on lower costs and diversification of technology platforms shows the reality of agency budget constraints, as well as the importance of not relying on a single vendor platform. Fewer respondents expressed any interest in reusing older hardware or replacing legacy software with open source solutions. The lack of interest in both areas may be due to a lack of awareness of what 4-3
  • 30. Open Source Software Use in Law Enforcement functions open source software can provide and a lack of technical resources to implement an open source solution. Survey Results: Reasons to Use Open Source Software 9% 28% 8% 17% 38% Open Source Applcations Replace Legacy Software Re-use of Legacy Hardware Less Reliance on a Single Platform Vendor Lower Costs No Response Figure 9. Survey Results on Reasons to Use Open Source Software The responses to Figure 10, Reasons Not to Use Open Source Software, are included in the Weaknesses and Threats sections of the SWOT analysis. In addition to the factors from the national survey, factors identified during conversations with law enforcement agencies were included in the SWOT analysis. Figure 10 shows that two major weaknesses of open source software perceived by law enforcement agencies are that users are accustomed to Microsoft products and that there would be a lack of technical support for open source software. A lack of training and operating system applications were the next two areas of concern. The results are not surprising as most new computer systems have a Microsoft software distribution included in the package. The concern over the lack of technical support applies more to the smaller, non-commercialized applications that are not supported by an established organization. Major open source products such as Red Hat, PostgreSQL, and SUSE Linux all have support packages available that include updates, help desk support, and documentation. 4-4
  • 31. Open Source Software Use in Law Enforcement Survey Results: Reasons Not to Use Open Source Software 16% 7% 12% 26% 21% 18% High Lifecycle Costs Lack of patches, updates, and documentation Lack of Tech Support Lack of Training Microsoft Accustomed Users Lack of OS apps Figure 10. Survey Results on Reasons Not to Use Open Source Software 4.3.1 Strengths From the national survey and site visits, practitioners across the country cited several benefits to using open source software. The benefits provided additional functionality and flexibility that the surveyed agencies could not attain with closed source software. The Strength evaluation category contains consideration factors related to the strength(s) of open source versus commercial software. • Less Reliance on a Single Platform Vendor. Police agencies responding to the survey indicated that they prefer not to be dependent upon one hardware or software vendor. A majority of agencies using open source software reference the reduced reliance on Microsoft-based applications and functions. Open source alternatives allow cities like Garden Grove, California, to store large amounts of data without having to pay licensing fees on the scale of a comparable Microsoft database package. Software upgrades, patches, and automated scripting functions are all available to agencies, often at no cost. The open source community also provides non- proprietary tools that allow agencies to move data from one form to another as open source vendors adhere to open standards that do not favor any particular platform. • Lower Costs. Open source software typically has lower acquisition costs than commercial software solutions. Agencies with limited available funds may be able to take advantage of the cost savings. Most open source software packages have low initial acquisition and update costs. Some opponents of open source will cite the example that replication and fault-tolerance functions for open source database packages cost money and require a certain level of technical skill. However, the majority of the surveyed agencies that use open source do not have the need for such advanced features and functions. Open source software packages often operate with less 4-5
  • 32. Open Source Software Use in Law Enforcement intensive hardware requirements, which allow agencies to leverage older systems that may otherwise have no daily operational use. • Development Community Size. Open source, as a whole, has a large community of developers. SourceForge 19 has more than 130,000 registered open source products and more than 1.4 million registered users. This web site provides an open source software repository, open source development tools, and hosts open source development projects. • Quick Release Rate. Within certain open source categories, releases and patches are made more frequently than in commercial software. For example, between October 31, 1994, and November 8, 2004, there were 43 releases of Red Hat Linux. MySQL had 28 releases of MySQL 5.0 between December 22, 2003 and September 15, 2006. 20 4.3.2 Weaknesses This evaluation category contains consideration factors related to the weakness(es) that open source software has versus commercial software. • Lack of Technical Support. Users want someone accountable for the software they use. It is important to them to be able to call the software vendor for help when needed. They do not want to have to rely on a community of developers to help resolve any issues. • Microsoft Accustomed Users. Computer users are less familiar with open source software than with the commercial – often Microsoft-based – equivalents. Often commands and pull-down menus are in different locations and use different terminology. • Lack of Open Source Applications. There are few options for law enforcement specific applications. This means that for a given product type there is only one supporting application, if any at all. For example, there is a single Jail Management System. This means that agencies purchasing software are limited in their ability to find open source solutions that meet their requirements. In addition, some software is only open source for the base package. These packages require that additional funds be spent for advanced features. • Hard to Originate. Open source software offers the greatest power when it has an open source community supporting it. Until that time, the product is dependent upon the initial developers for enhancements/upgrades. It takes time to build the level of interest in an open source application and have a correspondingly large user community. While it is relatively easy to write code and promote it as open source, it is difficult to originate and grow the open source application to the point of having a supporting open source community. 4.3.3 Opportunities This evaluation category contains consideration factors related to the opportunities to be gained by the adoption of open source software. • Replace Legacy Software with an Open Source Solution. Open source forums such as SourceForge have a large registered user base. This user population presents a large number of potential developers from which to find others with an interest in collaborating on a software project. Specific to law enforcement, SourceForge has 79 registered projects that are related to 19 20 4-6
  • 33. Open Source Software Use in Law Enforcement law or police that are under development. This represents an opportunity to replace a legacy software solution with open source software. • Reuse Older Legacy Hardware. Police agencies may have hardware that is no longer able to run current commercial software. This hardware can often be used to run an open source solution. Garden Grove, California, reused legacy hardware to run an open source firewall solution. • Ability to Choose Support Vendor. There are number of open source support vendors available to choose from. This provides open source adopters with choices based upon price, hours of support, and product rather than being locked into a particular vendor. For example, there are 436 support vendors for Linux as identified at, 21 a website devoted to helping identify open source support vendors that meet an agency’s criteria. • Opportunity to Develop Specialized Applications. The law enforcement specific open source market is largely untapped. Of the 79 registered law enforcement projects at SourceForge, only 2 have reached the point of having a downloadable product. One of these projects is Foremost, 22 an application to help with computer forensics. The other, Tickets, is a computer aided dispatch application that is still under development but has sample screen shots and background information available for download. This leaves a wide market available for law enforcement specific applications. 4.3.4 Threats This evaluation category contains consideration factors related to the risks or threats that may be introduced by the adoption of open source software within an agency. • Lack of Training. Open source software typically does not come with the same level of training available as a commercial product. Many commercial products come bundled with user manuals. Often open source is supported through blogs (a user-generated website where entries are made in a journal style with questions and answers). This format makes it more difficult for law enforcement personnel tasked with training staff on or maintaining an open source solution. • Lack of Patches, Updates, and Documentation. Lack of patches, updates, and documentation is similar to the lack of training. As well as having limited training options, some of the more specialized open source applications may also have limited patch, update, and documentation support. • High Life-Cycle Costs. Specialized or customized open source solutions may not have a wide installation base. If an agency requires new or modified functionality, they may be required to implement it themselves. There is a cost in time and effort to the agency to do this that may be higher than that associated with a commercial application or more widely used open source solution. • Lack of Compatible Applications. With the general lack of law enforcement specific open source software, as applications are developed, they may initially be implemented on a particular operating system and database. If the organization’s standard operating environment for hardware and software differs from the one used for the new open source application, the new system will be incompatible with the agency’s environment and support infrastructure. 21 22 4-7
  • 34. Open Source Software Use in Law Enforcement Based on the PEST, SWOT, and national survey results, law enforcement agencies that chose to invest the time and technical resources can leverage the benefits of open source software in specific application areas. Section 5 will present examples of open source applications currently used by law enforcement practitioners. 4.4 Considerations for Adopting Open Source Although there are many things to mull over when pursuing open source solutions, three areas – costs, transitional/environmental impacts and organizational politics are very important to consider. 4.4.1 Financial Considerations Cost is often cited as the driving factor for both proponents and opponents when discussing open source software. It is true that many fine open source applications can be downloaded for free either as the source code itself or in a compiled format. It is also true that more elaborate open source applications need additional resources to reach their potential. Printed manuals, classroom training, or consultants may be required to fully implement more complicated open source software. It is possible that while the software itself is free, the cost of installation, setup, and support would rival that of an existing commercial closed source system. Also, many organizations have been quick to find out that various add-on components for such functions as fault tolerance, backup/recovery, and scalability can quickly drive the cost up. Vendors in the open source market have known that packaged services such as these are critical to many of the mission-critical applications used by law enforcement. Thus, it is important that the total acquisition cost – including the cost of the software/licenses and the value-added services – be well understood before the purchase decision is made. Providing a thorough Total Cost of Ownership (TCO) and Return on Investment (ROI) analysis of the open source software identified as a result of this study, is beyond the scope of this document. The number of variables that must be enumerated and the number of situational combinations do not allow for such an analysis. The cost of software, customization, internal and external IT support, training, and hardware conversion are among the many potential cost factors. 4.4.2 Transition/Environmental Considerations Standard open source products usually do not come with packaged training and reference material. Thus, an organization may have to allow for additional hands-on training as a way to build familiarity with the product. This approach will inevitably result in lowered productivity for a period of time since it will take time for staff to learn the new system. The standard operating environment in which the open source software is installed should also be carefully considered. The addition of open source products could change operational functions such as back-up and recovery as well as hardware and software maintenance. Database compatibility issues can be a major source of problems when considering the shift to an open source database. While many applications have the ability to transfer data via an open database connectivity (ODBC)-compliant protocol (or similar), other applications have their data essentially “locked” in a proprietary code. These proprietary databases may be accessible with the assistance of a vendor, or the data may be unavailable for use outside of the application that references it. Compatibility among the hardware and software components is also essential. This is especially critical if older software needs to communicate with a new product. A thorough evaluation of compatibility needs to be performed before a decision is made to commit to use open source software. Hardware is less of an 4-8
  • 35. Open Source Software Use in Law Enforcement issue in many circumstances, as many open source applications can run on less than their proprietary counterparts (if available). This ability to prolong the life of equipment is one of the key benefits to open source systems. Staff training, experience, and desire or resistance to learn something new – essentially change management – is another environmental variable that needs to be addressed. Some users are accustomed to specific computer functionality and altering it, even if it enhances the users experience or performance, can be met with suspicion if not outright defiance. Others embrace change. A strong factor that influences the staff direction is the way change is managed. Including staff early in the decision-making process when possible and providing them with frequent and accurate situational updates will go a long way to getting the necessary buy-in. 4.4.3 Political Considerations It is not uncommon for a law enforcement agency to have its IT program run by another part of the community government. In these cases, a department wishing to change or implement something new within their internal data system may need authorization, or at least cooperation, from another entity. Normally, IT departments have support agreements for the legacy applications and equipment. Licensing agreements in place before a change to open source software may effect the switch to new applications. Prepaid agreements may not be able to be cancelled, which would provide an incentive to stay with the status quo. Furthermore, the introduction of a new open source application may require new agreements or different support structures, which could have policy implications. Thus, it is important that these considerations be addressed early in the acquisition process. Last, the misunderstanding of the role and value of open source applications/systems is another potential political misstep. Some staff may see it as a way for the municipality to “work on the cheap” and provide them with a perceived lesser product. No one wants to feel that their job does not require the best of tools. Here again, educating the staff on the goal, reasons, and anticipated outcomes will go a long way to dispel such feelings. 4.5 The Adoption of Open Source The following sections address the challenges that open source face within the law enforcement community as well as the areas of change that are needed to facilitate the adoption of open source software. 4.5.1 Challenges for Open Source The national survey results show that a large group of respondents would deploy specific open source applications and network components. Survey results in Figure 11 show this complex mix of feelings toward open source. Roughly the same percentage of respondents would replace various proprietary components with open source equivalents as those agencies who are not interested in deploying open source software. The lack of strong interest in using open source software would seem to reflect a general concern regarding the benefits of open source software, as well as the perceived value in using established closed source software products. Open source software, however, continues to mature in a growing number of areas that has attracted the attention of law enforcement groups, such as the International Associations of Chiefs of Police (IACP) and the National Sheriffs’ Association (NSA). Between constrained budgets and growing IT needs, more law enforcement agencies may start considering open source alternatives. A large portion of survey respondents (see Figure 12) cite application interoperability as a concern in using open source software. Although tools such as OpenOffice can read and write documents that, for the most 4-9
  • 36. Open Source Software Use in Law Enforcement part, are compatible with Microsoft applications, seamless interoperability is not guaranteed. Most agencies interested in open source software do not have the dedicated IT support staff needed to resolve interoperability issues as they appear. Without the support staff, agencies expressed concern about being able to make information-sharing among systems with open source software transparent to end users. A second challenge involves the number of mature open source applications available. While some applications like open source desktop operating systems have many different vendor distributions that have been tested over several releases, other areas lack the same level of product evolution and refinement. Many agencies want to know which other agencies are using an open source product so that they have a resource for sharing problems and asking questions. Survey Results: Open Source Software Implementation Approach 13% 27% 27% 33% Network Components W ould not implement OS SW Specific Apps Only Replace Entire Network Figure 11. Survey Respondents View of Open Source Software Implementation Approach 4-10
  • 37. Open Source Software Use in Law Enforcement Survey Results: Open Source Problems Encountered 35% 31% 15% 19% User Training and Resistance Installation and Maintenance Unstable Software Compatibility Issues Figure 12. Survey Results on Open Source Software Problems Encountered 4.5.2 Areas Requiring Improvement or Change Most surveyed agencies varied in their responses on which areas open source software could improve upon. As shown in Figure 13, compatibility with closed source software, such as Microsoft, is a major area for improvement. This was followed closely by training. Few agencies seemed interested in an open source records-management or computer aided dispatch software package. This lack of interest may be driven in part by the perception that these applications lack the feature/functionality offered by numerous closed source vendors and that open source solutions may lack compatibility with commercial products Experienced organizations know that political leaders are very reluctant to adopt any software solution that does not have a robust track record and support options. Similarly, system administrators many times are faced with steep learning curves on how to manage open source applications. This reality often is a deterrent to adopting open source solutions. 4-11
  • 38. Open Source Software Use in Law Enforcement Survey Results: Open Source Software Improvement Areas 8% 4% 20% 24% 17% 12% 15% Training Software Functionality Tech Support SW Maint Microsoft Compatibility OS RMS OS CAD Figure 13. Survey Results on the Areas of Improvement for Open Source Software 4-12
  • 39. Open Source Software Use in Law Enforcement 5 CHARACTERISTICS AND OVERVIEWS OF AGENCIES CURRENTLY USING OPEN SOURCE SOFTWARE This section provides information on several agencies currently using open source software for law enforcement business functions. Each location offers different perspectives and evolution paths toward using open source software. The notes and applications in this section may offer solutions to other agencies that may be of a similar size or possess similar IT needs. Figure 14 shows the locations of each site. Figure 14. Sites Surveyed that Use Mature Open Source Software 5.1 Garden Grove, California Garden Grove has used open source based solutions for more than 11 years. They have their own development staff that have produced a number of applications, have employed open source development tools, and have utilized many open source software packages. 5.1.1 Open Source Workstation Software Under the direction of Mr. Charles Kalil, Garden Grove’s IT department realized early on that the needs of their users would quickly outpace the applications that the city could purchase with a limited amount of funds. Mr. Kalil began experimenting with open source software for storing and managing data while maintaining a Windows-based workstation for users. As detailed in Section 3.4.3, Garden Grove’s hybrid architecture approach integrated open source packages into the Microsoft environment, which reduced user resistance to its use as most open source components were transparent to end users. The open source software fits into niche areas such as mapping, network monitoring tools, and web browsers. The Firefox web browser – an alternative to Microsoft’s Internet Explorer – may go city-wide in fall 2007. One issue that will need to be overcome, however, is that Firefox has limited compatibility with a Microsoft Active-X based component used in the city’s Autodesk Geographic Information System (GIS) known as MapGuide. The MapGuide program (employing an open standards based data model) is the current product for web- based GIS access by employees and the public, making the city’s geospatial data available to everyone. Table 1 lists some of the open source workstation applications used by Garden Grove. 5-1
  • 40. Open Source Software Use in Law Enforcement Table 1. Open Source Applications Used by Garden Grove Software Internet Hyperlink Description MapServer An open source development environment for building spatially-enabled internet applications. MapServer is not a full-featured GIS but focuses on rendering spatial data (maps, images, and vector data) for the web. MapGuide MapGuide Open Source is a web-based platform that Open Source enables users to quickly develop and deploy web mapping applications and geospatial web services. Big Sister Open source monitoring tool used to monitor Linux systems – indicates database usage and server load among other things. Mozilla An award-winning Web browser. (Future Use in Firefox Garden Grove) Samba Samba is a suite that provides file and print services to SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. PostgreSQL An open source database. 5.1.2 Open Source Databases, System Links, and Police Records Management System While the open source software on the workstations provides some benefit to users, the use of open source on the back-end systems for the city databases, system-to-system links, and the police records management system have a larger impact. PostgreSQL is the open source database of choice for Garden Grove. Garden Grove uses the standard tool set without added features – provided at no cost – that come with the software. Currently about 60 percent of the police applications are running against the PostgreSQL database. According to Charles Kalil, the IT department is working towards converting the remaining 40 percent. There are two central database servers: a legacy server and a new PostgreSQL implementation. The legacy server is split into two components as well. The police department has a separate database in City Hall, separated from other equipment for security reasons. This server is PostgreSQL-based with two schemas on it. One schema services the police department while the other schema services city hall applications. These databases tie into Garden Grove’s connections for sharing data with other systems. As part of their infrastructure, the city recycles older workstations into Linux-based firewalls for safeguarding traffic between sites and interfaces to other systems. The firewalls pass streams of open source XML that allowed Garden Grove’s Police Department to connect their PostgreSQL database to COPLINK. The security devices ensure that COPLINK does not actually touch the data while the open source XML make sharing and importing the Garden Grove data easy to accomplish. Based on PostgreSQL, Garden Grove’s RMS was developed in-house. If the RMS is released and is made available as open source, which Garden Grove has an interest in doing, it will be done with a GPL license via the GovernmentForge 23 open source reference site and software repository or similar organization. 23 5-2
  • 41. Open Source Software Use in Law Enforcement Currently, however, Garden Grove is concerned about releasing the application to the public domain without generating tested results. 5.2 Largo, Florida Largo, Florida uses Linux as their default operating system and OpenOffice 2.0 as their integrated office suite, although they still use Microsoft PowerPoint for presentations. The city plans to switch from PowerPoint to an open source presentation application in the near future. Keeping with the belief that the city should use the “best of breed” for a particular application, Largo uses a blend of open and closed source software. In the case of the city’s e-mail system, an open source email application (Novell Evolution) is combined with Novell’s proprietary GroupWise 7 to provide calendaring functions. For their purposes, the GroupWise database and non-web interface served needs better. Largo’s database environment is mixed as well. They run Oracle 9i on Linux along with MySQL and MyProgress. Table 2. Open Source Applications Used by Largo Software Internet Hyperlink Description OpenOffice OpenOffice is a multiplatform and 2.0 multilingual office suite and an open source project. Compatible with all other major office suites, the product is free to download, use, and distribute. Tomboy Tomboy is a desktop note-taking application for Linux and Unix. Firefox An award-winning Web browser. Novell Evolution provides integrated mail, address Evolution book, and calendaring functionality to users of the GNOME desktop. MyProgress An open source database. MySQL An open source database. GIMP GIMP is the GNU Image Manipulation Program. GTK GTK+ is a multi-platform toolkit for creating graphical user interfaces. Gaim/Pidgin A multi-protocol instant messaging (IM) client. Renamed Pidgin in April, 2007. 5.3 Pennsylvania State Police Computer Forensics Task Force The Pennsylvania State Police (PASP) Forensic Task Force has used open source software to support the capabilities of the Computer Crime Unit within the Pennsylvania State Police. The Task Force augments the commercial software they use with open source both for cost and flexibility. The task force focuses on supporting investigations into child pornography and electronic evidence collection. The task force unit receives requests from across the state to assist with computer forensic analysis and computer image management. Open source computer forensics tools provide investigators the ability to 5-3
  • 42. Open Source Software Use in Law Enforcement examine seized computers without altering the data contained on the hard drive. Most seized computers use the Microsoft Windows operating system. The open source tools do not require activating Microsoft Windows for searching through the files for key terms, photographic images, and internet chat transcripts. The open source tools allow investigators to find possible evidence without contaminating or altering the state of the seized computer. Other open source use includes applications for generating photo line ups and indexing existing image collections for better tracking. Open source software in use by the Task Force, and its function, are listed in Table 3. Table 3. Open Source Applications Used by the Pennsylvania State Police Computer Forensics Task Force Software Internet Hyperlink Description The Penguin A full-featured application suite that includes Sleuth Kit graphics viewers, screen capture, CD burner, forensics browsers, NTFS tools, a Windows registry viewer and more. This application comes on a CD thus allowing the investigator the flexibility to take examination tools to the suspect. The bootable CD can be used in the home of a cooperative suspect and is minimally invasive to the suspect’s system. ClusterKnoppix Allows the PASP to set up numerous computers in and Chaos a distributive network. Very useful for password cracking attempts. MINGW/SYS Allows compilation of C/C+ applications. Darwin Linux environment for Mac OS X. Curator Written in python. Compiles photographs, creates thumbnails of all the images located, and creates a directory. Allows multiple image layouts. Runs from a CD. NIST Fingerprint A Linux-based collection of general-purpose Image Software utilities to support processing of fingerprint images. xchat An internet relay chat application. 5-4
  • 43. Open Source Software Use in Law Enforcement Figure 15. The Penguin Sleuth Kit Logo 5.4 Open Source Software Institute, Mississippi Funded by a U.S. Department of Defense grant, the open source Jail Management System (JMS) was developed as part of the Mississippi Automated System Project (MASP) through the University of Southern Mississippi. Up to 18 agencies in Texas and Mississippi have installed or are evaluating the open source JMS against local and state requirements. According to Open Source Software Institute (OSSI) Executive Director John Weathersby, the Gulf coast region needed a new jail management system but lacked the funds for procuring vendor solutions that often cost $1 million or more. OSSI worked with the University of Southern Mississippi and local software development contractors to create a system for roughly $350,000. Although OSSI intends to provide the software to public safety agencies at no cost, requestors must acknowledge that the software will require technical integration and tailoring to their agency technology infrastructure environments. In Mississippi, Forrest County, Harrison County, Hancock County, and Jackson County all have agencies with operational open source JMS installations. The open source JMS operates off a central network via a web browser interface that allows installed sites to share selected corrections records that may include scars, marks, and tattoos, as well as prisoner classification and medical histories. John Weathersby indicated that additional locations in Tarrant County are coming online with the system, which will increase the amount of sharing of correctional information. Figure 16 shows a screenshot of the open source JMS. 5-5
  • 44. Open Source Software Use in Law Enforcement Figure 16. Screenshot of Open Source Jail Management System 5-6
  • 45. Open Source Software Use in Law Enforcement 6 EVALUATION OF SELECT OPEN SOURCE DESKTOP OPERATING SYSTEM DISTRIBUTIONS, APPLICATIONS, AND DATABASES Section 6 provides agencies with a summary of the findings from the project team’s evaluation of open source software distributions used by surveyed agencies. This section presents features of desktop operating systems, applications, and databases that may be of interest to an agency. Figure 17 shows that many agencies see that open source software could assist them with their records management system (RMS), with securing their information system networks, and with their basic office productivity and email functions. Survey Results: Open Source Components 6% 21% 21% 17% 18% 12% 5% OS Desktops Security Devices Office Suite Database W eb Portal Email RMS Figure 17. Survey Respondents Ranking of Open Source Component Importance 6.1 Open Source Operating System Evaluation All five of the popular operating system distributions presented in Section 3.2.4 and Appendix D are capable of supporting the needs of a law enforcement agency in the area of desktop environment, networking, included applications, utilities, and programming tools. Each of the operating systems contains one or more office suites, a web browser, an email client, and database applications. All distributions have had stable releases since October 2006,24 indicating their continued growth and 24 While Debian 3.1 was released in June, 2005, updates continue to enhance and secure the operating system. Refer to for the most recent information. 6-1
  • 46. Open Source Software Use in Law Enforcement development. They all have robust online support systems to aid in both routine and complex problem- solving. For reference, there are five Linux distributions: • Ubuntu • Mandriva Linux • OpenSUSE • Fedora Core • Debian Whether your agency is interested in cutting-edge technology or extending the life of older hardware, there is a range of choices presented within these five distributions. Three of the operating systems are capable of running well on lower-end hardware. Ubuntu 6.10, Fedora 6, and Debian 3.1 will operate on Intel 80386- based computers, which debuted in 1986. Mandriva 2007 and openSUSE 10.2 look for an Intel 80586 or x86_64 chipset. Noblis engineers evaluated the operating systems on Dell Dimension 4400s running Intel™ Pentium™ 4 processors at 1.60 GHz. All test machines were equipped with 512 MB of DDR 266 memory. For agencies that wish to try open source operating systems and their components without investing a great deal of energy at the outset, the “Live CD” is an ideal option. The five operating systems listed above all offer some variant of this opportunity. A Live CD allows a user to load a CD into their current computer, reboot, and load the new Linux-based operating system into the machine’s dynamic memory without making any changes to the hard drive. The applications can be evaluated, data stored, or imported from floppies or USB drives, then the “look and feel” can be evaluated and modified by the tester. This is an ideal way for an agency to begin tinkering with open source while making no investment other than time. (The Live CD can be downloaded free from the developer’s site.) Of the five, the operating system noted most for simplicity, quick startup, and ease of use is Ubuntu 6.10. This distribution has become very popular with a well-designed interface for use on the simplest of platforms. The Noblis team also identified OpenSUSE 10.2 which has been lauded in the press as an extensive, well-built distribution – probably the most “complete” of current distributions. All of the operating systems evaluated allow modification by the end user and as “complete” packages tend to make it straight forward to operate and add applications. Of note to anyone who has installed operating systems is the fact that all five of the operating systems, with complete application setup, were installed in under 20 minutes. 6.2 Open Source Application Evaluation Before this evaluation is addressed, a brief review of the state of open source applications in the market place is in order. Computer users think about their applications much more than their operating system. It is the set of applications on a given machine that make the computing experience useful. Whether it is to do an Internet search, read or write email, calculate columns of numbers, or a host of other reasons, it is the application level that interests users. The open source community provides many of the same types of software as the proprietary world. However, there are some domains where open source is not yet able to compete on an even footing. As discussed below, the area of law enforcement specific applications is currently underserved by the open source community. This is not a major surprise as the market for law enforcement software is limited within the context of commercial software applications. 6-2
  • 47. Open Source Software Use in Law Enforcement Both large and small law enforcement agencies utilize many of the same applications as other public and commercial organizations: word processing, email, web browsers, payroll, photo storage, etc. Numerous departments successfully use open source applications in place of proprietary applications, benefiting from the flexibility and often lower residual costs that the open source product affords. Noblis engineers reviewed scores of open source applications attempting to narrow down the initial field of what may be of interest to law enforcement. Having isolated a representative sample, Noblis then evaluated a number of those open source applications to see how they would perform in simple trial settings. 6.2.1 Common Open Source Applications The most common applications used by the open source community at large are the same applications used by the law enforcement community. Most organizations prepare reports, send and receive electronic mail, have a web presence, keep track of payroll, and process fines. The list of common applications in Table 4 illustrates some of the most widely used and mature open source software applications. Table 4. Common Open Source Applications and Functions Common Applications and Functions Apache Web server application Firefox Web browser Gaim/Pidgin 25 Multi-platform instant messaging application GIMP Image manipulation (edit, compose, author) application Gnumeric Spreadsheet application OpenOffice Suite of six office productivity applications 26 OpenSSH/OpenSSL Open source encryption toolkits Thunderbird Email application The table above is a representative sample of open source applications that a law enforcement agency could use to create an online presence for their community. The functionality provided by these applications would allow a law enforcement agency to create a website capable of online report and affidavit preparation, crime-scene-photo processing, parking-ticket tracking, online research, and email and instant messaging. An agency can set up their email and instant messaging with open source encryption protection if they choose. All of these applications can be acquired at no cost from the software developers, run on most any version of Linux, and – in their basic form – set up quickly. If well implemented, these or similar open source applications cover many of the day-to-day needs of any department. However, getting the most out of these applications requires a technically inclined staff or outside support. If the necessary skill set exists in-house, or can be developed, the greatest level of system control can be maintained by the department. (When looking “in-house,” agencies should consider other resources available within the community government.) While these applications support the “business- 25 Gaim will be renamed Pidgin in its next release scheduled for April, 2007. See also: 26 Includes word processing, presentation, math equation editor, spreadsheet, drawing/flowcharting, and database applications. 6-3
  • 48. Open Source Software Use in Law Enforcement end” of the operation, law enforcement has additional, specific needs that these applications are not designed to meet. 6.2.2 Law Enforcement Specific Applications As of spring 2007, there are a limited number of open source law enforcement specific applications available. Among the most well known is the web-based OpenRMS from The Center for Advanced Public Safety Information Technologies, Inc. (CAPSIT). 27 Another law enforcement-oriented application is the Agency Personnel and Training Database Project 28 , which has been developed to track agency personnel and each member’s training records, an important factor in maintaining certification as a law enforcement officer. Version 02 of the database includes the schema in .pdf form and the SQL script required to create the database, intended to be run on MySQL. Perhaps the best-developed open source software available to law enforcement is in the area of computer forensics. As demonstrated by the Pennsylvania State Police (see Section 5.3), there are a number of well established and highly functional utilities at the disposal of the forensic investigator. The Penguin Sleuth Kit, ClusterKnoppix, and NIST Fingerprint Image Software are among those frequently used in the PASP arsenal. Written by special agents of the United States Air Force Office of Special Investigations, Foremost 29 is another Linux-based tool for conducting forensic examinations. Foremost recovers “files based on their headers and footers [as specified by the user in configuration files]. Foremost can work on image files, such as those generated by Safeback, Encase, etc, or directly on a drive” 30 Another promising open source law enforcement application – the Tickets computer aided dispatch system – has ceased development. 31 , 32 While the need for such an application is clear, the lead developer halted work when the system failed to attract a solid commitment to put the system into play. 6.2.3 Open Source Application Evaluation Criteria The applications selected for evaluation were those commonly found within the reviewed open- source operating system distributions (see Appendix D). This provided the ability to assess the software normally “bundled” with the operating system, a common starting point for those beginning to experiment with open source software. In keeping with the objective to emulate the “interested beginner” type of evaluator, all operating systems and included packages were downloaded directly from their online source or acquired via free CD media. All evaluated applications have a rich GUI and numerous opportunities to customize the product to a user’s preference. The applications cover most of the key areas discussed in Section 6.2.1. All of the evaluated software was run on Linux-based machines with the exception of Apache, which was tested on a Windows platform in a live production environment. All but Gnumeric have Windows versions that would prove beneficial to an agency running a Linux trial. This allows department users to transfer files between applications seamlessly. The following applications were chosen for evaluation: 27 28 29 30 Foremost 1.1 Read Me file 31 32 6-4
  • 49. Open Source Software Use in Law Enforcement • OpenOffice 2.0 • Thunderbird 1.5 • Gnumeric 1.7 • Firefox 1.5 and 2.0 • Apache 2.2 6.2.4 Open Source Application Evaluation Results A number of open source applications were evaluated on the same machines used to test the open source operating systems: Dell Dimension 4400s running an Intel™ Pentium™ 4 processor at 1.60 GHz. All test machines were equipped with 512 MB of DDR 266 memory. These machines were selected as they are comparable to those used by law enforcement agencies in the Washington D.C. region. Even in the most open source–centric office, interoperability is crucial in order to communicate with other offices and people who do not use open source applications. The open source community is well aware of this need and has focused a great deal of energy on making compatibility with proprietary software a high priority. When incorporating compatibility functions, open source developers make a number of assumptions as to how things work or where files are stored. All applications provide default settings for storing configuration files, templates, and bookmarks. These defaults are also used by open source applications when communicating with proprietary software. For example, both the Thunderbird email application and the Firefox web browser seek email folders and bookmark files (respectively) from the default location used by Outlook and Internet Explorer. In many cases, the person setting up the applications will not change the defaults so it does not become an issue. In cases where the default is not used, such as cases where user data is placed in a specific user data directory, the application must be redirected or the data moved prior to import. Some open source applications allow the user to set defaults designed to assist with interoperability issues. OpenOffice allows users to set the Save function of word processing documents to the Microsoft Word .doc format or the Adobe Acrobat .pdf format. The menu and toolbars are similar to Word, with the toolbars allowing a similar degree of customization. When testing applications for potential integration into an agency, the staff needs to be cognizant of both the claims made by the developer and the reality being offered. While it cannot be definitively stated that importing all files of a given application to another application will go seamlessly, it is important for an agency to make test comparisons themselves. As an example, it has been claimed that OpenOffice’s spreadsheet application, Calc, cannot import all Microsoft Excel spreadsheets properly, especially those with complex macros. In evaluating this claim, Noblis engineers attempted to import a number of Excel spreadsheets with a variety of macros. None failed to import correctly, but the differences in the macro code did require some editing on the part of the evaluation team. One Excel macro was designed to perform a calculation after fields were populated and a form button pressed. Such actions can be resolved by converting the macro to the Basic code used in OpenOffice with the included Basic IDE editor. While this is not a trivial matter, it is not overly complex. Many office application users have some experience with simple macros. In this case, the macro was converted in a matter of minutes. Web services and the ability to interact with the community have become important tools that enable law enforcement to communicate with those they serve. The open source Apache web server is a common 6-5
  • 50. Open Source Software Use in Law Enforcement component of over half of the web servers worldwide. An Apache server was successfully set up on a Windows platform to run a production internet portal. 6.3 Open Source Database Evaluation Databases are an important part of the law enforcement architecture. They can be used, for example, to house data related to suspects, victims, crimes committed, arrests, evidence, motor vehicle records, and officer records. Certain data may be shareable with other law enforcement organizations while at the same time the database may contain sensitive evidentiary data. These factors, along with normal business considerations, create a number of considerations when selecting an RDBMS. The RDBMS is the software used to build and maintain the database. Some factors to consider when integrating an RDBMS into the IT architecture are listed below: • Application(s) using the database. If a third-party product is used, it may be designed to work with only certain databases. • Pre-existing databases. If a law enforcement agency already has existing licenses from a RDBMS vendor and staff to support the associated databases, this should be given consideration. In this case, new licenses may not be required. • Maintenance. If staff does not already exist who are knowledgeable in the RDBMS, either staff will need to be trained or outside vendor support may need to be purchased. • Operating Systems. A RDBMS may only be certified to work on certain operating systems. The operating systems already in use by the law enforcement agency must be considered when purchasing a third-party application or developing a new database application in-house. • Security Requirements. Data residing in these databases is sometimes considered evidence and must have controlled access and traceability. Consideration of whether the database internal security features (see Section 2.8.5) support the security requirements of the application and organization may come into play. • Data Sharing. Data from law enforcement databases can be shared with surrounding law enforcement agencies, as well as with state and national law enforcement agencies. • Certification. Some law enforcement organizations are required by state or federal agencies to certify the database and overall architecture. For example, in Garden Grove, California, the architecture is certified by the California Department of Justice. Whether or not an open source RDBMS is selected, these factors should be considered and their impact understood. If this analysis is not performed, additional costs could be incurred for staff training and new hardware. 6.3.1 Evaluation Criteria Reference and Customization The open source database evaluation criteria used in this study are based upon those presented in the Open Source Comparison Matrix, developed by Joshua Drake and Usay Parmar. 33 This study has tailored the criteria from the matrix to those that are most relevant to law enforcement databases. For example, the two embedded RDBMS that are presented in the Drake and Parmar study are 33 Open Source Database Feature Comparison Matrix , Released October 14, 2005 by 6-6
  • 51. Open Source Software Use in Law Enforcement not part of this open source study since they are used by developers creating embedded applications. Oracle’s open source express edition (XE), of potential benefit to law enforcement, has been added to the study. 6.3.2 Open Source Database Evaluation Criteria To facilitate the evaluation process, criteria were grouped into nine categories: • General. The evaluation criteria in this category identify general database attributes such as the license type and whether simultaneous database connections are supported. • Specifications. The evaluation criteria in this category are the SQL 99 and Open Database Connectivity (ODBC) standards. SQL 99 is an ANSI SQL standard for database query language. The ODBC standard allows ODBC compliant applications to access the application via ODBC- compliant data access drivers. • Relational Database Features. This category contains evaluation criteria that describe relational database capabilities. These include types of triggers that are supported, Binary Large Object (BLOB) and Character Large Object (CLOB) data type support, and name length limits. • Procedural Languages. This category lists common open source languages and PL/SQL as criteria. The databases are evaluated based on whether each language can be used within the database engine to create stored procedures, triggers, etc. • Data Query Language. This category contains criteria to evaluate the data query language capabilities of the database. The criteria include query constructs such as joins, sub-queries, expression support, and nested queries. • Java/JDBC. This category contains criteria to evaluate the Java and Java Database Connectivity (JDBC) capabilities of each database. • Security. This category identifies four components of a database that can be used to secure access to a database, control data privileges, and encrypt data. These components include user accounts, roles, and privileges, as well as the ability to encrypt data within a database. • Database Administration. This category of evaluation criteria lists tools and techniques that a database administrator uses to maintain a database. These include tools, hot (database online) backups, table spaces, point in time database recovery, and table partitioning. • Graphical Interface. The evaluation criteria in this category identify different database maintenance scenarios that often utilize a GUI. The evaluation criteria in this category consist of creating and manipulating database objects, viewing database object properties, a graphical SQL query interface, and whether the graphical interface supports execution of multiple queries simultaneously. Appendix E contains a matrix of the evaluation criteria and the three evaluated RDBMS. 6.3.3 Open Source Database Evaluation Results Based on the literature search information, three open source database packages were installed and evaluated: MySQL 5.0, PostgreSQL 8.2, and Oracle XE 10g. A Pentium 4 laptop running Windows XP with 1GB memory was used as the evaluation platform. Each open source database platform had a version that would operate under Windows XP Professional. While installation for each package went 6-7
  • 52. Open Source Software Use in Law Enforcement smoothly, Noblis engineers noted the differences in available tools and features among the three packages. For the first evaluation, MySQL 5.0 was installed on the evaluation platform with all the default settings and features separately and as part of the popular LAMP (Linux, Apache, MySQL, and PHP/Perl/Python) stack. According to Open Source Trends, the LAMP stack is one of the fastest growing web application development platforms in the market today. 34 These components have been proven to work together in a number of projects which demonstrates how MySQL can be effective at storing data from web applications. As shown in Appendix E, Noblis engineers noted that MySQL 5.0 had the most unsupported features when compared against PostgreSQL and Oracle XE. The evaluations showed that the administration tools embedded in MySQL were not clear on how to add or remove user privileges, especially for remote-access security rights. Although creating groups of users was possible, each user account needed customized settings for security rights. Dropping database instances in MySQL did not permanently remove the database instance name from the administration tool. This is a known problem in the MySQL administrator and can cause confusion for users as to which database instances truly exist. In the evaluations, PostgreSQL seemed to offer a closer step toward closed source database features when compared to MySQL. Noblis engineers did not uncover any confusing issues with using PostgreSQL. PostgreSQL offers more security and features than MySQL; for example, the use of roles to more easily manage user privileges. Other features that PostgreSQL offers over MySQL are the capability for more complex database queries and the ability to partition data. These features make PostgreSQL more useful to traditional database administrators who may need to create customized ad-hoc reports that require support for advanced structured querying language and functions. Of all three packages, Noblis engineers found that the Oracle XE product provided the best functions. Oracle XE offers the ability to use an open source database product that is based upon a commercial product. Products certified to work with the commercial Oracle relational database should also work with Oracle XE. However, Oracle XE has several limitations over the commercial Oracle product: • It will only process queries at the rate of a single CPU computer even when installed on a machine with multiple CPUs. • The machine can only have one Oracle XE database installed. • The Oracle XE database will not use more than 1 GB of RAM, even if more is available, nor can the database exceed 4GB. Another feature that Oracle XE offers over the MySQL and PostgreSQL solutions is a web-based development and maintenance environment. A database can be designed, implemented, and managed very easily within a GUI. Noblis engineers noted the Oracle XE installation and administration screens used similar if not the same terminology and screens as the commercial version. This similarity reduced the learning curve as Noblis engineers were already familiar with Oracle’s interface and database principles. In the end, the question as to which open source database to use – or whether to use an open source database over a commercial database product – comes down to the needs and requirements of the individual law enforcement agency. The available open source databases do offer a potentially viable solution. However, each one comes with restrictions. If these restrictions are not acceptable, a law enforcement agency may be better served by utilizing a commercial database product. 34 6-8
  • 53. Open Source Software Use in Law Enforcement 7 RECOMMENDATIONS Open source has started to make inroads in many market segments and therefore, it can no longer be seen as a “second class” computing format – not with IBM, Novell, Sun, and others participating in its creation, distribution, and support. Hardware vendors have been in the open source market for some time – HP since at least 1999, IBM since 1998; recently, Dell agreed – after input from the user community – to consider expanding their sales, service, and support of computers with an open source operating system. 35 While the computing landscape has become much more hospitable to the open source community, how it interplays with law enforcement is, for the purpose of this study, the key issue. How can law enforcement leverage this success to benefit the communities they serve? In some areas, recommending open source solutions is easy and straightforward. In other cases, the arguments for open source solutions are less clear. The current state of open source computing as related to law enforcement is a mixed bag with many of the common needs competently provided for while others remain lacking and, in some cases, non-existent. As with any technology, proper use of open source software can help law enforcement expand the IT capabilities available to the officer on the street. Agencies with limited funding or size can still follow a recommended approach and apply specific niche open source software packages according to the practitioner implementation advice provided in this final section. 7.1 Using Open Source Software There are many areas where law enforcement can immediately benefit from open source solutions. The operating system and desktop environments that currently exist are very compatible with the needs of law enforcement. Along with the customization available, the compatibility with numerous hardware platforms, and minimal resources required to operate (in many cases), open source offers a high return on investment with a low risk of system failure. This is not to say that all compatibility issues are resolved; they are not, but many such conflicts can be resolved. Establishing an open source operating system with an integrated desktop environment can be done for the user/client side, as well as the server side, of the agency architecture. As discussed in Section 6, the operating system can be large and full-featured or small and compact. Both are viable alternatives and should be selected based on an agency’s needs. Open source software can cover all of the basic – and many of the advanced – needs of law enforcement in the office suite genre. Report writing and generation can be quickly set up with one of several open source word processing applications. Email – secure and non-secure – is available and readily deployable, as are several web browsing utilities. Combined with robust open source calendar/scheduling software, accounting/budgeting software, and presentation/screen cast software, many of the basic office tasks can be accomplished solely with open source applications. The open source community has a number of very powerful database applications that can be utilized by law enforcement – just as they have already been deployed in numerous other fields where continual function is critical, such as banking, government services, and healthcare. Reliability of these systems is crucial and has been successfully demonstrated with deployments of MySQL 5.0, PostgreSQL 8.2, and Oracle XE 10g. 36 For departments wishing a web presence, the open source Apache web server—the primary web server world wide – should be on the “short list” of applications to consider. Apache’s secure and robust 35 36 Why Open Source Software/Free Software (OSS/FS)? Look at the Numbers!, David A. Wheeler, Revised: November 7, 2004 7-1
  • 54. Open Source Software Use in Law Enforcement software have made it the leading web server since April 1996. 37,38 A very active user community provides excellent technical support with rapid turnaround. For both intrusion prevention and detection, the open source community responds with tools appropriate for law enforcement consideration. For protecting a department’s electronic assets, firewalls and authentication and security tools exist that have the benefit of not only being time-tested but also – due to their open source nature – have source code available for review that allows extended inspection and testing to validate their security claims. The products that have overcome such review satisfactorily can be considered worthy candidates for an agency’s consideration. The computer forensics field has trusted open source applications for years to aid in the detection and documentation of computer-enhanced crimes. Tools such as Autopsy, the Coroner’s Toolkit (TCT), Foremost, and the Penguin Sleuth Kit are commonly used in the forensics arsenal. They bring with them the ability to penetrate numerous defenses while allowing access to key data without compromising the system being examined. Certain tools available to law enforcement are so innocuous and transparent that they allow their use without revealing to the target that they are under surveillance. For a department with the skills and interest in progressing the state of the art or just the need to tweak its current setup, open source tools are available for programming and testing applications. Whether the agency would benefit from a small applet created with Java SE or a full application written in Python, the open source approach provides a wide selection of tools, scripting languages, and compilers. 7.1.1 Law Enforcement Specific Software Remains Lacking Not all needs of the law enforcement community can be met by open source applications. Currently, there are web-based computer aided dispatch projects in the works that aim to assist departments in their call management duties. These remain in the development stage and no stand-alone, law enforcement specific applications have been released covering records management; inventory, property and evidence; or booking. In addition, there are no known applications in existence that cover fleet maintenance or traffic accident reconstruction. The Public open source Safety Environment (PosSE) project sponsored by OSSI 39 is one attempt to create a suite of applications suitable to the specific needs of law enforcement. The first component released by the project is JMS, which has been deployed in Mississippi and Texas. Additional components planned include records management (incorporating warrant management and UCR/NIBRS reporting), computer aided dispatch, and courts record management. 7.1.2 Costs: Not All Savings Are Monetary It is essential to remember that while police departments across the nation are being asked to do more, often with fewer resources, moving to an open source architecture is not a panacea. It is possible to enjoy substantial cost savings over a proprietary-only system, but it is not guaranteed. Support costs, staff training, and maintenance costs need to be factored into the decision. The benefits of low acquisition costs, hardware longevity, and system uptime, combined with a trustworthy and competent support staff – essential for both open and closed environments – can provide a savings in the overall IT budget. Converting to open source, either full or partial, also offers the rare opportunity to review operational processes from the ground up. This approach provides an opportunity to 37 38 March, 2007 39 7-2
  • 55. Open Source Software Use in Law Enforcement excise outdated methods and replace them with more streamlined procedures appropriate to today’s needs, which in turn may provide for a more efficient and effective agency. 7.2 Recommended Approach for Open Source Adoption by Law Enforcement Three potential approaches exist for agencies wishing to undertake an open source IT system: the clean- slate approach, a full conversion, and a hybrid approach. With few exceptions, the first two are beyond the means of most police departments. A clean-slate approach would only be appropriate for an agency without a pre-existing IT system or one so nascent that they can walk away from it with no loss of productivity. In these cases, it would be possible to set up the department’s IT structure from the ground up. Selecting equipment and applications, installing systems, and training personnel would be a large exercise that would require the assistance of every member of the agency. This approach has been successfully documented within the study for agencies that shared IT resources with other local government offices. In these cases, the IT staff had a strong interest in open source from the outset and guided its progression as the community developed its information infrastructure. A full conversion – the process of replacing all proprietary systems with open source systems – has not been discovered domestically by the study. Foreign law enforcement agencies have had the opportunity to attempt such a plan, reportedly with mixed reviews. The level of complexity and preparation needed to accomplish such an endeavor is beyond the reach of most, if not all, departments without significant resources from the outside. For this reason, a full conversion is deemed outside the scope of this effort. This leaves a third and very viable approach suitable for many departments interested in changing their information systems architecture. To gain the benefits of open source software while maintaining their existing IT investment, law enforcement agencies should follow the hybrid approach to adopting open source software. The hybrid approach allows agencies to integrate open source applications with existing closed source systems. The speed at which the integration occurs is flexible since an exchange of components can occur at the individual component level. The option to use a closed source package remains if a mature open source package is not available. Open source software currently provides viable options in specific business areas that may help agencies reduce cost while remaining interoperable with adjacent jurisdictions. Agencies should consider evaluating the open source packages listed in the Table 5. Table 5. Open Source Software Packages Application Area Open Source Software Vendor/Application Name Database Oracle Express PostGres MySQL Desktop Operating System Ubuntu Linspire Knoppix Office Productivity Suites OpenOffice Star Office KOffice Web Browsers Firefox Netscape Opera Although these packages provide open source alternatives for specific business functions, an open source option does not exist for every IT service area that an agency needs. Therefore, an agency should not attempt to convert a closed source environment completely toward an open source based equivalent model without extensive technical support. Such an effort has typically required programming staff to create the interfaces and provide customization of the open source packages. In the cases of Largo, Florida, and Garden Grove, California, both cities had users that did not initially have home computers or staff accustomed to the Microsoft Windows operating system. Most agencies today have workstations 7-3
  • 56. Open Source Software Use in Law Enforcement running a Windows operating system and their staff frequently run Windows on their home computers. Switching to open source software in the work environment may require a learning curve that runs counter to the familiar Windows interface. This concern can be addressed by implementing a desktop environment that emulates the “Windows experience.” Closed source computer aided dispatch, records management systems, and some training software remain more mature than the model open source projects discussed in this document. The closed source software often adheres to standards, a uniform set of testing procedures, and established user communities organized by the vendor. Table 6 shows law enforcement specific functions that do not have a mature open source software option. Table 6. Law Enforcement Functional Areas Without Mature Open Source Options Application Area Open Source Software Computer Aided Dispatch (CAD) Tickets (prototype) Records Management System CAPSIT (RMS) Agency Personnel and Training Training Database Investigation Penguin Sleuth Kit NIST Fingerprint Kit Foremost 7.3 Advice from Practitioners for Using Open Source Software Table 7 presents recommendations for agencies considering the use of open source software. These recommendations come from the national survey and interviewed practitioners on their lessons learned and their own experiences with open source software. The tabulated feedback is categorized without prioritization. Table 7. Open Source Software Implementation Advice Category Recommendation Business Case Do not over sell open source capabilities to political decision makers. Agencies must understand the benefits and limitations of using open source software before approaching political leaders. Business Case Available support packages should exist before executives will consider supporting the use of any open source package. Change Introducing open source software without educating users about the benefits and Management advantages can cause morale issues. Users perceive management is forcing use of substandard tools just to save money. Need versus If an open source solution does not exist or is not mature enough to meet the Function need, then find a closed source solution. Financial Financial savings comes through reduced administrative cost, licensing, and lower acquisition costs that is not always obvious in agency budgets. Implementation Conduct a pilot test of the open source system in phased stages before attempting an enterprise-wide deployment. 7-4
  • 57. Open Source Software Use in Law Enforcement 7.4 Final Thoughts While this project has addressed many current needs in the open source/law enforcement environment, a number of issues remain open for study. Little information is currently available on agencies in the United States that have attempted to convert from a fully closed environment to an open one. It is known that such efforts have been attempted overseas with mixed results. The lessons learned by these agencies, successful or not, could be of tremendous value to domestic law enforcement agencies. In addition, a resource directory of current law enforcement agencies that have implemented open source solutions would be of great value. Knowledge could be shared among the agencies as a way to leverage the need for capable technicians and programmers without having to commit full-time resources. Furthermore, a set of CDs could be created that support an agency’s attempt to introduce open source with minimal impact. The semi-automated set envisioned could allow the agency to set up a department’s desktop or laptop computer(s), web site, secure email, and basic reports system in a matter of minutes. More advanced applications could be included to allow a fuller depth of service to the agency. Such a package would not only be useful for an agency desiring to switch some activities to open source, but it would also provide a limited proof-of-concept to demonstrate the potential to the department’s political leaders. 7-5
  • 58. Open Source Software Use in Law Enforcement APPENDIX A GLOSSARY OF ACRONYMS API Application Programming Interface COTS Commercial Off-the-Shelf CPU Central Processing Unit DNS Domain Name Server/Service DOD Department of Defense FTP File Transfer Protocol FUD Fear, Uncertainty, Doubt GNU Gnu’s Not Unix GPL General Public License GUI Graphical User Interface IS Information System ISP Internet Service Provider ISV Independent Service Vendor IT Information Technology LSB Linux Standard Base OS Operating System OSI Open Source Initiative OSS Open source software RDBMS Relational Database Management System ROI Return on Investment RPM Red Hat Package Manager SMP Symmetric Multiprocessing SWOT Strengths, Weaknesses, Opportunities, and Threats TCO Total Cost of Ownership TCP/IP Transmission Control Protocol/Internet Protocol VAR Value Added Reseller A-1
  • 59. Open Source Software Use in Law Enforcement APPENDIX B WEB SURVEY OF LAW ENFORCEMENT AGENCIES Understanding how agencies across the nation view the use of open source is an important part of measuring how receptive law enforcement agencies are to using open source software. Although many large agencies have programming and information technology (IT) resources, the survey targeted smaller agencies that may only have Internet access and limited IT resources. Noblis engineers utilized an open source based web survey application that facilitated the collection of data from agencies around the nation. Survey Design and Structure The Web Survey Tool box provided an open source platform for designing forms and questions that users could easily respond to without any training. The responding agencies only needed a web browser and local system permission to access the survey web site. Noblis engineers sent out an email that introduced the project, provided the link to the survey web site, and also attached PDF/Microsoft Word versions of the survey. A few respondents did need to use the paper forms to respond as their local network security measures prevented them from accessing the survey website. Figure 18 shows a setup screen from the Web Survey Tool. Figure 18. Web Survey Setup Screen The survey consisted of ten questions on the agency’s use of open source software and typically took a user three minutes to complete. Based on previous survey experience and similar data collection efforts with the Police Executive Research Forum (PERF), Noblis engineers designed the survey with the following concepts: • Short Time Commitment: Designing a simple, short survey provided more results by a wider variety of respondents that were not required to write long responses. B-1
  • 60. Open Source Software Use in Law Enforcement • Easy-to-Use Interface: The web-based multiple-choice checkbox approach provided a simple form that mirrored other online applications. Users had the option of skipping a question in the event that they did not use open source or have the resources to perform a specific function. Respondents did not know they were using an open source package to enter their data into the survey. • Relational Database with Auditing and Analysis Tools: The Web Survey Tool box provided a MySQL back-end database, as well as features that allowed for user information checks. The Tool box also included basic survey data analysis tools for processing and graphing the results. Noblis engineers then took a combination of these concepts and a list of open source questions to create survey form pages, such as the example shown in Figure 19. Figure 19. Completed Web Survey Question Form Due to the simple nature of the survey, a linear page flow design was sufficient to organize and present the questions (see Figure 20). Agency representatives first entered their agency information, which then triggered the question form pages. Noblis engineers posted the completed web survey application to a web server that was secured by a firewall. Figure 21 illustrates the basic structure for interactions between law enforcement agencies and the open source survey application. B-2
  • 61. Open Source Software Use in Law Enforcement Figure 20. Agency Information Screen for Open Source Survey Internet Analysis Web Server Firewall Database Survey Form Law Data Enforcement Survey Form Agency CCJT Open Source Survey Figure 21. Open Source Survey Setup Diagram Figures 22 through 26 present the questions respondents received via the web survey. B-3
  • 62. Open Source Software Use in Law Enforcement Figure 22. Open Source Survey Question Screen 1 B-4
  • 63. Open Source Software Use in Law Enforcement Figure 23. Open Source Survey Question Screen 2 B-5
  • 64. Open Source Software Use in Law Enforcement Figure 24. Open Source Survey Question Screen 3 B-6
  • 65. Open Source Software Use in Law Enforcement Figure 25. Open Source Survey Question Screen 4 B-7
  • 66. Open Source Software Use in Law Enforcement Figure 26. Open Source Survey Question Screen 5 B-8
  • 67. Open Source Software Use in Law Enforcement Figure 27. Example Raw Data Spreadsheet Generated from Open Source Survey Application B-9
  • 68. Open Source Software Use in Law Enforcement Figure 28. Example Analysis Chart Generated from Open Source Survey Application B-10
  • 69. Open Source Software Use in Law Enforcement APPENDIX C SITE QUESTIONNAIRE The following questions were used at each site the team visited. NOTE: Mitretek Systems, a nonprofit science, technology and strategy organization founded in 1996, has changed its name to Noblis. Any reference to Mitretek is an equivalent reference to Noblis. OPEN SOURCE SOFTWARE QUESTIONNAIRE Thank you for your time in completing this questionnaire. Your answers will help provide an understanding of the use and application of open source software in law enforcement agencies. Please complete and return by April 20, 2006. Please mail or fax your completed questionnaire to: Michael Welch, Mitretek Systems, Inc. 3150 Fairview Park Drive S – MS F310, Falls Church, VA 22042 Fax: 703-610-2203; phone (for questions): 703-610-2315 Overview 1. Agency Name:____________________________________________________________________ 2. Name:________________________________ Title:_____________________________________ 3. Mailing Address:__________________________________________________________________ 4. Phone:_______________________ Email:______________________________________________ 5. Jursidiction:______________________________________________________________________ 6. Primary Point of Contact for the Organization: Name: ____________________________________ Title: ____________________________________ Telephone: ________________________________ Email: ____________________________________ Use of Open Source 1. Does your agency use any of the following open source components? If NO, please continue to Part C. Open source desktop operating system Word processing suite Web server/ portal Open source database Records Management System Email server Other: _____________________________________________ 2. Who makes the software that you use above? ____________________________________________ C-1
  • 70. Open Source Software Use in Law Enforcement 3. In using your open source software components, have you encountered any of the following: Difficulty installing and/or maintaining the component. Difficulty training users and/or users who are resistant to change. An unstable software platform with many errors Compatibility issues with current applications Other: _____________________________________________ 4. Explain Briefly your response to question 3: _____________________________________________ Potential Use of Open Source 1. What are some reasons your agency might consider using open source software? Lower costs in acquisition, maintenance, and licensing Less reliance on a single platform vendor Re-Use of legacy hardware at station, in field or satellite office New open source based applications Others (e.g., regional pawn database): ___________________________________________________ 2. What are some reasons that would cause your agency to not consider using open source components? High lifecycle costs Lack of patch management, updates, documentation Lack of technical support Lack of training Users accustomed to Microsoft operations and interfaces Lack of applications and functionality Others : ______________________________________________________________ 3. Which approach would you pick to implement using open source software? Would not implement open source software Only specific applications such as office suites Network components such as web server, email, desktop operating system Replace entire network architecture to open source components Other : _______________________________________________________________ General Question on Open Source 1. What areas of open source software need to improve to speed adoption and use by law enforcement agencies? Training Technical Support Software maintenance Software functionality Compatibility with Microsoft Programs List any others (e.g. email server): _____________________________________________ 2. If you could start over, what three things would you do differently? ________________________________________________________________________ 3. If you had to start over, what three things would you do the same? ________________________________________________________________________ C-2
  • 71. Open Source Software Use in Law Enforcement APPENDIX D COMPONENT PACKAGES IN THE “POPULAR” DISTRIBUTION As listed in Section 6, the popular distributions are far from the only ones available. They do, however, provide a spectrum of packages available that vary to a degree, based primarily on the intended audience. Below is an overview of the distributions and accompanying packages. D-1
  • 72. Open Source Software Use in Law Enforcement Ubuntu Mandriva openSUSE Debian Description Fedora 6 6.10 2007 10.2 GNU/Linux OS Basics Release Date 10/26/2006 10/3/2006 12/7/2006 10/24/2006 6/6/2005 Home Page Languages Supported (1) 40+ >100 Multiple Multiple Multiple Software in the Canonical Vendor Mandriva Novell Red Hat Public Interest, Ltd. Inc. File Manager (Nautilus) 2.16.0 2.16.0 2.16.0 2.16.0 2.8.1 GCC Compiler Collection 4.1.1 4.1.1 4.1.3 4.1 3.3.5 Installation Graphical Graphical Graphical Graphical Text based Linux Kernel 2.6.17 2.6.17 2.6.18 2.4.27 Package Manager DEB RPM (urpmi) RPM RPM (yum) DEB i586, ppc, i386, x86_64, Supported Processor(s) i386, ppc i586, x86_64 i386, ppc x86_64 ppc Networking and Security An implementation of DNS BIND 9.3.2 9.3.2 9.3.2 9.3.2 9.2.4 protocol Allows for automatic IP DHCP 3.0.4 3.0.4 3.0.5 3.0.4 3.0.1 configuration A standard printing utility CUPS 1.2.4 1.2.3 1.2.7 1.2.4 1.1.23 interface Allows encrypted sessions OpenSSH 4.3p2 4.3p2 4.4p1 4.3p2 3.8.1p1 between client and host Encryption library for Secure OpenSSL 0.9.8b 0.9.8b 0.9.8d 0.9.8b 0.9.7e Sockets Layer (SSL) A pseudo operating system Wine -- 0.9.20 0.9.24 Available 20050310 emulator for X Windows Programming Tools A toolkit for creating GNOME GTK+ 2.10.6 2.10.3 2.10.6 2.10.4 2.6.4 desktop GUIs A suite of web development KDE Web Dev 3.5.5 -- 3.5.5 3.5.4 3.3.2 packages for KDE Provides tools to develop and Mono run .NET client and server 1.1.18 -- applications within Linux A cross-platform programming Perl 5.8.8 5.8.8 5.8.8 5.8.8 5.8.4 language An HTML-embedded scripting php 5.1.6 5.1.6 5.2.0 5.1.6 4.3.10 language A dynamic object-oriented Python 2.4.4 2.4.3 2.5 2.4.3 2.3.5 programming language Framework for the creation of qt-x11 3.3.6 3.3.6 3.3.7 3.3.6 3.3.4 applications Desktop / GUI Desktop(s) GNOME KDE GNOME, KDE GNOME, KDE GNOME C (programming language) GNU C Library 2.4 2.4 2.5 2.5 2.3.2 library for the OS kernel Base applications of the KDE KDE Base 3.5.5 3.5.4 3.5.5 3.5.4 3.3.2 desktop File manager for the GNOME Nautilus 2.16.1 2.16.0 2.16.1 2.16.0 2.8.2 desktop Xfce An X11 window manager -- -- 4.2.3 Available 4.0.5 An implementation of the X Xorg 7.1 7.1 7.2 7.1 -- Window System D-2
  • 73. Open Source Software Use in Law Enforcement Ubuntu Mandriva openSUSE Debian Description Fedora 6 6.10 2007 10.2 GNU/Linux Applications / Email / Browsers GNOME GNOME Office, GNOME Office, KOffice, Office Package(s) Office, KOffice, OpenOffice KOffice, OpenOffice OpenOffice OpenOffice OpenOffice KOffice Office suite 1.5.2 1.5.91 1.6.0 Available 1.3.5 OpenOffice Office suite 2.0.4 2.0.3 2.0.4 2.0.4 1.1.3 AbiWord Word Processing application 2.4.5 -- 2.4.5 Available 2.2.7 Emacs Advanced text editor 21.4a 21.4 21.3 21.4 21.4a Vim Text editor 7 7 7 7 6.3 An internet application suite: SeaMonkey -- -- 1.0.99 -- -- email, browser, IRC chat… Integrated mail, address, Evolution 2.8.1 2.8.0 2.8.2 2.8.0 2.0.4 calendar application Firefox Web browser 2 2 1.0.4 Thunderbird Email application 1.0.2 Gnumeric Spreadsheet application 1.7.0 1.7.0 1.6.3 Available 1.4.3 Gaim Instant Messaging Application 2.0.0beta3 2.0.0beta3 1.5.0 2.0.0 Beta3 1.2.1 Databases The most popular Internet web Apache 2.0.55 2.2.3 2.2.3 2.2 2.0.54 server since April 1996 Database application and MySQL 5.0.24a 5.0.24a 5.0.26 5.0.22 4.0.24 server - a key part of LAMP Oracle Berkeley A family of open source 4.4.20 4.2.52 4.4.20 4.3.29 4.3.27 Database embeddable databases A powerful, open source PostgreSQL 8.1.4 8.1.4 8.1.5 8.1.4 7.4.7 relational database system Audio / Video Apps & Services Advanced Linux Provides audio and MIDI Sound Architecture functionality to the Linux √ √ √ √ √ (ALSA) Compliant operating system ALSA Version 1.0.11 1.0.12 1.0.13 1.0.12 1.0.8 xine A multimedia player 1.1.2 1.1.2 1.1.2 1.0.1 The GNU Image Manipulation GIMP 2.2.13 2.3.10 2.2.13 2.2.13 2.2.6 Program A CD and DVD creator for K3b 0.12.17 0.12.17 0.12.17 0.12.15 0.11.20 Linux, optimized for KDE Captures motion and sound Screencast from computer display for istanbul Application later playback NOTES: (1) Online support tends to be even more prevalent D-3
  • 74. Open Source Software Use in Law Enforcement Listed below are popular software packages found in many open source distributions, including those listed above, and their purpose. Note: this is a very small list compared to the totality of what is available. A simple web search will reveal hundreds, if not thousands, of available packages. AbiWord Word processing application Apache Web server application The Berkeley Internet Name Domain, an open source software implementation of BIND the Domain Name System (DNS) protocols CUPS Common UNIX Printing System DHCP A Dynamic Host Configuration Protocol distribution Emacs Advanced real-time display editor Integrated mail, address book, and calendaring functionality for users of the Evolution GNOME desktop Firefox Web browser Gaim A multi-protocol instant messaging (IM) client GCC Compiler A set of programming language compilers for C, C++, Objective-C, Fortran, Java, Collection and Ada GIMP The GNU Image Manipulation Program GNU C Library The C library in the GNU system and most systems with the Linux kernel Gnumeric Spreadsheet application GTK+ A multi-platform toolkit for creating graphical user interfaces K3b KDE optimized CD/DVD creator KDE Base A graphical desktop environment for Linux and Unix workstations A suite of applications that can help in designing web pages, database back ends, KDE Web Dev XML document creation, or small desktop apps KOffice Office suite for the KDE desktop Linux Kernel The central module of an operating system Provides the necessary software to develop and run .NET client and server Mono applications on Linux, Solaris, Mac OS X, Windows, and Unix MySQL The MySQL® database Nautilus A graphical shell for the GNOME desktop environment D-4
  • 75. Open Source Software Use in Law Enforcement OpenOffice Suite of office applications Provides traffic encryption, secure tunneling capabilities and authentication, OpenSSH supports all SSH protocols Open source toolkit implementing Secure Sockets Layer (SSL v2/v3) and OpenSSL Transport Layer Security (TLS v1) protocols Oracle Berkeley A family of open source embeddable databases Database Perl A stable, cross platform programming language php A widely-used general-purpose scripting language PostgreSQL PostgreSQL is a powerful, open source relational database system Python A dynamic object-oriented programming language Qt is a comprehensive cross-platform C++ application framework which aids in qt-x11 building single-source applications that run natively on X11 Screencast Allows recording of full video and audio content from the computer, geared Application towards training and instruction Web-browser, advanced e-mail / newsgroup client, IRC chat client, and HTML SeaMonkey editing program Thunderbird A full-featured email application Vim Configurable text editor Xfce Lightweight desktop environment xine Multimedia player Xorg Open source implementation of the X Window System Wine Allows X Windows to run programs written for Microsoft Windows X Windows A network transparent window system D-5
  • 76. Open Source Software Use in Law Enforcement APPENDIX E DATABASE FEATURE COMPARISON MATRIX Key to Symbols √ Feature supported X Feature not supported * External or unofficial support E-1
  • 77. Open Source Software Use in Law Enforcement MySQL 5.0 PostgreSQL 8.2 Oracle XE 10g General Database Connections Multiple Multiple Multiple Concurrent Access to Multiple √ √ √ Databases Multi-version Concurrency √ √ √ Control Unicode Support √ √ √ Replication Support √ √ X License GPL BSD Oracle License Specifications SQL 99 X √ √ ODBC √ √ √ Relational Database Features Sequences/Auto-increment √ √ √ Column User Defined Functions √ √ √ Update-capable Views √ √ √ Referential Integrity √ √ √ Trigger Statement / Row Level √ √ √ Trigger Before / After √ √ √ Trigger Nesting X √ √ Trigger Compound √ √ √ Domains X √ √ BLOB √ √ √ CLOB √ √ √ Name Length Limit 64 64 30 Delimited Identifiers √ √ √ Stored Procedures √ √ √ Procedural Languages PL/SQL (or equivalent) √ √ √ Java X * √ Python √ √ * Perl √ √ * PHP √ √ √ Ruby X * * E-2
  • 78. Open Source Software Use in Law Enforcement MySQL 5.0 PostgreSQL 8.2 Oracle XE 10g Data Query Language Joins √ √ √ Subqueries √ √ √ Nested Queries √ √ √ Correlated Subqueries √ √ √ Query in FROM Clause √ √ √ Multi-column Predicate √ √ √ Expression Group By √ √ √ Support Order By √ √ √ Union (Distinct/All) √ √ √ Intersection (Distinct/All) X √ √ Except (Distinct/All) X √ √ Full Text Search √ √ √ Java/JDBC JDBC 3.0 √ √ √ J2EE Certified X * √ Pooled Connections √ √ √ SavePoints √ √ √ Database Metadata Imported/Exported √ √ √ Keys/CrossRefs ResultSet √ X √ GetAutoGeneratedKeys Native Language Support C/C++ √ √ √ C#/.Net √ √ √ PHP √ √ √ Perl √ √ √ Python √ √ * Ruby √ √ * E-3
  • 79. Open Source Software Use in Law Enforcement MySQL 5.0 PostgreSQL 8.2 Oracle XE 10g Security Users √ √ √ Role X √ √ Privilege √ √ √ Encryption √ √ √ Database Administration Tools WinMySQL Admin, MySQL Oracle XE Admin, Administrator, Tools PgAdmin, psql, phpPgAdmin Import/Export, command MySQL Query line Browser,Command Shell Hot Backup * √ √ Table Spaces √ √ √ Point in Time recovery * √ √ Table partitioning X √ √ Graphical Interface Creating Database Objects √ √ √ Manipulate Data in Database Objects √ √ √ Viewing Properties of Various √ √ √ Database Objects Graphical Interface to Execute SQL √ √ √ Queries Support for Executing Multiple Queries √ √ √ Simultaneously E-4
  • 80. Open Source Software Use in Law Enforcement APPENDIX F REFERENCES 1. City of Fullerton, California 4. Mississippi Jail Management Helen Hall John M. Weathersby, Jr. IT Manager Executive Director City of Fullerton Open Source Software Institute 303 West Commonwealth 3610 Pearl Street Fullerton, CA 92832 Hattiesburg, MS 39401 Office: 714-738-5309 Office: 601-427-0152 Email: Email: Meeting Date: May 16, 2006 Meeting Dates: November 9-10, 2006 2. City of Garden Grove, California 5. Pennsylvania State Police Computer Forensics Charles Kalil Information Systems Manager Trooper Jon S. Nelson #7386 City Manager’s Office Pennsylvania State Police City of Garden Grove Bureau of Criminal Investigation 11222 Acacia Parkway Computer Crime Unit Garden Grove, CA 92842 Area I Task Force Coordinator Office: 714-741-5095 Office: 484-340-3609 Email: Email: Meeting Dates: May 15-17, 2006 Meeting Date: August 21, 2006 3. City of Largo, Florida Harold A. Schomaker IT Manager/CIO Management Services Department City of Largo 201 Highland Avenue Largo, FL 33779 Office: 727-587-6746 Email: Meeting Date: July 24, 2006 F-1