Providing Unbiased and Objective Technical Assistance

Enabling Criminal Justice Information Exchange

Modernizing Crimina...
NTR-2007-024
Noblis Technical Report



Open Source Software Use in Law
Enforcement
June 2007

Mun-Wai Hon
Gregory A. Russ...
Open Source Software Use in Law Enforcement



Executive Summary
This report provides an overall picture of how some law e...
Open Source Software Use in Law Enforcement


This document concludes by providing interested agencies with recommendation...
Open Source Software Use in Law Enforcement



Acknowledgments
The authors would like to express their appreciation to the...
Open Source Software Use in Law Enforcement



TABLE OF CONTENTS
1   INTRODUCTION                                         ...
Open Source Software Use in Law Enforcement



TABLE OF CONTENTS (continued)
    4.3   Strength, Weakness, Opportunities, ...
Open Source Software Use in Law Enforcement



TABLE OF CONTENTS (continued)
    7.2   Recommended Approach for Open Sourc...
Open Source Software Use in Law Enforcement




LIST OF TABLES
Table 1. Open Source Applications Used by Garden Grove     ...
Open Source Software Use in Law Enforcement




LIST OF FIGURES
Figure 1. Project Approach                                ...
Open Source Software Use in Law Enforcement



1 INTRODUCTION
Law enforcement agencies are relying more and more on techno...
Open Source Software Use in Law Enforcement


system, office suite, and database environments. The reviews also identify t...
Open Source Software Use in Law Enforcement



2 PROJECT APPROACH AND METHODOLOGY
The phased approach shown in Figure 1 wa...
Open Source Software Use in Law Enforcement


2.2       Phase 2: Collecting Data from Law Enforcement Organizations
Severa...
Open Source Software Use in Law Enforcement


standard system configuration, project team members installed and examined t...
Open Source Software Use in Law Enforcement



3 OPEN SOURCE SOFTWARE
It is important that law enforcement agencies develo...
Open Source Software Use in Law Enforcement


3.1.3   Defining Open Source Software
As mentioned above, open source softwa...
Open Source Software Use in Law Enforcement


3.1.4    Open Source Software Licensing
The GNU General Public License (GPL)...
Open Source Software Use in Law Enforcement


Examples of the most commonly known open source operating systems are:
    •...
Open Source Software Use in Law Enforcement


3.2.2   Support for Open Source Operating Systems
It is important to repeat ...
Open Source Software Use in Law Enforcement


developers can make use of the patented material for open source application...
Open Source Software Use in Law Enforcement


      •    Mandriva Linux: Continuing in the international vein, Mandriva Li...
Open Source Software Use in Law Enforcement


      •    Open Source Development Is Something New. Open source software is...
Open Source Software Use in Law Enforcement




            Figure 3. Typical Small to Medium-Sized Agency Closed Source A...
Open Source Software Use in Law Enforcement




                                        Remote Desktop
                   ...
Open Source Software Use in Law Enforcement


products, users may be unfamiliar with the open source interface and be resi...
Open Source Software Use in Law Enforcement



4 OPEN SOURCE SOFTWARE – IS IT APPROPRIATE FOR
  LAW ENFORCEMENT?
Many agen...
Open Source Software Use in Law Enforcement


state, county, and/or municipality in which the agency resides. In this case...
Open Source Software Use in Law Enforcement


      •    Integration with law enforcement environment. The open source sof...
Open Source Software Use in Law Enforcement


functions open source software can provide and a lack of technical resources...
Open Source Software Use in Law Enforcement




                   Survey Results: Reasons Not to Use Open
               ...
Open Source Software Use in Law Enforcement


        intensive hardware requirements, which allow agencies to leverage ol...
Open Source Software Use in Law Enforcement


        law or police that are under development. This represents an opportu...
Open Source Software Use in Law Enforcement


Based on the PEST, SWOT, and national survey results, law enforcement agenci...
Open Source Software Use in Law Enforcement


issue in many circumstances, as many open source applications can run on les...
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Open Source Use in Law Enforcement
Upcoming SlideShare
Loading in...5
×

Open Source Use in Law Enforcement

6,170

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
6,170
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
115
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Open Source Use in Law Enforcement

  1. 1. Providing Unbiased and Objective Technical Assistance Enabling Criminal Justice Information Exchange Modernizing Criminal Justice Processes Open–Source Software Use in Law Enforcement NOBLIS TECHNICAL REPORT NTR-2007-024 Contract Number 2001-LT-BX-K002
  2. 2. NTR-2007-024 Noblis Technical Report Open Source Software Use in Law Enforcement June 2007 Mun-Wai Hon Gregory A. Russell Michael J. Welch Supported Under Cooperative Agreement 2001-LT-BX-K002 Office of Science and Technology National Institute of Justice Office of Justice Programs U.S. Department of Justice The opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the Department of Justice. The products and manufacturers discussed in this document are presented for informational purposes only and do not constitute product approval or endorsement by the U.S. Department of Justice. Noblis strives to provide the latest and most complete information in its documents and makes such documents available for informational purposes only. Reproduction or other use of this document or its contents for commercial gain is expressly prohibited. Noblis is not responsible for the use of the information provided herein. Cover design by Mary Brick, Noblis ©2007 Noblis. All rights reserved.
  3. 3. Open Source Software Use in Law Enforcement Executive Summary This report provides an overall picture of how some law enforcement practitioners are turning to the use of open source software to respond to growing information technology (IT) needs in the midst of shrinking budgets. After a brief introduction to open source software, this report covers how some law enforcement practitioners currently are using open source software in areas ranging from basic office automation functions to hosting their computer-aided dispatch system. Based on a literature search, national survey results, and site visits, this document provides guidance to answer a number of questions: • What is open source software and why is there so much excitement about it? • Have any law enforcement agencies deployed open source software, and if so, how successful has the deployment been? • What are some open source software products for desktop operating systems and databases? • Do open source solutions exist for common law enforcement applications, such as records management? • Has there been any total cost of ownership or other analysis that shows advantages to using open source software? This document describes how agencies might use open source software to meet their operational needs and how open source software presents an alternative to traditional closed source software packages. The challenges encountered when using open source software – organizational, functional, and cost constraints – are also presented, including first-hand comments from the agencies that the Noblis team visited. In preparing this document, a national survey was conducted that gathered data on the extent and current state of law enforcement use of open source software. Key trends and common themes are highlighted from the survey, as well as important items for agencies to consider as they plan to implement open source software. The survey also attempted to rank the law enforcement operational areas that may be best positioned to benefit from the use of open source software. A number of observations can be made based on survey results, including: • National Survey Result Response 1. Interoperability with Microsoft applications is a key concern for agencies interested in using open source software. • National Survey Result Response 2. Open source software can offer capabilities beyond closed source software packages in areas such as computer forensics. • National Survey Result Response 3. Open source software provides a low-cost to no-cost barrier to evaluating and operating new applications. • National Survey Result Response 4. Agencies that do not purchase closed source applications are considered cheap by end users even if the software functions are comparable. The survey results support the general findings by the Noblis team based on its interviews with law enforcement practitioners. Of the agencies actively using open source software, the majority agree that using open source software would benefit law enforcement functions. ii
  4. 4. Open Source Software Use in Law Enforcement This document concludes by providing interested agencies with recommendations that will help to shape the direction of an open source software implementation while avoiding pitfalls and maximizing the effectiveness of the conversion. Primary recommendations are listed below: • Recommendation 1. It is essential that law enforcement become aware of what is available in open source software and what their colleagues are doing in this arena. • Recommendation 2. The majority of agencies contemplating a move to open source software should consider a hybrid approach that leverages current hardware and software with open source enhancements. • Recommendation 3. Agencies moving to open source software need to get their community leaders on board with the idea early and be ready to demonstrate the benefits and the interoperability of the selected system. • Recommendation 4. Agencies new to open source software and those with more experience need to create common resources for the benefit of other law enforcement agencies interested in exploring the use of open source. iii
  5. 5. Open Source Software Use in Law Enforcement Acknowledgments The authors would like to express their appreciation to the following individuals for openly sharing their experiences. Much of the information contained in this report came from them and their dedicated staff. We appreciate their candor and collaboration. Person Affiliation Charles Kalil Director of Information Technology, City of Garden Grove, California Harold Schomaker Chief Information Officer, City of Largo, Florida Trooper Jon Nelson Task Force Leader, Computer Forensics, Pennsylvania State Police John Weathersby Director, Open Source Software Institute, Oxford, Mississippi Helen Hall Director of Information Technology, City of Fullerton, California Chris Overtoom Information Technology Specialist, City of Fullerton, California The authors would like to acknowledge the contributions made by the agencies and staffs interviewed over the course of this project. Most notably Mr. Harold Schomaker, CIO of the city of Largo, FL who gave us tremendous insight into an alternative architecture. Mr. Charles Kalil with the city of Garden Grove, CA, provided access not only to his agency, but also – on short notice – arranged a meeting with colleagues at another agency who were able to address additional areas of concern. Ms. Helen Hall at Fullerton, IT Director of the city of Fullerton, CA, made herself and her staff available on short notice and providing us with insight into her city’s IT background, architecture, and systems. Mr. Chris Overtoom, Fullerton City Police IT Specialist, demonstrated the city’s CAD (running on an OS platform) and answered numerous technical questions. Trooper Jon Nelson demonstrated numerous open source applications that are currently in use in his computer forensics lab. Mr. John Weathersby arranged for us to view an open source jail-management system. The authors are also indebted to the hundreds of agencies who received and responded to our request for information/survey on the use of open source software in the law enforcement community. Their participation provided a great deal of insight not available from other sources. The authors would also like to express their appreciation to the following individuals without whom this document would not have been possible: Mr. Jeffrey Michaels, Senior Technical Librarian at Noblis, for his extensive research of pertinent subject matter; Mr. John Dobiac, Senior Principal at Noblis, for his careful review and recommendations on technical issues; and Ms. Lynn Dargis, Senior Principal at Noblis, for her unbiased draft review and assistance in making the overall document more coherent for the reader. iv
  6. 6. Open Source Software Use in Law Enforcement TABLE OF CONTENTS 1 INTRODUCTION 1-1 1.1 Definition 1-1 1.2 Background 1-1 1.3 Document Scope 1-1 1.4 Assumptions and Constraints 1-1 1.5 Document Organization 1-2 2 PROJECT APPROACH AND METHODOLOGY 2-1 2.1 Phase 1: Literature Search 2-1 2.2 Phase 2: Collecting Data from Law Enforcement Organizations 2-2 2.2.1 Developing a National Survey 2-2 2.2.2 List of Top Survey and Questionnaire Respondents 2-2 2.3 Phase 3: Site Visits 2-2 2.4 Phase 4: Conducting Lab Trials and Building Feature Comparison Matrices 2-2 2.5 Phase 5: Consolidating Findings and Documenting Study Results 2-3 3 OPEN SOURCE SOFTWARE 3-1 3.1 What is Open Source Software? 3-1 3.1.1 Key Terminology 3-1 3.1.2 Types of Open Source Software 3-1 3.1.3 Defining Open Source Software 3-2 3.1.4 Open Source Software Licensing 3-3 3.2 Operating System Overview 3-3 3.2.1 Open Source Operating Systems 3-3 3.2.2 Support for Open Source Operating Systems 3-5 3.2.3 Linux Introduction 3-6 3.2.4 Popular Linux Distributions 3-6 3.3 Misconceptions about Open Source Software 3-7 3.4 System Architectures: Closed Source, Open Source, Hybrid 3-8 3.4.1 Closed Source Architecture 3-8 3.4.2 Open Source Oriented Architecture 3-9 3.4.3 Hybrid Architecture 3-11 4 OPEN SOURCE SOFTWARE – IS IT APPROPRIATE FOR LAW ENFORCEMENT? 4-1 4.1 The Business Readiness Review for Open Source Model 4-1 4.2 Political, Economic, Social, and Technological (PEST) Analysis 4-1 4.2.1 Political 4-1 4.2.2 Economic 4-2 4.2.3 Social 4-2 4.2.4 Technological 4-2 v
  7. 7. Open Source Software Use in Law Enforcement TABLE OF CONTENTS (continued) 4.3 Strength, Weakness, Opportunities, and Threats (SWOT) Analysis 4-3 4.3.1 Strengths 4-5 4.3.2 Weaknesses 4-6 4.3.3 Opportunities 4-6 4.3.4 Threats 4-7 4.4 Considerations for Adopting Open Source 4-8 4.4.1 Financial Considerations 4-8 4.4.2 Transition/Environmental Considerations 4-8 4.4.3 Political Considerations 4-9 4.5 The Adoption of Open Source 4-9 4.5.1 Challenges for Open Source 4-9 4.5.2 Areas Requiring Improvement or Change 4-11 5 CHARACTERISTICS AND OVERVIEWS OF AGENCIES CURRENTLY USING OPEN SOURCE SOFTWARE 5-1 5.1 Garden Grove, California 5-1 5.1.1 Open Source Workstation Software 5-1 5.1.2 Open Source Databases, System Links, and Police Records Management System 5-2 5.2 Largo, Florida 5-3 5.3 Pennsylvania State Police Computer Forensics Task Force 5-3 5.4 Open Source Software Institute, Mississippi 5-5 6 EVALUATION OF SELECT OPEN SOURCE DESKTOP OPERATING SYSTEM DISTRIBUTIONS, APPLICATIONS, AND DATABASES 6-1 6.1 Open Source Operating System Evaluation 6-1 6.2 Open Source Application Evaluation 6-2 6.2.1 Common Open Source Applications 6-3 6.2.2 Law Enforcement Specific Applications 6-4 6.2.3 Open Source Application Evaluation Criteria 6-4 6.2.4 Open Source Application Evaluation Results 6-5 6.3 Open Source Database Evaluation 6-6 6.3.1 Evaluation Criteria Reference and Customization 6-6 6.3.2 Open Source Database Evaluation Criteria 6-7 6.3.3 Open Source Database Evaluation Results 6-7 7 RECOMMENDATIONS 7-1 7.1 Using Open Source Software 7-1 7.1.1 Law Enforcement Specific Software Remains Lacking 7-2 7.1.2 Costs: Not All Savings Are Monetary 7-2 vi
  8. 8. Open Source Software Use in Law Enforcement TABLE OF CONTENTS (continued) 7.2 Recommended Approach for Open Source Adoption by Law Enforcement 7-3 7.3 Advice from Practitioners for Using Open Source Software 7-4 7.4 Final Thoughts 7-5 APPENDIX A GLOSSARY OF ACRONYMS A-1 APPENDIX B WEB SURVEY OF LAW ENFORCEMENT AGENCIES B-1 APPENDIX C SITE QUESTIONNAIRE C-1 APPENDIX D COMPONENT PACKAGES IN THE “POPULAR” DISTRIBUTION D-1 APPENDIX E DATABASE FEATURE COMPARISON MATRIX E-1 APPENDIX F REFERENCES F-1 vii
  9. 9. Open Source Software Use in Law Enforcement LIST OF TABLES Table 1. Open Source Applications Used by Garden Grove 5-2 Table 2. Open Source Applications Used by Largo 5-3 Table 3. Open Source Applications Used by the Pennsylvania State Police Computer Forensics Task Force 5-4 Table 4. Common Open Source Applications and Functions 6-3 Table 5. Open Source Software Packages 7-3 Table 6. Law Enforcement Functional Areas Without Mature Open Source Options 7-4 Table 7. Open Source Software Implementation Advice 7-4 viii
  10. 10. Open Source Software Use in Law Enforcement LIST OF FIGURES Figure 1. Project Approach 2-1 Figure 2. The OSI Certification Mark 3-2 Figure 3. Typical Small to Medium-Sized Agency Closed Source Architecture 3-9 Figure 4. Thin Client Architecture 3-10 Figure 5. Largo Thin Client Device 3-10 Figure 6. Hybrid Open Source and Closed Source Architecture 3-11 Figure 7. PEST Analysis 4-1 Figure 8. SWOT Analysis 4-3 Figure 9. Survey Results on Reasons to Use Open Source Software 4-4 Figure 10. Survey Results on Reasons Not to Use Open Source Software 4-5 Figure 11. Survey Respondents View of Open Source Software Implementation Approach 4-10 Figure 12. Survey Results on Open Source Software Problems Encountered 4-11 Figure 13. Survey Results on the Areas of Improvement for Open Source Software 4-12 Figure 14. Sites Surveyed that Use Mature Open Source Software 5-1 Figure 15. The Penguin Sleuth Kit Logo 5-5 Figure 16. Screenshot of Open Source Jail Management System 5-6 Figure 17. Survey Respondents Ranking of Open Source Component Importance 6-1 Figure 18. Web Survey Setup Screen B-1 Figure 19. Completed Web Survey Question Form B-2 Figure 20. Agency Information Screen for Open Source Survey B-3 Figure 21. Open Source Survey Setup Diagram B-3 Figure 22. Open Source Survey Question Screen 1 B-4 Figure 23. Open Source Survey Question Screen 2 B-5 Figure 24. Open Source Survey Question Screen 3 B-6 Figure 25. Open Source Survey Question Screen 4 B-7 Figure 26. Open Source Survey Question Screen 5 B-8 Figure 27. Example Raw Data Spreadsheet Generated from Open Source Survey Application B-9 Figure 28. Example Analysis Chart Generated from Open Source Survey Application B-10 ix
  11. 11. Open Source Software Use in Law Enforcement 1 INTRODUCTION Law enforcement agencies are relying more and more on technology to assist them with collecting, analyzing, and sharing information. Currently, many systems are proprietary and require extensive customization that only a specific vendor can perform due to licensing and patent restrictions. Upgrades, software fixes, and new functionality often require agencies to invest a significant amount of time, money, and other resources. Small and medium-sized agencies often lack such resources, yet their need for information technology (IT) tools continues to grow. Faced with little funding and aging technology components, some law enforcement practitioners have turned to using open source software as a cost- effective solution for meeting their technology needs. 1.1 Definition Open source software is software that is provided with the source code used to create the software application. This allows a technologically savvy user an opportunity to fully explore the makeup of the application. Open source software is licensed such that the user has the right to view, modify, and redistribute the code – in original or modified form – as long as they don’t prohibit the same use by others. 1 This type of software is contrasted with proprietary or “closed” software, which does not make the source code available or allow modifications. Another common difference between the two is that proprietary software is updated infrequently via “releases,” while open source software is often under continuous development – including daily updates. Sets of updates are then provided to interested parties as “distributions.” 1.2 Background The purpose of this study is to determine what open source applications exist and which law enforcement operational areas – regardless of agency size – could benefit from the use of open source software. These areas range from performing basic office business functions to gathering and analyzing computer forensic information. The use of open source software to meet information-sharing and other unfunded mandates has attracted the attention of the International Association of Chiefs of Police (IACP) and the National Institute of Justice. Open source software also has the potential to support the modernization of small and rural law enforcement agencies. These agencies typically lack the IT skills and funding available to police departments in metropolitan cities. 1.3 Document Scope This document provides agencies with an introduction to open source software. The document focuses on existing law enforcement applications built using open source software, but it also serves as a guide to help the reader understand the background for successfully deploying open source software. Feature comparison matrices and lab trials of several database and desktop open source packages are included to provide practical, hands-on insight to the study. Details on the specific open source distributions examined and sites visited are found in the Appendices. 1.4 Assumptions and Constraints This document is not a full study of all open source software products and their applicability to law enforcement adoption. Rather, this study should be considered an outline of considerations that should be made prior to adopting an open source software approach. The open source software products reviewed are presented to provide an awareness of the maturity of open source software within the operating 1 A number of additional criteria are required to be “certified” as an open source product, see Section 3. 1-1
  12. 12. Open Source Software Use in Law Enforcement system, office suite, and database environments. The reviews also identify the features of the reviewed products. Specific recommendations cannot be made, as recommendations need to be based upon the features required of the individual law enforcement organization. 1.5 Document Organization The remainder of this report describes key areas of open source software and law enforcement sites that use open source software. Section 2 discusses the project methodology used in this study. Section 3 provides an introduction to open source software and examples of information system architectures that use open source components. Section 4 outlines the analysis on whether open source software is appropriate for law enforcement use. Section 5 provides an overview of some agencies currently using open source software. Section 6 presents the features and evaluation results of selected open source software packages. Finally, Section 7 gives recommendations to law enforcement agencies on using or migrating to open source software. The document includes a set of Appendices. Appendix A provides a glossary of terms. Appendix B describes the design and use of the open source web survey software in collecting data for this project. Appendix C provides a copy of the site visit questionnaire. Appendix D shows components included in popular open source distributions. A summary of open source database features is included in Appendix E. References are included as Appendix F. 1-2
  13. 13. Open Source Software Use in Law Enforcement 2 PROJECT APPROACH AND METHODOLOGY The phased approach shown in Figure 1 was followed to investigate how open source software is currently being used in law enforcement agencies. Figure 1. Project Approach In the first phase, a literature search was conducted to gather background information consisting of previous studies, published examples, and a concise list of agencies currently experimenting with open source software. Concurrent with this effort, a short survey on open source interest, adoption, and concerns 2 was distributed to more than 1,300 randomly selected members of the law enforcement community. For Phase Two, the project team collected data from the law enforcement agencies and organizations identified in Phase One. In Phase Three, the Noblis project team contacted the top four organizations to arrange visits or conference calls to gain an understanding of how their use of open source software evolved and to solicit recommendations that these early adopters would offer to other agencies. Phase Four involved lab trials of open source operating systems, desktop environments, database applications, and office suite packages mentioned by the surveyed sites and research findings. The final phase consolidated findings and documented the study results. 2.1 Phase 1: Literature Search The literature search consisted of three sources: trade journals, internet searches, and research reports. It involved identifying the different types of open source software that were relevant to this study. This study limited its scope to open source operating systems, system utilities, databases, office suites, and law enforcement specific applications. These types of applications provide either the back-end software required to run an application, the software used to help maintain the applications, or the software to perform spreadsheet and word processing functions. In addition, the study was interested in identifying any law enforcement specific applications. The literature search was further constrained by limiting it to certain types of articles. Specifically, this study focused on articles that addressed one of the following aspects of open source components: • Reviewed an open source software component • Compared/contrasted the features of one or more open source components • Discussed the total cost of ownership of one or more of the open source components • Discussed the adoption/use of the component within the law enforcement environment. • Discussed the adoption/use of the component within state/local government • Discussed the adoption/use of the component within industry at large 2 This survey is presented in Appendix B. 2-1
  14. 14. Open Source Software Use in Law Enforcement 2.2 Phase 2: Collecting Data from Law Enforcement Organizations Several weeks into the literature search, the project team had background material and a sense of which law enforcement agencies were using open source software. This background material helped the team develop survey questions that would solicit the necessary data for the study. 2.2.1 Developing a National Survey Using the open source survey tool described in Appendix B, a national survey form was created to identify the extent and current state of law enforcement interest, adoption, and use of open source software. The national survey questions addressed such areas as what open source software deployments exist and how law enforcement agencies view open source software. It also facilitated a ranking of law enforcement operational areas that may be best positioned to benefit from the use of open source software. Section 5 incorporates survey result graphs that highlight key trends and common themes from the interviews and national survey. These trends and themes are important items for agencies to note and factor into their open source software implementation planning. 2.2.2 List of Top Survey and Questionnaire Respondents The national survey identified four organizations for the project team to contact and learn about their open source software efforts: • City of Garden Grove, California: Led by Director Charles Kalil, Garden Grove has leveraged many open source software products in support of the police department. • City of Largo, Florida: CIO Harold Schomaker often hears of how Largo is cited as a leading adopter of open source software; Largo has the largest use of open source software found in this study of the continental United States. • Pennsylvania State Police Computer Forensics Task Force: Trooper Jon Nelson responded to the national survey and described the ways he was using open source software as the computer forensics task force leader. • Open Source Software Institute: Using Department of Defense funding, Institute founder John Weathersby created an open source based Jail Management System (JMS). Building upon the national survey results, the project team created a set of interview questions to standardize the meetings with each of the four organizations. These interview questions aim more toward best practices and lessons learned in using open source software. Appendix C has a copy of the interview questions that map to sections of this document. 2.3 Phase 3: Site Visits The project team contacted the top four organizations to arrange visits or conference calls to see how their open source software use evolved and to solicit recommendations that these early adopters would pass along to other agencies. The site visits helped the project team narrow the scope of open source packages to those that law enforcement agencies have tested and currently use. The information gathered from practitioners during the site visits also provided the basis for the recommendations and best practices found in later sections of this document. 2.4 Phase 4: Conducting Lab Trials and Building Feature Comparison Matrices Phase Four of this study consisted of a series of lab trials to add first-hand experience with the open source software packages used by law enforcement practitioners interviewed for this study. Using a 2-2
  15. 15. Open Source Software Use in Law Enforcement standard system configuration, project team members installed and examined the features provided by desktop operating systems and open source database applications. The lab trials were not extensive evaluations nor were they intended to show that open source applications provided functionality superior to closed source equivalent programs. Instead, the trials focused on the clarity of the installation instructions, product performance and completeness (based against published descriptions), and flexibility of the software package. Hardware and software compatibility, speed of execution, and perceived ease of use were also evaluated. Section 6 presents some background on and discussion about evaluating the database and operating system software distributions. 2.5 Phase 5: Consolidating Findings and Documenting Study Results The last project phase consisted of consolidating findings, notes, and observations in order to create this document. 2-3
  16. 16. Open Source Software Use in Law Enforcement 3 OPEN SOURCE SOFTWARE It is important that law enforcement agencies develop an understanding of the formal definition of open source software and how the different licensing systems operate. Once they have this basic understanding, law enforcement agencies can begin to separate the facts about open source software from the many misconceptions. 3.1 What is Open Source Software? The following sections provide a brief overview of open source software. Readers unfamiliar with this technology will be able to understand the basic principles that are discussed in greater detail in the remainder of the document. 3.1.1 Key Terminology This document uses a number of terms that are common in the realm of open source software and systems that may not be familiar to all readers. In an attempt to “level the playing field” for readers of all familiarity levels, the following terms are defined at the outset: Open Source Software that requires the distribution of its source code along with the applications. Closed Source Proprietary software that forbids the viewing of the source code or the reverse engineering of the application. Component Blocks of software code that are connected for utility, convenience, or both – not always as a necessity of function. Unlike “traditional” software (Adobe Photoshop, Microsoft Vista, RealPlayer, etc.) that is presented as a unified system, open source software is essentially a series of interconnected pieces. Frequently – though not always – components can be added or removed from software “systems” on an as- needed basis either by the user or by the software provider. Build A software version – frequently used for software under active development. Distribution A software release. Open source software under active development may have numerous distributions, including daily builds. 3.1.2 Types of Open Source Software Open source software is found across the spectrum of software availability. Operating systems, databases, business applications, applets, security and utility programs, education, and games are all available in the open source environment. Open source software runs everything from small notebook computers to large server farms. Open source applications provide desktop environments, calendars, word processing, firewalls, web servers, and much more. The website SourceForge 3 tracks more than 146,000 current open source projects. Although it is not as well known, open source software is prevalent in other environments from the embedded software in sensor systems to cash registers to the flight entertainment computers on aircraft. The benefits of open source software are becoming apparent to many industries. 3 http://sourceforge.net/ 3-1
  17. 17. Open Source Software Use in Law Enforcement 3.1.3 Defining Open Source Software As mentioned above, open source software is software that requires the distribution of its source code along with the applications themselves. It is this factor that makes it significantly different from proprietary or “closed” software. Allowing other programmers to view the source code of an application allows complete insight into its function. Individuals who want to use the software can inspect it for weaknesses or security flaws – whether intentional or not. Frequently, the license provided with open source software allows the application to be modified to suit the needs of other users. This modified application can then be used and, in general, distributed to others for use and further modification. Changes to open source software may have to be returned to a centralized site that controls dissemination of the software, again, depending on the license the software was distributed under. An important concept about the open source approach is that open source software should be thought of as "free" as in "free speech" and not “free food.” 4 According to the Free Software Foundation, free software is a matter of the users’ freedom to run, copy, distribute, study, change, and improve the software. 5 The non-profit Open Source Initiative (OSI) expands upon this definition and stipulates that open source software must comply with the criteria summarized below: 6 • The software must be freely available • The source code must be included • Modifications of the software is allowed • The original source code must be identifiable • The license must not allow discrimination against people or fields of use • Licensing rights need to be consistent to all persons and not require additional licensing • License must not be specific to another product nor restrict other software • The license must be technology neutral In an effort to encourage developers to voluntarily comply with the open source criteria, software distributed with a license that conforms to the OSI definition is allowed to carry a certification mark, OSI Certified, as illustrated in Figure 2. As a sign that this mark has value among academia and industry, this certification mark is seen on software distributed by Apple, Computer Associates, IBM, MIT, NASA, Nokia, and Sun, among others. Figure 2. The OSI Certification Mark 4 http://www.fsf.org/ 5 http://www.fsf.org/licensing/essays/free-sw.html 6 http://www.opensource.org/docs/definition.php - Version 1.9 3-2
  18. 18. Open Source Software Use in Law Enforcement 3.1.4 Open Source Software Licensing The GNU General Public License (GPL) is the most widely used open source license in industry. Its terms are straightforward, and yet there are two commonly held misconceptions that often leave people confused and at risk for making incorrect decisions. The first misconception is that the GPL requires free distribution of both source code and binary code – it does not. The second misconception is that once software has been distributed under the GPL, GPL is the only license under which the software can be distributed. In fact, there are no limits on how many ways you can license material for which you hold the copyright. 7 3.2 Operating System Overview Operating systems are the programs essential to the operation of any computer. The operating system accepts input to the computer, provides for the output response(s), manages data storage on the hard drive and memory chips, allocates tasks to various computer components, and controls nearly all essential computer resources. The components of an operating system often extend beyond what is required, such as controlling and allocating memory, into what is useful in the more robust systems. For example, it is common to include word processing, audio, and video tools; email, and web browsers in addition to the essential hardware and software operating code. In the early days of “mainstream” computer use, people spent time providing instructions to the computer via the command line. The Disk Operating Software, or DOS, that was common at that time allowed users to give the PC simple instructions and receive calculated replies in return. More complex tasks evolved, including rudimentary word processing, database, and simple text-based internet communication. To make the interface a bit more user friendly, a simple color interface was added that, with the aid of a mouse, allowed users to interact quicker and more efficiently with the computer. This Graphical User Interface (GUI) was expanded on machines running Amiga, Apple, or Microsoft Windows 3.1 software. These interfaces allowed a richer interaction with the computer, allowing for the development of WYSIWYG 8 word processing applications, “drag and drop” file manipulation, consistent printer functions across various machines running similar word processors, and a host of other amenities that made the computer more accessible. This interface also allowed the development of some of the first graphical, remote connection discussion groups and chat systems, including AppleLink, the precursor to America Online. Today, computer users are offered a rich GUI with the ability to customize how they work and interact with the machine based on options that the operating system vendor provides or via add-ons that are created to provide for modifications. 3.2.1 Open Source Operating Systems Open source operating systems have traveled a similar development path, from strict command line interface to minor GUI enhancements to full-fledged desktop environments that are fully customizable. The pre-packaged interfaces available on many distributions today allow a great deal of user-defined flexibility. A user seeking more customization is able to add additional packages or adjust ones already in place to suit their needs. As with larger commercial operating system packages, many of the open source operating systems available today install with the ability to identify all of the system’s hardware components, printers, monitors, network connections, web cameras, and other peripherals and have them all up and running at the completion of the installation process. 7 http://www.forrester.com/Research/Document/Excerpt/0,7211,40394,00.html 8 What You See Is What You Get 3-3
  19. 19. Open Source Software Use in Law Enforcement Examples of the most commonly known open source operating systems are: • FreeBSD. The FreeBSD operating system was developed from a derivative of the BSD UNIX operating system created at the University of California, Berkeley. It runs on a wide range of hardware and positions itself as a high-quality, no-cost competitor to larger commercial UNIX systems. FreeBSD can be run both on the workstation and the server. • OpenSolaris. OpenSolaris is a derivation of the code written for Unix System V Release 4. As a project of Sun Microsystems, it has the backing of a large corporation and a foothold in the academic community. • Linux. Linux is the best known of the open source operating systems. Originally looked at as server software, Linux has developed into a full-fledged competitor to Mac OS and Windows on the desktop. Due to its popularity and ease of entry-level use, this operating system was the focus of Noblis research. Appendix D provides descriptions of a number of Linux-based operating systems, along with details of the basics the systems provide and the extras that distributions offer, as described below: • Operating System Basics. Covers the essential material of the distribution, such as kernel information, release date of the distribution covered (Note: distributions can vary widely on content based on release date), supported processors, 9 type of installation methodology, etc. • Networking and Security. Discusses the network connectivity provided, printer interface service, security, and compatibility packages found in the selected distributions. • Programming Tools. Five programming tools were selected that are common to distributions. Two work specifically with the operating system; the remaining three are cross-platform applications that can allow a programmer to write applications useful to Linux and other operating systems. • Desktop/GUI. Provides information on the desktop(s) included in the distribution as well as methods available to interact or modify it. • Applications/Email/Browsers. A small list of representative applications that are packaged with the operating systems that allow for accounting, word processing, instant messaging, email, and web browsing. While none of these applications are essential to an operating system, they allow the user to work immediately after installation by providing the basic framework of applications in common business use. • Databases. The ability to use a database package without spending a great deal of money up front ranks heavily with distribution developers. Each of the distributions reviewed provide a minimum of three database packages that can be selected. • Audio/Video Applications and Services. Additional services that are frequently packaged with an operating system include audio and video applications and services. These allow users to listen to music, watch video files, sort images from a digital camera, and possibly manipulate such files. 9 While some distributions can run on a wide array of processors, we’ve limited ourselves to processors common in servers and desktops. 3-4
  20. 20. Open Source Software Use in Law Enforcement 3.2.2 Support for Open Source Operating Systems It is important to repeat that open source software has a larger degree of freedom than commercial software in the way it is used, modified, and redistributed. However, within this freedom lies a good deal of risk, especially to the mission-critical environment of law enforcement. This is particularly true with open source operating systems. Complex modifications, such as adding a wireless communication component, must be made by persons knowledgeable in software security so that the system is not compromised. The ability to access the latest open source operating system by download or on compact disc (CD) gives nearly any agency the ability to participate and investigate open source systems. At the simplest level, this is an excellent place to start. On a single machine with no impact to the operation, a great deal can be learned by experimenting. The downside is that this option comes with no corporate support. However, for those willing to experiment at this level, there is a robust user community to aid the user when problems arise. 3.2.2.1 Limited Support Assistance For users who require more support, many of the common operating system distributions can be obtained from the developer with a limited support package. Staff may be available by email or phone to assist in the installation and running of the operating system. However, while the developer can typically provide excellent and quick support with issues specific to the operating system, it is important to note they may have little or no experience in dealing with the law enforcement applications the agency is running. 3.2.2.2 Commercial Support Assistance The successful implementations of open source systems that were reviewed on site visits highlighted that while there are many benefits to using open source software, the staff required to make it successful is key. Departments with strong, open source focused technical support staff have few problems implementing their desired systems. Such staffs have the training and knowledge needed to install, modify, and maintain the open source systems. These agencies, while often successful, are not alone in their desire for an open source environment. So how would an agency lacking such technical staff attempt the migration toward an open source architecture? That’s where commercial implementations can be very helpful. The basic code underlying the open source operating systems provided by vendors such as HP, IBM, Novell, Red Hat, and others is the same as the code that can be downloaded and used for free. Enhancements to the software – including fault tolerance and automatic rollover – are services that these companies can provide to paying customers. In combination with the enhancements, extra services that these companies offer may make them a desired partner in implementing open source software at enterprises that lack specific technical expertise but have adequate financial resources. HP can provide its customers with both the hardware and the software necessary to implement an open source environment. The Linux distributions they offer are certified by their engineers to function on specific hardware, and the company will put its full support infrastructure behind it. They can provide a “one-stop shop” of consulting, engineering, hardware, software, and support all under a single well- known entity. IBM provides technical services to customers that are interested in an open source environment based on their long history in this environment. While IBM is well known and well regarded in “mainstream” computing, they have also invested heavily in the open source community – claiming more than a $1 billion investment in Linux development alone. 10 They also participate currently in over 120 different open source projects and have released 500 of their technology patents to a “patent commons” where 10 http://www-128.ibm.com/developerworks/opensource/newto/#1 3-5
  21. 21. Open Source Software Use in Law Enforcement developers can make use of the patented material for open source applications without concern of patent infringement. 11 Novell also participates in a number of open source projects using their vast corporate resources. They guide the development of the openSUSE Linux distribution while providing the SUSE Linux Enterprise to paying customers. Novell’s consulting, engineering, training, and support services add to their appeal as a for-fee partner to novice open source users. Red Hat, providers of the free Fedora open source operating system, also provides enhanced enterprise- level packages designed to run both client and servers. They can provide the Red Hat Application Stack that combines their Enterprise-class operating system, application server, open source databases, and web server to interested parties. Consulting, engineering, training, and support are additional services that make Red Hat a frequent partner for entities that want to implement an open source architecture. The extra services these companies offer, while at a cost, may be enough to aid a law enforcement agency in convincing their public oversight body(ies) that moving down the open source path is not only cost- effective in the long run, but it is safe to do so under the guidance of professional technicians backed by multi-national corporations. 3.2.3 Linux Introduction The most popular open source operating system is based on UNIX or the derived Linux, commonly referred to as *NIX. While other operating systems are open source, none have the market share of the *NIX variations. This is reflected in the survey that was conducted during this research – where all respondents using open source operating systems used the Linux operating system or a proprietary operating system with open source elements running on top of a proprietary operating system. The Linux operating system was developed by a team under the guidance of Linus Torvalds in the early 1990s. This still-evolving operating system allows a high degree of flexibility for the technically inclined. Anchored by a central kernel, the operating system can be bound to various drivers, utilities, and applications – all at the developer’s discretion. The stability and speed of the kernel, combined with the correct packages, can result in a small, fast, and highly reliable operating system geared toward a specific enterprise. 3.2.4 Popular Linux Distributions No recognized source exists that can definitively list the most “popular” Linux distributions, but an effort has been made at a tentative listing. As provided by DistroWatch, 12 a review of download habits, user groups, and support boards suggests a potential list of the most “popular” Linux distributions: • Ubuntu: Ubuntu – the most recent of the “popular” distributions – claims its origin from an ancient African word, meaning "humanity to others.” This distribution, available since October 2004, is based upon Debian Linux and utilizes the GNOME desktop. A key goal that drives the development of the software is that the “software should be available free of charge, that software tools should be usable by people in their local language and despite any disabilities, and that people should have the freedom to customize and alter their software in whatever way they see fit.” 13 The project is underwritten personally by Mark Shuttleworth, the founder of security company Thawte, which he sold in December 1999. 11 http://www-128.ibm.com/developerworks/opensource/library/os-sutorinterview.html 12 http://distrowatch.com/dwres.php?resource=major 13 http://www.ubuntu.com 3-6
  22. 22. Open Source Software Use in Law Enforcement • Mandriva Linux: Continuing in the international vein, Mandriva Linux is an open source operating system based in France that was developed in 1998. Mandriva claims a large and active developer group that allows it to generate “Cooker Snapshots” – temporary yet stable releases of the operating system that are made available twice a year. • OpenSUSE: OpenSUSE is the publicly collaborated version of Novell’s open source operating system. Available since the early 1990s, this distribution began in Germany and was based on a German language version of Slackware Linux. In the early 2000s, the software was acquired by Novell and branched into both a free, open source version and an enhanced enterprise version. Both versions have been highly regarded in trade journals as this distribution has found its way into many differing environments. • Fedora Core: Fedora Core is the community-based operating system guided by Red Hat, which also maintains a commercial version of open source software. This publicly developed software is a continuation of Red Hat Linux, which was discontinued in 2003 in favor of the Enterprise version of the software. Due to the popularity and wide base that Red Hat Linux had obtained, Red Hat allowed the project to continue under the Fedora nameplate, a nod to the hat worn by Red Hat’s iconic “Shadowman.” • Debian: The Debian operating system has been available since mid-1993 when the first distribution was released by Purdue University student Ian Murdock. Based on the objectives of the GNU Project, this operating system has continued to grow and enjoy a very active developer community. Debian currently claims in excess of 15,000 precompiled packages available for inclusion in their system. In addition to Ubuntu, Debian has also spawned other “children,” including, Xandros, Knoppix, Damn Small Linux (a very compact OS), and Linspire. 3.3 Misconceptions about Open Source Software In order to take advantage of the benefits of open source software, agencies must understand the facts behind the media-generated misconceptions about open source software. These misconceptions include cost, end-user responsibility, and scalability factors, as well as the readiness of the open source software to perform mission-critical applications. • Open Source Software Is Free. The most common misconception about open source software is the cost. Open source software is provided, with its source code, free of charge to the end user. As defined by the Open Source Initiative, “The license [of open source software] shall not require a royalty or other fee for such sale.” 14 The definition does not provide a guarantee that the software will be of use. The need to have assistance in software installation, hardware compatibility, training, and maintenance all can prove costly. Depending on the complexity of the project and the capabilities of the staff, implementation costs of (an) open source component(s) may be absorbed within the agency’s current structure or may require external, for-fee, support. • Open Source Requires a Lot of Effort from the User as the User Has To Return Something to the Community. Whether you have to return something to the community depends on the license of the software and how you use it. Not all open source licenses require you to return patches and improvements. Other licensing agreements either encourage or require that modification made to the source code be contributed to a common repository for the benefit of other users. 14 http://www.opensource.org/docs/osd 3-7
  23. 23. Open Source Software Use in Law Enforcement • Open Source Development Is Something New. Open source software is actually as old as computing itself. Academic labs routinely created computer code and passed it on to other labs in a cooperative effort. This cooperative environment has been credited with the success of the Defense Department’s ARPANET, the precursor of today’s internet. 15 • Open Source Developers are Hobbyists and Students. Developers of open source software include hobbyists and students, most of which have a very strong interest in computer science and work to develop the finest programs possible in a cooperative environment. A study done by the Boston Consulting Group 16 found that more than 45 percent of those participating in open source projects were experienced, professional programmers, with another 20 percent being system administrators, IT managers, or academicians. The study also revealed that over 30 percent of these programmers were paid by their employer to develop open source software 17 indicating that corporations devote substantial programming assets to open source development. • Open Source Software Is Low Quality. A number of open source applications have been recognized as being of the highest quality. The Apache web server is the predominate web server application in use world-wide while the Firefox web browser routinely scores comparable to, or ahead of, Microsoft’s Internet Explorer. As another indicator of quality and acceptance in the corporate environment, Dell has begun selling computers with the Ubuntu operating system. Additionally, anyone concerned about the quality of open source software can examine the computer code behind it (or task someone else to do it) since the code behind the software is readily available. 3.4 System Architectures: Closed Source, Open Source, Hybrid Open source software can support various types of system architectures. This section presents three system architectures and the benefits and issues associated with each. Information system architectures typically consist of tiered components that provide services to a community of users. While many law enforcement agencies have invested in proprietary, closed source solutions, such as Microsoft products, the national survey results and site visits revealed that a growing number of agencies have some degree of open source software use. 3.4.1 Closed Source Architecture Outside of the law enforcement specific functions, such as dispatching and records management, 80 percent of law enforcement systems support basic office activities such as e-mail, word processing, and data entry and retrieval. A small to medium-sized police agency would typically have the architecture shown in Figure 3. 15 http://www.unesco.org/webworld/portal_freesoft/open_history.shtml 16 http://www.bcg.com/opensource/BCGHackerSurveyOSCON24July02v073.pdf 17 http://www.bcg.com/opensource/BCGHackerSurveyOSCON24July02v073.pdf 3-8
  24. 24. Open Source Software Use in Law Enforcement Figure 3. Typical Small to Medium-Sized Agency Closed Source Architecture Figure 3 illustrates an architecture that has three main tiers: User, Application, and Network • User Tier: This tier refers to the workstations and end-user applications. Basic office functions such as report-writing, time-sheet accounting, and data-entry interfaces operate off this tier. Small and medium agencies typically use the version of Microsoft Windows included in the purchased workstation package. However, open source desktop operating systems present a mature alternative for performing the same basic office functions. • Application Tier: The application tier in this case groups the email, server-based programs, and the database together. Workstations in the User Tier access applications and data sources found in the Application Tier. Mature open source application-tier products are available for this tier, which includes database, email, and web server packages. • Network Tier: This tier refers to the underlying network components that tie together the backbone of the information system. The Largo Police Department and the Garden Grove Police Department are just two examples of small agencies that use open source for network routing and firewall protection. An architecture based on closed source software provides a number of benefits and issues, as many agencies realize. The benefits come from a large, established base of users in the law enforcement community. Agencies using the same vendor product can often send files and data seamlessly, reducing the need for interoperability conversion. Closed source software products also benefit from having a wide base of training courses and existing work products available to current users. Although the benefits seem attractive, agencies have recently found that closed source software creates a dependency on a particular vendor that can lead to problems if the vendor imposes a proprietary format to their systems. As a result, sharing information among different vendor packages becomes difficult and possibly expensive due to the need for developing customized interfaces. Closed source software may also require more advanced technical knowledge that further locks an agency into a single vendor’s proprietary format. 3.4.2 Open Source Oriented Architecture Although it is not practical to only use open source software in a system’s architecture, since a completely open source based environment could face interoperability problems with the Microsoft proprietary file formats used by other jurisdictions, cities such as Largo, Florida, have created a variation of the typical law enforcement architecture that uses more than 50 percent open source products. Largo developed the architecture shown in Figure 4. 3-9
  25. 25. Open Source Software Use in Law Enforcement Remote Desktop Email Server City Hall Server Internet Filtering Router Firewall Application server Public Web Thin Client Server Workstations Database Server Figure 4. Thin Client Architecture A system architecture with a majority of open source components provides similar services as the typical closed source based law enforcement architecture. For Largo, remote open source desktop operating systems on thin client workstations reduced the user tier administration needs and therefore reduced the amount of supporting administrative labor. The consolidated open source desktops also allowed for central data backup, patch management, and application version control mechanisms. The client can rest alongside the terminal or be mounted out of the way, as no user intervention is needed. Figure 5 shows Largo’s set up on a training station and the internal components of this compact unit. Figure 5. Largo Thin Client Device Agencies looking toward an open source based architecture need to consider both the benefits and the possible issues associated with making such a move. Open source software components do offer lower financial barriers due to the initial acquisition, licensing, and update costs. Practitioners cite the large development community that often offers support and responses to product problems in less time and for less cost when compared to similar closed source software support. Using a primarily open source based architecture can introduce problems with exchanging information with outside systems that may require proprietary file formats and protocols. Due to the installed base and extensive home use of Microsoft 3-10
  26. 26. Open Source Software Use in Law Enforcement products, users may be unfamiliar with the open source interface and be resistant to learning a different computing environment. Even though a large development community exists, an open source based architecture will also require advanced technical knowledge due to the need to interface open source programs with external closed source systems for sharing information. 3.4.3 Hybrid Architecture Many agencies approach leveraging open source in a hybrid fashion using Microsoft components along with other components. Users in Garden Grove, California, have Microsoft Windows desktop workstations that interact with open source application hosts. Although they do not use the thin client with remote open source desktop approach, Garden Grove leverages the PostgreSQL database, Scalix email, and open source software development tools. The hybrid environment accommodates police department users and other city agencies that may be familiar with a Microsoft Windows environment while providing open source application and network components to city IT specialists at an affordable cost. According to survey results, police agencies around the country – finding themselves with less grant funding and limited budgets – are conducting similar hybrid pilots of open source components; for example, piloting open source office productivity suites and open source web servers. Figure 6. Hybrid Open Source and Closed Source Architecture The hybrid architecture presents agencies with the ability to leverage the advantages of both open source and closed source software. Targeted use of open source software provides the cost benefits while minimizing the need for extensive end-user and administrator training. Workstations using Microsoft operating systems that front-end open source based databases, application servers, and network devices leverage bundled software and make using open source software almost invisible to end users. A hybrid approach allows a gradual transition to using open source software in place of closed source applications in typical business functional areas such as web browsing, document processing, and even email services. The hybrid approach does increase the complexity of the agency architecture, which may require a broader mix of skills from the IT support staff. Adopting a hybrid architecture would also require an agency to ensure the closed- and open source software components meet the same level of stability, security, and performance set by internal IT policies. With this basic understanding of open source software now established, Section 4 addresses its applicability within the law enforcement community. 3-11
  27. 27. Open Source Software Use in Law Enforcement 4 OPEN SOURCE SOFTWARE – IS IT APPROPRIATE FOR LAW ENFORCEMENT? Many agencies currently use some form of closed source software, with Microsoft as the biggest vendor. Introducing open source software causes concern for sharing information and interoperability with existing closed source software files. This section presents a business case analysis model that can be used to evaluate open source. The analysis model is followed by a brief discussion of the financial factors and the section concludes with a discussion of the challenges for the adoption of open source. 4.1 The Business Readiness Review for Open Source Model Organizations that are considering using open source software should use a formal methodology to evaluate the suitability of open source software for their business needs. The methodology should require that weights be assigned to criteria to assess the suitability of a particular open source software package within the organization. In the evaluation of open source software for law enforcement, it is important to consider the business environment, as well as the readiness of open source software for law enforcement applications. For purposes of this study, the team performed a variation of the business case analysis model used by the MITRE Corporation to assess open source software within the Department of Defense (DOD) in the A Business Case Study of Open Source Software. 18 The MITRE report conducted strength, weakness, opportunities, and threats (SWOT) analysis. For the open source analysis, a Political, Economic, Social, and Technological (PEST) analysis was also conducted prior to the SWOT analysis. When this is done, the PEST analysis provides an assessment of the business environment. The output of the PEST analysis is an assessment of the open source market. 4.2 Political, Economic, Social, and Technological (PEST) Analysis Figure 7 contains the results of the PEST analysis. The table represents a list of the factors that were considered for a business assessment of the use of open source software within law enforcement. Political Economic • Agency willingness to change • Hardware, licensing, and support costs • “Don’t break it under my watch” • Migration and training costs • City/county/state pressure • Hardware comes with pre-installed software Social Technological • OS interface different than what users are • Integration with law enforcement environment familiar with • Staffing and skill sets • Change management—users resist change • Product maturity • Perception of cheapness Figure 7. PEST Analysis 4.2.1 Political Political factors can have a direct impact on the way law enforcement agencies operate. In some agencies, such as Sheriff’s departments, the agency head is elected. In addition, the agency may be overseen by the 18 http://www.mitre.org/work/tech_papers/tech_papers_01/kenwood_software/kenwood_software.pdf 4-1
  28. 28. Open Source Software Use in Law Enforcement state, county, and/or municipality in which the agency resides. In this case, the law enforcement agency is typically reporting to an elected official. • Agency willingness to change. Those in charge of the law enforcement agency infrastructure must be willing to consider moving to open source software. • “Don’t break it under my watch.” Law enforcement agencies can be headed by an elected official who must sign off on IT infrastructure changes. These officials may be reluctant to support a change to open source software for fear it may not work. • City/county/state pressure. The governing organization within which the law enforcement agency resides – as well as any higher level jurisdictional organizations – may exert pressure on the law enforcement agency. This pressure could be to move towards adoption of open source software, to move to another non–open source software solution, or to keep the current environment. 4.2.2 Economic As previously stated, open source software is not necessarily free, and as such, the expenditures should be weighed against other operational costs such as vehicle and equipment purchases and maintenance. Examples of some open source costs to consider are: • Hardware, licensing, and support costs. Some or all of these costs may be sunk costs that extend forward such as previously purchased annual maintenance fees for legacy software and hardware. A change to open source could necessitate walking away from these costs or paying early termination fees. • Migration and training costs. Changing to a new application may require data migration. It may also require user and/or support staff training. • Hardware comes with pre-installed software. Hardware purchased from vendors can come with pre-installed applications. 4.2.3 Social Implementation of any new software application has social implications within an agency. The social factors to be considered include how the officers and administrative personnel respond to the software. • OS interface different than what users are familiar with. Users may be familiar with other software from using it either at home or at another law enforcement agency. • Change management. People are resistant to change. They become comfortable with “status quo” and are reluctant to change. • Perception of cheapness. People have the perception that open source is free and has less capability than commercial applications. There can be a perception that the law enforcement organization is not willing to spend the funds required to help officers and law enforcement staff perform their jobs. 4.2.4 Technological Technological factors to be considered relate to interfaces that the law enforcement agency must maintain and the capabilities of the employees who will maintain and use the software and hardware, as well as the maturity of any new software applications. 4-2
  29. 29. Open Source Software Use in Law Enforcement • Integration with law enforcement environment. The open source software may not be able to integrate easily with other agencies within the jurisdiction or with other local/state/national organizations. • Staffing and skill sets. Changing to open source software may require a change to the number of staff supporting IT. This could be a change either up or down. In addition, depending upon the platform that the open source software runs on, staff with other skill sets may be required. In addition, if the agency plans on taking advantage of open source software and making application changes, programming staff may be required. • Product Maturity. The open source solution may not be as mature as a commercial product. This can potentially result in more frequent software updates as new releases are made. It can mean that there has been less time to build interfaces with other related products. 4.3 Strength, Weakness, Opportunities, and Threats (SWOT) Analysis The SWOT analysis (see Figure 8) builds on the results of the PEST analysis. This SWOT analysis incorporates consideration of three categories of open source software that can be utilized within law enforcement. The first category is open source software that is used to support the overall IT infrastructure. Software included in this group includes operating systems and relational database management system (RDBMS) software. The second category is open source application software that can be used within any business environment, such as OpenOffice. The last category is law enforcement specific open source software, such as jail management, records management, and computer aided dispatch software. Strengths Weaknesses • Less reliance on a single vendor • Lack of technical support • Lower costs • Microsoft-accustomed users • Development community size • Lack of open source applications • Quick release rate • Hard to originate Opportunities Threats • Replace legacy software with open source • Lack of training • Reuse older legacy hardware • Lack of patches, updates, and documentation • Ability to choose support vendor • High life cycle costs • Opportunity to develop specialized applications • Lack of compatible applications Figure 8. SWOT Analysis The following SWOT evaluation categories are applicable to each of these software categories. However, the criteria are not equally applicable to each open source software category that can be found within law enforcement. When a factor is not equally applicable, it is noted in the discussion. The results of the national survey illustrated in Figure 9 and Figure 10 were used to help construct the SWOT analysis. The responses to Figure 9, Reasons to Use Open Source Software, are included in the Strengths and Opportunities sections of the SWOT analysis. Figure 9 indicates that a majority of law enforcement agencies see lower costs and reduced reliance on a single vendor platform as the driving factors for using open source software. The emphasis on lower costs and diversification of technology platforms shows the reality of agency budget constraints, as well as the importance of not relying on a single vendor platform. Fewer respondents expressed any interest in reusing older hardware or replacing legacy software with open source solutions. The lack of interest in both areas may be due to a lack of awareness of what 4-3
  30. 30. Open Source Software Use in Law Enforcement functions open source software can provide and a lack of technical resources to implement an open source solution. Survey Results: Reasons to Use Open Source Software 9% 28% 8% 17% 38% Open Source Applcations Replace Legacy Software Re-use of Legacy Hardware Less Reliance on a Single Platform Vendor Lower Costs No Response Figure 9. Survey Results on Reasons to Use Open Source Software The responses to Figure 10, Reasons Not to Use Open Source Software, are included in the Weaknesses and Threats sections of the SWOT analysis. In addition to the factors from the national survey, factors identified during conversations with law enforcement agencies were included in the SWOT analysis. Figure 10 shows that two major weaknesses of open source software perceived by law enforcement agencies are that users are accustomed to Microsoft products and that there would be a lack of technical support for open source software. A lack of training and operating system applications were the next two areas of concern. The results are not surprising as most new computer systems have a Microsoft software distribution included in the package. The concern over the lack of technical support applies more to the smaller, non-commercialized applications that are not supported by an established organization. Major open source products such as Red Hat, PostgreSQL, and SUSE Linux all have support packages available that include updates, help desk support, and documentation. 4-4
  31. 31. Open Source Software Use in Law Enforcement Survey Results: Reasons Not to Use Open Source Software 16% 7% 12% 26% 21% 18% High Lifecycle Costs Lack of patches, updates, and documentation Lack of Tech Support Lack of Training Microsoft Accustomed Users Lack of OS apps Figure 10. Survey Results on Reasons Not to Use Open Source Software 4.3.1 Strengths From the national survey and site visits, practitioners across the country cited several benefits to using open source software. The benefits provided additional functionality and flexibility that the surveyed agencies could not attain with closed source software. The Strength evaluation category contains consideration factors related to the strength(s) of open source versus commercial software. • Less Reliance on a Single Platform Vendor. Police agencies responding to the survey indicated that they prefer not to be dependent upon one hardware or software vendor. A majority of agencies using open source software reference the reduced reliance on Microsoft-based applications and functions. Open source alternatives allow cities like Garden Grove, California, to store large amounts of data without having to pay licensing fees on the scale of a comparable Microsoft database package. Software upgrades, patches, and automated scripting functions are all available to agencies, often at no cost. The open source community also provides non- proprietary tools that allow agencies to move data from one form to another as open source vendors adhere to open standards that do not favor any particular platform. • Lower Costs. Open source software typically has lower acquisition costs than commercial software solutions. Agencies with limited available funds may be able to take advantage of the cost savings. Most open source software packages have low initial acquisition and update costs. Some opponents of open source will cite the example that replication and fault-tolerance functions for open source database packages cost money and require a certain level of technical skill. However, the majority of the surveyed agencies that use open source do not have the need for such advanced features and functions. Open source software packages often operate with less 4-5
  32. 32. Open Source Software Use in Law Enforcement intensive hardware requirements, which allow agencies to leverage older systems that may otherwise have no daily operational use. • Development Community Size. Open source, as a whole, has a large community of developers. SourceForge 19 has more than 130,000 registered open source products and more than 1.4 million registered users. This web site provides an open source software repository, open source development tools, and hosts open source development projects. • Quick Release Rate. Within certain open source categories, releases and patches are made more frequently than in commercial software. For example, between October 31, 1994, and November 8, 2004, there were 43 releases of Red Hat Linux. MySQL had 28 releases of MySQL 5.0 between December 22, 2003 and September 15, 2006. 20 4.3.2 Weaknesses This evaluation category contains consideration factors related to the weakness(es) that open source software has versus commercial software. • Lack of Technical Support. Users want someone accountable for the software they use. It is important to them to be able to call the software vendor for help when needed. They do not want to have to rely on a community of developers to help resolve any issues. • Microsoft Accustomed Users. Computer users are less familiar with open source software than with the commercial – often Microsoft-based – equivalents. Often commands and pull-down menus are in different locations and use different terminology. • Lack of Open Source Applications. There are few options for law enforcement specific applications. This means that for a given product type there is only one supporting application, if any at all. For example, there is a single Jail Management System. This means that agencies purchasing software are limited in their ability to find open source solutions that meet their requirements. In addition, some software is only open source for the base package. These packages require that additional funds be spent for advanced features. • Hard to Originate. Open source software offers the greatest power when it has an open source community supporting it. Until that time, the product is dependent upon the initial developers for enhancements/upgrades. It takes time to build the level of interest in an open source application and have a correspondingly large user community. While it is relatively easy to write code and promote it as open source, it is difficult to originate and grow the open source application to the point of having a supporting open source community. 4.3.3 Opportunities This evaluation category contains consideration factors related to the opportunities to be gained by the adoption of open source software. • Replace Legacy Software with an Open Source Solution. Open source forums such as SourceForge have a large registered user base. This user population presents a large number of potential developers from which to find others with an interest in collaborating on a software project. Specific to law enforcement, SourceForge has 79 registered projects that are related to 19 http://www.sourceforge.net/index.php 20 http://dev.mysql.com/doc/refman/5.0/en/news.html 4-6
  33. 33. Open Source Software Use in Law Enforcement law or police that are under development. This represents an opportunity to replace a legacy software solution with open source software. • Reuse Older Legacy Hardware. Police agencies may have hardware that is no longer able to run current commercial software. This hardware can often be used to run an open source solution. Garden Grove, California, reused legacy hardware to run an open source firewall solution. • Ability to Choose Support Vendor. There are number of open source support vendors available to choose from. This provides open source adopters with choices based upon price, hours of support, and product rather than being locked into a particular vendor. For example, there are 436 support vendors for Linux as identified at FindOpenSourceSupport.com, 21 a website devoted to helping identify open source support vendors that meet an agency’s criteria. • Opportunity to Develop Specialized Applications. The law enforcement specific open source market is largely untapped. Of the 79 registered law enforcement projects at SourceForge, only 2 have reached the point of having a downloadable product. One of these projects is Foremost, 22 an application to help with computer forensics. The other, Tickets, is a computer aided dispatch application that is still under development but has sample screen shots and background information available for download. This leaves a wide market available for law enforcement specific applications. 4.3.4 Threats This evaluation category contains consideration factors related to the risks or threats that may be introduced by the adoption of open source software within an agency. • Lack of Training. Open source software typically does not come with the same level of training available as a commercial product. Many commercial products come bundled with user manuals. Often open source is supported through blogs (a user-generated website where entries are made in a journal style with questions and answers). This format makes it more difficult for law enforcement personnel tasked with training staff on or maintaining an open source solution. • Lack of Patches, Updates, and Documentation. Lack of patches, updates, and documentation is similar to the lack of training. As well as having limited training options, some of the more specialized open source applications may also have limited patch, update, and documentation support. • High Life-Cycle Costs. Specialized or customized open source solutions may not have a wide installation base. If an agency requires new or modified functionality, they may be required to implement it themselves. There is a cost in time and effort to the agency to do this that may be higher than that associated with a commercial application or more widely used open source solution. • Lack of Compatible Applications. With the general lack of law enforcement specific open source software, as applications are developed, they may initially be implemented on a particular operating system and database. If the organization’s standard operating environment for hardware and software differs from the one used for the new open source application, the new system will be incompatible with the agency’s environment and support infrastructure. 21 http://www.findopensourcesupport.com/ 22 http://sourceforge.net/projects/foremost/ 4-7
  34. 34. Open Source Software Use in Law Enforcement Based on the PEST, SWOT, and national survey results, law enforcement agencies that chose to invest the time and technical resources can leverage the benefits of open source software in specific application areas. Section 5 will present examples of open source applications currently used by law enforcement practitioners. 4.4 Considerations for Adopting Open Source Although there are many things to mull over when pursuing open source solutions, three areas – costs, transitional/environmental impacts and organizational politics are very important to consider. 4.4.1 Financial Considerations Cost is often cited as the driving factor for both proponents and opponents when discussing open source software. It is true that many fine open source applications can be downloaded for free either as the source code itself or in a compiled format. It is also true that more elaborate open source applications need additional resources to reach their potential. Printed manuals, classroom training, or consultants may be required to fully implement more complicated open source software. It is possible that while the software itself is free, the cost of installation, setup, and support would rival that of an existing commercial closed source system. Also, many organizations have been quick to find out that various add-on components for such functions as fault tolerance, backup/recovery, and scalability can quickly drive the cost up. Vendors in the open source market have known that packaged services such as these are critical to many of the mission-critical applications used by law enforcement. Thus, it is important that the total acquisition cost – including the cost of the software/licenses and the value-added services – be well understood before the purchase decision is made. Providing a thorough Total Cost of Ownership (TCO) and Return on Investment (ROI) analysis of the open source software identified as a result of this study, is beyond the scope of this document. The number of variables that must be enumerated and the number of situational combinations do not allow for such an analysis. The cost of software, customization, internal and external IT support, training, and hardware conversion are among the many potential cost factors. 4.4.2 Transition/Environmental Considerations Standard open source products usually do not come with packaged training and reference material. Thus, an organization may have to allow for additional hands-on training as a way to build familiarity with the product. This approach will inevitably result in lowered productivity for a period of time since it will take time for staff to learn the new system. The standard operating environment in which the open source software is installed should also be carefully considered. The addition of open source products could change operational functions such as back-up and recovery as well as hardware and software maintenance. Database compatibility issues can be a major source of problems when considering the shift to an open source database. While many applications have the ability to transfer data via an open database connectivity (ODBC)-compliant protocol (or similar), other applications have their data essentially “locked” in a proprietary code. These proprietary databases may be accessible with the assistance of a vendor, or the data may be unavailable for use outside of the application that references it. Compatibility among the hardware and software components is also essential. This is especially critical if older software needs to communicate with a new product. A thorough evaluation of compatibility needs to be performed before a decision is made to commit to use open source software. Hardware is less of an 4-8
  35. 35. Open Source Software Use in Law Enforcement issue in many circumstances, as many open source applications can run on less than their proprietary counterparts (if available). This ability to prolong the life of equipment is one of the key benefits to open source systems. Staff training, experience, and desire or resistance to learn something new – essentially change management – is another environmental variable that needs to be addressed. Some users are accustomed to specific computer functionality and altering it, even if it enhances the users experience or performance, can be met with suspicion if not outright defiance. Others embrace change. A strong factor that influences the staff direction is the way change is managed. Including staff early in the decision-making process when possible and providing them with frequent and accurate situational updates will go a long way to getting the necessary buy-in. 4.4.3 Political Considerations It is not uncommon for a law enforcement agency to have its IT program run by another part of the community government. In these cases, a department wishing to change or implement something new within their internal data system may need authorization, or at least cooperation, from another entity. Normally, IT departments have support agreements for the legacy applications and equipment. Licensing agreements in place before a change to open source software may effect the switch to new applications. Prepaid agreements may not be able to be cancelled, which would provide an incentive to stay with the status quo. Furthermore, the introduction of a new open source application may require new agreements or different support structures, which could have policy implications. Thus, it is important that these considerations be addressed early in the acquisition process. Last, the misunderstanding of the role and value of open source applications/systems is another potential political misstep. Some staff may see it as a way for the municipality to “work on the cheap” and provide them with a perceived lesser product. No one wants to feel that their job does not require the best of tools. Here again, educating the staff on the goal, reasons, and anticipated outcomes will go a long way to dispel such feelings. 4.5 The Adoption of Open Source The following sections address the challenges that open source face within the law enforcement community as well as the areas of change that are needed to facilitate the adoption of open source software. 4.5.1 Challenges for Open Source The national survey results show that a large group of respondents would deploy specific open source applications and network components. Survey results in Figure 11 show this complex mix of feelings toward open source. Roughly the same percentage of respondents would replace various proprietary components with open source equivalents as those agencies who are not interested in deploying open source software. The lack of strong interest in using open source software would seem to reflect a general concern regarding the benefits of open source software, as well as the perceived value in using established closed source software products. Open source software, however, continues to mature in a growing number of areas that has attracted the attention of law enforcement groups, such as the International Associations of Chiefs of Police (IACP) and the National Sheriffs’ Association (NSA). Between constrained budgets and growing IT needs, more law enforcement agencies may start considering open source alternatives. A large portion of survey respondents (see Figure 12) cite application interoperability as a concern in using open source software. Although tools such as OpenOffice can read and write documents that, for the most 4-9

×