Can the civil society campaign for making any governmental app or software mandatorily open source to increases accountability?

I had been mulling over this after learning how the Aarogya Setu app’s source code wasn’t made public for security researchers to test upon. Can we campaign for such a legislation to be passed where every (or, any majorly contested app like Aarogya Setu) governmental app or software’ source code is mandated by law to be made public before rolling them out?

I understand that this conflicts with many present conditions. Arguments could be made on how other apps and software managed by private entities aren’t open source so why are we singling out statist apps and calling out for such an intervention.

I figured it was worth giving a thought. Would love to hear anyone’s opinion on this.

6 Likes

Can we campaign for such a legislation to be passed where every (or, any majorly contested app like Aarogya Setu) governmental app or software’ source code is mandated by law to be made public before rolling them out?

I think this is a fantastic idea. Three steps forward, for transparency, security and open-source.

Arguments could be made on how other apps and software managed by private entities aren’t open source so why are we singling out statist apps and calling out for such an intervention.

Because they aren’t mandatory. No one is forced to install Facebook or Telegram, or use Razorpay, but there is a government mandate asking citizens to install AS.

For me (layman) it seems like an extension of the right to understand what I am consenting to.

5 Likes

The CSIS (Center for Strategic and International Studies) maintains a list of worldwide open-source adoption by Governments.

Argentina had such a legislation, but failed to pass the bill when in expired in 2002.
While a campaign like this would be plausible, I think we have to study the successes and / or failures of such bills in respective parliament.

The other discussion that always comes up in this context is the right-to-repair. Which ties into open source, open hardware, openAPIs and open specs.

I think if we can phrase it :

  • From the angle of Open Governance in a broad sense (harder, since lots of ambiguity and domain specific arguments to keep things closed)
  • Campaign specifically for making a particular app (ArogyaSetu) open source.

The later I think has a higher chance to succeed since good intentions are being claimed behind the app, and the argument of “If the app has nothing to hide, make it transparent” will have a lot of public appeal.

Small wins to build up momentum towards a larger change.

5 Likes

Here’s Security Researcher Riddhi Shri analyzing the app

And the Kaarana session on the app’s behavior:

3 Likes
3 Likes

And they have released it on GitHub finally! They are also holding a press conference for the same today - I wonder why!
AarogyaSetuSourceCode

What is the probability that they have watered down the code before release? I recall there was a package update a few days back.

1 Like