Högskolan i Skövde

Within the European Union and other jurisdictions, government agencies are required to make digital offerings like websites, apps, or documents accessible such as by following the recommendations of the Web Content Accessibility Guidelines (WCAG). Using websites of Swedish public sector organizations and automated accessibility checking tools, we both assess to which degree those websites achieve the legal requirements and which limitations the used tools have. Our results show that the median number of unique violated success criteria is only two or less for most tools, but the tools cover only one sixth of all WCAG success criteria. Tools differ in their assessments due to several reasons, such as the size and complexity but also inconsistency of WCAG and related documentation (‘techniques’), and typical software engineering problems in the corresponding implementations. To improve the coverage and quality of tools we suggest the incorporation of scientific knowledge, for example on readability testing, and the creation of a benchmark suite similar to those in related fields like PDF/A validation.

Technological progress poses unique challenges for the public sector. New technology should be adopted, but it must always be done within the framework of good administration. It follows laws governing public administration must be continuously adapted. Sweden recently amended its secrecy legislation to facilitate the use of third-party cloud solutions by public authorities. When the amendment was enacted, most public sector organisations had already been using external cloud solutions for a long time. Today, there is as much pressure on authorities to implement AI technology as there ever was to move administration into the cloud. This paper uses traditional legal methodology to investigate if the Swedish secrecy legislation adequately enables the use of cloud-based GenAI solutions. Findings indicate that the recent amendment is likely insufficient and that there are significant practical hurdles for the application of the law, particularly with services from global cloud providers. The paper contributes to the understanding of Swedish law, and of the difficulties that can occur anywhere when policy makers and legislators do not move in tandem.

Context: The adoption of Open Source Software (OSS) in Public Sector Organizations (PSOs) is on the rise, driven by benefits such as enhanced interoperability and transparency. However, PSOs encounter challenges stemming from limited technical capabilities and regulatory constraints in public procurement.

Objective: This study, based on a registered report, explores the organizational aspects of development in public sector OSS projects, i.e., projects initiated, developed, and governed by PSOs. We conjecture that the development diverges significantly from the commonly adopted bazaar model, wherein development is carried out collaboratively within a broader community.

Method: A purposefully sampled set of six public sector OSS projects was investigated using mixed-methods and compared with previously reported cases of bazaar OSS projects.

Results: Among the cases, we note that most (80%) of development efforts typically involve a small group of developers (<15) and rely on formalised processes. Developers are commonly procured from national and local service suppliers. Projects are planned top-down by involved PSOs with funding and contributions to development enabled through centralized or decentralized sponsorship. Projects with a centralized sponsorship have one or a few main PSOs funding the major part of the development. Decentralized sponsorship implies multiple PSOs being mutually dependent on each other to pool the necessary resources for the development. All OSS are reported as being of high quality despite limited size and contributions from their communities.

Conclusions: Findings suggest that public sector OSS projects deviate from the typical bazaar model, highlighting the need for tailored approaches to address challenges and solutions specific to their context. 

The importance of standards, and especially ICT standards, in the IoT domain is widely recognised. Implementations of standard specifications provided as Open Source Software (OSS) promote interoperability and longevity of systems and create conditions for avoiding lock-in, and industrial involvement is important since it can affect community dynamics and will to contribute. The overarching goal of this study is to characterize the industrial leadership and involvement in the LwM2M (Lightweight machine to machine) ecosystem. Specifically, the main focus of the study is on involvement with OSS projects implementing LwM2M elements by individuals who cooperate in projects that implement or use the LwM2M standard in their projects. This can be done by analyzing the commits to the git repository, the bugs issued and commented in the bug-tracking system and the pull requests performed in the project. Techniques will be applied to merge authors using different identities (i.e., different e-mail addresses). By means of identifying the affiliation of those individuals we plan to analyze the involvement of companies in those projects, and thus how they are present in an IoT standard, in this case LwM2M.

Software reference implementations of ICT standards have an important role for verifying that a standard is implementable, supporting interoperability testing among other implementations, and providing feedback to the standard development process. Providing reference implementations and widely used implementations of a standard as Open Source Software promotes wide deployment in software systems, interoperability, longevity of systems and associated digital assets, and avoidance of different lock-in effects. In this paper results are reported on the availability of, and perceptions and practices concerning, reference implementations and widely deployed implementations provided as Open Source Software for standards issued by different standards setting organisations. Specifically, findings draw from observations and analyses related to software implementations for identified standards and policy statements, issued by ETSI, IEC, IEEE, IETF, ISO, ITU-T, OASIS, and W3C.

With increased adoption and use of cloud-based software-as-a-service (SaaS) solutions from international providers many public sector organisations expose themselves to a dependency on specific providers and a range of different lock-in effects. The article reports from a case study which investigated how a large Swedish public sector organisation addressed licensing issues and lock-in effects during adoption and use of a SaaS solution (Microsoft 365). The study identifies problematic licensing issues and presents a legal analysis related to the organisational implementation of the SaaS solution in the specific organisation. Findings show that the organisation has failed to successfully obtain all necessary licences and all necessary rights which would allow for long-term maintenance of all its digital assets independently of the SaaS solution currently in use.

Implementation and use of an IT standard in software involves legal, technical and societal challenges. This paper addresses how an organisation can, and should, determine the conditions for implementation and use of the HEVC standard in software. The investigation considers the availability of the standard’s complete technical specification and the extent to which an organisation can access the information necessary to assess the licence conditions for standard essential patents impinging on the standard. Through an action case study approach the investigation analyses declarations in patent databases relevant to the standard and seeks to obtain patent licences from each declarant permitting implementation of the standard in software, where that software is to be provided under one (or several) of three specific open source software licences, and alternatively to be provided as an online service. Our analysis of legal and licensing conditions for use of the standard shows significant obstacles. We find that it is impossible to obtain licences from patent holders that would allow for implementation and use of the standard in open source software. The paper illuminates significant challenges related to conditions for use of the standard under (F)RAND terms and identifies that references to the standard in public procurement projects lead to anti-competitive effects.

Software reference implementations of ICT standards have an important role for verifying that a standard is implementable, supporting interoperability testing among other implementations, and providing feedback to the standard development process. Providing reference implementations and widely used implementations of a standard as Open Source Software also promotes wide deployment in software systems, avoidance of different lock-in effects, interoperability, and longevity of systems and associated digital assets. In this paper results are reported on the availability of reference implementations and widely deployed implementations provided as Open Source Software for standards issued by different standards setting organisations. Specifically, findings draw from observations and analyses related to software implementations for identified standards issued by ETSI, IEC, IEEE, IETF, ISO, ITU-T, OASIS, and W3C.

Reproducible builds (R-Bs) are software engineering practices that reliably create bit-for-bit identical binary executable files from specified source code. R-Bs are applied in someopen source software (OSS) projects and distributions to allow verification that the distrib-uted binary has been built from the released source code. The use of R-Bs has been advo-cated in software maintenance and R-Bs are applied in the development of some OSS secu-rity applications. Nonetheless, industry application of R-Bs appears limited, and we seekto understand whether awareness is low or if significant technical and business reasonsprevent wider adoption. Through interviews with software practitioners and business man-agers, this study explores the utility of applying R-Bs in businesses in the primary and sec-ondary software sectors and the business and technical reasons supporting their adoption.We find businesses use R-Bs in the safety-critical and security domains, and R-Bs are valu-able for traceability and support collaborative software development. We also found thatR-Bs are valued as engineering processes and are seen as a badge of software quality, butwithout a tangible value proposition. There are good engineering reasons to use R-Bs inindustrial software development, and the principle of establishing correspondence betweensource code and binary offers opportunities for the development of further applications.

The use of appropriate fonts and file formats for long-term maintenance of digital assets is a challenge for organizations in the public sector. The article reports from a study which investigated the PDF/A conformance and font usage in PDF files provided by Swedish public sector organizations (PSOs). This article presents an analysis of the PDF files’ properties and font usage including a categorization of fonts’ licenses. This study is motivated by the PDF/A-1 standard’s requirement that ‘only fonts that are legally embeddable in a file for unlimited, universal rendering shall be used.’ Analyzing PDF sets from three PSOs, the finding shows that the proportion of files that claim or succeed at conforming to PDF/A greatly varies among the sets despite similar backgrounds. Although the most popular way to make use of fonts is by embedding a subset of the font data, for some fonts expected to be ‘always available,’ a considerable proportion of PDF files does not include any font data. This puts the onus of locating this data on the PDF reader which is problematic for long-term archival