'Complete digital sovereignty' ... sounds familiar
Schleswig-Holstein, Germany's most northern state, is starting its switch from Microsoft Office to LibreOffice, and is planning to move from Windows to Linux on the 30,000 PCs it uses for local government functions.
Concerns over data security are also front and center in the Minister-President's statement, especially data that may make its way to other countries. Back in 2021, when the transition plans were first being drawn up, the hardware requirements for Windows 11 were also mentioned as a reason to move away from Microsoft.
Saunders noted that "the reasons for switching to Linux and LibreOffice are different today. Back when LiMux started, it was mostly seen as a way to save money. Now the focus is far more on data protection, privacy and security. Consider that the European Data Protection Supervisor (EDPS) recently found that the European Commission's use of Microsoft 365 breaches data protection law for EU institutions and bodies."
Let me tell you a story about proprietary software:
The German police force have a contract with a software firm that wrote their program to file and archive emergency calls. Basically just a form that goes to a database. Now, one day, an update got pushed. The problem with that update was that the hotkey for quitting out of the current form (q) now also fired when inside an editing field. The software firm did not acknowledge that as a problem and it took months of complaints to fix and it cost the taxpayer around 300,000€ in "maintenance fees".
As someone who works with government agencies as a software developer: they are absolutely awful.
You'll get no specification at all, those you do get will change at least three times and every stupid little decision needs at least 20 people from different states, cities or agencies to agree.
Yes, the bug is pretty bad, but I'm also very sure that what you're describing is not the whole story.
From a technical standpoint, you are absolutely correct, but reality and bureaucracy don't always match.
I've had instances, where we had glaring holes in our security, but were not allowed to fix them, because the datacenter (operated by a public agency) only does deployment in a fixed schedule.
I've had officials of some sort who wrote in the contract, that each and every change has to be on the staging environment for at least one week for testing and signoff.
It's absurd and stupid, but realistically, you often can't change it.
That's one of the reasons why dataport (who are going to do the migration as the state's IT consultant / dev house) was founded in the first place: So that IT can work like IT does and not be beholden to bosses who think in bridge construction terms in one place, and tax collection terms in another. Now those bosses are mere clients of an inter-state agency that does nothing but IT, and IT can speak with authority when it comes to IT matters.
My employer currently works with a bunch of agencies and I've been involved with some of them. I can deliver the best product ever with the best process and lightning fast deployment - if the client doesn't get its shit together, you won't deliver on time/in budget.
Anecdote I'm currently part of: an agency bought a new app, we're 98% done, we could go live on Tuesday. But there's one agency/department/guy (I seriously don't know) who has to confirm that the data of our staging system reached their system and was processed correctly. This agency however doesn't react. At all. And because it's something like 5mm outside of the jurisdiction of the agency that is our direct client, there's nothing we can do. So the system is just sitting there waiting.
I could go on and on. Dataport is a good idea, but if all their clients are overworked, understaffed or straight up incompetent, there's not much they could do.
But there’s one agency/department/guy (I seriously don’t know) who has to confirm that the data of our staging system reached their system and was processed correctly.
There's no "their system": The boxes under the desks of civil servants are managed by dataport, talking to backend infrastructure managed by dataport.
If there's some new administrative procedure agencies or ministries want their civil servants to do and it can't be implemented because it's under-specced or just incoherent then dataport gets to send that spec back saying "fix your shit": It's not like the agencies have a choice in who's running their infrastructure. The tax office can't do jackshit if the fire inspector doesn't like their new plans either. If things are implemented as specced and people complain and want a rework then dataport can say "well it's your budget, not ours". If they do that all the time at some point the court of accounts will take them aside for a polite conversation. Just this one thing, making IT external to whatever it is that the agency is doing, provides lots of accountability.
That is: The solution isn't so much to eradicate bullshit but to make sure that it stays in the silo where it got generated.
but if all their clients are overworked, understaffed or straight up incompetent
I think you don't understand. It's not about "physically reached the machine under the desk" it's "was processed correctly by a system". Operations can only tell if a technical error occurred, they have no idea what the data is supposed to look like. So dataport can do jack shit.
IT de facto already is outsourced, there's hardly any internal IT left, simply because the pay is shit. I'd get at least 1k less after taxes if I'd do the same work for the agency, not a contractor.
And if you think his joke is funny in this context, it's not. I work with these agencies everyday. They are structurally broken, but most people there are really passionate about what they're doing.