Open Source Software Considerations for State & Local Law
Enforcement Agencies
Faced with little funding and aging technology components, some law enforcement practitioners have turned to using open source software as a cost-effective solution for meeting their technology needs. Small and medium-sized agencies often lack technical resources, yet their need for information technology (IT) tools continues to grow. Supported by nationwide survey1 results and published references, this article
provides a set of considerations for evaluating the implementation of open source software for state and local law enforcement agencies. While many forms and categories of open source software exist, this article focuses on the stories and reported experience from state and local law enforcement agencies.
1
Benefits, Issues, and Categories of Open Source Software for
Law Enforcement
In analyzing how well open source software supports law enforcement processes, agencies cited
similar benefits and issues as expressed by commercial firms
2. Although cost is a major
discussion area, most agencies recognize that functionality and other non-cost factors are just as
important. Along with general office functions, open source software has branched out into areas
such as computer forensics and utility applications that would interest the law enforcement
community.
1.1 Open Source Software Benefits
While not law enforcement specific, the benefits include system interoperability, source code visibility, and a low initial acquisition cost.
System Interoperability. Open source software allows agencies to employ a wealth of freely available database, utility, and software development tools that are based off open standards such as structured query language (SQL) and Java. The flexibility to evolve and extend applications without a vendor lock in also drives open source software adoption.3 Database compatibility issues can be a major source of problems when considering the shift to an open source database. While many applications have the ability to transfer data via an open database connectivity (ODBC)-compliant protocol (or similar), other applications have their data essentially “locked” in a proprietary code. These proprietary databases may be accessible with the assistance of a vendor, or the data may be unavailable for use outside of the application that references it.
Visibility Into Software Code. Unlike proprietary software, an agency has the option to
examine the open source software to ensure that no backdoor functions or security risks exist that could allow the unauthorized access of sensitive information. Although the ability to see into the
1http://www.noblis.org/MissionAreas/nsi/ThoughtLeadership/CriminalJustice_PublicSafety/Documents/OS _2007_Report_FINAL.pdf
2 Open Source Becoming Mission-Critical In North America And Europe September 11, 2006. Forrester Reports.
open source code and functions is often cited as a benefit, few state and local agencies have the staff resources with the technical depth to perform such a detailed review.
Low Initial Acquisition Cost. Products cited by surveyed agencies incur a low acquisition cost relative to commercial, closed source products in the same category. According to Gartner4, the
lower costing open source software would allow contractors and other agency service providers to reduce the cost of their services accordingly. From generating case reports to community awareness flyers, agencies use office productivity software extensively on a daily basis. Using an office productivity software suite as a hypothetical scenario, Table 1 depicts the initial acquisition cost for Open Office, IBM Symphony, KOffice, and Microsoft Office. While the products vary in functionality, Open Office has been cited as a “default choice” as an open source substitute for Microsoft Office5.
Product Name Basic Package Acquisition Cost
1. Open Office No Cost Download (Source: http://www.openoffice.org/)
2. IBM Symphony No Cost Download (Source: http://symphony.lotus.com)
3 KOffice No Cost Download (Source: http://www.koffice.org/)
4. Microsoft Office 2007
Standard
$327 (Source: http://www.amazon.com/Microsoft-Office-Standard-2007-VERSION/dp/B000HCVR3A)
Table 1: Initial Acquisition Office Productivity Software Suite Cost
1.2 Issues against Using Open Source Software
Concerns about technical support, law enforcement applications, cultural change, and a return on investment were major issues cited by survey respondents.
Lack of Technical Support. Users want someone accountable for the software they use. It is important to them to be able to call the software vendor for help when needed. They do not want to have to rely on a community of developers to help resolve any issues. Although major
packages like Red Hat Linux have support options, agencies have found fewer experienced staff for patching and maintaining open source software.
Lack of Open Source Applications. There are few options for law enforcement specific applications. This means that for a given product type there is only one supporting application, if any at all. Sourceforge currently has only two projects that have reached the download maturity level: Tickets and CAPSIT. Tickets is a Computer Aided Dispatch (CAD) package that
4 Explaining the Public Value of Open Source. Gartner, 31 July 2006 5
http://www.informationweek.com/news/software/enterpriseapps/showArticle.jhtml;jsessionid=NRQA3UB WUY30NQE1GHPCKHWATMY32JVN?articleID=212201932&pgno=5&queryText=&isPrev=
incorporates Google Maps for tracking units sent to respond to an incident. CAPSIT is a web based CAD that is shared by a consortium of agencies in a geographic area.
Microsoft Accustomed Users. Computer users are less familiar with open source software than with the commercial – often Microsoft-based – equivalents. Often commands and pull-down menus are in different locations and use different terminology.
Low Return on Investment (ROI). Early adopters of Linux desktop systems and open source platforms have cited a lower ROI compared to upgrading and maintaining a Microsoft
infrastructure6. Agencies that switched to using open source office productivity suites could no
longer leverage their investment in Microsoft macro enabled spreadsheets and report templates due to functional incompatibilities.
1.3 Survey
Respondent
Reasons
As Figure A illustrates, survey responding agencies offered supporting viewpoints on the presented benefits and issues. The 26% of users accustomed to Microsoft products provides some insight to a cultural hurdle faced by open source adopters. While the acquisition cost is low, the 7% of early adopting agencies indicated a high lifecycle cost for maintaining their open source implementations. While Figure A illustrates the perception that some legacy machines can support open source software, graphical user interfaces favored by end users typically require the processing capabilities, speed, and storage capacities of current hardware.
Figure A. Surveyed Agency Responses
1.4 Other Categories of Open Source Software for Law Enforcement : Computer
Forensics and Utility Applications
Many agencies use proprietary software to conduct computer forensics investigations such as Encase from Guidance Software. However, innovative investigators have created open source software programs that offer similar file and folder analytical functionality such as the Autopsy7 and the Penguin Sleuth Kit8.
Both packages allow investigators to unobtrusively monitor the functions on a suspect machine for establishing timelines, recovering deleted files, and searching through volumes of electronic records. To supplement the software imaging, searching, and write block forensic functions, utilities such as Strip
6 Return on Investment for Linux Desktop Migration Improves, but Not Enough for Most Users. Gartner, 24 June 2005. Michael A. Silver.
Snoop allow credit card fraud investigators to view the contents on magnetic cards while Curator enables crime scene image management without the expense of purchasing proprietary software.
2 OVERVIEWS OF FOUR AGENCIES CURRENTLY USING
OPEN SOURCE SOFTWARE
Looking to leverage the benefits, several agencies are currently using open source software for law enforcement business functions. Each location offers different perspectives and evolution paths toward using open source software. The notes and applications in this section may offer solutions to other agencies that may be of a similar size or possess similar IT needs.
2.1 Garden
Grove,
California
Garden Grove has used open source based solutions for more than 11 years. They have their own development staff that have produced a number of applications, have employed open source development tools, and have utilized many open source software packages.
2.1.1 Open Source Workstation Software
Under the direction of Mr. Charles Kalil, Garden Grove’s IT department realized early on that the needs of their users would quickly outpace the applications that the city could purchase with a limited amount of funds. Mr. Kalil began experimenting with open source software for storing and managing data while maintaining a Windows-based workstation for users. For Garden Grove, the open source software fits into niche areas such as mapping, network monitoring tools, and web browsers. Table 2 lists some of the open source workstation applications used by Garden Grove.
Table 2. Open Source Applications Used by Garden Grove
Software Internet Hyperlink Description
MapServer http://mapserver.gis.umn.edu/ An open source development environment for building spatially-enabled internet applications. MapServer is not a full-featured GIS but focuses on rendering spatial data (maps, images, and vector data) for the web.
MapGuide Open Source
https://mapguide.osgeo.org/ MapGuide Open Source is a web-based platform that enables users to quickly develop and deploy web mapping applications and geospatial web services.
Big Sister http://bigsister.sourceforge.net/ Open source monitoring tool used to monitor Linux
systems – indicates database usage and server load among other things.
Mozilla Firefox
http://www.mozilla.com An award-winning Web browser. (Future Use in Garden Grove)
Samba http://us3.samba.org/samba/ Samba is a suite that provides file and print services to SMB clients, including the numerous versions of Microsoft Windows operating systems.
PostgreSQL http://www.postgresql.org/ An open source database.
2.1.2 Open Source Databases, System Links, and Police Records Management System (RMS)
While the open source software on the workstations provides some benefit to users, the use of open source on the back-end systems for the city databases, system-to-system links, and the police records management system have a larger impact.
PostgreSQL is the open source database of choice for Garden Grove. Garden Grove uses the standard tool set without added features – provided at no cost – that come with the software. Currently about 60 percent of the police applications are running against the PostgreSQL database. The police
department has a separate database in City Hall, separated from other equipment for security reasons.
2.2 Largo,
Florida
Largo, Florida uses Linux as their default operating system and OpenOffice 2.0 as their integrated office suite, although they still use Microsoft PowerPoint for presentations. The city plans to switch from PowerPoint to an open source presentation application in the near future.
Keeping with the belief that the city should use the “best of breed” for a particular application, Largo uses a blend of open and closed source software. In the case of the city’s e-mail system, an open source email application (Novell Evolution) is combined with Novell’s proprietary GroupWise 7 to provide calendaring functions. For their purposes, the GroupWise database and non-web interface served needs better. Largo’s database environment is mixed as well. They run Oracle 9i on Linux along with MySQL and MyProgress.
Table 3. Open Source Applications Used by Largo
Software Internet Hyperlink Description
OpenOffice 2.0
http://www.openoffice.org/ OpenOffice is a multiplatform and multilingual office suite and an open source project. Compatible with all other major office suites, the product is free to download, use, and distribute.
Tomboy http://www.gnome.org/projects/tomboy/ Tomboy is a desktop note-taking application for Linux and Unix.
Firefox http://www.mozilla.com An award-winning Web browser.
MySQL http://www.mysql.com/ An open source database.
GIMP http://www.gimp.org/ GIMP is the GNU Image Manipulation
Program.
GTK http://www.gtk.org/ GTK+ is a multi-platform toolkit for creating graphical user interfaces.
Gaim/Pidgin http://www.pidgin.im/ A multi-protocol instant messaging (IM)
client. Renamed Pidgin in April, 2007.
2.3 Pennsylvania State Police Computer Forensics Task Force
The Pennsylvania State Police (PASP) Forensic Task Force has used open source software to support the capabilities of the Computer Crime Unit within the Pennsylvania State Police. The Task Force augments the commercial software they use with open source both for cost and flexibility. Open source computer forensics tools provide investigators the ability to examine seized computers without altering the data contained on the hard drive. Most seized computers use the Microsoft Windows operating system. The open source tools do not require activating Microsoft Windows for searching through the files for key terms, photographic images, and internet chat transcripts. The open source tools allow investigators to find possible evidence without contaminating or altering the state of the seized computer. Open source software in use by the Task Force, and its function, are listed in Table 4.
Table 4. Open Source Applications Used by the Pennsylvania State Police Computer Forensics Task Force
Software Internet Hyperlink Description
ClusterKnoppix and Chaos
http://clusterknoppix.sw.be/ Allows the PASP to set up numerous computers in a distributive network. Very useful for password cracking attempts.
Curator http://furius.ca/curator/ Written in python. Compiles photographs, creates
thumbnails of all the images located, and creates a directory. Allows multiple image layouts. Runs from a CD.
NIST Fingerprint Image Software
http://fingerprint.nist.gov/NFIS/ A Linux-based collection of general-purpose
utilities to support processing of fingerprint images.
Xchat http://www.xchat.org/ An internet relay chat application.
2.4 Open Source Software Institute, Mississippi
Funded by a U.S. Department of Defense grant, the open source Jail Management System (JMS) was developed as part of the Mississippi Automated System Project (MASP) through the University of
Southern Mississippi. Up to 18 agencies in Texas and Mississippi have installed or are evaluating the open source JMS against local and state requirements. According to Open Source Software Institute (OSSI) Executive Director John Weathersby, the Gulf coast region needed a new jail management system but lacked the funds for procuring vendor solutions that often cost $1 million or more. OSSI worked with the University of Southern Mississippi and local software development contractors to create a system for roughly $350,000. In Mississippi, Forrest County, Harrison County, Hancock County, and Jackson County all have agencies with operational open source JMS installations. The open source JMS operates off a central network via a web browser interface that allows installed sites to share selected corrections records that may include scars, marks, and tattoos, as well as prisoner classification and medical histories.
3 Is Open Source Software Appropriate for Law
Enforcement Agencies?
Open source has started to make inroads in many market segments and therefore, it can no longer be seen as a “second class” computing format – not with IBM, Novell, Sun, and others participating in its
creation, distribution, and support. Hardware vendors have been in the open source market for some time – HP since at least 1999, IBM since 1998; recently, Dell agreed – after input from the user community – to consider expanding their sales, service, and support of computers with an open source operating system.9
How can law enforcement leverage this success to benefit the communities they serve? In some areas, recommending open source solutions is easy and straightforward. In other cases, the arguments for open source solutions are less clear. The current state of open source computing as related to law enforcement is a mixed bag with many of the common needs competently provided for while others remain lacking and, in some cases, non-existent. Not all needs of the law enforcement community can be met by open source applications. As with any technology, proper use of open source software can help law enforcement expand the IT capabilities available to the officer on the street. Agencies with limited funding or size can apply specific niche open source software packages. Converting to open source offers the rare
opportunity to review operational processes from the ground up. Regardless of the extent of
implementation, open source software provides an opportunity to excise outdated methods and replace them with more streamlined procedures appropriate to today’s needs, which in turn may provide for a more efficient and effective law enforcement agency.
About the Primary Author: Mun-Wai Hon is a Principal at Noblis Inc. Comments or questions can be sent to [email protected]
