Spanish court rejects opening code for automated public decisions
The sentence sets a precedent on the transparency of source code for software and algorithms developed by Spanish public entities.
A Spanish court has rejected the publication of source code for software that processes applications for subsidies created to combat energy poverty. Civio, having noticed errors in the software’s results, requested the source code under the Transparency Law. After the government’s initial refusal, Civio appealed to the Spanish Transparency Council, which also denied the request on the grounds that the software is protected by intellectual property rights. Now, a judge has also ruled against disclosure, adding that releasing the source code of this program also represents a danger to public security and national defence.
How did we get here?
The so-called bono social (social bond) is a public subsidy of electricity bills for vulnerable households . To process it, the administration created an application to which electricity companies could submit the data of customers who applied for the aid. The application checks if the customer’s meet the subsidy’s legal requirements, and the companies communicate the result to their clients.
After a regulatory change, due to the complexity of the process and lack of information few households were accessing the aid. Almost two million previous recipients did not apply to renew it and were set to lose it. This is why Civio developed, jointly with the Spanish Commission on Markets and Competition (CNMC in Spanish), a tool to let people know if they were entitled to the social bond. Individuals, charities and public citizen services all used our tool.
After its launch, some users warned Civio that, while our app told them that they were eligible, the electricity company rejected their application. When we checked their cases, we realized that something was going on. So we requested, under the Spanish Transparency Law, the source code, the functional analysis and the results of the technical tests of the government application. The government objected to this, while the Transparency Council agreed partially with us: the source code was out of bounds, but we were entitled to receive the technical documents. Based on the documentation, we saw there was a problem in the design of the Government’s tool and it was denying aid to qualifying applicants.
The application did not comply with regulations
The subsidy’s regulation establishes three scenarios for citizens to receive the bono social. Pensioners receiving certain minimum pensions are entitled. Having an income below a certain threshold is another scenario. The third group are large families, whatever their income. The Government application tried to consult their tax records and, if the applicant hadn’t agreed to this, the application returned an error message: “Calculation can’t be performed”. This is what electricity companies, without the intervention of any public employee, communicated to the applicant. Something similar happened with recipients of widower’s pensions, who were denied the aid if they had applied as pensioners, even when they would be entitled through the low-income scenario. In his sentence, the magistrate assumed that the program applied the regulations as they were, without having accessed the code or checking it.
In 2019, we challenged the Transparency Council’s decision in court: we rejected the alleged intellectual property of source code that had been designed and written by a public entity and that, in practice, is deciding on citizens’ rights. Otherwise, we would be allowing public entities to develop algorithms hidden from public scrutiny.
Additionally, the National Cryptologic Centre and the General Subdirectorate of Information and Communication Technologies of the Ministry of Industry stated in their expert opinions during litigation that the dissemination of the source code of any program would enable security attacks and the exposure of sensitive databases. But the application is only accessible to electricity companies from controlled environments, and its documentation describes security protocols that would prevent improper access. Furthermore, it is good software engineering practice that passwords and credentials are never included in the code, but in separate configuration files. The Transparency Act also allows the omission of some information. Since we are only interested in the module calculating whether a person is entitled to the social bond, the government could exclude the code handling the connections to different databases. Past experiences also show opening up public software is not a risk: the Government published more than a year ago the code of RADAR Covid, a mobile app created to track contacts with Covid-19 positives, “for transparency and so that the community can help improve the app”. That did not expose anyone’s health data.
For all these reasons, Civio has filed a new appeal. Because we have the right to know how and why decisions that affect us are made. Whether they are made by a person or a program.