ISA study for open source software for online collection of statements of support for European citizens’ initiatives
Successfully submitted at 18:22 Feb 22. The IPM reference number is: 409126123221805311
Questionnaire for Member States, EU institutions and other organisms regarding the use of open source software systems for online collection of statements of support for European citizens’ initiatives. 
Please, specify the name of your organisation
Stichting Petities.nl (or Foundation Petitions.nl)
Please, specify your first and last name
Please, specify your contact information (e-mail address, phone number)
- 1 Please complete the following questions for each identified system
- 2 What are the technical characteristics of the system?
- 3 Which data input features has the system?
- 4 Which features has the system concerning the confidentiality of personal data?
- 5 Which features has the system concerning the integrity of personal data?
- 6 Which features has the system concerning the storage of personal data?
- 7 Which features has the system concerning reporting?
Please complete the following questions for each identified system
1. Do you have/do you know about any online data collection systems in place and/or in development?  An online data collection system is a web-based software application that is able to collect, store and process data.
1.1 What is the name of the system?
petities.nl, the national signature data collection system in the Netherlands, part of the EuroPetition.eu project.
1.2 What is the URL/web page address?
http://petitions.nl is the online national data signature gathering system. A showcase of the upcoming version can be found at http://demo.petities.nl an 'explanimation' video about it at http://www.youtube.com/watch?v=cKAiBMzA10M and the open sourced code at http://github.com/petities
1.3 Which party/Who developed the system? It can be a natural person or a company.
The Foundation Petitions.nl in collaboration with Alias Internet Publishing. The source code can be found at github.com/petities It received several rounds of funding from the Dutch national government. Programmers R. Tuithof, S. Onland, J. Kok and S. Preeker have worked on the code since 2005.
-> The Foundation Petitions.nl with Alias Internet Publishing. Funding from Dutch government. Programmers R. Tuithof, S. Onland, J. Kok, and S. Preeker (149 characters)
1.4 For which purpose or what organisation is it used?
The goal of the foundation Petitions.nl is to make it easy for citizens to start or sign a petition, pass it on to the relevant authority and broadcast the answer from the authority back to all the signatories. Between May 2005 and February 2011 around 1,3 million confirmed signatures have been collected in one database for more than 700 local, national and European petitions and citizens initiatives. Only national citizens initiatives so far, but the system will be ready for European Citizens Initiatives as soon as the requirements are known. Both the code and the service will be publicly available to all Europeans.
The system has a history with three versions. Version one and two were developed with the Alias Internet Publishing framework and version three (December 2009) is built with the Ruby on Rails framework. Currently version 3.2 is being developed which will be the first with an open sourced code. Also it will be multi-lingual. At least English will be supported, but theoretically all languages of the European Union can have an interface the moment it is translated.
-> Petitions.nl, to make it easy for citizens to start or sign a petition, pass it on to authorities and broadcast the answer back to all the signatories (150 characters)
What are the technical characteristics of the system?
2.1 Is it an open-source software ? Open-source software (OSS) is computer software that is available in source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change and improve the software.
2.2 In which programming language is the source code written?
2.2.1 Please indicate which one (optional) (between 4 and 150 characters)
The source code is written in Ruby, using the Ruby on Rails framework.
2.3 Is the source code available on line?
2.3.1 Where is the source code published ? (http://...)
2.4 Under which license is the source code available?
2.4.1 Please specify
The source code is licensed under version 3 of the Affero General Public License (AGPLv3). The AGPLv3 is an OSI approved open source license that provides specific provisions for web-applications that are used (for example, software-as-a-service) but not redistributed. The license requires all derivative works to maintain a public download of all changed source code.
-> The source code is licensed under version 3 of the Affero General Public License, an OSI approved license with provisions for web-applications.(140 characters)
3. Does the tool contain help functionalities or frequently asked questions?
Which data input features has the system?
4.1 Is the data filled in on screen or uploaded by document?
The data input is mainly done by individual citizens through a centralised web interface, but other interfaces (mobile web, SMS, mobile App, Java-widgets on other sites, applets, interactive television and what comes in the future) can all do input using the application programming interface (API). The system always sends out an e-mail to have a signature confirmed and ask to fill in extra (required) fields. Without an e-mail address one can not sign.
Existing databases with signatures can be uploaded to the website on request, under the condition that each signature comes with a working e-mailaddress and each signature (statement of support) is confirmed by e-mail.
-> through the web, but other interfaces can all input using the application programming interface (API), resulting in confirmation e-mail to signatory (148 characters)
4.2 Are the data fields fixed or can they vary per country, region or language or vary depending on the answers to previous questions?
Certain data fields can remain hidden or not compulsory. For example, petitions have less compulsory fields than citizens initiatives. Our ambition is to further the petitions datastandard from the EuroPetition project and establish an XML standard for both petitions and citizens initiatives, with petitions being 'upwards compatible' to citizens initiatives. In other words, an citizens initiative which does not comply to formal requirements can still function in the same system as a petition.
-> Certain data fields can remain hidden or not compulsory. Goal is a datastandard in the EuroPetition project, an XML standard for both petitions + ECI (150 characters)
4.3 Does the system allow the definition of input controls on certain fields? (e.g. data format, number format)
4.4 Does the system allow the definition of mandatory fields?
4.5 Are the data fields easily configurable?
4.6.1 Which of the official European languages can be used?
Using the Tolk add on, automatic translation to any language are possible. First only the English translation will be formally available. Other translations will be implemented when there is funding for high quality translations.
-> Using the Tolk add on, automatic translation to any language possible. First only the English translation will be formally available. Others follow. (150 characters)
4.6.2 Is it easy to add an additional language?
Which features has the system concerning the confidentiality of personal data?
5.1 Do signatories need to register on the website to access the system?
5.2 Does the system have authetication mechanisms, such as login and password, token, ... for the signatories ? If yes, please list the mechanisms.
The e-mail address functions as the login and a token e-mailed to the signatories is the password. The token is included in a unique URL which gives direct access to the signature confirmation page by following the link in the e-mail. It is not required to enter a password anywhere, just following a link in an e-mail is the most user friendly solution. In the first version a username and password combination was used, but this proved to be a huge obstacle to achieve volume. With this design one can only sign once per e-mail address.
-> The e-mail address is login, token included in unique URL to the signature confirmation page by following the link in the e-mail: 'one click login' (148 characters)
5.3 Does the system have authentication mechanisms, such as login and password, token...for the (database) administrators? If yes, please list the mechanisms.
Yes, the database administrators and the lead petitioners (author of petition or citizens initiative) do have a login and password accessible through the petities.nl/admin screen. The e-mail address is the login.
-> Admins and lead petitioners (author of petition or citizens initiative) have a login (their e-mail) and password accessible through petities.nl/admin (149 characters)
5.4 Which measures (e.g. protocols,...) were implemented to ensure a secure client-server conversation throughout the entire dialogue ? e.g. (HTTPS,...)
The https-protocol is used (and soon also ipsec under IPv6) for the lead petitioners and the database administrators and petition managers (authorities receiving petitions through petities.nl). Confirming a signature will also go through https in version 3.2 (spring 2011). In version 3.1 signatories confirm their signature over http.
-> https (and soon ipsec under IPv6) for admins, managers, organisers and authorities partnering. Signatories in version 3.2 (spring 2011)also over https
Which features has the system concerning the integrity of personal data?
6.1 Is data modification possible once the statement form is submitted?
6.1.1 Please specify who can modify the data
Citizen who submitted
6.2 Is data deletion possible once the statement form is submitted?
6.2.1 Please specify who can delete data
Citizen who submitted
6.3 Which measures are in place to prevent malicious code? (cross site scripting, SQL injections,...)
-> Input other than plain text results is stripped. SQL injections prevented, using SQL prepared statements. CSRF tokens to prevent cross site request forgery. SSL for admin to prevent man-in-the-middle
Which features has the system concerning the storage of personal data?
7.1 Does the application support different access profiles to the application's data? E.g. signatories, organisers, administrators...
7.2 Is the application based on a well-known database?
7.2.1. Please specify on which database is the application based?
7.3 Is the system protected from external attacks ? (E.g. database, network, host...)
Yes, the web-servers are a demilitarized zone (E.g. physical or logical subnetwork that contains and exposes an organization's external services to the Internet)
Yes, there a firewall and/or proxy implemented to protect the system from outside attacks
7.3.1 Please specify how is the system protected from external attacks (Other)
The petities.nl servers are placed in a secured datacenter. Physical access to the servers is strictly controlled and the center is equipped with backup-power generators and fire detection systems.
On the petities.nl servers firewalls and access control lists protect against unauthorized access. Maintenance on the servers is only possible through secured and encrypted connections. The servers will only run those services that are required for petities.nl. The database is only accessible from the servers itself and access to the petities.nl database is restricted.
-> Secured datacenter, equipped with backup-power generators and fire detection systems. Firewalls, access control lists, maintenance over secured connections, database only from server or restricted (200 characters)
Which features has the system concerning reporting?
8.1 Does it contain reporting and/or exporting functions on the data collected?
8.1.1 Please give details
Export as PDF or as .csv with fields required by authorities. In the case of a citizens initiative more fields are included than in the case of a petition. The exported information also includes information about signatories which have chosen to remain invisible through the website. E-mail addresses are always excluded from the export. Maximum three e-mailings can be broadcast to the signatories through our system, but never executed by any citizen or any authority, moderated by the administrators of the Foundation Petitions.nl, based on a formal, neutral set of criteria.
-> Export as PDF or as .csv with fields required by authorities. citizens initiative more than a petition, including signatories invisible through the website. E-mail addresses excluded from the export. (200 char)
8.2 Who has the authority to view reports and/or export this information?
8.3 How is the collected data passed on to the competent authorities?
8.4 Is there any functionality to facilitate the validation of signatories by competent authorities?
8.5 Which security mesures were implemented, with regard to reporting personal data? E.g. data alteration,...
Only signatories have writing priviliges in the database. They can alter their own signature (using the unique link with token) until the collection of signatures is 'frozen' and exported for the hand over to the authority. The lead petitioner/organiser can never add or alter signatures. Signatures can be flagged for deletion by the petities.nl staff. Deletion of signatures is carried out based on a formal neutral set of criteria.
-> Only signatories and admin write in database. To alter their own signature (using the unique link with token) until the collection of signatures is 'frozen' + exported. Deletion only on formal grounds (200)
9. Did you apply any existing practice standards for specific subject as security, usability, accessibility, etc, in the development of the system? E.g; ISO standards,...
The website scored the highest in all criteria for the national accessibility standard and received three stars out of three (drempelvrij.nl) (200 char)
The usability of the site has been tested since 2005 by nearly 1,5 million users, resulting of hundreds of e-mail comments translated into usability improvements.
-> The website scored the highest in all criteria for the national accessibility standard and received three stars out of three (drempelvrij.nl) W3C XML (200)
As a security guideline we prefer not to store data we do not need.
10. Do you think the tool should be considered for re-use?
The tool is written with international re-use in mind. Other neutral foundations or businesses with the goal to promote petitioning in the democratic process can and should use our tool which has been tested for more than five years by more than 1,5 million users. It is funded with public money and therefore should be used by the public, also internationally. It can not easily (and perhaps should not) be used by organisers of specific initiatives. It is a specialised business to service the online collection of signatures reliably. It is an option to make the use of the system by anyone else but the organiser of a specific initiative invisible. The reliability of the data can no longer be guaranteed (data can be altered) and the privacy of the users is not properly protected (they can receive e-mailings).
The service is designed for "petition service providers" rather than NGO's and activists. They are considered as end-users (like any citizen). By having many different end-users using the same system the tool becomes more reliable because of the neutral position of the petition service provider. End-users need less marketing because of the experience and trust many of the citizens already have signing other petitions or citizens initiatives with the same national service. The economies of scale makes it also cheaper to operate the service. One or a few such service in each region in Europe would do. Using the API and the network of EuroPetition the signatures can be synchronised and exchanged in such a decentralised network.