In Stockholm there's currently an IT battle underway(twitter.com) |
In Stockholm there's currently an IT battle underway(twitter.com) |
Frankly, I see jail time for the contractors doing this.
Looking at the code, it appears that they authenticate against the api? So it’s a third-party app using an api, against the first-party’s expressed wishes, to read and/or manipulate student data?[1]
Of course the city will defend against that.
[1] Correct me if I’m wrong here.
The app uses your device, your electricity, and your credentials. The API is built using your tax money.
I don’t see a problem.
Why would that be a given.
I can understand it in scenarios where it messes up a monetisation strategy - but this bein publicly funded it's the opposite of what I'd expect.
So that leaves a defense against... their own users? Makes no sense.
Plus the tax payers funded the platform so it's not like the government has any legitimate interest in protecting the product itself like a private business might.
Who is going to maintain that app over time?
Maintenance sucks and is expensive.
I'm going through this right now with a security system for a non-profit. The old system is open source and works--but it's 10 years dead.
So, they'd like to add these couple features. Who is going to develop that? Who is going to pay for that? What happens 10 years from now?
So, they can pay money for a commercial solution which is "Somebody Else's Problem(tm)" or they can go with a bespoke system that becomes their problem.
Maintenance is a cost that open source never accounts for.
input: 5+ years and 100 million dollars
output: crappy system
maintenance: still necessary, hire anyone but probably the expensive guys from before
The route that these parents demonstrated:
input: a few months and presumably a whole lot less money
output: something that seems to be well-liked
maintenance: still necessary, hire anyone
Regardless of "but who's going to maintain it", the benefits should be clear here. People don't work on open source code because they get paid to and shrug when they do something useless or even detrimental just because the boss says so. They work on it for a passion. Now if you hire a company to write the open source code, you kind of lose that benefit, but if the development is out in the open, the public can at least keep track of it and say "but this doesn't make sense" or "let's get a working system before we spend another 4 years over-engineering and bloating this". This open model is how the corona tracker was developed in the Netherlands and it worked super well. The question is now whether the government will dare to do it again with the next IT project.
Don't forget: sometimes the copyright is still owned by the contractor that developed it, at which point the options are only "hire the expensive guys from before." Want to make a change and the vendor can't/won't? Oops, guess you're starting over from scratch! Or you don't make the change you wanted to and live with it as-is.
Are they clear?
Or is this the "Chrysler Comprehensive Compensation System" all over again? aka the gigantic disaster that somehow spawned the Extreme Programming "experts" and implemented the easy 80% while missing the really hard 80% (yes, that totals to 160% intentionally).
It's really easy to produce something that majority like but doesn't get even basic use cases. For example, let's start with some simple stuff:
- Does it meet GDPR guidelines?
- Does it meet accessibility guidelines?
- Does it meet security guidelines for protection of personal information of minors? (Apparently the original government software completely blew this off. As always.)
As I have pointed out previously on HN, that adds a bunch of cost to government software that MUST be paid if the software is part of government functionality.
I can whip out a single page app in a hurry. Ask me to comply with those issues and I'm going to have to spend a lot more time on things.
Don't get me wrong. Big IT projects like these always become boondoggles. However, everybody always simply gives the open source project the benefit of the doubt at being "better" when it probably just blows off a lot of functionality.
Government CRUD applications have to be able to handle the majority while still allowing the 0.1% to be handled.
In fact, open source is almost always worse--the proprietary company can at least generally demonstrate that they can do what they say.
And, for contracts like these, the end customer generally gets the source anyway. So, to the end customer, there really is no difference.
And this is before we get into the whole "Whose budget holds the money for that maintenance over time?" political football. A lot of government contracting is about transferring uncertain future payments into certain present payments. And someone will try to kill that budget at some point.
I love open source. But open source software almost always fails hard when the subject isn't relevant to software programming.
This is not a "current proprietary system" vs "open system maintained by volunteers". They can basically adopt the open system which is better and pay whoever they want the same account of money to maintain it. They just need to shift which system is being maintained. (And may even save money that way)
Yes they are. The benefits are clear, because apparently a whole bunch of users got together a spent a bunch of effort building something that solve real problems that they themselves were having.
> everybody always simply gives the open source project the benefit of the doubt at being "better" when it probably just blows off a lot of functionality.
If people are using it, and spent a bunch of time and effort to solve their problems, then almost by definition, it is solving a problem that they were having.
So yes, we can just assume that it is better in some ways. If a bunch of people are using it, then almost by definition, it is providing value to some people.
VLC I don't know about.
The fact that there are so few successful, non-programming examples exactly demonstrates the point.
It instead was mostly developed by a schizophrenic Austrian math genius in his free time from not being regularly employed, plus some other grad student types.
[0] https://twitter.com/oppnaskolplatt/status/137505230118290637...
[1] https://github.com/kolplattformen/embedded-api/commit/b61122...
(I’m the founder of this initiative)
How do we improve this common scenario? What are the root causes?
The common themes are:
1. Lack of technical project competence at the decision maker level.
2. Scope creep. Where the one true system has to do everything.
3. A 'one-pass' approach where everything is expected to be delivered as a working system at the end of the project.
Even fixing two of these gives us a solid shot at a successful project.
The Phoenix payroll system comes to mind, the Canadian government tried to shift the blame to IBM, but have their hands tied since IBM delivered exactly what was in the contract. It's just that what the government decided to put in the contract has little to do with how they really do payroll.
It wasn't a big project, I was the sole coder. What had been sold in was basically a Drupal install with some customization. I made sure they wrote a decent specification before I accepted the job.
I delivered on time and we had the first test with the client. Everything went very well, and the client seemed happy.
On the client side, the project was then moved from the project group to those who'd actually be using it. And then came the question from the new manager:
Mgr: "This looks nice, but what about all the other sites?"
Us: "Other sites? The contract was only for one site."
Mgr: "Well, the whole point here was to have 17 sites with site-specific content written by site-specific users, managed centrally with a unified look as if it was one single site."
Us: "Err... that's not what the specification we agreed on says."
Mgr: "Well, as it stands this is useless to us."
And so the simple three day job turned into many weeks.
It facinates me that no one ever stopped to wonder if was actually possible to implement all that.
It failed horribly, costing billion of DKK in implementation cost and even more in taxes that couldn’t be collected.
Isn't this basically a given? I find it hard to imagine that any organization could come up with good, complete requirements before they've had any software written.
- a bridge
- airplanes
- most houses
- etc
Hardware comes to mind - it’s all hardware on the list, basically.
Software (outside certain realms ofc) like this? I’ve been, like many others here, doing this software thing for 20+ years now.
Big and small, I’ve basically never seen anything spawned from a project-driven organization actually deliver great results.
Most software is supposed to change, indefinitely - that’s the point!
Everyone in this day and age should know that requirements change over even short periods of time, so why even bother trying to pin them down in detail up front - you’re going to do everyone involved a disservice.
There is something to this agile thing and a “project” is it’s anti-pattern.
Not mention how much a quick feedback loop will learn you about the operation side of things.
Operations and change, it’s all you can build for and that is best done one step at a time.
(This joke of a platform is spread across multiple (5?) vendors/partners no less. A couple of them probably started just for this, backed with vc funding. It’s most likely a glorious mess!)
End rant.
That means the government comes up with a way for the parties to collaborate and just enforces that. So the actual implementation is open to competition.
Things like communication protocols or extensible APIs or schemas for exchanging APIs.
But who decides who is skilled enough? Then we are quickly in the realm of politics ..
How about we give you a 23-year old recent grad instead?
I read the 2014 one as a part of our project management uni course, but couldn't find it with a simple Google search so here's the 2015 one:
[pdf] https://www.standishgroup.com/sample_research_files/CHAOSRep...
It looks like a success until you ask operations and people maintaining the deliverable.
This is usually not factored in and ends up at at different cost center.
You almost never get the full picture of continuity when dealing with a project organization hence it’s really, really hard to judge.
https://www.zdnet.com/article/study-68-percent-of-it-project...
People don't notice when things go right.
What about all the 5+ year, $100M projects you didn't hear about, because they never made the news, because the project went smoothly?
Even in general conversation we tend to vent about how bad our day/week was, and not how awesome something went:
Maybe that's a little far, no?
Worse, I have seen not enough people run for open council positions, so anybody willing to fill out the paperwork can ‘win’ without anyone in town voting.
"@Stockholmsstad are now acting like angry toddlers."
I'd read between the lines. I don't think it's a hurt ego, not with these numbers. Someone is (continued) to be paid for this to be happening. This reeks corruption.
It's more government officials and contractors with their reputation and money on the line. In the case of government officials, it's not necessarily unmarked-bills-in-a-paper-bag-under-the-table kind of corruption, but the more pernicious "revolving door" of government/private industry kind.
A better approach is agile with customer's actual employees guiding small changes all along from the beginning, and customer's project managers/budgeting managers tracking progress, requirements, and costs.
I like the idea but that's not a product I think open source folks ventures to build much?
There's nothing preventing a group from making a FOSS replacement of a government project made commercially, even if its goals aren't ideal.
where is juicy details like who did it? Oracle? IBM? ..?
> So a few parents decided, since the data is basically their data, to build their own better version. A couple of months later, @oppnaskolplatt was ready.
Bad precedent that must be squished ruthlessly. Otherwise next time they would decide to have their own better roads, police, government... that slippery slop of "we the people".
According to [1], no less than four contractors: Tieto, Ping Pong (apparently responsible for security), Unikum and Nova Software.
[1] https://translate.google.com/translate?sl=sv&tl=en&u=https:/...
Directly employing most of one's required software engineers is largely a very new phenomenon, and not yet widespread.
In Norway, you'd have e.g. Evry, Itera, Bouvet, Miles, Computas as well as international companies like Steria, Accenture and CapGemini. They contract out developers at ~$125 an hour and pay a regular middle-class salary. A large portion of software engineers are employed at a company like this.
You could volunteer to do all the work and they'll still oppose you at every turn.
My hope is that we'll reach a stage where citizen participatory programming is normal for all. Where my dad could offer a PR to fix a typo on a government page casually as he browses it.
I have a feeling we're not far off but you need it to happen in a place with low entrenched interests but with sufficient enlightenment.
I think big US cities have the latter but not the former, and authoritarian developing nations lack both the former and the latter. So maybe smaller Western nations like Estonia.
Or, my biggest hope, sufficiently advanced townships in America.
It does in my country, Portugal, at least: https://pt.wikipedia.org/wiki/Dom%C3%ADnio_p%C3%BAblico
And it sounds like it comes from some "Berne convention" in which a lot of other countries also participated.
They are horseshit at anything after that
And that's where things go sideways.
Isn't that how Mint works?
BankID is both an authentication and user information service system. Swedish customers can sign up with BankID, and the beauty of the setup is that we are exposed to less private information than we otherwise would.
On login, these same customers go through BankID flow, and we get an assertation from the service that essentially tells us "login is valid for this previously assigned unique customer identifier".
"We need a school comms platform. It needs to have messaging and scheduling. People need to be authenticated (duh)."
Now ordinarily I'd say "WTF who would build that for free?" but by the looks of it someone has done substantial work for free already.
Heck, you could probably get free work from the kids themselves. There's plenty of people in education who would want to do odd jobs on it.
Now maybe pay up for a few senior devs and a PM, so that someone is at least responsible for it, with their income tied to it. But make it a small group, for the same reason.
If there's suggestions, or something breaks, there's a place to report that. End of the day, it's a platform for the people by the people.
Sounds like a great way to get a community to build its own infrastructure?
Believe me its way worse here in Germany.
I would consider this a luxury problem...
German government is the european leader in corruption , even covid was used by many of them to get kickbacks for masks for elders and wasted 2 Billion € there.
And like the corrupt "Flintenuschi" Ursula von der Leyen they get promoted to President of the European Commission for that if they manage to delete all evidence from their phone after beeing caught.
- Stuttgart 21
- elbphilharmonie, Hamburg
- Mobile Internet
- Everything that has to do with the Deutsche Bahn :D
- more stuff...
https://www.istartedsomething.com/20140420/msn-messenger-and...
It sounds like if I would get 1% of the price to build this, I would laugh all the way to the bank.
Jebus....
Absolutely correct, it's smells exactly like the kill-LiMux "Project" from Munich.
But Sweden has a pretty big history being corrupt, just think about Assange, Olof Palme...and the bad russian sub story.
While that is always true in reality(you are always responsible for your actions), it is not legally obvious when you buy commercial products(you can blame the manufacturer).
While people are often reluctant to accept that. I find that it is often what people’s arguments in this regards can be boiled down to.
I suspect the argument usually comes in the form of FUD from consultants like the ones in charge of this project. But I wonder what makes it takes hold. Incompetent lawyers? Bureaucrats who like to play armchair lawyers? Or just outright corruption?
I can see why you’d be defensive and make a project together with the firm that is the biggest player in software for the public sector (although their reputation is poor).
What I don’t understand is why the project is a Big Bang release type thing. Or why the contract can’t have clauses about openness or interoperability? If the supplier is scared by that or charges more for it - switch. Having source visible or exposed APIs doesn’t mean they have to accept PRs (although that would be great PR)
I vividly remember how everyone shrugged of some small, local politician spending 50 Million SEK(5 Mil USD) on some project to "Cheer up the town square" ended up with 5 contractors, all friend of the local politician, that produced one 50 page report on how "dancing and talkin street lamps will cheer up the town square" was the final result. The politician denied to answer further question to reporters, insisting the project gave good insights, and no one gave a single crap
I hope this publicity changes things.
There's a Cunningham's Law parallel here: the best way to get a good free open source system is to first build a terrible expensive proprietary one with shady business practices, and let the frustrated users do the rest.
I'd love it if we lived in a society where everyone could contribute to everything. You see a bug, you report it on the board, someone says "hey I don't have time but you can look at it, it's gonna be in myscript.py". You fix it, they check your fix, and we're all better off.
Having an army of kids doing it would help everyone. I think working on a real thing instead of a contrived project is huge in the development of coders.
And as you say, they can add their owm imprint. Society has got to renew itself somehow, and it's not by being corporate.
> Now maybe pay up for a few senior devs and a PM.
> platform for the people by the people
I think you're overestimating the abilities of "kids" and non-professional devs and underestimating the complexity of running that kind of show (thus underestimating the ratio of professionals/community necessary to pull that off). Notice how most successful open-source projects are in fact supported by tech companies and worked on by professional devs on those companies' payrolls, and how, despite that, most open-source projects still end up kind of chaotic.
It’s not going to be a technological shift - it’s a different approach to software and forming teams around it.
I’m writing this and it kind of echoes Brooks words in “the mythical man month” - it was written in the 70s.
Their IT budgets are often ginormous with very little to show for it. Consulting havens. Slow, if at all, moving project organizations.
It’s about size, budget models and competences.
Time for another rant:
Note that Sweden have implemented “new public management” NPM which basically pushes government agencies to govern like the ever oh so successful free market companies.
This has had many really bad side effects since the 90s and it’s right up the neoliberal alley.
In my book it’s just silly and something only professional politicians together with consultants can cook. But it’s a different story, really.
My observation of corporate organisations attempting to guide software development is just as bad.
I’m a proponent of doing these things in-house, however that path is far from straightforward and has masses of pitfalls too.
It's a proprietary product that's not publicly available, and yet it's required for many governmental services. Obviously, it's a recipe for disaster.
For example, when Swedbank found out that I use some service at another company, they closed my access to BankID and told me that I either move that engagement to them or ask the other company (which isn't part of the BankID oligopoly) to somehow get BankID.
Even worse, there are some stories about people losing access to BankID for political opinions. That's China level of repression.
It’s like something from the early 2000 and it’s sad to see.
You can “feel the requirements” as you try to navigate pages.
It makes my techie heart ache... :)
> I'd love it if we lived in a society where everyone could contribute to everything.
That's still the dream, but SaaS kills open source in many ways - by monetizing what has already been done for people other than the authors, and by locking all applications behind paywalls. A return to running our own decentralized software, a return to protocols instead of platforms, is what we need to get over this.
Had I not insisted on such detailed specs though, it would likely have been a lot harder to get them to pay up.
So yeah, worked out fine for me, but taught me a valuable lesson.
Gall's law:
> A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over with a working simple system.[9]
At my previous employer there was the concept of the "90 day sprint". Top management use the term without irony. All they have done is substitute "sprint" anywhere you would say "quarter". So now they are agile. I wish I was making this up.
No tricks really, just common sense, right? :)
It is rather way overengineered. In such a way, that freshmen to SAP(out of university), get assigned to a project - but for one whole year are basically just have to walk along with the team, without contribution actual code, because they have to understand how it all works together first. (at least thats what I've been told by some people going there)
Sounds glorious and horrifying. I rather did things where I saw actual progress and impact of my work.
Though to be fair it got there because it was one of the first to kinda solve the problem in a more flexible way than having a system built from nothing
Taken together, the complexity of the law just accumulates. Tax law in Denmark being a particularly gross example.
One major issue, at least with Danish law makers, is that they want to target special groups, but that would be discriminating, so instead they attempt to target the behaviour of those group. This of cause will affect a number of people who where not in the original target group, so they add on exceptions and and details to narrow down the law. Also there never seems to be any clean up in the laws.
If your laws/rule exploded from a few hundred pages to 30.000 pages, you should really revisit that thoughts behind that law.
There's a lot I love about life in Denmark. This is just to say that no place is perfect and DK also has stuff that all Danes should be rightly embarrassed about.
More seriously, there usually are no simple solutions to complex problems. And government is a very complex problem. So many people with so many opinions - and everyone involved afraid to say one wrong word or make one wrong decision. I don't think more fear helps there.
I mean - prison for corruption - yes! But prison for incompetence, no. Then you also have to jail the people who put the incompetent person there in the first place and those people and so on.
And how to decide which is which? Effectively there's not much difference
Could you do calmy your job then? Or would the anxiety made you even more prone to misstakes?
Trial and error using a free market place.
https://www.skattebetalarna.se/wp-content/uploads/2018/07/Sk...
My point is rather that the issue of "wasting tax payer money" should in principle not have any political side; its about efficiency and both left and right should engage in the question. If anything the side that is vouching for more government should be the one leading the discussion of the efficiency of tax payer money utilization.
Yet most just jump to simple adhomiem attack on the critisizers. "right wing propaganda"; That was my point. That we pretend to care but we don't, and rather switch the discussion to petty tribalist name-calling.
And I'm well aware the sponsors of the organization and that they probably have some rotten eggs in the basket too.
If you look at their "Worst of 2020", almost everything is below 10MSek, which is drop in the bucket budgetwise https://skattebetalarna.se/arets-varsta-sloseri-2020/)
One might wonder what would happen do Danes abroad not respecting the local customs in certain conservative countries.
Governments by their nature tend to approach everything from a legal perspective.
This then means the requirements of these big IT project end up being a mass of legal documents which try to describe what is being delivered by whom.
Then when the whole thing falls apart it ends up in the courts and the court then decides who promised what based on those original contract documents.
The relative was asked about his CS job, and at some point details were being discussed. The relative said something like “we have made what was asked for but because we have run out of time, that’s what the customer is getting. We know what they actually want and need, but that’s not in the contract”.
The person we were talking to was the customer.
Something government contractors learn to be good at is following a spec. These lawsuits often end-up costing the taxpayer a fortune for the government to be told that everything was delivered according to their spec.
The consulting company will then recoup it's losses from the lawsuit using their hourly billing clause where it stipulates that they can modify the software for X$/hour.
It’s also why Gene Kim & co wrote “The Phoenix Project” [1].
Everyone involved in software-building, non-tech industry should read it.
In the end it’s just lean turned agile software dev. Reduce waste.
[1] https://www.amazon.com/Phoenix-Project-DevOps-Helping-Busine...
Take a look at how kmalloc_obj is going in DragonFly BSD.
Government IT challenges three technical team leads to get to solution like kmalloc_obj. Performance pays for 1st prize and the rest get less money. Cut the time horizon from start to finish for the piece work to 18-months. Spread the risk of total failure to zero.
They should never produce more than a page or two of specs, outside of the central task itself, because most everything will change when under production anyways. A project like this is big enough that apps became a thing, and fundamentally changed twice, in the lead-up to the actual work.
And all the little things they could control are just bikeshedding, best done by an impartial designer or by A/B tests.
They would need to hire software engineers and, quite frankly, most municipal governments aren't capable of adequately compensating these positions.
Of course they are, because they already are compensating them plus contract management overhead on both sides of the contracting arrangements (which are usually made even greater because they have different contractors for different phases of an effort), plus contractor profits.
Aside from simple corrupt motives (both by responsible managers involved in deals directly and higher-level politicians who favor inefficiency of kicking things off to industry because it buys support from the beneficiaries), this is done because it spreads the blame in the event of failure, which is seen by many involved as more important than maximizing likelihood of success or cost efficiency.
But citizens (well, at least those not corruptly benefitting) shouldn't tolerate that.
So it is in effect government mandatory at the moment. And pretty stupid and yes - hopefully illegal.
While there is a technical issue here, there is also a legal issue and a PR issue.
Government institutions have a duty of care and a duty to help to private individuals. Since they are apparently working _against_ people in this case, they are probably in breach of the law.
Description of relevant rules here (in Swedish). https://www.mfd.se/verktyg/lagar-och-regler-om-tillganglighe...
I strongly suggest that you file a formal complaint against the government agency. This is easy to do and you can do it here. https://www.jo.se/sv/JO-anmalan/
When you have filed the complaint: MAKE IT PUBLIC (hacker news follow up story, twitter, linkedin, etc). This is because there is a political dimension to this issue and if there is anything politicians care about, it's jobs (their own).
Good luck and keep us updated! I'm sure lots of people will be happy to spread a copy of the complaint around.
We just recently filed an appeal regarding getting access to the API documentation.
We have gotten a lot of PR in Sweden from the major news papers and tech press. So I think the pressure is building but if it is one thing Swedes are worried about is the appearance internationally. So help us getting this story to Wired, TechCrunch etc - that will make them crazy. We still live on the front page of Newsweek from 2000 - the capital of Internet. That might be true for the tech scene but definitely not the public sector.
We would rather concentrate our limited time and resources on making the product better instead of this crap but we have an amazing community that are helping us with both legal advice, artwork, communication, UX etc so we will continue the fight and will keep you updated here in Hacker News.
Thanks for all support so far!
Also keep in mind that the legal options and PR options are tightly coupled. Regardless of the outcome of any legal option (e.g. "JO anmälan"), the PR generated around it may itself lead to a change if it gets enough attention (e.g., Anna König Jerlmyr seems to be in charge of Stockholm municipality at the moment). Make it easy for them to get good PR and make it clear the other option is to get bad PR.
These questions are larger than this project. This is about how the government itself builds API:s. That's big.
They have the budget for it, that's sure. But more often than not the municipal workforce is heavily unionized and has paygrades that are below market rates.
That (the below market rates) is part of the setup to promote outsourcing. A heavily unionized workforce doesn't make it harder to for an organization to increase tech role pay to market rates if it wants to, it makes it fight harder to avoid to doing so.
The best solution would be for government IT to simply be competitive with the private sector for talent acquisition. That would probably mean that most senior software engineers will end-up being above the mayor's paygrade however.
No organization should expand outside its desired core competency. Specialization is for organizations. If you want competency you hire it as a consultant. If you need to check that consultant, hire another.
Hire one company to write the spec and the product. Hire two others, small firms, one in the problem space (tax, airlines, etc) to check the business requirements and one in the software space to make sure spec/dev/test processes are adequate.
> Can you imagine the headlines
Yes, 100% lies written by a bitter communist. Modern corporate media in a nutshell. But the government already took the brunt of that for screwing up earlier. The screwup you mention would be no worse. Partly because the news is hyperbolic and nobody believes it these days - every problem reported is the worst ever.
Your projects will never succeed this way, but you’ll have plenty of people to blame for the failures.
Which is why it's already common for government IT projects to use a close variant of this approach, but usually separating out requirement writing to a firm notionally expert at doing that in the problem space instead of having it checked by sich a firm.
We're discussing how it failed your way, so I'm not so sure you're presenting a better alternative.
The problem with your method is that two separate companies have deliverables that must be correct, whereas with mine only one does. And my way removes the back-and-forth which is a huge source of errors.
It's fundamentally impossible (absolutely, 100%) to write specs for a complex product before the product work begins.
So you can make it work your way, with a separate firm writing the specs, but you need to couple them with the dev firm and give up on the fantasy of up-front specs.
But that comes with its own problems and increased cost so imho you're better-off just letting one firm do it.
You mean the guaranteed-to-fail-but-spreads-blame method that I mentioned is common and closely related to your proposed method which shares those traits? Because that's neither “my way” nor something I recommend as an alternative.
> The problem with your method is that two separate companies have deliverables that must be correct,
No, only the final delivery company’s one must be correct. The preceding one influences the likelihood of that, of course, just like the extra domain-expert contractor brought in to validate the requirements in your proposal. (Who, if the agency for which work is being done is bringing them is as a requirement “validation” expert because it assessed that it can't do that, is effectively defining the actual requirements, even if nominally they are just validating the other firms work on behalf of the customer.
> It's fundamentally impossible (absolutely, 100%) to write specs for a complex product before the product work begins.
Yes, you seem to understand a key part of the basic problem, but then describe a rearranging-deck-chairs-on-the-Titanic solution that does nothing to address it.
> And my way removes the back-and-forth which is a huge source of errors.
No, it just changed to nominal role (but not really the functional role) of one of the three (customer, requirements crafter/validator, developer) parties to the back and forth.
My way is to recognize that if you are going to build and operate a complex IT-dependent business function, a prerequisite step to success is to own the IT capacity to govern the necessary system components, including their incremental development and adaptation to evolving business needs. And closely related to that is arrange the work into increments that (among other criteria) can be plausibly specced in advance but also where the setback isn't intolerable when an increment’s main output is information about where your understanding going into it was wrong.
Right, just become an IT organization. That's the simple answer nobody talks about.
This is a non-answer because even most companies that want to can't do this, and as a taxpayer I don't want my government developing IT excellency, I want bureaucrats doing their core task not writing specs. (When they leave the agency they could go to the business process consultancy I mention, where they monitor and advise the developers in tax questions and departmental process issues.)