Public Interview for Stripe's Increment Magazine

Hi Audrey,

Thank you very much for your kind response and for inviting me to a public interview here.

The questions below are for the upcoming feature in Stripe Inc.'s engineering magazine, Increment, on Taiwan’s open government platform and the underlying technology that powers it,

  1. You’d mentioned in your OpenExpo talk that when the new government came into power, then-Premier Chang San-cheng and his cabinet mandated that all government data be made open, while preserving privacy and national security. I would love to understand the historic context for the move to an open digital government: Was this mandate considered unusual at the time?

  2. What were the early considerations that you had, as Digital Minister, for building a digital platform that would be powerful, secure, and pliable enough to facilitate open government?

  3. I believe in 2014 you had contributed to Sandstorm’s crowdfunding campaign and written an app for their open source library, EtherCalc, that you still maintain. What drew you to the Sandstorm product back then?

  4. Sandstorm containerises its web apps based on data, rather than microservices, into ‘grains’. What was the significance of this form of containerisation for you, while you were deciding to implement it for the purpose of an open government platform?

  5. Sandstorm uses a capability-based security model. What was the significance of Sandstorm’s choice of security model, along with the Powerbox feature that is based on it, for use by the Taiwanese government? Does this security model facilitate easier sharing of information both within the government and with the public?

  6. I believe that your office liaises with participation officers from every ministry in the government to help them adopt and learn Sandstorm’s apps. What has been a challenge and a learning from aiding adoption of digital tools across the government?

  7. With the self-hosted Sandstorm platform, any public servant can write an app for the internal app library. How has Sandstorm itself evolved in the years it has been in use for the open government platform?

  8., which is used for both vTaiwan and Join, has been a critical part of the open government system. In 2017, work needed to be done to enable integration between and Sandstorm. I would like to understand more about this: How did need to be implemented such that it worked atop Sandstorm to meet the open government platforms needs?

  9. Is there an example that illustrates how Sandstorm was key to the open government in recent times, say during the pandemic?

  10. You have previously said that technology, including tools such as and Sandstorm, are part of democracy, and that there is “incentive for governments to fund infrastructure work, because now it’s part of democracy infrastructure, not just IT infrastructure.” I’m fascinated by this. From the work you’ve done in developing and evolving this open government platform over the last few years, what is the role you believe technological tools such as these play in democracy? How, as technologists, can we work toward a more democratic future?

  11. And finally, is there anything pertaining to technology, Sandstorm, or the open government platform we’ve not touched on in our asynchronous conversation yet but you think I ought to know?

Thank you very much for your time and patience!

My best wishes,
Ipsita Agarwal

  1. The policy is quite comprehensive as a direct response to the post-Sunflower-movement popular demand for transparent accountability.

  2. Inclusive participation is a focus, where best-of-breed civic tech can be incorporated as gov tech with minimal effort while safeguarding privacy and cybersecurity.

  3. Its strong cybersecurity guarantees to citizen developers.

  4. I’ll quote the Devcore team here:

Through this pentesting experience, we consider Sandstorm a safe platform with outstanding security mechanisms. This is mainly attributed to its fundamental design rationale: to assume that every app installed is malicious.

With this vigilant assumption, Sandstorm’s defence mechanisms for the core system become comprehensive and watertight. Apart from the server-side protection, some common client-side attacks (such as XSS, CSRF) are handled properly by Sandstorm’s unique countermeasures, such as host name randomization.

That is, it is very difficult for attackers to sabotage the server by simply manipulating the apps, and so does privilege escalation through attacking at the client-side.

  1. It fosters purpose-based, horizontal sharing of individual documents across ministries and agencies, especially in scenarios where an ACL model would create silos by default.

  2. Localization was the main challenge initially, which was resolved with help from contributors in the g0v community.

  3. The incorporation of new civic tech tools enriched the app ecosystem, for example CodiMD proved to be quite popular and regularly used in our open government work.

  4. With the backend and reports UI of becoming Free Software, we now host our own instance at, with single-sign-on provided by the citizen-facing instead of through Sandstorm. This is because our use cases are open-to-all-citizens instead of through capability sharing.

  5. This is like asking “is there an example that illustrates how HTTPS was key to open government” – as an essential public infrastructure, Sandstorm underlies a lot of our day-to-day work, for example collaborative editing of transcript on SayIt with more than 6000 co-editors.

  6. The values of transparent accountability and inclusive participation guide our work, which I’ve shared with Microsoft’s Senior Leadership Team recently.

  7. The Open Government National Action Plan (2021-2024) has been ratified this January – we are working on the English translation which should be available in March.

Hi Audrey,

Thank you very much for your responses! I had a couple of minor follow-up questions:

  1. Could you tell me more about the challenge of localization of the Sandstorm software?

  2. How did contributors from the g0v community help mitigate this challenge?

My best,

  1. This interface language detection logic issue came to mind. Sandstorm adds an extra interface to existing web-based systems of varying localization expectations, so consistency of localized experience is an extra challenge.

  2. Caasi Huang (@caasi), a long time contributor to g0v projects including the MoeDict, contributed significantly in 2017. This PR has the play-by-play details.