> If you don’t own your servers, your keys, and your contracts, you don’t own your data, no matter how “open” the stack is.

Quite true, but the choice is nearly never between an agency letting someone else own the data and owning it themselves. The idea of switching in one fell swoop from a labyrinth of duplicative, proprietary SaaS/hosted systems to self-managed open source is a fantasy for all agencies. Even if we take that as the goal (not necessarily something I agree with), nobody can get there in a single migration/political season/anything short of years.

Rather, the near-term choice is between who and how many parties own the data. Do you work with a stack of midsize cloud resellers, each of which has questionable quality and a lot of experience maximizing government revenue via advantageous connections and contracts? Or do you work with one of the hyperscaler clouds--higher quality, less specifically designed to exploit gov (I said less, GovCloud, now get your hands out of my wallet!), slightly more friendly to "build what you want how you want" approaches?

Neither of those approaches lets you take ownership of your servers/data/contracts fully. But the latter moves you closer to that ideal; the former does not.

I disagree that you can’t own something that isn’t physically controlled by you. Almost all of us have money which is not kept on our persons or property, in banks and investments. I think people would be outraged if someone told them it belonged to the bank.

What’s really important is the laws and regulations governing ownership. Ownership in a modern society is nearly entirely a legal construct. Ownership of data shouldn’t be any different.

Totally agree (but I may be biased :-) )