Petition Launched To Get The White House To Open Source Healthcare.gov Code

from the should-have-done-it-before dept

After the disastrous technological launch of the healthcare.gov website, built by political cronies rather than companies who understand the internet, there has been plenty of discussion as to why the code wasn’t open sourced. At that link, there’s a good discussion from On the Media, with Paul Ford, discussing what a big mistake it was that the government decided not to open source the code and be much more transparent about the process. It discusses the usual attacks on open source and why they almost certainly don’t apply to this situation.

And, now, a “We the People…” petition has been launched, asking the White House to open source the code to Healthcare.gov:


Release to the open source community the source code to healthcare.gov, specifically all code written by CGI Federal.

It is believed that the enrollment issues with healthcare.gov are likely due to poor coding practices in components that are unavailable to the world’s development community to evaluate. Code funded by taxpaying citizens should be made available to the general public as government funded development is generally public domain software. Please release the code so we may help fix any found issues.

Of course, there are a few issues with this. First of all, while things created by government employees is automatically public domain, works created by contractors is not. So while conceptually we can argue that the code should be open sourced, it’s not required by law. Second, and more importantly, it’s a lot harder to take proprietary code and then release it as open source, than it is to build code from the ground up to be open source (and it’s even more difficult to make sure that code is actually useful for anything). Indeed, if the code had been open sourced from the beginning, perhaps they wouldn’t make embarrassing mistakes like violating other open source licenses.

By this point, open sourcing the code isn’t going to fix things, but if more attention is put on the issue of closed vs. open code in government projects, hopefully it means that government officials will recognize that it should be open source from the beginning for the next big government web project.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Petition Launched To Get The White House To Open Source Healthcare.gov Code”

Subscribe: RSS Leave a comment
31 Comments
Anonymous Howardsays:

Re: Re:

This is false.
M$ is a private corporation, they can do what they want with their code.
Healthcare.gov was funded by taxpayer money, so the government should at least included an open source requirement in the contract, but more likely own the codebase. I work for an software developer company, and the code I write is owned by the client (it’s actually stored on their servers), with no problems.

kenichi tanakasays:

It doesn’t matter. To release that code would make the government’s website vulnerable to attack. It’s like saying to Obama to reveal what stocks, bonds and other investment securities that the Federal Reserve has invested in, by using taxpayer dollars.

It’s also like trying to demand that the government reveal it’s NSA spy program … they simply aren’t going to reveal that information.

My guess? Either the White House will ignore the petition (i.e., no response), they’ll remove the petition, or issue the standard denials.

James Burkhardtsays:

Re: Re:

If the network uses industry best security practices, Open Source code is no more vulnerable then closed source. Researchers can find the same loopholes attackers find, and open source makes it easier for both sides.

Details the sectors the Federal Reserve invests in ARE public knowlege, you jest have to read the financial statements, the notes to which are more dry then the US Penal code.

General information on the types of spying we do is normally public knowlege. Everyone knew the CIA could wiretap email providers, everyone knows you can wiretap cell phones. We didn’t know how easily they could do it (very) and who they were wiretapping (everyone). But we knew they could. So even amongst spy programs, transparancy can be better.

The source code for a website is not crititcal to the national infrastructure. And given the coleslaw that is that code, the only reason to hide it is to hide how much hack that code actually is.

Anonymoussays:

Re: Re:

To release that code would make the government’s website vulnerable to attack.

There’s no nice way to say this, so: this is complete, utter, ridiculous bullshit. It demonstrates a nearly-complete misunderstanding of how security works in the real world. You are BADLY in need of remedial education in the fundamentals of IT security, and I suggest that you immediately avail yourself of the resources necessary to raise your comprehension level at least to that of “novice”.

boomslangsays:

Re: Re:

James, you did a very good job of explaining this. Anon, you did a very good job of making me chuckle this morning.

The healthcare.gov site doesn’t concern foreign enemies, or anything like that. It’s purely domestic, and the petition comes from American citizens willing to VOLUNTEER their time to help fix website problems.

madasahattersays:

Re: Re:

Doubtful it makes security worse. With proprietary code there is no easy method for an outsider to write and submit a patch for a security problem. While with open source code, an outsider could write and submit a patch. Open source code potentially gains interested outside developers beyond the resources of the sponsor. Hackers want patches to be slow to develop and push out to users. The weakness of proprietary code is the sponsor can only dedicate some much staff and resources to patching.

The rest of the web runs on Open Source

A large percentage of the Internet runs on Apache, WordPress, Joomla and other Open Source software. No reason to thing that releasing the source would cause security issues unless the code itself is really bad.

I’m sure this request will be ignored, which is sad because this administration was initially elected on promises of openness and transparency.

Anonymoussays:

Re: Re: The rest of the web runs on Open Source

You’re correct, but a more accurate statement would be that the entire Internet is BUILT on open source software, implementing open protocols, using open formats, based on open standards.

It’s always been this way — anyone who has studied the history of the Internet (and ARPAnet) (and CSnet) (and Usenet) knows this. So do those of us who lived it. What you’re doing right now online would not exist were it not for the things I listed in the first paragraph.

There is an old — but still highly relevant — explanation of this here: http://www.netaction.org/articles/freesoft.htm

What that author said, 15 years ago, is even more true today. Closed software/protocols/formats/standards are of no importance to the Internet and may safely be immediately dismissed with prejudice, as may anyone advocating them. Moreover, that author’s points understated the situation even then, and of course today they are massive underestimates of the state of affairs: open-source rules, and only inferior, primitive, backward-thinking people use closed-source software.

AnonTeesays:

Re: Re: Re: Re: The rest of the web runs on Open Source

Really interesting intervention into Masnick’s argument; the Internet is purposed via open source actions and so open source attitudes and amendments makes for a compelling argument, if only sociophilosophically.

I am wondering about the ways in which the HTTP framework gets structured predominantly by corporate enterprise. Perhaps an issue of my ignorance, but I understand that the Internet is much ‘deep’er than the majority of us experience (vis-a-vis Google, Microsoft, Facebook, Twitter, etc). If it is the case that the Internet is much deeper, and that it was perhaps organized later by corporate manipulation, is this not a counter argument to your intervention about an open source genealogy inviting open source solutions?

Again, I am not familiar on the debate between the depth of the Internet, and how it is controlled through private sector enterprises. I am assuming here that somehow the HTTP framework (?) has come under the purview of corporations and governments, and so open source struggles as a basis for performance and intervention.

Any thoughts are very much appreciated.

jacknsays:

Re: Re: The rest of the web runs on Open Source

Funny, I wonder why WordPress, joomla and other open source products are successfully attacked so often. There is the way things should be and then there is reality.

Reality, releasing code wille expose vulnerabilities that will exist until fixed.

Seems like we got some non-practitioners commenting from their ps3.

Anonymoussays:

Re: Re: Re: Re: The rest of the web runs on Open Source

Ah, another person badly in need of remedial education. Apparently your simplistic and erroneous cognitive model of security doesn’t take into account the complexities of attack and defense. Like I did to the other appallingly clueless person upthread, I suggest that you invest some time in learning the fundamentals of security so that you have at least enough rudimentary understanding to participate in these discussions.

Seems like we got some non-practitioners commenting from their ps3.

30+ years of experience, including installing the firewalls for multiple Fortune 100 companies, and I’m writing this from OpenBSD. Nice try.

Anonymoussays:

Re: Re: Re: Re: The rest of the web runs on Open Source

“Reality, releasing code wille expose vulnerabilities that will exist until fixed. Seems like we got some non-practitioners commenting from their ps3.”

Funny that you bring the subject of hacking and Sony up at the same time:

https://en.wikipedia.org/wiki/PlayStation_Network_outage

Incidentally, where can I get the source code for the PlayStation Network?

But kidding aside, both closed source and open source software are equally vulnerable to attack.

The difference is that in the open-source world, once a bug is found, it is often quickly fixed, even in a matter of minutes some times. In the closed-source world, that is not so. Just look at how terribly Oracle or Microsoft handle software updates: Oracle is negligent, holding back java updates even where there are already exploits in the wild, and Microsoft is incompetent, often releasing updates that wreck people’s machines (see the deployment of Windows 8.1 for the latests failure).

Also, in the open-source world, if someone introduces some sort of suspicious bit of code, that code is more likely to get caught before it even makes it into any production environment by virtue of the code being scrutinized by many people. Compare that with closed-source code, where code can have all sorts of backdoors and you will never know about it until someone hacks you. For and example of this, see the most recent D-link router fiasco, where they found that D-link routers had an unpatched backdoor for over 5 years.

Open-source is not a silver bullet, but anyone that claims that open-source is inherently less secure is being ignorant at best, and FUDing at worst.

Christophersays:

Contract for hire is whatever the hiring agent says it is.

“First of all, while things created by government employees is automatically public domain, works created by contractors is not.”.

If I contract you to work for me, and all rights are assigned to me as “work for hire”, you don’t have copyright. I do. And if I release that source, then tough cookies. Sure, it’s not automatic, but “works for hire” exists.

-C

madasahattersays:

Re: Re: The more you add to a project the later it becomes

“It’s too late to open source it, it’s too late to send in a surge of more tech people.”

Actually its not to late open source the code. Whether the code is open source or not is primarily now a political decision.

The problem is the tech surge will likely slow down process because the new people will need time to read and understand the code they have never seen before. Plus they have to be briefed on what the problems are, again more time needed.

Anonymoussays:

Probably too late, need to start over

With as bad as the site is performing, I would guess that the code base can’t be easily fixed. The problems are probably systemic. It might be best to scrap the current incarnation, get their money back, and get Google or some other modern, web pure-play to build a reliable, scalable, performant system.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow