Petition Launched To Get The White House To Open Source Healthcare.gov Code
from the should-have-done-it-before dept
After the disastrous technological launch of the healthcare.gov website, built by political cronies rather than companies who understand the internet, there has been plenty of discussion as to why the code wasn’t open sourced. At that link, there’s a good discussion from On the Media, with Paul Ford, discussing what a big mistake it was that the government decided not to open source the code and be much more transparent about the process. It discusses the usual attacks on open source and why they almost certainly don’t apply to this situation.
And, now, a “We the People…” petition has been launched, asking the White House to open source the code to Healthcare.gov:
Release to the open source community the source code to healthcare.gov, specifically all code written by CGI Federal.
It is believed that the enrollment issues with healthcare.gov are likely due to poor coding practices in components that are unavailable to the world’s development community to evaluate. Code funded by taxpaying citizens should be made available to the general public as government funded development is generally public domain software. Please release the code so we may help fix any found issues.
Of course, there are a few issues with this. First of all, while things created by government employees is automatically public domain, works created by contractors is not. So while conceptually we can argue that the code should be open sourced, it’s not required by law. Second, and more importantly, it’s a lot harder to take proprietary code and then release it as open source, than it is to build code from the ground up to be open source (and it’s even more difficult to make sure that code is actually useful for anything). Indeed, if the code had been open sourced from the beginning, perhaps they wouldn’t make embarrassing mistakes like violating other open source licenses.
By this point, open sourcing the code isn’t going to fix things, but if more attention is put on the issue of closed vs. open code in government projects, hopefully it means that government officials will recognize that it should be open source from the beginning for the next big government web project.
Filed Under: healthcare.gov, open source, white house
Comments on “Petition Launched To Get The White House To Open Source Healthcare.gov Code”
Instead of petitions the open source community should just deploy a mock up version of it and put a big honking banner, “THIS IS HOW IT IS DONE MR. PRESIDENT”
https://en.wikipedia.org/wiki/GT.M
https://opensource.com/health/12/2/join-m-revolution
Sorry forgot the MUMPS.
Hate to say it but there is no way this will ever happen. This is like asking Microsoft to reveal it’s source code to Windows. Unless the healthcare.gov site was built on open source software, they will never release that code and I wouldn’t expect them to.
Re: Re:
This is false.
M$ is a private corporation, they can do what they want with their code.
Healthcare.gov was funded by taxpayer money, so the government should at least included an open source requirement in the contract, but more likely own the codebase. I work for an software developer company, and the code I write is owned by the client (it’s actually stored on their servers), with no problems.
Re: Re: Re:
We assume the contracts transfer the copyrights and other IP to the government. If so, then the it can be opened source if the government wants.
Re: Re: Re: Re:
Then it’s even less like Microsoft revealing their source code.
Re: Wow, you ain't paying attention Was Re:
Unless the healthcare.gov site was built on open source software,
Parts were because 3 days ago on this very website it was noted that GPLed/BSDed code was used and had the copyright notice removed.
It doesn’t matter. To release that code would make the government’s website vulnerable to attack. It’s like saying to Obama to reveal what stocks, bonds and other investment securities that the Federal Reserve has invested in, by using taxpayer dollars.
It’s also like trying to demand that the government reveal it’s NSA spy program … they simply aren’t going to reveal that information.
My guess? Either the White House will ignore the petition (i.e., no response), they’ll remove the petition, or issue the standard denials.
Re: Re:
Did you say it is not now?
LoL
Re: Re:
If the network uses industry best security practices, Open Source code is no more vulnerable then closed source. Researchers can find the same loopholes attackers find, and open source makes it easier for both sides.
Details the sectors the Federal Reserve invests in ARE public knowlege, you jest have to read the financial statements, the notes to which are more dry then the US Penal code.
General information on the types of spying we do is normally public knowlege. Everyone knew the CIA could wiretap email providers, everyone knows you can wiretap cell phones. We didn’t know how easily they could do it (very) and who they were wiretapping (everyone). But we knew they could. So even amongst spy programs, transparancy can be better.
The source code for a website is not crititcal to the national infrastructure. And given the coleslaw that is that code, the only reason to hide it is to hide how much hack that code actually is.
Re: Re:
To release that code would make the government’s website vulnerable to attack.
There’s no nice way to say this, so: this is complete, utter, ridiculous bullshit. It demonstrates a nearly-complete misunderstanding of how security works in the real world. You are BADLY in need of remedial education in the fundamentals of IT security, and I suggest that you immediately avail yourself of the resources necessary to raise your comprehension level at least to that of “novice”.
Re: Re:
James, you did a very good job of explaining this. Anon, you did a very good job of making me chuckle this morning.
The healthcare.gov site doesn’t concern foreign enemies, or anything like that. It’s purely domestic, and the petition comes from American citizens willing to VOLUNTEER their time to help fix website problems.
Re: Re:
Doubtful it makes security worse. With proprietary code there is no easy method for an outsider to write and submit a patch for a security problem. While with open source code, an outsider could write and submit a patch. Open source code potentially gains interested outside developers beyond the resources of the sponsor. Hackers want patches to be slow to develop and push out to users. The weakness of proprietary code is the sponsor can only dedicate some much staff and resources to patching.
Re: Re:
As others told you already:
“To release that code would make the government’s website vulnerable to attack”
Security flaws make the website vulnerable. Releasing the code would only make it public.
Familiarize yourself with the term Security through obscurity
Those petitions are useless: they are ignored or reset.
Just want to see it...
I just want to see the healthcare.gov website code so that I can actually see how bad it is written.. It’s important to learn from others’ mistakes. I bet you there’s some really funny inefficient code in there!
The rest of the web runs on Open Source
A large percentage of the Internet runs on Apache, WordPress, Joomla and other Open Source software. No reason to thing that releasing the source would cause security issues unless the code itself is really bad.
I’m sure this request will be ignored, which is sad because this administration was initially elected on promises of openness and transparency.
Re: The rest of the web runs on Open Source
You’re correct, but a more accurate statement would be that the entire Internet is BUILT on open source software, implementing open protocols, using open formats, based on open standards.
It’s always been this way — anyone who has studied the history of the Internet (and ARPAnet) (and CSnet) (and Usenet) knows this. So do those of us who lived it. What you’re doing right now online would not exist were it not for the things I listed in the first paragraph.
There is an old — but still highly relevant — explanation of this here: http://www.netaction.org/articles/freesoft.htm
What that author said, 15 years ago, is even more true today. Closed software/protocols/formats/standards are of no importance to the Internet and may safely be immediately dismissed with prejudice, as may anyone advocating them. Moreover, that author’s points understated the situation even then, and of course today they are massive underestimates of the state of affairs: open-source rules, and only inferior, primitive, backward-thinking people use closed-source software.
Re: Re: The rest of the web runs on Open Source
Really interesting intervention into Masnick’s argument; the Internet is purposed via open source actions and so open source attitudes and amendments makes for a compelling argument, if only sociophilosophically.
I am wondering about the ways in which the HTTP framework gets structured predominantly by corporate enterprise. Perhaps an issue of my ignorance, but I understand that the Internet is much ‘deep’er than the majority of us experience (vis-a-vis Google, Microsoft, Facebook, Twitter, etc). If it is the case that the Internet is much deeper, and that it was perhaps organized later by corporate manipulation, is this not a counter argument to your intervention about an open source genealogy inviting open source solutions?
Again, I am not familiar on the debate between the depth of the Internet, and how it is controlled through private sector enterprises. I am assuming here that somehow the HTTP framework (?) has come under the purview of corporations and governments, and so open source struggles as a basis for performance and intervention.
Any thoughts are very much appreciated.
Re: The rest of the web runs on Open Source
Funny, I wonder why WordPress, joomla and other open source products are successfully attacked so often. There is the way things should be and then there is reality.
Reality, releasing code wille expose vulnerabilities that will exist until fixed.
Seems like we got some non-practitioners commenting from their ps3.
Re: Re: The rest of the web runs on Open Source
Ah, another person badly in need of remedial education. Apparently your simplistic and erroneous cognitive model of security doesn’t take into account the complexities of attack and defense. Like I did to the other appallingly clueless person upthread, I suggest that you invest some time in learning the fundamentals of security so that you have at least enough rudimentary understanding to participate in these discussions.
Seems like we got some non-practitioners commenting from their ps3.
30+ years of experience, including installing the firewalls for multiple Fortune 100 companies, and I’m writing this from OpenBSD. Nice try.
Re: Re: Re: The rest of the web runs on Open Source
I thought PS3’s ran BSD? Just kidding, I agree with you, OpenBSD-running Anon.
Re: Re: Re: The rest of the web runs on Open Source
You need to present a real argument, not just attack the person and then appeal to authority.
Nice try again, keep at it. When you are at 40+ years of installing firewalls, maybe you will qualify for some vocational training.
Re: Re: The rest of the web runs on Open Source
“Reality, releasing code wille expose vulnerabilities that will exist until fixed. Seems like we got some non-practitioners commenting from their ps3.”
Funny that you bring the subject of hacking and Sony up at the same time:
https://en.wikipedia.org/wiki/PlayStation_Network_outage
Incidentally, where can I get the source code for the PlayStation Network?
But kidding aside, both closed source and open source software are equally vulnerable to attack.
The difference is that in the open-source world, once a bug is found, it is often quickly fixed, even in a matter of minutes some times. In the closed-source world, that is not so. Just look at how terribly Oracle or Microsoft handle software updates: Oracle is negligent, holding back java updates even where there are already exploits in the wild, and Microsoft is incompetent, often releasing updates that wreck people’s machines (see the deployment of Windows 8.1 for the latests failure).
Also, in the open-source world, if someone introduces some sort of suspicious bit of code, that code is more likely to get caught before it even makes it into any production environment by virtue of the code being scrutinized by many people. Compare that with closed-source code, where code can have all sorts of backdoors and you will never know about it until someone hacks you. For and example of this, see the most recent D-link router fiasco, where they found that D-link routers had an unpatched backdoor for over 5 years.
Open-source is not a silver bullet, but anyone that claims that open-source is inherently less secure is being ignorant at best, and FUDing at worst.
I wanted to change the world
But I couldn’t find the source code.
Contract for hire is whatever the hiring agent says it is.
“First of all, while things created by government employees is automatically public domain, works created by contractors is not.”.
If I contract you to work for me, and all rights are assigned to me as “work for hire”, you don’t have copyright. I do. And if I release that source, then tough cookies. Sure, it’s not automatic, but “works for hire” exists.
-C
The more you add to a project the later it becomes
There’s a rule in software development, the more people you add to a late project, the later the project becomes.
It’s too late to open source it, it’s too late to send in a surge of more tech people.
Re: The more you add to a project the later it becomes
“It’s too late to open source it, it’s too late to send in a surge of more tech people.”
Actually its not to late open source the code. Whether the code is open source or not is primarily now a political decision.
The problem is the tech surge will likely slow down process because the new people will need time to read and understand the code they have never seen before. Plus they have to be briefed on what the problems are, again more time needed.
The president and all of the government don’t give a shit about online petitions. They’re the equivalent to a suggestion box / like this on facebook if you agree.
Probably too late, need to start over
With as bad as the site is performing, I would guess that the code base can’t be easily fixed. The problems are probably systemic. It might be best to scrap the current incarnation, get their money back, and get Google or some other modern, web pure-play to build a reliable, scalable, performant system.
They need to keep it closed source to hide the NSA backdoors.