Petition Launched To Get The White House To Open Source Healthcare.gov Code

from the should-have-done-it-before dept

After the disastrous technological launch of the healthcare.gov website, built by political cronies rather than companies who understand the internet, there has been plenty of discussion as to why the code wasn't open sourced. At that link, there's a good discussion from On the Media, with Paul Ford, discussing what a big mistake it was that the government decided not to open source the code and be much more transparent about the process. It discusses the usual attacks on open source and why they almost certainly don't apply to this situation.

And, now, a "We the People..." petition has been launched, asking the White House to open source the code to Healthcare.gov:
Release to the open source community the source code to healthcare.gov, specifically all code written by CGI Federal.

It is believed that the enrollment issues with healthcare.gov are likely due to poor coding practices in components that are unavailable to the world's development community to evaluate. Code funded by taxpaying citizens should be made available to the general public as government funded development is generally public domain software. Please release the code so we may help fix any found issues.
Of course, there are a few issues with this. First of all, while things created by government employees is automatically public domain, works created by contractors is not. So while conceptually we can argue that the code should be open sourced, it's not required by law. Second, and more importantly, it's a lot harder to take proprietary code and then release it as open source, than it is to build code from the ground up to be open source (and it's even more difficult to make sure that code is actually useful for anything). Indeed, if the code had been open sourced from the beginning, perhaps they wouldn't make embarrassing mistakes like violating other open source licenses.

By this point, open sourcing the code isn't going to fix things, but if more attention is put on the issue of closed vs. open code in government projects, hopefully it means that government officials will recognize that it should be open source from the beginning for the next big government web project.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: healthcare.gov, open source, white house


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 21 Oct 2013 @ 11:01pm

    Instead of petitions the open source community should just deploy a mock up version of it and put a big honking banner, "THIS IS HOW IT IS DONE MR. PRESIDENT"

    https://en.wikipedia.org/wiki/GT.M
    https://opensource.com/health/12/2/join-m-revolution

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 21 Oct 2013 @ 11:04pm

    Sorry forgot the MUMPS.

    link to this | view in thread ]

  3. icon
    kenichi tanaka (profile), 21 Oct 2013 @ 11:24pm

    Hate to say it but there is no way this will ever happen. This is like asking Microsoft to reveal it's source code to Windows. Unless the healthcare.gov site was built on open source software, they will never release that code and I wouldn't expect them to.

    link to this | view in thread ]

  4. icon
    Anonymous Howard (profile), 22 Oct 2013 @ 12:24am

    Re:

    This is false.
    M$ is a private corporation, they can do what they want with their code.
    Healthcare.gov was funded by taxpayer money, so the government should at least included an open source requirement in the contract, but more likely own the codebase. I work for an software developer company, and the code I write is owned by the client (it's actually stored on their servers), with no problems.

    link to this | view in thread ]

  5. icon
    kenichi tanaka (profile), 22 Oct 2013 @ 12:45am

    It doesn't matter. To release that code would make the government's website vulnerable to attack. It's like saying to Obama to reveal what stocks, bonds and other investment securities that the Federal Reserve has invested in, by using taxpayer dollars.

    It's also like trying to demand that the government reveal it's NSA spy program ... they simply aren't going to reveal that information.

    My guess? Either the White House will ignore the petition (i.e., no response), they'll remove the petition, or issue the standard denials.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 22 Oct 2013 @ 12:56am

    Re:

    Did you say it is not now?

    LoL

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 22 Oct 2013 @ 1:22am

    Those petitions are useless: they are ignored or reset.

    link to this | view in thread ]

  8. icon
    James Burkhardt (profile), 22 Oct 2013 @ 1:44am

    Re:

    If the network uses industry best security practices, Open Source code is no more vulnerable then closed source. Researchers can find the same loopholes attackers find, and open source makes it easier for both sides.

    Details the sectors the Federal Reserve invests in ARE public knowlege, you jest have to read the financial statements, the notes to which are more dry then the US Penal code.

    General information on the types of spying we do is normally public knowlege. Everyone knew the CIA could wiretap email providers, everyone knows you can wiretap cell phones. We didn't know how easily they could do it (very) and who they were wiretapping (everyone). But we knew they could. So even amongst spy programs, transparancy can be better.

    The source code for a website is not crititcal to the national infrastructure. And given the coleslaw that is that code, the only reason to hide it is to hide how much hack that code actually is.

    link to this | view in thread ]

  9. identicon
    STeve, 22 Oct 2013 @ 5:12am

    Just want to see it...

    I just want to see the healthcare.gov website code so that I can actually see how bad it is written.. It's important to learn from others' mistakes. I bet you there's some really funny inefficient code in there!

    link to this | view in thread ]

  10. identicon
    Dan Matthews, 22 Oct 2013 @ 5:47am

    The rest of the web runs on Open Source

    A large percentage of the Internet runs on Apache, WordPress, Joomla and other Open Source software. No reason to thing that releasing the source would cause security issues unless the code itself is really bad.

    I'm sure this request will be ignored, which is sad because this administration was initially elected on promises of openness and transparency.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 22 Oct 2013 @ 5:55am

    Re:

    To release that code would make the government's website vulnerable to attack.

    There's no nice way to say this, so: this is complete, utter, ridiculous bullshit. It demonstrates a nearly-complete misunderstanding of how security works in the real world. You are BADLY in need of remedial education in the fundamentals of IT security, and I suggest that you immediately avail yourself of the resources necessary to raise your comprehension level at least to that of "novice".

    link to this | view in thread ]

  12. icon
    RyanNerd (profile), 22 Oct 2013 @ 6:00am

    I wanted to change the world

    But I couldn't find the source code.

    link to this | view in thread ]

  13. identicon
    boomslang, 22 Oct 2013 @ 6:16am

    Re:

    James, you did a very good job of explaining this. Anon, you did a very good job of making me chuckle this morning.

    The healthcare.gov site doesn't concern foreign enemies, or anything like that. It's purely domestic, and the petition comes from American citizens willing to VOLUNTEER their time to help fix website problems.

    link to this | view in thread ]

  14. icon
    Christopher (profile), 22 Oct 2013 @ 6:39am

    Contract for hire is whatever the hiring agent says it is.

    "First of all, while things created by government employees is automatically public domain, works created by contractors is not.".

    If I contract you to work for me, and all rights are assigned to me as "work for hire", you don't have copyright. I do. And if I release that source, then tough cookies. Sure, it's not automatic, but "works for hire" exists.

    -C

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 22 Oct 2013 @ 6:51am

    Re: The rest of the web runs on Open Source

    You're correct, but a more accurate statement would be that the entire Internet is BUILT on open source software, implementing open protocols, using open formats, based on open standards.

    It's always been this way -- anyone who has studied the history of the Internet (and ARPAnet) (and CSnet) (and Usenet) knows this. So do those of us who lived it. What you're doing right now online would not exist were it not for the things I listed in the first paragraph.

    There is an old -- but still highly relevant -- explanation of this here: http://www.netaction.org/articles/freesoft.htm

    What that author said, 15 years ago, is even more true today. Closed software/protocols/formats/standards are of no importance to the Internet and may safely be immediately dismissed with prejudice, as may anyone advocating them. Moreover, that author's points understated the situation even then, and of course today they are massive underestimates of the state of affairs: open-source rules, and only inferior, primitive, backward-thinking people use closed-source software.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 22 Oct 2013 @ 6:53am

    The more you add to a project the later it becomes

    There's a rule in software development, the more people you add to a late project, the later the project becomes.

    It's too late to open source it, it's too late to send in a surge of more tech people.

    link to this | view in thread ]

  17. icon
    madasahatter (profile), 22 Oct 2013 @ 6:54am

    Re: Re:

    We assume the contracts transfer the copyrights and other IP to the government. If so, then the it can be opened source if the government wants.

    link to this | view in thread ]

  18. icon
    madasahatter (profile), 22 Oct 2013 @ 6:59am

    Re:

    Doubtful it makes security worse. With proprietary code there is no easy method for an outsider to write and submit a patch for a security problem. While with open source code, an outsider could write and submit a patch. Open source code potentially gains interested outside developers beyond the resources of the sponsor. Hackers want patches to be slow to develop and push out to users. The weakness of proprietary code is the sponsor can only dedicate some much staff and resources to patching.

    link to this | view in thread ]

  19. icon
    madasahatter (profile), 22 Oct 2013 @ 7:07am

    Re: The more you add to a project the later it becomes

    "It's too late to open source it, it's too late to send in a surge of more tech people."

    Actually its not to late open source the code. Whether the code is open source or not is primarily now a political decision.

    The problem is the tech surge will likely slow down process because the new people will need time to read and understand the code they have never seen before. Plus they have to be briefed on what the problems are, again more time needed.

    link to this | view in thread ]

  20. icon
    Anonymous Howard (profile), 22 Oct 2013 @ 7:16am

    Re: Re: Re:

    Then it's even less like Microsoft revealing their source code.

    link to this | view in thread ]

  21. icon
    Anonymous Howard (profile), 22 Oct 2013 @ 7:26am

    Re:

    As others told you already:

    "To release that code would make the government's website vulnerable to attack"

    Security flaws make the website vulnerable. Releasing the code would only make it public.
    Familiarize yourself with the term Security through obscurity

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 22 Oct 2013 @ 7:28am

    The president and all of the government don't give a shit about online petitions. They're the equivalent to a suggestion box / like this on facebook if you agree.

    link to this | view in thread ]

  23. identicon
    alternatives(), 22 Oct 2013 @ 8:04am

    Wow, you ain't paying attention Was Re:

    Unless the healthcare.gov site was built on open source software,

    Parts were because 3 days ago on this very website it was noted that GPLed/BSDed code was used and had the copyright notice removed.

    link to this | view in thread ]

  24. identicon
    jackn, 22 Oct 2013 @ 8:08am

    Re: The rest of the web runs on Open Source

    Funny, I wonder why Wordpress, joomla and other open source products are successfully attacked so often. There is the way things should be and then there is reality.

    Reality, releasing code wille expose vulnerabilities that will exist until fixed.

    Seems like we got some non-practitioners commenting from their ps3.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 22 Oct 2013 @ 8:32am

    Re: Re: The rest of the web runs on Open Source

    Ah, another person badly in need of remedial education. Apparently your simplistic and erroneous cognitive model of security doesn't take into account the complexities of attack and defense. Like I did to the other appallingly clueless person upthread, I suggest that you invest some time in learning the fundamentals of security so that you have at least enough rudimentary understanding to participate in these discussions.

    Seems like we got some non-practitioners commenting from their ps3.

    30+ years of experience, including installing the firewalls for multiple Fortune 100 companies, and I'm writing this from OpenBSD. Nice try.

    link to this | view in thread ]

  26. identicon
    boomslang, 22 Oct 2013 @ 8:36am

    Re: Re: Re: The rest of the web runs on Open Source

    I thought PS3's ran BSD? Just kidding, I agree with you, OpenBSD-running Anon.

    link to this | view in thread ]

  27. identicon
    jackn, 22 Oct 2013 @ 8:44am

    Re: Re: Re: The rest of the web runs on Open Source

    You need to present a real argument, not just attack the person and then appeal to authority.

    Nice try again, keep at it. When you are at 40+ years of installing firewalls, maybe you will qualify for some vocational training.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 22 Oct 2013 @ 8:56am

    Re: Re: The rest of the web runs on Open Source

    "Reality, releasing code wille expose vulnerabilities that will exist until fixed. Seems like we got some non-practitioners commenting from their ps3."

    Funny that you bring the subject of hacking and Sony up at the same time:

    https://en.wikipedia.org/wiki/PlayStation_Network_outage

    Incidentally, where can I get the source code for the PlayStation Network?



    But kidding aside, both closed source and open source software are equally vulnerable to attack.

    The difference is that in the open-source world, once a bug is found, it is often quickly fixed, even in a matter of minutes some times. In the closed-source world, that is not so. Just look at how terribly Oracle or Microsoft handle software updates: Oracle is negligent, holding back java updates even where there are already exploits in the wild, and Microsoft is incompetent, often releasing updates that wreck people's machines (see the deployment of Windows 8.1 for the latests failure).

    Also, in the open-source world, if someone introduces some sort of suspicious bit of code, that code is more likely to get caught before it even makes it into any production environment by virtue of the code being scrutinized by many people. Compare that with closed-source code, where code can have all sorts of backdoors and you will never know about it until someone hacks you. For and example of this, see the most recent D-link router fiasco, where they found that D-link routers had an unpatched backdoor for over 5 years.

    Open-source is not a silver bullet, but anyone that claims that open-source is inherently less secure is being ignorant at best, and FUDing at worst.

    link to this | view in thread ]

  29. identicon
    AnonTee, 22 Oct 2013 @ 10:04am

    Re: Re: The rest of the web runs on Open Source

    Really interesting intervention into Masnick's argument; the Internet is purposed via open source actions and so open source attitudes and amendments makes for a compelling argument, if only sociophilosophically.

    I am wondering about the ways in which the HTTP framework gets structured predominantly by corporate enterprise. Perhaps an issue of my ignorance, but I understand that the Internet is much 'deep'er than the majority of us experience (vis-a-vis Google, Microsoft, Facebook, Twitter, etc). If it is the case that the Internet is much deeper, and that it was perhaps organized later by corporate manipulation, is this not a counter argument to your intervention about an open source genealogy inviting open source solutions?

    Again, I am not familiar on the debate between the depth of the Internet, and how it is controlled through private sector enterprises. I am assuming here that somehow the HTTP framework (?) has come under the purview of corporations and governments, and so open source struggles as a basis for performance and intervention.

    Any thoughts are very much appreciated.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 22 Oct 2013 @ 11:05am

    Probably too late, need to start over

    With as bad as the site is performing, I would guess that the code base can't be easily fixed. The problems are probably systemic. It might be best to scrap the current incarnation, get their money back, and get Google or some other modern, web pure-play to build a reliable, scalable, performant system.

    link to this | view in thread ]

  31. identicon
    phils, 22 Oct 2013 @ 1:00pm

    They need to keep it closed source to hide the NSA backdoors.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.