
How I changed the law with a GitHub pull request - chha
https://arstechnica.com/tech-policy/2018/11/how-i-changed-the-law-with-a-github-pull-request/
======
gammateam
I've been wanting this for a long time, I wanted to take it further though:

I want draft laws, I want to see all representatives as contributors and be
able to see their contributions and changes to draft laws.

the House should have a master branch that submits pull requests to another
repository, the other chamber having one too

The Governor/President gets to approve PR's from that jurisdiction

It would become SUPER easy to track origins and changes of laws, let alone
browse them, and comment on them.

I'd like to see this done retroactively all the way back to English law

~~~
gamblor956
They have what you describe, and moreover such a thing has existed in paper
form since th this country was formed.

Real time access to laws as they are drafted is a Really Bad Idea. Good ideas
need time to incubate. The system you want would lead to the sound byte
version of legislating.

~~~
derefr
C-SPAN already exists for “sound byte legislating.”

Plus, fine-grained version control doesn’t imply real time updates. It’s fully
possible to only release the version history to the public after the law is
approved.

~~~
ironmagma
Then the first draft can go out when it would have been normally published.
Then, the main value add would be commenting and suggesting changes as well as
a centralized place to see comments and suggestions as well as their
reactions.

------
DoreenMichele
From the Why It Matters section:

 _The Council is able to publish the law better and faster than ever before.
With the District’s previous codification contractor, updates to the DC Code
were published three times a year, and there could be a five-to-seven month
delay in seeing the latest laws. But the Open Law Library has shortened the
publication process to about a week after a law is enacted.

It also means we’re all getting to see more of the actual law that governs
us—not the law as it was months ago._

~~~
fzeroracer
This is pretty common in government agencies from what I've seen. Many
contractors take forever to do even the most basic of changes because of how
contracting works in order to milk as much money as possible.

But agencies that move towards open source initiatives, non-profits etc end up
being a lot more responsive and overall end up a lot better off. Unfortunately
there's a lot of entrenched commercial entities (ex Oracle) that want things
to remain the same so it's going to be hard to rout them. Initiatives like
this give me a bit of hope though.

------
rubbingalcohol
> My edit wasn’t substantive. This sort of “technical correction,” as lawyers
> would call it, didn’t need to be passed by the Council and signed by the
> Mayor.

Okay, so they didn't "change the law." It's a cool story but not a fan of
clickbait titles either.

~~~
dgreisen
As with most things in the law, it is complicated. The District legislative
process shares many similarities to the federal government's. They pass laws,
which are the official representation of the will of the Council. These laws
are kinda like hand-crafted change sets. Change sets that can change other
change sets.

These change sets are almost impossible to use as they are, so the Council
creates an official compilation of all the change sets as applied and
organized by subject. This is the Code of the District of Columbia. Usually,
when people think about "the law" they are thinking about the code, because
that is how people interact with it.

The laws as passed by the Council cannot (and should not) be changed via pull
request. Here, the useful representation of those laws, the representation
used by everybody who actually interacts with the law, has been updated via PR
to more perfectly reflect the underlying laws.

------
dgreisen
Hi all, I'm a co-founder of Open Law Library, the non-profit that built the
platform DC uses to codify and publish their laws. We were so excited when we
saw a member of the public make a PR. I'm happy to answer any questions.

~~~
baroffoos
This is really awesome and I hope to see something like this come to my
country.

One thing I was wondering is how you would deal with more tricky issues/pull
requests. Obviously we probably won't see people writing whole new laws in the
pull requests editor but what if it was something like a sentience was written
in an unclear way and someone opened an issue asking for it to be clarified or
maybe they made a PR rewriting it to make more sense while still keeping the
intent the same?

~~~
dgreisen
We are in talks with several international governments. We would be delighted
to help your country!

The system does not in any way change the legislative process, so you cannot
use a pull request to make any substantive change to the law. That would
include rewording, changing punctuation, fixing numbering, etc. If such a pull
request were made, it would be immediately closed. As throughout history, the
only way to make a substantive change to the law is to petition your
representative to sponsor a bill and then convince the legislature to pass it.

~~~
grkvlt
So, essentially, the pull request process is useless. In fact, even changing a
typo could be seen as a substantive change since it may not always be 100%
clear what the correct change is. For example, in the Colored Object
Restrictions Act 2018, Section 12.3.7 it might say "It is not permitted to
have purple colored caqs within the city limits." could be talking about
'cats', 'cars' or maybe 'caps', and although it's obvious a typo has slipped
through, these possible fixes all have very different meanings. And in the
cases where the typo is obvious, and there is only one possible interpretation
of the text, it doesn't actually matter and the change wouldn't have any
impact...

~~~
bostonvaulter2
Come on, you gotta start somewhere.

------
Klathmon
This is such a great way of making access to the law more open and welcoming,
which is a great thing to me!

I haven't been able to check yet, but does anyone know if you are allowed to
use this process to propose new laws or clarifications of laws more
substantial than simple typo fixes?

Sure, you aren't going to have non-lawyers crafting legislation, but could
this be used to bring up clarifications that could impact rulings or
increase/decrease scope of current laws or something similar? (I'm not a
lawyer, so I don't know what are big and what are small changes here)

Imagine if proposed laws could be commented on, have changes offered, debated,
and ultimately decided on in an open fashion like this! With a public "audit
trail" of sorts showing the history of changes the law went through.

I know this is optimistic, but I wholeheartedly believe that more openness and
more people involved will ultimately lead to better laws.

~~~
iamdave
_I haven 't been able to check yet, but does anyone know if you are allowed to
use this process to propose new laws or clarifications of laws more
substantial than simple typo fixes?_

"You" as in you, a citizen off the street proposing a new law? Unlikely. You
could use it to form the basis for a ballot initiative, I would think?

------
alistairSH
In stark contrast to Georgia, which has actively made access to its laws
harder through copyright enforcement.

[https://www.eff.org/deeplinks/2018/10/appeals-court-tells-
ge...](https://www.eff.org/deeplinks/2018/10/appeals-court-tells-georgia-
state-code-cant-be-copyrighted)

------
adiian
On one side it makes sense to have a public repository like git used for this,
but having a private company being responsible for this it's bit strange.

The fact that a pull request was accepted was now that strange because it
could have been done by the council representative.

For this kind of use case it would make more sense to me some sort of block
chain, not controlled by a single company.

"This isn’t a copy of the DC law. It is an authoritative source. It is where
the DC Council stores the digital versions of enacted laws, and this source
feeds directly into the Council’s DC Code website at
[https://code.dccouncil.us/dc/council/code/."](https://code.dccouncil.us/dc/council/code/.")

~~~
Rotten194
Why would you use a blockchain? There's already a central authority - the DC
city government. They should just host their own git instance.

~~~
casual_slacker
There are cases in history where records offices were held in rebellion for
political purposes. A blockchain would change means of control of records from
violence to compute power.

[1]
[https://en.wikipedia.org/wiki/Texas_Archive_War](https://en.wikipedia.org/wiki/Texas_Archive_War)

~~~
umanwizard
Whoever has the ability to do violence will always have ultimate control. They
could just force everybody to start accepting a different blockchain.

~~~
PhasmaFelis
Relevant xkcd. [https://xkcd.com/538/](https://xkcd.com/538/)

------
supz
This is great, I would also love to see laws have applicable test cases
created. For a practical example, in NJ they recently changed gun laws, and
they forgot to include an exemption for police officers, so they ended up
being restricted by the new laws the same way civilians are. (I really bit my
tongue on this, not going to get political, here).

The law should have had a test case created, which would have the equivalent
of ensuring that police officers are not in violation of the law, when they
are serving active duty, or going home. NJ’s assembly had to rush in some
middle of the night legislation to fix this “bug” in the law, that nobody
caught.

I would love to see this applied to all laws. As the article states, software
and law have a lot in common. Testing should be one of them.

~~~
tylerhou
Testing requires laws to be defined in a language understandable to machines
and to be unambiguous. That’s not gonna happen anytime soon.

------
Iv
A few years ago, while the French parliament was discussing the modifications
in law to allow gay marriage, many people were scrutinizing amendments and
proposed amendment, and a developer presented all the MPs work in a git
repository. It really felt like the future of democracy:

[https://github.com/steeve/france.code-
civil/commit/dfd5918f9...](https://github.com/steeve/france.code-
civil/commit/dfd5918f90025e15eecd72daff912b547433daed?diff=split)

------
jasonh3
It's great that DC is making their latest laws available to everyone, however
it's a little scary that the commits aren't signed, meaning that anyone who
gained access to the github repo could forge them (and do more than fixing
typos).

Hopefully DC (and others) will look at doing GPG signatures[0,1] so that they
don't have to trust github's authentication as much. Github has a nice GUI
that reflects signatures with the "Verified" tag, which you can see at[2].

0: [https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work](https://git-
scm.com/book/en/v2/Git-Tools-Signing-Your-Work)

1: [https://help.github.com/articles/signing-
commits/](https://help.github.com/articles/signing-commits/)

2: [https://github.com/QubesOS/qubes-
doc/commits/master](https://github.com/QubesOS/qubes-doc/commits/master)

~~~
acdha
> meaning that anyone who gained access to the github repo could forge them
> (and do more than fixing typos).

… which would immediately be noticed by everyone using the repo. How many
scenarios are there where a compromise wouldn’t include GPG keys or the
attacker simply uploading their own key?

~~~
jasonh3
I hope you would be correct, that lots of people would notice a compromise,
though I'm not convinced that this would be the case since the attacker could
pretend to be the single committer.

> How many scenarios are there where a compromise wouldn’t include GPG keys or
> the attacker simply uploading their own key?

If the user's github credentials were compromised (lots of ways for that to
happen which don't involve their system/keys being compromised, like using the
same password across sites), then using GPG signatures would still allow
cloners to check/detect problems since they wouldn't have the maliciously-
updated github GPG key (or they might be one of the few folks still using the
Web of Trust).

Furthermore, it's possible to have a local system compromise that doesn't give
access to GPG keys, as keys could either be password protected or kept on a
separate system that's primarily used for signatures (not extreme for a system
that distributes law).

Also, signatures not only protect the latest commit, they also sign the
previous commit hash(es), protecting previous commits and preventing a history
rewrite. Without them, a history rewrite that left recent commits unchanged
but modified some text could have the chance to go unnoticed.

EDIT: small clarity tweak

~~~
acdha
> If the user's github credentials were compromised (lots of ways for that to
> happen which don't involve their system/keys being compromised, like using
> the same password across sites), then using GPG signatures would still allow
> cloners to check/detect problems since they wouldn't have the maliciously-
> updated github GPG key (or they might be one of the few folks still using
> the Web of Trust).

This assumes that the attacker wouldn't simply upload their own key to public
keyservers with the same email address. I would be shocked if more people
would notice the use of an additional key than would notice, say, Git's
warning when history changes between different repos.

The big win is having multiple copies with independent access control. I'm not
opposed to using GPG but in practice the benefits are fairly minimal and
there's a massive usability hit for anything involving GPG. In the case of a
legal code that's probably justified but it's probably well into diminishing
returns.

~~~
jasonh3
Considering GPG is the primary protection for the Linux distros that run most
of the services we're discussing* , at some point our trust falls down to it
anyhow :)

* : Last I checked, the two most popular Linux distros I'm familiar with (CentOS and Ubuntu) only make their iso hashes available via http-only served files that are GPG signed

~~~
acdha
Those distributions use GPG but they also use pre-deployed signing keys rather
than, say, trusting any @debian.org key on a public keyserver. When you're
centralizing trust like that anyway, the differences between that and a
canonical Git repo don't seem to be especially significant from a practical
standpoint.

------
prepend
This is neat as long as DC sticks to a policy of open source laws and free
access. Github has always done this, but I fear that 50 years from now we
could be in a situation like access to case law where you have to pay a third
party to read.

~~~
baroffoos
Yeah it makes me slightly uncomfortable to put the law in the hands of a
private company. Github is allowed to block me for whatever reason they want,
does that now mean I get locked out of this?

Would much rather see this on a self hosted GitLab but this is a good start
for sure.

------
beatgammit
Is this type of thing something people want?

I have been thinking of running for local office (one seat in particular is
always uncontested), and my platform would basically be: I'll set up a method
for constituents to voice their opinion in a transparent way. I'm thinking
something like change.org, but with some way to verify residency.

I think citizens don't get as involved as they want to because the barrier to
entry is too high and the results are too opaque (don't know how many called,
emailed, etc). I would _love_ to start a movement for more open government,
but I'm just not sure the demand is there.

------
sytse
Someone make a site that has French laws in GitLab
[https://www.lafabriquedelaloi.fr/articles.html?loi=pjl12-689](https://www.lafabriquedelaloi.fr/articles.html?loi=pjl12-689)

~~~
Buetol
Hi, the GitLab for the french laws from La Fabrique is here:
[https://git.regardscitoyens.org/parlement](https://git.regardscitoyens.org/parlement)

It's a only a small part of the laws published on
[https://lafabriquedelaloi.fr](https://lafabriquedelaloi.fr) for now but
should be complete soon !

Disclaimer: I work on the project

------
pbw
I wrote this a while ago: [http://www.kmeme.com/2010/03/healthcare-
diff.html](http://www.kmeme.com/2010/03/healthcare-diff.html)

I wonder how well code-style line-oriented diffs work for laws. If you word
wrap then your single-line changes can cascade and effect many lines. If you
don’t word wrap seems like you need a better way to see diffs within long
lines. Seems totally solvable, but that what github does for code might not be
right.

But this is so awesome, pull requesting a typo. Go DC really forward thinking.

~~~
kortex
Wikipedia seems to handle this just fine, as does most markdowns. Manual word
wrapping seems like more of an issue for code than plaintext. I don't manually
wrap readme's anymore, that's what window-width-aware editors are for.

------
TheGrumpyBrit
My side gig, like most sites these days, publishes a privacy policy and terms
of service. From the start, I published those documents in a public Git
repository - it provides a clear source of what version was in force at the
time of any given argument. When you might later be discussing the content of
those documents in court, that can be essential.

Of course, it could also work against you, but either way, it's one less thing
that's open for discussion.

------
rumcajz
While this is a great development, hosting AUTHORITATIVE text of the law at a
private service (GitHub, owned by Microsoft) doesn't sound like a good idea.

Consider what would happen if Microsoft decided to delete the repo. There will
still be copies of the law at different places, but there would no
authoritative version. Imagine a lawsuit where each party is arguing that
their copy of the law is the "correct" one.

~~~
gibsons77
There's a way to store this in an immutable and trustless manor, but the B
word gets a lot of push back around here.

~~~
acdha
That's because Git already provides the same solutions for problems which
exist in reality (immutability, trustless, distributed). All that's left out
is the opportunity for some grifter to [if we're lucky] match it at
substantially greater cost.

------
gcb0
The only relevant link on the article [https://github.com/DCCouncil/dc-law-
xml](https://github.com/DCCouncil/dc-law-xml)

------
pablo1
I always reach that website when I randomly hit my keyboard in the browser's
address bar to see if my internet connection is working.

Seems to be a great domain.

(Colemak user here)

------
amai
If the law is on github, does Microsoft then own the law?

------
choot
So by hacking GitHub, now laws can be changed?

I want sentences to be GitHub as well, so that an inmate can hack github to
change his sentence.

------
CodeWriter23
I’m personally not OK with a system that enables a single individual (the
"lawyer" in the article) to declare modification to a law as insubstantial,
then modify the law.

Some review process needs to be there, and frankly, even a typo correction IMO
needs to be run by the Mayor because she/he signed one thing into law and this
process changes what they signed. We cannot ever assume we know the intent of
the Chief Executive, even when “obviously” in error.

OTOH, a diff system for law is awesome. California uses a similar system but
it is cumbersome to do things like “show me how this section evolved over
time”.

~~~
nulbyte
> and this process changes what they signed

The mayor didn't sign a website.

The author clearly indicates the website did not accurately reflect the act as
enacted at the very beginning of the article: "Comparing the DC Code to the
act that made the change, I noticed that something was amiss..."

~~~
CodeWriter23
Perhaps you should read the article.

> This sort of “technical correction,” as lawyers would call it, didn’t need
> to be passed by the Council and signed by the Mayor.

