IANAL, but my understanding is that all software written by US government civil servants is in the public domain. It cannot be copyrighted or otherwise licensed (although the government can patent things). This does not necessarily mean that it is available to the public, as noted in the other comments; it may be classified, considered For Official Use Only, or restricted from release by ITAR regulations.
Barring any of those cases, you should be able to get a copy by filing a FOIA request. The problem with FOIA requests is that you have to know specifically what to request, usually by name. Obviously, it can be hard to put your finger on exactly what software you are requesting.
The bigger problem, though, is that much of the US government just isn't technically set up to release software (as opposed to documents). Setting up a git repository, in the DoD, is an utter nightmare. Every single patch has to be pushed through a public release process that can take weeks or months and involves review by as many as ten to fifteen different offices, few if any of which even know anything about software. If you're setting up your own server, getting the server itself approved and provisioned can be an exercise in bureaucratic frustration, and can take literally years to accomplish.
Those of us writing software very often want it to get out there. But the structure of the organization makes that excruciatingly difficult.
I've delved into this. For lots of detail on the current situation, see my paper, "Publicly Releasing Open Source Software Developed for the U.S. Government" by David A. Wheeler, https://www.csiac.org/journal-article/publicly-releasing-ope...
In almost all cases, if a US Federal employee writes software as part of his/her official duties, then there is no copyright IN THE UNITED STATES. There are a few exceptions (e.g., US Post Service Employees). Also, copyright doesn't apply in the US - but outside is a different matter (though enforcing said copyright is more complicated, and I would argue the US shouldn't try). More importantly, there may not be a copyright, but that doesn't guarantee release to the public (and often there isn't). You can ask via a FOIA, but that's no guarantee you'll get it.
HOWEVER: Most software developed by government funds is developed, at least in part, by contractors. And that is a COMPLETELY different circumstance. The details, unsurprisingly, depend on the contract.
If you're interested in the DoD, I suggest going to the MIL-OSS mailing list:
It's possible to release software to the public. One approach is to get pre-approval where "as long as the changes meet this scope, and follow these rules, it's okay to post the changes." But you have to get local buy-in.
In short: In a lot of places in the US federal government it's definitely difficult to do what in the rest of the world is normal.
In the US, state/local/tribal is completely different, and I definitely don't claim to know the laws of other countries. Others can explain that better.
So the good news is that any government contractor overseeing a contract should be able to release it as OSS, if ve wants. Bad news is that it’s effort and risk to do it correctly.
Isn't the point that the contact should have a non-negotiable OSS clause of it's using public funds.
My impression, from my seat in Europe, is that USA government is run by rich capitalists that would as soon eat faeces live on TV as suggest private corporations be required to service the public good?
Okay. Say you're a vendor for student information systems. It handles registration, enrollment, scheduling, attendance, report cards, state and federal reporting, teacher gradebooks, parent portal, etc. You sell your product to one school district with 800 students for an initial fee of $100,000 plus an annual fee of $5 per student and $10,000 for up to X hours of direct support (note: these numbers are not far off the actual costs).
Except now it's open source, and every one of the hundreds of thousands of school districts in the country suddenly has access to your software without charge.
Sure, you can come up with dozens of reasons why that's great for schools, but you're the SIS vendor that just spent a couple million dollars producing the software. Why would you be in a business where the moment you sell your product, you can no longer sell your product? Support? Okay, but you'll immediately be competing with other support vendors, etc.
The relevant scenario is that the school approached the company and paid them to develop the software.
Another potential model is for the government to partially fund development. For instance, if the government wants a piece of software that costs $1,000,000 to develop, a company might offer to develop it for them for $500,000 and the rights to resale it to other customers.
This isn't an intractable problem though. You would just need to make a clear delimination between what components the government is paying for, and which ones is coming out of the company's R&D budget. Due to billing, this is already how many of these projects work, but the publicly funded portion is often far less useful without the privately funded portion; and there often is not a good solution to this (think a government funded plugin to Microsoft Excel, where an Excel license costs $5,000)
Edit: or elastic. Or automattic. Or black duck, or canonical, or cloud bees...
Not quite true. Rich capitalists largely have better things to do than bother with the details of running government.
But it is, to a large extent, run by people under the influence of (whether directly seeking money, or just manipulated by paid propaganda) rich capitalists who would rather engage in public coprophagia than have such requirements imposed.
The ones who do care more than that tend to be absolutely awful.
Clearly, they don't want new ideas.
The mad lad my lead was, said we would need a database for retaining some of the basic data we needed to keep track of. Nothing all that special, just a few tables, and by nature nothing sensitive would be tracked.
This got rejected immediately, and our IT literally cited "no database installations are allowed per security team."
Needless to say 4 months later, after some back and forth, he eventually said "whatever, we'll just store everything to files then" and that's how he came up with the world's slowest inventory manager - I suspect just the way they like it.
The state server we were going to use to store some application metadata had the word "database" in the product name. For that reason alone we got flat out rejected.
I said to them, "So it's OK to store all the stuff we need in memory and on the file system on the servers, just not stored in the state server."
Their response was, "Yes, because it's not in a database."
We finally switched to another product that did not have the word database in the name, and they were completely fine with it.
Some state work got in trouble a few years back because they'd updated guidelines that no applications could be on the same machine as a database server. Enforced separation, for security. Having enough staff and management to distribute that message to people dealing with the apps and servers didn't seem to be a requirement, however. And... when I was given this mandate, I had to ask for another server, then told there weren't any available, and I'd have to wait for several weeks, and I probably should shut down the current service (which had run for 3 years this way, well before the guidelines were in place).
Navigating govt IT stuff is crazy. About half the people I've encountered are between competent and really talented, and the other half don't understand the basics.
FWIW, if the web server can't communicate 'directly' with a database... what process do you use to communicate between them? Some sort of proxy? Or something else?
Digital cameras were at that time strictly prohibited from even being on the premises.
So my friend goes ahead and buys the machine he needs, on the assumption that if he doesn't everybody is out of a job, and he can always disable the camera. The machine arrives, he sets it up, and calls security asking for whatever official process they use for disabling webcams. Epoxying over the lens or something, was what he figured.
At first they are very confused. It's like they can't parse the words he is telling them. It's as if he was trying to tell them there were six legged iguanas with Russian flag patches on their backs running around the server room.
So he finally gets them to acknowledge that he is, in fact, speaking English in sentences that adhere to the rules of grammar, at which point they have to take his question seriously.
So they ask: “did you procure these computers through <our base's> government procurement office.” To which he says, yes, of course, there's no other way to do it.
They think for a minute and reply: “by policy, you cannot purchase a digital camera through the procurement office. Therefore, your computers do not have digital cameras in them.”
They were being intentionally daft. The person who told him that almost certainly did so with a wink and a nod, and saved your protagonist a lot of pain.
my 'database and app server separation' thing - never quite got a straight answer on 'why', other than 'security'. except... adding more systems, with more logins, more access rules, more stuff to update/patch/test leads to... more potential for security failure (in my experience).
This is common enough across a variety of organizations (I've certainly run into the same issue at several large-ish companies) and isn't necessarily unreasonable... if IT also provides a process for getting what you need with their oversight/help (bonus if some part of the IT team actually has skills to do audits rather than cargo culting off a checklist).
So, how are applications supposed to store/retrieve data?
"No sir! It's just a base of data."
<checks spec book> "Very well; carry on then..."
By this argument, any database with a public file spec is a flat-file database.
They got MS Office approved for all PCs, so we ended up building all based on Excel, Word and Access.
There were multiple weeks of meetings with lawyers (including discussions of whether we needed a space act agreement) to figure out how to actually open source the modifications we made on NASA's behalf. Ultimately we ended up having to assign all of the nova copyrights to the government so that they could open source the modifications. I didn't even think that the government could own copyright but apparently it can.
Here is an excerpt that talks about licensing:
>Q: Can government employees develop software and release it under an open source license?
>Not under typical open source software licenses based on copyright, but there is an alternative with the same practical effect.
>Software developed by US federal government employees (including military personnel) as part of their official duties is not subject to copyright protection and is considered “public domain” (see 17 USC § 105). Public domain software can be used by anyone for any purpose, and cannot be released under a copyright license (including typical open source software licenses).
>However, software written entirely by federal government employees as part of their official duties can be released as “public domain” software. This is not under a copyright license, it is absence of a license. By some definitions this is technically not an open source license (because no license is needed), but “public domain” software can be legally used, modified, and combined with other software without restriction. Thus, “public domain” software provides recipients all of the rights that open source software must provide.
Please excuse what I suspect is a naïve question: why can't they just throw the code into a zip file, and send out the file the same way they would other documents? Digitally or on a physical thumb drive.
(The FOIA requester could then put the code on Github or similar.)
The issue is that, basically 100% of the time, anything being released to the public has to go through a release process.
If you produced it as an employee of one agency (eg the Air Force), but if was paid for by a different agency (eg DARPA), then it also needs to go through a similar release process on the sponsoring agency's side.
Typically, this has to happen for every single “release”. In other words, for the original software, again for every subsequent patch, for the documentation, for every correction or update to the documentation, etc. If you want to give a presentation about it your slides need to be released. If you want to write a paper on it that needs to be released as well.
Evey time through the release process takes two to six weeks, depending.
This works OK if you are releasing documents. Once a document is written, it usually doesn't need hundreds or thousands of updates over it's lifetime. A journal paper gets released once, then it's done. But the same process is what we currently use for software, and software is just a very different thing than a document is.
Imagine what would happen to the release cycle of a small OSS project if it took six weeks for github to get around to posting your update, and if github management rejected about half of them for reasons that were mostly inscrutible to you.
(Of course, if the updates aren't happening at all because of opaque internal procedures, that's a different story.)
I've got tons of code I've written over the years that, if I could just throw it onto github, I would. But since it would take me six weeks of pain, I don't. Some of that code I'm kind of proud of, or was at the time I wrote it, anyway. I wrote an rviz app a decade before ROS took off.
It could happen, but it would take something like the Secretary of Defense ordering it. Or a White House directive. The folks at my level, or at any level I can actually talk to, don't have the authority. The thing is, they aren't making these policies and procedures up just to be dense. There are real, hard and fast laws and department-wide policies that require the system to look the way it does.
(If there were more people filing request, I wonder if the internal procedure would be made less painful out of necessity...)
FOI is meant for information that can legally be published with reasonable effort, but not yet available.
The most effective method is to have continuous development through an open source structure so any failures where someone hard codes sensitive info in source get found quickly.
It is completely true that contractor-written software is legally different and has its own release policies. For one thing, it can be copyrighted. Again, IANAL, but I assume that there would be stipulations written into the contract governing IP.
It's going to take time but we're on the right track. Send me a message if you want to be involved in this culture change.
Keep in mind, Los Alamos is one of the big labs doing nuclear work for the DOE, so obviously a lot of what they do is classified, but of the stuff that isn't they're actually doing a pretty impressive job of open sourcing it.
Back when I did work on hydraulic modeling, HEC-RAS was the gold standard for open channel flow. It is only available as a pre-compiled Windows executable.
I had a ton of parameterized simulations to run and would have loved to have gotten my hands on the source code in order to run it on EC2 Linux spot instances and to mechanize the parameter inputs by cutting the GUI input forms out.
> Setting up a git repository
Git != GitHub
> Every single patch has to be pushed through a public release process
Rebase is your friend.
Apparently in Europe and some other places it's not so easy to disavow all rights to a bit of software. BSD- or MIT-style licenses are much more comforting.
All the science done at that national lab for less money before it was privatized was after privatization private property, and before privatization more science was done for less money.
The reason the costs became higher was that a private company is not tax excempt and the government guarantees a profit for the contract.
In effect this is a no cost private theft of government funded research, and I find it fishy that almost all the national labs were made private in the decades after the act. The only upside seems to be that the private company take any blame for a scandal.
 https://www.mofo https://www.mofo.com/resources/news/the-governments-patent-p...
The contractors don't have to be.
It's the same reason why most people stay out of federal jobs - you can't make more than the president. But if you're a consultant working for the gov't, you can get paid $$$$$.
2. Stoplights/traffic control cameras.
3. Voting machines.
4. Electrical grid.
There are companies (including Siemens, for example) which build traffic lights and sell the control software and algorithms for eg car and pedestrian detection. See https://www.speedcamerasuk.com/speed-camera-types.htm
In a lot of places, the government decides that a service is required and companies bid for the construction rights. Just because public money was used to buy a service doesn't make the IP the property of the public.
And in response to a sibling comment, no, the government does not always pay for code development. The company decides they have some niche IP (eg car detection) and start selling speed cameras. They then bid for government contracts.
You could argue that there is an onus on government to use open hardware and software where possible. It often costs them less money, for a start. I suspect its easier to run an open source focused company and aim to be a major government contractor than it is to persuade the government to buy open source.
No, but it could. Might raise costs initially, but the idea is that enforcing such a spending policy would lower costs and reduce duplication long term. Not to mention that having law and beurocracy enforced by closed source systems is a major threat to freedom and democracy, of course.
2, 3, and 4 are made by private companies. Not government.
5. Probably a good idea.
But government pays them to develop the code. For many such companies government is the only customer (whom else are you going to sell the traffic light software to?).
The traffic lights in Chicago are likely made by a different company than the traffic lights in New York City (I dunno for sure... but it'd be a separate arrangement nonetheless). Those are two grossly different customers.
USA has a federal society: that means we have mini-governments across the country with their own laws and regulations. In an extreme case, an Home-owners association can own traffic lights and operate roads. (My own HOA for example owns the traffic lights in my area, and hires cops from the county to patrol our roads. They're county-cops contracted out to the Homeowner's Association for security in the neighborhood)
Same thing with voting booths, and other services. They're made by private companies in the USA, to serve the many different local governments that exist.
And local governments interact with local neighborhoods / homeowners associations, depending on local regulations of course.
The underlying argument you're making comes down to this idea that capitalist competition is the most efficient way to produce results, but it's obviously incorrect in this case. Are we really arguing that having a bunch of different companies developing the same software a bunch of times for different governments is the most efficient way to do this?
That's an assumption that isn't always true.
The company could have developed them with their own funds, then sell the product to the government.
You probably wouldn't want their fraud detection/audit selection software published. No matter how good it is releasing it gives people a chance to better avoid detection.
I'm mostly thinking of it from a law-abiding citizen perspective. Maybe make some basic tests available to more easily show that I'm not making the stupid mistakes (an extra "0" somewhere or missing a digit somewhere else).
Also, anything that would more easily interface with the IRS's online submission system would be great.
Matt Cutts if you're reading this please help!
On another note, I'm not sure I agree on the electrical grid or traffic controls being open sourced ... could imagine some nefarious things happening as a result of that
Any more nefarious things that can be done with your Linux OS server talking to your Open Source Chromium / Firefox web browser?
Open Source doesn't necessarily mean less secure.
However, I would imagine it would still be beneficial for open analysis though. I'm not sure security through obscurity is a good option when there are motivated nefarious actors involved. But that's more of a "gut feel" than based on any evidence
Everybody got very enthousiastic at the begining, then realized:
- it was written in a niche proprietary language: M
- it was provided with almost zero doc or comments
- the process of getting the code was tedious, and the law changes every year
- taxes are complicated
And so nobody did anything with it ever since.
M is also the name of the built in language in Microsoft Power Query.
<insert code here>
x = gross_income / median_income;
if( x <= 1 )
if( x <= 50 )
y = ( x * Math.ln( x ) - x + 1 ) / Math.ln( 2500 );
y = x - 0.5 * Math.ln( 50 ) * Math.li( x ) + 4.862;
return y * median_income;
The constants are based on the income at 50 times the median income having a marginal tax rate of 50%, and the median income having a marginal tax rate of 0%. Marginal tax rates above 50% asymptotically approach 100%. There are no loopholes or exemptions.
If the median income is $32k, and you earned $31k, your tax is zero. Your only obligation is to report your gross income honestly, so that the median income is calculated accurately for next year. If your income is $96k, your x = 3.0, your y = 0.1656, so your tax is $15.9k . If your income is $1.6M, your x = 50, your y = 18.74, so your tax is $600k . If your income is $32M, your x = 1000, your y = 657.5, and your tax = $21M.
The only effective ways to reduce your tax would be to reduce your income (as reported) or raise the nationwide median income, such as by paying your lowest-paid workers more in the previous year.
Seems fair to me.
If you add up all the incomes of all the tax-paying entities, it should equal the money supply multiplied by the velocity, minus the unreported income economy.
Your argument rests on the presumption that the economy needs super-rich people to be performant, when corporations and governments have already solved the problem of collaborative concentration of capital. If they leave, and the economy somehow fails to collapse, they have shown the lie behind rich folks as "job creators".
Economies are run by the people who do the work. Sitting on ass and writing checks serves to weed out some of the worst ideas, and shuffling financial instruments serves to lubricate the gears of the economic machine, but should the rich ever go on strike, they will immediately lose all their leverage as the economy restructures itself to work without them. At worst, they can just get replaced by newly-minted rich people.
And, contrariwise, when a nation coddles its billionaires, and lets them do whatever they want, that's how you get the current US government. Nobody's starving, though. Not yet. We still might check that off with another government shutdown and another trade war escalation and another diplomatic insult or provocation.
Committing to give people someone else's money is every government expenditure that is paid for by taxation. It's the welfare state. It's the military-industrial complex. It's infrastructure projects. It's corruption. It's operating funds for regulatory agencies. It's foreign adventurism. Everything. Most governments have budgets that are funded entirely by "somebody else's money". You have made several unspoken assumptions in this discussion, and I think it may be best for you to make them explicit before continuing.
People aren't leaving Venezuela because taxes are high. And Venezuela's problems aren't a result of rich folks fleeing to Miami and Madrid. They are all leaving--the non-government rich, the middle-class, and the poor--because price-fixing creates shortages, and there is no such thing as a free lunch. If one pays for the party with oil money, one also has to turn off the music when the international commodity price for Venezuelan crude oil goes down. But they didn't turn it off; they turned it up.
Can you provide any details on Venezuela's progressive income tax? All I could find was a flat 34% tax on income for nonresidents, and that the lowest rate for residents might be 6%. Which Venezuelans left specifically because they didn't want to pay 34%?
I think that statement is against the very idea of tax law :)
While this will also make abusing security flaws easier, I think there is also a real benefit to forcing it to be public that could potentially outweigh the risks of doing such.
Maybe the answer is very good logging of anyone who has cloned the repos etc. but right now when we have a government that uses whether or not they're going to fund important parts of our infrastructure (like Air Traffic Controllers) as a bargaining chip I have some skepticism around them being willing to fund ongoing maintenance of some of these products.
Despite the fact that things being in the open SHOULD curb this from happening I've read enough legislation (yes, I actually do like to read legislation) to know that that probably is not true when it comes to the government
As to TFA, I have mixed feelings. I'm actually more concerned about research and related patents and data surrounding publicly funded study. I do feel that Open-Source should be given some level of preference, but not that all publicly funded software should be open source itself. It's a blurry line imho.
In principle I completely agree that things being in the open should help to harden them, but especially in the US where funding is often used as a bargaining chip and bureaucracy is rampant I get a bit nervous
How many poorly maintained/updated/configured Linux hosts are out there? Same for Windows, etc... in the end, the software can be the greatest, but if the host's configuration is poorly setup/managed, what does it matter.
More than that, there is no "public paid", just "tax paid". That makes the tax payers entitled to some of that code, not someone else. With taxes paid on so many layers (federation, state, county, city) the ownership and entitlement is also layered: if a small town pays for some software, should the entire country get it? Why?
So to start the FOSS process there is a need to somehow have for each niche a GPL software base that cuts costs by a lot.
Isn't this the purpose of the GPL? "Sure, you can use our code, but any additions need to be reusable as well, so everyone is contributing fairly."
Unless, of course, countries B,C,D don't change anything, in which case, no actual loss to country A.
There's Open Source and then there's the Licensing of Open Source. Just because the source is available does not automatically mean it's free to use under any circumstance.
Licensing is a separate and complicated issue.
If you think this should be open source, do you then carry that logic to demand that all government vehicles run on open source software as well?
In my local community, the government does not own the traffic control cameras. They contract out agreements to maintain cameras at intersections that meet constraints.
I'm not necessarily against the idea of the government being restricted to using 100% open source hardware, but that's super radically different than "software the government owns should be open source".
That's more than just government employees making code. It's also any company, individual or agency that even accepts $1 of public grant money or any external contracts.
We're talking about hundreds of thousands of coders who's daily job is partially funded by the government having to push their code public.
I worked for an ad agency for a time that created websites and sent emails for tourism. The tourism website needs to be open source? The program that sends out discount coupons to public attractions and parks? Each HTML email I code needs to be submitted to repository somewhere?
I don't think people realize just how many millions of lines of code per day we're talking about here. Most of them being inconsequential things. 99.999999% of that being noise.
You've just jacked up the cost of working with the government. More time spent coding. More documentation for things that shouldn't need it. More time spent with compliance issues. Companies need to charge more. More tax dollars wasted.
Despite the headline, the article actually doesn't state that. It says thing like, "any government code produced with public money", "all software developed for the government", and "any source code written by the government must be released".
The bigger problem today is that the government re-builds things 1000 times.
But as an example maybe a software funded by the national weather service to run simulations, that aught to be open source (perhaps something like that exists and is open source, that's not my area).
But a counter argument to mine could be that some software that is security focused might be more secure if it was open source. I think this is an area with a lot of nuance, and absolute statements are hard to make.
Yes. Open source, but secret/classified (as necessary, IRS software should be open-source, period). This way the software will be a useful learning/historical resource when it's declassified in the future.
It's just like the biggest argument for open source in science: it is required for proper accountability.
- currently most electronic voting software is owned by the vendors
- electronic voting should really not be trusted, period, but definitely not be allowed to be closed source
- therefore, we should ban any electronic voting software not made on open source software (arguably even hardware)
- therefore, I am implying vendors of electronic voting software should only be allowed to use a fully open source software stack in their final product
I do not see the jump from this reasoning to any software used by the government must be open source (if I understand you correctly).
The person you're responding to is just making the positive observation that, since electronic voting software is licensed - not produced - by the government, you can't mandate it be open sourced via e.g. a FOIA request.
You are making a normative declaration that it should be open sourced because it's important and intrinsically untrusted software, and as a consequence it either will be or electronic voting won't be possible. These are separate things. You're talking about what ought to be, the other commenter is talking about what (currently) is.
Licensed products are an inevitable loophole to be exploited unless we stipulate rules for use-cases like this. Inevitable because some products will always be licensed, and mandating that everything the government uses must be open source is... well, actually, that sounds great, but even if such a policy were implemented that would be a slow, tough transition to make.
That's perhaps a good reason for that part of the software to not be published and/or FOIA disclosable, but that's orthogonal to how it is licensed. If it's an original government work now it would be public domain (which is more open than open source), but still potentially confidential and nondisclosable.
If the entire work is, less so than if it was disclosable (although there are laws governing the government use of copyright protected work, and arguably there is a benefit to the public interest if the vendor has provided and open source license even if the work is not publicly disclosable.)
But practically, classification and, perhaps even moreso, the other exceptions to FOIA would often apply to limited portions of software systems rather than whole systems, as is often the case with other materials covered by FOIA.
Doesn't have to be complicated, pull 10% of the "simple" forms, 90% of complicated.
Simple forms would be the 1040EZ, 1040s w/ std deductions & no other "business" forms.
No, works made by or under hire for the federal government should be public domain, from a copyright standpoint, not exclusively owned but licensed under an open source license.
But on the other hand, I think your real question has nothing to do with ownership or licensing, but whether or not they should be publicly disclosed. In many cases the answer is “no”, but lots of government work that is in the public domain from a copyright perspective is also not subject to unrestricted publicly disclosure (and may also be classified.)
But arguably the licensing can work the same way as disclosure; presumptively, all government software should be open source, just as presumptively all government records are publicly disclosable; there may be limited defined exceptions for the former as there are for the latter, and decisions to treat software as within an exception should be reviewable by courts just as witholding material from FOIA disclosure is.
I think there is a good argument for anything where the government is acquiring software rather than paying for service that the acquired software (even if it zero percent modified) should be under a permissive open source license (or even acquired into the public domain), and the source code should be a disclosable public record except to the extent it would be covered by privacy, security, or other existing exceptions to public records laws.
No, I'd rather save millions and years of time than use closed source software (if it's zero modification COTS, the extra cost comes in organizing operations around software limitations rather than business driving tools, if it's 3-5% modification at acquisition MOTS, then the additional cost is the continued modifications necessary as government needs evolve differently than private needs with the original vendor able to charge want amounts to monopoly rents because there are no substitute providers because the vendor owns the code, or you fail back to business organized around software rather than vice versa again.)
I've actually spent quite a while working in public sector IT in a unit which manages COTS, MOTS, and we-own-the-code solutions.
(Now there are some exceptions, just as FOIA has exceptions as to which government records are disclosable, but by far I'd prefer the baseline would be code acquired by government must belong to or be freely usable by the public, either PD or permissively-licensed.)
I'm leaning toward "yes", but that doesn't mean the data (including encryption/decryption keys) should be publicly available.
But they also have existing, good relationships with academics in other engineering fields where those regulated materials can still be accessed.
Maybe Wide-Open Source isn't the right answer for all projects because of the understood risks, but because they already have a good set of SOP for a similar program, perhaps it's time to ask them if they could expand that program's scope and loosen their grip on those things a little.
Look at NASA’s open mct on github - that’s awesome and we should push govt orgs to release more projects like this.
This is part of the implementation of M-16-21, which said, "Each agency shall release as OSS at least 20 percent of its new custom-developed code each year for the term of the pilot program. (3 years)".
The latter precludes the (reasonable) arguments talking about grants and public-private partnerships, of which the intent is to stimulate economic innovation, not produce public code.
I think the proposal is reasonable, but it puts a heavy administrative onus on the government to open-source said code, including potential warranting that the code in question is indeed free of any other copyright or license requirement.
 Emphasis mine: "any government code produced with public money..."
As it happens, this is exactly what we do at http://interneuron.org for Healthcare software. Most of our revenue so far has been NHS organisations. We are also a CIC - so a not for profit.
I don't trust it to be built or maintained properly, which also means I'm relatively sure it'd be open season for troves of people who want to do bad things.
Open Source is great - but sometimes it makes absolutely no sense.
∆ Surprised this hasn't been shared yet
They also funded and encourage the open sourcing of the work we are doing for them https://github.com/greenriver/hmis-warehouse
> PLAY 13
> Default to open
> When we collaborate in the open and publish our data publicly, we can improve Government together. By building services more openly and publishing open data, we simplify the public’s access to government services and information, allow the public to contribute easily, and enable reuse by entrepreneurs, nonprofits, other agencies, and the public.
> - Offer users a mechanism to report bugs and issues, and be responsive to these reports
> - Ensure that we maintain contractual rights to all custom software developed by third parties in a manner that is publishable and reusable at no cost
> - When appropriate, publish source code of projects or components online
> Key Questions
> - If the codebase has not been released under an open source license, explain why.
> - What components are made available to the public as open source?
It does mean the government is free to do so, or to hire another vendor to work on it without restriction.
FOIA has a number of things exceptions, material subject to it's exceptions is not required to be released, including:
Exemption 1: Information that is classified to protect national security.
Exemption 2: Information related solely to the internal personnel rules and practices of an agency.
Exemption 3: Information that is prohibited from disclosure by another federal law.
Exemption 4: Trade secrets or commercial or financial information that is confidential or privileged.
Exemption 5: Privileged communications within or between agencies, including those protected by the:
1. Deliberative Process Privilege (provided the records were created less than 25 years before the date on which they were requested)
2. Attorney-Work Product Privilege
3. Attorney-Client Privilege
Exemption 6: Information that, if disclosed, would invade another individual's personal privacy.
Exemption 7: Information compiled for law enforcement purposes that:
7(A). Could reasonably be expected to interfere with enforcement proceedings
7(B). Would deprive a person of a right to a fair trial or an impartial adjudication
7(C). Could reasonably be expected to constitute an unwarranted invasion of personal privacy
7(D). Could reasonably be expected to disclose the identity of a confidential source
7(E). Would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law
7(F). Could reasonably be expected to endanger the life or physical safety of any individual
Exemption 8: Information that concerns the supervision of financial institutions.
Exemption 9: Geological information on wells.
---[quote from: https://www.foia.gov/faq.html ]---
The sensitive things at issue probably fall into the existing exemptions (a lot in #3), otherwise business rules could be disclosed under FOIA now, even if the code wasn't the government’s to disclose.
That one at the end seems interesting. I wonder how that got added in there as such a specific item and not as part of a broader category of sensitive information...I would think if wells were sensitive information, then so would mineral deposits and other natural resources, possibly falling under either exemption 3 or 4:
> Exemption 3: Information that is prohibited from disclosure by another federal law.
> Exemption 4: Trade secrets or commercial or financial information that is confidential or privileged.
On a sidenote, apparently the new administration scrapped it for a brochure Wordpress site. Funny discussion here:
* Favour open source solutions
* Favour non-prorietary solutions
* Release source for custom-built solutions under open source licenses through Government of Canada sites
See C.2.3.8 for the relevant clauses:
It's hard to make headway with the chicken and egg problem - if there was a good OSS system for a government need, the government could be persuaded to use it - but you can't write one without the initial investment which you cannot get because VC won't fund it ...
> the committee questions whether Accumulo runs afoul of a government policy that prevents federal agencies from building their own software when they have access to commercial alternatives
The law exists to prevent wasting time & money, it has nothing to do with being open source.
The code is of minimal utility to individual citizens who have no need to run large governments, but can be hugely beneficial to our competing nations.
I find that it's way too complicated of a layer that most people can't/won't learn. Compare this to the OpenBSD pledge and unveil which doesn't get in the way, and there's no way to disable them.
If you make something overly complicated, with the ability to disable it all too easily, then it won't get used.
That is generally bad advice then. selinux is used by Android and Fedora (and hence RHEL & CentOS). selinux can break things, but it is quite stable these days at least for the distro supported packages. The downside is that anything outside the distro packages will likely have no support or will run unconfined. OpenBSD unveil is still new and will face similar challenges in that it will cover the base system well, but for ports, it will be up to the port maintainer to implement it.
AIUI, by default everything is Crown Copyright.
Beware the law of unintended consequences - it’ll bite you!
(For the record, I agree with the sentiment, but it’s hard to implement without causing undesirable effects.)
If it's not an issue, make it one.
If no one cares to support the issue, find someone to run on it.
If you can't find someone to run on the issue, you've got to run yourself.
Also you know how useless attempting to run yourself is. You will never get anywhere which is good because just having one good idea doesn't make you qualified to lead.
The best thing to do is to start public debate among people who understand the issue and attempt to get those in charge to join in.
The darker side is that making all publicly-funded software public would also mean making all weapons software public. That could have disastrous consequences.
The UK government's cabinet papers fall under this: they won't be released for thirty years, but they will be released under the Open Government License.
I'm not sure that this is what the article is advocating, though.
But the reality is that even in weapon systems there's lots of "boring code" that would make sense to have as open source software. A lot of it involves "move bits from A to B", "calculate this matrix", and so on that are not really special (you can find the basic algorithms publicly) - but having a way to share the costs with others who need it would be valuable.
You can find the US Department of Defense (DoD) OSS FAQ here: https://dodcio.defense.gov/open-source-software-faq/
Here's the US DoD OSS policy (2009): https://dodcio.defense.gov/portals/0/documents/foss/2009oss....
The DoD policy does not require release by default as open source software (OSS), but there IS a short discussion of when it's okay to release software as OSS when it's funded by the Department of Defense (DoD) - and it's quite open-ended.
When I look at wars throughout the world, a huge number of them are fought with US weapons, and we don't actually have a good track record of supporting peaceful people. I don't think that we'll get there until we stop dumping weapons on the world for profit.
There was a line in one of the Expanse books that really got me, where a woman was talking to her son, and paraphrasing, she explained that "We have lost again". When her son inquired how, she said, again paraphrasing "Those who want peace have lost to those who want violence."
One of the primary ways we can do this, is to simply stop exporting it. As of 2017, we export 50% more arms than the #2 country, Russia, https://www.aljazeera.com/indepth/interactive/2017/02/10-cou..., and we will as long as people who support violence and the contemporary model of arms sales throughout the world call people who disagree with it "juvenile".
Works created by the United States Government are not covered by copyright in the US, effectively making them public domain _in the US_. See https://www.law.cornell.edu/uscode/text/17/105
"But—", you say, "—the code the NSA is publishing has a license attached!" Indeed, that confused me too, until I found the answer at https://www.cendi.gov/publications/FAQ_Copyright_30jan18.htm...:
>…copyright exclusion for works of the U.S. Government is not intended to have any impact on protection of these works abroad (S. REP. NO. 473, 94th Cong., 2d Sess. 56 (1976)). Therefore, the U.S. Government may obtain protection in other countries depending on the treatment of government works by the national copyright law of the particular country. Copyright is sometimes asserted by U.S. Government agencies outside the United States.
So, Public Domain within the US, and Copywritten (but OSS-licensed) outside of the US.
My understanding is that copyright in EU countries is much more complicated. For example, apparently the view of the Eiffel Tower at night is copyrighted. See https://www.youtube.com/watch?v=M16CGK1T9MM
As for anything Classified in the US, there are laws controlling distribution. So, take something GPL-licensed: If you take, use, and modify the software, you are not required to provide the code unless you distribute the product to others.
See the question "Since U.S. Government works are not protected by copyright in the U.S., are all U.S. Government works publicly available without restriction in the U.S.?" from https://www.cendi.gov/publications/FAQ_Copyright_30jan18.htm... (it's pretty long, and has a _lot_ of references, so I'm not reproducing it here)
Of course, you may argue that, if a hacking tool is pushed to a remote system, and that hacking tool was made using GPL-licensed code, then the source should be distributed with the hacking tool. Also, note I said GPL, _not_ AGPL. For both of those cases, I don't know if the laws governing Classified material trump those governing Copyright (I'd bet they do), and what International law has to say.
And does that law also apply to works created by state and municipal governments?
Once the Bayh-dole act was passed to allow citizens to take ownership of IP related to publicly funded endeavors, only then did the public start benefiting.
I disagree with the causation you infer regarding public benefits as a result of this change in IP rules. After all, we saw many post WW2 benefits of federal spending long before 1980. The most visible were in aerospace developments that gave us the jet age, but of course even Silicon Valley was well on its way in the 1970s with lots of computer industry groundwork already in place.
I think a lot of the computer industry developments of the 1980-1990s were almost inevitable once that stage was set. It was mostly a coincidence that Bayh-Dole was passed and universities ramped up their strip-mining of the federal budget around the same period. An awful lot of the current Internet age was built by people like me, working on open source projects and federal funding in spite of Bayh-Dole, not because of it.
Yes nations do compete. The whole one-government funded software should be published to internet is _false_, in a technical sense.
The problem in this case is how to get people to pay for the creation of the good in the first place, because people know that even if they do not pay for the creation of the good, they can still enjoy the benefits.
Sure some cities will not contribute back but in open source it is the organizations most in need and most able to contribute back who do. Why is that a problem?
Also, in your example, I don't know how other cities' use would impede the funding city's use.
If the lab has to give the software away, all development ends, unless you have $300k/year of grants sitting around.
If they can't get the interested labs to contribute towards the development without the coercion of a commercial license then it sounds like it's either done, or the development roadmap is misaligned with the users' goals. In either case, stopping the abusive current practices would be an immediate improvement for everyone involved.
As many have pointed out I misused the term "Tragedy of commons" , when in fact it is "The Free Rider Problem"
However the main point stands. Others will not invest in FOSS in hopes that someone else will first and they they can just consume for free.
I love being a gardener, cleaning up cruft, tackling todos, working through various bug lists, and generally tidying up a codebase.
Simple CRUD apps are full of this stuff. And I'm sure I'm not alone in looking for easy ways to participate and feel a little more connected.
What would stop the people of/under "your" government from freeloading off the people of/under "my" government?
"So, if YOUR government uses Linux, but doesn't participate in Linux development, it's bad for everyone else?"
I'm not sure where you are going with this. I certainly never claimed that governments should not use open source software. By all means I hope (for argument sake let's call it The US) leverages Linux where practical.
What I disagree with is the premise that The US or their contractors owe pull requests or public repos to the peoples of the world just because the US taxpayer partly or fully funded a development project. Hate on me if you must but I believe that no US funded research results be they in software or any other IP are or should be automatically owed to the peoples of the earth.
"Most Linux users aren't contributing to Linux itself. And likely less than half are making any significant contribution to Open Source Software at all. It's still useful software, and I still appreciate everyone that does work on it."
Yes, I agree with your idea that most open source users are freeloading in the sense that they contribute far less than they use. That is part of my point.
We are not in a communist/socialist world where every community must pay at the point of a gun for things they don't choose to pay for. And if some government wants to force users of software they develop to contribute to funding, then there licensing should probably be something to reflect that. But then it wouldn't strictly be OSI/Open-Source.
"We are not in a communist/socialist world"
This is EXACTLY my point. We are (at least I am) not. My government does not owe me or anyone else (let alone a foreign government) open source access to it's IP. To think otherwise (as you appear to do) is to be the socialist.
I hate to break it to you, but open source IP is socialism. I hope that does not come as some sort of shock to you.
Again to be very clear I am a fan of open source projects. I use them, I contribute to them. However, I choose how and what I use and contribute. My government does not choose for me or worse mandate via some policy that I must.
If you feel that The US government should require you to open source your in-house CnC software to the people of the DPRK because The US gave you a business development grant of $10k then you sir are the communist, not I.
That aside, I do feel most of what is publicly funded via tax dollars taken by threat of force should be open. This includes data and software (other than expressly licensed, commercial off the shelf software). I'm not as hardline as some on this, but I do feel that way.
The Communist POV would be that all software, data and access be restricted and expressly owned by the government and not really the people.
Open-Source is socialism if the government is forcing people to pay for it... so long as its' a collective voluntary thing not enforced by the government it is in fact not communism/socialism but a part of marginalizing that software which is not a core business component.
The point I was making is the government shouldn't be choosing for me... however, given that the government does fund software development for its' own needs, that development should probably be open.
For the CnC example, I've stated in other threads that I don't feel commercial software should be required to be opened if it exists and is licensed via govt contract vs. developed for.
This argument though is not about the merits of open source software but about the use of public funds. "If my taxes helped pay for software, should result necessarily be public source code."
My opinion is absolutely not.
If my taxes as a citizen of country "A" paid for the development of some piece of software then I do not have the slightest reservation that the citizens of country "B" have no kind of moral, ethical, or legal right to it.
If the tax payers, government representatives, and authors agree and choose to release their results and products under some open source agreement then that is up to them.