Federal open-source policy isn't open enough, says tech group

The Electronic Frontier Foundation has praised new federal guidelines aimed at improving the sharing of federally developed software code but complained that the government's 20 percent release goal does not go far enough.

The policy, announced by U.S. CIO Tony Scott on Aug. 8, seeks to makes federal source code more accessible while increasing sharing across government and reducing duplicative software purchases.

The policy calls for agencies to open 20 percent of their custom code for the duration of a three-year pilot project, including making that code available to the public.

By adopting an open-source mindset, Scott said, the federal government would remain technologically neutral and ensure that IT investments are "merit-based." He added that the amount of available federal open-source software will grow.

However, in an Aug. 15 blog post, EFF Activist Elliot Harmon said the goal is about 80 percent short of the ideal amount of government open-source code that should be made available.

The policy was "great news, but doesn't go far enough in its goals or in enabling public oversight," he wrote, adding that "while the new policy is a step forward for government transparency and open access, a few of the changes in it are flat-out baffling."

EFF had commented on the Office of Management and Budget's original proposal in April, which would have required all code written by federal employees and a minimum of 20 percent of code written by third-party developers be released to the public under a license approved by the Open Source Initiative. Priority would be given to code considered "potentially useful to the broader community."

In its April comments on the policy, EFF recommended that OMB abandon the 20 percent rule and instead release all open-source code whether written by federal employees or third parties, adding that exceptions could be made for code deemed too expensive or potentially dangerous.

In the policy issued in August, however, EFF said OMB "went in the opposite direction" by applying the 20 percent rule to code written by federal employees and third-party developers.

Harmon wrote that the open-source policy is about more than outside developers being able to reuse and build on government code. It is about accountability. "Giving the public access to government source code gives it visibility into government programs," he added.

"With access to government source code -- and permission to use it -- the public can learn how government software works or even identify security problems," he wrote. However, the 20 percent rule could allow agencies to "easily sweep the code in most need of public oversight into the 80 percent."

Although Harmon said the policy does encourage agencies to make as much code as possible open, it is too timid.

"Open-government policy is at its best when its mandates are broad and its exceptions are narrow," he wrote. "Rather than trust government officials' judgment about what materials to make public or keep private, policies like OMB's should set the default to open."