111 K Street NE
Washington, DC 20002
- Toll Free 1.888.564.6273
- Local 202.783.3870
Much of the programming of the healthcare.gov was copied from other people. That's not a scandal, because the original creators of the software licensed it for public use. But it should be a scandal that any of the code for the site is hidden away from public view and inspection under the guise of security.
All of the code for healthcare.gov should be freely available to the public.
When a program is written for a computer, it's often done in text-based programming languages that humans can understand but which are very slow for computers to run. To speed things up, that text-based source code for a program can be compiled into a form that is directly or more readily executable by a computer, but which humans can't understand.
A program is called "open source" if its license says its source code must be available to anyone running the program.
In the case of a web site, however, the code may be interpreted at the server end, and only the output sent to the user's browser. The source code is hidden from the user even more effectively than if it were compiled into machine-readable form.
There is a place for closed code: when you don't want someone else to know how your program works, so you can sell it to them. There is nothing like that here.
Every non-trivial program has flaws. Some are relatively harmless, such as spelling errors in error messages. Others keep the program from operating correctly, but really only limit its effectiveness. But some bugs expose confidential data, allow data to be altered without proper authorization, or even render the system on which the program is running unusable. We call these bugs security flaws, but there is really no difference between a security flaw and a program bug.
Security flaws are not remedied by hiding them. With millions of people probing and trying to find flaws, eventually they will be found. But they will be found by America's enemies and by criminals, not by benign testers.
Venture capitalist Fred Wilson called for opening the source for healthcare.gov to get the site working after its failed launch.
Secretary of Health and Human Services Kathleen Sebelius wrote in a blog post that DHHS will conduct an internal investigation, appoint a CMS Chief Risk Officer, and update and expand CMS employee training on best practices for contractor and procurement management, rules and procedures.
Rule of Law
But functionality is not the only reason to open the source for the Obamacare site. Bureaucrats interpret the law as passed by Congress and signed by the President. They make regulations that often don't encapsulate the intent of the law. Then the coders get to interpret what the bureaucrats say.
What if the coders haven't gotten it quite right? What if a table gets transposed, or a factor is wrong in a formula? Subtle errors -- or even great big ones -- can escape the eyes of people under pressure to get web sites up. The priorities of people paying taxes are different than the priorities of people writing programs to bill them.
That's not to mention the Reagan-era and even Carter-era COBOL code running at the IRS, DHS, and CMS. And there is a ton of it, much of which they don't even have source code for any more, or for which no one has looked at the source code for decades, or understands it any more.
This is not the full examination, since I haven't really touched on who owns the code or the full security benefits of opening the code. But generally any security benefit to hiding flaws in the code apply equally to the math. If it's protecting us to hide flaws, it's in equal likelihood ripping us off.