Programmer Admits Stealing US Gov't Accounting Software Source Code

An anonymous reader writes with this excerpt from NetSecurity.org: "A Chinese computer programmer that was charged with stealing the source code of software developed by the U.S. Treasury Department pleaded guilty to the charge on Tuesday. The 33-year-old Bo Zhang, legally employed by a U.S. consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home." Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.

Why?

Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.

So that countries who have not spent money can use it for free?

Re:Why?

[h4rr4r]

That seems like less harm then depriving the rightful owners of the code access, the american taxpayer.

Re:Why?

If the world had better accounting software, maybe the world economy would be healthier? But, I think what the author is of this submissions is suggesting is that the American public should have public access to any source code written by the public sector. See the words public there? It's no coincidence they're all spelled the same.

Re:Why?

[WrongSizeGlass]

Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.

So that countries who have not spent money can use it for free?

I, for one, do not want the overpriced, often delayed, over managed & under performing software my taxes pay for to be 'free' for anyone, any company or any country. Let them overpay and wait for their own.

Re:Why?

The answer is simple - and possibly already implemented - keep the source and executable under a license and confidentiality agreement.

License it free to American companies/individuals but not for free (or at all) to foreign ones.

Certainly there would be issues with keeping a multitude of licensees from leaking source like a sieve to similar foreign moles/agents, but we aren't talking about a DVD or mp3 file either.

Re:Why?

But he was Chinese, not American. In fact, that may be the only reason he was prosecuted.

dom

Re:Why?

> Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.

posting as a coward for obvious reasons... a lot of government generated code is released as public domain. I've done it, several people I work with do it. I believe this wasn't released because it is considered "sensitive" (but where does this sensitive and non-sensitive line get crossed? government is conservative and will make something sensitive rather than risk it).

This isn't my agency or even department, but here is an example (not a great one): http://www1.eere.energy.gov/buildings/commercial_initiative/modeling_software.html

Re:Why?

[Austerity+Empowers]

No, that he was Chinese, not American is why it made the front page. He's clearly part of the Chinese conspiracy to steal our IP, even though there is absolutely no mention that he sent the code back home to some Chinese corporation. In fact if they had proof of that I think he'd be facing a bit more than 1.5yrs, even with cooperation and you can bet your ass they looked. In this case his story makes sense, he's probably not the only person to do this.

I'm not sure how many American engineers and developers make copies of the work that they did while an employee of some company, but I know the number is greater than 0. Almost none of them are using it for industrial espionage or in allegiance to some foreign power. But it is almost always against your employment agreement, and if caught you likely will be sued or worse.

When the employer is the government, everything just gets escalated a few steps.

Re:Why?

[jellomizer]

I would have been more concerned if he took the data not the source code. Unless the Chinese officials wanted to analysis it for security flaws?

Re:Why?

[westlake]

That seems like less harm then depriving the rightful owners of the code access, the american taxpayer.

Simply out of curiosity:

of what possible use is internal accounting software designed for enterprises on the scale of the US government to the average American taxpayer?

The software in question keeps track of money exchanged between US government agencies and, according to the authorities, its development cost nearly $10 millions.

Programmer pleads guilty to US govt software source code theft

He said to the FBI that he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming.

Re:Why?

[ShanghaiBill]

So that countries who have not spent money can use it for free?

Sure. Why not? What interest does the USA have in keeping the rest of the world down? The World Economy is not a zero sum game.

Re:Why?

[Sir_Sri]

Unless of course the actual owners of the source code is a private company who sell the same software to multiple governments or countries (state governments or other countries) at which point open sourcing it just fucked them out of a huge chunk of their revenue.

Worse still is that the same basic accounting software may be used by corporations as well. There's lots of problems when writing software for money that aren't unique to the US, any decimalized system that uses numbers in the approximate ranges that dollars are used in, so there's a whole backend of making sure you are correctly representing numbers and dealing with them properly that could be used for any accounting software, even if part of it is US government specific.

a search for the program in the article points to http://www.fms.treas.gov/cars/index.html

which specifically includes reporting to a US government programme, so a corporation might need very similar if not the same software to plug into the treasury and bill them for example.

Re:Why?

Really? They all look like mouth-breathing, peroxide blonde bimbos to me.

Re:Why?

I see the Chinese governments attempts to derail forums dealing with anything mentioning china are ongoing.

Re:Why?

[ThorGod]

I, for one, do not want the overpriced, often delayed, over managed & under performing software my taxes pay for to be 'free' for anyone, any company or any country. Let them overpay and wait for their own.

Hmm, maybe 'free use' for any of the US naturalized/tax paying citizens.

Re:Why?

I'm not sure how many American engineers and developers make copies of the work that they did while an employee of some company, but I know the number is greater than 0.

You could do it merely because you don't trust the backup systems in the office. Why should you have to redo lots of work just because your employer is too incompetent/stingy on the backup systems? You could be naughty and pretend the work is lost, spend lots of time goofing off, and just copy your work as if you're recreating it...

I've heard that when some places screw up they go ask former employees questions like "erm do you happen to have accidental backup copies of XYZ". If they're not a good and friendly employer, the correct answer is "Of course not".

Re:Why?

[rickb928]

True. But Liberals seem to think their decisions are not just better for themselves, but the decisions they want to make for everyone else are better also.

And the decisions are different. Bad Conservative, stop polluting our environment. Now, 'scuse me while I hop in my private jet and get to Cannes in time for lunch with the gang. OK? We good here?

Maybe now we can find the accounting hole bugs

[BMOC]

if NON_DISCRET_SPENDING => WASTE
HIDE;
else
PROMOTE;
end

mixed ownership

[beatle42]

The ownership of the code can often get a little muddied, as the company who is paid to develop it may use their own funds at times too--or extend an existing product the company has for the government's needs--meaning some of it is proprietary and privately funded. This is why most such software is available for use within the government, but the private company maintains rights to continue to develop and sell it commercially as well.

Re:mixed ownership

[Maximum+Prophet]

That's fine as long as the output of the software doesn't affect anyone, anytime. If the software has any effect on the government's decision about anything that affects me, I should have the right to view the source.

Just like an American Citizen shouldn't have to worry about secret laws, the code that implements the law shouldn't be secret.

Re:mixed ownership

[Hatta]

Not just the right to view the source, you should have the right to use the code your tax dollars paid for for any purpose you choose. All products of government should be public domain. No exceptions.

Re:mixed ownership

[beatle42]

My point was that the government only pays, often, for part of the software. It would often be useless without some proprietary other part, so your goal wouldn't work without either depriving rights holders by virtue of them working with the government, or without you obtaining some commercial software as well.

Re:mixed ownership

[beatle42]

What about when the government buys a license for some COTS product? Should the government be barred from using proprietary software all together because the source will often be unavailable to us? It's certainly some different if the government is paying for development, though as I pointed out that's rarely clean cut either.

Re:mixed ownership

[icebike]

Exactly.

And it doesn't have to be COTS stuff. I know a small company that developed a weather instrument monitoring package and sold thousands of executable-only versions, but one customer wanted a source license so they could modify it or recompile it for other platforms. He sold exactly one source license.

Six months later a Google search revealed his entire source code on three different source code repositories, two of which were overseas.

 

Re:mixed ownership

[Githaron]

Terms of the copyrights and patents involved could be shortened proportionally to the amount the government spends on said project. If a company accepts government money, they would be required to release the source at the end of their shortened copyright.

Re:mixed ownership

[beatle42]

Well I'd expect your tax bill to go up soon if this were enacted. I would think the government would have to pay a hefty premium for a company to agree to terms like that.

Re:mixed ownership

[JimCanuck]

Hence why if you sell a source code license it should be for more then you expect to make out of the software till end of life. Once it is out of your hands, its no longer your own product.

Giving away code is never a smart idea no matter how much you think a single license is worth.

Re:mixed ownership

Should the government be barred from using proprietary software all together because the source will often be unavailable to us?

That would be an effective, straightforward solution. So, yes.

Interesting...

A Chinese national who used to work at my company lifted our proprietary code and fled back to China as well.

Re:Interesting...

There's a reason why the Chinese are desperately grabbing all of the source code they can. They're deadly serious about offensive cyberwarfare, and starting to get good at it.

Re:Interesting...

Why are we hiring Chinese nationals again? FFS... How is this unexpected. Fucking chinks...

Give him a medal

US Govt accounting methods should be considered economic weapons of mass destruction. Also: First Post!

I've done that before

Not to sell the code afterwards but to keep at home so I can save some code patterns and ideas for future use.

Re:I've done that before

[lightknight]

Indeed. The article is short on details.

Here's the real story

The software in question keeps track of money exchanged between US government agencies and, according to the authorities, its development cost nearly $10 millions.

The idea of "stealing" government information would normally be nonsensical but if the guy is Chinese I suppose a weird (but valid) argument could be made that he is not part of the public that paid for it. If you or I ask for the source code, it should either be supplied to us or else we should get a tax refund. This guy? Technically no; he has no claim.

What's really fucked up is the dollar amount. Everybody immediately knows massive fraud or incompetence has happened. That's embarrassing and just because US currently has no conservative parties, that doesn't mean it never will, so it could some day possibly become a political issue. If I worked in that department, I too would feel constant unease and shallowly-submerged yet intensely burning desire to mete our severe punishment against anyone who does anything to attract public attention to this system's existence. Who is to say (for sure) that a Congress couldn't be elected in 2014 that takes away your cushy taxpayer-funded job? Anyone related to this project who gets into the news needs to be skinned and burned alive.

Re:Here's the real story

[amRadioHed]

That's embarrassing and just because US currently has no conservative parties

You misspelled "liberal".

newsflash

You are not the "owner" of the NASA space shuttle either. (or the code that runs it). Just because you paid money to allow a government department to function doesn't mean you own them.

Re:newsflash

[gman003]

That's making the false assumption that "physical property" and "intellectual property" are the same thing. Hint: they are not.

Any work of the United States government, or an employee of such working on government time, is automatically in the public domain. Everything from NASA photographs to recordings of the Marine Corps Band to every boring office memo are public domain. I don't see why that should not apply to program code.

Note also that "classified" and "public domain" are separate things - technically, even the ultra-top-secret "list of nuclear launch codes" is public domain, in that no one can claim copyright or trademark on it. So the "fire ze missiles" program can be (and probably should be) classified. But the accounting programs?

Re:newsflash

[sohmc]

Someone please mod this as +1 Informative.

The key here is that no one can claim copyright to work done by the US Government. This does not mean that it is accessible to the public.

Re:newsflash

Everything from NASA photographs to recordings of the Marine Corps Band to every boring office memo are public domain.

I agree, but I never trust the law. What was the settlement between McCandles and Sony over the spacewalk photo?

http://www.guardian.co.uk/music/2010/oct/08/astronaut-sues-dido-album-cover

Re:newsflash

[bcong]

Yes it is in the public domain, but there is no requirement for them to proactively share it to the public.

Re:newsflash

[pingbak]

Software is acquired from a contractor, so the Federal Acquisition Rules and various tailored versions, e.g., DFARS, apply.

The government purchases systems. Source code is considered data -- so the applicable FARS and DFARS are technical rights to data. Data rights are negotiated separately from software (system) rights and source code is delivered as part of a separate contract deliverable requirement list (CDRL) item, if the source code is even delivered. In 99.999% of contracts I've seen, source code is never delivered and when it is delivered, the most restrictive data rights are applied.

A lot, though, is changing through the DoD's Open Architecture initiatives (formerly the Navy's Open Architecture Program). Source code is expected to be delivered as a CDRL item with unrestricted rights as the default. And it turns out that the GPL is a version of a unrestricted license (I know because I spent a week with the SFLC and a Navy IP attorney collecting the information), so there's some hope on the horizon.

Bad news for those of you hoping to get a major weapons system's source code: The USG is the owner of the conveyed executable, so only the USG gets the source code.

Re:newsflash

[danomac]

So the "fire ze missiles" program can be (and probably should be) classified. But the accounting programs?

Well, if they're using Hollywood accounting, I can see what they'd want that classified...

Re:newsflash

[tehcyder]

Note also that "classified" and "public domain" are separate things - technically, even the ultra-top-secret "list of nuclear launch codes" is public domain, in that no one can claim copyright or trademark on it. So the "fire ze missiles" program can be (and probably should be) classified. But the accounting programs?

If I was a criminal I would rather have access to the source code for someone's accounting program than almost anything else. If you gave me the list of nuclear launch codes tomorrow I wouldn't have any use for them.

give him life and tell your lucky not to get death

give him life and tell your lucky not to get the death penalty for treason

Seems kinda dumb

[dkleinsc]

If you're going to steal something from the United States, I'd think it would be much better to steal something that works well!

Re:Seems kinda dumb

Accounting software that directs funds from all other services directly to the Military, why wouldn't China want that LOL

Re:Seems kinda dumb

The 33-year-old Bo Zhang, legally employed by a U.S. consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home.

Sweet.

Mother.

Of.

GOD.

NOT THE ACCOUNTING AND REPORTING SOFTWARE!!! Oh God no. Oh God no. Oh God no. Now the terrorists have access to the TPS REPORTS!!! They'll know how a PT-44 revision 8b (as amended by the New Management Initiative Subcommittee 79a-b, 1967) audit works! And — may God have mercy on our souls — they might figure out how to copy the entire submanagement structure of the Greater Boise Area (Excluding Outlying Suburbs and Farms) Processing and Distribution Department!

That's it. We're doomed. They have our bureaucracy. THEY HAVE OUR BUREAUCRACY, PEOPLE!!! THESE ARE THE END TIMES!!!

Re:Seems kinda dumb

[dkleinsc]

Don't forget the even greater horror of learning the entire contents of form 27B-6.

Re:Seems kinda dumb

Zombie Jesus on a pogo stick!? How is this not +5 Funny yet? I haven't laughed this hard in days.

Public domain?

[Meneth]

Normally, works of the US federal government are in the public domain, and not protected by copyright. How is this not the case here?

On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.

Re:Public domain?

[GoodNewsJimDotCom]

You stole my idea that stealing ideas is not stealing.

Re:Public domain?

Normally, works of the US federal government are in the public domain, and not protected by copyright. How is this not the case here?

Well, it's accounting software written by the federal government. This isn't in the public domain out of embarrassment.

Re:Public domain?

[mbenzi]

Yes, from the discussion of this I don't see how this is a copyright case.

Works of the United States government are not entitled to domestic copyright protection under U.S. law, sometimes referred to as "noncopyright."

relevant discussion of this http://en.wikipedia.org/wiki/Copyright_status_of_work_by_the_U.S._government

Re:Public domain?

On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.

Slashdot is just reporting the news here. He admitted to "stealing". The word choice was not Slashdot's.

Re:Public domain?

A work of the United States government, as defined by United States copyright law, is "a work prepared by an officer or employee of the U.S. government as part of that person's official duties. In this case it was created by a contractor so it does not fall in the public domain. It's a real shame people take advantage of loopholes within the law.

Re:Public domain?

[Frosty+Piss]

On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.

TFA says that he burned it to a CD, so if the CD came from stock purchased by his employer than it is technically correct to say he stole the code.

Re:Public domain?

On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.

Why? I'm always suspect of the motives of someone who wants to stop using a perfectly workable term that's been used for centuries.
 
(Especially since in this case, the argument for change is usually based on a juvenile appeal to selective dictionary definitions.)

Re:Public domain?

[ffflala]

Wow, what a great comment. There's a technical answer to your question, but I think you might actually have hit upon a useful litigation or at least lobbying strategy. There are two aspects to the answer: (1) Only works produced by US employees or officers fall into the public domain exception; works produced by contractors are not. (2) There's statutory distinction between between "computer program" and "work of the United States government." http://www.law.cornell.edu/uscode/text/17/101

A "computer program" is a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result . . . .
A "work of the United States Government" is a work prepared by an officer or employee of the United States Government as part of that personâ(TM)s official duties.

Interestingly, note that in those definitions, the actual term "work" itself is not delineated, only different types of works: audiovisual works, collective works, derivative work, joint works, literary works, etc.

While there's judicial precedent for considering a computer program as a type of literary work (

"Thus a computer program, whether in object code or source code, is a âoeliterary workâ

...it did so in a specific context:

"...and is protected from unauthorized copying, whether from its object or source code version."

(Apple v. Franklin, http://digital-law-online.info/cases/219PQ113.htm) I think you might have hit upon not just a technical loophole but one that points to informed underlying public policy -- source code for things like voting machines, for example, should be open. Technically that's a matter of state, not federal, copyright since states run elections, but the public policy concern is the same.

Still, for TFA's category of software --internal accounting-- there are obvious conflicts to business interests: contractors would probably find such requirements detrimental to their business models. I believe that there's also a perceived security risk that outweighs any long-term security benefit. I imagine that most bureaucrats would think of opening the source in this kind of scenario as something akin to releasing the architectural plans for a federal building -- it would just make it easier for a malicious party to attack said program/building. It's that last concern --because it's actually a sincere one in most cases, and based on the reality that there are malicious parties who would like to attack such programs for any number of reasons and have already done so-- that I believe would probably be the biggest obstacle to getting the fed to move to open source.

Re:Public domain?

[pingbak]

The software wasn't written by the USG, it was written under contract to be delivered to the USG. Subtle difference, but no, the software is not in the public domain because it wasn't written by the USG. See the "Software System Acquisition 101" post below...

Re:Public domain?

[humanrev]

On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.

On another note, just let it go. The meaning of words change, it's a fact of life. Everyone knows that when someone is accused of "stealing" music acquired digitally, all they did was copy some files, but by the wider community it's still called and classified as stealing. Copyright infringement is perhaps the legal definition of what happened, but as far as definitions go with the layman, it's called stealing and is the least confusing word to use.

Same with hacking vs. cracking. You try subbing in the word "cracking" with what society has defined the word "hacking" to represent and you'll just confuse people unnecessarily.

In other words, since EVERYONE knows what's going on with the usage of the word stealing, even if it's a non-physical product which was copied, there's really nothing to "fix". /mark me Troll if you don't agree, it's the Slashdot way

Re:Yes, release the source.

This is about tax and accounting software.

Do you really think anyone would want to steal that? It is probably of no use at all except to those that pay taxes in america...

And the problem is ... ?

[richg74]

Given the way our government seems to run its accounts, perhaps we should hope that all potential competitors / adversaries steal it.

US Citizen or Chinese citizen??

So is he Chinese as in decent, or Chinese as in citizen of China? Those are two very very different things. Even though the code may not be classified I'm typically against having non US citizens working on US funded code bases. This seems like a security and political issue to me. Though the code may not be classified it is likely subject to the same rigid standards that classified code is subject to. This seems like giving out too much information about how the US government requires code to be developed to a foreign body. I don't like it and politically I like it even less. When the government is outsourcing, even by proxy, it makes this country look like a bunch of morons who can't do anything themselves. We have out of work developers right here. Typically I have no problem whatsoever with using products from other countries. This country was founded on a principle that immigration and diversification make a wide open place where anyone on Earth is welcome. I do like that a lot, but national security is national security even when its something as small and seemingly meaningless as this.

Re:US Citizen or Chinese citizen??

[parkinglot777]

So is he Chinese as in decent, or Chinese as in citizen of China?

A simple question to answer your curiosity is that if he was hired with working visa when he stole the code, what do you think he is a U.S. citizen back then?

Also, if I understand correctly, Chinese decent means he person's parents and/or ancestors are from China regardless the person is a citizen of the country (even though it is implied). Therefore, the person should be Chinese decent anyway?

Re:US Citizen or Chinese citizen??

[andy1307]

I know a lot of decent Chinese people... Also a lot of people of Chinese descent.

Re:Yes, release the source.

[wonkey_monkey]

Do you really think anyone would want to steal that?

Do you really think no-one would? What if there's a vulnerability in there that could send the entire tumbling down? I'm sure no foreign power would be interested in that.

Bo Schmo

Bo went too far with his own bravado, he should have chosen a different alias. He also seems to have misunderstood his lawyer's advice when he was told: "Bo, you don't know Diddley!" and went ahead and pleaded guilty. Bo, you're a schmo!

So by your logic

[Shivetya]

since a Government employee can use Office in the course of their job affecting you would that mean that Microsoft must provide the source for viewing?

At what level would we set a limit? As the person you replied stated, most times government contracts are for making minor changes, many soft coded at that, to adapt existing proprietary software to the customer's needs.

I would agree with software created expressly for the government, as in it was the original customer.

Don't be such simpletons!

Think about if all this software you claim should be open source. Let's see: software NASA develops, software for our military systems, satellites, infrastructure, etc. Yeah, let's make it open so everyone in the world can copy it for free. What are you thinking?

However ...

[LMacG]

... it was written in Ada, so nobody knows what to do with it anyway.

And was the code sent to China?

[Squidlips]

So he risked 10 years in jail just for bedtime reading? Seems improbable. And seems likely he will jump bail and pull another Charlie Trie.

Taxes How-To

GREAT! Now release the code so we can finally understand HOW TO DO OUR TAXES. :D

Re:Taxes How-To

The new simplified form now has only two lines.

1) How much did you make last year? _________
2) Send check to IRS for amount listed on Line 1.

Chinaman stealing code = spy

Obviously....

Not quite - here's more info

[dwheeler]

Not quite. It's true that a work of a U.S. federal government employee, performed as part of their official duties, cannot normally have copyright in the U.S. HOWEVER... most software developed for the government is developed by contractors, at least in part, and those parts DO have a copyright. (There are even a few exceptions for government employees, but they practically never apply.) Also, the term "public domain" has multiple meanings, presumably you mean public domain in the copyright sense (not the export control sense, which is different).

To see when contractors or the U.S. government can currently release software as OSS, see Publicly Releasing Open Source Software Developed for the U.S. Government by David A. Wheeler (me), Journal of Software Technology, February 2011. That's the current state of affairs.

I agree with the poster above: When "we the people" pay for software, then by default "we the people" should get it. I even posted an entry about that in 2010. Sure, there need to be exceptions, but they should be exceptions; it's not obvious why accounting software developed by the government is treated this way! I also agree that we should use clearer terms like intellectual rights (and intellectual works) - not "intellectual property" - because "intellectual property" is a fundamentally misleading term.

Re:Not quite - here's more info

[s.petry]

There is also international rules involved since this code would be available to those outside of the US as well as within the US. This is where ITAR comes in to play.

I.E. You being an employee may have access under ITAR to an item. Copy that item, and place it in public domain and there is a problem.

Your pretty far out there in your views if you think that anything tax payers pay for in the US should be freely available to someone in Korea for example. Unless Korea is paying the US for the work done, and tax payers are refunded money that is.

Re:Not quite - here's more info

[plover]

"intellectual property" is a fundamentally misleading term.

Assuming that phrase truly is misleading, that pretty much guarantees it will continue to be used. "Misleading" means that someone is benefitting from the improper usage, and they will not willingly give up this tool.

And we know which industry groups love to use this phrase.

Re:Not quite - here's more info

[StikyPad]

Well, believing that ITAR has any effect when it comes to the flow of information is rather Pollyanna to begin with. And sure, we don't want to supply material support to the governments of NK or Iran, but the free flow of information helps the people more than it does their oppressive regimes. Of course that's not necessarily applicable to the software in question, but I'm speaking to the larger issue of ineffective, and potentially counter-productive, trade restrictions on intellectual works.

Re:Not quite - here's more info

[s.petry]

"The Greater Good" that you are speaking of is paid for by US citizens, not foreign citizens. There is this horrible mind set in the US that if we hold things from foreign governments we are being evil protectionists. Yet those same governments you wish to give things to are far more protectionist than we are, and provide little in return.

In your view, you should give away all of your wealth and property to those in need? Don't own anything, don't save anything, and surely don't overindulge in anything just to make sure some poor family in China has the means to live in a Government owned home?

That is pretty much the direction of your last sentence. For all I know, maybe you live in the street and don't own anything and visit the library to visit Slashdot. I have met a couple people like this. I strongly doubt it though, since most people want to own things and pass something down to the next generation.

Re:Not quite - here's more info

[StikyPad]

I'm sorry, who the fuck are you replying to? I didn't say anything about giving up all of our worldly possessions and sending all of our wealth to NK; in fact I specifically said that *material support* should obviously be prohibited. What I said is that information (which would especially cover works in the public domain) is not effectively restricted by ITAR, and it's ridiculous to even pretend that it is.

Re:Not quite - here's more info

[ATMAvatar]

If the US Government had a magical device that materialized food whenever someone pressed a button, I would have absolutely no problem as a taxpayer in allowing any foreign government to regularly visit and ask for food. I would simply put the foreign governments in a priority queue where US citizens were considered the highest priority.

Re:Not quite - here's more info

Precisely so...

What if a contractor agrees to give the government (taxpayers) a discount in exchange for a "government purpose rights" or "limited rights", is that good, bad or indifferent?

When /. thinks the public should have the source..

[HockeyPuck]

Should the public also have keys to the government offices? The reasoning around here being if we paid with our tax dollars for the software, we should get the source code. Should we also get all the keys to all the doors? Or should we just not have locks on the doors to the gov't buildings?

Re:When /. thinks the public should have the sourc

Hey, my taxes pay for that building, I should be able to nap on the Oval Office couches any time I want!

US Government Accounting

[bunyip]

Ummm - am I the only one that would wonder why anybody would want this?

Re:US Government Accounting

I'm surprised they actually had software for this!

Re:US Government Accounting

Because knowing something more about your enemy is better than not knowing anything. The added plus of knowing where their money is going is a valuable information if the Chinese could find a hole to get into the software. Plus if the software is good enough the Chinese could sell it and make money on it or use it themselves without paying for it. Classic China.

Re:US Government Accounting

The software was likely written by a vendor, and was likely stolen for use by a Chinese company. But that's speculative.

Re:US Government Accounting

Do need to use a special data type to store the value of our national debt?

Re:US Government Accounting

[T.E.D.]

Most likely so he could work on it at home. That's why most folks take code from work home.

Re:Yes, release the source.

[geminidomino]

I can't imagine why? In cases like tax info, it's the data that's valuable, not the over-engineered lovecraftian spreadsheet that are the tax calculations.

A rare case for liberated software

[unixisc]

I quite agree w/ this. In fact, despite my general disagreement w/ the GPL, this is one of those rare cases where I think GPLv3 is useful: the original software written, since it's done for the US taxpayer, should be public domain, and any modifications made to it should be available under the same T&C. That way, businesses normally wouldn't want to touch it and taxpayers wouldn't be subsidizing free work for them, any improvements made to it will be publicly viewable, and so on. IRS written software would be one of the best examples of what should be GPL'ed.

If other countries or entities then want to use it, they can, but any changes they make would have to be made available. Which can then be determined whether it's useful to its original creators and included in the main branch. Same goes for other individuals or organizations doing it.

Only exception to the above rule is if the government software in question is needed to work on classified information, or for things like the military, in which case, secrecy is important. In such cases, a good idea would be to have such software w/ source code under limited distribution, so that it doesn't fall into the hands of enemies.

Re:A rare case for liberated software

[ThorGod]

this is one of those rare cases where I think GPLv3 is useful..

If other countries or entities then want to use it, they can, but any changes they make would have to be made available. Which can then be determined whether it's useful to its original creators and included in the main branch. Same goes for other individuals or organizations doing it.

Does the GPL have any standing in international courts? International IP/licensing law and enforcement might make the GPL a fairly naive tool to ensure modified changes are shared by all. For all I know, international law is only as good as the respect the relevant countries place in it...and I'm under the impression that it's up to the countries to choose what they do and don't legally enforce/respect.

Of course, I reserve the right to be completely naive and wrong about how international law 'works' - but when we're talking about sovereign entities.

Re:A rare case for liberated software

[unixisc]

Maybe RMS could go to the UN and to the International Court of Justice @ the Hague and lobby them to make GPL their official recognized license. Given how he shares their world vision, he might get lucky, and it would give him a new hobby to pursue over the next several months @ stallman.org.

The Federal Reserve isn't really a federal agency

[MikeRT]

The Federal Reserve is actually a public-private corporation that happens to do some important Treasury-related functions. They're not an actual federal agency like the US Mint.

Re:Yes, release the source.

[WindBourne]

Yeah. I am sure that somebody that wants to attack the west would never be interested in getting access to our software. I mean how useful would it be for China to see where we are spending money at (note that this was about REPORTING) or being able to change the numbers so as to cause chaos within the gov. Likewise, they would never want to control our utilities, our transportation, etc.

If you RTFA...

[MikeRT]

You'll see that the main reason they went after him was because he took the source code in order to use it for his personal profit, and it hadn't gone through the proper channels to make it public-ready. In other words, what he did with the accounting software was roughly equivalent to taking classified missile control software home in order to either start a competing business or use it to help his current one. Technically, the software is "public domain," but the Federal Reserve had not actually gone through the process of making it ready to be released to the public.

I have no problem with him doing a few years for that because what he did is no different than taking a work-for-hire work home to use for a customer who didn't pay for it nor was authorized by the paying customer to have it. That's for-profit copyright violation in the private sector, and since he intended to derive private benefits from it, I don't see much of a difference. It's not like he took it home, modified it to be attractive to the Department of the Treasury and tried to demo it to another part of the government (since the Federal Reserve is a quasi-federal agency, taking their code to show to the Treasury would have been less legally problematic)

Re:If you RTFA...

[gman003]

Now why on earth would I read the article? That would just get in the way of writing more comments disparaging IP law, ranting about the government/Microsoft/Apple/Google/MPAA/RIAA, and fervently awaiting the Year of Linux on the Desktop.

The Federal Reserve is not the government

The Federal Reserve Bank of New York is private bank, with special privaleges from the government. It is not part of of the government.

https://en.wikipedia.org/wiki/The_Federal_Reserve_Bank_of_New_York

Re:The Federal Reserve is not the government

We've got a dumb fucked tinfoil hatter, here! Mod this fucker down. Federal Reserve conspiracies not welcome on this mainstream site.

Oxymoron

[PPH]

"US Government Accounting".

My thoughts based on the article

[pkinetics]

He said to the FBI that he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming.

How much involvement did he have with the code? Meaning how much of it did he write?

Even in a complex system, a hands on developer should know enough of the concepts that they could mock up something for later. Not necessarily a functioning application, but pseudo-coding at a high level to re-evaluate later.

Seriously, if someone is teaching computer programming, how much specifics are you going into? You don't need the line by line, but the concepts.

Well maybe if you are teaching how to debug large scale code, I could see the need to have a library.

Maybe he is an example of the old joke, "those who can't, teach." I'm not a fan of the joke as it was good teachers who helped me to hone my analysis skills.

Re:My thoughts based on the article

[TheLink]

Maybe he was going to use large parts of it as examples of what not to do ;).

I know everyone wants open source

[Karmashock]

But for security reasons there are some good things about closed source.

Lets be real here, we're talking about root financial systems. Neither individuals nor most corporations have any interest in this software. This is the prevue of nations and huge trade alliances.

Keeping the code secret makes it more secure. Yes, it can't be used as the only level of security. It must be on TOP of everything else. I don't think giving the chinese access to our treasury accounting software is going to make the world a better place.

bizarre comments are bizzare

[ThorGod]

I can't believe the comments I'm reading here. The crime, as I understand it, is that a Chinese citizen used his trusted access to US government goods to STEAL US government goods. I don't care what it is...if he stole staples, it's still stealing.

The comments here all seem to think that, simply because the US government paid for the code at some point *then* everyone in the world should have access to that code. Surely you're joking, right?

He said to the FBI that he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming.

So, as I understand it, his defense is that he stole the code for his own commercial use. He admits to stealing code "for his own commercial use". I put the second half in quote, because we have no proof as to his ultimate intentions. He could have been planning to bring that code back to China with him and share it with the Chinese government in a private, espionage sense. It doesn't matter if the code is the most boring, useless code...it's still US government property. Even if all US government property is "US public property" - you still have to be a US citizen to legally lay use to that property in any legal way. What he did was illegal and highly suspicious.

Re:bizarre comments are bizzare

Agreed. All of that plus frankly TCB. Typical Chinese Behavior. I say that as 2nd generation mainlander! Why are we trusting Chinese citizens with these kinds of contracting jobs???

Re:The Federal Reserve isn't really a federal agen

[FatMacDaddy]

That's a good point. As a minor point of clarification, the Board of Governors in DC is part of the Federal Government (an agency within the US Treasury), whereas the reserve banks and branches are public-private corporations, as described. Since this happened at the New York reserve bank, your comment applies. I just wanted pipe up with that minor distinction.

Software System Acquisition 101

[pingbak]

Software is acquired from a contractor, so the Federal Acquisition Rules and various tailored versions, e.g., DFARS, apply. It is not developed by the USG, unless specifically talking about something that a USG civilian employee (__not__ a contractor) authored.

The government purchases systems, writes contracts to acquire systems. Source code is considered data -- so the applicable FARS and DFARS are technical rights to data. Data rights are negotiated separately from software (system) rights and source code is delivered as part of a separate contract deliverable requirement list (CDRL) item, if the source code is even delivered. In 99.999% of contracts I've seen, source code is never delivered and when it is delivered, the most restrictive data rights are applied.

A lot, though, is changing through the DoD's Open Architecture initiatives (formerly the Navy's Open Architecture Program). Source code is expected to be delivered as a CDRL item with unrestricted rights as the default. And it turns out that the GPL is a version of a unrestricted license (I know because I spent a week with the SFLC and a Navy IP attorney collecting the information), so there's some hope on the horizon.

Bad news for those of you hoping to get a major weapons system's source code: The USG is the owner of the conveyed executable, so only the USG gets the source code.

Re:Software System Acquisition 101

[pingbak]

Joe Taxpayer doesn't get access to the GWA software or source code as the result of how the FAR rights and data rights work. Moreover, Bo Zhang committed theft from his employer, not Joe Taxpayer.

Federal Prosector needs Publicity

[dgharmon]

"Bo Zhang .. said .. he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming".

'The software in question keeps track of money exchanged between US government agencies and, according to the authorities, its development cost nearly $10 millionsM`.

This is, of course, bullShit ...

Not to be racist

[ThatsNotPudding]

(too late, I suspect), but the first thing that came to mind while reading TFS are all the tech companies yet again whining for even more work visas because they just can't find 'good enough' US citizens. 'Good enough' being a working definition for mole, nationalist, or just straight-up thief. But hey, they work hard and cheap (discounting the rather negative ROI of IP theft).

One thing I learned from slashdot today

[tehcyder]

Is that "public domain" in the US doesn't mean "available to the public".

Who knew?

Hey Timothy

[DaveV1.0]

Stop sticking your fucking opinion in the posts and shut the fuck up.