Slashdot Mirror
Programmer Admits Stealing US Gov't Accounting Software Source Code
An anonymous reader writes with this excerpt from NetSecurity.org: "A Chinese computer programmer that was charged with stealing the source code of software developed by the U.S. Treasury Department pleaded guilty to the charge on Tuesday. The 33-year-old Bo Zhang, legally employed by a U.S. consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home." Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.
That seems like less harm then depriving the rightful owners of the code access, the american taxpayer.
That's fine as long as the output of the software doesn't affect anyone, anytime. If the software has any effect on the government's decision about anything that affects me, I should have the right to view the source.
Just like an American Citizen shouldn't have to worry about secret laws, the code that implements the law shouldn't be secret.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Normally, works of the US federal government are in the public domain, and not protected by copyright. How is this not the case here?
On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.
That's making the false assumption that "physical property" and "intellectual property" are the same thing. Hint: they are not.
Any work of the United States government, or an employee of such working on government time, is automatically in the public domain. Everything from NASA photographs to recordings of the Marine Corps Band to every boring office memo are public domain. I don't see why that should not apply to program code.
Note also that "classified" and "public domain" are separate things - technically, even the ultra-top-secret "list of nuclear launch codes" is public domain, in that no one can claim copyright or trademark on it. So the "fire ze missiles" program can be (and probably should be) classified. But the accounting programs?
The 33-year-old Bo Zhang, legally employed by a U.S. consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home.
Sweet.
Mother.
Of.
GOD.
NOT THE ACCOUNTING AND REPORTING SOFTWARE!!! Oh God no. Oh God no. Oh God no. Now the terrorists have access to the TPS REPORTS!!! They'll know how a PT-44 revision 8b (as amended by the New Management Initiative Subcommittee 79a-b, 1967) audit works! And — may God have mercy on our souls — they might figure out how to copy the entire submanagement structure of the Greater Boise Area (Excluding Outlying Suburbs and Farms) Processing and Distribution Department!
That's it. We're doomed. They have our bureaucracy. THEY HAVE OUR BUREAUCRACY, PEOPLE!!! THESE ARE THE END TIMES!!!
No, that he was Chinese, not American is why it made the front page. He's clearly part of the Chinese conspiracy to steal our IP, even though there is absolutely no mention that he sent the code back home to some Chinese corporation. In fact if they had proof of that I think he'd be facing a bit more than 1.5yrs, even with cooperation and you can bet your ass they looked. In this case his story makes sense, he's probably not the only person to do this.
I'm not sure how many American engineers and developers make copies of the work that they did while an employee of some company, but I know the number is greater than 0. Almost none of them are using it for industrial espionage or in allegiance to some foreign power. But it is almost always against your employment agreement, and if caught you likely will be sued or worse.
When the employer is the government, everything just gets escalated a few steps.
... it was written in Ada, so nobody knows what to do with it anyway.
Slightly disreputable, albeit gregarious
Exactly.
And it doesn't have to be COTS stuff. I know a small company that developed a weather instrument monitoring package and sold thousands of executable-only versions, but one customer wanted a source license so they could modify it or recompile it for other platforms. He sold exactly one source license.
Six months later a Google search revealed his entire source code on three different source code repositories, two of which were overseas.
Sig Battery depleted. Reverting to safe mode.
Not quite. It's true that a work of a U.S. federal government employee, performed as part of their official duties, cannot normally have copyright in the U.S. HOWEVER... most software developed for the government is developed by contractors, at least in part, and those parts DO have a copyright. (There are even a few exceptions for government employees, but they practically never apply.) Also, the term "public domain" has multiple meanings, presumably you mean public domain in the copyright sense (not the export control sense, which is different).
To see when contractors or the U.S. government can currently release software as OSS, see Publicly Releasing Open Source Software Developed for the U.S. Government by David A. Wheeler (me), Journal of Software Technology, February 2011. That's the current state of affairs.
I agree with the poster above: When "we the people" pay for software, then by default "we the people" should get it. I even posted an entry about that in 2010. Sure, there need to be exceptions, but they should be exceptions; it's not obvious why accounting software developed by the government is treated this way! I also agree that we should use clearer terms like intellectual rights (and intellectual works) - not "intellectual property" - because "intellectual property" is a fundamentally misleading term.
- David A. Wheeler (see my Secure Programming HOWTO)