Open-source software advocates to government: Let us help you fix healthcare.gov
By Gil Aegerter, Staff Writer, NBC News
(NBC) - As computer experts hired by the U.S. government scramble to fix the much-maligned healthcare.gov website, a corps of independent kibitzers is chiming in from around the world, publicizing coding flaws that they've discovered and offering suggestions for fixing them.
Much of the constructive criticism is coming from members of the "open source" community, a passionate but loose-knit group that advocates openness and collaboration as a means of writing better computer software. Their desire to help solve the federal government's website woes in part stems from an early decision by the Department of Health and Human Services to make the healthcare.gov code available for examination – a promise that was never fully fulfilled.
"If we can get the open-source community involved in the issue, people in the trenches (working for the government) can see the fixes," said Reed, who has previously worked on government projects.
It's not clear whether HHS or the federal contractors that created various components of healthcare.gov -- most notably Quality Software Systems Inc., or QSSI, and CGI Federal, which was in charge of making all the parts of the system work together -- are taking notice of the independent efforts. CGI Federal declined to comment to NBC News, and a request to QSSI for comment went unanswered. HHS also didn't respond to requests for comment.
It is well established that the government's website, which is critical to getting consumers to sign up for Obamacare, has been plagued with usability problems since it went live. It also has suffered outages that continued this week, including a failure Tuesday night at a Verizon Terramark data center that persisted into Wednesday and provided an embarrassing moment for Health and Human Services Secretary Kathleen Sebelius when she testified before the House Energy and Commerce Committee.
Last Friday, White House economic adviser Jeff Zients, who has been tasked with fixing the site, said that QSSI would oversee the job. "We are confident that by the end of the November, healthcare.gov will be smooth for the vast majority of users," he said.
Since then, HHS has held daily briefings for reporters and listed improvements on a blog.
Reed, however, said he has already produced a simpler, cleaner version of the software that could run on the desktop of consumers' personal computers, allowing them to create accounts, browse insurance plans and sign up for coverage – all without many of the headaches that have been plaguing the government's site.
Among the changes Reed said he has made to his version of the site:
- Repairing an error-ridden section listing state codes, which produced errors, used valuable computing resources and would have hampered residents of Wyoming trying to sign up for coverage because developers failed to account for the presence of the District of Columbia when they capped the number of states at 50.
- Removing Latin phrasing left amid the code as dummy text, including some phrases that actually appeared in error messages generated by healthcare.gov.
Reed noted that programmers working to fix healthcare.gov have addressed some of the same issues he has found.
Peter Durham, a software architect at NBC News, reviewed Reed's work on GitHub and agreed that the changes would make the site run faster on computers with slower connections, although the difference would not be as apparent with faster connections. He also pointed out that Reed's version must still communicate with the same servers at various government agencies and contractors that the real healthcare.gov accesses, so it would still be susceptible to outages like the one at Terramark.
Other independent efforts have focused on security issues.
Ben Simo, a software tester based in Phoenix and a past president of the Association of Software Testers, said his involvement stemmed from trying to retrieve his own password on healthcare.gov. When he did so, he said, he found that his username and password reset code were being returned to his browser without authentication, a potential security hole.
Simo said that he reported the flaw on the site's help line and by Monday, it was fixed. But he said the same information was still being passed to third-party analytics companies, a practice that he called inappropriate. He said Thursday that that flaw, too, had been fixed. (A summary of the issues found before the latest fix are available on his blog.)
Reed argues that making this an open-source project would have contributed to the site's security.
"Hiding the code and assuming that nobody will be able to get into it because they cannot find it is not real security," he said. "If anything, I think it makes (a site) susceptible because it creates a false sense of security."
Open-source advocates were excited when Health and Human Services CTO Bryan Sivak said this spring that the code for the site would be open for examination. But only the part of the front-end code produced by Development Seed was made available through GitHub, and that effort has been criticized by open-source advocates as incomplete.
Then, after the Oct. 1 launch of healthcare.gov, people started using the comments section to vent anger about the site's usability rather than talking about the code itself. The repository was removed at the government's request.
That prompted Reed to go into healthcare.gov and grab the files that run the marketplace enrollment application, code that was built by CGI Federal. He put those files on GitHub and asked other coders and programmers to look for problems and suggest fixes that would make the site run more smoothly.
Matthew McCall, an open-source advocate who has been a Presidential Innovation Fellow, has posted a petition on the White House website asking the government to release all the source code written by CGI Federal. "It is believed that the enrollment issues with healthcare.gov are likely due to poor coding practices in components that are unavailable to the world's development community to evaluate," the petition says. "Please release the code so we may help fix any found issues."
By Thursday, however, the petition had fewer than 3,000 of the 100,000 signatures needed by Nov. 19 to gain a response from the Obama administration.
In the meantime, the public appears divided on whether the website is repairable. In an NBC News/Wall Street Journal poll taken over the weekend, 37 percent said these are short-term technical woes that can be fixed, while 31 percent believe they point to a longer-term issue with the law's design that can't be corrected, and 30 percent think it's too soon to say.
"The only option is to fix it," said Reed, who believes that starting over from the ground up, as some have suggested the government do, isn't practical because of the amount of time that would take. "And the code is fixable. It's not the worst code that I've ever seen."