Programmer Admits Stealing US Gov't Accounting Software Source Code 125
An anonymous reader writes with this excerpt from NetSecurity.org: "A Chinese computer programmer that was charged with stealing the source code of software developed by the U.S. Treasury Department pleaded guilty to the charge on Tuesday. The 33-year-old Bo Zhang, legally employed by a U.S. consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home." Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.
Re:Why? (Score:5, Insightful)
That seems like less harm then depriving the rightful owners of the code access, the american taxpayer.
Re: (Score:1)
License it free to American companies/individuals but not for free (or at all) to foreign ones.
Certainly there would be issues with keeping a multitude of licensees from leaking source like a sieve to similar foreign moles/agents, but we aren't talking about a DVD or mp3 file either.
Re:newsflash (Score:5, Informative)
That's making the false assumption that "physical property" and "intellectual property" are the same thing. Hint: they are not.
Any work of the United States government, or an employee of such working on government time, is automatically in the public domain. Everything from NASA photographs to recordings of the Marine Corps Band to every boring office memo are public domain. I don't see why that should not apply to program code.
Note also that "classified" and "public domain" are separate things - technically, even the ultra-top-secret "list of nuclear launch codes" is public domain, in that no one can claim copyright or trademark on it. So the "fire ze missiles" program can be (and probably should be) classified. But the accounting programs?
Re: (Score:2)
Someone please mod this as +1 Informative.
The key here is that no one can claim copyright to work done by the US Government. This does not mean that it is accessible to the public.
Not quite - here's more info (Score:5, Informative)
Not quite. It's true that a work of a U.S. federal government employee, performed as part of their official duties, cannot normally have copyright in the U.S. HOWEVER... most software developed for the government is developed by contractors, at least in part, and those parts DO have a copyright. (There are even a few exceptions for government employees, but they practically never apply.) Also, the term "public domain" has multiple meanings, presumably you mean public domain in the copyright sense (not the export control sense, which is different).
To see when contractors or the U.S. government can currently release software as OSS, see Publicly Releasing Open Source Software Developed for the U.S. Government by David A. Wheeler (me), Journal of Software Technology, February 2011 [thedacs.com]. That's the current state of affairs.
I agree with the poster above: When "we the people" pay for software, then by default "we the people" should get it. I even posted an entry about that in 2010 [dwheeler.com]. Sure, there need to be exceptions, but they should be exceptions; it's not obvious why accounting software developed by the government is treated this way! I also agree that we should use clearer terms like intellectual rights (and intellectual works) - not "intellectual property" [dwheeler.com] - because "intellectual property" is a fundamentally misleading term.
Re: (Score:3)
There is also international rules involved since this code would be available to those outside of the US as well as within the US. This is where ITAR comes in to play.
I.E. You being an employee may have access under ITAR to an item. Copy that item, and place it in public domain and there is a problem.
Your pretty far out there in your views if you think that anything tax payers pay for in the US should be freely available to someone in Korea for example. Unless Korea is paying the US for the work done,
Re: (Score:2)
Well, believing that ITAR has any effect when it comes to the flow of information is rather Pollyanna to begin with. And sure, we don't want to supply material support to the governments of NK or Iran, but the free flow of information helps the people more than it does their oppressive regimes. Of course that's not necessarily applicable to the software in question, but I'm speaking to the larger issue of ineffective, and potentially counter-productive, trade restrictions on intellectual works.
Re: (Score:2)
"The Greater Good" that you are speaking of is paid for by US citizens, not foreign citizens. There is this horrible mind set in the US that if we hold things from foreign governments we are being evil protectionists. Yet those same governments you wish to give things to are far more protectionist than we are, and provide little in return.
In your view, you should give away all of your wealth and property to those in need? Don't own anything, don't save anything, and surely don't overindulge in anything j
Re: (Score:2)
I'm sorry, who the fuck are you replying to? I didn't say anything about giving up all of our worldly possessions and sending all of our wealth to NK; in fact I specifically said that *material support* should obviously be prohibited. What I said is that information (which would especially cover works in the public domain) is not effectively restricted by ITAR, and it's ridiculous to even pretend that it is.
Re: (Score:2)
Re: (Score:2)
"intellectual property" is a fundamentally misleading term.
Assuming that phrase truly is misleading, that pretty much guarantees it will continue to be used. "Misleading" means that someone is benefitting from the improper usage, and they will not willingly give up this tool.
And we know which industry groups love to use this phrase.
Re: (Score:3)
Re: (Score:2)
Now why on earth would I read the article? That would just get in the way of writing more comments disparaging IP law, ranting about the government/Microsoft/Apple/Google/MPAA/RIAA, and fervently awaiting the Year of Linux on the Desktop.
Re: (Score:1)
Re: (Score:2)
Software is acquired from a contractor, so the Federal Acquisition Rules and various tailored versions, e.g., DFARS, apply.
The government purchases systems. Source code is considered data -- so the applicable FARS and DFARS are technical rights to data. Data rights are negotiated separately from software (system) rights and source code is delivered as part of a separate contract deliverable requirement list (CDRL) item, if the source code is even delivered. In 99.999% of contracts I've seen, source code is
Re: (Score:2)
Well, if they're using Hollywood accounting, I can see what they'd want that classified...
Re: (Score:2)
Note also that "classified" and "public domain" are separate things - technically, even the ultra-top-secret "list of nuclear launch codes" is public domain, in that no one can claim copyright or trademark on it. So the "fire ze missiles" program can be (and probably should be) classified. But the accounting programs?
If I was a criminal I would rather have access to the source code for someone's accounting program than almost anything else. If you gave me the list of nuclear launch codes tomorrow I wouldn't have any use for them.
Re: (Score:1)
But he was Chinese, not American. In fact, that may be the only reason he was prosecuted.
dom
Re:Why? (Score:4, Interesting)
No, that he was Chinese, not American is why it made the front page. He's clearly part of the Chinese conspiracy to steal our IP, even though there is absolutely no mention that he sent the code back home to some Chinese corporation. In fact if they had proof of that I think he'd be facing a bit more than 1.5yrs, even with cooperation and you can bet your ass they looked. In this case his story makes sense, he's probably not the only person to do this.
I'm not sure how many American engineers and developers make copies of the work that they did while an employee of some company, but I know the number is greater than 0. Almost none of them are using it for industrial espionage or in allegiance to some foreign power. But it is almost always against your employment agreement, and if caught you likely will be sued or worse.
When the employer is the government, everything just gets escalated a few steps.
Re: (Score:1)
> Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.
posting as a coward for obvious reasons... a lot of government generated code is released as public domain. I've done it, several people I work with do it. I believe this wasn't released because it is considered "sensitive" (but where does this sensitive and non-sensitive line get crossed? government is conservat
Re: (Score:3)
That seems like less harm then depriving the rightful owners of the code access, the american taxpayer.
Simply out of curiosity:
of what possible use is internal accounting software designed for enterprises on the scale of the US government to the average American taxpayer?
The software in question keeps track of money exchanged between US government agencies and, according to the authorities, its development cost nearly $10 millions.
Programmer pleads guilty to US govt software source code theft [net-security.org]
He said to the FBI that he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming.
Re: (Score:2)
Unless of course the actual owners of the source code is a private company who sell the same software to multiple governments or countries (state governments or other countries) at which point open sourcing it just fucked them out of a huge chunk of their revenue.
Worse still is that the same basic accounting software may be used by corporations as well. There's lots of problems when writing software for money that aren't unique to the US, any decimalized system that uses numbers in the approximate ranges t
A rare case for liberated software (Score:2)
I quite agree w/ this. In fact, despite my general disagreement w/ the GPL, this is one of those rare cases where I think GPLv3 is useful: the original software written, since it's done for the US taxpayer, should be public domain, and any modifications made to it should be available under the same T&C. That way, businesses normally wouldn't want to touch it and taxpayers wouldn't be subsidizing free work for them, any improvements made to it will be publicly viewable, and so on. IRS written software
Re: (Score:2)
this is one of those rare cases where I think GPLv3 is useful..
If other countries or entities then want to use it, they can, but any changes they make would have to be made available. Which can then be determined whether it's useful to its original creators and included in the main branch. Same goes for other individuals or organizations doing it.
Does the GPL have any standing in international courts? International IP/licensing law and enforcement might make the GPL a fairly naive tool to ensure modified changes are shared by all. For all I know, international law is only as good as the respect the relevant countries place in it...and I'm under the impression that it's up to the countries to choose what they do and don't legally enforce/respect.
Of course, I reserve the right to be completely naive and wrong about how international law 'works' -
Re: (Score:2)
Re: (Score:1)
I see the Chinese governments attempts to derail forums dealing with anything mentioning china are ongoing.
Re: (Score:2)
True. But Liberals seem to think their decisions are not just better for themselves, but the decisions they want to make for everyone else are better also.
And the decisions are different. Bad Conservative, stop polluting our environment. Now, 'scuse me while I hop in my private jet and get to Cannes in time for lunch with the gang. OK? We good here?
Re: (Score:1)
If the world had better accounting software, maybe the world economy would be healthier? But, I think what the author is of this submissions is suggesting is that the American public should have public access to any source code written by the public sector. See the words public there? It's no coincidence they're all spelled the same.
Re: (Score:3)
Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.
So that countries who have not spent money can use it for free?
I, for one, do not want the overpriced, often delayed, over managed & under performing software my taxes pay for to be 'free' for anyone, any company or any country. Let them overpay and wait for their own.
Re: (Score:2)
I, for one, do not want the overpriced, often delayed, over managed & under performing software my taxes pay for to be 'free' for anyone, any company or any country. Let them overpay and wait for their own.
Hmm, maybe 'free use' for any of the US naturalized/tax paying citizens.
Re: (Score:2)
I would have been more concerned if he took the data not the source code. Unless the Chinese officials wanted to analysis it for security flaws?
Re: (Score:2)
So that countries who have not spent money can use it for free?
Sure. Why not? What interest does the USA have in keeping the rest of the world down? The World Economy is not a zero sum game.
Maybe now we can find the accounting hole bugs (Score:2)
HIDE;
else
PROMOTE;
end
mixed ownership (Score:2)
Re:mixed ownership (Score:5, Insightful)
Just like an American Citizen shouldn't have to worry about secret laws, the code that implements the law shouldn't be secret.
Re: (Score:2)
Not just the right to view the source, you should have the right to use the code your tax dollars paid for for any purpose you choose. All products of government should be public domain. No exceptions.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re:mixed ownership (Score:4, Interesting)
Exactly.
And it doesn't have to be COTS stuff. I know a small company that developed a weather instrument monitoring package and sold thousands of executable-only versions, but one customer wanted a source license so they could modify it or recompile it for other platforms. He sold exactly one source license.
Six months later a Google search revealed his entire source code on three different source code repositories, two of which were overseas.
Re: (Score:2)
Hence why if you sell a source code license it should be for more then you expect to make out of the software till end of life. Once it is out of your hands, its no longer your own product.
Giving away code is never a smart idea no matter how much you think a single license is worth.
So by your logic (Score:2)
since a Government employee can use Office in the course of their job affecting you would that mean that Microsoft must provide the source for viewing?
At what level would we set a limit? As the person you replied stated, most times government contracts are for making minor changes, many soft coded at that, to adapt existing proprietary software to the customer's needs.
I would agree with software created expressly for the government, as in it was the original customer.
Interesting... (Score:2, Interesting)
A Chinese national who used to work at my company lifted our proprietary code and fled back to China as well.
Re: (Score:1, Interesting)
There's a reason why the Chinese are desperately grabbing all of the source code they can. They're deadly serious about offensive cyberwarfare, and starting to get good at it.
I've done that before (Score:1)
Not to sell the code afterwards but to keep at home so I can save some code patterns and ideas for future use.
Re: (Score:2)
Indeed. The article is short on details.
Re: (Score:2)
That's embarrassing and just because US currently has no conservative parties
You misspelled "liberal".
Seems kinda dumb (Score:2)
If you're going to steal something from the United States, I'd think it would be much better to steal something that works well!
Re:Seems kinda dumb (Score:5, Funny)
The 33-year-old Bo Zhang, legally employed by a U.S. consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home.
Sweet.
Mother.
Of.
GOD.
NOT THE ACCOUNTING AND REPORTING SOFTWARE!!! Oh God no. Oh God no. Oh God no. Now the terrorists have access to the TPS REPORTS!!! They'll know how a PT-44 revision 8b (as amended by the New Management Initiative Subcommittee 79a-b, 1967) audit works! And — may God have mercy on our souls — they might figure out how to copy the entire submanagement structure of the Greater Boise Area (Excluding Outlying Suburbs and Farms) Processing and Distribution Department!
That's it. We're doomed. They have our bureaucracy. THEY HAVE OUR BUREAUCRACY, PEOPLE!!! THESE ARE THE END TIMES!!!
Re: (Score:2)
Don't forget the even greater horror of learning the entire contents of form 27B-6.
Re: (Score:1)
Do you really think anyone would want to steal that?
Do you really think no-one would? What if there's a vulnerability in there that could send the entire tumbling down? I'm sure no foreign power would be interested in that.
Re: (Score:2)
I can't imagine why? In cases like tax info, it's the data that's valuable, not the over-engineered lovecraftian spreadsheet that are the tax calculations.
Re: (Score:2)
Public domain? (Score:5, Interesting)
Normally, works of the US federal government are in the public domain, and not protected by copyright. How is this not the case here?
On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.
Re:Public domain? (Score:4, Funny)
Re: (Score:2)
Yes, from the discussion of this I don't see how this is a copyright case.
Works of the United States government are not entitled to domestic copyright protection under U.S. law, sometimes referred to as "noncopyright."
relevant discussion of this http://en.wikipedia.org/wiki/Copyright_status_of_work_by_the_U.S._government [wikipedia.org]
Re: (Score:2)
On another note, Slashdot editors, please stop using the word "stealing" for immaterial right infringements.
TFA says that he burned it to a CD, so if the CD came from stock purchased by his employer than it is technically correct to say he stole the code.
Re: (Score:2)
Re: (Score:2)
That's a good point. As a minor point of clarification, the Board of Governors in DC is part of the Federal Government (an agency within the US Treasury), whereas the reserve banks and branches are public-private corporations, as described. Since this happened at the New York reserve bank, your comment applies. I just wanted pipe up with that minor distinction.
Re: (Score:2)
A "computer program" is a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result . . . .
A "work of the United States Government" is a work prepared by an officer or employee of the United States Government as part of that personâ(TM)s official duties.
Interestingly, not
Re: (Score:2)
The software wasn't written by the USG, it was written under contract to be delivered to the USG. Subtle difference, but no, the software is not in the public domain because it wasn't written by the USG. See the "Software System Acquisition 101" post below...
Re: (Score:1)
On another note, just let it go. The meaning of words change, it's a fact of life. Everyone knows that when someone is accused of "stealing" music acquired digitally, all they did was copy some files, but by the wider community it's still called and classified as stealing. Copyright infringement is perhaps the legal definition of what happened, but as far as definitions go with the layman, it's called
And the problem is ... ? (Score:3, Funny)
US Citizen or Chinese citizen?? (Score:1)
So is he Chinese as in decent, or Chinese as in citizen of China? Those are two very very different things. Even though the code may not be classified I'm typically against having non US citizens working on US funded code bases. This seems like a security and political issue to me. Though the code may not be classified it is likely subject to the same rigid standards that classified code is subject to. This seems like giving out too much information about how the US government requires code to be developed
Re: (Score:1)
So is he Chinese as in decent, or Chinese as in citizen of China?
A simple question to answer your curiosity is that if he was hired with working visa when he stole the code, what do you think he is a U.S. citizen back then?
Also, if I understand correctly, Chinese decent means he person's parents and/or ancestors are from China regardless the person is a citizen of the country (even though it is implied). Therefore, the person should be Chinese decent anyway?
Re: (Score:3)
However ... (Score:4, Funny)
... it was written in Ada, so nobody knows what to do with it anyway.
And was the code sent to China? (Score:1)
When /. thinks the public should have the source.. (Score:2)
Should the public also have keys to the government offices? The reasoning around here being if we paid with our tax dollars for the software, we should get the source code. Should we also get all the keys to all the doors? Or should we just not have locks on the doors to the gov't buildings?
US Government Accounting (Score:3)
Ummm - am I the only one that would wonder why anybody would want this?
Re: (Score:3)
Oxymoron (Score:3)
"US Government Accounting".
My thoughts based on the article (Score:2)
He said to the FBI that he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming.
How much involvement did he have with the code? Meaning how much of it did he write?
Even in a complex system, a hands on developer should know enough of the concepts that they could mock up something for later. Not necessarily a functioning application, but pseudo-coding at a high level to re-evaluate later.
Seriously, if someone is teaching computer programming, how much specifics are you going into? You don't need the line by line, but the concepts.
Well maybe if you are teaching how to debug large scale co
Re: (Score:2)
I know everyone wants open source (Score:3)
But for security reasons there are some good things about closed source.
Lets be real here, we're talking about root financial systems. Neither individuals nor most corporations have any interest in this software. This is the prevue of nations and huge trade alliances.
Keeping the code secret makes it more secure. Yes, it can't be used as the only level of security. It must be on TOP of everything else. I don't think giving the chinese access to our treasury accounting software is going to make the world a better place.
bizarre comments are bizzare (Score:2)
I can't believe the comments I'm reading here. The crime, as I understand it, is that a Chinese citizen used his trusted access to US government goods to STEAL US government goods. I don't care what it is...if he stole staples, it's still stealing.
The comments here all seem to think that, simply because the US government paid for the code at some point *then* everyone in the world should have access to that code. Surely you're joking, right?
He said to the FBI that he did so that the code would be available to him in the event of losing his job, and to use it for his private business, which is teaching computer programming.
So, as I understand it, his defense is that he stole the code for h
Software System Acquisition 101 (Score:2)
Software is acquired from a contractor, so the Federal Acquisition Rules and various tailored versions, e.g., DFARS, apply. It is not developed by the USG, unless specifically talking about something that a USG civilian employee (__not__ a contractor) authored.
The government purchases systems, writes contracts to acquire systems. Source code is considered data -- so the applicable FARS and DFARS are technical rights to data. Data rights are negotiated separately from software (system) rights and source code
Re: (Score:2)
Joe Taxpayer doesn't get access to the GWA software or source code as the result of how the FAR rights and data rights work. Moreover, Bo Zhang committed theft from his employer, not Joe Taxpayer.
Federal Prosector needs Publicity (Score:1)
'The software in question keeps track of money exchanged between US government agencies and, according to the authorities, its development cost nearly $10 millionsM`.
This is, of course, bullShit
Not to be racist (Score:2)
One thing I learned from slashdot today (Score:2)
Who knew?
Hey Timothy (Score:2)
Stop sticking your fucking opinion in the posts and shut the fuck up.