GitHub may be the next step for government regulation

by

Last week, the Office of Management and Budget published suggested implementation guidance for the Federal IT Acquisition Reform Act (FITARA). Why is it a big deal?

It’s on GitHub.

This isn’t the first time we’ve seen this. As far as we know, the first instance of GitHub being used for the presentation of guidance and the formal collection of public feedback on that guidance was the federal chief information officer’s request for comment on requiring government websites to use HTTPS, a more secure form of communication. (It should be noted that the president’s Project Open Data work is also on GitHub and has a robust and refreshingly public presence; however, it isn’t as clear that Project Open Data is focused on getting public feedback on the guidance therein as much as being more transparent and soliciting ideas about how to best implement that guidance.)

What we saw in the HTTPS feedback process was, broadly speaking, promising. But to understand why, let’s quickly run through how notice-and-comment generally works:

  1. An agency decides to propose a new regulation
  2. It has to publish that rule in places where few people outside of D.C. would ever bother looking
  3. It has to wait and get comments from what is generously described as “the public”
  4. Commenters then have a period to respond to other commenters’ arguments
  5. The agency then has to respond to substantive comments, and is supposed to consider them in deciding whether to enact the new regulation, change it or drop it entirely.

While this is a bit simplified, the general problem with it is probably crystal clear: Few people outside of the beltway are going to get involved in such a process (much less have their concerns satisfactorily addressed). Similarly, it only requires, effectively, two statements. Imagine having a conversation where you and someone else say something at the same time. Then you get 30 days to respond to what the other person said, and vice versa, and both responses will also be voiced at the same time. And… then the agency decides who is right. It often isn’t the most constructive process.

Compare this to the HTTPS guidance: One issue that was brought up (urging more careful consideration of the effects of mandating HTTPS) has 34 responses. What we see in that thread is illuminating, at times impassioned and hopefully very helpful for the purpose of determining the right policy to implement (and how to implement well).

While the HTTPS, FITARA and future similar public feedback solicitations may or may not technically constitute new “regulations” (which would be void if they did not (also) follow the five steps above), this is a significant step forward. FITARA policy has extreme and far-reaching effects on how the American government functions – or doesn’t.

Another issue that seems to be addressed well by these prototypes: The public’s ability to understand what the regulation actually means. Interfacing with GitHub may be easier for some than the Federal Register, but it could also be more difficult for others (which is why generally it should be both, not either/or). With that said, this is the government doing a great job expanding the scope of what public interaction looks like – and I’ll add that they’ve done an excellent job making the issues more accessible to the public than the typical legalese that we often see in more formal contexts.