A new federal government policy will result in the government releasing more of the software that it creates under free and open source software licenses. That’s great news, but doesn’t go far enough in its goals or in enabling public oversight.

A few months ago, we wrote about a proposed White House policy regarding how the government handles source code written by or for government agencies. The White House Office of Management and Budget (OMB) has now officially enacted the policy with a few changes. While the new policy is a step forward for government transparency and open access, a few of the changes in it are flat-out baffling.

As originally proposed (PDF), the policy would have required that code written by employees of federal agencies be released to the public. For code written by third-party developers, agencies would have been required to release at least 20% of it under a license approved by the Open Source Initiative—prioritizing “code that it considers potentially useful to the broader community.”

At the time, EFF recommended that OMB consider scrapping the 20% rule; it would be more useful for agencies to release everything, regardless of whether it was written by employees or third parties. Exceptions could be made in instances in which making code public would be prohibitively expensive or dangerous.

Instead, OMB went in the opposite direction: the official policy treats code written by government employees and contractors the same and puts code in both categories under the 20% rule. OMB was right the first time: code written by government employees is, by law, in the public domain and should be available to the public.

More importantly, though, a policy that emphasizes “potentially useful” code misses the point. While it’s certainly the case that people and businesses should be able to reuse and build on government code in innovative ways, that’s not the only reason to require that the government open it. It’s also about public oversight.

Giving the public access to government source code gives it visibility into government programs. With access to government source code—and permission to use it—the public can learn how government software works or even identify security problems. The 20% rule could have the unfortunate effect of making exactly the wrong code public. Agencies can easily sweep the code in most need of public oversight into the 80%. In fairness, OMB does encourage agencies to release as much code as they can “to further the Federal Government's commitment to transparency, participation, and collaboration.” But the best way to see those intentions through is to make them the rule.

Open government policy is at its best when its mandates are broad and its exceptions are narrow. Rather than trust government officials’ judgment about what materials to make public or keep private, policies like OMB’s should set the default to open. Some exceptions are unavoidable, but they should be limited and clearly defined. And when they’re invoked, the public should know what was exempted and why.

OMB has implemented the 20% rule as a three-year pilot. The office says that it will “evaluate pilot results and consider whether to allow the pilot program to expire or to issue a subsequent policy to continue, modify, or increase the minimum requirements of the pilot program.” During the next three years, we’ll be very interested to see how much code agencies release and what stays obscured.