[Congressional Record Volume 170, Number 179 (Wednesday, December 4, 2024)]
[House]
[Pages H6340-H6342]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
SOURCE CODE HARMONIZATION AND REUSE IN INFORMATION TECHNOLOGY ACT
Mr. LANGWORTHY. Mr. Speaker, I move to suspend the rules and pass the
bill (H.R. 9566) to require governmentwide source code sharing, and for
other purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
9566
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Source code Harmonization
And Reuse in Information Technology Act'' or the ``SHARE IT
Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Agency.--The term ``agency'' has the meaning given that
term in section 3502 of title 44, United States Code.
(2) Appropriate congressional committees.--The term
``appropriate congressional
[[Page H6341]]
committees'' means the Committee on Homeland Security and
Governmental Affairs of the Senate and the Committee on
Oversight and Accountability of the House of Representatives.
(3) Custom-developed code.--The term ``custom-developed
code''--
(A) means source code that is--
(i) produced in the performance of a contract with an
agency or is otherwise exclusively funded by the Federal
Government; or
(ii) developed by a Federal employee as part of the
official duties of the employee;
(B) includes--
(i) source code, or segregable portions of source code, for
which the Federal Government could obtain unlimited rights
under part 27 of the Federal Acquisition Regulation or any
relevant supplemental acquisition regulations of an agency;
and
(ii) source code written for a software project, module,
plugin, script, middleware, or application programming
interface; and
(C) does not include--
(i) source code that is solely exploratory or disposable in
nature, including source code written by a developer
experimenting with a new language or library; or
(ii) commercial computer software, commercial off-the-shelf
software, or configuration scripts for such software.
(4) Federal employee.--The term ``Federal employee'' has
the meaning given the term in section 2105(a) of title 5,
United States Code.
(5) Metadata.--The term ``metadata'', with respect to
custom-developed code--
(A) has the meaning given that term in section 3502 of
title 44, United States Code; and
(B) includes--
(i) information on whether the custom-developed code was--
(I) produced pursuant to a contract; or
(II) shared in a public or private repository;
(ii) any contract number under which the custom-developed
code was produced; and
(iii) any hyperlink to the repository in such the code was
shared.
(6) Private repository.--The term ``private repository''
means a software storage location--
(A) that contains source code, documentation, configuration
scripts, as appropriate, revision history, and other files;
and
(B) access to which is restricted to only authorized users.
(7) Public repository.--The term ``public repository''
means a software storage location--
(A) that contains source code, documentation, configuration
scripts, as appropriate, revision history, and other files;
and
(B) access to which is open to the public.
(8) Software.--The term ``software'' has the meaning given
the term ``computer software'' in section 2.101 of title 48,
Code of Federal Regulations, or any successor regulation.
(9) Source code.--The term ``source code'' means a
collection of computer commands written in a computer
programming language that a computer can execute as a piece
of software.
SEC. 3. SOFTWARE REUSE.
(a) Sharing.--Not later than 210 days after the date of
enactment of this Act, the head of each agency shall ensure
that the custom-developed code of the agency and other key
technical components of the code (including documentation,
data models, schemas, metadata, architecture designs,
configuration scripts, and artifacts required to develop,
build, test, and deploy the code) of the code are--
(1) stored at not less than 1 public repository or private
repository;
(2) accessible to Federal employees via procedures
developed under subsection (d)(1)(A)(ii)(III); and
(3) owned by the agency.
(b) Software Reuse Rights in Procurement Contracts.--The
head of an agency that enters into a contract for the custom
development of software shall acquire and exercise rights
sufficient to enable the governmentwide access to, sharing
of, use of, and modification of any custom-developed code
created in the development of such software.
(c) Discovery.--Not later than 210 days after the date of
enactment of this Act, the head of each agency shall make
metadata created on or after such date for the custom-
developed code of the agency publicly accessible.
(d) Accountability Mechanisms.--
(1) Agency cios.--Not later than 180 days after the date of
enactment of this Act, the Chief Information Officer of each
agency, in consultation with the Chief Acquisition Officer,
or similar official, of the agency and the Administrator of
the Office of Electronic Government, shall develop an agency-
wide policy that--
(A) implements the requirements of this Act, including--
(i) ensuring that custom-developed code follows the best
practices established by the Director of the Office and
Management and Budget under paragraph (3) for operating
repositories and version control systems to keep track of
changes and to facilitate collaboration among multiple
developers; and
(ii) managing the sharing of custom-developed code under
subsection (b), and the public accessibility of metadata
under subsection (c), including developing--
(I) procedures to determine whether any custom-developed
code meets the conditions under section 4(b) for an exemption
under this Act;
(II) procedures for making metadata for custom-developed
code publicly accessible pursuant to subsection (c);
(III) procedures for Federal employees to gain access to
public repositories and private repositories that contain
custom developed source code; and
(IV) standardized reporting practices across the agency to
capture key information relating to a contract under which
custom-developed source code was produced for reporting
statistics about the contract; and
(B) corrects or amends any policies of the agency that are
inconsistent with the requirements of this Act.
(2) Administrator of the office of electronic government.--
(A) Minimum standard reporting requirements.--Not later
than 120 days after the date of enactment of this Act, the
Administrator of the Office of Electronic Government shall
establish minimum standard reporting requirements for the
Chief Information Officers of agencies, which shall include
information relating to--
(i) measuring the frequency of reuse of code, including
access and modification under subsection (b);
(ii) whether the shared code is maintained;
(iii) whether there is a feedback mechanism for
improvements to or community development of the shared code;
and
(iv) the number and circumstances of all exemptions granted
under section 4(a)(2).
(B) Reporting requirement.--
(i) Requirement.--Not later than 1 year after the date of
the enactment of this Act, and annually thereafter, the
Administrator of the Office of Electronic Government shall
publish on a centralized website a report on the
implementation of this Act that includes--
(I) a complete list of all exemptions granted under section
4(a)(2); and
(II) information showing whether each agency has updated
the acquisition and other policies of the agency to be
compliant with this Act.
(ii) Open government data asset.--The report under clause
(i) shall be maintained as an open Government data asset (as
defined in section 3502 of title 44, United States Code).
(3) Guidance.--The Director of the Office of Management and
Budget shall issue guidance, consistent with the purpose of
this Act, that establishes best practices and uniform
procedures across agencies for the purposes of implementing
this subsection.
SEC. 4. EXEMPTIONS.
(a) In General.--
(1) Automatic.--
(A) In general.--This Act shall not apply to classified
source code or source code developed primarily for use in a
national security system (as defined in section 11103 of
title 40, United States Code).
(B) National security.--An exemption from the requirements
under section 3 shall apply to classified source code or
source code developed--
(i) primarily for use in a national security system (as
defined in section 11103 of title 40, United States Code); or
(ii) by an agency, or part of an agency, that is an element
of the intelligence community (as defined in section 3(4) of
the National Security Act of 1947 (50 U.S.C. 3003(4)).
(C) Freedom of information act.--An exemption from the
requirements under section 3 shall apply to source code the
disclosure of which is exempt under section 552(b) of title
5, United States Code (commonly known as the ``Freedom of
Information Act'').
(2) Discretionary.--
(A) Exemption and guidance.--
(i) In general.--The Chief Information Officer of an
agency, in consultation with the Federal Privacy Council, or
any successor thereto, may exempt from the requirements of
section 3 any source code for which a limited exemption
described in subparagraph (B) applies.
(ii) Guidance required.--The Federal Privacy Council shall
provide guidance to the Chief Information Officer of each
agency relating to the limited exemption described in
subparagraph (B)(ii) to ensure consistent application of this
paragraph across agencies.
(B) Limited exemptions.--The limited exemptions described
in this paragraph are the following:
(i) The head of the agency is prohibited from providing the
source code to another individual or entity under another
Federal law or regulation, including under--
(I) the Export Administration Regulations;
(II) the International Traffic in Arms Regulations;
(III) the regulations of the Transportation Security
Administration relating to the protection of Sensitive
Security Information; and
(IV) the Federal laws and regulations governing the sharing
of classified information not covered by the exemption in
paragraph (1).
(ii) The sharing or public accessibility of the source code
would create an identifiable risk to the privacy of an
individual.
(b) Reports Required.--
(1) Agency reporting.--Not later than December 31 of each
year, the Chief Information Officer of an agency shall submit
to the Administrator of the Office of Electronic Government a
report of the source code of the agency to which an exemption
under paragraph (1) or (2) of subsection (a) applied during
the fiscal year ending on September
[[Page H6342]]
30 of that year with a brief narrative justification of each
exemption.
(2) Annual report to congress.--Not later than 1 year after
the date of enactment of this Act, and annually thereafter,
the Administrator of the Office of Electronic Government
shall submit to the appropriate congressional committees a
report on all exemptions granted under paragraph (1) or (2)
of subsection (a) by each agency, including a compilation of
all information, including the narrative justification,
relating to each such exemption.
(3) Form.--The reports under paragraphs (1) and (2) shall
be submitted in unclassified form, with a classified annex as
appropriate.
SEC. 5. GAO REPORT.
Not later than 2 years after the date of enactment of this
Act, the Comptroller General of the United States shall
submit to Congress a report that includes an assessment of
the implementation of this Act.
SEC. 6. RULE OF CONSTRUCTION.
Nothing in this Act may be construed as requiring the
disclosure of information or records that are exempt from
public disclosure under section 552 of title 5, United States
Code (commonly known as the ``Freedom of Information Act'').
SEC. 7. APPLICATION.
This Act shall apply to custom-developed code that is
developed or revised--
(1) by a Federal employee not less than 180 days after the
date of enactment of this Act; or
(2) under a contract awarded pursuant to a solicitation
issued not less than 180 days after the date of enactment of
this Act.
SEC. 8. REVISION OF FEDERAL ACQUISITION REGULATION.
Not later than 1 year after the date of enactment of this
Act, the Federal Acquisition Regulation shall be revised as
necessary to implement the provisions of this Act.
SEC. 9. NO ADDITIONAL FUNDING.
No additional funds are authorized to be appropriated to
carry out this Act.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New
York (Mr. Langworthy) and the gentleman from Maryland (Mr. Raskin) each
will control 20 minutes.
The Chair recognizes the gentleman from New York.
General Leave
Mr. LANGWORTHY. Mr. Speaker, I ask unanimous consent that all Members
may have 5 legislative days in which to revise and extend their remarks
and include extraneous material on this measure.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from New York?
There was no objection.
Mr. LANGWORTHY. Mr. Speaker, I yield myself such time as I may
consume.
Mr. Speaker, I rise today in support of my bill, the Source Code
Harmonization and Reuse in Information Technology Act, otherwise known
as the SHARE IT Act. This bill is a commonsense solution to a
longstanding, overlooked inefficiency within our Federal Government.
Each year, the government spends approximately $6 billion on software
development, a portion of which funds the creation of custom code for
agency-specific programs.
These investments are often necessary to manage the complexity of
government operations, but without a clear mandate for code sharing,
agencies are left operating in silos. This leads to costly duplication
as they pay contractors to recreate solutions that already exist
elsewhere within the vast sums of the Federal Government.
In 2016, the Office of Management and Budget introduced a Federal
source code policy which led to the establishment of code.gov, a
platform housing over $1 billion worth of custom-developed software.
However, without such strong enforcement mechanisms, the full
potential of that policy has yet to be realized. Several Federal
agencies still do not consistently share their code, resulting in
millions of dollars of taxpayer money being wasted on duplicative
efforts.
The SHARE IT Act addresses this problem directly. It mandates that
agencies publicly list and share their custom code, allowing solutions
to be reused across the government, saving both time and important
taxpayer dollars.
Importantly, the bill includes provisions to safeguard sensitive or
classified information, ensuring national security and privacy are not
compromised. It also holds agency chief information officers
accountable, requiring them to ensure code is properly shared and
adding much-needed transparency to the process.
Mr. Speaker, I urge all of my colleagues on both sides of the aisle
to join us in passing the SHARE IT Act, a straightforward practical
measure that will improve government efficiency, foster innovation,
and, most importantly, save taxpayers' money.
Mr. Speaker, I reserve the balance of my time.
Mr. RASKIN. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, every year, Federal agencies spend billions of dollars
purchasing software, including custom-developed code for websites,
public databases, and mobile apps to improve the public's experience
using government services. Too often, agencies keep custom-developed
code for internal use rather than sharing it across the Federal
Government with other agencies.
This can undermine interoperability, security efficiency, and
certainly cost-effectiveness in the Federal Government's acquisition
and use of software. The SHARE IT Act seeks to address these problems.
In 2016, President Obama released a Federal source code policy
requiring the custom source code developed by or for the Federal
Government be made available for reuse by all Federal agencies. Among
other things, the policy required GSA to create code.gov to facilitate
code sharing. As of 2019, code.gov featured more than 6,000 code bases
from 26 different Federal agencies.
Despite this success, many of the 24 largest agencies required to
post their custom-developed code inventory to code.gov under the policy
still haven't done so, and the policy lacks an effective enforcement
mechanism to ensure compliance.
To improve compliance and further unlock the benefits of sharing
custom-built code, the SHARE IT Act would require agencies to list the
custom code the purchaser produced and to share such code, either
publicly, or governmentwide.
Among other things, it assigns agency chief information officers the
responsibility of overseeing compliance with the act.
Mr. Speaker, I support the purpose of this bill, which is to promote
innovation, collaboration, efficiency, and better value. However, as
the administration has pointed out, it will require several key
improvements before it can truly live up to its full promise.
Most importantly, Federal entities will need additional funding in
order to effectively meet the new requirements of the bill.
Mr. Speaker, I reserve the balance of my time.
Mr. LANGWORTHY. Mr. Speaker, I have no additional speakers, and I am
prepared to close.
Mr. RASKIN. Mr. Speaker, I yield myself the balance of my time for
the purposes of closing.
Mr. Speaker, I urge passage with the improvements aforementioned. We
have no further speakers, and I yield back the balance of my time.
Mr. LANGWORTHY. Mr. Speaker, I encourage my colleagues to support the
SHARE IT Act, and I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from New York (Mr. Langworthy) that the House suspend the
rules and pass the bill, H.R. 9566, as amended.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill, as amended, was passed.
A motion to reconsider was laid on the table.
____________________