[liyanchang]

Disclosure: I'm an engineer at USDS and these are my own opinions.

So in my admittedly short time in the government [0], I've witnessed how all of these problems are due to good intentions. That's what makes this all really tough because everything you think is bonkers actually has a reason.

The 1400 page travel regulations is a result of trying to prevent fraud - every single issue that comes up results in a new rule.

The fact that it takes some projects years to deploy is that we would like to plan and make sure that every resource is well-spent, that it's in a number of languages and accessible to the blind.

It makes it hard for everyone - I've met lots of smart talented civil servants and government contractors who want to do things differently but have their hands tied behind their back.

[0] 2 years feels like forever to me but flash in the pan to many of the dedicated civil servants I've met.

[niels_olson]

Disclosure: I'm active duty Navy and these are my own opinions.

In 22 years, I have never been so hopeful for meaningful improvement in my work life as I am now. Having met a few folks I am all too familiar with DTS and the JFTR (the 1400 pages in the article(1)). I think that's a great choice to start with: like Google going after the mundane problems of every person's life. This will make a difference. I am on travel now and was on the phone and DTS (simultaneously) for an hour today. And for anyone who tries to apologize for the 1400 pages, please don't. I have cut instructions from 238 pages to less than 30. I would argue the major problem is not that people are trying to solve every edge case. The major problem is that people are only in a job for a short period of time, come in, and while they may try to solve the edge cases they encounter, they often do that by trying to simplify things by inserting a new abstraction and taking ownership of that abstraction. So the layers of abstraction accrete like sediment. And as long as there's no direct logic conflicts, they can promote away from the problem.

I will gladly buy any USDS, 18F, or DDS hacker in San Diego a beer. Keep up the good work.

(1) It's actually 1602 pages: https://www.defensetravel.dod.mil/Docs/perdiem/JTR.pdf

[the_watcher]

> every single issue that comes up results in a new rule.

This sentence is the simplest explanation for government (and bureaucratic) incompetence.

Think about writing software. Is the optimal solution to every single bug to write more code to deal with that specific situation? Of course not. In many cases, sorting out the underlying cause and fixing that (which may involve new code, rewriting old code, or even deleting outdated code) is the correct approach (assuming that the optimal solution is the desired outcome, there are of course cases where speed of getting something out that works trumps this, but government regulations only take effect once annually in most cases anyway, so they don't have a speed excuse).

Simply writing a new rule to deal with every scenario is an approach that inevitably leads here.

[stupidcar]

You demonstrate intellectual fallacies common amongst software developers:

1. Believing that your experience in one particular field makes you qualified to make pronouncements regarding others about which you know nothing.

2. Believing that problems in other fields are inherently simple to understand and solve, and that the reason they aren't must therefore be due to the malice or incompetence of people working in those fields.

3. Believing that software and software development processes are a universal model that can be applied to any other problem via trite and reductive analogy.

[devonkim]

With these considerations taken we can apply the same problems to people in industrial scale manufacturing that have typically managed many organizations that are now in charge of software projects. Then comes no real effective incentive structure with how most federal contracts are written despite billions spent on lawyers to protect the government and to get the most for the government's dollars supposedly. I've seen far too many projects with clearly the most talented and well-managed contractors getting tossed for actually finishing their deliverables while those that didn't get through 40%+ got renewed because they were just too critical to the political success of the greater project. And they'll continue to cite the project as past performance and renewal as an indicator of competence.

The fact there's so much opposition to USDS and 18F that's greater than any other group ever is the best indicator that the fat, bloated Beltway bandits are worried about their easy road to retirement. This isn't to say everyone's lazy - far from it. But government contracting has been largely insulated from the realities of most commercial enterprises through the politicized veil of "protecting veterans" and "defending the country" and for every legitimate, honest worker there's at least two that just want a cushy 9-5 for 35 years.

[8note]

while i frequently agree with you, i disagree here.

both code and travel regulations are lists of rules written in a terse language, and both are subject to bloat all of the time, abd parts become deprecated as times and priorities change.

these are very comparable things, e cept that code can change quickly at a low cost, while regulations are costly to change.

Because of the cheapness, software folks have put a lot of effort and study into optimizing how you make rule changes, which makes it very applicable to some other problem spaces

[rosser]

> ...except that code can change quickly at a low cost, while regulations are costly to change.

And you don't think that's a salient difference? Particularly in light of the adversarial nature of politics, which was one of your comment's parent's points, and which is a major contributing factor to such changes being so costly?

[dave_sullivan]

Yet the information density of the parent comment is so much higher. You have 3 statements that can be reduced to "Things that work in programming don't necessarily work in other fields." No kidding? Then what's your solution for operational efficiency in government?

[stupidcar]

Some of us believe detail and nuance add power to argument, rather than rejecting them in favour throwing around basic, unsupported claims.

And your reduction is not even correct. Assuming that problems in other fields are inherently easy to solve has nothing to do with the applicability of software engineering techniques. Assuming those working in other fields are incompetent or malicious has nothing to do with the applicability of software engineering techniques. You say my post was lacking in information density, yet you apparently weren't even able to grasp the arguments I did make. So maybe I needed more explanation, not less?

And are you implying that unless I come up with a solution for efficient government, it somehow renders my — entirely unrelated — argument invalid? That's nothing more than a lame attempt at argumental misdirection. But hey, I'll bite: My solution for operation efficiency in government is for everyone to think and act in the complete opposite manner to you. Is that reductive enough for you?

[dave_sullivan]

> And are you implying that unless I come up with a solution for efficient government, it somehow renders my — entirely unrelated — argument invalid?

I'm implying that you're long-winded and it weakens your argument. If I reduced your response, I'd reduce it to, "You hurt my feelings and I'm angry about that." Fair enough, but the rest is so much filler.

[r00fus]

That's fine in writing software - now try that in an adversarial environment.

With special interests (some of whom may be insiders working to undermine the exact fix that's needed), and you start to get the picture.

To add a bit of spice, address some things like time pressure related to elected administration-specific goals and/or election timeframes.

[jnbiche]

> That's fine in writing software - now try that in an adversarial environment.

Oh, software is not an adversarial environment?

[evgen]

Software development is little league compared to the major league bloodsport of bureaucratic politics played inside the beltway.

[sn9]

Writing software for whom?

Consider the software that NASA writes and how it's written. Rigorously specified, reviewed, and tested by some of the best engineers in the world to the point that almost bug-free code is produced at the expense of a much slower rate of development. Which is the best you can do with billions of dollars and human lives on the line for certain projects.

Now look at most government software infrastructure: frequently mercurial and ambiguous software specifications interacting and/or based on flawed laws and regulations filled with logical contradictions written by Congressmen and lobbyists with perverse incentives. And you have to justify every cent or risk the accusation of wasting taxpayer dollars.

[nn3]

>Rigorously specified, reviewed, and tested by some of the best engineers in the world

Actually NASA culture is to strictly avoid super stars. See:

http://www.fastcompany.com/28121/they-write-right-stuff

In the shuttle group's culture, there are no superstar programmers. The whole approach to developing software is intentionally designed not to rely on any particular person.

And the culture is equally intolerant of creativity, the individual coding flourishes and styles that are the signature of the all-night software world. "People ask, doesn't this process stifle creativity? You have to do exactly what the manual says, and you've got someone looking over your shoulder," says Keller. "The answer is, yes, the process does stifle creativity."

[Bartweiss]

I think equating "best engineers" with "superstars" means you might be bringing your own associations to the topic. (Not unfairly, that's a standard association in the Valley, but still.)

The few NASA engineers I've known have been superb as NASA employees. They weren't grand innovators solving problems on their own, but they were knowledgeable and intelligent. They had deep understanding of the tools they worked with, were rigorously careful and formal, and understood the problems and tradeoffs of their work far beyond any spec they were handed.

To me, that counts as being one of the best engineers in the world. These are people who know what they need to do, why they need to do it, and how they can best accomplish it. In the case of NASA, that generally means doing something radically different than you would at a tech startup, but these people are still brining enormous ability and great care to their work.

[sn9]

I never said anything about superstars. That's precisely one of the articles that most informs my understanding of NASA software practices.

[rosser]

Funnily enough, it turns out that collections of humans interacting isn't like software.

Go figure.

[cs702]

Thank you for posting here.

The same logic applies to all those regulations that seem bonkers.

If you think of all those regulations as a type of source code (which dictates what government employees and citizens can and cannot do, when, and under what conditions), it's clear that a lot of regulatory code needs major refactoring.

To use your example with travel regulations, those 1400 pages designed to prevent fraud likely consist primarily of thousands upon thousands of assertions and if-then statements. I wonder if it would be possible to reduce them to, say, a few dozen pages -- by refactoring all that 'regulatory code' to use different, higher-level abstractions.

[tonysdg]

My guess is that most of those 1400 pages consist of the corner cases - things that will 95% of the time never pop up, but when they do will wreak havoc unless properly dealt with. Granted, I'm not sure travel fraud can wreak that much havoc, but I'm sure someone somewhere gets annoyed over it.

My (admittedly limited) experience in coding/engineering has taught me that it's unwise to look at technical problems and people problems in the same light; the former can be solved much easier than the latter. The trick is to figure out where you can solve the former to avoid the latter!

[sliverstorm]

Not in government, but I understand the biggest problem with travel to be the expense account, which has a history of being abused to disgusting proportions.

[Bartweiss]

Frankly, my take is that this is what happens when you try to beat human intent with formal rulings. Explicitly banning every possible form of travel fraud is almost unimaginable - certainly it can't be done without banning a huge amount of legitimate travel also. Rigorous safety around people problems is nigh-impossible, which is why most safe software systems take the approach of "do it our way or go to hell".

At a certain point you can only solve the people problems with oversight and good intentions. You could get one random employee to certify any given travel plan or reciept as "not obviously fraudulent" and recreate the benefit of ~700 pages of regulations, just by showing the thing to someone who doesn't benefit from fraud.

But of course, incremental change produces these kind of awful local minima. If you are punished for fraud, aren't punished for overhead, and can't change the whole system, what else would you do? You ban one known misbehavior, go on with your day, and everything gets a little bit worse.

[niels_olson]

They're referring to the JFTR, now JTR. And it's actually 1602 pages

https://www.defensetravel.dod.mil/Docs/perdiem/JTR.pdf

[DannyBee]

"The 1400 page travel regulations is a result of trying to prevent fraud - every single issue that comes up results in a new rule."

This seems like a serious inability to understand that no process designed to prevent future things you can't forsee is 100% effective (by definition). At some point, you have to declare "good enough", and live with it until the error rate becomes unacceptable overall again, then modify it.

IE it's likely 50 pages of those regulations gave them a 99.9%+ rate of avoiding fraud. They then added 1350 pages to get to probably 99.99%

This is unlikely to be worth it.

(and yes, before someone points it out, i'm likely being generous with the numbers)

[joeyo]

Some of it comes down to agencies needing to protect themselves from congressional witch-hunts. Consider a congressman or political party that has ideological objections to an agency even existing and wishes to neuter or eliminate it. A stellar way of achieving this is by making the target seem wasteful and fraudulent [1]. If there is actual fraud, no matter how small or how much of a corner case, this task becomes even easier.

1. A good example of this is how Republicans periodically attempt to defund science agencies by mocking research projects that sound frivolous.

[my_first_acct]

A Democrat, the late Senator William Proxmire of Wisconsin, was well known for mocking frivolous-sounding research projects. From the Wikipedia article[0]:

"In 1987, Stewart Brand accused Proxmire of recklessly attacking legitimate research for the crass purpose of furthering his own political career, with gross indifference as to whether his assertions were true or false as well as the long-term effects on American science and technology policy."

[0] https://en.wikipedia.org/wiki/William_Proxmire#Golden_Fleece...

[knowaveragejoe]

It's good to see examples from both sides. That being said, what the above mentions is Republican doctrine, as opposed to isolated cases of politicians(on either side) simply blindly furthering their political careers.

[dastbe]

Unfortunately there are a lot of people who believe government shouldn't do anything unless it is fraud-proof. The narratives around welfare and food stamp abuse make headlines for exactly this reason :(.

[el_benhameen]

I think their intentions are a little more nefarious. It's not that they want e.g. a fraud-free welfare system; they fundamentally disagree with the idea of welfare and so use fraud, whether it's a legitimate issue or not, as a basis for trying to stymie or dismantle the institution.

[temujin]

The problem is, once the government chooses to not close a known loophole, the number of people who exploit it may increase by orders of magnitude. Without a willingness to add the other 1350 pages, you may end up with something like 70% fraud prevention, not 99.9%.

What's needed is more refactoring. This would benefit from more capacity to try different sets of regulations in parallel.

[DannyBee]

This is a generally true statement about any process. The solution to that is to enforce well enough that people don't think that's a good idea. I also did say you do have to refactor over time as compliance rate decreases. Past that, i don't think we actually disagree :)

If you have a speed limit sign, and it says "speed limit, 50 mph, enforced by satellite observation", most people will probably ignore it. Those that don't and get caught, yeah, they go looking for excuses for why they ignored it to post-justify it. Changing the regulation wording will not change this. You can make the sign much larger and say "speed limit 50 mph, even if you are really late for an appointment, etc" but honestly, it still will not help that. People ignore it because the enforcement mechanism makes them feel like it won't happen to them (and because it's not socially abhorrent, etc), not because of ignorance of the law

On the other hand, if you have a sign that says "speed limit 50mph, enforced by this guy, right here", and there is a smiling cop with a radar gun sitting next to the sign, enforcing it, most people will not ignore it. In fact, i'd bet you could write everything before "enforced by this guy" in small print people had to slow down to read, and most people would slow down and read it, because they believe the risk of enforcement is greater to them.

Will you get everyone to stop speeding there? Nope.

Even if you add spike strips, laser beams, whatever, someone is going to do it, and in fact, enforcing harder sometimes increases the rate (depending how low the rate is) based on the thrill some people get. 100% compliance is just pretty much impossible, no matter what words you use.

[azernik]

You cannot fix a loophole with better enforcement. By definition, the behaviors involved are allowed.

[Bartweiss]

I'm not convinced about that.

Some organizations do startlingly well with good enforcement and a rule against circumventing the rules. Yes, that's subjective and messy, but it can actually work quite nicely.

Hell, it's basically what financial structuring laws are: a rule saying "no using loopholes if you find them". With that in place, it becomes surprisingly easy to address loopholes by punishing everyone who employs them.

[vidarh]

A common approach is to set a fixed amount per day for expenses based on cost levels in the country in question, and be extremely strict with extras, coupled with approved supplier lists and price ranges for the actual travel.

It "rewards" those who are prudent with extra cash, and so it certainly won't be perfectly efficient, but in return it makes it harder for those who would otherwise try to abuse the system who often will go far overboard, because any extra expensive claims can be given a lot more attention (and often will require advance approval), and it drastically cuts down on paperwork.

[mattmcknight]

Amazingly, the government does that already! http://www.gsa.gov/portal/content/104877

Still they create mountains of rules....

[learc83]

This is analogous to adding code to cover security issues. 99.9% isn't good enough when people are actively looking to exploit the 0.1%.

[nitrogen]

But unlike security issues a single failure doesn't compromise 100% of the rest of the system. This is also why analogies between software/security/cryptography/privacy and the tangible world are so awkward.

[temujin]

Fraud prevention actually is a security issue. Not an Internet security issue, so mistakes aren't punished that quickly, but the analogy is still sound.

[nitrogen]

Someone buying a new watch with their expense account doesn't suddenly give them access to the whole treasury -- that's the difference between physical and digital realms I am trying to emphasize.

[hiram112]

Most security breaches don't allow the malicious user to root the entire server farm either.

I just spent a week fixing permission validation done in JS on the browser. Users could have potentially allowed themselves to see parts of documents outside their role. This didn't give them access to our payroll system, credit card processor, or the backend infrastructure.

[Bartweiss]

This is a big part of the answer. Congressional hearings and reporting often act like "fraud is fraud", but allowing 1% fraud to save 20% overhead is entirely reasonable.

Improper resource usage is a better metaphor than security failures for this topic.

[sliverstorm]

People are pretty sensitive about government financial workers committing fraud, similar to how they are rather sensitive to government police committing murder.

[DannyBee]

Sadly, in neither case will you ever have 100% compliance. Pretending it's achievable, and trying to achieve it, is IMHO, silly.

Remember the regulations do not prevent fraud, enforcement prevents fraud. There already exist plenty of things saying it's not okay, etc. Saying "and also, don't do that" is probably not actually necessary most of the time, in the same way saying "don't shoot people" is sufficient. Saying "and also don't shoot them while they are handcuffed" isn't necessary. Crappy post-justification does mean the regulation was written wrong, and changing the regulation to account for the post-justification will not actually improve the process most of the time.

[sliverstorm]

I don't think we can take this much further without knowing what's actually in the regulations, but I imagine they consist more of "officer's dash cam will be run 24/7 and backed up in triplicate", "officer will learn proper gun handling techniques X, Y, & Z", etc rather than "don't shoot people", "don't shoot handcuffed people", "don't shoot clowns", "don't shoot children".

Or, in the fraud case, "books will be audited at frequency X", "Y behavior makes it too easy to hide fraud and is not allowed". Rather than "fraud is illegal on Monday", "fraud is also illegal on Tuesday", "fraud is even illegal on holidays"...

Of course we can never achieve 100% with more regulation, but we make it more of a priority to make abuse harder to get away with than elsewhere, presumably increasing overhead in exchange for lowering abuse (yes, this is probably not a strictly linear curve)

[Bartweiss]

In the travel regulations case, we can see, and horrifyingly it's more of a "fraud is illegal on Monday" situation: https://www.defensetravel.dod.mil/Docs/perdiem/JTR.pdf

There are some sensible regulations there, like having someone approve travel requests, but there are also a lot of very narrow restrictions obviously added by someone who wanted to prevent Fraud X, but lacked the authority to change what was already written. The result is that you get more overhead with depressingly little payoff.

In principle you're right about the trade-off, but that's only the case when rule-writers have the authority to sensibly restructure what already exists.

[Bartweiss]

This is a good summary. At a certain point, you honestly can just have a rule against stupid or malicious behavior. The trick is to enforce it carefully and sensibly, rather than to pursue comprehensive objective rules.

Anyone who's played rules-lawyering games like Nomic will be aware that banning all misbehavior explicitly is impossible. You're basically limited to whitelisting approved behaviors, or implementing a general rule against malfeasance. Unless the consequences of misbehavior are enormous, the second option tends to be more efficient.

[nitrogen]

I don't think that necessarily has to be the case. The public conversation could conceivably shift to a cost/benefit analysis of varying levels of enforcement vs. fraud, if only the media would cooperate.

[Bartweiss]

This is definitely the case, because we already see different analyses for different topics.

When it comes to NSF, people worry about overhead and waste. When it's welfare or food stamps, people worry about fraud instead. Some of this is moral - people care about the 'undeserving poor' more than 'undeserving scientists' - because we tend to hate abuse of charity. But it clearly shows that there are different categories of concern, and that the public is capable of examining both topics.

[Bartweiss]

This is exactly the problem. When you have a system that completely ignores inefficiency/overhead but goes berserk over fraud, you get totally absurd incentives. Those 1350 pages probably kept some managers from getting fired, but realistically have been a serious waste of time and money.

At a certain point, you either accept a low level of fraud or just make a rule saying "don't do bad, wasteful stuff." Then you fire anyone who breaks that rule and let things work themselves out. (This has other problems, but they can be addressed.)

Most of bureaucratic stupidity is ultimately moral hazard. Someone pays for one failure case but not another, so they spend absurd amounts minimizing what they're responsible for.

[fapjacks]

I want to work there so bad. USDS or 18F. But I can't get anyone to call me back, even with twenty years working in (and running) startups. Dunno what that's about.

[aschonfeld]

Hi Fapjacks. I'm on the talent team at 18F. Feel free to email me directly at amanda.schonfeld@gsa.gov. We don't have a direct phone number for folks to call, but I will definitely email you back. :)

[bsaul]

Very informative comment, but then, did that change once the usds were in charge ? Because my intuition is that taking over an openly failed project makes it easy for the new team to tell everyone to try and keep things simple.

Then wouldn't the succes not be a matter of technical abilities or process, but rather goodwill by the client side to remain reasonable ?