The Need for More Formality in Government.

Does Pete Buttigieg have the skills to head the Department of Transportation? What about a waiver for Austin for Secretary of Defense? What about others, to be nominated, with various industry ties? And so on.

As these questions will confront the Senate, barring any withdrawals or replacements, the question for me isn’t so much whether Austin gets a waiver, whether Buttigieg gets confirmed, as whether the Senate can formalize their processes more.

Part of the problem with recent confirmations, including those to the Supreme Court, was a worthless process. There is a hippie streak in Republicans when one of their own is in power: do whatever feels good, man. (That same attitude has been used in various Republican-led states on pandemic response, to their detriment.) While there are some statutory rules, including the need for a waiver for a Defense Secretary if the nominee hasn’t been retired long enough from the military, the body itself should have a more formal objection and advisory process.

Standards are needed (including for trials of impeachment). The body needs some amount of bedrock on which questions deserve answers, which do not. If the Senate Judiciary Committee decides that no past cases deserve mentioning in a SCOTUS nomination, that should be a formal rule, not merely a de facto one. While the Senate is a rules-body that can freely ignore its rules, the media reports that as the aberation it is. Therefore, establishing some formal expectations for nominees at least forces wishy-washy reporters to acknowledge the departure from the rules.

The main goal of more formality in the Senate should be to reduce the hypocrisy of those who only care about doing right for the country when it’s the other party’s nominees. Every time there’s a cake-walk, it’s the peoples’ cake that’s eaten. And every time it’s a coal-walk, some good nominees get burned. The amounts of cake and coals should be fixed and standard.

Agents employed by the Russian Federation have again hacked the US Government. In this case it was primarily a supply-chain attack. The government needs more formal software acquisition and distribution rules. The government should almost never receive binary (i.e., precompiled) updates for anything. The government should receive code, that code should be audited, and then compiled and distributed internally.

I’ve loosely followed Debian’s efforts to their make binaries reproducible (as part of a larger effort: Reproducible Builds). The government’s binaries should be similarly compiled. There should be a firm rule: when the government runs any software, it has access to the source and it maintains a compatible environment to compile it.

Obviously that’s a big change to ask for. It would not happen overnight. Neither does the hard work by the folks who work on reproducible builds in various free software projects. No large change in computing is simple. But if the alternative is a broad breach like this, the choice is between formal computing in government or insecurity in government.

The process of formalization is about refining discretion and choice. Most restaurants don’t say: “Here’s a list of ingredients, tell us what you want cooked.” You might be able to order off-menu, if you’re nice and your request is reasonable. By offering a set of choices, the restaurant isn’t depriving you. It’s setting expectations: we know how to make these things well, and we have the stock to make them.

Formalization reduces uncertainty by having a process that can be iterated on if new failures or deficiencies occur.