Senate Not Concerned About How Often NSA Spies On Americans, But Very Concerned That It Built Open Source Software To Do So

from the priorities,-people dept

Wired has a troubling story of how the Senate Armed Services Committee is pushing a bill that would likely kill off an open source NoSQL project that came out of the NSA called Accumulo. Like many other such NoSQL efforts, the NSA basically took some Google white papers about its BigTable distributed database setup, and built its own open source version, with a few improvements… and then open sourced the whole thing and put it under the Apache Foundation. It’s kind of rare to see such a secretive agency like the NSA open source anything, but it does seem like the kind of thing that ought to be encouraged.

Unfortunately, the Senate Armed Services Committee sees things very differently. As part of a 600-page bill that’s being floated, it actually calls out Accumulo by name, and suggests that it violates a policy that says the government shouldn’t build its own software when there are other competing commercial offerings on the market. The reasoning is basically that the government shouldn’t spend resources reinventing the wheel if it can spend fewer resources using existing code. You can see the basic reasoning behind that, but applying it here makes little sense. As the article notes, here we’re talking about software that’s already been developed and released — not a new effort to rebuild existing software. In fact, those who follow this stuff closely note that Accumulo did “break new ground” with some of its features when it was being built. To then kill it afterwards seems not just counterproductive, but could also create a chilling effect for government open source efforts, which seem like something we should be encouraging, not killing.

What’s really odd is the close interest that the Senate seems to be paying to this. The discussion is very specific, naming Accumulo and some of the competing offerings on the market. They’re specifically calling out this one product. Of course, as Julian Sanchez notes, there’s a bit of irony in the fact that the very same Senate appears to have absolutely no interest in finding out how often the NSA spies on Americans… but sure is concerned about what database it uses to store all of the information it’s getting.

Of course… all of this raises a separate issue in my mind: can the NSA even open source Accumulo? I though that creations of the federal government were automatically public domain, rather than under copyright. And, thus, putting it under a specific license might, in fact, present limitations that the government can’t actually impose on the software…. Thus, shouldn’t the software code actually be completely open as a public domain project? The government should be able set up an Apache-like setup, but one without any restrictions on the code.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Senate Not Concerned About How Often NSA Spies On Americans, But Very Concerned That It Built Open Source Software To Do So”

Subscribe: RSS Leave a comment
34 Comments
Anonymoussays:

The policy actually states that the government cannot spend money to build software when it would be less expensive to buy a commercial software product. Not that it can’t build software if there is a competing commercial product.

It’s a distinction that will probably end up in favor of the NSA actually, since they undoubtedly made a product with features that weren’t offered in a commercial product and would have been expensive to contract a commercial entity to add.

Wallysays:

Re: Re: Re:2 Re: Re: Re: Re: The Real Problem With Open Source Spy Software

Try cracking into the database….you’ll have the FBI, CIA, Secret Service, and a SWAT Twam knocking at your door pdq.

There is so much superfluous data and information going through their systems it really doesn’t matter if they have your personal information. Nobody else but the NSA can see what they have collected without an order from the CIA.

I think it’s safe to say congress is just worried that they aren’t “stimulating” the economy by spending away the federal budget (or lack thereof).

el_segfaultosays:

I get this a lot

I work for a state government as a developer. There are a number of projects that I’ve been involved with where the mere mention of using open source software is met with derision. The cost/benefit analysis I typically give is that a few weeks of my salary is far less than a commercial purpose, but even then we still shop around and get quotes from contractors (where the real money is!).

My personal theory is that no government agency wants to save money since it means they’ll have to do without the difference for the next budget cycle. I’ve heard stories of tens of thousands of dollars being spent on useless software just to ensure that the agency in question would be able to maintain their budget.

Ninjasays:

Re: Re: I get this a lot

I’m not a developer but I see your point as a state government employee. Once you lose the budget it’ll be a war that will last months, if not years to get it back. Sometimes you must “waste” the money to make sure you won’t miss it in the future. You can’t “save” that money for later, bigger and more important projects as it often would be possible if it wasn’t for the budget issue.

I think a more sensible and reasonable solution would be to keep the unused portion of the budget as a credit to the agency/department (up to a limit and/or to an amount that finances a bigger project) for posterior use.

Wishful thinking. People sometimes are quick to point the waste of taxpaying money but they aren’t aware of the bureaucracy hell inside Governmental bodies that end up forcing all sorts of inefficiency.

Fritzrsays:

Re: Re: Re: Re: I get this a lot

The reasoning behind the current system is that each budget request specifies what if being paid for. Unneeded money is then available for other agencies to use for their needs.

The effect of budget reviewers saying your are asking How Much!! for this change??? is simple. Budget authors pad the request and require the purchasing agents in the department to make sure the entire request is used, preferably with a little bit of a budget overrun that can be used to justify “We failed to ask for enough last time…give us a raise to cover our expected needs”

Actually planning and requesting one time funding for a project is a nightmare as there is no history for the budget committee to look at and see that the request is not unusual. Unusual in the eyes of the bureaucratic bean counter is almost identical to unnecessary.

jessejsays:

I'm reminded of a book . . .

I read ‘The First Circle’ by A. Solzhenitsyn (sp?) back in the early 70’s. He described Russian bureaucrats as always buying large 50 gal drums of black ink at the end of every fiscal year, to use up their budgets by getting a resource they could ‘always use’ and show the higher ups that they would need at least the same amount of cash for the next annual funding cycle. That was an old idea back then. Naturally, there were warehouses full of ink barrels . . .

Wallysays:

Spending

NSA: Let’s save money using an open source language and code to save money. We can help keep the country safe without the red tape involved.

Senate (publicly): We want to know how many people you’ve spied on Americans.

NSA: You don’t have the security clearence or the brain power to know what is actually done.

Senate (privately): How dare you not SPEND money to create jobs.

Given the current US economy, the fact that the NSA used open source programming languages to do any spying makes a lot of sense. Under the GNU, you have to distribute it for free if you release the code to the public. Since they haven’t released the code to the public, I see no problem with that. They saved their department a lot of money and made us slightly less dependent on the government. Well you know how spending alone creates debt….and that’s why our debt ceieling is so high.

Re: Re: Re: Re: Spending

Sorry, TechDirt apparently strips anything following an open angle bracket. Someone needs 3 whacks with the eager-sanitization stick.

* “open source programming languages” — who said anything about programming languages? This is open-source software.
* “Under the GNU” — It’s the Apache License, not the GPL (if that’s what you meant to refer to)
* “you have to distribute it for free if you release the code to the public” — You have deeply misunderstood the GPL. It’s the other way around. Sort of. And the GPL places no burden on the original author, only on licensees.

What Restrictions does the Apache License place on code?

“The government should be able set up an Apache-like setup, but one without any restrictions on the code.”

What restrictions does the Apache License place upon the code?

The license, as I understand it; says one can do anything to the code. You can modify it; extend it, sell it, create your own version without any restrictions, release it under a different license, etc…

I’m surprised at how open the Apache license is.

Fritzrsays:

Re: Re: What Restrictions does the Apache License place on code?

The unmodified NSA code can probably be treated as Public Domain, but the contributions from outsiders to the Apache Project are not government contributions and will be subject to the license limitations.

It makes sense to put it out as a licensed managed project, rather than simply posting the source & docs on a website and saying “This is public domain, take it or leave it”.

The managed project will gather outside improvements that are then available for the classified internal version of NoSQL.

Pseudonymsays:

Re: Re: Re: Re: What Restrictions does the Apache License place on code?

Yes. Anything the NSA writes is public domain, but there’s nothing that prevents them from donating that public domain code to the Apache project and them slapping a copyright notice on any modified version they maintain or release.

Sad Macsays:

Re: Re: Re: Re: Re: Re: What Restrictions does the Apache License place on code?

I’m not sure how why they would. I don’t think the NSA would be inclined to release such software in the first place. Even if the program language is under public domain, they still have the right not to release the code they created. Why should they?

Anonymoussays:

Re: Re: Time To Dig

Maybe managed by Lockheed, but the real movers behind the scenes are likely to be Microsoft, Oracle, IBM or some combination of them. They make a lot of money out of database software. The last thing they want is open source software getting used on any large scale. There will have been plenty of late night calls to senators, making all kinds of threats and promises.

Dig a little deeper.

Wallysays:

Re: Re: Disclosure

“You know, with all this new ability to spy on us, I wonder how stringently they are following the “No Disclosure Without Consent Rule.” “

They follow it quite well. People tend to forget that human beings actually work at the NSA unlike congess, where we have a bunch of howler monkies trying to gain power for their side alone. I kind of wish congess would see we are human as the NSA does.

Rapnelsays:

I will

I will take this kit that readily serves many of my needs. I will make it better by fine tuning it to suite my needs better. I will not be thwarted by agreements, closed source, non-disclosure, meetings and money. I will make it better by making it serve many more needs. I will return it from whence it came and I will return it in a better state than that which I found it in.

Now, if only we could do that with the Congress.

Open source. Open media. Open government.

If you do not subscribe to at least two of the above, in whole or in part, then you might be part of a rather sizable problem.

As for prioritizing the “issue” of software selection over one of the very tenets of this fucking country… fuck you you worthless pieces of shit.

DrZZsays:

federal government works

I though that creations of the federal government were automatically public domain, rather than under copyright.

Depends on how you define “creations of the federal government”. Works that are created by federal employees can not be copyrighted, but works directed by federal employees, but actually done by contractors can be copyrighted. (more info) It is not who pays for it, it is who actually does the writing that counts. I couldn’t tell from the article whether contractors were used or not.

Waynesays:

Government Copyright

It all comes down to how the government built the software. If it was contracted, then the contractor gets the copyright and the government gets “government purpose rights”.

If the government actually built it with government employees then it would be public domain in terms of copyright law but it might still be restricted from release to the general public (in context think trade secret rather than patent).

Different parts can be under different restrictions. So, even if the project is open source, any changes done by the government may still be restricted or otherwise withheld from the general public. The government can, at that point, still license the software under those restrictions.

Of course, if someone stuck those changes in a public git repository (in an official capacity) then it seems moot, but that’s why we have so many lawyers.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
09:00 Awesome Stuff: Monitor Everything (5)
09:00 Awesome Stuff: Cool Components (1)
12:42 Tech Companies Ask European Commission Not To Wreck The Internet -- And You Can Too (4)
09:00 Awesome Stuff: Play & Listen (1)
09:00 Awesome Stuff: Beyond Chiptunes (12)
09:00 Awesome Stuff: Updated Classics (3)
09:00 Awesome Stuff: Celebrating Cities (1)
09:00 Awesome Stuff: Crafts Of All Kinds (5)
09:00 Awesome Stuff: One Great Knob (13)
09:00 Awesome Stuff: Simple Geeky Toys (2)
09:00 Awesome Stuff: Gadgets For The New Year (18)
09:00 Awesome Stuff: A Post-Holiday Grab Bag (0)
13:34 How Private-Sector Innovation Can Help Those Most In Need (21)
09:00 Awesome Stuff: Towards The Future Of Drones (17)
09:00 Awesome Stuff: Artisanal Handheld Games (5)
09:00 Awesome Stuff: A New Approach To Smartphone VR (5)
09:00 Awesome Stuff: Let's Bore The Censors (37)
09:00 Awesome Stuff: Open Source For Your Brain (2)
09:00 Awesome Stuff: The Final Piece Of The VR Puzzle? (6)
09:00 Awesome Stuff: The Internet... Who Needs It? (15)
09:00 Awesome Stuff: The Light Non-Switch (18)
09:00 Awesome Stuff: 3D Printing And Way, Way More (7)
13:00 Techdirt Reading List: Learning By Doing (5)
12:43 The Stagnation Of eBooks Due To Closed Platforms And DRM (89)
09:00 Awesome Stuff: A Modular Phone For Makers (5)
09:00 Awesome Stuff: Everything On One Display (4)
09:00 Awesome Stuff: Everything Is Still A Remix (13)
09:00 Awesome Stuff: Great Desk Toy, Or Greatest Desk Toy? (6)
09:00 Awesome Stuff: Sleep Hacking (12)
09:00 Awesome Stuff: A Voice-Operated Household Assistant (19)
More arrow