Forgot your password?
typodupeerror
Government The Almighty Buck United States

FOIA: NSA Contracts Stored In Paper Files, Unsearchable, Unindexed 114

Posted by timothy
from the sorry-I-dropped-your-money-in-my-dungeon dept.
v3rgEz writes "Wish you were a little more organized? Have trouble finding that archived contract when you actually need it? Don't feel too bad: The National Security Agency has the same problem, claiming that its contract database is stored manually and impossible to search by topic, category, or even by vendor in most cases."
This discussion has been archived. No new comments can be posted.

FOIA: NSA Contracts Stored In Paper Files, Unsearchable, Unindexed

Comments Filter:
  • by jcdr (178250) on Thursday November 28, 2013 @01:57PM (#45549829)

    ... there don't want to be vulnerable to others agencies like them !

    • by Mashiki (184564)

      Nah it's probably closer to what I've run across on this job here in Alberta working for a municipal government body. It's laziness, mixed with the "people at the top" not having a feking clue about archival or their desire to move forward. An example: Everyone in the building uses muniware or something else, the people at the top are still doing all the work by hand, and refuse blindly to update. Meeting minutes for city council are all stored on paper, there are no backups, there's no archives, nothin

      • Filed by the 2nd digit from the left of the contract value, then every second letter of the last name of the contractor/agent who signed it.

    • Nothing so advanced, based on my experience in a government contracting office usually it boils down to this:

      Legal requirements for maintaining paper copies
      20+ years of 'this is how we do it'
      current state of 'but digitizing papers with signatures on them requires discipline'

      Trust me, I'd LOVE to have the contracts in an electronic format. It's damned annoying that every time I want to know what changed from one contract mod to the next that I have to get the contracting office to produce a scanned (but not

      • by Dr_Barnowl (709838) on Friday November 29, 2013 @05:00AM (#45553681)

        play 'guess what one line changed' on a 200 page document.

        This is why ALL government documents (law, contracts, etc) should be kept as a relatively plain text format in a Git repo, and if any party wants to change it, it should get branched, commits should be signed, and merges should should also be signed by those who approved them.

        It would be most informative to see who proposed the "kill people and make them into soylent green" filibusters to "The Happy Kittens and Gifts To Orphans Bill"

        • This is why ALL government documents (law, contracts, etc) should be kept as a relatively plain text format in a Git repo, and if any party wants to change it, it should get branched, commits should be signed, and merges should should also be signed by those who approved them.

          As someone who has worked with contracts, I can honestly say that what SHOULD happen (in my world, at least) is that while the contract is being negotiated, a version history showing proposed changes should be kept, but once a contract has been agreed by all parties, that history should be wiped and the agreed contract should be frozen with no further updates, and signed by all parties involved.
          Any subsequent updates should result in a branch of the original, with the updates included as additional appendic


    • There's little doubt this is intentional.

      The primary 'hackers' that the NSA is worried about is Congressional oversight and the Government Accountability Office, or any kind of auditors.

      Inability to find relevant information is precisely the goal.

       
      • by slick7 (1703596)

        There's little doubt this is intentional. The primary 'hackers' that the NSA is worried about is Congressional oversight and the Government Accountability Office, or any kind of auditors. Inability to find relevant information is precisely the goal.

        ...and it will be too late when it is found. Mission accomplished.

    • by slick7 (1703596)

      ... there don't want to be vulnerable to others agencies like them !

      The NAZI's were anal about records and look what happened to them, "they" became the CIA under Operation Paperclip. How's that for justice?

  • by skaralic (676433) on Thursday November 28, 2013 @01:59PM (#45549857)
    On the upside, for the NSA, that makes a Snowden-like leak pretty much impossible.
    • by DrLang21 (900992)
      This very well may have been the point.
      • by Psykechan (255694) on Thursday November 28, 2013 @05:01PM (#45550995)

        Then the purpose of gathering the data was pointless too. If these files are truly "unsearchable" then it has absolutely no value and the act of storing it is a waste of taxpayer money.

        This is simply a tactic to make it more difficult for FOIA requests. Terry Childs went to jail over this sort of gross negligence. Whomever designed this system should also be held responsible.

        Sadly the text of the FOIA [cornell.edu] doesn't really talk about penalties for non compliance, it just states that the AG should submit a report. Yea, good luck with that.

        • by beatle42 (643102)
          Gathering which data was pointless? A contract officer can surely put their hands on whatever contracts they need, but no one can easily find information about contracts they aren't managing. For an organization that tries to be highly compartmentalized that really sounds like a pretty good thing. Making it difficult for someone who doesn't specifically know what they want to get information is the point, FOIA is just one avenue they care about.
        • by jalopezp (2622345)

          s/whomever/whoever/

          'Who(m)ever designed this system' is a subject clause of the sentence. Within this clause, 'Who(m)ever' is the subject of design. You use whomever for subjects.

  • It's called a Hollerith card tabulating machine. I can make you a good price!
    • by guttentag (313541) on Thursday November 28, 2013 @02:55PM (#45550249) Journal

      It's called a Hollerith card tabulating machine. I can make you a good price!

      NSA PROCUREMENT OFFICE (EQUIPMENT DIVISION)

      Mr. Kyosuke:

      Thank you for your recent letter offering a good price on a Hollerith machine. I regret to inform you that the NSA already has several of these in its possession that were purchased at an IBM auction of surplus machines [wikipedia.org] that had been leased to the German government [huffingtonpost.com] in the 1940s. We have made many custom improvements to the German machines over the years and would not think of wasting them on something as trivial as contracts.

      However, as replacement parts for these machines are in short supply and knowledge of their purpose is a forgotten state secret we have sent agents from the Procurement Office (Human Division) to collect you and your machine. They are at your front and back doors now. Please cooperate with them fully to make this easier on everyone.

      Again, thank you for contacting the NSA and helping us keep you safe.

  • by koan (80826)

    Kind of strange reading this as I always assumed that's how it would be, obfuscated.
    Still it's weirdly titillating to see it confirmed.

    • Re:Huh (Score:4, Insightful)

      by somersault (912633) on Thursday November 28, 2013 @02:12PM (#45549969) Homepage Journal

      The quote is:

      A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.

      Tantamount means "equivalent in seriousness to; virtually the same as." So they didn't actually directly say that these files are on paper. Though there isn't any other explanation for why it would require a manual search. Either way, how can we actually trust that they're telling the truth there?

      • by lennier (44736)

        The quote is:

        A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders

        Tantamount means "equivalent in seriousness to; virtually the same as."

        In other words, the NSA has so many computer network attacks going on that if you asked them to report on them they'd just throw their hands up and say, "well, which of six billion attacks do you want us to tell you about? A least narrow it down to a few hundred thousand by telling us your IP address and the date!"

  • Misleading summary (Score:5, Informative)

    by Walking The Walk (1003312) on Thursday November 28, 2013 @02:08PM (#45549933)
    That summary is misleading. It's based on an NSA response to a FOI request, worded as follows:

    A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.

    (emphasis mine)

    That could be network folders (ie: directories) and Word documents, they never said anything was on "paper". The way I read that quote was that they've got heaps of contracts, stored in lots of directories, and even if they did a search they'd have to read each document returned to see if it was a contract pertaining to the FOI request. They're trying to say that's too burdensome, which in theory gives them a way of not supplying the information. In practice, a judge might decide they should be able to do the search in a reasonable amount of time, and force them to comply.

    • by Anonymous Coward

      Why not give it to google?

    • by Sarten-X (1102295) on Thursday November 28, 2013 @04:21PM (#45550699) Homepage

      It's worse than that. The actual response begins:

      This responds to your Freedom of Information Act (FOIA) request of 20 September 2013, which was received by this office on 20 September 2013, for "copies of contracts containing any of the following keywords or phrases: "CNO", "CAN", "CND", "CNE", "computer network exploitation," "computer network defense," "computer network attack," "computer network operations", "exploits" and/or "implants," and related services over the past 5 years. If retrieving the contracts themselves is too burdensome, please provide a list of contracts."

      From that, it appears the FOIA request was actually asking for any contract including the word "can", amongst other things. It's probably a shorter list to find contracts that don't fall into this request.

      The response continues:

      As we have advised in your previous FOIA requests regarding contract data, acquisition contract files could be more reasonably searched if a contract number, company name with address, and service award date were provided. However, there are many instances when contract information is not retrievable by company name alone; some companies may have several locations, or there may be a number variations of the same name based on a name or keyword.

      Or, in other words, if you have a particular contract or contractor, they can pull that easily. I'll infer from that that they have a big table of contracts with contractor name/address, date, and number, and those contracts can then be pulled by number from their probably-digital storage, but running a full-text search on all of their contracts for 5 years is not what the database is set up to do.

      • "or contractor" won't get you results according to the quote. The FOIA requester should write a regex search, pass it to Snowden, and get back a more specific and detailed request that would bypass the current objections. I doubt they'd actually get their information, even if their requests were quite specific.
      • by drinkypoo (153816)

        This responds to your Freedom of Information Act (FOIA) request of 20 September 2013, which was received by this office on 20 September 2013, for "copies of contracts containing any of the following keywords or phrases: "CNO", "CAN", "CND", "CNE", "computer network exploitation," "computer network defense," "computer network attack," "computer network operations", "exploits" and/or "implants," and related services over the past 5 years. If retrieving the contracts themselves is too burdensome, please provide a list of contracts."

        From that, it appears the FOIA request was actually asking for any contract including the word "can", amongst other things. It's probably a shorter list to find contracts that don't fall into this request.

        I know that Slashdot doesn't quite have the standards that it had "back in the day", but most of us have figured out how to perform a case-sensitive search.

        • I know that Slashdot doesn't quite have the standards that it had "back in the day", but most of us have figured out how to perform a case-sensitive search.

          Probably not; most of 'us' think that MySQL is a real database.

    • NY State agencies have had to hire additional staff for the primary purpose of complying with FOIL requests. If our state with only 6.5% income tax can do it, surely the feds with their 25% income tax can afford to...

    • by jspoon (585173)
      If the last 6 months have taught us anything, it's that the contracts in question are likely in the format of Powerpoint slideshows.
    • by EETech1 (1179269)

      Funny how they can sift through and filter nearly every conversation going on anywhere in the world, as well as search all of the traffic on the Internet for keywords and phrases in REAL TIME, and store this for analysis, but they can't do the same procedure on their own network, and search their own computers to find out information about what they've been doing in any reasonable amount of time.

      Nice!

    • In practice, a judge might decide they should be able to do the search in a reasonable amount of time, and force them to comply.

      Judges don't force the NSA to do anything. Kiddie porn puts a judge in the slammer as quickly as anyone else. The "That's not mine, I didn't download that! And those logs must have been fabricated! I'm being setup!" doesn't work any better for judges than anyone else, when it comes to kiddie porn.

  • by timmyf2371 (586051) on Thursday November 28, 2013 @02:12PM (#45549963)

    Perhaps they do this as they know they can easily retrieve the copies of the contracts from the vendors' own systems if they ever need to access them.

  • aha (Score:4, Insightful)

    by superwiz (655733) on Thursday November 28, 2013 @02:19PM (#45550019) Journal
    And if you believe that, I have some healthcare to sell you.
    • by guttentag (313541)

      And if you believe that, I have some healthcare to sell you.

      You can keep your stinking healthcare! Oh wait...

  • by PPH (736903) on Thursday November 28, 2013 @02:47PM (#45550177)

    Old idea. My financial records are all on paper. In an unheated storage space. When the IRS wants to audit me, they are welcome to sit in there and go through whatever they want.

    • Old idea. My financial records are all on paper. In an unheated storage space. When the IRS wants to audit me, they are welcome to sit in there and go through whatever they want.

      When the IRS wants to audit you, you'll be ordered to gather up all those paper records and bring them in.

      You don't want the IRS visiting your house. They have a reputation for doing so in very unsubtle ways.

      • by PPH (736903)

        You don't want the IRS visiting your house.

        Like I said, unheated warehouse. They don't know where I live.

        • Actually, you said unheated storage space. That could be a basement or a closet.

          But if you file taxes, trust me. They know where you live.

          • by drinkypoo (153816)

            But if you file taxes, trust me. They know where you live.

            Maybe, maybe not. If he doesn't own his home, and it's an asset of a corporation to which he is affiliated, it might be lost in the noise.

            • But if you file taxes, trust me. They know where you live.

              Maybe, maybe not. If he doesn't own his home, and it's an asset of a corporation to which he is affiliated, it might be lost in the noise.

              You have to put your address on the 1040 along with your SSN and swear under penalty of perjury that it is correct. The IRS is good friends with the FBI (just ask Al Capone). The FBI chats with the NSA.

              You're doomed.

              • by drinkypoo (153816)

                You have to put your address on the 1040 along with your SSN and swear under penalty of perjury that it is correct.

                Which address? You don't put them all on if you've got multiple homes.

                • You have to put your address on the 1040 along with your SSN and swear under penalty of perjury that it is correct.

                  Which address? You don't put them all on if you've got multiple homes.

                  Give me a break. There's this concept known as the "legal address", which is usually the person's primary address. It's used not only for hunting down and persecuting people but also as the place to send refund checks (or penalty assessments) to.

                  However, the point is, the IRS has the resources of the Department of the Treasury at its beck and call if it has reason to want your tax records and you get snotty about it. You can use a dropoff mailbox on the return and hide that way, but if they want you, they c

    • by steelfood (895457)

      Which they will.

      But they'll also have access to heaps of electronic records kept by others as well. Ever use a credit card to make purchases? Is your money tucked away in a bank? It's all traceable.

      Unless you're exclusively paying cash, and asking for hand-written receipts, how your records are stored is not going to hinder them in the slightest.

    • by knarf (34928)

      With a sign reading 'beware of the leopard' on the door, I assume?

  • The NSA is evil, not stupid, and this would be very smart.

    • by ewieling (90662)
      I have very little in common with the NSA, but there is one thing. If I want total privacy I must spend so many resources to accomplish my goal that I will have no resources left to accomplish anything else. The NSA has a similar problem. The alternative is to strike a balance. I don't know if keeping all the NSA's contracts only on paper is worth the additional security, but I doubt it. The worst of my secrets are simply embarrassing. I don't know what the worst of the NSA's secrets might be, but
      • by mlts (1038732) *

        Devil's advocate:

        Keeping everything on paper may seem antiquated, perhaps slow... but it wasn't that long ago when a spreadsheet was a true ledger, but with someone who can do double entry bookkeeping, this isn't an impossible task.

        It will be going back in time to the '60s and '70s, but for low-volume transactions, a business could get by with carbon paper (so entries are kept in duplicate or triplicate), ledgers, and such. If one is worried about calculators, there are mechanical adding machines which wor

    • by dbIII (701233)
      Given the star trek set thing and Snowden getting hold of all this stuff in the first place there seems to be a mountain of evidence building up for stupidity.
  • by sandbagger (654585) on Thursday November 28, 2013 @03:03PM (#45550301)

    It's legally safer for them to say that they're incompetent.

    • by BlueStrat (756137)

      It's legally safer for them to say that they're incompetent.

      Why should they bother saying anything? They can simply stonewall everything/everyone. You think anyone in the DoJ will prosecute them or act to carry out or enforce any rulings, subpoenas, or warrants from Congress or even the SCOTUS (John Marshall has made his decision, now let him enforce it." - Andrew Jackson)?

      Laws don't apply to those who rule and not govern. That's why Congress gave itself a pass on participating in the ACA and from insider-trading laws & regulations They view themselves as rulers

  • Unauditable. A simple match enables them to deny everything.
  • by Anonymous Coward

    It should be expected. The NSA has very little technical savvy, nor any sizable budget for computer equipment. They're too busy doing their jobs, to worry about extracting useful information out of data.

  • Perhaps it might be fun to bury them in an storm of small invoices so they spend all their time invalidating them.
  • If only they had a massive budget and an alarmlingly large team of data analysis and signals intelligence experts to cope with this problem.... Poor guys, suffering like that.
  • What do all government contracts have in common? Payment of the contractor.

    Ask whoever writes NSA's checks (probably DFAS, Defense Finance and Accounting Center) for all contract numbers between NSA and (list of interesting companies). Then ask NSA for copies of those specific contracts.

    It would not surprise me at all to find out that whichever payment agency, and you may rest assured they are automated, also has copies of the contracts themselves, so while you are at it with the request above, ask for

    • by Whorhay (1319089)

      Trust me you don't want to try and get any kind of useful information out of DFAS. That system is about as broken as a thing can be while still managing to accomplish anything. I know a guy who made an error setting up a new allotment and they told him they can't do anything to fix it until it has actually been processed through at least one whole pay period, which for him won't happen until after the new year, and this came up a couple months ago.

  • Couldn't they just use their backdoor access to Google to scan them using googles book scanning magic and be done in about 20 minutes? Oh, that's right, they're lieing . For a moment I thought this was just their clever way of storing their contracts so they couldn't be searched. Then I remembered, they don't give a fuck.

  • A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.

    Going from that to "ZOMG! NSA has contracts only on paperz!" seems a bit of a stretch.

    http://search.slashdot.org/comments.pl?sid=4497283&cid=45550699 [slashdot.org]

  • This isn't a bug; it's a feature.

    If you don't want to be spied on, or digitally robbed (or have digitized voting results and elections changed with laughable ease), go manual and physical. At least then they have to break into your house, or hire someone to friend you up to get into your home or business or doctor's office. Makes 'em work hard. At least make them take a personal interest, rather than just vacuuming up everyone's life indiscriminately and sorting through the mess at will later to nail people

PLUG IT IN!!!

Working...