FOIA: NSA Contracts Stored In Paper Files, Unsearchable, Unindexed 114
v3rgEz writes "Wish you were a little more organized? Have trouble finding that archived contract when you actually need it? Don't feel too bad: The National Security Agency has the same problem, claiming that its contract database is stored manually and impossible to search by topic, category, or even by vendor in most cases."
There really know why... (Score:5, Insightful)
... there don't want to be vulnerable to others agencies like them !
Re: (Score:3)
Nah it's probably closer to what I've run across on this job here in Alberta working for a municipal government body. It's laziness, mixed with the "people at the top" not having a feking clue about archival or their desire to move forward. An example: Everyone in the building uses muniware or something else, the people at the top are still doing all the work by hand, and refuse blindly to update. Meeting minutes for city council are all stored on paper, there are no backups, there's no archives, nothin
Re: (Score:1)
Filed by the 2nd digit from the left of the contract value, then every second letter of the last name of the contractor/agent who signed it.
Re: (Score:3)
Nothing so advanced, based on my experience in a government contracting office usually it boils down to this:
Legal requirements for maintaining paper copies
20+ years of 'this is how we do it'
current state of 'but digitizing papers with signatures on them requires discipline'
Trust me, I'd LOVE to have the contracts in an electronic format. It's damned annoying that every time I want to know what changed from one contract mod to the next that I have to get the contracting office to produce a scanned (but not
Re:There really know why... (Score:4, Insightful)
play 'guess what one line changed' on a 200 page document.
This is why ALL government documents (law, contracts, etc) should be kept as a relatively plain text format in a Git repo, and if any party wants to change it, it should get branched, commits should be signed, and merges should should also be signed by those who approved them.
It would be most informative to see who proposed the "kill people and make them into soylent green" filibusters to "The Happy Kittens and Gifts To Orphans Bill"
Re: (Score:2)
This is why ALL government documents (law, contracts, etc) should be kept as a relatively plain text format in a Git repo, and if any party wants to change it, it should get branched, commits should be signed, and merges should should also be signed by those who approved them.
As someone who has worked with contracts, I can honestly say that what SHOULD happen (in my world, at least) is that while the contract is being negotiated, a version history showing proposed changes should be kept, but once a contract has been agreed by all parties, that history should be wiped and the agreed contract should be frozen with no further updates, and signed by all parties involved.
Any subsequent updates should result in a branch of the original, with the updates included as additional appendic
It's not just for information security (Score:3)
There's little doubt this is intentional.
The primary 'hackers' that the NSA is worried about is Congressional oversight and the Government Accountability Office, or any kind of auditors.
Inability to find relevant information is precisely the goal.
Re: (Score:2)
There's little doubt this is intentional. The primary 'hackers' that the NSA is worried about is Congressional oversight and the Government Accountability Office, or any kind of auditors. Inability to find relevant information is precisely the goal.
...and it will be too late when it is found. Mission accomplished.
Re: (Score:2)
... there don't want to be vulnerable to others agencies like them !
The NAZI's were anal about records and look what happened to them, "they" became the CIA under Operation Paperclip. How's that for justice?
Re: (Score:2)
Stux teh NSA. Do it today!
Re: (Score:3)
I am not drunk, but I don't speak English !
This make the same result, you will say...
Re: (Score:2)
If you aren't drunk and write English as if you were drunk, then maybe you'll write proper English when you are drunk.
Re: (Score:2)
Re:There really know why... (Score:4, Funny)
Impossible to steal too... (Score:4, Insightful)
Re: (Score:2)
Re:Impossible to steal too... (Score:4, Interesting)
Then the purpose of gathering the data was pointless too. If these files are truly "unsearchable" then it has absolutely no value and the act of storing it is a waste of taxpayer money.
This is simply a tactic to make it more difficult for FOIA requests. Terry Childs went to jail over this sort of gross negligence. Whomever designed this system should also be held responsible.
Sadly the text of the FOIA [cornell.edu] doesn't really talk about penalties for non compliance, it just states that the AG should submit a report. Yea, good luck with that.
Re: (Score:1)
Re: (Score:2)
s/whomever/whoever/
'Who(m)ever designed this system' is a subject clause of the sentence. Within this clause, 'Who(m)ever' is the subject of design. You use whomever for subjects.
I have this marvellous new invention for you! (Score:2)
Re:I have this marvellous new invention for you! (Score:5, Funny)
It's called a Hollerith card tabulating machine. I can make you a good price!
NSA PROCUREMENT OFFICE (EQUIPMENT DIVISION)
Mr. Kyosuke:
Thank you for your recent letter offering a good price on a Hollerith machine. I regret to inform you that the NSA already has several of these in its possession that were purchased at an IBM auction of surplus machines [wikipedia.org] that had been leased to the German government [huffingtonpost.com] in the 1940s. We have made many custom improvements to the German machines over the years and would not think of wasting them on something as trivial as contracts.
However, as replacement parts for these machines are in short supply and knowledge of their purpose is a forgotten state secret we have sent agents from the Procurement Office (Human Division) to collect you and your machine. They are at your front and back doors now. Please cooperate with them fully to make this easier on everyone.
Again, thank you for contacting the NSA and helping us keep you safe.
Re: (Score:2)
> replacement parts for these machines are in short supply
Sounds like a job for 3D printing.
http://www.marketplace.org/topics/business/typewriters-somehow-still-demand [marketplace.org]
Huh (Score:1)
Kind of strange reading this as I always assumed that's how it would be, obfuscated.
Still it's weirdly titillating to see it confirmed.
Re:Huh (Score:4, Insightful)
The quote is:
A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.
Tantamount means "equivalent in seriousness to; virtually the same as." So they didn't actually directly say that these files are on paper. Though there isn't any other explanation for why it would require a manual search. Either way, how can we actually trust that they're telling the truth there?
Re: (Score:2)
The quote is:
A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders
Tantamount means "equivalent in seriousness to; virtually the same as."
In other words, the NSA has so many computer network attacks going on that if you asked them to report on them they'd just throw their hands up and say, "well, which of six billion attacks do you want us to tell you about? A least narrow it down to a few hundred thousand by telling us your IP address and the date!"
Re: (Score:2)
Also makes it much easier to give contracts to you friends and family.
Misleading summary (Score:5, Informative)
A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.
(emphasis mine)
That could be network folders (ie: directories) and Word documents, they never said anything was on "paper". The way I read that quote was that they've got heaps of contracts, stored in lots of directories, and even if they did a search they'd have to read each document returned to see if it was a contract pertaining to the FOI request. They're trying to say that's too burdensome, which in theory gives them a way of not supplying the information. In practice, a judge might decide they should be able to do the search in a reasonable amount of time, and force them to comply.
Re: (Score:1)
Why not give it to google?
Re:Misleading summary (Score:4, Informative)
It's worse than that. The actual response begins:
This responds to your Freedom of Information Act (FOIA) request of 20 September 2013, which was received by this office on 20 September 2013, for "copies of contracts containing any of the following keywords or phrases: "CNO", "CAN", "CND", "CNE", "computer network exploitation," "computer network defense," "computer network attack," "computer network operations", "exploits" and/or "implants," and related services over the past 5 years. If retrieving the contracts themselves is too burdensome, please provide a list of contracts."
From that, it appears the FOIA request was actually asking for any contract including the word "can", amongst other things. It's probably a shorter list to find contracts that don't fall into this request.
The response continues:
As we have advised in your previous FOIA requests regarding contract data, acquisition contract files could be more reasonably searched if a contract number, company name with address, and service award date were provided. However, there are many instances when contract information is not retrievable by company name alone; some companies may have several locations, or there may be a number variations of the same name based on a name or keyword.
Or, in other words, if you have a particular contract or contractor, they can pull that easily. I'll infer from that that they have a big table of contracts with contractor name/address, date, and number, and those contracts can then be pulled by number from their probably-digital storage, but running a full-text search on all of their contracts for 5 years is not what the database is set up to do.
Re: (Score:2)
Re: (Score:3)
This responds to your Freedom of Information Act (FOIA) request of 20 September 2013, which was received by this office on 20 September 2013, for "copies of contracts containing any of the following keywords or phrases: "CNO", "CAN", "CND", "CNE", "computer network exploitation," "computer network defense," "computer network attack," "computer network operations", "exploits" and/or "implants," and related services over the past 5 years. If retrieving the contracts themselves is too burdensome, please provide a list of contracts."
From that, it appears the FOIA request was actually asking for any contract including the word "can", amongst other things. It's probably a shorter list to find contracts that don't fall into this request.
I know that Slashdot doesn't quite have the standards that it had "back in the day", but most of us have figured out how to perform a case-sensitive search.
Re: (Score:2)
I know that Slashdot doesn't quite have the standards that it had "back in the day", but most of us have figured out how to perform a case-sensitive search.
Probably not; most of 'us' think that MySQL is a real database.
Re: (Score:2)
NY State agencies have had to hire additional staff for the primary purpose of complying with FOIL requests. If our state with only 6.5% income tax can do it, surely the feds with their 25% income tax can afford to...
Re: (Score:3)
Re: (Score:3)
Funny how they can sift through and filter nearly every conversation going on anywhere in the world, as well as search all of the traffic on the Internet for keywords and phrases in REAL TIME, and store this for analysis, but they can't do the same procedure on their own network, and search their own computers to find out information about what they've been doing in any reasonable amount of time.
Nice!
Re: (Score:1)
In practice, a judge might decide they should be able to do the search in a reasonable amount of time, and force them to comply.
Judges don't force the NSA to do anything. Kiddie porn puts a judge in the slammer as quickly as anyone else. The "That's not mine, I didn't download that! And those logs must have been fabricated! I'm being setup!" doesn't work any better for judges than anyone else, when it comes to kiddie porn.
Re: (Score:2)
And clearly they dont understand the concept of regular expressions, or of parsing data files.
Neither of those really works on a scanned PDF of a quick design sketch someone made, or the photos of the defective materials encountered, or the 3D models of the parts for the engineers.
catalog their data and store some metadata to help them process additional FOIA requests
That gets in the way of the real work, though, and isn't actually required by the FOIA, so actually dedicating funding to such things is unlikely to happen.
...it's as if the NSA still thinks the american public are...
The situations are in no way even close to comparable.
Your strawman's falling down.
It's appears much more that the FOIA request was asking for a broad swath of information across several programs that don't have a common
Re: (Score:1)
And clearly they dont understand the concept of regular expressions, or of parsing data files.
Neither of those really works on a scanned PDF of a quick design sketch someone made, or the photos of the defective materials encountered, or the 3D models of the parts for the engineers.
catalog their data and store some metadata to help them process additional FOIA requests
That gets in the way of the real work, though, and isn't actually required by the FOIA, so actually dedicating funding to such things is unlikely to happen.
...it's as if the NSA still thinks the american public are...
The situations are in no way even close to comparable.
Your strawman's falling down.
It's appears much more that the FOIA request was asking for a broad swath of information across several programs that don't have a common database. It's not just a matter of parsing the files, but even knowing what to look for.
Actually incorrect on most of those objections. (PDF and CAD/CAM data not being Regex searchable)
For PDFs, there is free software that can parse them quite well, and the output can be probed by Regex queries quite well.
For industrial digital draft sheets, most of the major players (Unigraphics and Dassault Catia in particular-- being the major products used by BOEING and Lockheed Martin. (Insider knowledge; I work in aerospace)) store raw and binary "dotted" string data inside their data files. In the case
Re: (Score:3)
Isn't there a federal mandate to computerize and open records?
Hmm, fuck me. I googled for "federal open data mandate" figuring that would just be a good set of search terms, and what do you know? It's called the Federal Open Data Mandate.
Maybe I'm a goddamn genius. Or maybe I just have problems suppressing the noise when I'm trying to remember, and Beer Works(tm).
Easy Workaround (Score:3)
Perhaps they do this as they know they can easily retrieve the copies of the contracts from the vendors' own systems if they ever need to access them.
aha (Score:4, Insightful)
Re: (Score:2)
And if you believe that, I have some healthcare to sell you.
You can keep your stinking healthcare! Oh wait...
Records on paper (Score:3)
Old idea. My financial records are all on paper. In an unheated storage space. When the IRS wants to audit me, they are welcome to sit in there and go through whatever they want.
Re: (Score:2)
I have been audited. The competent investigators at the IRS were quite helpful in explaining why they couldn't accept the paperwork I had submitted, and what other paperwork would be needed. When I couldn't get that other paperwork, they were able to guide me through the proper channels to document that the other documentation was unavailable, which was all they ultimately needed.
I guess they keep the underpaid monkeys for people who hold grudges.
Re: (Score:2)
Old idea. My financial records are all on paper. In an unheated storage space. When the IRS wants to audit me, they are welcome to sit in there and go through whatever they want.
When the IRS wants to audit you, you'll be ordered to gather up all those paper records and bring them in.
You don't want the IRS visiting your house. They have a reputation for doing so in very unsubtle ways.
Re: (Score:2)
You don't want the IRS visiting your house.
Like I said, unheated warehouse. They don't know where I live.
Re: (Score:2)
Actually, you said unheated storage space. That could be a basement or a closet.
But if you file taxes, trust me. They know where you live.
Re: (Score:2)
But if you file taxes, trust me. They know where you live.
Maybe, maybe not. If he doesn't own his home, and it's an asset of a corporation to which he is affiliated, it might be lost in the noise.
Re: (Score:2)
But if you file taxes, trust me. They know where you live.
Maybe, maybe not. If he doesn't own his home, and it's an asset of a corporation to which he is affiliated, it might be lost in the noise.
You have to put your address on the 1040 along with your SSN and swear under penalty of perjury that it is correct. The IRS is good friends with the FBI (just ask Al Capone). The FBI chats with the NSA.
You're doomed.
Re: (Score:2)
You have to put your address on the 1040 along with your SSN and swear under penalty of perjury that it is correct.
Which address? You don't put them all on if you've got multiple homes.
Re: (Score:2)
You have to put your address on the 1040 along with your SSN and swear under penalty of perjury that it is correct.
Which address? You don't put them all on if you've got multiple homes.
Give me a break. There's this concept known as the "legal address", which is usually the person's primary address. It's used not only for hunting down and persecuting people but also as the place to send refund checks (or penalty assessments) to.
However, the point is, the IRS has the resources of the Department of the Treasury at its beck and call if it has reason to want your tax records and you get snotty about it. You can use a dropoff mailbox on the return and hide that way, but if they want you, they c
Re: (Score:2)
When the IRS audits you, it is YOUR responsibility to back up your claims with evidence
My claims (deductions, etc.) are all neatly documented and easy to prove. Its when the IRS tries to establish a link between me and some offshore bank or corporation that they'll be on their own, digging through unsorted crap in subzero weather.
Re: (Score:2)
Yeah, he seems to think the IRS would bother to go after someone with offshore bank / corporate interests. Sorry, only the middle and lower classes get special IRS scrutiny.
zzz, you're out of date. They've been blowing the doors off of one tax haven after another. Switzerland, Panama... Now only the properly connected are permitted to have that kind of thing going on.
Re: (Score:2)
Which they will.
But they'll also have access to heaps of electronic records kept by others as well. Ever use a credit card to make purchases? Is your money tucked away in a bank? It's all traceable.
Unless you're exclusively paying cash, and asking for hand-written receipts, how your records are stored is not going to hinder them in the slightest.
Re: (Score:2)
With a sign reading 'beware of the leopard' on the door, I assume?
Probably true (Score:2)
The NSA is evil, not stupid, and this would be very smart.
Re: (Score:2)
Re: (Score:2)
Devil's advocate:
Keeping everything on paper may seem antiquated, perhaps slow... but it wasn't that long ago when a spreadsheet was a true ledger, but with someone who can do double entry bookkeeping, this isn't an impossible task.
It will be going back in time to the '60s and '70s, but for low-volume transactions, a business could get by with carbon paper (so entries are kept in duplicate or triplicate), ledgers, and such. If one is worried about calculators, there are mechanical adding machines which wor
Re: (Score:2)
Refusing/Lying is illegal, being incompetent isn't (Score:5, Insightful)
It's legally safer for them to say that they're incompetent.
Re: (Score:2)
It's legally safer for them to say that they're incompetent.
Why should they bother saying anything? They can simply stonewall everything/everyone. You think anyone in the DoJ will prosecute them or act to carry out or enforce any rulings, subpoenas, or warrants from Congress or even the SCOTUS (John Marshall has made his decision, now let him enforce it." - Andrew Jackson)?
Laws don't apply to those who rule and not govern. That's why Congress gave itself a pass on participating in the ACA and from insider-trading laws & regulations They view themselves as rulers
Re: (Score:2)
Congress didn't give themselves a pass on ACA. A few Senators spoke of it but it wasn't in the final bill.
Well, there is dispute over this.
http://politicalticker.blogs.cnn.com/2013/10/09/fact-check-did-president-obama-exempt-members-of-congress-from-obamacare/ [cnn.com]
"Like most large employers, the federal government contributes a portion to the premiums of its employees. In fact, like many employers, the federal government pays most of the premiums for its workers; an average of 72 percent on Capitol Hill.
The new provision didnâ(TM)t account for the continued employer contribution for these federal workers who wo
Missing keyword (Score:2)
How do you computer? (Score:2, Funny)
It should be expected. The NSA has very little technical savvy, nor any sizable budget for computer equipment. They're too busy doing their jobs, to worry about extracting useful information out of data.
Invoice Hell (Score:2)
Re: (Score:2)
Won't work. They probably lied.
Too bad... (Score:2)
They're asking the wrong question... (Score:2)
Ask whoever writes NSA's checks (probably DFAS, Defense Finance and Accounting Center) for all contract numbers between NSA and (list of interesting companies). Then ask NSA for copies of those specific contracts.
It would not surprise me at all to find out that whichever payment agency, and you may rest assured they are automated, also has copies of the contracts themselves, so while you are at it with the request above, ask for
Re: (Score:2)
Trust me you don't want to try and get any kind of useful information out of DFAS. That system is about as broken as a thing can be while still managing to accomplish anything. I know a guy who made an error setting up a new allotment and they told him they can't do anything to fix it until it has actually been processed through at least one whole pay period, which for him won't happen until after the new year, and this came up a couple months ago.
Well... (Score:2)
Couldn't they just use their backdoor access to Google to scan them using googles book scanning magic and be done in about 20 minutes? Oh, that's right, they're lieing . For a moment I thought this was just their clever way of storing their contracts so they couldn't be searched. Then I remembered, they don't give a fuck.
Is someone jumping to conclusions? (Score:2)
A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.
Going from that to "ZOMG! NSA has contracts only on paperz!" seems a bit of a stretch.
http://search.slashdot.org/comments.pl?sid=4497283&cid=45550699 [slashdot.org]
Object lesson here: hide your stuff from thieves (Score:2)
This isn't a bug; it's a feature.
If you don't want to be spied on, or digitally robbed (or have digitized voting results and elections changed with laughable ease), go manual and physical. At least then they have to break into your house, or hire someone to friend you up to get into your home or business or doctor's office. Makes 'em work hard. At least make them take a personal interest, rather than just vacuuming up everyone's life indiscriminately and sorting through the mess at will later to nail people