Академический Документы
Профессиональный Документы
Культура Документы
No FEAR Act CP
1NC Shell
CP: The United States Federal government should:
1. Strengthen enforcement and protections for Federal
employees under the Notification and Federal Employee
Antidiscrimination and Retaliation Act of 2002.
2. Extend the Whistleblower Protection act to all intelligence
contractors, subcontractors, and grantees.
The Counterplan does not link to PTX. More than 50 lobbying
groups have endorsed it and Democrats are on board.
CP Solves: Whistleblowers and protecting them should be
prioritized. Creates a more open government
McCaskill 15 Claire Mccaskill is a Democratic Senator from Missouri who has
been in office since 2006. McCaskill previously served as State Auditor of Missouri,
and before that as Jackson County Prosecutor from 1993-1998. McCaskill has a B.A.
and J.D. from University of Missouri and Columbia Law School, respectively. The
report internally quotes McCaskill and was released by her office. 2015. (Marking
Sunshine Week, McCaskill Introduces Whistleblower-Protection Package Office of
Claire McCaskill, March, 19. Available via LexisNexis. Accessed 07-21-2015.)
Whistleblowers are the taxpayers best friend , said McCaskill, a senior member of
the Homeland Security and Governmental Affairs Committee . These folks play a
critical role in keeping our government accountable to its citizens by exposing
waste, fraud and abuseand weve got to surround them with the robust legal
protections that enable them to come forward to report wrongdoing.
McCaskill is reintroducing a bill that was first introduced in the wake of the VA
scandal last year, which included claims of whistleblower retaliation. The bill
mandates the firing of any VA employee found to have retaliated against a
whistleblower. Currently, a finding of retaliation against a whistleblower is
punishable by a range of procedures, including fines and reprimand.
McCaskills bill to protect whistleblowers in the intelligence community extends
whistleblower protections to intelligence contractors, who are often doing similar
jobs to federal employees. Last year, the same bill was endorsed by nearly 50 good
government groups.
McCaskill is also introducing legislation to extend current whistleblower protections
to grantees, subgrantees and subcontractors. Current protections apply only to
contractors, but not to employees of grant recipients, even though the federal
government plans to distribute $245 billion in grant funding in fiscal year 2015. The
bill would also prohibit contractors from getting reimbursed for legal fees accrued in
their defense against retaliation claims by whistleblowers.
Prevents Groupthink
Whistleblowers are key to prevent terror attacks by breaking
the echo chamber
Benkler 14 Yochai Benkler, Benkler is the Jack N. and Lillian R. Berkman
Professor of Entrepreneurial Legal Studies, Harvard Law School, Faculty Co-Director,
Berkman Center for Internet and Society, Harvard University. 2014. (A Public
Accountability Defense for National Security Leakers and Whistleblowers, Harvard
Law & Policy Review, Available via LexisNexis. Accessed on 07-22-2015.)
Secrecy insulates self-reinforcing internal organizational dynamics from external
correction. In countering this tendency, not all leaks are of the same fabric . "War story"type leaks that make an administration look good or are aimed to shape public opinion in favor of an alreadyadopted strategy or to manipulate support for one agency over another, trial balloons, and so forth, are legion. n23
While these offer the public color and texture from inside the government and are valuable to the press, they do not
behaved organizational processes. Like an electric fuse, accountability leaks, as we might call them, blow when the
internal dynamics of the system reach the breaking point of an individual with knowledge, but without authority.
They are therefore hard to predict, and function like surprise inspections that keep a
system honest. n24 By doing so, these leaks serve both democracy and security.
This failsafe view of whistleblowing is hardly unique to national security. American
law in general embraces whistleblowing as a critical mechanism to address the
kinds of destructive organizational dynamics that lead to error, incompetence, and
abuse. In healthcare, financial, food and drug, or consumer product industries; in state and federal agencies,
throughout the organizational ecosystem, whistleblowers are protected from retaliation and often provided with
financial incentives to expose wrongs they have seen and subject the organizations in which they work to public or
establishment has a magical exemption from the dynamics that lead all other large scale organizations to error,
INTERNAL REPORTING Temple Law Review, Summer 2014. Available via LexisNexis.
Accessed 07-21-2015.)
Corporate and securities law scholar, James Fanto, suggests that negative reactions
toward whistleblowers occur because the whistleblower threatens "groupthink," a
phenomenon in which members of a group become uniform in their perspectives ,
acknowledging only the seeming positive aspects of group behavior and disciplining
any member who challenges such uniformity. n232 "The whistleblower calls into
question the totality of the decisions, and the worldview, of the group ; the
whistleblower becomes the embodiment of the truth about the organization that the
group cannot accept without admitting the massive impropriety at the heart of its
[*755] existence." n233 In this way, the whistleblower brings to light a truth that
his or her superiors would prefer to avoid, resulting in a collective sense of
resistance toward the whistleblower.
t. In 2009, the Ethics Resource Center (ERC) conducted a survey of whistlebloweremployees who experienced retaliation for their actions , noting that past research
"has identified fear of retaliation as the leading indicator of misconduct in the
workplace." n234 The ERC survey studied employees who observed some form of
misconduct, reported their observations to someone within the company , and felt
that they were punished as a result of reporting. n235 The survey reveals that, in
2009, fifteen percent of all those who observed and reported misconduct felt that
they were retaliated agains n236 This rate is higher for organizations with 100 to
499 employees and for union employees, each at twenty-one percent. n237 One
scholar notes that this figure is misleading, as the actual percentage of those who
have experienced retaliation varies depending on the type of misconduct reported
and the position of power of the person who reports, and that the risk of retaliation
for reporting major misconduct is actually much higher. n238 The ERC survey
revealed that of the various types of retaliation , the majority of respondents
experienced the following with the most frequency: exclusion by supervisors or
management from work decisions and activities (sixty-two percent); the cold
shoulder by coworkers (sixty percent); and verbal abuse by management or
supervisors (fifty-five percent). n239
When I filed a discrimination complaint with the E.P.A.'s civil rights office, my
situation grew worse. I sued, and in August 2000 a federal jury found the E.P.A.
guilty of discrimination and creating a hostile work environment. It awarded me
$600,000 in damages. It was my case that moved Congress to take up the No Fear
bill.
Thousands of federal employees are working under the daily stress of
discrimination. In 2000, female and nonwhite federal employees made nearly
25,000 complaints against the federal government. Settlements and judgments cost
the federal government tens of millions a year, but total expenditures have been
hard to calculate and there has been little Congressional oversight. There is no
accountability because most judgments were paid from a general government
judgment fund without penalty to the agency at fault.
The No Fear Act will force federal agencies to pay all settlements and judgments for
discrimination from their own budgets. It contains reporting requirements that will
help determine whether a pattern of misconduct exists within an agency and
whether that agency is taking action to address it. It requires that employees and
managers be notified of their rights and responsibilities. And it strengthens
protections for whistleblowers, who are often forced to choose between remaining
silent about a dangerous or illegal situation and risking their careers by telling the
truth.
The House and the Senate unanimously passed the No Fear Act. It was sponsored in
the House by F. James Sensenbrenner, the conservative chairman of the House
Judiciary Committee, and Sheila Jackson Lee, a liberal Democrat. In the Senate, John
Warner took the lead on the bill. This bipartisan support shows that both political
parties recognize the need to root out discrimination in the federal government and
that they can come together to protect the rights of minorities and women.
The No Fear Act will serve society by making it possible for federal employees to
raise red flags when they see misconduct. The government should be a leader in
protecting employee rights, and the new law will push it in that direction.
and the agencys policy about taking discipline against managers who are found to
have discriminated or retaliated against their subordinates .
This alone makes the threat to federal managers very real, but the rate of actual
disciplinary action because of discrimination or reprisal seems low. This
causes managers to relax a little too much and to not take seriously the threat
of discipline because of the No FEAR Act. The cultural change that was
supposed to have occurred because of No FEAR has simply not occurred.
This creates frustration and statements of outrage from civil rights groups who
believe that managers regularly discriminate, but are almost never held
accountable. The result of this pressure means that agencies will begin to take
findings of discrimination in EEO cases seriously and may look for a manager to be a
scapegoat.
Enforcement Key
The current No FEAR Act is bogged down in red tape; inhibits
effectiveness
Hall 2 Hall, Debbie, Owner of the Village Enterprise and former federal
employee, Banner Software. MA from Stanford University Graduate School of
Business. 2002 ("Whistle-blower fears `No Fear' Act will be lost in red tape. ,"Insight
on the News, 15 Oct. 2002, Available Online at
http://go.galegroup.com.proxy2.cl.msu.edu/ps/i.do?
p=AONE&u=msu_main&id=GALE|
A93457379&v=2.1&it=r&userGroup=msu_main&authCount=1,
Accessed 7-22-2015)
I am writing in reference to your article "Bush Must Keep Pledge to Whistle-Blowers"
[the last word, Oct. 1-14]. Currently, I am having an experience very similar to
Coleen Rowley of the FBI and I too am facing career-ending reprisal from senior
federal management after reporting fraud. I can basically quote Rowley's story word
for word; however, my headline would read: Will the Real Federal Government
Please Stand Up?
It's sad to say that the federal government does not want, support or appreciate
employees who expose fraud, waste and corruption. Furthermore, with little to no
support by agencies, it seems that the "No Fear" Act may in fact turn out
to be another system of bureaucratic red tape.
Didn't you see how swift the president was in pouncing on the fraud of corporate
America? Where is that same system of punishment for the federal government?
I am very disappointed in the ethical responsibility shown by the federal
government across the board. I work for an agency that services customers
worldwide; therefore, we are entrusted with millions of dollars. The input of funds by
taxpayers and output of mostly contracted services by our agency equates to gross
mismanagement, fraud and abuse of power . The unqualified contractors in our
office are paid salaries that would make Donald Trump blush! And Congress thinks
we are saving money by replacing federal workers with this bombardment of
contractors.
I have written our senior management and my congressional leaders on several
occasions concerning the problems in my office, but to no avail--and the reprisal has
always worsened.
I do not know how we are going to make it as a nation if this type of protected fraud
continues.
plaintiffs a cause of action for several common forms of retaliation. The largest
loopholes included: coverage for individuals who were planning to file a qui tam action,
individuals who attempted to blow the whistle without filing an action , employees who
refused to participate in the fraudulent practices, retaliation [*435] against the
whistleblower's family members and colleagues, and retaliation against contractors and
agents employed by the defendant who did not fall under a strict construction of the
word "employee." n46 In 2009, Congress attempted to close those loopholes in the
Fraud Enforcement and Recovery Act (FERA), which is discussed below. In an effort to fight any
potential liability, employers still found ways to fight qui tam suits. One of the chief
impediments to an FCA suit was the act's "Public Disclosure Bar." In cases in which some of the information
contained in the suit was based on information available to the public, employers moved courts to dismiss suits by
alleging that the suits did not further the public interest. The U.S. Supreme Court attempted to weigh in on this
issue in Graham County Soil and Water Conservation District v. U.S. ex rel. Wilson, 559 U.S. 280 (2010), when the
Court held that relators could not proceed with an action when that action relied in part on information available
from publicly available state and local administrative reports, audits, and investigations. However, that portion of
the decision was moot before it was announced as, one week prior to the Court's decision, the President signed into
law the Patient Protection and Affordable Care Act. This new legislation precluded courts from dismissing future
cases under this section of the FCA. Until 2010, the relator had to prove that he or she was the "original source" of
the information and that the information provided by the whistleblower was not available from public sources to
prevent courts from dismissing claims because they claimed to lack subject matter jurisdiction. n47
The Espionage Act of 1917 n2 - a law originally created to fight acts of espionage n3
and treason n4 - is increasingly being used to prosecute whistleblowers who, in an
effort to raise public awareness, disclose to the media questionable government
activity. n5 Consequently, the government has used the Espionage Act to deter
whistleblowers from disclosing any information involving national security. n6
However, not all national security disclosures have the purpose or effect of harming
our country. In fact, placing substantial restrictions on the disclosure of this kind of
governmental information may be even more harmful. Although secrecy is
important in preserving the nation's security, public disclosure of certain
information or conduct is necessary for a healthy democracy because it adheres to
fundamental notions of democracy and significantly increases government
accountability. n7 In contrast, nondisclosure of government information creates
greater opportunity for the government to engage in activities that are illegal,
immoral, and publicly unpopular. n8 Additionally, by substantially restricting
disclosure, [*737] the government can conceal such conduct in order to avoid
public criticism. n9 Thus, public disclosure of certain government information is also
necessary to prevent governmental abuse.
The increased prosecutions of whistleblowers not only demonstrates the
government's complete disregard for the benefits of certain disclosures, but also its
failure to recognize the fact that whistleblowers are not the only participants of
disclosure. In fact, by nationally publishing disclosed information , the media plays
an even greater role than whistleblowers in the distribution of classified government
information. Without national or world-wide publication - whether through
newspapers, online, television, or radio - such information would pose little to no
threat because the likelihood of unwanted readers acquiring the information would
be slim. Despite this fact, the government prosecutes only whistleblowers but allows
journalists to widely distribute without fear of consequence the same information
that the government is attempting to protect, namely, information that it believes to
be harmful to national security. n10
West Virginia Law Review, num. 735, Winter. Available via LexisNexis. Accessed on 07-262015.)
As stated above, there are no current laws - including the First Amendment - that
provide protection to whistleblowers for disclosing governmental information.
Instead, the laws currently recognized only enable greater prosecution of
whistleblowers and they do so regardless of the [*758] circumstances surrounding
the disclosure (e.g., regardless of the type, purpose, or effect of the disclosure).
n167 Part III of this Note analyzes these laws. The first section discusses the
adequacy of the reporter's privilege. While the purpose of the privilege is to
preserve the confidentiality of reporters' sources n168 - many of which are
whistleblowers - it rarely accomplishes this goal. The second section discusses the
Espionage Act, which is increasingly being used to prosecute whistleblowers. n169
The Act allows for the prosecution of any individual who discloses classified
information to a journalist; however, the Act does not provide for the prosecution of
a journalist who chooses to publish that material for the world to see. n170 Thus,
the reporter's privilege and the Espionage Act provide no protection for
whistleblowers, but instead only create an avenue for their prosecution.
By failing to provide protection to whistleblowers, these laws also fail to recognize
the benefits that disclosure has to offer, particularly the generation of thoughtful
public debate and the encouragement of government accountability. Furthermore,
by providing an unlimited ability for journalists to publish classified government
information, these laws cannot truly protect the nation's security. Therefore,
because neither the benefits of disclosure - thoughtful public debate and
government accountability - nor the benefits of nondisclosure - protection of
national security - are satisfied here, these laws fail to promote the overall public
good. n171
Some eight months before Edward bySnowden leaked classified NSA programs to
the press, US President Barack Obama issued an order extending whistleblower
protections to employees of America's intelligence agencies. The White House often
cites this fact when addressing the three felony charges against Snowden, in total
carrying a maximum sentence of 30 years in prison. Two of those charges fall under
the 1917 US Espionage Act.
In his January speech on NSA reform, President Obama said that he did not want to
"dwell on Mr. Snowden's actions or his motivations." But five months earlier, the US
commander-in-chief had already made clear that he did not view the 30-year-old as
a whistleblower or patriot, saying that Snowden had failed to use official, non-public
"proper channels" to express his concerns about NSA surveillance.
But Snowden has said that Obama's extension of whistleblower protections to the
intelligence community, under Presidential Policy Directive 19 (PPD-19), does not
cover government contractors. Before his disclosures, Snowden was an employee of
the company Booz Allen Hamilton, which contracted with the National Security
Agency.
"If I had revealed what I knew about these unconstitutional but classified programs
to Congress, I could have been charged with a felony," Snowden said in a live,
online question and answer session last Thursday.
'Death by a thousand cuts'
For years, would-be whistleblowers in the US intelligence community had no legal
protections to shield them from retaliatory measures by their superiors. The
Whistleblower Protection Act of 1989 covered most of the federal
government with the glaring exception of the intelligence agencies.
In an effort to close this legal gap, Congress passed the Intelligence Community
Whistleblower Protection Act (ICWPA) a decade later. The law covers employees and
contractors at the Central Intelligence Agency (CIA), the National Security Agency
(NSA), the Defense Intelligence Agency (DIA), the National Imagery and Mapping
Agency (NIMA) as well as the National Reconnaissance Office (NRO).
But according to Thomas Drake, the act failed to adequately protect whistleblowers
from retaliation. A former senior executive at the NSA, Drake blew the whistle on a
failed surveillance program called Trailblazer. He used what the government calls
"proper channels" to express his concerns about the program's exorbitant cost and
its lack of privacy protections, reaching out to his immediate supervisor, the office
of the inspector general, and the congressional intelligence committees.
"I was reprised against severely within the proper channels," Drake told DW. "I was
identified as a troublemaker."
Thomas Drake at NSA demonstration
Drake used "proper channels," but still faced retaliation
Accumulo CP
***The aff says data collection leads to overloads (HUMINT). The Counterplan says if
we hire enough analysts for Accumulo which is a data program by the NSA
developed and modeled off of Google, then we can solve for data collection
overload. NB: Terror.***
Accumulo CP
1NC Shell
Counterplan: The United States federal government should
substantially increase funding for data analysts associated
with the Accumulo data storage program
The Counterplan solves the entirety of the [ insert tech
advantage] without linking to the SST link in terror.
Accumulo is best to prevent terror.
Henschen 13 Doug Henschen, 6-11-2013 ("Defending NSA Prism's Big Data
Tools," InformationWeek, 6-11-2013, Available Online at
http://www.informationweek.com/big-data/big-data-analytics/defending-nsa-prismsbig-data-tools/d/d-id/1110318?, Accessed 7-20-2015)
The more you know about NSA's Accumulo system and graph analysis, the less
likely you are to suspect Prism is a privacy-invading fishing expedition.
It's understandable that democracy-loving citizens everywhere are outraged by the
idea that the U.S. Government has back-door access to digital details surrounding
email messages, phone conversations, video chats, social networks and more on
the servers of mainstream service providers including Microsoft, Google, Yahoo,
Facebook, YouTube, Skype and Apple.
But the more you know about the technologies being used by the National Security
Agency (NSA), the agency behind the controversial Prism program revealed last
week by whistleblower Edward Snowden, the less likely you are to view the project
as a ham-fisted effort that's "trading a cherished American value for an unproven
theory," as one opinion piece contrasted personal privacy with big data analysis.
The centerpiece of the NSA's data-processing capability is Accumulo, a highly
distributed, massively parallel processing key/value store capable of analyzing
structured and unstructured data. Accumolo is based on Google's BigTable data
model, but NSA came up with a cell-level security feature that makes it possible to
set access controls on individual bits of data. Without that capability, valuable
information might remain out of reach to intelligence analysts who would
otherwise have to wait for sanitized data sets scrubbed of personally identifiable
information.
As InformationWeek reported last September, the NSA has shared Accumulo with
the Apache Foundation, and the technology has since been commercialized by Sqrrl,
a startup launched by six former NSA employees joined with former White House
cybersecurity strategy director (and now Sqrrl CE0) Ely Khan.
"The reason NSA built Accumulo and didn't go with another open source project, like
HBase or Cassandra, is that they needed a platform where they could tag every
single piece of data with a security label that dictates how people can access that
data and who can access that data," said Khan in an interview with
InformationWeek.
Having left government employment in 2010, Kahn says he has no knowledge of the
Prism program and what information the NSA might be collecting, but he notes that
Accumulo makes it possible to interrogate certain details while blocking access to
personally identifiable information . This capability is likely among the things James
R. Clapper, the U.S. director of National Intelligence, was referring to in a statement
on the Prism disclosure that mentioned "numerous safeguards that protect privacy
and civil liberties."
Are They Catching Bad Guys?
So the NSA can investigate data with limits, but what good is partial information?
One of Accumulo's strengths is finding connections among seemingly unrelated
information. "By bringing data sets together, [Accumulo] allowed us to see things in
the data that we didn't necessarily see from looking at the data from one point or
another," Dave Hurry, head of NSA's computer science research section, told
InformationWeek last fall. Accumulo gives NSA the ability "to take data and to
stretch it in new ways so that you can find out how to associate it with another
piece of data and find those threats."
The power of this capability is finding patterns in seemingly innocuous public
network data -- which is how one might describe the data accessed through the
Prism program -- yet those patterns might somehow correlate with, say, a database
of known terrorists or data on known cyber warfare initiatives.
Sqrrl has supplemented the Accumulo technology with analytical tools including SQL
interfaces, statistical analytics interfaces, text search and graph search engines,
and there's little doubt the NSA has done the same, according to Kahn. Graph
search, in particular, is a powerful tool for investigation, as the NSA itself revealed
last month when it shared at a Carnegie Mellon technical conference an in-depth
presentation on the 4.4-trillion-node graph database it's running on top of
Accumulo.
Nodes are essentially bits of information -- phone numbers, numbers called,
locations -- and the relationships between those nodes are edges. NSA's graph
uncovered 70.4 trillion edges among those 4.4 trillion nodes. That's truly an ocean
of information, but just as Facebook's graph database can help you track down a
long-lost high school classmate within seconds, security-oriented graph databases
can quickly spot threats.
Kahn says a Sqrrl partner company that does graph analysis of internal network
activity for security purposes recently identified suspicious activity using a graph
algorithm. "Five days later, they got a knock on the door from the FBI letting them
know that data was being exfiltrated from their network, likely by a foreign entity,"
Kahn reports.
As we've reported, graph database technology dates back to the 1950s, but only
recently has it advanced to truly big data scale, with Facebook exposing its Graph
Search capabilities in January and NSA sharing details of its graph search
capabilities last month.
Where prior intelligence techniques have largely been based on knowing patterns
and then alerting authorities when those patterns are detected, security and
intelligence analysts now rely on big data to provide more powerful capabilities than
analytics alone.
"Graph analysis is just one really good technique for finding unknown patterns in
data," Kahn explains.
Do You Trust The Government?
In the end, assurances from Clapper, a former White House employee like Khan or
even President Barak Obama may do little to assuage the concerns of privacy
hawks, critics inside government or large swaths of American citizens. But those
who known the technology used by the NSA know that Prism is not a simplistic,
"collect first, ask questions later" expedition, and it's not based on an "unproven
theory."
It's likely no coincidence that suppliers of data to Prism such as Google have also
been able to uncover espionage directed by foreign governments. In fact, a
bipartisan Commission on the Theft of American Intellectual Property last month
recommended increasing the budget of the FBI and Department of Justice to
investigate trade theft, amending U.S. counter-espionage laws, and encouraging
U.S. businesses to take the information security threat more seriously.
One government insider informs InformationWeek that he knows with certainty that
"semantic and visual analytics tools have prevented multiple acts of terrorism." That
insight predates recent advances in graph analysis that are undoubtedly giving the
U.S. Government even more powerful tools. Privacy concerns and the desire for
checks on government access to private information must be considered, but we
can't naively turn a blind eye to very real threats by not making the most of
advanced big data intelligence tools now at our disposal .
The NSA made Accumulo an open-source project in hopes that other agencies would
adopt the tool. But the Senate objected, accusing the NSA of violating a rule that
requires federal agencies to buy commercial solutions off the shelf when available.
The version of the defense authorization bill that would have codified the Senate's
resistance never became law, however.
One possibility is that Accumulo could serve as the back-end database from which
analysts, who are using ICITE, grab the data they need. But that would probably
depend on whether other agencies would be allowed to use Accumulo as well . A call
to the NSA Friday was not immediately returned.
Allan Friedman, a cybersecurity expert at the Brookings Institution, said cutting
down on the number of technology silos in intelligence would naturally reduce the
need for human sysadmins. Silos need to talk to one another, which means you
need to hire a human to "get into the guts of the system" to make sure it happens.
But with one universal system, everything is standardized.
"You make it so that even the sysadmins have to interact with it in a fashion that
has authorization controls, access controls, audit logs," Friedman said. "You put all
your eggs in one basket and you watch the hell out of that basket."
Despite the theoretical security advantages inherent to cloud-based systems,
however, not everyone in the intelligence community is convinced the NSA can pull
off such a maneuver. One former intelligence officer pointed out that the
government has a mixed record on enterprise-level IT initiatives, and that nobody
has figured out how to defend a cloud-based intelligence database in the real world.
officials say this tactic helped snare Khalid Ouazzani, a naturalized U.S. citizen who
the FBI claimed was plotting to blow up the New York Stock Exchange. Ouazzani was
in contact with a known extremist in Yemen, which brought him to the attention of
the NSA. It identified Ouazzani as a possible conspirator and gave the information to
the FBI, which "went up on the electronic surveillance and identified his
coconspirators," according to congressional testimony by FBI deputy director Sean
Joyce. (Details of how the agency identified the others has not been disclosed.) The
NYSE plot fizzled long before the FBI intervened, but Ouazzani and two others
pleaded guilty of laundering money to support al-Qaida. They were never charged
with anything related to the bomb plot.
The slides disclosed by Snowden indicate the NSA also operates real-time
surveillance tools. NSA analysts can receive "real-time notification of an email event
such as a login or sent message" and "real-time notification of a chat login," the
slides say. That's pretty straightforward use, but whether real-time information can
stop unprecedented attacks is subject to debate. Alerting a credit-card holder of
sketchy purchases in real time is easy; building a reliable model of an impending
attack in real time is infinitely harder.
In late July Snowden released a 32-page, top-secret PowerPoint presentation that
describes software that can search hundreds of databases for leads. Snowden
claims this program enables low-level analysts to access communications without
oversight, circumventing the checks and balances of the FISA court. The NSA and
White House vehemently deny this, and the documents don't indicate any misuse.
The slides do describe a powerful tool that NSA analysts can use to find hidden links
inside troves of information. "My target speaks German but is in Pakistanhow can I
find him?" one slide reads. Another asks: "My target uses Google Maps to scope
target locationscan I use this information to determine his email address?" This
program enables analysts to submit one query to search 700 servers around the
world at once, combing disparate sources to find the answers to these questions.
Bomb-sniffing dogs sometimes bark at explosives that are not there. This kind of
mistake is called a false positive. In data mining, the equivalent is a computer
program sniffing around a data set and coming up with the wrong conclusion. This is
when having a massive data set may be a liability. When a program examines
trillions of connections between potential targets, even a very small false-positive
rate equals tens of thousands of dead-end leads that agents must chase downnot
to mention the unneeded incursions into innocent people's lives.
Security and compliance are both essential for NSA, especially following Snowdens
leaks of classified information in 2013. In designing its cloud, the agency made sure
to account for both. Not only are the actions of analysts and administrators
monitored, they have access only to information they are credentialed to see. Lonny
Anderson, NSAs chief technology officer, summed up the agencys approach to
security this way in a September speech in Washington: Tag the data, tag the
people.
From a compliance perspective, NSAs cloud relieves analysts from having to know
when surveillance laws are modified because those updates can be incorporated
centrally, much the way security updates are rolled out. This means analysts dont
have to make their own judgments about what they are allowed to seethe data
before them is data they are legally allowed to access.
As we made the decision to go all in [with] cloud in 2010, we made the equally
overt decision to build compliance in, the senior NSA official says. What we dont
want is for an analyst to have to think, Am I authorized to see this data?
Converging Clouds
For now, NSAs private cloud is actually two parallel clouds. The first is an internal
cloud accessible to its employees. The second, called GovCloud, is available to the
intelligence community through the Joint Worldwide Intelligence Communications
System. With GovCloud, NSA works as a cloud service provider to other IC agencies,
allowing them to order services such as computing and analysis.
The goal, according to senior NSA officials, is to merge these parallel clouds by the
end of 2015, thereby eliminating the burden of maintaining separate systems as
well as the agencys reliance on disparate databases. NSA plans to begin closing
legacy repositories within the next few months, migrating information from purposebuilt repositories to a single pool as its cloud reaches full operation.
The transition has been far from seamless, with NSA experiencing some outages.
Migrating data to the cloud also has proved difficult, particularly the merging of
duplicative data sets.
But the agencys culture may be the biggest hurdle. NSA has organized a series of
initiatives designed to acclimate analysts to life in the cloud. One of them, called ICAFfor Cloud Analytics
Fusion Environmentputs analysts and developers together to brainstorm. Another,
Future Architecture Transition (FAT) Tuesdays, brings groups of 150 to 200 analysts
together regularly and forces them to work in the cloud and refrain from using
legacy repositories.
Were learning in public and trying to do this while we support missions all over the
globe, the senior official says. Weve had some bumps, but I think weve worked
through those. Our strength in GovCloud is that we have a common space for all
data sets. Were close to ready for prime time.
architecture but saw it lacked some necessary features, which the agency added.
But BigTable provides only the data store; you still need to process, analyze and
draw correlations across large, distributed data sets. For that, the NSA rolled the
Hadoop open source code into Accumulo -- essentially a big data storage and
application platform in a box, with some interesting new wrinkles. Ely Kahn, a cofounder of Sqrrl, a startup he and some former NSA developers launched to
commercialize Accumulo, says the NSA had two main requirements in a big data
system that weren't met by existing technology: better security via extremely
granular access control and massive scalability. The NSA's major contribution to the
architecture is stronger security, which in Accumulo means new attributes for
individual data elements. Accumulo is also very scalable. Kahn says people using
HBase, a popular column-oriented NoSQL database that runs on top of HDFS, find it
difficult to scale past a few hundred storage nodes. In contrast, Accumulo instances
with thousands of nodes have been in production for years.
>> Machine learning and natural language processing: Another important piece of
the NSA's technology arsenal is machine learning -- building adaptive, self-tuning
systems that automatically evaluate incoming data to improve performance, update
search queries, interpret ambiguous phrases or identify objects in digital images.
Much like Google improves search results by recording metadata about past
searches, clicked links and Gmail document text, the NSA's systems can apply
context to textual analysis to determine whether the phrase "this plot will destroy
him" refers to an assassination scheme or a critic's opinion that a lousy novel will
ruin the author's reputation.
For example, one open NSA project, KODA, can automatically create summaries of
large sets of textual data using only the text itself. Current search engines and
content management systems typically use dictionaries or standard text samples to
search and categorize data; however, that approach breaks down when applied to
large volumes of information. KODA measures the similarity between passages of
text and selects sentences to summarize, and it performs well on large data sets in
many languages regardless of formatting.
>> Hardware and networks: Just as the NSA re-created the big data analysis
features of a Google and Facebook in software, so too is it replicating their data
storage and processing capabilities in hardware, notably a new cloud-scale data
center under construction in Utah. It's a massive Tier 3 facility comprising 100,000
square feet of raised floor space in four data halls. Similarly state-of-the-art facilities
are readily available to enterprises through a rich and competitive market for
colocation space.
Lessons For Businesses
The NSA advances the state-of-the-big-data-art in a few ways. Kahn says Sqrrl sees
three primary customer segments for its NSA-inspired offerings: current Hadoop
users, healthcare companies and very security-conscious orgs; we discuss these use
cases in our full report. Within those segments, here are some applications where
NSA tech holds promise:
>> Real time versus batch analytics: Accumulo's server-side programming features
let many analysis tasks operate continuously, thus providing real-time access to
analytics features, something not possible with Hadoop-based systems because of
Hadoop's batch orientation. A quick word about Accumulo: Though it could displace
Hadoop/HDFS while improving scalability, real-time performance and security, there
are downsides. First, it's not widely used outside of government. Unless you use
Sqrrl (which is a very new company), you have to manually install from the open
source repository, so there's significant expertise and care and feeding required.
And unlike Hadoop/MapReduce and HDFS/ HBase, no public cloud services yet offer
Accumulo instances, though Amazon offers a tutorial. For applications, new features
like security labels and iterators require Accumulo-savvy developers -- a very small,
and expensive, group. And finally, don't underestimate the incentive for incumbents
like Microsoft and Oracle to squash the technology.
>> Data mining and graph analysis: Perhaps the primary application of the NSA
PRISM program is exposing social connections and communication paths among
millions of separate data points. In fact, the NSA used graph analysis earlier this
year to showcase Accumulo's speed and scalability, describing a system running a
standard graph benchmark with 4.4 trillion nodes and 70 trillion edges. In
comparison, Facebook's Graph Search currently scales to hundreds of billions of
nodes and trillions of edges. For enterprises, the advantages to doing data mining
and graph analysis in a system like Accumulo are twofold. It provides speed
because the server-side processing can pre-cache certain common operations, and
security is much more granular, down to the query level.
>> Predictive analytics: Companies want to use vast quantities of data from
multiple sources -- sales transactions, customer loyalty cards, economic data,
Twitter comments, even the weather -- to model and predict events such as product
demand or customer interest in promotion. In such predictive uses, the more data
and the faster the processing, the better. Thus, the scalability and granular access
control of the NSA's technology make it a promising platform, previously mentioned
caveats aside. Kahn also sees interest in predictive analytics for security, since
traditional SIEM and security forensics software can't handle the volume, diversity
and complexity of data needed to identify new threats and incidents before they do
damage.
Finally, there's the Internet of things. Accumulo's scalability and real-time filtering
and categorizing features make it a promising data repository for telemetry using
millions of physical objects, with applications allowing interactive data mining
across varied object and customer types. We expect early IoT adopters, which likely
can afford to hire the needed expertise, will find Accumulo an excellent repository
and application platform.
However, the report does acknowledge some fundamental flaws with any attempts
to improve NSA protocol. A particularly troubling one is the varying terminology
different analysts, agencies and the FISC court use to describe the same things a
situation that led to NSA analysts accessing domestic telephone metadata for
several years in some instances. Another tricky consideration is how to regulate
data usage once it has been disseminated to other agencies and ported onto
commercial operating systems and data-analysis software, and mixed with other
data sources.
Accumulo CP Answers
Accumulo, based on Google's BigTable data model, reportedly makes it possible for the
agency to analyze data for patterns while protecting personally identifiable information names, Social Security
version of
numbers and the like. Before news of Prism broke, NSA officials revealed a graph search it operates on top of Accumulo at a
Carnegie Melon tech conference. The graph is based on 4.4 trillion data points, which could represent phone numbers, IP addresses,
locations, or calls made and to whom; connecting those points creates a graph with more than 70 trillion edges. For a human being,
that kind of visualization is impossible, but for a vast, high-end computer system with the right big data tools and mathematical
algorithms, some signals can be pulled out. Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, publicly
stated that the government's collection of phone records thwarted a terrorist plot inside the United States "within the last few
years," and other media reports have cited anonymous intelligence insiders claiming several plots have been foiled.
Needles
in endless haystacks of data are not easy to find, and the NSA's current big
data analytics methodology is far from a flawless system, as evidenced by the April 15
Boston Marathon bombings that killed three people and injured more than 200. The bombings were
carried out by Chechen brothers Dzhokhar and Tamerlan Tsarnaev, the latter of
whom was previously interviewed by the Federal Bureau of Investigation after the Russian
Federal Security Service notified the agency in 2011 that he was a follower of radical Islam. The brothers had made
threats on Twitter prior to their attack as well, meaning several data points of
suspicious behavior existed, yet no one detected a pattern in time to prevent them from
setting off bombs in a public place filled with people. "We're still in the genesis of big data, we haven't even scratched the surface
yet," said big data expert Ari Zoldan, CEO of New-York-based Quantum Networks. " In
databases are gaining popularity due to their ability to store and process large
heterogeneous data sets more efficiently than relational databases. Apache Accumulo is a NoSQL
database that introduced a unique information security featurecell-level access control. We study
Accumulo to examine its cell-level access control policy enforcement mechanism. We survey existing Accumulo
applications, focusing on Koverse as a case study to model the interaction between Accumulo and a client application. We
conclude with a discussion of potential security concerns for Accumulo applications. We argue that Accumulos cell-level
access control can assist developers in creating a stronger information security policy, but Accumulo cannot provide
securityparticularly enforcement of information flow policieson its own. Furthermore,
NoSQL
popular patterns for interaction between Accumulo and its clients require diligence on the part of developers, which may otherwise
lead to unexpected behavior that undermines system policy. We highlight some undesirable but
reasonable confusions stemming from the semantic gap between cell-level and table-level policies, and between policies for endusers and Accumulo clients.
Accumulo Bad
[xkeyscore is built on top of accumulo. The cp adds more
analysts so more insiders who threaten are getting and
sharing info]
Xkeyscore vulnerable to insider attack
Boire 15 Morgan Marquis-Boire, 7-1-2015 ("XKEYSCORE: NSA's Google for the
World's Private Communications," Intercept, 7-1-2015, Available Online at
https://firstlook.org/theintercept/2015/07/01/nsas-google-worlds-privatecommunications/, Accessed 7-20-2015)
The sheer quantity of communications that XKEYSCORE processes, filters and
queries is stunning. Around the world, when a person gets online to do anything
write an email, post to a social network, browse the web or play a video game
theres a decent chance that the Internet traffic her device sends and receives is
getting collected and processed by one of XKEYSCOREs hundreds of servers
scattered across the globe.
In order to make sense of such a massive and steady flow of information, analysts
working for the National Security Agency, as well as partner spy agencies, have
written thousands of snippets of code to detect different types of traffic and extract
useful information from each type, according to documents dating up to 2013. For
example, the system automatically detects if a given piece of traffic is an email. If it
is, the system tags if its from Yahoo or Gmail, if it contains an airline itinerary, if its
encrypted with PGP, or if the senders language is set to Arabic, along with myriad
other details.
This global Internet surveillance network is powered by a somewhat clunky piece of
software running on clusters of Linux servers. Analysts access XKEYSCOREs web
interface to search its wealth of private information, similar to how ordinary people
can search Google for public information.
Based on documents provided by NSA whistleblower Edward Snowden, The
Intercept is shedding light on the inner workings of XKEYSCORE, one of the most
extensive programs of mass surveillance in human history.
How XKEYSCORE works under the hood
It is tempting to assume that expensive, proprietary operating systems and
software must power XKEYSCORE, but it actually relies on an entirely open source
stack. In fact, according to an analysis of an XKEYSCORE manual for new systems
administrators from the end of 2012, the system may have design deficiencies that
could leave it vulnerable to attack by an intelligence agency insider.
XKEYSCORE is a piece of Linux software that is typically deployed on Red Hat
servers. It uses the Apache web server and stores collected data in MySQL
databases. File systems in a cluster are handled by the NFS distributed file system
and the autofs service, and scheduled tasks are handled by the cron scheduling
service. Systems administrators who maintain XKEYSCORE servers use SSH to
connect to them, and they use tools such as rsync and vim, as well as a
comprehensive command-line tool, to manage the software.
John Adams, former security lead and senior operations engineer for Twitter, says
that one of the most interesting things about XKEYSCOREs architecture is that
they were able to achieve so much success with such a poorly designed system.
Data ingest, day-to-day operations, and searching is all poorly designed. There are
many open source offerings that would function far better than this design with very
little work. Their operations team must be extremely unhappy.
Analysts connect to XKEYSCORE over HTTPS using standard web browsers such as
Firefox. Internet Explorer is not supported. Analysts can log into the system with
either a user ID and password or by using public key authentication.
As of 2009, XKEYSCORE servers were located at more than 100 field sites all over
the world. Each field site consists of a cluster of servers; the exact number differs
depending on how much information is being collected at that site. Sites with
relatively low traffic can get by with fewer servers, but sites that spy on larger
amounts of traffic require more servers to filter and parse it all. XKEYSCORE has
been engineered to scale in both processing power and storage by adding more
servers to a cluster. According to a 2009 document, some field sites receive over 20
terrabytes of data per day. This is the equivalent of 5.7 million songs, or over 13
thousand full-length films.
This map from a 2009 top-secret presentation does not show all of XKEYSCOREs
field sites.
When data is collected at an XKEYSCORE field site, it is processed locally and
ultimately stored in MySQL databases at that site. XKEYSCORE supports a federated
query system, which means that an analyst can conduct a single query from the
central XKEYSCORE website, and it will communicate over the Internet to all of the
field sites, running the query everywhere at once.
There might be security issues with the XKEYSCORE system itself as well. As hard as
software developers may try, its nearly impossible to write bug-free source code. To
compensate for this, developers often rely on multiple layers of security; if attackers
can get through one layer, they may still be thwarted by other layers. XKEYSCORE
appears to do a bad job of this.
When systems administrators log into XKEYSCORE servers to configure them, they
appear to use a shared account, under the name oper. Adams notes, That means
that changes made by an administrator cannot be logged. If one administrator
does something malicious on an XKEYSCORE server using the oper user, its
possible that the digital trail of what was done wouldnt lead back to the
administrator, since multiple operators use the account.
There appears to be another way an ill-intentioned systems administrator may be
able to cover their tracks. Analysts wishing to query XKEYSCORE sign in via a web
browser, and their searches are logged. This creates an audit trail, on which the
system relies to assure that users arent doing overly broad searches that would pull
up U.S. citizens web traffic. Systems administrators, however, are able to run
MySQL queries. The documents indicate that administrators have the ability to
directly query the MySQL databases, where the collected data is stored, apparently
bypassing the audit trail.
AppIDs, fingerprints and microplugins
Collecting massive amounts of raw data is not very useful unless it is collated and
organized in a way that can be searched. To deal with this problem, XKEYSCORE
extracts and tags metadata and content from the raw data so that analysts can
easily search it.
This is done by using dictionaries of rules called appIDs, fingerprints and
microplugins that are written in a custom programming language called GENESIS.
Each of these can be identified by a unique name that resembles a directory tree,
such as mail/webmail/gmail, chat/yahoo, or
botnet/blackenergybot/command/flood.
One document detailing XKEYSCORE appIDs and fingerprints lists several revealing
examples. Windows Update requests appear to fall under the
update_service/windows appID, and normal web requests fall under the http/get
appID. XKEYSCORE can automatically detect Airblue travel itineraries with the
travel/airblue fingerprint, and iPhone web browser traffic with the
browser/cellphone/iphone fingerprint.
PGP-encrypted messages are detected with the encryption/pgp/message
fingerprint, and messages encrypted with Mojahedeen Secrets 2 (a type of
encryption popular among supporters of al Qaeda) are detected with the
encryption/mojaheden2 fingerprint.
When new traffic flows into an XKEYSCORE cluster, the system tests the intercepted
data against each of these rules and stores whether the traffic matches the pattern.
A slideshow presentation from 2010 says that XKEYSCORE contains almost 10,000
appIDs and fingerprints.
AppIDs are used to identify the protocol of traffic being intercepted, while
fingerprints detect a specific type of content. Each intercepted stream of traffic gets
assigned up to one appID and any number of fingerprints. You can think of appIDs
as categories and fingerprints as tags.
If multiple appIDs match a single stream of traffic, the appID with the lowest level
is selected (appIDs with lower levels are more specific than appIDs with higher
levels). For example, when XKEYSCORE is assessing a file attachment from Yahoo
mail, all of the appIDs in the following slide will apply, however only
mail/webmail/yahoo/attachment will be associated with this stream of traffic.
To tie it all together, when an Arabic speaker logs into a Yahoo email address,
XKEYSCORE will store mail/yahoo/login as the associated appID. This stream of
traffic will match the mail/arabic fingerprint (denoting language settings), as well
as the mail/yahoo/ymbm fingerprint (which detects Yahoo browser cookies).
With BigTable, Google was at the forefront of the NoSQL movement, and since the
company published its paper describing BigTable in 2006, several organizations
have built open source platforms mimicking its design. Before the NSA released
Accumulo, a search outfit called Powerset now owned by Microsoft built a
platform called HBase, while social networking giant Facebook fashioned a similar
platform dubbed Cassandra.
And this is what bothers the Senate Armed Services Committee.
The Senate Armed Services Committee oversees the U.S. military, including the
Department of Defense and the NSA, which is part of the DoD. With Senate bill 3254
National Defense Authorization Act for Fiscal Year 2013 the committee lays out
the U.S. military budget for the coming year, and at one point, the 600-page bill
targets Accumulo by name.
The bill bars the DoD from using the database unless the department can show that
the software is sufficiently different from other databases that mimic BigTable. But
at the same time, the bill orders the director of the NSA to work with outside
organizations to merge the Accumulo security tools with alternative databases,
specifically naming HBase and Cassandra.
The bill indicates that Accumulo may violate OMB Circular A-130, a government
policy that bars agencies from building software if its less expensive to use
commercial software thats already available. And according to one congressional
staffer who worked on the bill, this is indeed the case. He asked that his name not
be used in this story, as hes not authorized to speak with the press.