Slashdot Mirror

← Back to Stories (view on slashdot.org)

FOIA: NSA Contracts Stored In Paper Files, Unsearchable, Unindexed

Posted by timothy on from the sorry-I-dropped-your-money-in-my-dungeon dept.

v3rgEz writes "Wish you were a little more organized? Have trouble finding that archived contract when you actually need it? Don't feel too bad: The National Security Agency has the same problem, claiming that its contract database is stored manually and impossible to search by topic, category, or even by vendor in most cases."

22 of 114 comments (clear)

  1. There really know why... by jcdr · · Score: 5, Insightful

    ... there don't want to be vulnerable to others agencies like them !

    1. Re:There really know why... by larry+bagina · · Score: 4, Funny

      The NSA has the capability to MITM any http connection. Slashdot doesn't support https unless you pay them. The NSA uses information to discredit people. This isn't news -- it's been posted on slashdot. Combine these facts and you'll realize the truth: the NSA intercepted his POST packets, scanned them, then inserted typos to discredit him. Consider their capabilities and you'll realize I shoved a turkey baster up my asshole and jacked off in the mashed potatoes.

      --
      Do you even lift?

      These aren't the 'roids you're looking for.

    2. Re:There really know why... by Mashiki · · Score: 2

      Nah it's probably closer to what I've run across on this job here in Alberta working for a municipal government body. It's laziness, mixed with the "people at the top" not having a feking clue about archival or their desire to move forward. An example: Everyone in the building uses muniware or something else, the people at the top are still doing all the work by hand, and refuse blindly to update. Meeting minutes for city council are all stored on paper, there are no backups, there's no archives, nothing. And really it just screams another Slave Lake.

      --
      Om, nomnomnom...
    3. Re:There really know why... by jcdr · · Score: 2

      I am not drunk, but I don't speak English !
      This make the same result, you will say...

    4. Re:There really know why... by IndustrialComplex · · Score: 2

      Nothing so advanced, based on my experience in a government contracting office usually it boils down to this:

      Legal requirements for maintaining paper copies
      20+ years of 'this is how we do it'
      current state of 'but digitizing papers with signatures on them requires discipline'

      Trust me, I'd LOVE to have the contracts in an electronic format. It's damned annoying that every time I want to know what changed from one contract mod to the next that I have to get the contracting office to produce a scanned (but not OCR'd) copy of the signed original and then play 'guess what one line changed' on a 200 page document.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    5. Re:There really know why... by Dr_Barnowl · · Score: 3, Insightful

      play 'guess what one line changed' on a 200 page document.

      This is why ALL government documents (law, contracts, etc) should be kept as a relatively plain text format in a Git repo, and if any party wants to change it, it should get branched, commits should be signed, and merges should should also be signed by those who approved them.

      It would be most informative to see who proposed the "kill people and make them into soylent green" filibusters to "The Happy Kittens and Gifts To Orphans Bill"

  2. Impossible to steal too... by skaralic · · Score: 4, Insightful

    On the upside, for the NSA, that makes a Snowden-like leak pretty much impossible.

    1. Re:Impossible to steal too... by Psykechan · · Score: 3, Interesting

      Then the purpose of gathering the data was pointless too. If these files are truly "unsearchable" then it has absolutely no value and the act of storing it is a waste of taxpayer money.

      This is simply a tactic to make it more difficult for FOIA requests. Terry Childs went to jail over this sort of gross negligence. Whomever designed this system should also be held responsible.

      Sadly the text of the FOIA doesn't really talk about penalties for non compliance, it just states that the AG should submit a report. Yea, good luck with that.

  3. Misleading summary by Walking+The+Walk · · Score: 5, Informative
    That summary is misleading. It's based on an NSA response to a FOI request, worded as follows:

    A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.

    (emphasis mine)

    That could be network folders (ie: directories) and Word documents, they never said anything was on "paper". The way I read that quote was that they've got heaps of contracts, stored in lots of directories, and even if they did a search they'd have to read each document returned to see if it was a contract pertaining to the FOI request. They're trying to say that's too burdensome, which in theory gives them a way of not supplying the information. In practice, a judge might decide they should be able to do the search in a reasonable amount of time, and force them to comply.

    --
    A recursive sig
    Can impart wisdom and truth
    Call proc signature()
    1. Re:Misleading summary by Sarten-X · · Score: 3, Informative

      It's worse than that. The actual response begins:

      This responds to your Freedom of Information Act (FOIA) request of 20 September 2013, which was received by this office on 20 September 2013, for "copies of contracts containing any of the following keywords or phrases: "CNO", "CAN", "CND", "CNE", "computer network exploitation," "computer network defense," "computer network attack," "computer network operations", "exploits" and/or "implants," and related services over the past 5 years. If retrieving the contracts themselves is too burdensome, please provide a list of contracts."

      From that, it appears the FOIA request was actually asking for any contract including the word "can", amongst other things. It's probably a shorter list to find contracts that don't fall into this request.

      The response continues:

      As we have advised in your previous FOIA requests regarding contract data, acquisition contract files could be more reasonably searched if a contract number, company name with address, and service award date were provided. However, there are many instances when contract information is not retrievable by company name alone; some companies may have several locations, or there may be a number variations of the same name based on a name or keyword.

      Or, in other words, if you have a particular contract or contractor, they can pull that easily. I'll infer from that that they have a big table of contracts with contractor name/address, date, and number, and those contracts can then be pulled by number from their probably-digital storage, but running a full-text search on all of their contracts for 5 years is not what the database is set up to do.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    2. Re:Misleading summary by jspoon · · Score: 2

      If the last 6 months have taught us anything, it's that the contracts in question are likely in the format of Powerpoint slideshows.

    3. Re:Misleading summary by drinkypoo · · Score: 2

      This responds to your Freedom of Information Act (FOIA) request of 20 September 2013, which was received by this office on 20 September 2013, for "copies of contracts containing any of the following keywords or phrases: "CNO", "CAN", "CND", "CNE", "computer network exploitation," "computer network defense," "computer network attack," "computer network operations", "exploits" and/or "implants," and related services over the past 5 years. If retrieving the contracts themselves is too burdensome, please provide a list of contracts."

      From that, it appears the FOIA request was actually asking for any contract including the word "can", amongst other things. It's probably a shorter list to find contracts that don't fall into this request.

      I know that Slashdot doesn't quite have the standards that it had "back in the day", but most of us have figured out how to perform a case-sensitive search.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:Misleading summary by drinkypoo · · Score: 2

      Isn't there a federal mandate to computerize and open records?

      Hmm, fuck me. I googled for "federal open data mandate" figuring that would just be a good set of search terms, and what do you know? It's called the Federal Open Data Mandate.

      Maybe I'm a goddamn genius. Or maybe I just have problems suppressing the noise when I'm trying to remember, and Beer Works(tm).

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Misleading summary by EETech1 · · Score: 2

      Funny how they can sift through and filter nearly every conversation going on anywhere in the world, as well as search all of the traffic on the Internet for keywords and phrases in REAL TIME, and store this for analysis, but they can't do the same procedure on their own network, and search their own computers to find out information about what they've been doing in any reasonable amount of time.

      Nice!

  4. Easy Workaround by timmyf2371 · · Score: 2

    Perhaps they do this as they know they can easily retrieve the copies of the contracts from the vendors' own systems if they ever need to access them.

    --

    Backup not found: (A)bort (R)etry (P)anic
  5. Re:Huh by somersault · · Score: 3, Insightful

    The quote is:

    A search for overly broad keywords such as "CNO" and "computer network attack" would be tantamount to conducting a manual search through thousands of folders and then reading each document in order to determine whether the document pertains to a contract.

    Tantamount means "equivalent in seriousness to; virtually the same as." So they didn't actually directly say that these files are on paper. Though there isn't any other explanation for why it would require a manual search. Either way, how can we actually trust that they're telling the truth there?

    --
    which is totally what she said
  6. aha by superwiz · · Score: 3, Insightful

    And if you believe that, I have some healthcare to sell you.

    --
    Any guest worker system is indistinguishable from indentured servitude.
  7. Records on paper by PPH · · Score: 2

    Old idea. My financial records are all on paper. In an unheated storage space. When the IRS wants to audit me, they are welcome to sit in there and go through whatever they want.

    --
    Have gnu, will travel.
  8. Re:I have this marvellous new invention for you! by guttentag · · Score: 5, Funny

    It's called a Hollerith card tabulating machine. I can make you a good price!

    NSA PROCUREMENT OFFICE (EQUIPMENT DIVISION)

    Mr. Kyosuke:

    Thank you for your recent letter offering a good price on a Hollerith machine. I regret to inform you that the NSA already has several of these in its possession that were purchased at an IBM auction of surplus machines that had been leased to the German government in the 1940s. We have made many custom improvements to the German machines over the years and would not think of wasting them on something as trivial as contracts.

    However, as replacement parts for these machines are in short supply and knowledge of their purpose is a forgotten state secret we have sent agents from the Procurement Office (Human Division) to collect you and your machine. They are at your front and back doors now. Please cooperate with them fully to make this easier on everyone.

    Again, thank you for contacting the NSA and helping us keep you safe.

  9. Refusing/Lying is illegal, being incompetent isn't by sandbagger · · Score: 5, Insightful

    It's legally safer for them to say that they're incompetent.

    --
    ---- The above post was generated by the Turing Institute. Maybe.
  10. How do you computer? by Anonymous Coward · · Score: 2, Funny

    It should be expected. The NSA has very little technical savvy, nor any sizable budget for computer equipment. They're too busy doing their jobs, to worry about extracting useful information out of data.

  11. It's not just for information security by mbkennel · · Score: 2


    There's little doubt this is intentional.

    The primary 'hackers' that the NSA is worried about is Congressional oversight and the Government Accountability Office, or any kind of auditors.

    Inability to find relevant information is precisely the goal.