Is Amazon Rigging the Bidding For Massive Government Contracts?

SpzToid quotes Vanity Fair: The controversy involves a plan to move all of the Defense Department's data -- classified and unclassified -- on to the cloud. The information is currently strewn across some 400 centers, and the Pentagon's top brass believes that consolidating it into one cloud-based system, the way the CIA did in 2013, will make it more secure and accessible. That's why, on July 26, the Defense Department issued a request for proposals called JEDI, short for Joint Enterprise Defense Infrastructure. Whoever winds up landing the winner-take-all contract will be awarded $10 billion -- instantly becoming one of America's biggest federal contractors.

But when JEDI was issued, on the day Congress recessed for the summer, the deal appeared to be rigged in favor of a single provider: Amazon. According to insiders familiar with the 1,375-page request for proposal, the language contains a host of technical stipulations that only Amazon can meet, making it hard for other leading cloud-services providers to win -- or even apply for -- the contract. One provision, for instance, stipulates that bidders must already generate more than $2 billion a year in commercial cloud revenues -- a "bigger is better" requirement that rules out all but a few of Amazon's rivals... Much of the language of JEDI, in fact, seems specifically tailored for Jeff Bezos. "Everybody immediately knew that it was for Amazon," says a rival bidder who asked not to be named. To even make a bid, a provider must maintain a distance of at least 150 miles between its data centers and provide "32 GB of RAM" -- specifications that few providers other than Amazon can meet.
The article also cites last year's "so-called Amazon amendment, a provision buried in a defense authorization bill that will establish Amazon as the go-to portal for every online purchase the government makes -- some $53 billion every year." And it also notes that Amazon employs more than 100 lobbyists in Washington, and "has spent $67 million on lobbying since 2000 -- including more this year than Citigroup, JP Morgan Chase, and Wells Fargo combined."

The article says this controversy may be "a sign of how tech giants and Silicon Valley tycoons will dominate Washington for generations to come."

The best goverment money can buy!

[Local+ID10T]

Amazon employs more than 100 lobbyists in Washington, and has spent $67 million on lobbying since 2000.

It's true. We have the best government money can buy.

Who's complaining?

[PPH]

One of the good-old-boys DoD contractors thought they had the sole source contract for bid rigging?

Er, Open Stack, anyone?

[davecb]

The existing defense-oriented government data centres can easily support a really large open stack instance, which provides a more secure option that trusting a single vendor.

(In previous lives, I've worked with both Open Stack and with the Solaris side of the U.S. Defense Department's server farms: what I propose is child's play for them. Other departments? Maybe so, maybe not.)

bad summary, are their real Amazon based clauses?

[gravewax]

Is that a joke summary? seriously I hate Amazon but none of the 3 sample clauses seem at all unreasonable. Was the 32GB of RAM a fucking typo? is there seriously any cloud provider (even small ones) that don't go that high? having Datacenters geographically separated is a common clause. 2 billion in revenue would be the only questionable one.

Someone's conducting "info ops" on this contract

[david.emery]

Here's a different view:

In the past several months, a private investigative firm has been shopping around to Washington reporters a 100-plus-page dossier raising the specter of corruption on the part of senior Defense Department and private company officials in the competition for the JEDI cloud contract. But at least some of the dossier's conclusions do not stand up to close scrutiny.

https://www.defenseone.com/tec...

AWS _users_ have a terrible track record

God I'm tried of seeing this. I'm not the biggest fan of AWS or S3 but when you see a news article on documents being leaked on S3 is almost certainly 100% the users fault (I'm not aware of any cases where it wasn't).

S3 defaults to private/restricted access. If you created a bucket right now and uploaded files the are not publicly accessible. You have to explicitly grant public access and if you do that through the web interface it even prompts you with something akin to "this is probably a very bad idea, are you really sure you want to do this".

The only fault that can be laid at Amazon's feet is that the ACL system can be very difficult to learn and master for novices. This causes non-tech types to just throw up their hands and just go with the public option thinking that it will be fixed later. AWS could help the situation by creating an S3 lite that had a more dropbox like interface and allowed access to be easily managed through OAuth access based on social media accounts.

Amazon is cheaper than the alternative

[chromaexcursion]

Having worked in the defense industry, and seen it first hand.
Cloud computing is cheaper. The problem for the defense industry is security.
Amazon is the only one to pass the test. It cost them a lot.
Now they're reaping the benefit of that expense.
They are the only cloud player to have invested in defense level security.

It saves money, even if they are the only player

Re:Amazon is cheaper than the alternative

[chill]

Amazon was the *first* to pass the FedRAMP High test, and first to get approved on all 5 non-classified DISA Impact Levels back in 2014, but is by no means still the only.

Amazon, Microsoft, Oracle, and CSRA are all approved at FedRAMP High levels. For DISA Impact Level 5, the above list is also joined by IBM and possibly others.

Re:Big Cloud Providers - Not Amazon

[chill]

Actually, the $2 billion in commercial cloud revenue will cut out pretty much everyone except Amazon, Microsoft, and maybe IBM.

Oracle, of course, will fudge their numbers to claim that much from commercial cloud, but I wouldn't believe them. Database, yes. Commercial cloud, no.

The other big player, CSRA, makes most of their revenue off of gov't contracts, not commercial. IBM may be in the same boat. Rackspace comes close, but doesn't hit the $2 billion threshold as of 2014 numbers. (See Wikipedia)

Google is big, but is only FedRAMP Moderate and I have no idea if they have been certified by DISA.

Re:Oh no!

[Richard_at_work]

When Boeing launched the brand new 7E7 (which later became the Boeing 787), there was an almost titanic battle between various states as to where Boeing was going to situate the production lines, and eventually the issue was decided when Washington State passed tax relief laws which gave Boeing massive discounts for planes produced there.

The laws were ridiculous, with Boeing supporters claiming straight faced that the tax relief could be claimed by any aircraft manufacturer, so it wasn't state aid to Boeing (this was the height of the Airbus-Boeing state aid battle, initiated by the US government).

Problem was, the tax relief laws stated requirements that covered exactly the range of seats that the Boeing 787 was being marketed at, exactly the efficiency gains the Boeing 787 was being marketed at, exactly the production timescales the Boeing 787 was being marketed at, and all in all all the restrictions added up to eliminate all aircraft except for the Boeing 787...

Ironically, Boeing ended up missing both the production timescales and the efficiency gains cited as requirements in the law, but they still received the tax relief...

Requirements

[Spazmania]

The "must already have $2B in revenues" is a little sketchy.

These two don't seem particularly discriminatory: Data centers 150 miles or more apart is something every cloud provider of any significance already has. Maybe not every data center is 150 miles from every other, but Amazon doesn't have that either. 32gb ram virtual servers is trivially added for anyone who didn't have it -- the physical servers backing the VMs often have 1TB ram or more.

Here's what really cuts out almost everybody: Amazon has a virtual networking system (VPCs) with their cloud product that allows for complex security infrastructures with VMs behind multiple layers of protection devices. Most cloud providers offer VMs plugged directly in to the Internet. Period.

The 150-mile minimum

[Doc+Hopper]

The 150-mile minimum looks like a straight-up âoefuck youâ to Oracle. Oracleâ(TM)s bare-metal team built data centers within 1ms of one another in order to improve latency and provide something no other cloud provider could provide. Due to speed of light limitations, a 1ms round-trip time allows for data centers â" at the absolute most! â" to be 93 miles from one another. Given routing & switching latencies, youâ(TM)ll usually want the data centers somewhere around 50-80 miles from one another. This is far enough to be largely free from most correlated risk except extinction-level events. Big middle-finger to anyone who wants to push performance higher than Amazon does. Wow.