Monday, October 26, 2009

Big Brother's Database

The Salt Lake Tribune reports on the NSA's construction data storage facility in Utah.

The secretive NSA on Friday made public what has for months been Utah's worst-kept military secret: It plans to build an enormous new data center at the Utah National Guard's Camp Williams. The facility could consume as much power as every home in Salt Lake City as it processes information collected in an effort to prevent attacks on the nation's cyber networks. But only a very small slice of the information stored at the center in southern Salt Lake County will ever be scanned by human eyes. And that's the reality for most of what is collected by the nation's other spy agencies as well.
James Bamford sheds further light on this facility on the challenges faced by the NSA in the 21st century in this piece in the New York Review of Books.

Where does all this leave us? Aid concludes that the biggest problem facing the agency is not the fact that it's drowning in untranslated, indecipherable, and mostly unusable data, problems that the troubled new modernization plan, Turbulence, is supposed to eventually fix. "These problems may, in fact, be the tip of the iceberg," he writes. Instead, what the agency needs most, Aid says, is more power. But the type of power to which he is referring is the kind that comes from electrical substations, not statutes. "As strange as it may sound," he writes, "one of the most urgent problems facing NSA is a severe shortage of electrical power." With supercomputers measured by the acre and estimated $70 million annual electricity bills for its headquarters, the agency has begun browning out, which is the reason for locating its new data centers in Utah and Texas. And as it pleads for more money to construct newer and bigger power generators, Aid notes, Congress is balking.
While both these pieces raise important questions about the balance between privacy and security, they also raise important questions about the efficacy of spending so much money collecting data which is never analyzed. According to MIT defense expert Pete Rustan, who complained that "70 percent of the data we collect is falling on the floor." Bamford is right to suggest that the money spent on these collection capabilities may be better spent on other programs.


Tom O'Connor said...

It is surprising to hear that the NSA is suffering from a capacity issue when it seems that we are constantly hearing that one of the reasons they collect so much data is because it is cheaper to hold on to than to try to sift through. It seems that perhaps they were only counting on the rapidly decreasing price of disk space but not on the other constraints surrounding such massive data collection.

It makes sense to locate a storage facility in Utah due to the lower temperatures and subsequently lowered costs of energy used for cooling servers, but why are they considering another facility in Texas? While there may be plenty of space to build, it is definitely not cooler than Ft. Meade and it seems energy costs would be even greater there.

Andy said...

It seems that if NSA of all organizations is having trouble storing the amount of information they have than it is likely they simply have too much information. This article discusses the fact that previously the fear had been that there would be too much data to sift through, and that will continue to be a problem, but how much data can the NSA have that its storage location would use more power than every home in Salt Lake City?

In this case the NSA either needs to find a way to fund and provide new power sources or decide to eliminate some of their stored data. Historically the NSA has tended to get what they ask congress for, yet the article states that congress doesn't seem to keen to help them with their problem. I would guess that the NSA ends up finding a way around this problem because they tend to have a harder time getting rid of thing than many old people. However, the statistic that 70% of the data "falls on the floor" should hint that they may not need to spend such a large amount of money on such pointless storage.

Brodi said...

Again, not related to the actual post - but something I thought was very news relevant and timely.

In wake of the recent shooting at Ft. Hood, officials have confiscated the personal computer of the shooter to find any potential motives. But also, and this is the first time that I had read this - they are almost certain that the shooter posted online defending suicide bombings.

To me, this seems relevant because they certainly had to investigate online using many of the tactics we have talked with in class. I am interested to know how well of a job he did "hiding" it with proxy servers, anonymous IP addresses, etc. Or if he did at all. In addition, I am curious to know how the government discovered this - whether through the actual harddrive of his computer or through other investigative techniques.

Jed said...

Dashboard seems like a nice attempt at addressing some privacy concerns. For someone who uses a Google Account, this tool is useful for remembering to which sites I've given access, subscribed, etc. And after going through my Dashboard, I've disabled and deleted my Web History. A question that arises after reading the article about the NSA's new data center is whether Google's Web History is actually "deleted" or just removed from my view.

Google has enough power and trust that it can give the appearance of deleting data while really storing it forever. The government and the people will never really know, since there's so much data floating out there. The critics in the New York Times article also make some good points: that having one account for so many services is a privacy concern in itself and that regardless of clearing Google's Web History from an account, people can still be tracked by IP address.

Chris said...

I found this article extremely interesting because I never would have guessed that access to electricity would be a constraint to the information security industry, and especially not the NSA. Not only does it “raise important questions about the balance between privacy and security” but also between security and energy consumption. When can we expect to see environmentalists attack NSA and other information security agencies for their huge carbon footprints?
On a more serious note, Tom brings up a good point when he says that it is cheaper to simply hold on to information than it is to sift through new information. However, if 70% of the information collected ends up not being used, as MIT defense expert Pete Rustan argues, then maybe the NSA is in need of more strategic, efficient, or sophisticated methods of gathering information. While I understand that national security is extremely important, the security agencies must acknowledge real world constraints. Therefore, if the NSA does not receive permission to build new power plants to power its facilities in Utah, I would suggest that they go back to the drawing board and figure out ways to pinpoint the “30%” of information which is relevant. Of course this is the challenge but my only point is that while I am surprised to hear the NSA would be confined by physical constraints such as electricity, they need to acknowledge these restraints.

A. Fox said...

As a resident of Utah in the Salt Lake City area, I feel that it is imperative that I comment on this post.

Since the NSA is such a secretive agency, it's hard to get a handle on what's really being done. The article in the Tribune says that one million square feet of computers will be overseen by 200 workers, and I must say they have their work cut out for them. If it's true that 70% of data collected never even gets looked at, let alone analyzed for threats, clearly it's time for a new way to monitor intelligence gathering.

I'm not sure what kind of system is currently in use, but a code word or sentence system could probably be useful if it isn't already in place. If computers can evaluate facebook pages and tell us about people we know, why can't a similar technology be used to weed out some of the unnecessary information gathered for security?