Yottabytes: Storage and Disaster Recovery

October 25, 2016  10:39 PM

DNA Data Storage Hopeful

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
research, Storage

Scientists and researchers love finding new and interesting ways to store data, especially as the traditional spinning disk and even flash drive technologies are starting to run into the laws of physics. The newest one? DNA data storage.

Actually, the notion started out as a joke, writes Andy Extance in Nature. In 2011, biological information scientists were trying to figure out how they could afford to store the amount of genome sequences they had, and were so frustrated by the expense and limitations of conventional computing technology that they started kidding about sci-fi alternatives like using DNA. “Then the laughter stopped,” he writes. “It was a lightbulb moment.”

Scientists at the European Bioinformatics Institute and at Harvard University each demonstrated a proof-of-concept of the idea in 2013, of just 0.74 megabytes. What’s different now is that Microsoft, which has been taking the lead in DNA storage research, was able to save 200 megabytes in DNA, or more than a 270 times improvement over 2013.

In fact, at one point, you could even buy a DNA storage device on Amazon, which stored 512 KB—enough for a small photograph or a document, according to the product description.

The downside? The cost, writes Tobi Ogunnaike in SingularityHub. “The current cost of DNA data storage is not attractive,” he writes. “Storing digital data in DNA involves both reading and writing DNA. While the price of reading DNA (DNA sequencing) has fallen sharply, the price of writing DNA (DNA synthesis) currently remains prohibitively high for data storage.”

The Microsoft experiment might have cost on the order of $150 million, writes Andrew Rosenblum in MIT Technology Review. “Microsoft won’t disclose details of what it spent to make its 200-megabyte DNA data store, which required about 1.5 billion bases,” he writes. “But Twist Bioscience, which synthesized the DNA, typically charges 10 cents for each base. Commercially available synthesis can cost as little as .04 cents per base. Reading out a million bases costs roughly a penny.” On the other hand, costs are dropping rapidly, he adds. “It would have cost about $10 million to sequence a human genome in 2007 but close to only $1,000 in 2015.”

Another downside? The speed, Extance writes. “DNA storage would be pathetically slow compared with the microsecond timescales for reading or writing bits in a silicon memory chip,” he writes. “It would take hours to encode data by synthesizing DNA strings with a specific pattern of bases, and still more hours to recover that information using a sequencing machine.”

But DNA storage offers one big advantage: Its density, or the amount of data it could store in a small space, Extance adds. “By 2040, if everything were stored for instant access in, say, the flash memory chips used in memory sticks, the archive would consume 10–100 times the expected supply of microchip-grade silicon,” he warns. Similarly, a data center holding an exabyte (one billion gigabytes) on tape drives would require $1 billion over 10 years to build and maintain, as well as hundreds of megawatts of power, he writes. “If information could be packaged as densely as it is in the genes of the bacterium Escherichia coli, the world’s storage needs could be met by about a kilogram of DNA.”

For example, the 200-megabyte Microsoft example occupied a spot in a test tube much smaller than the tip of a pencil, the company writes, which performed the experiment with the University of Washington.

DNA storage could also last longer and be more stable than existing data storage methods, writes John Markoff in the New York Times. “Magnetic disks, tape and even optical storage systems safely store information at most for only a handful of decades,” he writes. “The recent advances suggest there may be a new way to store the exploding amount of computer data for centuries rather than decades.” Keep in mind that readable DNA has been found in fossils thousands of years old.

Of course, DNA storage isn’t a panacea. There are a number of open questions about a new kind of storage system, Ogunnaike writes, such as what sort of security and user interface it will have. “Will we all have DNA sequencers, DNA synthesizers, and algorithms that translate digital data into biological data in our phones, our homes, or our local community biohacker spaces? Or will these capacities be restricted to companies?” he writes. “In either scenario, how easily we can interact with DNA data storage technology might affect how quickly we adopt this technology.”

Other complications include error correction, retrieving just portions of the data, and avoiding the sort of protein sequences that causes DNA strings to fold up, Extance writes.

And what if something you save accidentally creates life? Hmm. It could be the next Jurassic Park movie.

October 15, 2016  12:23 AM

Strange USB Sticks Zap PCs

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Security, Storage, Thumb drive

We’ve written before about USB sticks that could set computers on fire. Now it’s not just a rumor – it’s something you can order now for less than 50 Euros. And it has free shipping!

Ostensibly for people to test how well PCs and other devices can handle power surge attacks, “the USB Kill collects power from the USB power lines (5V, 1 – 3A) until it reaches ~ -240V, upon which it discharges the stored voltage into the USB data lines, according to the product website. “This charge / discharge cycle is very rapid and happens multiple times per second. The process of rapid discharging will continue while the device is plugged in, or the device can no longer discharge – that is, the circuit in the host machine is broken.”

Companies that make electronic equipment need these devices to help ensure that their products can handle such attacks. “In our tests, over 95% of devices are affected by a USB power surge attack,” notes the website. “Almost all consumer-level hardware fails when tested against the USB Kill. The most frequent outcome is the complete destruction of the device (laptops, tv, telephones, etc).”

“Brutally efficient!” the website proclaims. While the intention is not to destroy data on the target system, “depending on the hardware configuration (SSD vs Platter HDD), the drive controllers may be damaged to the point that data retrieval is impractical,” the website warns. A demonstration of the device basically looks like you’re hot-wiring a teeny-weeny car.

The first batch of stock – the company doesn’t say how many – was shipped on September 19, according to the company blog. “As you may have noticed, due to overwhelming demand, we are currently on backorder,” the blog notes. “Each delivery of stock is larger than the previous.” With weekly shipments, the company pledged to clear its backorders by early October.

Now, the company is aware of what people might want to use these devices for, and says in no uncertain terms that that would be a no-no.USBKill.com strongly condemns malicious use of its products,” notes the company’s FAQ. “A hammer used maliciously can permanently damage to a third party’s device. The USB Killer, used maliciously, can permanently damage a third party’s device. As with any tool, it is the individual, not the manufacturer of the tool, responsible for how the individual uses the tool.”

(The company also sells a tester device that lets users test their own devices without putting them at risk.)

Security experts were skeptical of the company’s claim for a use case. “Are there companies that hire security testers who say ‘Oh, please fry some electronics if you find an easy way to do so’? Are there security testers whose contracts say ‘We will cause property damage to show you your vulnerabilities, rather than telling you about them’?” scoffs one commenter on security expert Bruce Schneier’s blog, Schneier on Security. “For a security tester, you want something that highlights the vulnerability in a clear way, and causes no damage (or at least as little as possible consistent with finding the vulnerability). If I’m testing whether people will plug in random USB sticks, plugging it in should either report the information to me (probably using the 5V to power a transmitter, rather than trying to rely on a network connection that might not be there), or announces its presence to everyone nearby (how loud a siren can you power via USB?).”

At the same time, some also scoffed at the notion that disgruntled employees would buy these devices to get even with an employer. “A disgruntled employee can slip with his sports drink on someone’s desktop in front of a dozen people, say ‘Oh, my bad, I’m so sorry,’ and totally get away with it,” noted one. “A disgruntled employee who slaps one of these in someone’s desktop had better be doing it when there are no witnesses about, because otherwise there is going to be a really straightforward prosecution for criminal damage. Involving exhibits like ‘camouflaged criminal sabotage device purchased over the internet.’”

What was going to be more of a problem, they noted, would be people who found these devices scattered around and plugged them into systems to see what they did (or so they could return them to their owners). “It’s true that there are other ways to destroy a computer, but your average office worker is not going to destroy company property for no reason,” one wrote. “You can expect, however, that many will plug a USB device of unknown origin into their work computers. Destructive USB devices given away as ‘freebies’ can cause a lot damage.”

Even that, though, wasn’t as damaging as it could be, experts noted. “So you want to plug this into a target to fry it? You’re limited to whatever you physically had access to, and you might as well have poured a vial of who-cares-what-kind-of-goo into the port instead. No more nor less difficult to get away with on-camera,” noted one. “Why would you do that when you could use a USB that actually appears functional (so no immediate suspicion) but contains a pathogen that can reach beyond the mookstation into the deeper network?”

September 30, 2016  6:51 PM

JASTA: E-Discovery Story of the Year

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
E-discovery, government

Political and foreign policy ramifications aside, Congress’ recent override of President Barack Obama’s veto of a bill to let 9/11 victims’ families sue Saudi Arabia has the potential for some really interesting e-discovery implications.

In case you haven’t watched CNN lately, Congress put forth a bill, the Justice Against Sponsors of Terrorism Act (JASTA), that would allow citizens, such as family members of 9/11 victims, to sue the nation of Saudi Arabia for its role in the terrorist attack, 15 of the 19 leaders of which were Saudi nationals. President Obama vetoed the bill because of a sovereign immunity law that protects foreign governments from American lawsuits. However, in what appears to be the one thing that Democrats and Republicans could agree on in eight years, both houses of Congress had a decisive override vote of the President’s veto, meaning JASTA is in force.

Before the law, American victims of terrorist acts could only sue countries designated by the U.S. State Department as state-sponsors of terrorism, currently Iran, Syria and Sudan,” writes Mica Rosenberg for Reuters. “Now, any country can be sued if there are allegations of support for known terrorists that carry out attacks on U.S. soil.” More than 2000 family members sued Saudi Arabia in 2003, a suit that has been stalled due to the sovereign immunity law, he adds.

If nothing else, the law will likely become the Attorneys’ Full Employment Act of 2016. “The legal battle could last for years, and would be waged using thousands of pages of documents, deposition transcripts and official government investigations,” writes Mark Mazzetti in the New York Times. “It could end in millions – or billions – of dollars’ worth of Saudi assets being seized in a court settlement, or a judgment that largely vindicates the Saudi government, which for years has insisted it had no role in the deadly plot.”

Aside from this specific case, there is also the question of precedence, both for other countries, U.S. allies, and for the U.S. itself, if foreign countries pass similar laws and decide that U.S. actions could be considered terrorism, such as drone strikes and abuses committed by U.S.-trained police units or U.S.-backed militias, writes the Associated Press.

“If JASTA were enacted, courts could potentially consider even minimal allegations accusing U.S. allies or partners of complicity in a particular terrorist attack in the United States to be sufficient to open the door to litigation and wide-ranging discovery against a foreign country — for example, the country where an individual who later committed a terrorist act traveled from or became radicalized,” the President wrote in his veto message.

Defense Secretary Ash Carter wrote Rep. Mac Thornberry of Texas, the Republican chairman of the House Armed Services Committee and an opponent of the legislation, before the vote, warning him of the discovery implications.

In the letter, Carter described the potential for litigants to seek classified intelligence data and analysis and sensitive operational information to establish their cases in what could be an ‘intrusive discovery process,’” writes Richard Lardner for the Associated Press. “If the U.S. were sued overseas, a foreign court would decide whether the information should be protected from disclosure, he said. Paradoxically, the information could be central to a defense against the accusations.”

“Disclosure could put the United States in the difficult position of choosing between disclosing classified or otherwise sensitive information or suffering adverse rulings and potentially large damage awards for our refusal to do so,” Carter wrote, according to Lardner.

Conceivably, lawsuits could be filed that have no hope of succeeding, just for the discovery they could involve.  “Whether or not a case has merit, the U.S. would still have to defend itself or its troops against private litigants in foreign courts,” Lardner writes. “That raises the possibility of service members who refuse to appear or to divulge classified information being held in civil or criminal contempt by the foreign court, according to Carter.”

Meanwhile, after realizing the implications of its bill, now law, Congress is considering rewriting it – though not until after its election recess. “Both House Speaker Paul Ryan and Senate Majority Leader Mitch McConnell said that the measure could have unintended consequences — including the fact that it could leave U.S. soldiers open to retaliation by foreign governments,” write Steven Dennis and Billy House for Bloomberg. “But Republicans said the White House didn’t make a forceful case, putting themselves in the awkward position of blaming the president for a bill they enacted into law over Obama’s veto.”

“So, basically, Congress’s excuse is that they didn’t realize that the president was seriously opposed to JASTA despite the fact that he vetoed it, publicly articulated why he vetoed it and personally warned congressional leaders about the implications,” explains Daniel Drezner in the Washington Post.

For now, attorneys are already gearing up, with action leading to discovery likely as early as next week, writes Aliyah Frumin for NBC News.

September 29, 2016  12:39 PM

Archivists Dealing With Born-Digital Data

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, history, museum, Storage

When former Texas Governor Rick Perry left office in 2014, the records he left to the State Library and Archives Commission included more than 7 terabytes of data, writes Isabelle Taft in the Texas Tribune. But there weren’t any digital archives to put it.

“While the governor’s 4,000 cubic feet of paper could be sorted, itemized, boxed and shelved alongside other state records dating back centuries, [state archivist Jelain ] Chubb and her staff had no system in place to store thousands of gigabytes of photos, emails and audio and video recordings, much less make them available to the public,” Taft writes. “The Perry collection presented a Texas-sized challenge for a commission that had no capacity to manage the ‘born-digital’ records — those with no paper or analog footprint.”

Consequently, the commission needed to set up the Texas Digital Archive for the material, a project that so far has cost $700,000. The data is stored in the Amazon cloud.

In many ways electronics records are safer and more durable than paper ones—they can easily be backed up, replicated, and sent elsewhere to prevent a Library of Alexandria-type conflagration. Moreover, electronic records are typically easier to gain access to than paper records because people don’t have to travel to where the records are. That also helps make government more transparent. But that’s all predicated on the data still being readable electronically.

“Ancient hieroglyphics and scrolls have survived centuries, but digital storage is fragile, the files easily swept away or locked up in encryption,” writes Arielle Pardes in Vice.com. “The technology we use to store things today might not be around tomorrow, and many of the platforms we use to store information are owned by private companies, which makes it harder for archival institutions to save them. And how much of what we upload online is worth saving at all?”

There are three main problems with maintaining archives of born-digital material, Pardes writes:

  1. It requires the hardware to read it.
  2. It requires power for the hardware.
  3. It requires software—often proprietary, and sometimes copyrighted—to read it.

This is particularly true as data storage goes to private companies in the cloud—such as Facebook—rather than on software that we own, Pardes warns. “Many of the sites we use that are free, or that you rent space on, like a wedding site, they’re private companies,” she quotes historian Abby Smith Rumsey as saying. “You don’t have ownership of it.”

That was the problem with some of Perry’s data, which dated back to 2000 and in some cases used formats that are no longer around, such as WordPerfect, Adobe Pagemaker, VHS tapes, CDs and raw camera files, Taft writes. “Many files had to be reformatted so the public could view them with contemporary software.”

To help in this effort, the Library of Congress has created a list of recommended formats for archiving digital data, and has an ongoing discussion about the sustainability of digital formats.

After the Perry project, the Texas data archive staff is now working on a similar project for Texas state agencies. “Arguably the most important function of the digital archive, however, is still under development: the ability to ingest and display the born-digital archives of state agencies,” Taft writes. “Archivists are currently working with three pilot agencies — the Texas Historical Commission, the Office of the Attorney General and the Railroad Commission — to get their electronic records from the late 1990s and early 2000s on the digital archive.”

Unfortunately, the group is running into the same problem as with Perry’s data. “Texas requires state agencies to preserve records if the state archives can’t yet take them,” Taft writes. “But floppy disks loaded with files can decay until they’re unreadable. Emails are often deleted to free up expensive storage space. And some formats are already obsolete.”

September 25, 2016  2:02 PM

6 Dell-EMC Shoes Yet to Drop

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Dell, EMC, Storage

EMC is dead. Long live Dell Technologies. With Dell’s acquisition of EMC finalized earlier this month, it may seem like the end to a very long, long, long story. But although the merger is complete, there are still a quantity of potential Dell-EMC fallout to occur.

Layoffs. Reports are that 2,000 to 3,000 people are slated to be laid off from the combined companies.A lot of them are going to be administrative people – HR, finance, all the various business functions that are more or less duplicated by the two companies. This will also be a good time to see, however, what users can expect from Dell Technologies products going forward, if developers start getting laid off as well. And what methodology is Dell going to use? If there’s two competing products, will the Dell product naturally survive and the EMC product get the ax? Vice versa? Will they just pick the biggest product? A look at who gets laid off will reveal a lot of the merged companies’ philosophy.

Executives. Yes, all of this was an elaborate way for EMC CEO Joe Tucci to get out of formally naming a successor. But what will happen to all those former EMC executives? EMC was known for having a deep, if unexciting but businesslike, bench of potential managers. Are they going to stick around? Former VMWare and Pivotal CEO Paul Maritz has already retired. Will people like VMWare CEO Pat Gelsinger join him? Are they going to get buyouts? Will they start spinning off companies? It will be interesting to see.

Ancillary pieces. Individually, EMC and Dell were so big that there were pieces of them that people completely forgot about. (For instance, did you remember EMC bought RSA Security in 2006? I had it in my head that they’d been owned by Symantec. Nope.) As the two companies merge, there’s going to be all sorts of things they find in the back of closets as they set up housekeeping together. Dell has already offloaded its software group (Dell had a software group?) EMC has already offloaded poor, sad Documentum to Open Text; it remains to be seen to what degree Open Text continues to support it, or simply expects all the Documentum users to migrate to the OpenText software. And what will happen to RSA? Data Domain? Virtustream? Pivotal Labs?

VMWare. Of course, the biggest ancillary piece – and the source of a lot of EMC’s profit – is VMWare. (There was even talk that VMWare might acquire EMC, though it was just a rumor that the merged company would have been called Ouroboros.) The companies insist they don’t plan to sell it, but some financial analysts say the acquisition might not pencil out unless they do. What sort of support will a software company get from its parent hardware company? And how will VMWare’s independent reputation among users change when it is owned by a server company?

Culture. Austin and Boston may rhyme, and may both be tech hubs, but their cultures are pretty different. How well barbecue is going to mix with baked beans, only time will tell. One area they do have in common? Both companies have been outspoken in their support of equal rights for gay people, such as opposing the so-called religious freedom bills in Indiana and Georgia.

And finally. What will Elliott Management Co. — having now withdrawn its dripping scimitar from the still-writhing corpse of EMC – be looking at it as its next activist investment target? As it turns out, speaking of Symantec, looks like it’s on the radar: The other EMC more than doubled its holding in the most recent quarter and now owns on the order of 3 percent of the company.

September 19, 2016  11:18 PM

What About Drone Storage?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
drone, Storage

People don’t talk about it much yet, but the data that the increasing number of drones are collecting has the potential to cause a lot of problems.

“In 2013, only 128,000 units in this product category were estimated to have sold in the United States. Many of these were in the low-cost ‘toy’ category, with poor flight control characteristics, limited range and relatively poor image quality,” writes Wes Brewer of VP and GM of Lexar, a global brand of Micron Technology, for the SD Association. “Now, the CTA has forecast that more than 2.8 million units will be sold in the United States in 2016, while Business Intelligence pegged the worldwide market at 7.1 million units.”

While drones started out having built-in storage, increasingly they are being built to include microSD cards, Brewer writes, noting that a GoPro Omni 4K can capture as much as 162 gigabytes of data per hour. Aside from the drones themselves, the software and hardware they need to run could add up to a $127 billion annual market, according to PriceWaterhouseCoopers.
All that data has the potential for two big problems.

Size. Granted, all drones are not created equal. The quadcopter you got for Christmas that uses a microSD isn’t the same as a military drone, such as the Wide Area Reconnaissance Hyperspectral overhead Real-Time Surveillance Experiment (WARHORSE), where a single frame could amount to 20 gigabytes, according to William Arkin’s book Unmanned. And a single government drone flight can amount to 400 terabytes of data, writes Yasmin Tadjeh in National Defense.

Nonetheless, even if we’re just talking about non-governmental drones, we’re still talking about the potential for an awful lot of data. Where’s it all going to go? And how? Are people going to upload it all to the cloud? How’s all that storage going to be paid for?

It’s enough to make all the data that the National Security Agency is reportedly storing sound like a drop in the bucket. This is especially true now that the Federal Aviation administration has now granted permission to small businesses ranging from farmers to real estate agents to send up drones weighing less than 55 pounds.

“Under the new rules, operators would register their drones online, pass an aviation knowledge exam for drone pilots at an FAA-approved testing center and then they’re good to go,” writes Joan Lowy for the Associated Press. “That’s a big change since operators currently have to have a manned aircraft pilot’s license.” Moreover, the FAA really doesn’t have much of an enforcement mechanism, she adds.

Interestingly, the late, great EMC, now a piece of Dell, has also been looking at this market, including sponsoring drone-racing competitions.

Security. Once you’ve collected all that data, and put it somewhere, you need to protect it. “How you are going to handle that data, which can be massive, especially in the case of video, LiDAR surveys, or other sensor files?” writes drone software specialist VirtualAirBoss. “And, since the data may reveal sensitive information about key property, progress, or infrastructure, how will you ensure data security and integrity?”

Keep in mind that, in the mid-2000s, there was a guy in England named Tom Berge. And Tom got really good with Google Earth. So good, in fact, that he used it to look for lead roofs on historic buildings in southern London, and then he’d scale the building, peel off the lead, and sell it. Altogether, he was thought to have hit 30 buildings, earning more than 100,000 pounds.

So if a guy could do that with Google Earth, how long is it going to take burglars to learn how to do this with drones? And as it happens, not long at all. As long ago as 2014, stories started being reported about burglars who were using drones to pinpoint targets. Even if you’re collecting the data only for good, the repository is going to be pretty tempting for some people – assuming they don’t just nab your drone out of the sky to grab the data on it, or replace it with something else.

If all of this is making you think, “Didn’t we just go through all this with police body cams?” it should. The situations are very similar – except worse. “In many ways, the data challenge presented by UAVs is no different than that created by body cameras or smartphones,” writes Hank Hogan for Gov Tech Works. “All can generate digital data that must be managed. However, one key difference is that as a law enforcement aircraft flies into place, it will pass over – and image – other structures and possibly people. It is tempting for UAV managers to say that unintended imaging is no problem; can’t they simply discard everything that is not evidentiary? But that raises critical legal questions: What if the accused wants to see every inch of the video? Should law enforcement then retain everything? Given that the legal system can take years to run its course, is the agency in question responsible for taking, compressing, housing and managing all of the data for that entire time?”

August 31, 2016  10:58 PM

FBI Deliberately Uses Old FOIA Software

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
E-discovery, FOIA, government

We’ve all experienced the sort of person who performs something badly on purpose in order to get out of doing it. Whether it’s a secretary who makes coffee badly because she doesn’t think it should be her job to make coffee, or a husband who does household chores or child-raising badly so he doesn’t get asked again, we all know of examples.

Now a Massachusetts Institute of Technology (MIT) graduate student is claiming that the Federal Bureau of Investigation (FBI) is deliberately using old, crappy software as an excuse for getting out of responding thoroughly to Freedom of Information Act (FOIA) requests.

“Freedom of Information Act (Foia) researcher Ryan Shapiro alleges ‘failure by design’ in protocols at the Department of Justice (DoJ) for responding to public requests,” writes Sam Thielman in The Guardian. “The Foia law states that agencies must ‘make reasonable efforts to search for the records in electronic form or format.’”

Instead of using a $425 million web-based package called Sentinel that came out in 2012, which can search the full text of FBI records, the FBI uses Automated Case System (ACS), a 21-year-old sainframe-based software package that can search only keywords. In other words, if an agent didn’t happen to include those keywords in their report, the record wouldn’t come up in a search, even if the words might have been included in the report itself, Thielman writes.

Even when nothing comes up using ACS, the FBI reportedly refuses to use Sentinel, claiming that it would be duplicative and wasteful, Shapiro told The Guardian.

‘FOIA Superhero’

Shapiro himself is quite a piece of work. He is a self-styled FOIA expert, called by some a FOIA Superhero, filing an average of two FOIA requests a day. These requests range from records about the Central Intelligence Agency’s role in the arrest of Nelson Mandela in 1962 to whether the American Egg Board improperly used its powers against a particular kind of mayonnaise because it didn’t use eggs in it.

Interestingly, Shapiro’s most recent FOIA efforts are not just about getting various documents themselves, but to help him understand how the FOIA process works at the FBI. “I design each request not only to hopefully produce the requested records, but also to further illuminate the agency’s FOIA operations,” he explains to George LeVines in Muckrock, a nonprofit organization devoted to the FOIA. “Though it of course should not need to be this way, developing as intimate a familiarity as possible with an agency’s internal filing systems, databases, and FOIA practices is frequently the key to success.”

For example, Shapiro has been including waivers from individuals with his FOIA requests in order to circumvent FBI restrictions about including those individuals’ personal information in its responses.


In response, the FBI is resorting to some interesting tactics, such as claiming that while Shapiro’s individual requests are all legitimate and unclassified, added up together they result in a threat to national security because they make it too easy to see how the FBI operates.

“Invoking a legal strategy that had its heyday during the Bush administration, the FBI claims that Shapiro’s multitudinous requests, taken together, constitute a ‘mosaic’ of information whose release could ‘significantly and irreparably damage national security’ and would have ‘significant deleterious effects’ on the bureau’s ‘ongoing efforts to investigate and combat domestic terrorism,’” writes Will Potter in Mother Jones. “So-called mosaic theory has been used in the past to stop the release of specific documents, but it has never been applied so broadly.”

Moreover, Shapiro can’t find out why, because the information was provided to the judge in the form of an ex parte, in camera letter which was secret. “They argued the threat to national security is so severe that they can’t even tell us why,” he told Amy Goodman at Democracy Now!

FBI Won’t Tell Him Why

Similarly, when he filed a FOIA request about the handling of his FOIA requests, the FBI refused, until a judge ruled in February that it couldn’t do that.

“Shapiro and his co-plaintiffs asked for more information about the process by which they had been so often refused,” writes Sam Thielman in The Guardian. “And those requests for clarifying information were categorically denied on the grounds that any information about the FBI’s reasons for denying previous Foia requests were by their very nature secret.”

“The FBI has long been notorious for the frequent poverty of the document searches it performs in response to FOIA requests,” writes The Sparrow Project, an organization devoted to social change. “The consistent inadequacy of the FBI’s FOIA searches has even led to the Bureau receiving an ‘award”’ for ‘worst Freedom of Information Act performance by a federal agency’ from a leading open government group, as well as a declaration from the Associated Press that, ‘If information were a river, the FBI would be a dam.’”

Perhaps someone could file a FOIA request on the FBI’s use of its new software.

August 30, 2016  10:29 PM

FBI Discovers Email on Clinton Server

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Clinton, ediscovery, Email

Many of us probably wish our IT departments were as diligent about finding lost email messages as the Federal Bureau of Investigation (FBI) has been about former Secretary of State Hillary Clinton’s.

To make things clear, this blog post isn’t going to discuss the topic of the email messages. This isn’t going to discuss whether it would be perjury. This isn’t going to discuss the possible effect on her presidential campaign. This is a blog about storage and e-discovery, and, like other blog posts on the subject, is sticking to those nerdy topics.

Reportedly, the FBI has searched through 14,900 email messages that Clinton or her staff were said to have deleted on the grounds that they were personal. In the process, the FBI believes it has found 30 email messages that might have something to do with the death of four Americans at a U.S. outpost in Benghazi, Libya.

The FBI has not yet released the email messages, because the State Department needs to look at them to determine whether there are actually any new messages, as well as whether there is any information in the messages that needs to be redacted for national security or revealing personally identifiable information. In addition, it isn’t clear how specific they are to the Benghazi incident, nor to what extent they involve Secretary Clinton.

The really interesting part, of course, is “Just how did the FBI find all the deleted email messages?” Unfortunately, the FBI doesn’t seem to be revealing that information, and the primary emphasis in court has been on just how and when the messages will be released, rather than on the nerdy details we all love.

And that could take a while. According to a transcript of a late August hearing, the 14,900 email messages were just what was on one disk. There are six more. Disk 5 alone is said to contain more than 55,000 documents. Emphasis was placed on disk one because it contained “E-mails and attachments that were sent directly to or from Former Secretary Clinton or e-mails that we sent to or from the 11 former secretary at a point in time in an e-mail chain, and 12 were not included on the materials provided to State 13 Department by Former Secretary Clinton in December 2014.”

That section of the transcript is actually kind of funny to read, as the lawyers and the judge fight for how much time it should take to review the messages and why it isn’t necessarily faster to release the messages from reviewing just the first disk compared with reviewing all the disks. The upshot of the discussion was that the State Department will review just the first disk, and everyone will come back to court on September 22 to find out how that’s going.

But in a separate legal case, a different judge ruled that the State Department actually had to come back with a report on the email messages by September 13.

The people filing the lawsuit to get the email messages released are understandably concerned that the process will take longer than Election Day, and there are some who believe that the State Department is delaying the process on purpose for just that reason.

One thing is clear: This should be a lesson to all of us on the proper procedures regarding setting up corporate email servers, the problem of mixing personal and business email correspondence, the value of setting up retention policies for discarding email messages on a regular basis, and how much of a pain electronic discovery is when these procedures aren’t followed. Reportedly, this investigation has cost more than $20 million thus far, and it’s not done yet.

August 25, 2016  11:25 PM

Apollo Software Renews Interest in Rope Memory

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, history, Storage

The recent publication of the original Apollo 11 lunar module code in GitHub is bringing new interest to a really arcane form of storage: Rope memory.

Let’s get the Moore’s Law, kids-these-days aspect of this over with right away: The Apollo Guidance Computer (AGC) had just “36,864 sixteen-bit words of core rope memory (placed within one cubic foot) and 4,096 words of magnetic core memory (within two cubic feet),” or the equivalent of 72K of the sort of memory we have today, according to programmer (and stoner) Don Eyles in the 2008-2009 documentary Moon Machines. (An MP3 player at the time the documentary was made had 50,000 times more storage space, the documentary notes.) This is inside a 70-pound box that was the state of the art – in the mid-1960s. Heck, it even used integrated circuits, the first device to do so.

But it’s the type of read-only memory that’s particularly interesting. “Fixed memory consisted of core rope, a high-density read-only memory using cores of similar material composition as the erasable memory but of completely different design,” writes NASA in Computers in Spaceflight: The NASA Experience. “MIT adopted the use of core rope in the original Mars probe computer design and carried it over to the Apollo. Chief advantage of the core rope was that it could put more information in less space, with the attendant disadvantages that it was difficult to manufacture and the data stored in it were unchangeable once it left the factory.”

LOL Memory

Yeah, so let’s talk about that manufacturing. It was literally woven by little old ladies on looms (and, consequently, was sometimes known as Little Old Lady, or LOL, memory). “Producing these required skills was analogous to textile work, which had long been part of the New England labor force,” explains the Dibner Institute for the History of Science and Technology at the California Institute of Technology, on its History of Recent Science & Technology website.

“Women in the factory would literally weave the software into this core rope memory,” explains historian David Mindell, an MIT professor of the history of engineering and manufacturing, in Moon Machines. “The rope is made up of rings and wires,” notes Margaret Hamilton, director of software engineering for the project, in the documentary. “If the wire goes through the core, it represents a 1, and around the core, it represents a zero.” A single program could take several months to weave, and an error would be a “nightmare to correct,” the documentary points out.

It could only have been more arcane if the little old ladies in question had woven it using their own hair or something.

Cutting-Edge Rope

That said, rope memory was quite the thing in its day, because it actually stored much more data than competing methods. “In the AGC, up to 64 wires could be passed through a single core,” writes Ralf-Udo Hartmann in his personal website. “A relatively large (by the standards of the time) amount of data could be stored in a small installed volume of core rope memory (72 kilobytes per cubic foot; roughly 2.5 megabytes per cubic meter); about 18-folda the amount of data per volume compared to standard read-write core memory.”

Moreover, core rope memory was more robust than other kinds of memory, even some we use today, because it didn’t require power to operate and could survive in rugged environments like space and splashing down in the ocean. “Core memory is non-volatile storage – it can retain its contents indefinitely without power,” Hartmenn writes. “It is also relatively unaffected by EMP and radiation. These were important advantages for some applications like first generation industrial programmable controllers, military installations and vehicles like fighter aircraft, as well as spacecraft, and led to core being used for a number of years after availability of semiconductor MOS memory (MOSFET). For example, the Space Shuttle flight computers initially used core memory, which preserved the contents of memory even through the Challenger’s explosion and subsequent plunge into the sea in 1986.”

Core rope memory ended up being used commercially in products from companies such as Univac and Burroughs.

On the other hand, there are those who claim that the core rope method is so arcane it couldn’t actually work, and use that as proof that either the moon landing itself was faked or the technology was faked to keep it out of the hands of competing governments.

Maybe they just didn’t trust their little old ladies.

August 15, 2016  5:43 PM

Airlines’ Disaster Recovery Criticized After Outages

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Disaster Recovery

If you sell disaster recovery products and solutions, you have a big batch of potential new customers: Major U.S. airlines. Four airlines — Delta, Southwest, United, and American, which just happen to control 80 percent of all domestic travel in the U.S. — have suffered major outages in recent months that have been attributed to a lack of a proper disaster recovery plan.

In August, Delta customers suffered major delays because of…a power failure? “A power outage in Atlanta, which began at approximately 2:30 a.m. ET, has impacted Delta computer systems and operations worldwide, resulting in flight delays,” the company reportedly wrote on its blog at the time. “Following the power loss, some critical systems and network equipment didn’t switch over to Delta’s backup systems,” reported Kim Nash in the Wall Street Journal.

“How could a company as technologically savvy and mature with its business processes as Delta not have a working disaster recovery plan?” writes M.J. Shoer in Seacoast Online. “It’s a fair question and we are still waiting to learn the details. I can’t for a minute believe Delta does not have a disaster recovery plan to deal with an event like this, but it failed. That begs the question as to when it was last tested and how often this plan is reviewed, revised and retested.”

In July, “Southwest Airlines canceled more than 2,000 flights over several days after an outage that it blamed on a faulty network router,” write Alastair Jamieson, Shamar Walters, Kurt Chirbas and Gabe Gutierrez for NBC News. While the company had redundancies built into its equipment, they didn’t work, according to CEO Gary Kelly.  “A back-up system also failed, extending the outage. Ultimately the company had to replace the router and reboot 400 servers,” the company’s chief operating officer told Conor Shine of the Dallas Morning News.

Delta and Southwest aren’t alone. “Computer network outages have affected nearly all the major carriers in recent years,” writes David Koenig for the Associated Press. “After it combined IT systems with merger partner Continental, United suffered shutdowns on several days, most recently in 2015. American also experienced breakdowns in 2015, including technology problems that briefly stopped flights at its big hub airports in Dallas, Chicago and Miami.”


Altogether, thousands of flights were delayed, resulting in costs of millions of dollars. Southwest’s Kelly could even lose his job over the incident, after criticism from a number of employee unions.

“The meltdown highlights the vulnerability in Delta’s computer system, and raises questions about whether a recent wave of four U.S. airline mergers that created four large carriers controlling 85 percent of domestic capacity has built companies too large and too reliant on IT systems that date from the 1990s,” writes Susan Carey in the Wall Street Journal.

Moreover, it points to how vulnerable airlines are to terrorist attacks, writes Hugo Martin in the Los Angeles Times. In fact, at first, some even attributed Delta’s outage to a terrorist attack – maybe because it just seemed so unbelievable that an airline could be brought down by a power failure. But it’s happening.

So What’s Causing It?

“There have been several reservation system outages that have hit worldwide airline ops with distressing regularity over the past few years,” risk management specialist Robert Charette told Willie Jones of IEEE Spectrum. “Southwest Airlines had one just a few weeks ago. (It had another big one June of 2013 and another in October 2015.) What you’ll see in reviewing them is recurring problems with infrastructure (i.e., power, networks, routers, servers, etc.) that seem to keep surprising the airlines. In every case I can recall, there were backup systems in place, but they failed—another recurring theme. The Southwest CEO claimed that the last outage—caused by a router—was equivalent to a 1000-year flood. Not only was that a comical overstatement, but it also shows the thinking that is probably [leading to the airlines] skimping on contingency management preparations.”

Some have attributed the failures to too much consolidation in the airline industry and too much emphasis on efficiency. One study, Delivering the Benefits? Efficiencies and Airline Mergers, found that not only did mergers not save operational money, but often cost much more than expected – particularly in terms of integrating IT. Some have attributed Delta’s failure, in particular, to the retiring of its previous CIO, Theresa Wise – who merged the Delta and Northwest IT teams — in January.

“Is this a sign that airlines aren’t investing enough money in their IT infrastructure?” writes Adam Levine-Weinberg in The Motley Fool.

Airlines Aren’t Alone

On the other hand, airlines aren’t alone in having insufficient disaster recovery protection – just the most conspicuous. A survey – admittedly by a disaster recovery vendor – found that companies in general aren’t testing their disaster recovery systems enough. “When asked about how frequently they tested their DR environment, more than half of the respondents indicated that they tested less than once a year; even worse, a third said that they tested infrequently or never,” the survey found.

Airlines’ IT systems’ complexity makes it worse. “Since they are needed on a 24/7 basis, 365 days a year, it’s hard to fully test every potential scenario that could cause problems,” Levine-Weinberg  writes. “As a result, it may be impossible to fully eliminate large-scale IT outages across the airline industry.”

The biggest problem with this failure in disaster recovery? The computer networks and systems can be repaired. Disaster recovery plans can be created for the next time. But repairing customers’ trust may not be so easy.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: