Why the Apache Foundation should delist Accumulo, the NSA project

Excerpted from Tom Slee:

“The Apache Foundation hosts the Apache Accumulo project, which is a data storage and retrieval system for big data created by the NSA in 2008 and submitted to Apache in 2011. Derrick Harris at GigaOm describes Accumulo as “The technological linchpin to everything the NSA is doing from a data-analysis perspective”; it is probably part of the BoundlessInformant open source stack (see this presentation [PDF]) that stores and analyzes the Verizon FISA data.

The Apache Foundation ”provides support for the Apache community of open-source software projects, which provide software products for the public good.” It looks to me like Accumulo is outside that mandate.

The Apache Foundation may, because of its membership, be more open to pressure than other organizations involved in the NSA’s big data effort. Are there grounds for a campaign to pressure Apache into removing Accumulo from its list of projects?

There may also be questions about more general-purpose projects that complement Accumulo, like Apache Hadoop, Apache Zookeeper, and Apache Thrift, but these were not designed so specifically for the NSA’s data handling needs as Accumulo.”

How should we think about the role of Apache in the NSA surveillance scandal? Perhaps a good place to look is the work of respected open internet advocates like the OpenNet Initiative. So let’s do that.

A couple of years ago Helmin Noman and Jullian York of the OpenNet Initiative published a bulletin called West Censoring East: The Use of Western Technologies by Middle East Censors, 2010-2011. The bulletin documented network filtering of the internet by national governments, and “the use of American- and Canadian-made software for the purpose of government-level filtering in the Middle East and North Africa”. The goal of the report was to inform a “genuine discussion of the ethics and practice of providing national censorship technology and services”. Just to be clear, and for what little it is worth, the report seems admirable to me. The ethical stances it takes were reiterated by Rebecca MacKinnon when she wrote about it last year in her influential book “The Consent of the Networked”. What’s interesting now is to read the report, read the ethical stances it takes regarding the provision of services by Western companies to authoritarian actions by national governments, and apply those lessons to Apache and the NSA. The parallels are, I hope, obvious.

The report concludes that “Western companies are playing a role in the national politics of many countries around the world. By making their software available to the regimes, they are potentially taking sides against citizens and activists who are prevented from accessing and disseminating content thanks in part to filtering software.” The authors complain that “companies appear to have done little to curb the use of their tools–if not offering them outright for that purpose–for government-level censorship. These companies seem not to have adopted policies and procedures to safeguard freedom of expression in the event that states rather than parents and schools use their tools, as their products are being openly used by several state-run ISPs to limit what citizens can and cannot access online.” The final sentence states that “Such companies must recognize the role their tools play in the international landscape and set forth policies that protect Internet users’ right to free expression–or at least put them on record about the role that they play.”

The technologies that the companies are providing are general purpose technologies: almost everyone would agree that internet filtering technologies have valid uses by parents and schools, for example. It’s not the technology itself that is offensive, at least to anyone who is not happy with the idea of kindergarten kids stumbling across violent pornographic images. It’s the relationship between the companies and their customers: the companies are providing a service, knowing the use to which it is going to be put. The report expects companies to think about the use of their tools and to take action to prevent them being used in ways that curb freedoms. It expects companies to limit the use of their tools.

The role of Apache as the host of the NSA-initiated Accumulo project is directly parallel to the role of western companies providing filtering software that is used by authoritarian regimes to curb freedom of speech. So, in the light of the OpenNet report, how would the continued hosting of Accumulo look?

Is Apache providing a service to the NSA? Yes it is. Some people have been telling me that it’s not, or that it is but it’s unimportant. Both of which seem positively bizarre to me.”

Leave A Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.