Is NSA's Accumulo open source or Google knock-off?
- By Kathleen Hickey
- Jul 20, 2012
A new bill on Capitol Hill could have far reaching implications for government use and development of open source platforms – potentially requiring all open source projects to “prove adequate industry support and diversification.”
S. 3254, the 2013 National Defense Authorization Act, would bar the Department of Defense from using the National Security Agency’s Accumulo open source software platform after September 30, 2013, unless the DOD’s CIO can demonstrate either the software’s industry success and uniqueness or that there are no viable commercial open source alternatives, according to a report from Wired.
NSA's open-source project aims for secure, large-scale storage
Further, the bill requires NSA to support and provide technical assistance to developers of the Apache Foundation’s HBase and Cassandra open source platforms -- as well as and similar platforms -- so that they can integrate the security features of Accumulo.
NSA's Accumulo is a more secure version of Google’s BigTable, the foundation of many of Google’s online services and runs across tens of thousands of computer services. It is one of many open source systems that seeks to mimic Google’s infrastructure – including HBase and Cassandra.
But what makes Accumulo unique is that it tags each data cell with a label, allowing access to data while restricting access to other information that is protected by policy rules. And because Accumulo has a distributed design that can run across multiple servers, it could be used with large systems, rather than spread information across a range of disparate databases that must be accessed separately.
NSA created the software, backed by the Apache Software Foundation, by reverse-engineering Google’s BigTable. The agency released the code to the public in September because it believed the software would be of interest to “government, health care and other industries where privacy is a concern,” according to the original proposal. The software is already in use at NSA.
Gunnar Hellekson, chief technology strategist in U.S. Public Sector group at Red Hat, sees potentially dangerous ramifications ahead if the bill is approved. In his blog, he questions whether Congress is overstepping its bounds, unnecessarily requiring legislation where none is needed and that could limit development of further open-source projects.
Hellekson believes Accumulo, when it was written, added unique core concepts, such as the cell-level security, he told Wired. “That’s an incredibly important feature, and to do it properly is incredibly complicated,” he said.
In his blog, Hellekson also noted that, historically, government projects have helped the private sector and that open source is an excellent tool for developing new technologies and ensuring that they are widely available to the government and private sector.
Since it has already been released to the public, it has now become just like any other commercial software “and can win or lose on its merits,” said Hellekson.
Kathleen Hickey is a freelance writer for GCN.