Today’s rumor of presidential overreach starts at the National Legal and Policy Center and the Drudge Report, which has launched a slew of e-mails about official spying on social-networking sites. The NLPC found an RFP from FedBizOpps, the site that publishes all opportunities to do business with the federal government, that offers a contract for a company to collate data from the Internet. Is Big Brother upon us?
NLPC has uncovered a plan by the White House New Media operation to hire a technology vendor to conduct a massive, secret effort to harvest personal information on millions of Americans from social networking websites.
The information to be captured includes comments, tag lines, emails, audio, and video. The targeted sites include Facebook, Twitter, MySpace, YouTube, Flickr and others – any space where the White House “maintains a presence.”
In the course of investigating procurement by the White House New Media office, NLPC discovered a 51-page solicitation of bids that was filed on Friday, August 21, 2009. Filed as Solicitation # WHO-S-09-0003, it is posted at FedBizzOps.com. Click here to download a 51-page pdf of the solicitation.
While the solicitation specifies a 12-month contract, it allows for seven one-year extensions. It specifies no dollar cap.
I’m not sure that highlighting a public contract offer amounts to “uncovering” a conspiracy, especially since their analysis turns out to be faulty. Contrary to NLPC’s take, the contractor would be collecting data required to be kept by the White House — by law. The RFP’s language is a bit dry but perfectly clear:
The purpose of this Statement of Objectives (SOO) is to obtain the necessary services to ensure that content published by the Executive Office of the President (EOP) on publicly-accessible web sites is archived in accordance with the Presidential Records Act (PRA), that information posted on publicly-accessible web sites where the EOP maintains a presence is archived in accordance with the PRA, and that all archived information is securely stored and provided to the National Archives and Records Administration (NARA) for historical preservation, in accordance with the PRA.
The contractor shall provide the necessary services to capture, store, extract to approved formats, and transfer content published by EOP on publicly-accessible web sites, along with information posted by non-EOP persons on publicly-accessible web sites where the EOP offices under PRA maintains a presence, throughout the term of the contract. The contractor shall if possible, capture, store, extract to approved formats, and transfer content published by EOP on non-public websites. The contractor shall include in the information posted by non-EOP persons on publicly-accessible web sites where the EOP maintains a presence both comments posted on pages created by EOP and messages sent to EOP accounts on those web sites. Publicly-accessible sites may include, but are not limited to social networking sites. The contractor shall provide a user-friendly way of organizing and searching captured information. The contractor shall properly transfer the captured information, as identified by EOP, to NARA in an acceptable format for both preservation in NARA’s Electronic Records Archive and presentation at the future Presidential Library. The Contractor shall provide a method to separate content posted by other EOP component offices as required.
The Presidential Records Act (PRA) essentially requires each administration to keep every pixel and keystroke ever published for later review by Congress or investigators, in case illegal activity takes place. We have seen this invoked ex post facto to the Clinton and Bush administrations, in the latter over e-mails sent and received outside the White House mail system. At that time, legal experts and investigators insisted that everything produced by an administration for anything remotely concerning official business had to be archived within the EOP.
A more careful reading of this RFP shows that to be the project. The contract directs the contractor to archive the “information posted on publicly-accessible web sites where the EOP maintains a presence“, including social networking sites like MySpace, Twitter, and so on. It doesn’t call for everything on those networks to be archived, but only “information posted by non-EOP persons on publicly-accessible web sites where the EOP maintains a presence[,] both comments posted on pages created by EOP and messages sent to EOP accounts on those web sites.” In other words, the archiving will include interaction on EOP websites and pages, but not anything else.
The reason this has seven potential one-year follow-ons is because the administration has to do this constantly through its term in office. They may only need three follow-ons, if we’re lucky. The White House has presumably set this up as a yearly contract to ensure good performance, ie, to keep the contractor’s feet to the fire. The EOP has to comply with the PRA at all times, regardless of the money involved. I’m a little surprised they’re going with a fixed-price bid rather than cost-plus, as I’m not sure anyone will have a good handle on how much this will all cost.
Which brings us to the common-sense check on the rumor. How much time and resources would it take to effectively monitor every entry on Twitter, MySpace, Facebook, and every blog in the blogosphere? And to do that secretly, while archiving all of it? The NSA would have to take that on full time, and even then … best of luck just keeping up with the archiving, let alone surveillance.
If the PRA really requires all of the effort this RFP details, maybe it’s time to revisit it. But this is nothing more than a big, pointless archiving project, one which may stimulate the economy of a handful of people, but otherwise inconsequential. There are a lot of good reasons to be worried about the Obama administration, but this doesn’t appear to be one of them.
Update: Yid with Lid was concerned about paragraph 12.1, Restriction against Disclosure, which he thought meant that the entire program was secret:
12.1 Restriction Against Disclosure
12.1.2 The Contractor agrees, in the performance of this task order, to keep the information disclosed to the Contractor, or information contained in the source documents furnished by the EOP or otherwise obtained in the course of its employment in the strictest confidence, said information being the sole property of the EOP. The Contractor also agrees not to publish, reproduce or otherwise divulge such information, in whole or in part, in any manner or form, nor authorize or permit others to do so, taking reasonable measures as are necessary to restrict access to the information, while in his or her possession, to those employees who must have the information to perform the work provided herein on a ―need-to-know‖ basis, and agrees to immediately notify the Contracting Officer in writing in the event the Contractor determines, or has reason to suspect, a breach of this requirement. The Contractor is responsible for ensuring all employees involved in the performance of this task order sign a ―Non-Disclosure Agreement‖ (See Attachment 1). The Contractor shall provide an original copy of each signed statement to the Contracting Officer prior to each employee beginning work.
Having been involved in government contracting in the past, I recognize this as standard boilerplate. Note that the paragraph doesn’t say that the entire program will be kept secret; it says that the contractor is not free to disseminate information provided to it by the EOP in the course of the program. Nothing in this document even suggests that the program will have a security classification. You’ll see language like this in every government contract, and many if not most private contracts as well.
Stop the ACLU may have a point about ACLU hypocrisy, but considering how badly this got overblown, I’m not sure it sticks.