Subscribe to our daily newsletter.
Subscribe

NSA, Yahoo deny mass email surveillance

National Security Agency Director Adm. Michael Rogers and Yahoo are both denying a Reuters report that the agency secretly ordered the company to search every incoming email, but the New York Times has confirmed important elements of the story.

“That would be illegal,” Rogers said Wednesday of the mass surveillance described in the Reuters article. “We don’t do that, and no court would ever grant us the authority to do that. We have to make a specific case. And what the court grants is specific authority for a specific period of time for a specific purpose. It’s not a blanket [authority, allowing us to search] just everything.”

Speaking at the Aspen Institute’s Cambridge Cyber Summit at MIT, Rogers called the Reuters article, which said special software was built by Yahoo engineers to scan incoming email for a specific character string, “a little speculative.”

“We have a legal framework in this nation,” Rogers said, “that enables the government … for specific reasons, under specific conditions, to make a case before a judge in which we’re able to show … that there is threat here to the United States associated with specific individuals and a judge grants, simplistically, authority for a specific purpose for a specific period of time to access data. And the court order is then given to the private sector to execute.”

The New York Times reported Wednesday afternoon that the character string was some kind of digital signature for “a communications method used by a state-sponsored, foreign terrorist organization.” It cited an anonymous government official, who said the secret order was issued by a judge on the Foreign Intelligence Surveillance Court, or FISC.

The Times reported that Yahoo engineers, rather than building a special system, modified existing software used to scan incoming email for spam, malware and images of child pornography. The company gave copies of any message containing the signature to the FBI, but the collection is no longer taking place.

The Times said that the scanning for child pornography was a requirement of federal law, and that the scanning for spam and malware was covered under under Yahoo’s terms of service. In fact, federal law requires only that email and other communications providers report to the National Center for Missing and Exploited Children if they “obtain actual knowledge” of child exploitation offenses. The law allows them to use digital signatures provided by the center to scan emails but doesn’t require it.

In a brief statement released earlier Wednesday, Yahoo called the Reuters story “misleading,” adding that they interpret government orders for user data “narrowly” so as to minimize the amount of data they have to disclose. “The mail scanning described in the article does not exist on our systems,” the statement concludes.

Several other large email and social media providers, including Facebook, Twitter, Google and Microsoft, have also issued carefully worded denials.

The denials, in part because of their careful wording, drew skepticism from privacy advocates. “Yahoo has a history of putting out carefully written, deceptive denials when it comes to NSA surveillance,” tweeted ACLU’s Chris Soghoian Wednesday.

“It’s shocking, post the Snowden revelations and the reforms that were trumpeted after that, to see this kind of mass [domestic] surveillance,” Alan Butler, senior counsel at the Electronic Privacy Information Center told CyberScoop Tuesday.

The Reuters story did not say what information the company handed over, what character string the government was searching for, or if any other email providers were slapped with similar government directives.

Section 702 surveillance

Section 702 of the 2008 FISA Amendments Act — the legal basis for the PRISM internet mass surveillance program revealed by NSA contractor Edward Snowden — gives the director of national intelligence and the attorney general the power, under an annually renewed mandate from the Foreign Intelligence Surveillance Court, or FISC, to issue secret directives to Internet companies to hand over customer data.

In 2011, according to a legal opinion declassified after the Snowden mega-leak, FISC presiding judge John D. Bates found certain aspects of  the 702 program “deficient on statutory and constitutional grounds.”

“Bates found that some methods [the government was using] were effectively searching too much domestic email traffic,” said Butler. “The program had to be changed,” so that it was essentially only searching for emails to and from certain addresses.

“Why was this [newly revealed Yahoo collection] allowed and that wasn’t?” asked Butler of the Bates opinion. “Well, the answer is we don’t know if it was allowed because the company never challenged it … Under 702, the court doesn’t get to look at the case unless the company challenges it,” he said.

The Yahoo directive is the first known instance of a company using special software to search its customers’ data for U.S. intelligence agencies. Under the PRISM program, the NSA combed internet traffic for communications to or from certain individuals, but that traffic was monitored on global internet pipelines or collected for further search.

That program “didn’t co-opt the email providers as an agent of the government” like the Yahoo special search software did, Butler pointed out.

Sen Ron Wyden, D-Ore., has long campaigned for the reform of section 702, which he has said “has a significant impact on Americans’ privacy.”

“The FISA court has publicly stated that tens of thousands of wholly domestic communications are caught up under 702 collection every year and that the potential number of Americans impacted is even larger than that,” Wyden told CyberScoop via email.

He said the new Yahoo revelations were especially disturbing because it was unclear what kind of search term was being used. Following the Bates judgment, the exact way search terms are deployed is clearly of constitutional significance, and the government ought to come clean about any changes.

“The NSA has said that it only targets individuals under Section 702 by searching for email addresses and similar identifiers,” Wyden said. “If that has changed, the executive branch has an obligation to notify the public.”

Reformers using sunset

Section 702 authorities were designed with a sunset and will expire at the end of 2017 unless Congress renews them, pointed out Andrew Crocker, a staff attorney with the Electronic Frontier Foundation.

This means that lawmakers who want to reform 702 don’t have to get a bill to the floor, they just have to wait for the reauthorization to be brought up.

“I hope that these revelations add fuel to the demands for reform,” said Crocker.

At the White House press briefing Wednesday, Spokesman Josh Earnest made a spirited defense of section 702, while not commenting on the Reuters story specifically.

“Collection under [the Foreign Intelligence Surveillance Act or] FISA is subject to rigorous oversight from all three branches of government,” he told reporters. “Under FISA, activity is narrowly focused on specific foreign intelligence targets and does not involve bulk collection or the use of generic key words or phrases.”

He added that U.S. agencies only eavesdrop email and other electronic communications “for national security purposes and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary people, and certainly not of law abiding American citizens.”

Nonetheless, critics have seized on the Yahoo revelations as ammunition to advance their efforts to reform the law.

Rep. Ted Poe, R-Texas, a member of the House Judiciary Committee told Morning Consult Wednesday that “We have the votes in Judiciary on a bipartisan basis to narrow 702 or eliminate it.”

“It’s pretty clear now that it’s just being abused by the NSA, and it may come to the point that we have to eliminate 702 completely if the NSA doesn’t quit abusing it,” Poe said. “The law right now doesn’t give them the authority to do the dragnet approach and collect all of these emails from a provider based on a certain word.”

A House Judiciary aide told Morning Consult that the committee will hold an oversight hearing on Section 702 either this year or in early 2017.

According to Reuters, the special search software was approved by Yahoo CEO Marissa Mayer after executives determined the company would lose a legal battle before the FISC.  Alex Stamos, Yahoo’s Chief Information Security Officer at the time, was not made aware of the custom search program, and resigned in May 2015.

The company lawyers might have had good reason to conclude they would lose, noted Butler. They had lost an earlier FISC challenge to internet mass surveillance powers in 2007-8. That case, known as In re: directives, could have drained company coffers, as the government asked for fines of $250,000 per day — doubling every week — for non-compliance with the secret surveillance order.

“The government pushed for crippling fines,” said Butler, adding that was important context to consider when assessing the company’s reaction to the 2015 order.

Nonetheless, Butler said he expected that “This [revelation] will get traction domestically … I think [officials] will struggle to explain why this [directive] doesn’t have exactly the problem that Judge Bates identified in 2011 … too much domestic communication being swept up and searched.”

The email bombshell comes during a delicate time for Yahoo. Last month, it was revealed that User details from more than 500 million Yahoo accounts— including names, birth dates and encrypted passwords — were stolen nearly two years ago. The company has blamed state-sponsored hackers.

Additionally, Verizon is in the process of acquiring Yahoo in a deal worth around $4.8 million.

Verizon declined comment on the Reuters report.

Board calls for Pentagon chief innovation officer position

It’s not that there’s no innovation in the Defense Department — it’s just dispersed in disconnected pockets, making meaningful action on good ideas a formidable challenge, the newly launched Defense Innovation Board reported Wednesday.

That’s the general consensus of the board, which Secretary Ash Carter handpicked earlier this year to advise him where he should focus Pentagon resources to facilitate a more innovative and modern Defense Department. And to help reduce those siloes of innovation, the board — led by Eric Schmidt, executive chairman of Alphabet Inc. and former Google CEO — recommended foremost that DOD create a secretary-appointed chief innovation officer position.

“There are pockets, both large and small, of innovation activities within the department,” said board member Cass Sunstein, a professor at Harvard Law School. “They’re extremely impressive.” 

However, Sunstein added, “Sharing of best practices and coordination of excellent ideas is less than ideal.” 

A chief innovation officer, the board believes, would provide the coordination to connect the innovative ideas hidden deep within the massive department.

“The idea here would be that there would be a resource, a sharing of ideas, and an effort to spread the best thinking from one part of the department to another,” he said, recommending also the creation of a DOD innovation network that allows personnel to “to float ideas, to create suggestions, to make them go from one place where they’re actually working to another” — all of which could be done in the near future.

The board is still getting up to speed, with many members — like astrophysicist Neil deGrasse Tyson and Code for America founder Jennifer Pahlka, among others — who were only certified days prior to Wednesday’s meeting. Carter also selected technology author and journalist Walter Isaacson, LinkedIn co-founder Reid Hoffman, and University of Texas Chancellor William McRaven as members of the board, along with Schmidt, earlier this year.

The group presented a handful of interim recommendations it developed in listening sessions in recent months across DOD, its agencies and the services.

From that, Schmidt said, the board learned “there’s lots of ideas, but there’s not a process for taking those ideas and making them into a scalable innovation culture. That’s from my perspective what needs to be addressed.” 

He added there are “things that are maybe not being done in the DOD today or are new ideas, or ideas that might be important in the future, might not have occurred, or might not have enough political currency within the bureaucracy.”

The need to recruit talented computer scientists, engineers and cybersecurity experts was common refrain in the recommendations of the 15-member board, which features several renowned academics. It notably pitched the idea of creating a “digital ROTC program” in which the department would pay for college students’ tuition in computer science fields in return for their eventual service. 

Addressing the apparent budgetary concerns such a program would create, Instagram COO Marne Levin rebutted, “One only has to think of the high cost of cyberattacks to understand the value of such an investment.” 

The board also believes DOD could improve its information security, particularly around weapons systems, by enlisting the U.S. Cyber Command and NSA to perform ongoing analyses of its systems, rather than relying on the firewall to do its job. 

From visits to weapons systems facilities like those at Nellis Air Force Base in Nevada, board member Milo Medin, vice president access services at Google Capital, observed that “their testing functionality is not like the testing that we do on the software systems at Alphabet and Silicon Valley companies in general, especially when it comes to security and vulnerability analysis.” 

“The units we visited are excellent,” he said. “But they’re not really equipped to do this kind of innovation.” 

Elsewhere, the board recommended:

If these recommendations sit well, “over 2017 the idea would be to get the ideas out…and then have us monitor whether they’re actually happening or not,” Schmidt said. “In other words, is the change actually occurring, are the ideas taking fruit, is the leadership happy with the products of what we’ve done?”    

Secretary Carter, in his opening remarks, expressed his pleasure in the board’s agility to offer its interim findings with such a quick turnaround. “I’m pleased that, rather than just going off and returning with a several hundred-page report, you’re here today to share these early findings with me and the public, and to solicit feedback as you begin your work,” he said.

“The Defense Innovation Board may not operate exactly like the other advisory boards we have here at DoD, and that’s okay,” Carter said. “After all, we have to be willing to do things a little bit differently if we’re going to succeed in this mission.”

Schmidt said this novel way of thinking — novel at least for the Defense Department — is important in advancing its mission and maintaining its military dominance internationally. 

“The DOD mission is important; it’s very serious business,” he said. “I think we all believe an outside perspective would be beneficial, and we’ve set out to try to make some recommendations that might improve, from our perspective based on ideas from outside the Pentagon, how innovation occurs.”

NIST study warns on cyber ‘security fatigue’

A majority of computer users suffer from “security fatigue” — a weariness of or reluctance to engage with cybersecurity — that leads them into risky behavior online, according to a new study by government scientists.

“We weren’t even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data,” said study co-author Mary Theofanos, a computer scientist at the National Institute for Standards and Technology.

“Years ago, you had one password to keep up with at work,” she said in a NIST blog post Tuesday. “Now people are being asked to remember 25 or 30. We haven’t really thought about cybersecurity expanding and what it has done to people.”

The study — out this week in IT Professional, a journal published by the prestigious Institute of Electrical and Electronics Engineers — draws on interviews with 40 computer users carried out under a “semistructured” protocol, meaning the participants were all asked the same open-ended questions.

“Interview questions addressed online activities; computer security perceptions; and the knowledge and use of security icons, tools, and terminology,” the researchers said.

The answers were analyzed using qualitative techniques rather than statistical ones, meaning researchers studied the language used by respondents rather than just counting how many gave which answers. Therefore, although the interviewees ranged in age from their 20s to their 60s, lived in urban, suburban and rural areas, and held a variety of jobs, they are not mathematically representative of the U.S. population as a whole, and the study is not statistically valid.

Nonetheless, the authors note that, although there were no questions asked about security fatigue, more than half of respondents reported feeling “overwhelmed and bombarded, and they got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues.”

“Resignation and loss of control”

The multidisciplinary team of researchers — three from NIST and one independent — found that users’ weariness led to feelings of “resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue.” In turn, that made them prone to “avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules” both at work and in their personal online activities including banking and shopping.

Some responses highlighted by the study’s authors as typical include:

Respondents also expressed skepticism that they would ever be targeted by hackers. “The data showed that many interviewees did not feel important enough for anyone to want to take their information, nor did they know anyone who had ever been hacked,” states the blog post.

Policy implications

Calling the findings, “critical,” cognitive psychologist and study co-author Brian Stanton said, “If people can’t use security, they are not going to, and then we and our nation won’t be secure.”

The study suggests three ways employers and service providers can try to alleviate security fatigue and “help users maintain secure online habits and behavior.” They are:

The blog post says the researchers will continue their work, and will next interview additional professional computer users “of varying levels of responsibility, including cybersecurity professionals; mid-level employees with responsibilities to protect personally identifiable information in fields such as health care, finance and education; and workers who use computers but for whom security is not their primary responsibility.

USPS unveils 5 potential smart city projects

Against the rise of email, chat and the quick pace of the internet, the U.S. Postal Service is trying to reinvent itself and stay relevant in the digital age.

In a Sept. 26 report from USPS Office of Inspector General, the mail carrier unveiled five smart city pilot projects. They include a pothole detection network, sensors that detect the structural safety of bridges, air quality monitoring, notifications for leaking pipes and blight tracking.

These experiments are a way for USPS to investigate alternative uses for its vast fleet of carrier vehicles and facilities, that while still necessary, have seen a dramatic declines in usage. This decline contributes decline in annual operating revenues, including an overall budget drop from $72.7 billion in 2006 to $68.8 billion in 2015.

Even so, the ambition is for USPS to evolve into a smart city provider, one that might one day draw fresh dollars from cities, states, or federal agencies who wish to leverage USPS’ suite of innovative technologies and vast logistical resources. The organization boasts more than 211,000 delivery vehicles, covers 152.9 million delivery spots, has 172,000 collection boxes and 35,000-plus retail facilities. All of these might be repurposed to aid cities who can’t always afford smart city and Internet of Things infrastructure costs.

“The U.S. Postal Service, with its ubiquitous physical network, could provide cities with an unparalleled means to collect the data that can be used for smart city initiatives,” the USPS report reads.

A look into the projects shows the pilots, if green-lighted, will use USPS fleets and touch seven different cities.

In Pittsburgh, a city slated for two of the projects, officials seek to identify cracks in the roads before they become costly potholes. To do this, USPS is collaborating with researchers at Carnegie Mellon University that have created software to detect surface cracks and potholes via a video camera mounted to the windshield. Data is uploaded to the cloud once a vehicle nears a Wi-Fi hotspot.

Pittsburgh is coupling this project with another meant to sense vibration in bridges. While not easily visible, the issue of bridge safety is sizable problem in the U.S. and the American Society of Civil Engineers have classified more than 65,000 bridges across the U.S. as “structurally deficient.” With support from Carnegie Mellon, the USPS would equip vehicles with accelerometers, devices that would read vibration levels in the city’s bridges and report deficiencies to inspectors.

A third project, in Maryland, is all about curtailing water waste. In partnership with the Innovation Office of Montgomery County, Md., the USPS has proposed a beacon and relay system that would affix moisture sensors to water pipes in the ground to communicate leaks to county utility services. Each time a carrier vehicle passes within about 30 yards of a sensor, the data alerts would be transmitted, then relayed through the delivery truck to utility managers.

“Any abnormality would create an automatic alert so that repairs could be made quickly,” the report reads.

For the New York cities of Schenectady, Troy, Gloversville and Amsterdam, USPS is working on a blight tracking system that leverages both analytics and delivery staff. The idea is to turn mail delivery workers into impromptu code inspectors by giving them a mobile app that could note disrepair in homes.

The last project, based in Portland, Ore., will place air quality sensors in the USPS vehicles to sketch a map of air conditions with geotagged data. Portland has already invested $100,000 in two monitoring stations that detect pollutants along a 12-mile corridor and this project would further expand its coverage.

Jason Shueh is the tech editor of StateScoop. 

Senate staffer: Lawmakers still skeptical of DIUx

Despite the Defense Innovation Unit Experimental’s recent overhaul to add a new director and new authorities, Congress still has its doubts about the Pentagon startup’s effectiveness, one Senate staffer said Tuesday.

Anish Goel, a professional staff member for the Senate Armed Services Committee, said during a panel discussion Tuesday that Congress is still not convinced that DIUx is going to solve the DOD’s problems acquiring innovative technologies.

“The original concept of DIUx was to find companies who were doing sort of groundbreaking technology and marry them up with other organizations in the DOD who need that sort of technology,” Goel said. “But from our perspective the problem before was not that these companies didn’t know what the needs were in DOD; it’s that they didn’t want to work with them because of all of the rules that go along with working with DOD.”

Goel outlined several common problems working with the Defense Department, like the time it takes, the strings attached and the rules companies have to follow.

“So unless you fix all that other stuff in terms of acquisition and contracting…How is DIUx really contributing to that problem?” Goel said. “Having a dating service really is not the problem in our mind.”

Driving innovation through leveraging government laboratories

Goel noted that many of the problems in acquisition “are the fault of Congress over the last 30 years,” but legislators are working to address some acquisition reform in the National Defense Authorization Act for fiscal year 2017 currently working its way through Congress, he said.

In particular, Goel highlighted a pilot program the NDAA create “to demonstrate methods for the more effective development of research, development, test and evaluation functions.”

Laboratory directors selected for the pilot would have the authority to waive any DOD regulations or rules that would hinder that mission.

The theory, Goel said, is that government can foster innovation by letting laboratory leaders hire who they want and work with whom they want, and give them more flexibility in general.

Goel touted the work being done in government labs, but knocked DIUx’s hyper-focus on Silicon Valley.

“The secretary of defense is very fond of going out into the region and saying ‘this is where we’re going to find innovation, this is where we’re going to find new technologies,’ ignoring the fact that to get to San Francisco he flew over all the labs… and ignored all the great work that’s being done sort of in the defense research enterprise,” Goel said.

He noted: “It leaves us thinking: does the secretary of defense actually know what’s going on inside the Department of Defense in terms of research and innovation?”

DIUx has been chastised before for focusing too much on Silicon Valley, and the program has since added hubs in Boston and Austin, Texas.

[Read more: DIUx expands to Austin, Texas]

When he asked why government wasn’t doing more to leverage the work going on in national laboratories, fellow panelist Melissa Flagg, deputy assistant secretary of defense for research, said, “we are, we are.”

Goel mentioned the recent upgrades to DIUx, noting the new contracting authorities DIUx is now using.

“Our thinking is, well why can’t all these other programs be free of those regulations too?” Goel said. “Why is it only DIUx that gets to have special authorities and gets to have these special acquisition [authorities]… Why can’t we just extend that to all of the Department of Defense?”

Raj Shah, director of Defense Innovation Unit Experimental, noted in a panel discussion Wednesday at the AUSA 2016 conference that contrary to Goel’s statements, the commercial solutions opening authorities DIUx is using to speed up acquisition are not uniquely granted to the program but to the whole department. 

Goel also said Congress is still wondering how DIUx is any different from other programs designed to drive innovation in agencies, and specifically for the DOD.

All of the questions about DIUx, Goel said, “have heretofore remained unanswered.”

Could In-Q-Tel’s model be applied in other agencies?

The Tuesday panel hosted by SRI International also addressed the possibility of developing an In-Q-Tel-like program in other agencies. 

Flagg noted the Defense Department has tried to set up organizations like it for their work, and “they’ve always been deemed illegal eventually, and we’ve been told that we have to shut them down.”

“We’ve just had a more stringent oversight at DOD than perhaps the intelligence community enjoys,” Flagg quipped.

Goel said he thinks an In-Q-Tel-like program “would be beneficial for the Department of Defense.”

But as for DOD using In-Q-Tel directly, Goel was skeptical.

“I don’t know that In-Q-Tel is the most appropriate company for the Department of Defense. So an In-Q-Tel-like firm, I think, sounds great, but up on the Hill we’ve gotten very little explanation for why In-Q-Tel for Department of Defense,” Goel said.

He added that “the little explanation that we’ve gotten is that, ‘well yeah the CIA uses it so we’re going to use it too.’ And that makes me a little skeptical.”

Panelist Eric Chen, founder and early-stage investor for Uj Ventures, said he thought In-Q-Tel has been successful thus far.

“In-Q-Tel has been pretty successful I think, from the people I’ve talk to who used to work there, the venture investors who used to run In-Q-Tel, in at least seeing what’s out there and seeing the right companies that are strategic for their mission,” he said.

NSA contractor arrested, charged with stealing top-secret info

The FBI secretly arrested a Booz Allen Hamilton contractor in August on suspicion of stealing tools used by the National Security Agency to break into foreign governments.

Harold Thomas Martin III, age 51, of Glen Burnie, Md., has been charged with theft of government property and unauthorized removal and retention of classified materials by a government employee or contractor.

The New York Times first reported the arrest.

Authorities raided Martin’s house on Aug. 29 to find documents and digital information stored on various devices and removable digital media. A large percentage of the materials recovered from Martin’s residence and vehicle indicated the info was highly classified government information, including Top Secret and Sensitive Compartmented Information.

In addition, investigators located property of the United States with an aggregate value in excess of $1,000, which Martin allegedly stole.

It’s unclear exactly what information Martin was found to possess, but the arrest lines up shortly after the disclosure of exploits supposedly stolen from an elite team of NSA-affiliated hackers.

This story will be updated.

GSA revamps IT contract matching tool

The General Service Administration recently gave a major facelift to one of its most popular tools that helps match customers with IT acquisition vehicles that best fit their needs.

GSA launched a revamped IT Solutions Navigator that not only looks a lot nicer but also makes it easier for acquisition professionals to choose from the agency’s expanse of IT acquisition offerings, Mary Davie, assistant commissioner of GSA’s Office of Integrated Technology Services, announced in a blog post Wednesday. 

“We just made it a whole lot easier for agencies to select the best acquisition solution to meet their unique requirements from GSA’s broad array of IT offerings,” Davie wrote. GSA’s array of IT offerings can otherwise be a bit overwhelming to the unfamiliar. 

In addition to simplifying the user experience of navigating and selecting solutions on the enhanced tool — to which many current users gave thumbs up during a summer usability testing session — GSA also optimized search results, increased best option identification via the National Customer Support Center Live Chat and made it more mobile-friendly.  

Essentially, the tool in its latest form — it was originally launched in 2013 — walks a potential IT buyer through the step-by-step process of narrowing in on a GSA IT contract that best fits their needs in an acquisition.  

“The IT Solutions Navigator solves an immediate need for an automated decision support tool to help agencies narrow down the choices of acquisition solutions available through GSA IT contracts based on their own unique criteria,” Davie wrote.

VA moves to USDA financial shared services

The Department of Veterans Affairs will begin using the Agriculture Department’s financial management IT shared services to replace its own existing systems, the department announced Tuesday.

USDA is one of the leading federal shared services providers, offering two financial services — the Pegasys Financial Services program, which supports CGI’s Momentum product, and the Financial Management Services program, which supports SAP’s core financial system — out of its National Finance Center. 

USDA is one of four federal financial shared services providers, along with the departments of Interior, Treasury and Transportation.

Moving to shared services allows agencies to focus more on their mission rather than maintaining their exisiting IT systems or having to plan and implement the costly move to modernized systems, especially when such a service is not in the agency’s expertise. 

“The Department followed a rigorous process in selecting USDA,” interim CFO Edward Murray said in a statement. “Demonstrating a truly integrated decision-making process, subject matter experts across VA participated in intense week-long workshops and provided feedback to ensure we selected the right partner for transformation success.”

USDA says it supports 29 organizations through its FMS program and 40 under the PFS program. 

“As a top FY17 VA priority, this effort will increase the transparency, accuracy, timeliness and reliability of VA’s financial information,” Deputy Secretary Sloan Gibson said. “It’s critical that VA continues to implement solutions that result in improved care and services to our Veterans with fiscal accountability to American taxpayers.”

VA did not return FedScoop’s requests for comment. 

Yahoo built special program for U.S. spies to sift through email

Yahoo allowed U.S. intelligence agencies to access user emails via a special program built in secret by company engineers, according to a Reuters report.

The tech giant complied with a directive from the U.S. government in 2015 that allowed the National Security Agency and Federal Bureau of Investigation to scan hundreds of millions of emails for a certain string of characters, according to three sources Reuters spoke with.

It is not known what information the company handed over, what characters the government was searching for, or if any other email providers were approached with the same government directive.

The claim would be the first known instance of a U.S. company combing through its traffic at the behest of a U.S. intelligence agency. Documents leaked by former NSA contractor Edward Snowden have shown the agency has combed internet traffic for certain terms, but the traffic was monitored on global internet pipelines or collected for further search.

According to Reuters, the special search was approved by Yahoo CEO Marissa Mayer after executives determined the company would lose a legal battle over an order from the Foreign Intelligence Surveillance Court.  Alex Stamos, Yahoo’s CISO at the time, was not made aware of the custom search program, and resigned in May 2015.

The email bombshell comes during a delicate time for Yahoo. Last month, it was revealed that User details from more than 500 million Yahoo accounts — including names, birth dates and encrypted passwords — were stolen nearly two years ago. The company has blamed state-sponsored hackers.

Additionally, Verizon is in the process of acquiring Yahoo in a deal worth around $4.8 million.

Verizon declined comment on the Reuters report.

With new NOAA satellite will come enhanced weather data

The National Oceanic and Atmospheric Administration’s new satellite is scheduled to launch in a month, providing an upgrade officials say will offer more frequent and better data than its predecessors.

The satellite, GOES-R, will provide faster and more accurate weather forecasting and warnings, Stephen Volz, NOAA’s assistant administrator for satellite and information services, told reporters Tuesday. He said its data will give local officials more time to make decisions on evacuating communities during extreme weather events, such as hurricanes.

“Without a doubt, the GOES-R will revolutionize weather forecasting as we know it,” Volz said. “For weather forecasters, GOES-R is like going from black and white television to super-high-definition TV.”

The new satellite will have four-times greater image resolution, making it easier for forecasters to see finer features, said Greg Mandt, NOAA’s GOES-R program manager. And the new satellite will be five-times faster, Mandt said, scanning from the North Pole to the South Pole in about five minutes.

“In addition, it’ll have the ability to zoom in on a specific storm, like a tornado… or a hurricane, and look at it every thirty seconds, thereby revolutionizing our ability to forecast weather in near-real time,” Mandt said.

Louis Uccellini, director of NOAA’s National Weather Service, said the team is excited about receiving data of the continental U.S. in five-minute intervals and having the option to receive data for specific events, among other advances.

Mandt agreed: “We’re getting the data to the weather forecasters so fast, their comments to me is that ‘Greg, instead of seeing what has happened you are providing data in real time, so we’re really watching what’s happening right now,’” he said. “So the excitement is really building out in the weather service community.”

Uccellini said NOAA has been doing prep work and testing algorithms to make sure it is ready to take advantage of the massive amounts of data that the new satellite will bring.

“GOES-R is a major step forward in our efforts to build a weather-ready nation,” Uccellini said. “By advancing our observation capabilities to this extraordinary level, we will able to offer… new and improved forecasts and warnings and related services from the sun to the sea to help save lives and property.”

The satellite launches Nov. 4 for testing, before becoming fully operational later on, Mandt said.

NOAA decided last year to delay the launch of GOES-R from March to October 2016, which the Government Accountability Office said “was due to poor schedule performance over the last few years (losing more than 10 days a month on average), recent technical issues with key components and little schedule margin as the program entered integration testing.”