Stop asking for Amazon, Google and Microsoft cloud with 'no justification': US Library of Congress told to drop its 'brand-name'-tastic RFP

Oracle wins protest after agency failed to get it kicked out for not being a reseller

In a decision [PDF] issued yesterday, a US public watchdog said the Library of Congress needs to stop asking contractors to supply brand-name-only commercial stuff for a five-year $150m cloud hosting contract.

Congress's library, which is a federal agency, had required that suppliers must offer Amazon, Google and Microsoft products - crucially, without providing any justification - to qualify for the $150m job lot, an indefinite-delivery, indefinite-quantity (IDIQ) contract.

The Library's IDIQ was published on 1 May, 2020 and Oracle and Big Red systems integrator Mythics filed their protests against it on June 1. The request for proposal (original here), according to the Government Accountability Office (GAO) decision, identified:

"[T]he name-brand products of three cloud services providers, Amazon Web Services, Google Cloud Platform and Microsoft Azure, and requires offerors to provide pricing for an enumerated list of 13 products or services available from these three firms."

The research library where Congresscritters and the American public alike can pore over bill texts - and whose librarian also selects first editions of important American cultural artefacts like The Godfather and seminal NWA album Straight Outta Compton - was said to have breached the Federal Acquisition Regulation (FAR - PDF) by insisting on brand name cloud.

The GAO found the library's emphasis on contractors' ability to provide specific commercial tech products was "unduly restrictive of competition", with the FAR regulations being meant to promote it.

The decision said "the FAR mandates that agencies include restrictive provisions only to the extent necessary to satisfy actual requirements".

We're 'soliciting cloud services through resellers' - are you a reseller?

The GAO was not persuaded by the LoC's earlier proposed amendments to its RFP, nor was it minded to accept the agency's attempt to get the Oracle protest (but not the Mythics one) dismissed because it was soliciting cloud services "through resellers (such as Mythics) as opposed to the actual cloud service providers (such as Oracle)".

It also failed to get the protests dismissed due to "corrective action" the Library proposed to make, with the GAO saying its proposals were "vague". Among other changes, the agency had offered to "modify the RFP to remove all references to brand names in connection with its requirement for IaaS" but said it would "continue to solicit its requirement for SaaS on a brand-name basis from Microsoft", which the GAO didn't think was adequate.

In its decision, the GAO noted:

These contracts, as modified, required the prime vendor contractors--private concerns rather than government agencies--to populate the master list with supplies that were selected by them, rather than with supplies that had been selected by the VA through, for example, the conduct of a competition to provide particular supplies...

The Library was told it could either rejig the RFP so it met FAR requirements - and give offerors the chance to respond to the revised document - or it could use the RFP "as issued", but then generate a few more reams of documentation from the Library "to support such a decision".

The GAO also recommended the LoC cough for Oracle's and Mythics' legal costs. Their lawyers will have 60 days to detail what those are - though you don't need verified name-brand software to figure out they totted up the sum ages ago. ®

Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022