Original URL: https://www.theregister.com/2010/09/24/cia_netezza/

CIA used 'illegal, inaccurate code to target kill drones'

'They want to kill people with software that doesn't work'

By Christopher Williams

Posted in Channel, 24th September 2010 11:12 GMT

The CIA is implicated in a court case in which it's claimed it used an illegal, inaccurate software "hack" to direct secret assassination drones in central Asia.

The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA's clandestine war against senior jihadis in Afganistan and Pakistan.

The dispute surrounds a location analysis software package - "Geospatial" - developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline.

The Predator B

When the software firm then refused to rush the job, it's claimed, Netezza illegally and hastily reverse-engineered IISi's code to deliver a version that produced locations inaccurate by up to 13 metres. Despite knowing about the miscalculations, the CIA accepted the software, court submissions indicate.

IISi is now seeking an injunction to ban Netezza and the CIA from using the software or any derivative of it, in any context.

The relationship between the two firms dates back to 2006, when IISi signed up to resell Netezza data warehousing kit combined with Geospatial.

The code allows users, for example, "to incorporate and cross-reference vast amounts of business data with geographic location within the same database, and enable events (such as... a cell phone signal moving from one tower to another) to be matched with personal characteristics in the database (such as... the identity of the person whose cell phone signal has moved from one tower to another)", according to IISi's court filings.

Such techniques - quickly combining intelligence with live mobile phone surveillance from the air - are reportedly central to the CIA's targeting of missile strikes by unmanned aircraft.

They want to kill people with my software that doesn't work

The partnership between the two firms strengthened, and in August 2008 Netezza acquired exclusive rights to distribute Geospatial, alongside its NPS hardware. By August last year, Netezza was starting to promote its next generation appliance, TwinFin. Whereas NPS was based on IBM's Power PC chip architecture, the TwinFin relies on cheaper x86 silicon. As a result, Geospatial would not run on the new gear.

Nevertheless, Netezza sales staff sold Geospatial running on TwinFin to a "US government customer", which later turned out to be the CIA. The purchase order, totalling $1.18m, via an obscure Virginia IT consultancy, came through on 11 September last year. This despite - as claimed in IISi court documents - that the software product referred to on the order "in fact did not exist".

Up to this point IISi had done little work porting Geospatial, as its engineers had not had physical access to a TwinFin. Indeed, the agreement between the two firms did not require IISi to support the new machines - a fact confirmed last month by a Boston judge - but it agreed to begin the process in September 2009.

Netezza supplied the software firm with TwinFin hardware on 1 October. Within a week, Richard Zimmerman, IISi's CTO reported that porting Geospatial was "proving fraught with difficulties" and would take at least two months.

Two days later, on 9 October, the relationship took a strange turn. Jon Shepherd, Netezza's "general manager, location-based solutions" called Zimmerman to pressure him to deliver the code quicker, court documents say.

"He basically told me the CIA... wanted to use [Geospatial] to target Predator drones in Afganistan and that, quote/unquote, it was our patriotic duty to work with them to get [Geospatial] ported to the TwinFin as fast as possible and that we need to have a phone conversation the next day to discuss that," Zimmerman said in a sworn deposition to the court.

"Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

During a conference call the next day, Netezza CEO Jim Baum repeated Shepherd's claims that national security demanded IISi's help, according to the deposition. Shepherd suggested the CIA would accept untested code in chunks, Zimmerman said.

"My reaction was one of stun, amazement that they want to kill people with my software that doesn't work," he said.

According to the affidavit of IISi CEO Paul Davis, who was also on the conference call, his firm did not previously know Netezza had sold the undeveloped product, let alone for deadly application by the CIA.

In an email to Baum two days later, on Columbus day 2009, Davis wrote: "Jon [Shepherd's] statement, apparently endorsed by Jim [Baum] that the customer can 'just work with whatever we give them' is not consistent with how IISi works. And we don't really believe that is how our national security agencies work. Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake."

Enter Skip

Yet according to Baum's response, that is how the CIA worked. "It is the CUSTOMER who has indicated that he is willing to work with IISi and Netezza to accept code progressively," he wrote.

As a follow up, Davis got a call from a man who identified himself as Skip McCormick, of the CIA, to discuss speeding up the port of Geospatial. Davis was recuperating from a heart attack and could not speak at any length. Straight after the the call, however, he received an email from McCormick with a CIA address.

Hays W. "Skip" McCormick III, from his book

"We depend on the Geospatial tools here every day," it said.

"We just upgraded to a [TwinFin], but it doesn't yet have the Geospatial tools. I'm trying to figure out what options are available for getting them asap."

Davis had doubts the contact was genuine but The Register has established that a Hays W. "Skip" McCormick III, co-author of a 1998 book on software project management, has worked at the CIA for several years. Sources including conference guest lists record his involvement in software projects at the agency. According to book publicity he previously worked as a consultant to DARPA, Northrop Grumman and the Office of the Secretary of Defense.

Further evidence of the CIA's apparent acceptance of untested software is offered by an internal Netezza email from the same day as the crucial conference call. "A US Gov customer is expecting the toolkit to be available as soon as Monday for use in a mission-critical project," wrote project manager Razi Raziuddin.

"They do understand we won't have a fully-qualified, production-ready release and are OK with it."

Immediately after IISi's refusal to deliver untested Geospatial code, internal emails disclosed to the court show Netezza executives began making alternative arrangements. "I want to set up some time on Thursday to get on the phone with you guys to talk about some options in the event we need an alternative TwinFin solution," Shepherd told Netezza engineers in an email.

Thank God for optimists

On the Thursday one of the engineers told Jim Baum via email that "it appears" Geospatial was working on TwinFin. On Friday it emerged that however Netezza adapted the software, the results were inaccurate.

"For some strange reason many of the calculations are a little off, from 1 to 13 metres," wrote Joe Wiltshire, a federal account manager at Netezza.

Jim Baum: "We are likely screwed"

"The customer is not confident they can live with the uncertainty in meters unless we can tell them a bit about why this is happening."

"No matter how you slice this, we are likely screwed," Netezza CEO Baum replied.

The unreliable results were traced to a floating point problem, but less than a week later Wiltshire reported to Shepherd that in fact "they are satisfied" and believed "the minor discrepancy in metrics... is due to [TwinFin] doing a better job".

"Thank God for optimists," came Shepherd's reply.

The solution was later referred to as "the spatial toolkit hack" in Netezza emails when it began producing further errors in November. The existence of the hack, and its use at the CIA was only revealed after Netezza sued IISi, claiming it breached its 2008 contract by refusing to port Geospatial to TwinFin.

That case was dismissed last month, with the judge finding that contrary to Netezza's repeated claims, IISi was under no obligation to carry out the work. Discovery also revealed that Shepherd had called on staff to develop "our own version of the spatial toolkit", which was introduced in January this year as "Netezza Spatial", which is available on the open market.

Now IISi claims both the hack and Netezza's own software are illegally based on reverse engineering and misappropriation of its trade secrets, and is pursuing an injunction that if granted would block their use by anyone. It's unclear which, if either, is currently in use at the CIA. A hearing on the injunction application is scheduled next week.

The complex case, which has so far received scant press attention, has the potential to embarrass the CIA, and the White House. President Obama has significantly expanded use of clandestine drone assassinations, despite heavy criticism from the UN and others.

Questions remain over whether repeated Netezza claims that the CIA needed Geospatial for drone assassination operations were correct, and the full truth is unlikely to be made public. However, the suggestion the agency accepted a rushed job and saw inaccuracies in an optimistic light is likely to draw further controversy to the programme.

Netezza and IISi both declined to comment for this story. A CIA spokeswoman said the agency does not comment on pending litigation, especially if it is not a party to the lawsuit. ®