Accumulo language watered down in conference defense authorization bill


Legislative language that could have cast doubt on defense and intelligence agencies' ability to utilize a National Security Agency-developed big data open source database has been significantly watered down in a compromise version of the fiscal 2013 national defense authorization bill unveiled Dec. 18.

The House and Senate conference version of the bill (.pdf) only requires the Defense Department to conduct an analysis of big data databases and tools and require competitive procedures in the acquisition of them – or if deciding to skip a competitive process within the next 5 years, notification to Congress of the waiver.

That's a marked change from the Senate's version of the bill, would have required the DoD chief information officer to certify that there exists no viable commercial big data open source database with security features comparable to it (such as the HBase or Cassandra), or that Accumulo is a successful open source project. Some within the open source community felt the Senate language was "a big gun being pointed at Accumulo," as a member of the Apache Foundation Accumulo Project management committee said in June.

Proponents of the Senate language argued that defense and intelligence agencies have run the risk in favoring Accumulo of being locked out of innovations generated within the HBase or Cassandra communities, but opponents have pointed to unique security cell-level classification feature that Accumulo has, its speed, and have said that it would be difficult to obtain those same features in another big data database.

They've also contended that following Accumulo's graduation to top-level project Apache Foundation status in March and establishment a commercial support company – Cambridge, Mass.-based sqrrl, founded by former Accumulo developers – the project met the conditions the Senate version called for.   

In fact, the joint conference statement (.pdf) accompanying the compromise bill says DoD has made a determination that Accumulo is "a successful open-source project" supported by commercial companies.

The conference statement nonetheless carries a  warning, stating that the open source release of code doesn't automatically mean that an application hasn't been a "government-funded, essentially in-house development program" and that government-off-the-shelf should be avoided "whenever and wherever there are competitive commercial alternatives, regardless of whether the GOTS software is government-owned or even 'open-sourced' while it is being developed or after the fact."

The conference bill also calls on the DoD CIO to conduct an inventory of existing software licenses owned by the department.

For more:
- download the conference bill (.pdf)
- download the conference statement (.pdf)

Related Articles:
SASC Accumulo language pro-open source, say proponents
Ozone Widget Framework to be on GitHub now by year's end
Wheeler: ITAR typically no barrier to releasing government open source code