I sometimes wonder what my Alexa thinks of me.
She turns on and off lights early in the morning and late at night for me – and other times for my kids. Sometimes, she plays some old Eric Clapton for Dad. Other times, it’s “Glee” and Katie Perry for them.
Obviously, Alexa is a machine and does not care how my family uses it. But the Department of Defense is another matter.
It is on the verge of spending $10 billion over the next 10 years to, in essence, buy one big Alexa for the entire military. The Pentagon describes the product it seeks to buy not as the Mother of All Alexas but as a “centralized data lake” for the military’s 3.4 million users and 4 million devices.
The project, known as the Joint Enterprise Defense Infrastructure, or JEDI, plan, would move all the Department of Defense’s data – classified and unclassified – onto one cloud controlled and administered by one vendor. Get into that one product, and it is hard to overstate the potential for damage.
And the system is vulnerable to hacking. The New York Times reported in May that researchers in China and the United States have shown they can send hidden commands, undetectable by the human ear, to Apple’s Siri, Amazon’s Alexa or Google’s Assistant to perform tasks such as dialing phone numbers and opening websites.
Researchers at Cal-Berkeley and Georgetown have discovered a way to embed commands directly into recordings of music or spoken text. A human might hear an orchestra or someone talking about something totally unrelated. The Amazon Echo speaker might hear a command of an entirely different nature.
“My assumption,” said one of the researchers, “is that the malicious people already employ people to do what I do.”
Moreover, if this goes through, a state-owned firm in China will have a head start in hacking into the new system because it has forced Amazon Web Services – which right now is virtually certain to get the contract – to turn over nearly identical technology to its Chinese partner to comply with Chinese law that forbids foreign companies from owning or operating certain types of technology firms.
It has similarly insisted that Apple and others turn over cloud computing technology and that cloud systems be nationalized.
The military is convinced scattering its information across multiple clouds would inhibit “the ability to access and analyze critical data,” which would, in turn, slow work on machine learning and artificial intelligence for war fighters, it said in a report to Congress. It also claims diversifying vendors would make it more difficult to reach remote locations and increase the number of installed devices at forward military bases or naval vessels where space is limited.
Thus, it wants to award one contract to one vendor – Amazon Web Services – and move on. Although the initial contract is for two years, add-ons could take it to as long as 10.
The military promises to build in safeguards against “vendor lock” and to extend the contract only if it benefits the Department of Defense, but all involved acknowledge it’s unlikely so complex a system would be uprooted after two years.
The Pentagon seems determined to move ahead on this. It announced in May it would hold off on issuing the final request for proposals while it considers more than 1,000 public comments – many from a coalition of competitors urging the military to diversify.
But September remains the “notional” target for awarding the contract, according to the Department of Defense, and the plan remains to award it on a winner-take-all basis, almost certainly to Amazon Web Services.
“I can’t imagine any possible way that the deal could be stopped,” said one insider.
But perhaps a second look is in order. A senior adviser to Secretary of Defense James Mattis stands accused of accepting payments from the sale of her consulting firm while she worked for the Department of Defense and of attempting to guide the contract toward Amazon Web Services, a former client.
Mattis himself is said to talk with Amazon Web Services owner Jeff Bezos at least weekly despite Bezos’ icy relationship with President Trump.
Vanity Fair reported in August that the deal has appeared to be rigged in favor of Amazon and Amazon alone from its inception. The 1,375-page request for proposal “contains a host of technical stipulations that only Amazon can meet, making it hard for other leading cloud-services providers to win – or even apply for – the contract.” One provision limits the pool to companies that already generate $2 billion per year in commercial cloud revenues, which eliminates all but a few competitors.
Given the vulnerabilities to hacking and the connections between Mattis, his aide, her lobbying firm that was working for Amazon Web Services and Bezos himself, perhaps another delay is in order to give the Department of Defense time to make sure it is doing the right thing.