recommended reading

Hackers Downloaded US Government Climate Data and Stored it on European Servers as Trump Was Being Inaugurated

3dkombinat/Shutterstock.com

As Donald Trump was sworn into office as the new president Jan. 20, a group of around 60 programmers and scientists were gathered in the Department of Information Studies building at the University of California-Los Angeles, harvesting government data.

A spreadsheet detailed their targets: Webpages dedicated to the Energy Department’s solar power initiative, Energy Information Administration data sets that compared fossil fuels to renewable energy sources, and fuel cell research from the National Renewable Energy Laboratory, to name a few out of hundreds.

Many of the programmers who showed up at UCLA for the event had day jobs as IT consultants or data managers at startups; others were undergrad computer science majors. The scientists in attendance, including ecologists, lab managers, and oceanographers, came from universities all over Southern California.

A motley crew of data enthusiasts who assemble for projects like this is becoming something of a trend at universities across the country: Volunteer “data rescue” events in Toronto, Philadelphia, Chicago, Indianapolis and Michigan over the last few weeks have managed to scrape hundreds of thousands of pages off of EPA.gov, NASA.gov, DOE.gov and whitehouse.gov, uploading them to the Internet Archive. Another is planned for early February at New York University.

Hackers, librarians, scientists and archivists had been working around the clock, at these events and in the days between, to download as much federal climate and environment data off government websites as possible before Trump took office.

But suddenly, at exactly noon Friday as Trump was sworn in, and just as the UCLA event kicked off, some of their fears began to come true: The climate change-related pages on whitehouse.gov disappeared. It’s typical of incoming administrations to take down some of their predecessor’s pages, but scrubbing all mentions of climate change is a clear indication of the Trump administration’s position on climate science.

“We’re having a heart attack,” said Laurie Allen on Friday afternoon. Allen is the assistant director for digital scholarship in the University of Pennsylvania libraries and the technical lead on a recent data-rescuing event there. “In the last four days, I think we’ve been working 22 hours a day, because we were hearing that these precise changes were going to happen.”

“I wish we had been wrong about our concerns. But this is what we internally had predicted and prepared for,” added Bethany Wiggin, the director of the environmental humanities program at Penn and another organizer of the data-rescuing event.

Over the first 100 days of the new administration, a volunteer team of programmers will be scanning government websites and comparing them to the archived, pre-Trump versions, to check for changes.

“We’ll be letting people know what the changes exactly are. We hope to produce a weekly report on changes,” Wiggin says, perhaps in the form of a newsletter.

While Wiggin and Allen say the changes to whitehouse.gov are disconcerting, they also note they are small potatoes compared with what could come next: the large government data sets related to climate change and environmental health that scientists use for research.

For example, there’s a massive Environmental Protection Agency database of air quality monitoring data that might become a target of Trump-appointed EPA administrator Scott Pruitt’s office, based on Pruitt’s history of suing the EPA to roll back air pollution regulations.

That’s where the data rescuing hackathons come in: The volunteer programmers at each event have been writing custom scripts to harvest the bigger, more complicated federal data sets, too. And they’re sharing the scripts with each other.

“These events build onto each other. We might use tools that were built at other events,” says Irene Pasquetto, one of the organizers of the UCLA event.

Large data sets are being organized and uploaded to datarefuge.org, a website based on a version of the open-source data portal software Ckan, customized by Allen. All the various data-rescue hackathons are using the site for data storage, and hope it will act as an alternative repository for pre-Trump federal information during the new administration.

There will, thanks to Michael Riedyk, CEO of the Canadian data-archiving company Page Freezer, also be a copy stored outside the US.

The night before the inauguration, Riedyk was reading an article online about the Penn data-rescuing event, and thought it wouldn’t hurt also host that data in a second location, and he had just the spot in mind. His company offered monthly subscriptions to companies and government agencies who wanted their web pages archived on a daily basis. Plus, it had servers in Europe.

“We built this huge archiving cloud that crawls websites to preserve them, either to comply with regulation or for legal protection,” Riedyk says. “I thought, wow, we have that complete infrastructure in place.”

So Riedyk got in touch with Wiggin, who helped organize the Philadelphia event, and offered his services for free.

“I said, ‘We can archive these for you, and figure out how to open up to the public later.’”

Wiggin sent him back 30,000 science-related government web pages and the domain names of 150 complete websites that participants in data-rescue events had identified as possibly under threat by the new administration, or of vital use to researchers.

By the next day, shortly after Trump took office, Riedyk’s team was almost done.

“We’ve captured a significant portion,” he says. “I expect we’ll have everything on that list by today or tomorrow.”

From there, his company will use web crawlers to scan each page on a weekly basis. Page Freezer’s proprietary software will allow them to see if anything changes.

“We have all kinds of really cool tools to highlight what changed—we can see exactly how people have edited or deleted.” So if the Trump administration alters a page on, say, an EPA website, Page Freezer will know.

Page Freezer has three data centers, one in the U.S., one in Europe and one in Canada; the U.S. government data will be archived on their European servers.

“That’s where we had most of our capacity available right now,” Riedyk says. But it could also put the information out of reach of the U.S. government: In a 2016, a U.S. appeals court ruled Microsoft did not have to turn over to the Justice Department a customer’s emails stored on a server in Dublin, Ireland.

The second circuit court said warrants obtained under the Stored Communications Act, which governs electronic records, are limited to searches within U.S borders. That’s not to say the law would not be challenged again, but having a copy of these key scientific datasets stored in Europe should make getting rid of them much more difficult.

Meanwhile, as more and more “data rescuing” events bubble up across the country, the work is getting easier, says Britt Paris, a Ph.D. student at UCLA and another organizer of the event there. Strategies for workflow and data-scraping best-practices are being handed down, one event to the other.

“I feel like we have a lot of support, like we’re part of a wider network,” Paris said. “There’s a sense of going forward together.”

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.