FBI And NSA Demands Passwords From Internet Service Providers — Big Brother Is Truly Out-of-Control — Time To Totally Repeal Patriot Act — Photos and Videos
Amash Amendment Creates New Political Coalitions
Glenn Beck Justin Amash Interview On Nsa Surveillance
Justin Amash on NSA spying: This issue is about the American people vs. Washington political elites
Glenn Beck Excoriates Michele Bachmann: ‘Shame On You,’ ‘Really, Really, Really Almost Dead To Me’
Justin Amash: No Precedent In History For NSA Spying
Daines Fights to Protect Americans from NSA Mass Data Collection
Michigan congressman aims to defund NSA surveillance program
FOX NEWS: NSA Director’s Deceptive Testimony
NSAs Keith Alexander Calls Emergency Private Briefing To Lobby Against Justin Amash Amendment Curtai
NSA Director describes PRISM-like program in 2012
Unconstitutional – Judge: FBI Requests Violate 1st Amendment – Judge Andrew Napolitano
NSA & The Mass Surveillance Society
FBI’s Patriot Act Abuse of National Security Letters and illegal NSA spying
Mark Levin – Government Surveillance – June 6, 2013 – Full Show
Full Show 6/10/13: The Rise of the Security State
Nova: The Spy Factory Full Video
Feds tell Web firms to turn over user account passwords
Secret demands mark escalation in Internet surveillance by the federal government through gaining access to user passwords, which are typically stored in encrypted form.
The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
If the government is able to determine a person’s password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.
“I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”
A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.'”
Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.
A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would divulge passwords, salts, or algorithms, the spokesperson replied: “No, we don’t, and we can’t see a circumstance in which we would provide it.”
Google also declined to disclose whether it had received requests for those types of data. But a spokesperson said the company has “never” turned over a user’s encrypted password, and that it has a legal team that frequently pushes back against requests that are fishing expeditions or are otherwise problematic. “We take the privacy and security of our users very seriously,” the spokesperson said.
Apple, Yahoo, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast did not respond to queries about whether they have received requests for users’ passwords and how they would respond to them.
Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail, said he doesn’t recall receiving any such requests but that the company still has a relatively small number of users compared with its larger rivals. Because of that, he said, “we don’t get a high volume” of U.S. government demands.
The FBI declined to comment.
Some details remain unclear, including when the requests began and whether the government demands are always targeted at individuals or seek entire password database dumps. The Patriot Act has been used to demand entire database dumps of phone call logs, and critics have suggested its use is broader. “The authority of the government is essentially limitless” under that law, Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence committee, said at a Washington event this week.
Large Internet companies have resisted the government’s requests by arguing that “you don’t have the right to operate the account as a person,” according to a person familiar with the issue. “I don’t know what happens when the government goes to smaller providers and demands user passwords,” the person said.
An attorney who represents Internet companies said he has not fielded government password requests, but “we’ve certainly had reset requests — if you have the device in your possession, than a password reset is the easier way.”
Cracking the codes Even if the National Security Agency or the FBI successfully obtains an encrypted password, salt, and details about the algorithm used, unearthing a user’s original password is hardly guaranteed. The odds of success depend in large part on two factors: the type of algorithm and the complexity of the password.
Algorithms, known as hash functions, that are viewed as suitable for scrambling stored passwords are designed to be difficult to reverse. One popular hash function called MD5, for instance, transforms the phrase “National Security Agency” into this string of seemingly random characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists believe that, if a hash function is well-designed, the original phrase cannot be derived from the output.
But modern computers, especially ones equipped with high-performance video cards, can test passwords scrambled with MD5 and other well-known hash algorithms at the rate of billions a second. One system using 25 Radeon-powered GPUs that was demonstrated at a conference last December tested 348 billion hashes per second, meaning it would crack a 14-character Windows XP password in six minutes.
The best practice among Silicon Valley companies is to adopt far slower hash algorithms — designed to take a large fraction of a second to scramble a password — that have been intentionally crafted to make it more difficult and expensive for the NSA and other attackers to test every possible combination.
One popular algorithm, used by Twitter and LinkedIn, is called bcrypt. A 2009 paper (PDF) by computer scientist Colin Percival estimated that it would cost a mere $4 to crack, in an average of one year, an 8-character bcrypt password composed only of letters. To do it in an average of one day, the hardware cost would jump to approximately $1,500.
But if a password of the same length included numbers, asterisks, punctuation marks, and other special characters, the cost-per-year leaps to $130,000. Increasing the length to any 10 characters, Percival estimated in 2009, brings the estimated cracking cost to a staggering $1.2 billion.
As computers have become more powerful, the cost of cracking bcrypt passwords has decreased. “I’d say as a rough ballpark, the current cost would be around 1/20th of the numbers I have in my paper,” said Percival, who founded a company called Tarsnap Backup, which offers “online backups for the truly paranoid.” Percival added that a government agency would likely use ASICs — application-specific integrated circuits — for password cracking because it’s “the most cost-efficient — at large scale — approach.”
While developing Tarsnap, Percival devised an algorithm called scrypt, which he estimates can make the “cost of a hardware brute-force attack” against a hashed password as much as 4,000 times greater than bcrypt.
Bcrypt was introduced (PDF) at a 1999 Usenix conference by Niels Provos, currently a distinguished engineer in Google’s infrastructure group, and David Mazières, an associate professor of computer science at Stanford University.
With the computers available today, “bcrypt won’t pipeline very well in hardware,” Mazières said, so it would “still be very expensive to do widespread cracking.”
Even if “the NSA is asking for access to hashed bcrypt passwords,” Mazières said, “that doesn’t necessarily mean they are cracking them.” Easier approaches, he said, include an order to extract them from the server or network when the user logs in — which has been done before — or installing a keylogger at the client.
Questions of law Whether the National Security Agency or FBI has the legal authority to demand that an Internet company divulge a hashed password, salt, and algorithm remains murky.
“This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?” said Jennifer Granick, director of civil liberties at Stanford University’s Center for Internet and Society. “I don’t know.”
Granick said she’s not aware of any precedent for an Internet company “to provide passwords, encrypted or otherwise, or password algorithms to the government — for the government to crack passwords and use them unsupervised.” If the password will be used to log in to the account, she said, that’s “prospective surveillance,” which would require a wiretap order or Foreign Intelligence Surveillance Act order.
If the government can subsequently determine the password, “there’s a concern that the provider is enabling unauthorized access to the user’s account if they do that,” Granick said. That could, she said, raise legal issues under the Stored Communications Act and the Computer Fraud and Abuse Act.
The Justice Department has argued in court proceedings before that it has broad legal authority to obtain passwords. In 2011, for instance, federal prosecutors sent a grand jury subpoena demanding the password that would unlock files encrypted with the TrueCrypt utility.
The Florida man who received the subpoena claimed the Fifth Amendment, which protects his right to avoid self-incrimination, allowed him to refuse the prosecutors’ demand. In February 2012, the U.S. Court of Appeals for the Eleventh Circuit agreed, saying that because prosecutors could bring a criminal prosecution against him based on the contents of the decrypted files, the man “could not be compelled to decrypt the drives.”
In January 2012, a federal district judge in Colorado reached the opposite conclusion, ruling that a criminal defendant could be compelled under the All Writs Act to type in the password that would unlock a Toshiba Satellite laptop.
Both of those cases, however, deal with criminal proceedings when the password holder is the target of an investigation — and don’t address when a hashed password is stored on the servers of a company that’s an innocent third party.
“If you can figure out someone’s password, you have the ability to reuse the account,” which raises significant privacy concerns, said Seth Schoen, a senior staff technologist at the Electronic Frontier Foundation.
Six Ways Congress May Reform NSA Snooping
A measure to end one NSA program was just defeated in the House by a surprisingly narrow margin. Here are other proposals on the table.
Although the House defeated a measure that would have defunded the bulk phone metadata collection program , the narrow 205-217 vote  showed that there is significant support in Congress to reform NSA surveillance programs. Here are six other legislative proposals on the table.
1) Raise the standard for what records are considered “relevant”
The Foreign Intelligence Surveillance Court has reportedly adopted a broad interpretation of the Patriot Act , ruling that all the records in a company’s database could be considered “relevant to an authorized investigation.” The leaked court order compelling a Verizon subsidiary to turn over all its phone records is just one example of how the Foreign Intelligence Surveillance Court has interpreted the statute.
Both Rep. John Conyers , D-Mich., and Sen. Bernie Sanders, I-Vt. , have introduced bills requiring the government to show “specific and articulable facts” demonstrating how records are relevant. Similarly, legislation introduced by Sen. Mark Udall, D-Colo., would require any applications to include an explanation  of how any records sought are relevant to an authorized investigation.
2) Require NSA analysts to obtain court approval before searching metadata
Once the NSA has phone records in its possession, Sen. Dianne Feinstein has explained that NSA analysts may query the data without individualized court approvals , as long as they have a “reasonable suspicion, based on specific facts ” that the data is related to a foreign terrorist organization.
A bill from Rep. Stephen Lynch, D-Mass., would require the government to petition the Foreign Intelligence Surveillance Court every time an analyst wants to search telephone metadata . From there, a surveillance court judge would need to find “reasonable, articulable suspicion” that the search is “specifically relevant to an authorized investigation” before approving the application. The legislation would also require the FBI to report monthly to congressional intelligence committees all the searches the analysts made.
3) Declassify Foreign Intelligence Surveillance Court opinions
Right now, court opinions authorizing the NSA surveillance programs remain secret. Advocacy groups have brought several Freedom of Information Act suits  seeking the release of Foreign Intelligence Surveillance Court documents, but the Justice Department continues to fight them.
Several bills would compel the secret court to release some opinions. The Ending Secret Law Act — both the House  and Senate  versions — would require the court to declassify all its opinions that include “significant construction or interpretation” of the Foreign Intelligence Surveillance Act. Under current law, the court already submits these “significant” opinions to congressional intelligence committees, so the bill would just require the court to share those documents with the public.
The bills do include an exception if the attorney general decides that declassifying an opinion would threaten national security. In that case, the court would release an unclassified summary of the opinion, or — if even offering a summary of the opinion would pose a national security threat — at least give a report on the declassification process with an “estimate” of how many opinions must remain classified.
Keep in mind, before Edward Snowden’s disclosures, the Justice Department argued that all “significant legal interpretations” needed to remain classified  for national security reasons. Since the leaks, the government has said it’s now reviewing what, if any, documents can be declassified, but they said they need more time .
4) Change the way Foreign Intelligence Surveillance Court judges are appointed
Current law does not give Congress any power to confirm Foreign Intelligence Surveillance Court judges. Instead, the chief justice of the United States appoints the judges, who all already serve on the federal bench. The judges serve seven-year terms. Chief Justice John Roberts appointed all 11 judges  currently serving on the court – ten of whom were nominated  to federal courts by Republican presidents.
A bill introduced by Rep. Adam Schiff, D-Calif., would give the president the power to appoint surveillance court judges  and give the Senate power to confirm. The president would also choose the presiding judge of the surveillance court, with Senate approval.
Alternatively, Rep. Steve Cohen, D-Tenn., has offered a bill  that would let the chief justice appoint three judges and let the House Speaker, the House minority leader, the Senate majority leader, and the Senate minority leader each appoint two judges.
5) Appoint a public advocate to argue before the Foreign Intelligence Surveillance Court
Currently, the government officials petitioning the Foreign Intelligence Surveillance Court do not face an adversarial process. Surveillance targets do not have representation before the court, and they are not notified if a court order is issued for their data.
In 33 years, the surveillance court only rejected 11 of an estimated 33,900 government requests , though it the government has also modified 40 of the 1,856 applications in 2012.
Two former Foreign Intelligence Surveillance Court judges – Judge James Robertson  and Judge James Carr  – have argued that Congress should appoint a public advocate to counter the government’s arguments. Carr wrote in the New York Times, “During my six years on the court, there were several occasions when I and other judges faced issues none of us had encountered before. […]Having lawyers challenge novel legal assertions in these secret proceedings would result in better judicial outcomes.”
Sen. Richard Blumenthal, D-Conn., has promised to introduce a bill  that would provide a “special advocate” to argue on behalf of privacy rights and give “civil society organizations” a chance to respond before the surveillance court issues significant rulings.
The surveillance court can actually invite advocates to argue before the court, as the Supreme Court did when the Obama administration refused to defend the Defense of Marriage Act.
“There’s nothing in law that would prevent the FISA court from hiring an advocate as an additional advisor to the court, except the need to obtain security clearances for that advocate, which would have to be granted by the executive branch,” explained Steven Bradbury, who served as the head of the Office of Legal Counsel in the Department of Justice from 2005 to 2009.
Bradbury has argued that the surveillance court may not need a permanent public advocate because its legal advisers  already fulfill that role.
6) End phone metadata collection on constitutional grounds
The Justice Department has maintained that mass phone metadata collection is “fully consistent with the Fourth Amendment .” That reasoning is based on the 1979 Supreme Court decision Smith v. Maryland , where the Court found that the government does not need a warrant based on probable cause to collect phone records. The Court reasoned that whenever you dial a phone number, you voluntarily share that phone number with a telecom, and you can’t reasonably expect a right to privacy for information shared with third parties. As a result, the Court ruled that the collection of phone records is not a “search” and does not merit protection under the Fourth Amendment.
Sen. Rand Paul, R-Ky., has introduced a bill  declaring that the Fourth Amendment “shall not be construed to allow any agency of the United States Government to search the phone records of Americans without a warrant based on probable cause” — effectively shutting down the NSA’s phone metadata collection program.
The NSA’s New Spy Facilities are 7 Times Bigger Than the Pentagon
He works at one of the three-letter intelligence agencies and oversees construction of a $1.2 billion surveillance data center in Utah that is 15 times the size of MetLife Stadium, home to the New York Giants and Jets. Long Island native Harvey Davis, a top National Security Agency official, needs that commanding presence. His role is to supervise infrastructure construction worldwide for NSA, which is part of the Defense Department. That involves tending to logistics, military installations, as well as power, space and cooling for all NSA data centers.
In May, crews broke ground on a $792 million computing center at the agency’s headquarters near Baltimore that will complement the Utah site. Together the Utah center and Maryland’s 28-acre computer farm span 228 acres—more than seven times the size of the Pentagon.
During an interview with Government Executive in June, amid the uproar over leaked details of NSA’s domestic espionage activities, Davis describes the 200-acre Utah facility as very transparent: “Only brick and mortar.” A data center just provides energy and chills machines, he says.
About 6,500 contractors, along with more than 150 Army Corps of Engineers and NSA workers, including some with special needs, are assigned to the project. Davis perks up when he talks about the hundreds of individuals with disabilities he has steered into NSA.
But ask him why the facility is so big and what’s inside, and he is less forthcoming. “I think we’re crossing into content. It’s big because it’s required to be big,” says Davis, a 30-year veteran of the spy agency.
<a href=”http://ad.doubleclick.net/N617/jump/defenseone.com/section_technology;pos=contextual-large-rectangle-tablet;sz=700×350;” title=””> <img src=”http://ad.doubleclick.net/N617/ad/defenseone.com/section_technology;pos=contextual-large-rectangle-tablet;sz=700×350;tile=3;” alt=”” />
<a href=”http://ad.doubleclick.net/N617/jump/defenseone.com/section_technology;pos=contextual-large-rectangle-mobile;sz=300×150;” title=””> <img src=”http://ad.doubleclick.net/N617/ad/defenseone.com/section_technology;pos=contextual-large-rectangle-mobile;sz=300×150;tile=4;” alt=”” />
At NSA, secrecy is not exclusive to intelligence analysts. Every civil servant in the Installations and Logistics Directorate Davis leads has a security clearance. He earned his in the early 1980s, entering the agency with a master’s degree in business administration, experience managing inventory for a women’s apparel chain, and a yearning for a higher calling than retail.
For security reasons, some of the contractors erecting the data center don’t even know its purpose, other than the equipment needed—nothing about snooping. The 2010 public work solicitation called for a 65-megawatt center with a chiller plant, fire suppression systems, electrical generators and an uninterruptible power supply backup capacity.
Davis lets out that inside there will be supercomputers, or what NSA labels “high performance computers.” These need “different cooling and different power distributions as opposed to something you bought from Best Buy,” he says. The machines, along with whatever other technology is tucked in the facility, are slated to power on by Oct. 1.
Four years ago, the stated purpose of the megaplex near Salt Lake City was to amass foreign intelligence and warnings about hackers. Officials described it as an extension of President George W. Bush’s 2008 Comprehensive National Cybersecurity Initiative, a largely classified, cross-agency program to protect U.S. computer networks against adversaries. Today, it is evident the data plantation will not be linked to any one program. Instead, the systems inside will warehouse counterterrorism information collected in aggregate, including millions of Americans’ phone logs for five years and certain foreigners’ online messages, NSA officials confirm. Spies at other locations will decipher what’s accumulated to thwart terrorist attacks, cyber assaults, and weapons of mass destruction.
The Utah effort is the largest ongoing Defense construction project in the United States. Still, it is only three-quarters the size of the department’s largest in the world—the Medical Center Replacement Project at Rhine Ordnance Barracks, Germany.
Harvey Davis, Director of Logistics, NSA, at the agency’s Fort Meade construction site. Photo by Melissa Golden
Davis is reluctant to discuss the ratio of contractors to civil service employees in Utah—a week after The Guardian and The Washington Post have reported an NSA contractor leaked Top Secret documents. Prosecutors are pursuing former Booz Allen Hamilton employee Edward Snowden for exposing files about PRISM, the agency’s foreign Internet surveillance program, and domestic call data-monitoring while he was administering NSA data systems in Hawaii.
Compared with the 6,500 contract employees, “there is a smaller number of people on my core project management team,” Davis says. An agency official in the room adds: “We can talk in total numbers here . . . We can’t get into how many are ours, how many are theirs.”
A few days after the interview, when asked why NSA’s reliance on contractors is hush-hush, agency officials released some figures. Ten people are on Davis’ core team. About 150 employees from the Army Corps of Engineers, along with an undisclosed number of employees from the 1,000-member Installations and Logistics Directorate, are involved with the Utah project. NSA considers the total sum of agency personnel staffed to certain construction projects operational details and would not provide that statistic. A small workforce of up to 200 government and contract employees—building engineers, systems administrators and maintenance workers—will stay permanently to keep the facility running.
Davis is more eager to discuss the quality than quantity of his employees. Roughly 10 years ago, while working as an NSA human resources director, he encountered an untapped talent pool that he now draws from regularly. “The disabled population is just so thankful to have a job. They would just come in here and you’d have to actually force them to go home,” Davis says. “I have engineers that are hard of hearing, and our workforce all took sign language so they could actually communicate with one another.”
Nobody waters down security clearance exercises to facilitate special needs applicants, he adds. “Somebody who was deaf, we would do polygraph in sign language,” Davis says. “What we look for is qualifications first. We have someone developing software—working on the computers—that is blind. There is really no limitation that we have found as long we can find the skill match.” At least a dozen engineers who have disabilities work in his directorate. Grounds maintenance and snow removal contractors in Utah will be hired through SourceAmerica (formerly NISH), a nonprofit organization that fits agency needs with the skills of job seekers with disabilities.
“He has integrated this into the fabric of the company,” says Joyce A. Bender, past chair of the board of the American Association of People with Disabilities, who met Davis when he decided NSA needed more diversity. “What makes this work at any company is a passionate leader, someone in leadership, whether it’s in the private sector or a federal agency,” says Bender, a Pittsburgh-based consultant who recruits people with disabilities for work in government and industry.
Her firm refers to NSA about 200 individuals annually for positions in finance, linguistics, math and other specialties. Since 2010, about 550 candidates have been hired. “If he says, ‘I’m going to do something,’ you can count on it that he is going to do it,” Bender says of Davis. “He doesn’t sugarcoat anything. He’s very direct and to the point.”
A Leak During Construction
No matter their background or how they came to NSA, civil servants and contract employees alike all serve in silence. “That’s really the culture of this agency, and we’re really not looking for big accolades,” Davis says. “What really makes the people satisfied here is that they did the job and they did it right and they’re doing things within the appropriate manner.” The mentality is that NSA operates in the dark for the safety of Americans. Some citizens, however, argue it should operate in the sunshine a little more for the safety of democracy.
The secrecy dispute is “a distraction and a weakness that has been presented by this guy,” Snowden, who should not have seen such sensitive information in the first place, says one former NSA official. “They’ve got to do some internal homework about how to keep that data separate,” the ex-official says, adding that technical controls are not very difficult to configure. “How the heck did this guy in Hawaii gain access to all that?”
Some human rights advocates are grateful for the exposure of the agency’s surveillance methods. “Communications about millions of innocent Americans are being stored for five years in a government database—whether or not there is any reason to search our call records, and I don’t think our Constitution allows that,” says Alex Abdo, staff attorney for the American Civil Liberties Union’s National Security Project.
Even some former Pentagon officials say citizens should know NSA’s intentions for the Utah data center. “When you have this much centralization of capabilities, which in government terms can translate into real power—that and resources—it’s important that the public be able to look at these things and figure out what they are doing,” says a cyber official who recently left Defense and now works as a private contractor. The official is not involved in the project and was not authorized to speak on behalf of the department.
A 2012 article in Wired reported that NSA needs the megaplex partially because the Pentagon wants to expand the military global communications network to manage yottabytes of data. “A yottabyte is a septillion bytes—so large that no one has yet coined a term for the next higher magnitude,” the article said. “Should the agency ever fill the Utah center with a yottabyte of information, it would be equal to about 500 quintillion (500,000,000,000,000,000,000) pages of text.” NSA officials told Government Executive, however, they do not discuss such operational details.
An Open House
The contents of the NSA computer fortress might be a mystery to the public, but Davis says his project has been open to congressional and industry scrutiny.
“The military construction process by design is a very, very transparent process. We work through the Corps of Engineers,” he says. “It’s a public discourse. When we give out our request for proposal, that’s through FedBizOpps.gov.” But on the website, many of the work descriptions for that project are locked behind a firewall. NSA spokeswoman Vanee Vines says the documents are restricted because “they must be accounted for and are only for cleared defense contractors.”
Davis acknowledges the controversy over his project has taken an emotional toll. “We’ve been pressured to disclose what’s been going in the Utah Data Center for quite a while independent of the current events,” he says. “My workforce and the workforce that I work with here [in Utah] take our jobs and our responsibility very, very seriously, and for somebody to say that we’re doing something untoward is a pretty big hit on the morale here.”
No matter the outcome of the debate, the Utah computers are expected to go online within two months. This is where the MBA comes in. From choosing a site, to convincing Congress to agree with blueprints to surmounting a late-in-the-game budget chop, balancing the books is key. “Utah is a wonderful place with abundant and inexpensive power,” Davis says. “Plenty of sources of water for cooling.” NSA applied a mathematical model to select the location. The surrounding environment simplified construction. “Utah, because of the facility and the utilities, just came out far and ahead of everywhere else,” he says. “Lots of good roads. We could get the steel in. We could get the concrete in. We have lots of sand pits nearby,” he says. “We built our own cement slabs in that area. It’s pretty well offset from the road for the security that we need for the data center.”
The price tag for the project is in line with industry standards, according to NSA. “It’s actually relatively cheap and I came in under cost,” Davis says, referring to $100 million in savings gained partly by refusing to let contractors adjust the plan. Penny-pinching became mandatory when governmentwide spending cuts, known as sequestration, kicked in this year.
“One of the biggest cost drivers on a project this size is something called an engineering change proposal. They really number in the tens to hundreds in a project of this size,” but one could “count on a couple of hands the numbers of change orders that we allowed to happen,” he says. “We spent a lot of time honing the requirements tightly up front, making sure we knew what we were building, building it, and not going back and changing it later.” That’s the New York strong arm talking.