Congressional Research Service Reports

Congressional Research Service reports are finally available via a centralized, government database.
Congressional Research Service reports are finally available via a centralized, government database.

It only took twenty-five years, but Congressional Research Service (CRS) reports are finally available through the Library of Congress.  Members of Congress have long released the reports to third-party databases, but now the reports are available directly from the Library of Congress.  As the research is paid for by taxpayers and conducted at the behest of Congress, limited access to this research has long been an affront to legislative transparency.

According to their FAQ, the CRS is “a federal legislative branch agency located within the Library of Congress, [which] serves as shared staff exclusively to congressional committees and Members of Congress. CRS experts assist at every stage of the legislative process — from the early considerations that precede bill drafting, through committee hearings and floor debate, to the oversight of enacted laws and various agency activities.”

CRS research is non-partisan and takes a multi-perspective approach to current issues and legislation.  Reports are both on demand and anticipatory.  “CRS approaches complex topics from a variety of perspectives and examines all sides of an issue. Staff members analyze current policies and present the impact of proposed policy alternatives.”

CRS services include reports on major policy issues; tailored confidential memoranda; briefings and consultations; seminars and workshops; and expert congressional testimony.

“With public policy issues growing more complex, the need for insightful and comprehensive analysis has become vital. Congress relies on CRS to marshal interdisciplinary resources, encourage critical thinking and create innovative frameworks to help legislators form sound policies, reach decisions on a host of difficult issues and address their constituents’ concerns and needs. These decisions will guide and shape the nation today and for generations to come.”

  • Congressional Research Service FAQ

The CRS database was included in The Consolidated Appropriations Act of 2018.  “We worked closely with Congress to make sure that we had a mutual understanding of the law’s requirements and Congress’ expectations in our approach to this project,” said Carla D. Hayden, Librarian of Congress.

As governmental work product, CRS research is not subject to copyright.  Thus, CRS research may be broadly disseminated without permission.  However, some research may contain copyrighted third-party images or material.

The new website provides the same search functionality as Congress and is keyword searchable.  Full-text searching is available along with filtering by topic, date, author, and additional keywords.

RainKing Federal IT Dataset

RainKing Org Charts provide headshots, social media links, contact information, and organizational position.
RainKing Org Charts provide headshots, social media links, contact information, and organizational position.

RainKing officially release their Federal IT dataset on April 18th.  The new offering covers federal agencies including Defense, Health and Human Services, Homeland Security, Veteran Affairs, Treasury, Transportation, Agriculture, Commerce, Justice, State, Energy, Social Security Administration, and NASA.  Quasi-governmental agencies such as the USPS, Fannie Mae, and Amtrak are also covered.

The 2016 tracked spend hit $76 billion.

“The federal government represents a massive opportunity for software and technology companies to tap into a steadily growing market,” stated RainKing CEO John L. Stanfill. “This new dataset will be valuable in helping our customers quickly identify and connect with the right decision makers across the federal government.”

Profiles span a broad set of governmental and technographic data including

  • Org charts which “are equal in depth to the rest of the database, mapping decision makers (executives), influencers, procurement officers, etc.”  Org charts span departments, agencies, and sub-agencies.
  • Complete profiles and contact information for these individuals
  • Current IT budget
  • Technologies-in-use and those responsible for them
  • Daily investment signals for active projects, RFPs, and upcoming technology investments –including the decision maker for these projects
  • Location details for headquarters and other offices within the departments/agencies
  • Other relevant department/agency information

“Unlike with other sources of Federal projects and initiatives, RainKing’s intelligence focuses on the actual decision makers and budget holders, not just the government procurement managers,” said the firm.

RainKing maintains a sixty-day editorial review cycle and plans to continue expanding their Federal coverage.  The firm currently provides 100,000 Federal, State, Local, and Education decision makers.

“This dataset is different than any other existing solution, because in one view, our clients can not only search for active projects and RFPs, and pinpoint the actual decision makers responsible for those projects, but they can also gain insight into the existing technology environment within the agencies and bureaus. This is immensely valuable from a competitive standpoint,” said Jennifer Kitchen, Chief Content Officer at RainKing.

Customers can purchase the dataset individually or alongside other RainKing files spanning 60,000 global companies and one million executives.  They pre-sold over fifty clients.

RainKing has been rapidly growing its company and contact coverage over the past few years.  Their editorially-gathered dataset now spans over one million financial decision makers across nearly 60,000 global organizations.

The RainKing Prediction Engine suggests and ranks contacts.
The RainKing Prediction Engine suggests and ranks contacts.

D&B NetProspex B2B Contact File Stolen

A NetProspex breach sample record for journalist Zack Whitaker (originally published by Troy Hunt with permission)
A NetProspex breach sample record for journalist Zack Whitaker (originally published by Troy Hunt with permission)

A 52.5 GB NetProspex file of nearly 34 million US business contacts was recently stolen.  Dun & Bradstreet did not indicate how the MongoDB database was purloined, but indicated it suffered no data breaches and the file was likely stolen from a customer.  “We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system,” the firm said in a statement to ZD Net.

The file was believed to be six months old.  While it was built and sold for legitimate sales and marketing purposes and complies with US law, it could be used for spamming and spear phishing.  “It’s an absolute goldmine for phishing because here you have a huge amount of useful information from which to craft attacks,” said Internet security advocate Troy Hunt who publicized the breach. “From this data, you can piece together organizational structures and tailor messaging to create an air of authenticity and that’s something that’s attractive to crooks and nation-state actors alike.”

Content includes business contact information; job titles, functions, and levels; current employer; and employer firmographics including size, industry, location, and D-U-N-S Number.  Their file does not contain personal emails, phones, biographics, or any kind of consumer credit data as Dun & Bradstreet strictly collects B2B company and contact intelligence.  However, the file does contain extensive business and government employee data such as 100,000 Department of Defense and a combined 75,000 Army, Air Force, and VA contacts.

Dun & Bradstreet should evaluate whether retaining titles for military and security agencies is in their best interest (and the country’s).  For example, being able to identify 715 military Intelligence Analysts makes it easy for nefarious parties to spearphish them.  This may be a case where losing the actual job title and simply mapping the title to a job function (e.g. procurement, security, medical, R&D) would make sense.  Another option might be to track only government officials whose name appear in official sites and publications.  As the government publishes bid data through FedBizOpps, procurement contacts would still be available for commercial purposes.

“Whilst you could piece together parts of the data from information already in the public domain, having it aggregated and so easily searchable in this fashion is enormously valuable,” said Hunt. “It also serves as a reminder that we’ve lost control of our privacy; the vast majority of people in the data set would have no idea their information is being sold in this fashion and they certainly don’t have any control over it.”

If you would like to check on whether your personal or business email information have been stolen, Hunt has setup a free site which tracks over 200 stolen databases.  Registration takes about 3 minutes (you need to validate that you are researching your own contact information).  The site will also advise you if your email appears in future breaches.