Uncle Sam to Stop Buying Used IT Gear?
January 5, 2009 Timothy Prickett Morgan
If you don’t buy or sell a lot of computer and networking hardware, then you will probably be perplexed about this story. Judging from the context of a recent government hearing on the topic, counterfeit IT gear is apparently a much bigger problem than many of us might think. The U.S. federal government is so annoyed by the problem that it held a hearing about implementing acquisition rules that would severely curtail the use of secondhand equipment among major government agencies.
Back on November 18, the General Services Administration and the National Aeronautics and Space Administration placed an announcement in the Federal Register giving advance notice that it was proposing changes in a set of regulations known as the Federal Acquisition Regulation that stipulated that only vendor-authenticated equipment, whether it was new or used, could be acquired by government agencies. (This is FAR case 2008-019, Authentic Information Technology Products, in governmentese.) The notice gave advance notice to the public about the rule change and set up a public meeting seeking comment on the tweaks to the acquisition rules. The meeting was held on December 11.
Here is the government’s position, as laid out in the proposal put forth by the Civil Agency Acquisition Council and the Defense Acquisition Regulations Council:
“The widespread availability of counterfeit Information Technology (IT) products presents a multidimensional threat to our nation. While it is estimated that our nation’s industries and governments lose millions of dollars each year to counterfeiters, the trade in counterfeit IT products also presents serious threats to our national security and consumer safety.”
“Today, IT products, such as computer network hardware, (the infrastructure of business, healthcare, education, and communication and information networks) and integrated circuits (IC), are used in a wide range of applications; including automobiles, aircraft, computers, telecommunications, medical devices, and consumer electronics. These IT products are also essential to our national infrastructure systems; such as air traffic control, financial and telecommunication networks, and government and military communications, information, and operating systems.”
“Counterfeit network hardware and ICs pose a risk in that they frequently do not meet the quality standards of genuine equipment. Various information indicates that these products have a higher failure rate than genuine equipment, and often fail upon installation, or weeks or months after installation. Thus, these counterfeit IT products pose a threat to the national security and consumer safety because when they rnfail, the entire systems in which they are embedded may also fail.”
“The Councils believe requiring contractors to represent that the IT products they sell to the Government are authentic, will aid in efforts to combat counterfeit IT products. In addition to commenting on the Government proposal, the public and industry are invited to offer suggestions on other ways to limit the risk to the Government from acquiring counterfeit IT products.”
In plain English–well, actually American–Uncle Sam is suggesting that the only way to get rid of the dirty water of counterfeit IT gear is to throw the baby of the secondhand equipment market out the window, too.
The Department of Defense, the GSA, and NASA gave presentations at the meeting, where most of the 100 people who attended were from various government agencies affected by the rule change. World Data Products, one of the largest dealers of secondhand IT equipment in the United States that is based in Minnetonka, Minnesota, had representatives at the meeting, as did the Society of Automotive Engineers (yup, that raised my eyebrow, too, but this is democracy). Joe Marion, who heads up the Asssociation of Service and Computer Dealers, represented the ASCDI as well as the North American Association of Telecommunications Dealers (which stupidly abbreviates itself the NATD).
According to a statement put out by Marion on behalf of the ASCDI and NATD, which you can read in full here, the secondhand IT market represents $312 billion in sales a year (presumably on a global scale) and in the United States, there are over 100,000 people who pay taxes, Marion reminded everyone, who work in the used equipment market. He said further that sales of gear to the U.S. government represented about 15 percent of sales in the secondhand IT market, so a rule requiring that only vendor-certified new or used gear be acquired by Uncle Sam would be very disruptive to the industry. Moreover, the availability of used equipment can save the government money, and this is just as important these days as having equipment being certified as authentic, whether it is new or used.
While no one in the used equipment business is looking for regulation, the question of authenticity is a touchy one, since only a vendor could really be the judge of that. And you can bet that a vendor of servers or switches is not going to be in any big hurry to do inspections in a timely fashion on behalf of secondhand equipment dealers who are competing with them in accounts. Marion proposed that Uncle Sam mandate that as part of all bids that manufacturers offer a maintenance agreement qualification inspection upon request. This is a spot audit of gear, not a check on all gear, and this strikes me as less than satisfactory. But at the same time, if you have to inspect and authenticate every piece of used equipment out there, it will potentially negate a lot of the economic value that comes with buying used, since you have to pay inspectors and do lots of paperwork. Right now, people trust secondhand dealers to not lie.
Nothing has been decided upon yet, but ASCDI and NATD are being asked to provide supplemental public comment by January 20.
The key question that did not seem to be answered–at least not in the material I could find on the meeting–is exactly how much counterfeit gear is out there and what kinds of things are being passed off. I heard some rumors a few years back about dealers rejiggering RAID disk controllers for one server so they would work on another that had more expensive components by monkeying around in the ROMs on the disk controllers. Sometimes, the new ROM settings didn’t hold after the operating system was patched with an update, which caused all sorts of problems. I could never get hard proof of this happening, but if IBM wasn’t screwing iSeries customers on price for essentially the same card it was using in the pSeries line, there would have been no motivation for any dealer to mess around with the ROM on the RAID card in the first place.
The other question I have is this: What constitutes counterfeit? Is an x64 server with clone memory counterfeit? What if the vendor puts in a secondary processor in the box, one they buy off the shelf and not from the vendor? What if a dealer plugs in clone disk drives that the original manufacturer did not use but which are functionally equivalent?
What the law should be is simple. Companies, whether they sell new or used gear, have to represent accurately each and every component and source in a piece of gear so buyers know exactly what they are buying. And if you lie about that, well, you should go to jail. (Congress should write a law covering this if there is not one already on the books if counterfeit IT gear is such a problem. For all I know, there already is one.) This issue seems to be a matter of law and enforcement, and if the secondhand market is the source of inauthentic IT gear, a little jail time with some publicity can clean this problem up pronto.