Would You Trust Any Organization That Doesn't Trust 4,000 Of Its Employees? What If It's The NSA?
from the something-wrong-here dept
It’s becoming increasingly clear that one of the reasons Edward Snowden was able to access so much secret information — and walk out of the door with it — is that the NSA is an organizational mess. A fascinating post by David Ignatius in the Washington Post underlines another way in which the NSA is deeply dysfunctional by any normal standard:
the NSA planned to investigate at least 4,000 of its employees and contractors in 2013, thanks in part to new software that could detect “anomalous” behavior by the workforce.
He goes on to ask an extremely important question:
How do you run an organization where 4,000 of your employees are suspect? I fear that if the NSA tries to impose ever-more stringent controls, this will create even more disgruntled workers and a larger pool of anomalies. A new “Red Scare” may well follow the Snowden revelations, but making every employee a suspect is likely to backfire.
Even the most anodyne of organizations that can’t fully trust 4000 of its employees is in big trouble; if it’s one that handles some of the most sensitive information in the world, with the potential to save or cost many lives, that lack of trust is a recipe for disaster on a massive scale. And as Ignatius notes, the more the NSA tries to clamp down on people, the more likely it is to create further Edward Snowdens.
Ignatius also points out that the solution is not to close down, but to open up. By reducing drastically the number of things that are deemed secret in the first place, it would be possible to concentrate on protecting just those that really matter:
The beneficiaries in a no-secrets world will be relatively open societies, such as the United States, that are slowly developing a culture of accountability and disclosure for their intelligence agencies, however painful the process may be. The fewer secrets, the less to protect.
Although it’s arguable to what extent the US has developed that “culture of accountability and disclosure” for the NSA yet, as President Obama inches towards admitting the scale of the problem here, the rest of the analysis in Ignatius’ piece is well-worth reading.
Follow me @glynmoody on Twitter or identi.ca, and on Google+
Filed Under: clearance, contractors, ed snowden, nsa, nsa surveillance, review, top secret
Comments on “Would You Trust Any Organization That Doesn't Trust 4,000 Of Its Employees? What If It's The NSA?”
While we blame NSA analysts for developing privacy subversive tools and performing universal surveillance, looks like things are even worse at the workplace. Can’t imagine talented people working under such conditions.
Re: Re:
Well their own recruiters basically suggest that they get drunk and have costume parties on a regular basis, but that may just be in drowning their conscience like good little traitors.
We’ve always been at war with Eastasia.
They’re not doing themselves any favors with overt paranoia directed at their workforce, which in turn makes the latter overly paranoid about their superiors.
I fear that if the NSA tries to impose ever-more stringent controls, this will create… a larger pool of anomalies.
I had to smile at this.
Sheesh. This clown thinks SPYING can be made warm and fuzzy?
Looks like more of the predicted normalizing; a limited hangout to acquaint dolts with the scale of spying, but then tone it down with diversions from the actual crimes. So now this clown thinks it’s just a matter of workplace conditions? Sheesh.
At least try to remember that the hundreds of thousands people employed by NSA are still every minute of every day stealing your privacy and with it, your liberty.
Re: Sheesh. This clown thinks SPYING can be made warm and fuzzy?
Didn’t read his article, did you?
He’s not talking about “workplace conditions” so much as the fact that we keep to goddamn much stuff secret and, we do too goddamn much spying on our own people.
David Ignatius is one of the guys in the mainstream media who gets the scope of the problem. Show at least enough self-respect to read what he says before you go off on him.
Don't employ people you cannot trust
I am an IT guy, the other day someone asked if there was some way to tell if people were actually working when they work from home over the VPN.
I answered:
1. When their work is not done on time.
2. Why are you employing people you do not trust?
Re: Don't employ people you cannot trust
That sort of thing is pretty common, and it’s so braindead wrong that you almost want to laugh. Employers who feel the need (real or imagined) to spy on their employees are in trouble. Either they are bad managers or they’ve hired bad people.
Really, any employer should only care about one thing: that the work is being done correctly and on time. You don’t need to spy on people to determine if that’s happening. It’s self-evident.
Seems to me that a critical fact that should be ascertained before claiming dysfunction is “just how does this software work and what constitutes anomalous”. Even things that seem trivial may have negative consequences, so it seems to me that acting prudently is not necessarily unreasonable.
Spying
Surely they should be able to use their database to check out people that they give security clearances to? It is not like they don’t know who to check out, they will have name and phone number etc. right in front of them.
Arthur Dent
Every time I hear about the NSA having so much trouble keeping their house in order it reminds me of a section of the Hitchhikers Guide to the Galaxy. At work so I can’t look it up, but I think it’s in the 5th book. Basically Ford hacked a mainframe, then tried to set up a subroutine to deny that the hack happened, only to find that the mainframe had loads of those running already.
Basically it a seems that the NSA is set up in a way where the whole organization has plausible denial of itself. The less you know the less you actually have to lie at those pesky oversight hearings
Disband the NSA
Although nigh on impossible politically, it’s beginning to look as if we need to disband these dysfunctional federal agencies, and start over.
Spying
Spying
Surely they should be able to use their database to check out people that they give security clearances to? It is not like they don’t know who to check out, they will have name and phone number etc. right in front of them.
Even that is not a certainty. Today the NSA and all others… are creating fake idendities to be used by their spies. Even if you were to verify these identities on line, you you only get what the NSA and others want you se see. A lot of these spies that infiltrate companies are trained at the NSA Spy schools on how to act and learn their role perfectly. There’s just no way around.
Security through Obscurity
By keeping everything secret, the enemy doesn’t know what the real secrets are. If we were to make less things secret the enemy would know exactly what secrets to go after. What the real secrets are needs to be kept secret.
Here's the snag though...
I read this and this quote popped to mind. . .
“The more you tighten your grip, Tarkin, the more star systems will slip through your fingers.”
―Princess Leia to Grand Moff Tarkin
http://starwars.wikia.com/wiki/Tarkin_Doctrine
Apples and Oranges
There are plenty of reasons not to trust the NSA, but worrying about their own employees isn’t one of them. Fact is, every business suffers from some sort of ‘loss’, be it information or merchandise, be it for personal gain or industrial espionage. It is management’s duty to prevent that loss.
How the management works to prevent loss, and what they do when it’s discovered, are quite different stories than the mere fact they are working to prevent it.
Government employees are such lazy a$$es for one. I know because I worked at a local agency. All intelligence agencies should be disbanded. They use their “power” to do evil. I should know. They’re probably reading this as I type. The things that these crooks are able to do is scary. Monitor phone calls, Internet activity, emails, listen to conversations in the privacy of your own home and watch you in your own home.
If you suspect that many people, either (a) you’re mostly right and can’t be trusted with sensitive information or (b) you’re wrong and shouldn’t be trusted with automated threat analysis.