NSA's Response To Snowden Leaks Isn't To Stop Spying, But To Make It More Difficult To Blow The Whistle
from the wrong-lesson dept
In response to the revelations, via Ed Snowden, that the NSA’s surveillance apparatus is sweeping up a lot more information on the public than most people realized, you might think that the proper response would be to stop collecting so much information. But, of course, the NSA’s actual response is to try to make it more difficult for the next Ed Snowden to leak information by instituting a “two-person rule” for accessing information.
The director of the N.S.A., Gen. Keith B. Alexander, acknowledged the problem in a television interview on Sunday and said his agency would institute “a two-man rule” that would limit the ability of each of its 1,000 system administrators to gain unfettered access to the entire system. The rule, which would require a second check on each attempt to access sensitive information, is already in place in some intelligence agencies. It is a concept borrowed from the field of cryptography, where, in effect, two sets of keys are required to unlock a safe.
From government agencies to corporate America, there is a renewed emphasis on thwarting the rogue I.T. employee. Such in-house breaches are relatively rare, but the N.S.A. leaks have prompted assessments of the best precautions businesses and government can take, from added checks and balances to increased scrutiny during hiring.
Basically: we won’t fix the actual problem, we’ll just makes sure it’s much more difficult for the next whistleblower to expose us. That’s not particularly comforting.
Filed Under: ed snowden, nsa, two person rule, whistleblowing
Comments on “NSA's Response To Snowden Leaks Isn't To Stop Spying, But To Make It More Difficult To Blow The Whistle”
That is, until the two people work to take the information.
No worries, though. The policy will just be updated for a three-person rule.
Has Anonymous taught these idiots nothing?
If the NSA has anything to worry about now, it’s screening potential employees whose job it is to monitor what the NSA is doing behind closed doors.
And breach accordingly.
Re: Re:
Recruitment must be difficult for the NSA. You need people who will are respectful enough to not leak their documents, but disrespectful enough to spy on everyone else.
Re: Re: Re:
Re: Re: Re: Re:
It’s not “Gathering intelligence on other Nations hostile to the U.S.” that has caused the outrage. It is “Gathering absolutely everything that looks maybe like it might be 50% foreign in origin and demanding unrestricted access to pretty much everything ever. And then storing it all for god knows how long.”
Re: Re: Re: Re:
No, the massive spying on US citizens is. Although I wouldn’t have used the word “disrespectful”. I’d have said it was “unamerican”.
Re: Re: Re: Re:
Wow, this fucker thinks this is still about government vs. government. Wake up is a bit of a cliche but seriously, it’s not the cold war anymore. It’s 2013. So yeah… wake up.
Re: Re: Re: Re:
“Really? Gathering intelligence on other nations hostile to the U.S. is now ‘disrespectful’?”
Except they’re not, not exclusively anyway. They’re spying on all communications within our country. Clearly the government is ultra-paranoid and thinks of us as the enemy. The NSA has to find people without honor or respect for their fellow countrymen to willfully violate our rights.
Re: Re: Re: Re:
Enemies? You would think we have been invaded by an evil entity trying to kill us and change our values……oh wait; that’s the United State I’m talking about. If we were occupied as much as we occupy foreign soil, there would be alien military bases in every state in the US. China has zero military installations outside of it’s own borders, and just built it’s first aircraft carrier. WAKE UP PEOPLE…..we are the aggressor to people that think differently than us. Obama said we are not at war with Islam, but every conflict in the last few decades have been in Islamic countries fighting Muslims.
Re: Re: Re: us empire
The only nation who is hostile us the US period! Every where the US has been is to take over resources, put in a dicator to favor the US & place massive debt on the country period! Who the fuck are you & all these fucktards trying to kid & try to change that the US is the victum here? What fucking intelligance its called braeking the laws & rights & hypocriticaly always trying to stand for justice & freedom! Bullshit!
Rotation
Will the NSA rotate working pairs like the Stasi did at the Berlin Wall?
Re: Rotation
That would be the only reasonable way to do it to avoid conspiracies. Actually this is a change for the better. For the wrong reasons, targeted at the wrong people and with limited effect. But babysteps.
Caring about security sounds like a good idea for a secret service. Wonder who got that idea? Must be a professor or somn.
They don't see the same problem
You have to keep in mind here – according to the government, they’ve been doing precisely what they’re supposed to do – the only failed at keeping it a secret.
So they’re being held accountable not for their actions, but for their secrecy.
They have to keep better secrets if they want to continue doing their job – so that is why they’re increasing security – that’s their job.
It’s rather pathetic, but clearly it shows where our government’s priorities are.
Re: They don't see the same problem
They don’t WANT to see the same problem and THAT is part of the problem. They are classically self-delusional. They pretend information isn’t public when it is. They pretend it’s just about security when it’s not. They pretend that he is the one who did something wrong and not them. They keep telling themselves these things over and over again hoping that they can convince people to believe them just like they are telling themselves over and over again in an attempt to convince themselves. It is so pathetic that it hurts to watch.
Uhh… so they are encouraging leaks to occur Snowden Style x 2 instead of going through proper channels? I guess they want to stick with what works.
This *does* mitigate one data-misuse scenario...
…namely, a rogue employee misusing their access to the data for nefarious purposes. Now they won’t be able to do that without the other guy that’s looking over their shoulder asking “why are you searching for your ex’s name instead of for Osama bin Laden?” or something like that.
Re: This *does* mitigate one data-misuse scenario...
Assuming the second party has to sit there and watch over your shoulder the entire time or get locked out of the system.
Likely what’ll happen is that they’ll unlock it, and walk away leaving it in the same situation with the annoyance of having to get someone else to open half of the lock every day.
/shrug
I mis-read “dictator” for “director”.
Somehow the meaning of the article didn’t change.
Snowden did more than "blow the whistle"
Releasing the Verizon FISA court order was truly beneficial, and that information should have been public. Ever since it’s been downhill. Releasing details on what foreign computers (down to the IP address) the NSA is spying upon serves zero benefit to the public. To cheerlead every action taken by Snowden up to this point (never mind the far more damaging material that’s encrypted for the moment) is simply to declare that the US should have no covert operations.
Characterizing Snowden as a whistleblower at this point is like characterizing Hurricane Katrina as a rainy day.
Re: Snowden did more than "blow the whistle"
Well, it does help the public know which servers to avoid. That’s a benefit. This sort of stuff can be very useful for the public to know. Also, it might not, in which case it’s collateral damage. The US government deems similar collateral damage acceptable when it comes to spying on us. Fair’s fair.
Not even close. It’s to declare that they way covert operations are currently being done is unacceptable.
Re: Snowden did more than "blow the whistle"
anon coward translation:
“i’m an authoritarian and i just pee’ed my panties already bunched up my bunghole…”
Re: Snowden did more than "blow the whistle"
Accurate enough, certainly based on the evolving scope of what this particular whistle-blower brought with him.
However consider this.
You seem to be making the case that Snowden may be a traitor or a criminal because he scooped up a whole bunch of sensitive *international spying activity logs as well as domestic.
There’s a problem with that conjecture when measured.
First of all, there’s now no doubt the NSA was spying illegally (at least illegal based on published, non-secret laws) on Americans.
This activity runs into direct conflict with one of our core “enshrined” amendments… you know the ones that, by law, aren’t supposed to be superceded by subsequent laws.
A government wantonly breaking its own laws represents a manifest betrayal of trust with the people it is bound to serve. I would say that universally violating the 4th amendment rights of every American could be called a ‘wanton’ act.
A patriot (and I mean a true patriot, not John McCain or a missile program) stands by his countrymen first, then their lawful government. History informs us the patriot must look first to holding his own government to task in order to serve his people.
Having discovered NSA’s transgressions against their own people, but not knowing what else may be going on, a patriot would have no choice but to cast the entire operation under suspicion.
After all, knowing what they are doing to their own people… just what are the NSA people doing to humans around the world?
A true patriot does not crave bloodshed, and would not let unscrupulous people lead his countrymen to war.
The NSA is now suspect for blatantly violating our laws and needs to go under the microscope for our national security. The rest of the government is suspect for supporting them.
Time to open the windows, folks, and play in the light.
Re: Snowden did more than "blow the whistle"
I, AC #582, declare that the US should have no covert operations. None. Zero. Nada.
Re: Snowden did more than
Except that we the U. S. have long cried foul on China for digital espionage and surveillance on foreign nations. Either we bolster foreign hacking or abandon it. However, should we choose the former, in observance of the modernity of criminal justice in its prosecution of digital crimes, then the United States must answer for its foreign espionage being, as it has been since it’s inception, criminal, disconstitutional, dishonorable, and of poor example to the peoples and sovereign nations of the world.
Re: Snowden did more than
Except that we the U. S. have long cried foul on China for digital espionage and surveillance on foreign nations. Either we bolster foreign hacking or abandon it. However, should we choose the former, in observance of the modernity of criminal justice in its prosecution of digital crimes, then the United States must answer for its foreign espionage being, as it has been since it’s inception, criminal, disconstitutional, dishonorable, and of poor example to the peoples and sovereign nations of the world.
Insider breach is not rare
Such in-house breaches are relatively rare
No, it’s not. In fact, it’s the most common type, that is, for everyday IT organizations. Why would the NSA be any different?
Re: Insider breach is not rare
I think it was a different comparator of rare. Data breaches, generally speaking, are rare. However, more breaches when they occur are insider jobs, yes.
so, rather than stop the spying or even come clean on what is going on, who is involved and what info is being gleaned from where, they just want ‘business as usual’ and everyone to forget the incident and allow it to continue? the best thing would be to dissolve all these ‘agencies’ and let things take their course. how can anyone honestly believe that spying on everyone everywhere is going to be the answer to all our problems? humans are one of the worst of the Earth’s inhabitants. we are war-like, selfish, untrustworthy killers! we will never change! it is part of who/what we are! the only time we will change, if then, is when we are almost over the brink, just as in the Keanu Reeves film ‘The Day the Earth Stood Still’. i hope we never gety to that point and can mold our future better than we managed our past. if not, we may as well pack up now because i doubt if anyone is gonna want to spend their life waiting for the next ridiculous ‘scandal’ to break!!
Sysadmins
A sysadmin’s job is to run the system, fix problems, address security issues and generally maintain the system itself. In order to do that job they have to have the access to do the task. If you don’t give them access they can’t do the job. If you don’t have a sysadmin you can trust with access you don’t have a sysadmin at all and the system will fall apart because no one is maintaining it. Effectively that will end these programs. They will fall apart on their own.
Re: Sysadmins
True enough as far as it goes, however, sysadmins don’t need 100% access to the data being managed by a system in order to do their jobs. They just need access to the system itself.
Re: Re: Sysadmins
I think you’re assuming the admin knows no more than the ‘standard’ admin. It’s a fine line and a short walk between system admin level access and read access to any reachable object. Sure you can partition the system, trigger alarms and make things generally harder, but there is nothing that cannot be broken with access to “the machine”.
Re: Re: Re: Sysadmins
A sysadmin should have read access to read any file on the system. A sysadmin doesn’t need to be able to decrypt every file on the system. That’s what I’m talking about.
Really sensitive information is being stored in an encrypted form, I assume. If that’s not true, then the system has a security problem that goes beyond sysadmin access.
Re: Re: Re:2 Sysadmins
But still, SOMEONE trusted has to maintain those decryption systems otherwise they fall into disarray or become sabotaged such that they are completely worthless.
Re: Re: Re:3 Sysadmins
Of course, but it is not necessary for the admin to decrypt sensitive materials to maintain these systems.
Re: Re: Re:4 Sysadmins
Sure the system admin that maintains the OS doesn’t have to be given access to that, although he certainly can keep it from working if so desired. Still the admin that maintains the system that does the decryption does have to have access to that, otherwise how is he going to know if it is working properly or is having a problem that needs to be addressed? How do you know if he can be trusted?
Re: Re: Re:5 Sysadmins
Having access to the decryption system doesn’t mean that he has the ability to decrypt sensitive materials. He’d need the encryption key for those materials to do that.
For admin purposes, the testing can be adequately accomplished by the admin encrypting and decrypting files that he’s supplied himself.
Re: Re: Re:6 Sysadmins
But he still never really knows whether the actual data will be able to be decrypted or not, and when command comes down and says “We need this info now! It’s not working! You are the guy who is supposed to keep this running! Just fix it NOW!”
Yeah, showing them that you can decrypt hypothetical files with the same system is really going to make them feel better.
Re: Re: Re:7 Sysadmins
If the problem cannot be demonstrated with sample data, then there is nothing the sysadmin can do about it anyway (the problem is almost certainly going to be corrupted data). Having access to the sensitive data won’t help him resolve the problem, other than to say “yup, it doesn’t work”.
However, if there’s some PHB who doesn’t understand that, then the PHB can certainly give the sysadmin the necessary credentials for the specific data there’s a problem with. There’s still no need for the sysadmin to have blanket access.
Can we issue a blanket apology to the world for whatever we’ve been doing to them while we figure out what the hell our government is doing and censure their playtime accordingly?
Feynman effect
This reminds me of one of the Feynman stories from the time he was working for the Manhattan Project. As a sort of prank-hobby, he found a way to discover safe combinations, which was relatively easy when you had a chance to temper with an open safe for a couple of minutes. He demonstrated it to some high-ranking officer in charge of one of the Uranium production facilities, and explained how it’s done, recommending that all the employees should always lock their safes and never leave them open unattended. The response of the officer on the other hand was to tell all the employees who had any contact with Feynman to change their safe combinations. He learned about it during his next visit to that facility, when people started avoiding him.
I guess there is something peculiar about a government agent’s mentality which makes those people defy common sense.
making it more difficult for their wrong doings to be found out and reported instead of stopping doing wrong shows how warped those in charge really are. how the hell did things degrade to this level? how were things allowed to degrade to this level? who is really pulling the strings and why in such a manner as to paint all of the people as criminals and terrorists? if those concerned dont trust anyone here anymore, the best bet is to leave and live somewhere else, isn’t it?
Hasn't the NSA seen the movie
Crimson Tide
How?
So who is going to implement this two person system?
Oh the people who set it up and administer it.
You mean the system administrators that the system is supposed to block?
Yes!
So you are going to have the guys that you want to limit install the locks?
Yes!
That will work out great. 😉
There are but nine.
The subhead tells it all.
While so many of you search for the TRUTH?
The answer you seek, is already provided you.
1 of 9
P.s, it’s not Scotus