Would You Trust Any Organization That Doesn't Trust 4,000 Of Its Employees? What If It's The NSA?

from the something-wrong-here dept

It's becoming increasingly clear that one of the reasons Edward Snowden was able to access so much secret information -- and walk out of the door with it -- is that the NSA is an organizational mess. A fascinating post by David Ignatius in the Washington Post underlines another way in which the NSA is deeply dysfunctional by any normal standard:

the NSA planned to investigate at least 4,000 of its employees and contractors in 2013, thanks in part to new software that could detect "anomalous" behavior by the workforce.
He goes on to ask an extremely important question:
How do you run an organization where 4,000 of your employees are suspect? I fear that if the NSA tries to impose ever-more stringent controls, this will create even more disgruntled workers and a larger pool of anomalies. A new "Red Scare" may well follow the Snowden revelations, but making every employee a suspect is likely to backfire.
Even the most anodyne of organizations that can't fully trust 4000 of its employees is in big trouble; if it's one that handles some of the most sensitive information in the world, with the potential to save or cost many lives, that lack of trust is a recipe for disaster on a massive scale. And as Ignatius notes, the more the NSA tries to clamp down on people, the more likely it is to create further Edward Snowdens.

Ignatius also points out that the solution is not to close down, but to open up. By reducing drastically the number of things that are deemed secret in the first place, it would be possible to concentrate on protecting just those that really matter:

The beneficiaries in a no-secrets world will be relatively open societies, such as the United States, that are slowly developing a culture of accountability and disclosure for their intelligence agencies, however painful the process may be. The fewer secrets, the less to protect.
Although it's arguable to what extent the US has developed that "culture of accountability and disclosure" for the NSA yet, as President Obama inches towards admitting the scale of the problem here, the rest of the analysis in Ignatius' piece is well-worth reading.

Follow me @glynmoody on Twitter or identi.ca, and on Google+



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Sep 6th, 2013 @ 5:01am

    While we blame NSA analysts for developing privacy subversive tools and performing universal surveillance, looks like things are even worse at the workplace. Can't imagine talented people working under such conditions.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Sep 6th, 2013 @ 5:14am

      Re:

      Well their own recruiters basically suggest that they get drunk and have costume parties on a regular basis, but that may just be in drowning their conscience like good little traitors.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    That Anonymous Coward (profile), Sep 6th, 2013 @ 5:06am

    We've always been at war with Eastasia.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    The Real Michael, Sep 6th, 2013 @ 5:47am

    They're not doing themselves any favors with overt paranoia directed at their workforce, which in turn makes the latter overly paranoid about their superiors.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 6th, 2013 @ 5:51am

    I fear that if the NSA tries to impose ever-more stringent controls, this will create... a larger pool of anomalies.

    I had to smile at this.

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Sep 6th, 2013 @ 5:54am

    Sheesh. This clown thinks SPYING can be made warm and fuzzy?

    Looks like more of the predicted normalizing; a limited hangout to acquaint dolts with the scale of spying, but then tone it down with diversions from the actual crimes. So now this clown thinks it's just a matter of workplace conditions? Sheesh.

    At least try to remember that the hundreds of thousands people employed by NSA are still every minute of every day stealing your privacy and with it, your liberty.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      PopeRatzo (profile), Sep 6th, 2013 @ 6:58am

      Re: Sheesh. This clown thinks SPYING can be made warm and fuzzy?

      So now this clown thinks it's just a matter of workplace conditions? Sheesh.
      Didn't read his article, did you?

      He's not talking about "workplace conditions" so much as the fact that we keep to goddamn much stuff secret and, we do too goddamn much spying on our own people.

      David Ignatius is one of the guys in the mainstream media who gets the scope of the problem. Show at least enough self-respect to read what he says before you go off on him.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 6th, 2013 @ 6:05am

    Don't employ people you cannot trust

    I am an IT guy, the other day someone asked if there was some way to tell if people were actually working when they work from home over the VPN.

    I answered:
    1. When their work is not done on time.
    2. Why are you employing people you do not trust?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Sep 6th, 2013 @ 10:02am

      Re: Don't employ people you cannot trust

      That sort of thing is pretty common, and it's so braindead wrong that you almost want to laugh. Employers who feel the need (real or imagined) to spy on their employees are in trouble. Either they are bad managers or they've hired bad people.

      Really, any employer should only care about one thing: that the work is being done correctly and on time. You don't need to spy on people to determine if that's happening. It's self-evident.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 6th, 2013 @ 6:12am

    Seems to me that a critical fact that should be ascertained before claiming dysfunction is "just how does this software work and what constitutes anomalous". Even things that seem trivial may have negative consequences, so it seems to me that acting prudently is not necessarily unreasonable.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 6th, 2013 @ 6:18am

    Spying

    Surely they should be able to use their database to check out people that they give security clearances to? It is not like they don't know who to check out, they will have name and phone number etc. right in front of them.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    beech, Sep 6th, 2013 @ 6:30am

    Arthur Dent

    Every time I hear about the NSA having so much trouble keeping their house in order it reminds me of a section of the Hitchhikers Guide to the Galaxy. At work so I can't look it up, but I think it's in the 5th book. Basically Ford hacked a mainframe, then tried to set up a subroutine to deny that the hack happened, only to find that the mainframe had loads of those running already.

    Basically it a seems that the NSA is set up in a way where the whole organization has plausible denial of itself. The less you know the less you actually have to lie at those pesky oversight hearings

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Wolfy, Sep 6th, 2013 @ 7:58am

    Disband the NSA

    Although nigh on impossible politically, it's beginning to look as if we need to disband these dysfunctional federal agencies, and start over.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Jerrymiah, Sep 6th, 2013 @ 7:59am

    Spying

    Spying

    Surely they should be able to use their database to check out people that they give security clearances to? It is not like they don't know who to check out, they will have name and phone number etc. right in front of them.

    Even that is not a certainty. Today the NSA and all others... are creating fake idendities to be used by their spies. Even if you were to verify these identities on line, you you only get what the NSA and others want you se see. A lot of these spies that infiltrate companies are trained at the NSA Spy schools on how to act and learn their role perfectly. There's just no way around.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Simple Mind (profile), Sep 6th, 2013 @ 8:08am

    Security through Obscurity

    By keeping everything secret, the enemy doesn't know what the real secrets are. If we were to make less things secret the enemy would know exactly what secrets to go after. What the real secrets are needs to be kept secret.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    CommonSense (profile), Sep 6th, 2013 @ 9:00am

    Here's the snag though...

    Ignatius also points out that the solution is not to close down, but to open up. By reducing drastically the number of things that are deemed secret in the first place, it would be possible to concentrate on protecting just those that really matter:

    I think since they're so keen to keep everything they have a secret, it's likely that everything that wouldn't get them in trouble is already out there. If they're afraid of 4000 employees, it's likely that letting any of the 'secret' information out would cause problems.

    It's what the public wants, and what the world really needs, but it's not what those in power want...because it means less power.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Bryan (profile), Sep 6th, 2013 @ 10:14am

    I read this and this quote popped to mind. . .

    "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
    ―Princess Leia to Grand Moff Tarkin

    http://starwars.wikia.com/wiki/Tarkin_Doctrine

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    radarmonkey (profile), Sep 6th, 2013 @ 10:34am

    Apples and Oranges

    There are plenty of reasons not to trust the NSA, but worrying about their own employees isn't one of them. Fact is, every business suffers from some sort of 'loss', be it information or merchandise, be it for personal gain or industrial espionage. It is management's duty to prevent that loss.

    How the management works to prevent loss, and what they do when it's discovered, are quite different stories than the mere fact they are working to prevent it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Dude, Sep 7th, 2013 @ 2:12am

    Government employees are such lazy a$$es for one. I know because I worked at a local agency. All intelligence agencies should be disbanded. They use their "power" to do evil. I should know. They're probably reading this as I type. The things that these crooks are able to do is scary. Monitor phone calls, Internet activity, emails, listen to conversations in the privacy of your own home and watch you in your own home.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    M. Alan Thomas II (profile), Sep 7th, 2013 @ 3:16am

    If you suspect that many people, either (a) you're mostly right and can't be trusted with sensitive information or (b) you're wrong and shouldn't be trusted with automated threat analysis.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This