"Your statement implies that surveillance is currently useful, when pretty much all evidence currently shows that its already pretty useless."
words like "useless" and "failed" are entirely dependent on a projects success criteria. And a project can have multiple success criteria.
Granted, the "obvious" success criteria is "find terrorists". But there are other, not quite so obvious potential success criteria here. Examples include, but aren't limited to:
distraction ("hey everyone, look over here at this useless program")
indoctrination - "in 5 years, people will be used to X, then we can implement Y"
funding support - "X isn't useful today, but will be given another $Y"
misdirection - "we've told the terrorists we found the location to their secret base via correlation of landmarks with satellite footage. Lets hope they don't figure out to turn off the location function on their smartphone camera and/or figure out how to strip exif data out of images."
"I wonder if he knew about the operational insecurity of the OPM? "
Maybe. Doesn't really matter.
"You have to admit that it would have saved an awful lot of hot mess if he had warned the government about it before it happened."
Unlikely. History shows - repeatedly - that such warnings - at best - would have been ignored and at worst would have been received with great hostility.
"In that case, he would have been awarded a medal for it and given a better job."
No. Having embarrassed the Authorizing Official (required under FISMA, look it up) for whichever system it was, he'd have been lucky to have gotten the equivalent of an "atta boy, good job, go back to work" and subsequently having the report shelved, not be be looked at again until some reporter filed a FOIA request for it.
I mean, don't get me wrong - there's no question that this is really bad. But if we, as a country, continue to centralize information on everybody in the name of security, then before too many years have elapsed, we're going look back on this particular breach as being small scale and, dare I say it, quaint.
The US Government is big, and if they're going to successfully implement this mandate, they're going to need their own public root certificate authority to cost effectively sign all those new SSL Keys, and for the sake of simplicity, that root CA cert will need to be installed everywhere by default. Otherwise Grandpa is going to get a browser cert error when he goes to www.irs.gov, and we can't have that.
Of course, once a root is installed, it can be used to sign certs for any web site.
"Does the Government use encryption?" A: Yes. "Why?": A: To protect itself and its citizens from the Very Bad People(tm) who wish to do Very Bad Things(tm).
"Should citizens be denied that same protection?": A: Yes. "Why?": To allow the government to properly protect itself and its citizens from the Very Bad People(tm) who wish to do Very Bad Things(tm).
From a certain perspective, that logic makes a lot of sense. From most other perspectives, not so much. But when your job mandate is to make sure that "never again will there be a (9/11, world trade center, boston marathon bombing, etc)", it must get pretty easy after a while to accomplish the necessary mental gymnastics. It's the same pressure that eventually allows a person to turn everyone who disagrees with their methods into terrorist sympathizers.
He's helping the FBI set up the "middle ground" option, the same that you would do with any project.
It's the proverbial "here's the cadillac option, here's the ford focus option, and here's the yugo option that you'd present as project options to your boss."
This is (depending on your perspective) either the Yugo or the Cadillac option. He doesn't expect to get it, probably doesn't actually want it, and you can be certain he knows he's coming off as sounding unreasonable/irrational.
But it's going to make the "middle ground" option - when finally presented - sound oh-so-much better to the powers that be.
I'm in full agreement with you, but I'm only aware of the "evidence" that's made "public".
Also, given that the DOJ is comprised of people, There's at least a chance that it comes down to lazy, instead of nefarious. After all, why go through the hard work of putting together solid case when you really don't expect that it'll be needed?
Once he finally gets extradited (and realistically I do think it's when, not if), I think he'd be able to make a fairly compelling case for summary dismissal of charges for a variety of reasons, and failing that getting an Adverse Inference instruction from the Judge against the DOJ based on spoliation would seem to be viable as well.
Without respect to either of those, It's still going to be incredibly expensive for him, and he'll be in court over this for years.
Bumbling, perhaps, but caused in large part by hubris on the part of the DOJ.
"Sit, Stay, Fetch, Rollover, Good New Zealand, Good Country"
The DOJ clearly didn't expect New Zealand to anything but what they were told to do, and got caught flat footed when the NZ judiciary started to call the DOJ out on both US and NZ procedural problems.
At the end of the day, the DOJ might actually have a solid case, but they're have to be able to articulate it well enough to convince a foreign judge to issue an extradition order, and so far they've been unable to do so.