NSA's Response To Snowden Leaks Isn't To Stop Spying, But To Make It More Difficult To Blow The Whistle

from the wrong-lesson dept

Wed, Jun 26th 2013 9:12am — Mike Masnick

In response to the revelations, via Ed Snowden, that the NSA's surveillance apparatus is sweeping up a lot more information on the public than most people realized, you might think that the proper response would be to stop collecting so much information. But, of course, the NSA's actual response is to try to make it more difficult for the next Ed Snowden to leak information by instituting a "two-person rule" for accessing information.

The director of the N.S.A., Gen. Keith B. Alexander, acknowledged the problem in a television interview on Sunday and said his agency would institute “a two-man rule” that would limit the ability of each of its 1,000 system administrators to gain unfettered access to the entire system. The rule, which would require a second check on each attempt to access sensitive information, is already in place in some intelligence agencies. It is a concept borrowed from the field of cryptography, where, in effect, two sets of keys are required to unlock a safe.

From government agencies to corporate America, there is a renewed emphasis on thwarting the rogue I.T. employee. Such in-house breaches are relatively rare, but the N.S.A. leaks have prompted assessments of the best precautions businesses and government can take, from added checks and balances to increased scrutiny during hiring.

Basically: we won't fix the actual problem, we'll just makes sure it's much more difficult for the next whistleblower to expose us. That's not particularly comforting.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ed snowden, nsa, two person rule, whistleblowing

43 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Akari Mizunashi (profile), 26 Jun 2013 @ 7:36am

That is, until the two people work to take the information.

No worries, though. The policy will just be updated for a three-person rule.

Has Anonymous taught these idiots nothing?

If the NSA has anything to worry about now, it's screening potential employees whose job it is to monitor what the NSA is doing behind closed doors.

And breach accordingly.
[ link to this | view in chronology ]
- Anonymous Coward, 26 Jun 2013 @ 10:25am
  
  Re:
  Recruitment must be difficult for the NSA. You need people who will are respectful enough to not leak their documents, but disrespectful enough to spy on everyone else.
  [ link to this | view in chronology ]
  - btr1701 (profile), 26 Jun 2013 @ 10:28am
    
    Re: Re:
    > You need people who will are respectful
    > enough to not leak their documents, but
    > disrespectful enough to spy on everyone else.
    
    Really? Gathering intelligence on other nations hostile to the U.S. is now 'disrespectful'?
    
    For fuck's sake...
    [ link to this | view in chronology ]
    - Anonymous Coward, 26 Jun 2013 @ 10:35am
      
      Re: Re: Re:
      It's not "Gathering intelligence on other Nations hostile to the U.S." that has caused the outrage. It is "Gathering absolutely everything that looks maybe like it might be 50% foreign in origin and demanding unrestricted access to pretty much everything ever. And then storing it all for god knows how long."
      [ link to this | view in chronology ]
    - John Fenderson (profile), 26 Jun 2013 @ 10:43am
      
      Re: Re: Re:
      Gathering intelligence on other nations hostile to the U.S. is now 'disrespectful'?
      
      No, the massive spying on US citizens is. Although I wouldn't have used the word "disrespectful". I'd have said it was "unamerican".
      [ link to this | view in chronology ]
    - Anonymous Coward, 26 Jun 2013 @ 12:15pm
      
      Re: Re: Re:
      Wow, this fucker thinks this is still about government vs. government. Wake up is a bit of a cliche but seriously, it's not the cold war anymore. It's 2013. So yeah... wake up.
      [ link to this | view in chronology ]
    - The Real Michael, 27 Jun 2013 @ 4:25am
      
      Re: Re: Re:
      "Really? Gathering intelligence on other nations hostile to the U.S. is now 'disrespectful'?"
      
      Except they're not, not exclusively anyway. They're spying on all communications within our country. Clearly the government is ultra-paranoid and thinks of us as the enemy. The NSA has to find people without honor or respect for their fellow countrymen to willfully violate our rights.
      [ link to this | view in chronology ]
    - sensible, 27 Jun 2013 @ 6:22am
      
      Re: Re: Re:
      Enemies? You would think we have been invaded by an evil entity trying to kill us and change our values......oh wait; that's the United State I'm talking about. If we were occupied as much as we occupy foreign soil, there would be alien military bases in every state in the US. China has zero military installations outside of it's own borders, and just built it's first aircraft carrier. WAKE UP PEOPLE.....we are the aggressor to people that think differently than us. Obama said we are not at war with Islam, but every conflict in the last few decades have been in Islamic countries fighting Muslims.
      [ link to this | view in chronology ]
    - aanon80, 28 Jun 2013 @ 4:17am
      
      us empire
      The only nation who is hostile us the US period! Every where the US has been is to take over resources, put in a dicator to favor the US & place massive debt on the country period! Who the fuck are you & all these fucktards trying to kid & try to change that the US is the victum here? What fucking intelligance its called braeking the laws & rights & hypocriticaly always trying to stand for justice & freedom! Bullshit!
      [ link to this | view in chronology ]
madasahatter (profile), 26 Jun 2013 @ 9:39am

Rotation
Will the NSA rotate working pairs like the Stasi did at the Berlin Wall?
[ link to this | view in chronology ]
- Anonymous Coward, 26 Jun 2013 @ 11:06am
  
  Re: Rotation
  That would be the only reasonable way to do it to avoid conspiracies. Actually this is a change for the better. For the wrong reasons, targeted at the wrong people and with limited effect. But babysteps.
  
  Caring about security sounds like a good idea for a secret service. Wonder who got that idea? Must be a professor or somn.
  [ link to this | view in chronology ]
Anonymous Coward, 26 Jun 2013 @ 9:44am

They don't see the same problem
You have to keep in mind here - according to the government, they've been doing precisely what they're supposed to do - the only failed at keeping it a secret.

So they're being held accountable not for their actions, but for their secrecy.

They have to keep better secrets if they want to continue doing their job - so that is why they're increasing security - that's their job.

It's rather pathetic, but clearly it shows where our government's priorities are.
[ link to this | view in chronology ]
- Anonymous Coward, 26 Jun 2013 @ 2:45pm
  
  Re: They don't see the same problem
  They don't WANT to see the same problem and THAT is part of the problem. They are classically self-delusional. They pretend information isn't public when it is. They pretend it's just about security when it's not. They pretend that he is the one who did something wrong and not them. They keep telling themselves these things over and over again hoping that they can convince people to believe them just like they are telling themselves over and over again in an attempt to convince themselves. It is so pathetic that it hurts to watch.
  [ link to this | view in chronology ]
Lord Binky, 26 Jun 2013 @ 9:44am

Uhh... so they are encouraging leaks to occur Snowden Style x 2 instead of going through proper channels? I guess they want to stick with what works.
[ link to this | view in chronology ]
Androgynous Cowherd, 26 Jun 2013 @ 9:45am

This *does* mitigate one data-misuse scenario...
...namely, a rogue employee misusing their access to the data for nefarious purposes. Now they won't be able to do that without the other guy that's looking over their shoulder asking "why are you searching for your ex's name instead of for Osama bin Laden?" or something like that.
[ link to this | view in chronology ]
- Anonymous Coward, 26 Jun 2013 @ 9:50am
  
  Re: This *does* mitigate one data-misuse scenario...
  Assuming the second party has to sit there and watch over your shoulder the entire time or get locked out of the system.
  
  Likely what'll happen is that they'll unlock it, and walk away leaving it in the same situation with the annoyance of having to get someone else to open half of the lock every day.
  
  /shrug
  [ link to this | view in chronology ]
TheLastCzarnian (profile), 26 Jun 2013 @ 9:52am

I mis-read "dictator" for "director".

Somehow the meaning of the article didn't change.
[ link to this | view in chronology ]
Anonymous Coward, 26 Jun 2013 @ 9:55am

Snowden did more than "blow the whistle"
Releasing the Verizon FISA court order was truly beneficial, and that information should have been public. Ever since it's been downhill. Releasing details on what foreign computers (down to the IP address) the NSA is spying upon serves zero benefit to the public. To cheerlead every action taken by Snowden up to this point (never mind the far more damaging material that's encrypted for the moment) is simply to declare that the US should have no covert operations.

Characterizing Snowden as a whistleblower at this point is like characterizing Hurricane Katrina as a rainy day.
[ link to this | view in chronology ]
- John Fenderson (profile), 26 Jun 2013 @ 10:08am
  
  Re: Snowden did more than "blow the whistle"
  Releasing details on what foreign computers (down to the IP address) the NSA is spying upon serves zero benefit to the public.
  
  Well, it does help the public know which servers to avoid. That's a benefit. This sort of stuff can be very useful for the public to know. Also, it might not, in which case it's collateral damage. The US government deems similar collateral damage acceptable when it comes to spying on us. Fair's fair.
  
  To cheerlead every action taken by Snowden up to this point (never mind the far more damaging material that's encrypted for the moment) is simply to declare that the US should have no covert operations.
  
  Not even close. It's to declare that they way covert operations are currently being done is unacceptable.
  [ link to this | view in chronology ]
- art guerrilla (profile), 26 Jun 2013 @ 10:11am
  
  Re: Snowden did more than "blow the whistle"
  anon coward translation:
  "i'm an authoritarian and i just pee'ed my panties already bunched up my bunghole..."
  [ link to this | view in chronology ]
- Anonymous Coward, 26 Jun 2013 @ 11:20am
  
  Re: Snowden did more than "blow the whistle"
  Characterizing Snowden as a whistleblower at this point is like characterizing Hurricane Katrina as a rainy day.
  
  Accurate enough, certainly based on the evolving scope of what this particular whistle-blower brought with him.
  
  However consider this.
  
  You seem to be making the case that Snowden may be a traitor or a criminal because he scooped up a whole bunch of sensitive *international spying activity logs as well as domestic.
  
  There's a problem with that conjecture when measured.
  
  First of all, there's now no doubt the NSA was spying illegally (at least illegal based on published, non-secret laws) on Americans.
  
  This activity runs into direct conflict with one of our core "enshrined" amendments... you know the ones that, by law, aren't supposed to be superceded by subsequent laws.
  
  A government wantonly breaking its own laws represents a manifest betrayal of trust with the people it is bound to serve. I would say that universally violating the 4th amendment rights of every American could be called a 'wanton' act.
  
  A patriot (and I mean a true patriot, not John McCain or a missile program) stands by his countrymen first, then their lawful government. History informs us the patriot must look first to holding his own government to task in order to serve his people.
  
  Having discovered NSA's transgressions against their own people, but not knowing what else may be going on, a patriot would have no choice but to cast the entire operation under suspicion.
  
  After all, knowing what they are doing to their own people... just what are the NSA people doing to humans around the world?
  
  A true patriot does not crave bloodshed, and would not let unscrupulous people lead his countrymen to war.
  
  The NSA is now suspect for blatantly violating our laws and needs to go under the microscope for our national security. The rest of the government is suspect for supporting them.
  
  Time to open the windows, folks, and play in the light.
  [ link to this | view in chronology ]
- Anonymous Coward, 26 Jun 2013 @ 12:18pm
  
  Re: Snowden did more than "blow the whistle"
  I, AC #582, declare that the US should have no covert operations. None. Zero. Nada.
  [ link to this | view in chronology ]
- Passerby, 27 Jun 2013 @ 10:03am
  
  Re: Snowden did more than
  Except that we the U. S. have long cried foul on China for digital espionage and surveillance on foreign nations. Either we bolster foreign hacking or abandon it. However, should we choose the former, in observance of the modernity of criminal justice in its prosecution of digital crimes, then the United States must answer for its foreign espionage being, as it has been since it's inception, criminal, disconstitutional, dishonorable, and of poor example to the peoples and sovereign nations of the world.
  [ link to this | view in chronology ]
- Passerby, 27 Jun 2013 @ 10:04am
  
  Re: Snowden did more than
  Except that we the U. S. have long cried foul on China for digital espionage and surveillance on foreign nations. Either we bolster foreign hacking or abandon it. However, should we choose the former, in observance of the modernity of criminal justice in its prosecution of digital crimes, then the United States must answer for its foreign espionage being, as it has been since it's inception, criminal, disconstitutional, dishonorable, and of poor example to the peoples and sovereign nations of the world.
  [ link to this | view in chronology ]
pegr, 26 Jun 2013 @ 9:58am

Insider breach is not rare
Such in-house breaches are relatively rare

No, it's not. In fact, it's the most common type, that is, for everyday IT organizations. Why would the NSA be any different?
[ link to this | view in chronology ]
- TaCktiX (profile), 26 Jun 2013 @ 10:05am
  
  Re: Insider breach is not rare
  I think it was a different comparator of rare. Data breaches, generally speaking, are rare. However, more breaches when they occur are insider jobs, yes.
  [ link to this | view in chronology ]
Anonymous Coward, 26 Jun 2013 @ 10:47am

so, rather than stop the spying or even come clean on what is going on, who is involved and what info is being gleaned from where, they just want 'business as usual' and everyone to forget the incident and allow it to continue? the best thing would be to dissolve all these 'agencies' and let things take their course. how can anyone honestly believe that spying on everyone everywhere is going to be the answer to all our problems? humans are one of the worst of the Earth's inhabitants. we are war-like, selfish, untrustworthy killers! we will never change! it is part of who/what we are! the only time we will change, if then, is when we are almost over the brink, just as in the Keanu Reeves film 'The Day the Earth Stood Still'. i hope we never gety to that point and can mold our future better than we managed our past. if not, we may as well pack up now because i doubt if anyone is gonna want to spend their life waiting for the next ridiculous 'scandal' to break!!
[ link to this | view in chronology ]
Anonymous Coward, 26 Jun 2013 @ 11:20am

Sysadmins
A sysadmin's job is to run the system, fix problems, address security issues and generally maintain the system itself. In order to do that job they have to have the access to do the task. If you don't give them access they can't do the job. If you don't have a sysadmin you can trust with access you don't have a sysadmin at all and the system will fall apart because no one is maintaining it. Effectively that will end these programs. They will fall apart on their own.
[ link to this | view in chronology ]
- John Fenderson (profile), 26 Jun 2013 @ 11:41am
  
  Re: Sysadmins
  True enough as far as it goes, however, sysadmins don't need 100% access to the data being managed by a system in order to do their jobs. They just need access to the system itself.
  [ link to this | view in chronology ]
  - Anonymous Coward, 26 Jun 2013 @ 11:58am
    
    Re: Re: Sysadmins
    They just need access to the system itself.
    
    I think you're assuming the admin knows no more than the 'standard' admin. It's a fine line and a short walk between system admin level access and read access to any reachable object. Sure you can partition the system, trigger alarms and make things generally harder, but there is nothing that cannot be broken with access to "the machine".
    [ link to this | view in chronology ]
    - John Fenderson (profile), 26 Jun 2013 @ 12:18pm
      
      Re: Re: Re: Sysadmins
      A sysadmin should have read access to read any file on the system. A sysadmin doesn't need to be able to decrypt every file on the system. That's what I'm talking about.
      
      Really sensitive information is being stored in an encrypted form, I assume. If that's not true, then the system has a security problem that goes beyond sysadmin access.
      [ link to this | view in chronology ]
      - Anonymous Coward, 26 Jun 2013 @ 12:45pm
        
        Re: Re: Re: Re: Sysadmins
        But still, SOMEONE trusted has to maintain those decryption systems otherwise they fall into disarray or become sabotaged such that they are completely worthless.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 26 Jun 2013 @ 1:07pm
        
        Re: Re: Re: Re: Re: Sysadmins
        Of course, but it is not necessary for the admin to decrypt sensitive materials to maintain these systems.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 26 Jun 2013 @ 1:22pm
        
        Re: Re: Re: Re: Re: Re: Sysadmins
        Sure the system admin that maintains the OS doesn't have to be given access to that, although he certainly can keep it from working if so desired. Still the admin that maintains the system that does the decryption does have to have access to that, otherwise how is he going to know if it is working properly or is having a problem that needs to be addressed? How do you know if he can be trusted?
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 26 Jun 2013 @ 2:20pm
        
        Re: Re: Re: Re: Re: Re: Re: Sysadmins
        Still the admin that maintains the system that does the decryption does have to have access to that, otherwise how is he going to know if it is working properly or is having a problem that needs to be addressed?
        
        Having access to the decryption system doesn't mean that he has the ability to decrypt sensitive materials. He'd need the encryption key for those materials to do that.
        
        For admin purposes, the testing can be adequately accomplished by the admin encrypting and decrypting files that he's supplied himself.
        [ link to this | view in chronology ]
        
        Anonymous Coward, 26 Jun 2013 @ 2:54pm
        
        Re: Re: Re: Re: Re: Re: Re: Re: Sysadmins
        But he still never really knows whether the actual data will be able to be decrypted or not, and when command comes down and says "We need this info now! It's not working! You are the guy who is supposed to keep this running! Just fix it NOW!"
        
        Yeah, showing them that you can decrypt hypothetical files with the same system is really going to make them feel better.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 26 Jun 2013 @ 4:01pm
        
        Re: Re: Re: Re: Re: Re: Re: Re: Re: Sysadmins
        If the problem cannot be demonstrated with sample data, then there is nothing the sysadmin can do about it anyway (the problem is almost certainly going to be corrupted data). Having access to the sensitive data won't help him resolve the problem, other than to say "yup, it doesn't work".
        
        However, if there's some PHB who doesn't understand that, then the PHB can certainly give the sysadmin the necessary credentials for the specific data there's a problem with. There's still no need for the sysadmin to have blanket access.
        [ link to this | view in chronology ]
Anonymous Coward, 26 Jun 2013 @ 12:16pm

Can we issue a blanket apology to the world for whatever we've been doing to them while we figure out what the hell our government is doing and censure their playtime accordingly?
[ link to this | view in chronology ]
Zeissmann (profile), 26 Jun 2013 @ 1:46pm

Feynman effect
This reminds me of one of the Feynman stories from the time he was working for the Manhattan Project. As a sort of prank-hobby, he found a way to discover safe combinations, which was relatively easy when you had a chance to temper with an open safe for a couple of minutes. He demonstrated it to some high-ranking officer in charge of one of the Uranium production facilities, and explained how it's done, recommending that all the employees should always lock their safes and never leave them open unattended. The response of the officer on the other hand was to tell all the employees who had any contact with Feynman to change their safe combinations. He learned about it during his next visit to that facility, when people started avoiding him.

I guess there is something peculiar about a government agent's mentality which makes those people defy common sense.
[ link to this | view in chronology ]
Anonymous Coward, 26 Jun 2013 @ 3:14pm

making it more difficult for their wrong doings to be found out and reported instead of stopping doing wrong shows how warped those in charge really are. how the hell did things degrade to this level? how were things allowed to degrade to this level? who is really pulling the strings and why in such a manner as to paint all of the people as criminals and terrorists? if those concerned dont trust anyone here anymore, the best bet is to leave and live somewhere else, isn't it?
[ link to this | view in chronology ]
RyanNerd (profile), 27 Jun 2013 @ 8:19am

Hasn't the NSA seen the movie
Crimson Tide
[ link to this | view in chronology ]
jsf (profile), 27 Jun 2013 @ 8:57am

How?
So who is going to implement this two person system?

Oh the people who set it up and administer it.

You mean the system administrators that the system is supposed to block?

Yes!

So you are going to have the guys that you want to limit install the locks?

Yes!

That will work out great. ;-)
[ link to this | view in chronology ]
veritas, 27 Jun 2013 @ 9:10pm

There are but nine.
The subhead tells it all.

While so many of you search for the TRUTH?
The answer you seek, is already provided you.

1 of 9

P.s, it's not Scotus
[ link to this | view in chronology ]