Would You Trust Any Organization That Doesn't Trust 4,000 Of Its Employees? What If It's The NSA?

from the something-wrong-here dept

Fri, Sep 6th 2013 4:24am — Glyn Moody

It's becoming increasingly clear that one of the reasons Edward Snowden was able to access so much secret information -- and walk out of the door with it -- is that the NSA is an organizational mess. A fascinating post by David Ignatius in the Washington Post underlines another way in which the NSA is deeply dysfunctional by any normal standard:

the NSA planned to investigate at least 4,000 of its employees and contractors in 2013, thanks in part to new software that could detect "anomalous" behavior by the workforce.

He goes on to ask an extremely important question: How do you run an organization where 4,000 of your employees are suspect? I fear that if the NSA tries to impose ever-more stringent controls, this will create even more disgruntled workers and a larger pool of anomalies. A new "Red Scare" may well follow the Snowden revelations, but making every employee a suspect is likely to backfire.
Even the most anodyne of organizations that can't fully trust 4000 of its employees is in big trouble; if it's one that handles some of the most sensitive information in the world, with the potential to save or cost many lives, that lack of trust is a recipe for disaster on a massive scale. And as Ignatius notes, the more the NSA tries to clamp down on people, the more likely it is to create further Edward Snowdens.

Ignatius also points out that the solution is not to close down, but to open up. By reducing drastically the number of things that are deemed secret in the first place, it would be possible to concentrate on protecting just those that really matter:

The beneficiaries in a no-secrets world will be relatively open societies, such as the United States, that are slowly developing a culture of accountability and disclosure for their intelligence agencies, however painful the process may be. The fewer secrets, the less to protect.

Although it's arguable to what extent the US has developed that "culture of accountability and disclosure" for the NSA yet, as President Obama inches towards admitting the scale of the problem here, the rest of the analysis in Ignatius' piece is well-worth reading.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: clearance, contractors, ed snowden, nsa, nsa surveillance, review, top secret

20 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 6 Sep 2013 @ 5:01am

While we blame NSA analysts for developing privacy subversive tools and performing universal surveillance, looks like things are even worse at the workplace. Can't imagine talented people working under such conditions.
[ link to this | view in chronology ]
- Anonymous Coward, 6 Sep 2013 @ 5:14am
  
  Re:
  Well their own recruiters basically suggest that they get drunk and have costume parties on a regular basis, but that may just be in drowning their conscience like good little traitors.
  [ link to this | view in chronology ]
That Anonymous Coward (profile), 6 Sep 2013 @ 5:06am

We've always been at war with Eastasia.
[ link to this | view in chronology ]
The Real Michael, 6 Sep 2013 @ 5:47am

They're not doing themselves any favors with overt paranoia directed at their workforce, which in turn makes the latter overly paranoid about their superiors.
[ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2013 @ 5:51am

I fear that if the NSA tries to impose ever-more stringent controls, this will create... a larger pool of anomalies.

I had to smile at this.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 6 Sep 2013 @ 5:54am

Sheesh. This clown thinks SPYING can be made warm and fuzzy?
Looks like more of the predicted normalizing; a limited hangout to acquaint dolts with the scale of spying, but then tone it down with diversions from the actual crimes. So now this clown thinks it's just a matter of workplace conditions? Sheesh.

At least try to remember that the hundreds of thousands people employed by NSA are still every minute of every day stealing your privacy and with it, your liberty.
[ link to this | view in chronology ]
- PopeRatzo (profile), 6 Sep 2013 @ 6:58am
  
  Re: Sheesh. This clown thinks SPYING can be made warm and fuzzy?
  So now this clown thinks it's just a matter of workplace conditions? Sheesh.
  Didn't read his article, did you?
  
  He's not talking about "workplace conditions" so much as the fact that we keep to goddamn much stuff secret and, we do too goddamn much spying on our own people.
  
  David Ignatius is one of the guys in the mainstream media who gets the scope of the problem. Show at least enough self-respect to read what he says before you go off on him.
  [ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2013 @ 6:05am

Don't employ people you cannot trust
I am an IT guy, the other day someone asked if there was some way to tell if people were actually working when they work from home over the VPN.

I answered:
1. When their work is not done on time.
2. Why are you employing people you do not trust?
[ link to this | view in chronology ]
- John Fenderson (profile), 6 Sep 2013 @ 10:02am
  
  Re: Don't employ people you cannot trust
  That sort of thing is pretty common, and it's so braindead wrong that you almost want to laugh. Employers who feel the need (real or imagined) to spy on their employees are in trouble. Either they are bad managers or they've hired bad people.
  
  Really, any employer should only care about one thing: that the work is being done correctly and on time. You don't need to spy on people to determine if that's happening. It's self-evident.
  [ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2013 @ 6:12am

Seems to me that a critical fact that should be ascertained before claiming dysfunction is "just how does this software work and what constitutes anomalous". Even things that seem trivial may have negative consequences, so it seems to me that acting prudently is not necessarily unreasonable.
[ link to this | view in chronology ]
Anonymous Coward, 6 Sep 2013 @ 6:18am

Spying
Surely they should be able to use their database to check out people that they give security clearances to? It is not like they don't know who to check out, they will have name and phone number etc. right in front of them.
[ link to this | view in chronology ]
beech, 6 Sep 2013 @ 6:30am

Arthur Dent
Every time I hear about the NSA having so much trouble keeping their house in order it reminds me of a section of the Hitchhikers Guide to the Galaxy. At work so I can't look it up, but I think it's in the 5th book. Basically Ford hacked a mainframe, then tried to set up a subroutine to deny that the hack happened, only to find that the mainframe had loads of those running already.

Basically it a seems that the NSA is set up in a way where the whole organization has plausible denial of itself. The less you know the less you actually have to lie at those pesky oversight hearings
[ link to this | view in chronology ]
Wolfy, 6 Sep 2013 @ 7:58am

Disband the NSA
Although nigh on impossible politically, it's beginning to look as if we need to disband these dysfunctional federal agencies, and start over.
[ link to this | view in chronology ]
Jerrymiah, 6 Sep 2013 @ 7:59am

Spying
Spying

Surely they should be able to use their database to check out people that they give security clearances to? It is not like they don't know who to check out, they will have name and phone number etc. right in front of them.

Even that is not a certainty. Today the NSA and all others... are creating fake idendities to be used by their spies. Even if you were to verify these identities on line, you you only get what the NSA and others want you se see. A lot of these spies that infiltrate companies are trained at the NSA Spy schools on how to act and learn their role perfectly. There's just no way around.
[ link to this | view in chronology ]
Simple Mind (profile), 6 Sep 2013 @ 8:08am

Security through Obscurity
By keeping everything secret, the enemy doesn't know what the real secrets are. If we were to make less things secret the enemy would know exactly what secrets to go after. What the real secrets are needs to be kept secret.
[ link to this | view in chronology ]
CommonSense (profile), 6 Sep 2013 @ 9:00am

Here's the snag though...
Ignatius also points out that the solution is not to close down, but to open up. By reducing drastically the number of things that are deemed secret in the first place, it would be possible to concentrate on protecting just those that really matter:

I think since they're so keen to keep everything they have a secret, it's likely that everything that wouldn't get them in trouble is already out there. If they're afraid of 4000 employees, it's likely that letting any of the 'secret' information out would cause problems.

It's what the public wants, and what the world really needs, but it's not what those in power want...because it means less power.
[ link to this | view in chronology ]
Bryan (profile), 6 Sep 2013 @ 10:14am

I read this and this quote popped to mind. . .
"The more you tighten your grip, Tarkin, the more star systems will slip through your fingers."
―Princess Leia to Grand Moff Tarkin

http://starwars.wikia.com/wiki/Tarkin_Doctrine
[ link to this | view in chronology ]
radarmonkey (profile), 6 Sep 2013 @ 10:34am

Apples and Oranges
There are plenty of reasons not to trust the NSA, but worrying about their own employees isn't one of them. Fact is, every business suffers from some sort of 'loss', be it information or merchandise, be it for personal gain or industrial espionage. It is management's duty to prevent that loss.

How the management works to prevent loss, and what they do when it's discovered, are quite different stories than the mere fact they are working to prevent it.
[ link to this | view in chronology ]
Dude, 7 Sep 2013 @ 2:12am

Government employees are such lazy a$$es for one. I know because I worked at a local agency. All intelligence agencies should be disbanded. They use their "power" to do evil. I should know. They're probably reading this as I type. The things that these crooks are able to do is scary. Monitor phone calls, Internet activity, emails, listen to conversations in the privacy of your own home and watch you in your own home.
[ link to this | view in chronology ]
M. Alan Thomas II (profile), 7 Sep 2013 @ 3:16am

If you suspect that many people, either (a) you're mostly right and can't be trusted with sensitive information or (b) you're wrong and shouldn't be trusted with automated threat analysis.
[ link to this | view in chronology ]