I think people often underestimate it, but one of the biggest influences you can have -- I mean you, the HN reader! -- may be cultural.
People who work on building surveillance, people who have done it, people who may do it in the future, are your classmates in your CS program, your colleagues in your startup, your neighbors, your fellow conference attendees, you.
Folks who work at NSA (and all the other places that don't get so much press) read xkcd religiously, they go to DEF CON, they have Linux and math t-shirts, they read HN, they are reading this thread right now, and all the other threads.
If people like you in the cultures that you're part of decide that surveillance is cool and exciting, that's more talent to take the billions of dollars and vast intellectual challenges of figuring out how to eliminate the vestiges of privacy. If they decide it's uncool and sketchy, that's more talent that goes elsewhere and does something else.
There are many overlapping subcultures in technology and they don't all understand or talk to each other that much, and plenty of technology employers are recruiting out of many different subcultures, so you can't assume that the culture you create in your circles will control the path of technology. But the cultural attitudes of people in the tech world can have a powerful effect on what people decide is worth working on.
> I think people often underestimate it, but one of the biggest influences you can have -- I mean you, the HN reader! -- may be cultural.
> People who work on building surveillance, people who have done it, people who may do it in the future, are your classmates in your CS program, your colleagues in your startup, your neighbors, your fellow conference attendees, you.
Exactly. I wish more people here would realise this. The powers-that-be do realize this, and are concerned about it. I remember when the "Fifth Estate" movie came out (which was critical of Assange), everyone in our company (a large tech company that I won't name) was given free tickets (and the afternoon off) to go see it. First time ever we were given such free tickets; I wonder why?
That's absolutely ridiculous. I assume the same didn't happen for Citizen Four (which was actually a real movie as opposed to a thinly disguised hit piece).
You should name and shame the company, even if you do so anonymously.
I don't know where OP worked but Yahoo 'treated' its employees to Fifth Estate. Everyone was given a ticket (or 2) to an afternoon showing at the Shoreline theater. And no, Citizen Four did not get the same treatment.
No, it's not that. It's that it may very well be possible to trace this conversation back to a single person and that could easily jeopardize that persons employment.
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
Serious question: Do you include those working at Google and Facebook under this group? Or equivalently ad-driven services? Those two companies (and their siblings) are certainly the most fruitful of trees for surveillance organizations (government or otherwise) to pluck information from.
Further, they're not collecting this data for any purpose – vague, questionable, and slippery though it may be – of doing "good" or "protecting our country." They're doing it, solely and without an attempt at justification, for ad revenues. And they're taking tens of thousands (if not hundreds?) of some of the brightest minds in tech away from things like drug discovery, climate change, energy research, etc.
Not trying to start a flame war, nor am I drawing equivalencies between Facebook and the NSA. I'm actually just legitimately curious how you think we can segment this spectrum.
Ex-Googler here, worked with a lot of user data, including a project to collect more of it.
Within Google, data's collected primarily to build better products. Or at least that's what the majority of the rank & file believe, and personally I believe the executives believe it too. This has the effect of widening the moat between them and competitors, but it also has real, tangible convenience benefits for users. I can guarantee that the majority of folks are thinking of those benefits, not the additional ad revenue, when building new products. I worked in Search for 5 years and was explicitly told by executives to ignore Ads when making decisions; they have plenty of their own engineers whose job is to optimize revenue.
This may seem hard to believe for someone who's never worked at a place that improved a product based on data, but it's a really fundamental part of the culture. You see the headlines about the NSA or Google's threat to privacy; you rarely see any news story about the A/B test they're running or the new feature in Android/Gmail/Chrome/Search that you get to use because usage logs showed that it took you too long to accomplish your task and some engineer decided to fix it.
> data's collected primarily to build better products
That's may be true today, but one of features that distinguishes modern forms of surveillance from what was possible in the past is that truly massive amounts of data can now be stored "forever"[1].
Google itself may change what it wants to do with its data in the future. Worse, the fact that data was captured at all means it will be available for a subpoena or "national security letter" and Google will have little say in what happens to the data.
[1] the value of "forever" generally varies by the size of the available budget, which is "large enough" in the case of nation-states and companies the size of Google (or Apple)
So I'm not here to say whether or not people's fears are justified. I don't know; I can't predict the future either. There have certainly been ample cases where a belief that was true of Google management once was not true the next year.
The original question posed, though, was "Why do people at Google/Facebook/NSA continue to collect all this data? What's their purpose?", which I think I answered. While it may not be true in 10 years, it's true now.
Also, I think that the sheer pace of change today may insulate a lot of people from the consequences of having data available on them. The data may be out there - but by the time it gets into the wrong hands, it no longer reflects reality, which makes it largely useless. That guy who talks about having his dick sucked by sororisluts [1] may, in a couple years, be the guy with 200 million users whose company you desperately want to invest in.
Combine google profiles, facebook and 23andme and I think that the data will have repercussions even beyond the lives of those directly addressed by it.
Forget about today. How many Google SREs are NSA assets today?
It's not about why you collect the data. It's that a massive database of such information exists. The intent in mind when building a system has no jurisdiction over the potential uses later.
If the NSA wants the data and it's inside of a US-jurisdiction entity, they will get it. Period. Maybe they NSL some people with legitimate access and make sure they know they go to federal if they let their boss find out. Maybe they recruit some SREs. Maybe they blackmail the night watchman in the building that holds the equipment that has the dark fiber L2 encryption keys so that they can get the inter-datacenter link monitoring going again.
It doesn't matter what people intended when they built it. The fact is that it exists and the men with guns and a money printing press want it. Game over.
Do you mean assets, or employees? There is a difference... normally the word "asset" is used to refer to people who are recruited and run for human intelligence purposes ("spies"), e.g. using payouts or blackmail - for example, there is no health insurance which comes with being a CIA "asset," while a CIA employee even under non-official cover does have benefits.
Wow, Google sounds pretty cool inside! Sure, Google makes a lot of money, but the tech execs aren't focused on that and it's a data-driven business. I have no idea how impressive Google really is inside, but every time I hear about it, Google sounds so darn impressive!
And then I recall about Prism. And I think about how a secret program like that costs money and significant technical involvement from the host to run. Google took public money to help run Prism, and Google techs actively supported the dragnet. Pretty shameful, IMO.
As an ex-Googler who apparently can speak out, I ask you: if Google has competitors that are privacy focused, isn't it in everyone's best interest to select the competitors' products over Google's despite Google's excellence? And, can you report if anything has been done at Google to lift this stink of surveillance from its products?
Is Google still a willing participant in Prism-style data collection of its users?
So, when the news about Prism [1] broke, people inside Google were really, really baffled, because nobody had ever heard of it. We eventually came to the conclusion that Prism must be the NSA code word for FISA court orders [2], which is a lawfully mandated procedure where a court requires that an Internet company turn over records of a specific user under court order. From the outside, it's a big story; from the inside, it's one of those boring legal restrictions that we need policies in place to deal with.
Then the news about MUSCULAR [3] broke, and people were very, very pissed [4]. I saw the internal reports where people put together what must have happened; I'm not sure what sort of details I'm allowed to say, but it basically amounted to the U.S. (well, technically the UK, acting on behalf of the NSA) conducting military operations against the property of its own citizens. Google ended up encrypting all inter-datacenter traffic soon after. [5]
Thank you for the classy response. Every time I think about this surveillance state situation we find ourselves in, I have trouble staying civil.
This news item you reminded me of - "Google ended up encrypting all inter-datacenter traffic soon after" - makes sense as a response that the government can't argue with (yet).
Looking over the MUSCULAR wikipedia article, I wonder if the NSA could still capture the user's and enterprise's unencrypted data at the Google Front End Servers like they had been before the inter-datacenter traffic was encrypted?
It would be a fairly safe assumption that anything that hits the United States at a minimum has traffic analysis done on it. Most google services now use HTTPS at the front end.
Please understand, I'm not saying your wrong...I'm just saying from the outside [even as someone who works in IT and relies on data to make decisions] that I've never worked at a company that had any of these issues. It could be a question of scale and the fact Google is an easy target to make a headline with.
If I was running an organization that collects world's private data and builds self driving military robots while their robotic woman is planning to chip general populace (http://allthingsd.com/20130603/passwords-on-your-skin-and-in...), I'd totally want my people to think that they are helping the world, just like Hitler did.
When they'd found out what evil thing they have collectively assembled, piece by piece, each of them blinded by his inexperience and enthusiasm for pure science, it would be too late.
And I'd finally have to replace them with expensive hired guns, or more clueless people, like some SV 20-something startup kids who would kill for 20 minutes of techcrunch fame.
There's an entire generation that believes our government has completely lost representation of its own people, and will use any nefarious means in its power to subvert any rule it wishes to. The ostensible goal of security is questionable in both effectiveness and actual intention. In a sense, some branches of the government are viewed as a geopolitical corporation with an oligarchy in place of a CEO.
Google and Facebook, as contentious as some of us feel about them, produce products people like, and are voted into power by our direct and continued usage. You can't opt out of the NSA.
In the end, you're comparing an organization with a world-destroying military that regularly murders and imprisons people at all ends of the earth, to another that displays diaper ads that follow you around the internet. Not quite the same.
> There's an entire generation that believes our government has completely lost representation of its own people, and will use any nefarious means in its power to subvert any rule it wishes to.
A subculture, yes. An "entire generation", absolutely not, this is hyperbole. You can't "opt out" of the NSA, but certainly if you wanted to, the very first step is to get as far away from Facebook as possible. Yet there is no large gap in ages amongst those gleefully participating in Facebook all day which would indicate "an entire generation" seeking to avoid government surveillance.
OK, so no, only millenials: "The Harvard Public Opinion Project conducts a biannual poll examining the political opinions and civic engagement of young Americans ages 18 to 29." So this shows nothing about, "a generation". General trust in government is down across all demographics: http://www.people-press.org/2014/06/26/section-2-views-of-th....
The idea that distrust of the government has suddenly leaped on generational lines implies that millennials are savvy, informed, and active in comparison to demographics over 30 who are assumed to be complacent and naive in comparison. But the reality is that most people right now will gladly answer on a poll that they don't like the government as much as they used to, and that most people are still almost entirely complacent in any case; there are no millions marching in the streets in protest,
voter turnouts remain terribly low across all demographics, and everyone freely donates datapoints to Facebook all day which is one of the NSA's most bountiful conduits for information.
That's not to disagree with the very original comment here. The original comment refers to the interaction of subcultures as well, namely the "builder" subcultures who can direct their efforts towards pro-privacy or anti-privacy efforts. That is of course an important conduit.
Participation in Facebook doesn't mean those people aren't against NSA. It probably isn't hard to find examples of people using Facebook to complain about NSA. Whether it's a matter of ignorance or cognitive dissonance or believing that the same level of surveillance is unavoidable.
In addition to the other reply, I didn't say anywhere they were actively avoiding surveillance, there are gaps, and you assume far too much in expecting users to understand the scope, value and portability of the information they're leaking to an innocuous seeming website. You can't conflate Facebook usage with opinions towards the government.
Personally, I think the idea that Google/Facebook are hurting people by paying talented engineers a lot to work on ads is just not true. I think that if you act ethically (which is admittedly a question mark sometimes for any big corporation) respecting the market can often do the most social good.
People who were doing silly work making video games pushed the boundaries of parallel processing, created the GPU industry, and now that is relied on for serious scientific research. People making social networks so college freshman could date made tools to help those fighting authoritarian governments connect and created infrastructure technology to work on big data problems the governments might face on social issues.
Who did more to help the Asian Tigers raise from poverty to economic superpowers? Peace Corps people distorting local economies with their help, or people investing in local infrastructure because it was good value for them to make money??
What's better for the world, besides your conscious, working for a soup kitchen for work that can be done for $10/hr, or freelancing for $50/hr and donating that to the soup kitchen to give someone with less skills a job and the soup kitchen $40 remaining to buy supplies they need?
Finally, a lot of really smart people end up going in to law or finance because that's where the money is. Even if making consumer ad-tech doesn't sound quiet as noble as researching novel energy, if it encourages people to start entering fields where they are building things rather than creating more regulation for things, it's probably a net-positive. I really doubt that this idea that engineers should be this monastic underclass is so great for society. I constantly hear programmer say their salary is "inflated", to which I respond "if you feel overpaid, give your money to a good charity, don't roll over for the uber rich tech-exec/VC in charge."
If you want to make a positive impact on the world, respecting market efficiency is underrated.
One of the first investors of Facebook was In-Q-Tel, the VC arm of the CIA. Let that sink in for a moment. For me the hardest thing about this is getting over the shock that the CIA has a VC investment division.
Why would that shock you? Of course the government is going to invest in technology it could find useful. In the really hardcore stuff it's simply called a "research grant," and it powers every single American research university.
Conflict of interest. At least a research grant has outcomes that are supposed to be public and benefit the public.
A VC arm that's part of the government seems like a monstrous hybrid of private and public. What is the profit for? For the same reason that it gives one pause regarding what the CIA is doing investing in social media. If it's totally OK, why not have the government invest in private prison companies?
And don't for get that for decades most of the Rnd into AI and ML was funded by the government - back in the 80's I had a co worker who moved away from AI for that reason.
Let alone how SV was in large part funded and formed by Military Contracts
I don't disagree that there is huge room for unethical behavior in these corporations, and we as citizens and employees need to be vigilant about them. I just don't think engineers working on ad-tech because it pays well is necessarily terrible.
And wouldn't it be even more shocking to discover that CIA recruited from all the prestigious schools and that former CIA agents had even acted as President?
> People making social networks so college freshman could date made tools to help those fighting authoritarian governments connect ...
This is only half the story. Thanks to Snowden, we now know that these same databases are being used by NSA and GCHQ, enabling authoritarian governments to suppress and attack these same people.
I'm pretty skeptical of the invisible hand myself, but overall this seems to be a pretty good response (at least for the second caveat). I don't think they're doing as much good as they could be, but I agree that maybe it is good enough, even if only by collateral benefit.
> Personally, I think the idea that Google/Facebook are hurting people by paying talented engineers a lot to work on ads is just not true. I think that if you act ethically (which is admittedly a question mark sometimes for any big corporation) respecting the market can often do the most social good.
The problem is that advertising is inherently unethical, so that reasoning doesn't hold up.
> What's better for the world, besides your conscious, working for a soup kitchen for work that can be done for $10/hr, or freelancing for $50/hr and donating that to the soup kitchen to give someone with less skills a job and the soup kitchen $40 remaining to buy supplies they need?
That only holds up if those other $40 were to spontaneously appear from thin air - but it doesn't, and that difference is coming from somewhere. It means that somewhere, some group of people had to collectively pay $40 more for something, to pay for your salary.
> Even if making consumer ad-tech doesn't sound quiet as noble as researching novel energy, if it encourages people to start entering fields where they are building things rather than creating more regulation for things, it's probably a net-positive.
No, it's really not. "Going out and creating something" is not automatically something desirable, if the "something" being created is unethical.
You don't make any case for your argument. If one person is making a car, and another person is looking to buy a car, you are contributing value to society by matching them up to make a transaction.
I don't dispute that advertising can be unethical, or that many of these big tech companies have faced some difficult decisions and debatably have made the wrongs ones. But you can do unethical things in any industry, and advertising is not fundamentally unethical.
Well, it's debatable, but I'd argue that exposing serious issues in the presumed robustness of systems turns out to be useful in the long run. In the worst case, it provides another data point for identifying systems that aren't working how they should.
Not that I'm advocating the creation of malware, of course. Don't do that. :)
There's a difference between malware and a 0day. Malware just causes harm to the endpoint. A 0day proves that the potential for a security breakdown is real.
>And they're taking tens of thousands (if not hundreds?) of some of the brightest minds in tech away from things like drug discovery, climate change, energy research, etc.
Taking them away from those things? I doubt it - the top talent will always be sold to the highest bidder and its unlikely "climate change research" is a segment that can support thousands of of mid-high six figure salaries.
Next while these companies do collect a large amount of personal data - their purpose is clear and as is their boundaries. There is a strong effort to keep adopt data secure - if a user was found using private facebook data to stalk loved ones[1] I don't doubt thats activity that would (1) noticed by their systems they have in place to prevent data from ending up in the wrong place and (2) they would be fired for.
Lastly with Google and Facebook you have a choice - its still in your control - if you want to use these services or not and it doesn't require a secret court to challenge them.
Facebook's trying to take that choice away by getting ISPs in some countries to give free Facebook access. I see billboards in Guatemala hyping up that if you're out of credit on your account, they will still allow you to use Facebook and WhatsApp. So for many low-income people, where having to pay $10 or so for some light data plan isn't possible, their only choice to be online is Facebook.
Sure, it's a choice. Just like using the Internet is a choice. Like using phones is a choice. Like choosing automobiles over walking is a choice. But not all choices are equal.
>So for many low-income people, where having to pay $10 or so for some light data plan isn't possible, their only choice to be online is Facebook.
So what do you expect to see here? Are you expecting Facebook subsidize the cost of getting the users online to any destination, or do you wish to remove the choice to use facebook for anyone who couldn't pay $10?
This is more like "Like choosing taking the bus to city centre over walking directly to my office 300ft outside the city centre is a choice." Bus or no, at the end of the day I still can't afford a full fledged automobile.
Even if they paid me to use Facebook, that wouldn't affect my decision on whether or not I want them to have access to information. If the US government decides to subsidize community college and make it free, they aren't taking away my choice to go to a private school.
I think transparency and the ability to opt-in is key. With facebook, I realize I'm using a free service supported by ads and trust they abide by their end of the user agreement to use my information only in the ways they say they will. When they abuse that trust, I may choose to opt out of their service. I don't give them any information I wish to be kept secret.
The NSA is not transparent and I cannot opt out of being monitored. Therefore, I do no romanticize about the free service facebook provides, but cannot agree with how the NSA conducts itself.
> Serious question: Do you include those working at Google and Facebook under this group? Or equivalently ad-driven services? Those two companies (and their siblings) are certainly the most fruitful of trees for surveillance organizations (government or otherwise) to pluck information from.
That's like saying that you oppose a sales tax, and you consider a retail store equivalent to the tax collectors because the retail store provides a fruitful tree for the collection of sales tax.
Not everyone working at those companies is working on something specifically related to ad revenue, the vast majority are working on creating better consumer products that improve millions of peoples' lives. That's what draws people to those companies and those are very valid and altruistic reasons.
I'm so glad you bring up "ad-driven services". We've all been duped into believing that ads give us stuff for free. The truth is there is no free lunch:
- The cost of ads are far greater than the loss of privacy: the opportunity cost of using products optimized for ad revenue rather than user revenue, the cost of collateral damage, such as the tremendous amount of link-bait and other garbage that advertising perversely incentivizes, and perhaps the greatest cost of all, the social cost of all the manipulation and deceit inherent in advertising.
- Even the "free" part is a lie. Advertisers pass the full costs back to us via the things we buy. So we are still paying, and we're paying the overhead of indirectness on top.
I have a few friends who either work for the NSA or have worked for the NSA, and there's a stigma that follows them around. They get shamed for it (under the guise of humor), and people are clearly uneasy talking about things like drug use around said friends.
At least in my community, there's a strong negative pressure and stigma associated with working for certain parts of the government. And I guarantee that this impacts the NSA's ability to recruit from our talented pool of developers.
And what if the same stigma tactics are used against you in the workplace because you are for gay marriage, or are pro-abortion, or agree with gun control? Suddenly it does not sound so good any more.
One issue I've heard from a couple friends that worked for the NSA is that they have no idea what they're working on. One friend said he would just get specifications for input into a module and what the module should output. He wrote tests around the specs and wrote the module but had no idea what it was part of.
I've also met programmers who are just out to get a stable job. I bet the NSA looks for people like this. "Sit here, do your job, get this paycheck"
When I was getting my math degree, the department head frequently suggested we should work for the NSA for two reasons: they are the single largest employer of mathematicians, and you can't take your work home with you.
I graduated before the Snowden revelations; not sure if he has changed his tune or not.
My understanding of the job market for mathematicians is that it's not nearly as friendly as that for programmers, but I'm far from knowledgeable here.
> Folks who work at NSA (and all the other places that don't get so much press) read xkcd religiously, they go to DEF CON, they have Linux and math t-shirts, they read HN, they are reading this thread right now, and all the other threads.
I know some. I called them coworker and in some cases still call them friend.
A feel sorry for a great many of them. They are highly skilled network attack specialists, with basically no way to apply their skills other than working for the NSA. Even if they want out, they have no viable alternative. It's terrible.
That seems ripe for the usual government work to consultant career path.
Then again, maybe what you're referring to is that their knowledge falls along the lines of state secrets, and pedaling their skills outside the NSA could be considered treason?
Actually, most of the people in question are already well along that career path and working for contracting firms. It's just not a career path that that lets them leave direct or indirect government work.
Who, other than a government, is going to pay you well to find vulnerabilities in popular software? Google's Project Zero belongs to the incredibly small set of programs in that area that isn't a joke.
I read "network attack specialist" as more general than that. I imagine there's a lot of demand for network penetration testing. When it gets down to individual programs, such as email clients, etc, (this is what I think you are implying above) then yes, I agree that it's likely harder to sell the idea of those skills being useful in a consulting context to companies. In that case, I would guess your best path would be to join an established security firm, but I imagine that market is small and highly competitive.
Oh. I see. Sorry, hash collision. I'm talking about the people who perform tasks like exploit discovery and development. You're talking about the people who take that work and run it in script form.
Perhaps a better analogy would be that asking "Why not pen testing?" is like asking why gun designers don't find new jobs as infantry.
Established security firms often focus on business with... guess who? Governments. The NSA employing people directly is not really much different from the NSA hiring contractors who employ people directly.
> You're talking about the people who take that work and run it in script form.
Not entirely. It starts as that, yes, because the first thing you do when attempting to break into a house is check the front door. There are obviously levels beyond this.
> is like asking why gun designers don't find new jobs as infantry.
But it's not entirely like that. There's plenty of firms that hire out security specialists to do code reviews for internal applications. At that point, it's like a gun designing consulting for manufacturing firmson ways to make their products more resistant to small arms. The job won't be the same, but there will be commonalities and the prior experience will transfer over usefully.
Not as much as you'd think. Even if it was, it's not a better place. Now you're trapped in a slightly different sector that you can't leave because your skills don't transfer.
And your job is probably a lot less reliable, because short-term auditing or pen-testing contracts offer a lot less stability than 3-5 year government contracts.
"Help, I love designing guns, but the only people willing to pay me for that will use them for evil!"
If you're a talented "network attack specialist" then you're likely also a worthwhile network engineer. So work in that role and do the gun-design in your spare time and hopefully for a good cause.
That's a pretty poor proposition to make to someone with a family to support. It's poor enough that they're going to ignore you and go on doing work you almost certainly object to.
Also, the skills required to be an effective network attack specialist have very little relation to those required to be a network engineer. I thought I covered this up-thread.
The parent is being a bit of a dick, but he does have a point. Not every job in the world is ethical, and simply being good at something is not always enough reason to do it for a living.
This is ultimately a deeply personal choice that everyone has to make, but sometimes we really can't both have our cake and eat it too.
I also work at a government sponsored R&D lab, so I'm familiar with the conundrum (not for myself - I'm just a dumbass programmer whose skills are so pitifully generic I could go literally anywhere in the world... some of my colleagues - not so much)
I don't know why it's so important that some random HN contributor be polite about this. Isn't everyone here speaking to you, and not your friends? Why does their tone matter so much?
Given that the context is that culture matters and that HN attitudes are relevant, I'm attempting to make the point that being rude does not help shape the attitudes in the way we-the-commentariat want.
Love it or hate it, it's a huge factor in how people make decisions. If you want to shape their behavior, you have to consider how they think and what they care about.
> They are highly skilled network attack specialists, with basically no way to apply their skills other than working for the NSA.
Why is commercial "cyber" security industry not a viable option? It pays well, there's currently a notable skill shortage and they can work in "pen-testing", "red teaming" and "exploit development" areas.
I will copy/paste from the other answer I gave to this same question:
> Pen testing is a viable alternative in the same way that driving a car is an alternative to designing an engine.
"Red teaming" is little different.
Further, much of the commercial world is thinly veiled NSA work. Who do you think the biggest clients of Reversing Labs, for instance, are? They're not just any commercial firms. They're commercial firms providing services to the NSA.
Bug bounties and HackerOne are sick jokes compared to what governments pay.
Virtually none of the commercial work is thinly-veiled NSA work.
I know literally none of the people behind "Reversing Labs", your comment is the first I've heard of that company, and, examining what their product does, I can't understand how what appears to be an email antivirus product is somehow helping NSA.
Their products are very useful in a defensive context. Not all of the NSA's work comes under the heading of cyberweapons or intelligence-gathering. They do plenty of defensive development, too.
RL's Titanium Core is one of the best unpackers around, and thus incredibly valuable for anyone doing malware analysis. Couple it with Titanium Cloud (blacklisting/whitelisting of samples) and you have the core of a system that can go interesting places. Try not to cringe at the bill. Toss in a sandbox or three and you're really getting somewhere. Add in a couple of MITRE standards for requisite government headaches, obviously.
From what I've seen, a fair amount of security product companies are selling to the NSA. Doesn't work for SaaS and services, because the NSA tends to require that whatever you're selling run on their network.
It's worth remembering that the NSA isn't afraid to buy from tiny companies and In-Q-Tel exists to enable investment.
So you're talking about companies selling to NSA in the same sense as they would sell products to Allstate? As in: literally the exact same products in exactly the same packaging sold to exactly the same purchaser as would exist at Allstate?
Who cares?
You dodged part of my comment. Once again: virtually none of the commercial security work --- or even the offensive security work --- is thinly veiled NSA work. Virtually none of it.
What on earth led you to believe you'd be able to defend such a statement?
That I've seen enough of it firsthand. They may offer the same product to Allstate, but the products are developed with government customers in mind. I'd cite Sandvine, but I'm not personally aware of them selling to the NSA - although it wouldn't surprise me. I've also sat in the room as people discuss the best way to do business with the NSA, and the consensus was that for some kinds of products the best approach is to develop the thing and sell it as a packaged product without a care given about selling to anyone else.
Sure, they might sell to someone else, but nobody involved cares about that.
What I've seen suggests that there are really two commercial security sectors. One centered on the west coast and focused on the private sector. The other is centered on the east coast and centered on the US government. It's all commercial, after a fashion, but the two don't typically interact very much. Each tends to think of itself as "the security sector".
Well. Except when Mandiant decides to point fingers. Then there's briefly lots of interaction.
What you're doing now is re-answering a question I posed upthread without addressing the question I just asked.
Yes, of course, every enterprise product company in the world --- in security, disaster response, configuration management, issue tracking, document management, what-have-you, every single one --- sells to FedGov. They all have special teams to do it. And FedGov has special requirements; for instance, Common Criteria certification.
Now: can you answer my actual question? How on earth did you feel you'd be able to defend your statement that most commercial security work is thinly-veiled NSA work? That's not just not true, it's almost literally the opposite of true.
Is your answer "there's this East Coast sector of the security industry that sees itself as the whole security industry that is almost entirely thinly-veiled NSA work"? If so: can you name 3 companies in that East Coast security sector? I've worked in security for just about 20 years now and can name many, many East Coast companies, and very few of them have ever done work for NSA, or, for that matter, done work that would be interesting to NSA.
Leidos, ManTech, and Endgame (provided you're willing to allow Atlanta) come to mind. All do substantial amounts of security work. Mandiant, too, though they're now owned by FireEye.
Two giant government contractors that happen to have small security teams, and one tiny boutique firm. The funny thing is you didn't mention Raytheon or Lockheed, both of which have teams that I suspect are larger than the three teams you mentioned put together. All of them are dwarfed by the commercial security industry. Most of them are backwaters nobody in the field thinks about when they think about security.
This is an embarrassing admission: I couldn't remember how to spell Raytheon.
I do know that the people in those fields tend to think of themselves as "the security industry". They also don't generally work on material that the more private-sector-focused industry cares about or gets exposed to, like how to secure a network when you have brain-damaged political network policies.
I think you need to be more careful about how you word this.
It is a true but very uninteresting statement to say that "most government contracting work is thinly veiled government work".
Obviously, you don't feel like that's what you're saying. But to defend the statement that much of security in general is thinly veiled USG work, you cite SAIC, ManTech, and (now) Raytheon. Giant government contractors.
The security industry as a whole is enormous. It includes big chunks of Cisco, IBM, EMC, Symantec, Intel, and HP, and literally hundreds of companies the likes of Duo, Cloudflare, Accuvant, and Lookout.
The clear implication of your comment upthread is that most commercial security work is not only done for the USG, but is offensive work done for NSA. That's why you compared it to HackerOne and called their rates a "sick joke". Not only would that statement still not be true if most commercial offensive work was done by NSA (government rates on vulnerabilities are not as lucrative as extragovernmental rates are), but it is itself not true at all. Ironically, the numbers get even worse for your argument when we narrow the security industry down to offensive work.
I might lose an argument about how much bogus "defensive" security product stuff gets sold through GSA teams to NSA and DoD in general. But most of my experience --- apart from the four years I spent working for what was at the time Sandvine's biggest competitor, where we never once had a discussion about selling to NSA --- is on the offensive side. Virtually none of the commercial offensive security work that is done is done to benefit NSA.
> much of the commercial world is thinly veiled NSA work
While security agencies of various governments are on the buy-side on the "zero day" vulnerability market, majority of commercial "cyber" security companies are not dealing in "cyber weapons" and are not involved with NSA. There are plentiful examples of successful "white hats": H. D. Moore, Dan Kaminsky, Tavis Ormandy, Michał Zalewski, even our own Colin Percival and tptacek etc. You don't have to do work for government to play in this area.
It's less of an excuse and more of a statement about the current state of reality. Are there examples and counter-examples and so on? Absolutely. Do any of them change the state of reality by existing? No. Is a very sizable portion of private-sector work today paid for by the NSA, directly or otherwise, including both defensive and offensive capabilities? You bet.
As a result, saying people should go to the commercial world isn't actually much of a change. It's not an alternative to the current reality because it is the current reality.
It's worth remembering that you probably don't hear about the big players very much in places like this. Endgame, MITRE, Leidos, etc. They tend to stay out of the limelight while still employing substantial numbers of people.
Pen testing is a viable alternative in the same way that driving a car is an alternative to designing an engine.
When your specialty is in finding novel exploits, there's not much of a market for you outside the government-o-sphere. In practical terms, pen tests are typically not focused on finding novel exploits.
Nevermind the vast difference in career expectations between salaried government work and consulting.
Ex military often have trouble finding jobs that match their skillsets as well. Not many civilian jobs encourage you to annihilate the denizens of under-developed, resource rich regions.
There's actually quite a lot of value in finding and fixing exploits. It's just that many companies prefer the illusion that $1k is a reasonable bounty for SQLi.
"If people like you in the cultures that you're part of decide that surveillance is cool and exciting, that's more talent to take the billions of dollars and vast intellectual challenges of figuring out how to eliminate the vestiges of privacy. If they decide it's uncool and sketchy, that's more talent that goes elsewhere and does something else."
> I think people often underestimate it, but one of the biggest influences you can have -- I mean you, the HN reader! -- may be cultural.
By the same reasoning, people can haze each other (in school, the workplace, etc.) for their positions on things like abortion as a "cultural influence." Is that ethical, though?
If I personally, on reflection disagree with you about Julian Assange, should I be blacklisted from the industry? Serious question.
> ...they are reading this thread right now, and all the other threads.
No, I don't work for the DoD. I live in the Washington-Baltimore metro area and know people who work for government agencies under the DoD. N = 1 sample size, all the people I know employed by DoD agencies highly amused at how misinformed places like HN are about places like NSA.
Evidence free assertions hold very little water. Snowden did provide evidence, none of which to date has been refuted.
So we are relegated to using what we can verify and extrapolation being a part of human nature the blanks will be filled in according to expectation. If the reality is substantially different/better/worse then in time that too will be corrected.
Your comment is entirely content free so it does nothing at all to help improve the situation with specifics. It's just the 'U' and the 'D' from FUD.
That argument is not very convincing when he revealed classified information and either confirming or refuting any of it would also require release of classified information.
On the contrary, I find the fact that Snowden is on the 'wanted' list and that presidential planes are diverted in order to attempt to arrest him proof positive that what he released was genuine, after all, if he made it all up then there would be no issue.
But that does not mean that a subset of true information can't be informative either. It can be misleading, it does not have to be. And if it is misleading then there are plenty of people in a position to correct that perception, it's only a matter of time before that will happen.
> If you are aware of that, it doesn't make a lot of sense to respond by talking about how you believe the leaks were actually genuine data.
It actually makes perfect sense, if the data was not genuine we wouldn't be having this discussion in the first place, so we use what data is publicly available and hope for more.
Think about the alternative, if Snowden would have released all of it then it would be argued that releasing all of the data was irresponsible (see previous leaks).
That's one you can't win as a leaker and so I don't blame Snowden for that (though personally I'd have preferred if he leaked all of the data without any intermediaries).
> I don't expect that we will see the truth be declassified here.
I'm pretty sure very few people expected the leaks in the first place, and yet, they happened.
> As I recall, they usually wait until 50 years after everyone involved is dead.
Yes, so the guilty are beyond reach of the law and safely forgotten. And so we are trying as hard as we can to stave off meaningful progress.
If it can't stand the light of day it is probably nothing good.
Sunlight is the best des-infectant and Snowden provided quite a bit of it.
It's a bit hard to tell who the "we" is referring to there, but if you mean that privacy advocates are trying to stave off meaningful progress, I wholeheartedly agree. If you mean that government classification programs are trying to stave off meaningful progress, I don't think it's an intentional effort, just a natural consequence of being run by a large committee of competing interests.
Of course, we will not be informed, as it is Secret, with a big S. But, after Snowden, we are somewhat better informed than we were. And this is good. We should be even better informed and this should be about how we want to structure our society in the future. But that doesn't fit the current political climate and possibly will not, for quite a while.
I could inform you about non-secret stuff like culture, but you wouldn't believe me. You want to believe that these are horrible small-minded people who don't think twice about violating your rights. The reality is they are anything but that.
At a guess they are ordinary people thinking they are doing something good and working hard for the cause, be it a love for their country or genuine sense of protecting their own or some concept ('freedom'). On average they'll be very intelligent and working harder than their counterparts in industry for less money.
At a guess you believe they're not actually doing something good even though you are, on average, less informed about their mission and activities, less intelligent, and lazier.
We established the cognitive bias to rationalize it as good.
What would the cognitive bias to rationalize it as bad be?
The reason I believe it is bad is because it violates the spirit of the 4th amendment. It gives incredible power to an organization with no effective oversight. It lacks proper judicial review, and the existing supposed review has been shown to be a farce. It makes everyone using technology less secure. It wastes everyone's resources who have to work against and around the NSA.
Everyone knows they are being watched, listened to, tracked everywhere.
The big deal, though, is the power concentration and chilling effect of such massive surveillance even the Stasi couldn't dream of.
That doesn't really matter though because these people as a group take actions that led to these stereotypes in the first place.
I don't care that not everyone working for / at the NSA is small-minded or not because in the end, the sum of all those individuals failed at being moral.
The reason we wouldn't believe you is that the intelligence community has already proven beyond the shadow of a doubt that it can't be trusted and it regularly lies through its teeth without batting an eyelash, not because we're wearing tin-foil hats. It's your fault you don't have any credibility, not our fault for disbelieving you.
You're asking us to believe something ridiculous on its face, that there AREN'T these horrible small-minded people who don't think twice about violating our rights. Congress is packed full of people like that, but there aren't any at the NSA, ehe?
I think it is funny that you say I wouldn't believe you. How do you know? I don't think I implied that these are small minded people. I'd be delighted to hear about these things, so I can build a better understanding.
They shouldn't do that. OTOH, anybody with a security clearance ought to be able to have the agency assign a disinterested person to do that ASAP. Without this, a foreign government can trivially send agents to date people who might know interesting secrets.
N, that is my whole point. People are very much misinformed. Horribly misinformed. Ill try and dig up the link(s) but snowden had a history of grandstanding that dates back to highschool. He was not a noble whistleblower, he wanted attention.
An unsubstantiated ad-hominem attack. As long as he promises "Ill try and dig up the link(s) but" and never gets around to it, he can accuse Snowden of anything he wants to make up that fits his narrative.
If he had any proof that countered the message he's trying to divert attention away from, he'd provide links to that, instead of just promising and failing to provide links that supported his unsubstantiated attack on the messenger.
It's ironic how irishcoffee wants to divert attention away from the facts and instead towards Snowden himself, much more than Snowden himself wants the attention. It's a textbook example of "narcissism by proxy". Snowden isn't a narcissist just because irishcoffee wants him to be the center of attention.
Ill try and dig up the link(s) but I'm not full of shit so here it is:
Snowden also told the Guardian that he does not want his personal story to divert attention from the larger story revealed by his disclosures. “I know the media likes to personalize political debates, and I know the government will demonize me.”
“I really want the focus to be on these documents and the debate which I hope this will trigger among citizens around the globe about what kind of world we want to live in.” He added: “My sole motive is to inform the public as to that which is done in their name and that which is done against them.”
You said people were misinformed, then you changed the topic to Snowden's personality and high school record. Just what misinformation are you referring to, and can you provide some non-anecdotal evidence to correct the misinformation? Are you saying that it's Snowden's personality and high school record that people are misinformed about, or the NSA?
Who was misinformed and who was spreading misinformation when Clapper directly lied under oath when he was testifying in front of congress?
How about focusing attention on the content of the leaks, and the misinformation the NSA itself is spreading, instead of Snowden's personality? I'm more interested to know how your DoD friends think about what was leaked, and what Clapper lied about, than who leaked it.
I said "dates back to high school." The 'dates back to' phrase, in general English, is a phrase that serves to establish the start of a time-lined pattern of behavior. I don't think you're doing it intentionally, and I may have poorly phrased my quick response, but I feel like you took my response quite a bit out of context. Everyone was trying to figure themselves out back in high school. I'm not judging that at all.
I can't speak to Clapper, only he can. I don't think its a far stretch of the imagination to say that there are far, far bigger things at play than his testimony. Have you ever visited the NSA museum? It's open to the public. The US actually intercepted the message the night before the Pearl Harbor attack happened, but didn't have the resources to decode it in time. (https://www.nsa.gov/about/cryptologic_heritage/museum/virtua... ctrl+f 'harbor' should be the 3rd/last result). The point being, perhaps there are bigger things at play.
I can't speak for my 'DoD friends' as you ask, mostly because they don't talk about the specifics of their work. I asked a buddy once if they monitor US citizens. He said something to the effect of: "we don't need to monitor people, they monitor themselves via facebook, twitter, and instagram. How hard do you think it is to find publicly available information?" After I was 'enlightened' to that, it made sense. People literally put what they cooked for dinner on the internet. Finding out information about someone is not hard, because the information is volunteered. No laws are broken, no rights are violated. If you care about your privacy, get off social media.
Also, as much as this may annoy you, NSA (as is my understanding) doesn't care about domestic information at all. That is the jurisdiction of the FBI. This is one of the things my friends find so amusing, people seem to not understand this. That being said, if a packet goes from DC to GA to CN to CA tp US, the foreign hop means: its not domestic traffic. As we have very recently seen, CN has very little issue mucking with traffic that crosses their direct sphere of influence. Perhaps its much harder to tell what kind of foreign traffic should be inspected, and maybe the initial location of origin was spoofed, and its not that easy to figure all this stuff out. Perhaps the smartest people employed by the DoD aren't any smarter than the people that frequent this site, and there are insanely large-scale peoples to be solved, and their fucking hard to solve?
I don't think you're going to like anything I've just said, but just think about it. Do you really believe that the DoD cares about people that are not a direct threat to national security? Do you really think the DoD has the resources to actually monitor, in real time, the general US population? Perhaps, unless you get a satellite phone call from Pakistan, you're not even interesting enough to get your area code noticed? The government can hardly pass a damn budget. They're not that organized. How many people lie on their tax returns every year and get away with it? If the government can't effectively audit the almighty dollar, do you really think they're Big Brother?
Edit: I can't edit my parent response, this is the best I can do. I am looking for a specific article that detailed Snowden from highschool up to his current life. I really will try my best to find this article, and will update as soon as I can find it. My 1 y/o daughter just went to bed, and I will quickly be following suit. I would honesly be willing to do some sort of silly HN-style AMA if people are interested. I'm not some internet troll. I went to Chesapeake High school, which is in the same athletic district as Arundel High school, Where Snowden went. I have no desire or reason to grandstand about anything.
>I said "dates back to high school." The 'dates back to' phrase, in general English, is a phrase that serves to establish the start of a time-lined pattern of behavior.
Again, this does nothing to establish why his behavior in high school is even remotely relevant to his behavior today - and even if it is, so what? He exposed the illegal behavior of the NSA because he's an attention whore? And that somehow invalidates the illegal-ness of what the NSA is doing?
The man could be a fucking sociopathic pedophile serial killer and it wouldn't matter. His personality has nothing to do with the content of the leaks. Repeat this sentence until it sinks in, please!
Why are you so hell-bent on ad-homming Snowden?
>Finding out information about someone is not hard, because the information is volunteered.
And those that are a little bit more careful? What about those edge cases? You know, and I know, and your bosses know, that it's not the people documenting their lives on Facebook that drives the NSA to backdoor encryption algorithms.
>NSA (as is my understanding) doesn't care about domestic information at all.
The content of the Snowden leaks proves this to be a a damn lie. Your understanding cannot compete with documents straight from the horse's mouth. Hell, you could be the director of the entire fucking department and it wouldn't matter - the facts disprove this narrative.
>Perhaps the smartest people employed by the DoD aren't any smarter than the people that frequent this site, and there are insanely large-scale peoples to be solved, and their fucking hard to solve?
The smartest people employed by the three letter agencies are beholden to the US constitution, something they apparently need reminded of.
If you're sucking up info from US citizens, that is not a "oops, let's get an intern to fix this broken footer" like it was a bug on some random rails site, that is a "you just broke the fucking supreme law of the land, please report to the DoJ for your inquiry"
>Do you really believe that the DoD cares about people that are not a direct threat to national security?
Everyone is a "threat to national security" until proven otherwise. Again, we have the authoritative leaks to go on, which rank about a million times higher than any apologia you can possibly offer.
And if they're not a threat to national security, then why are they in those databases? Search, seizure, and all that...
>Perhaps, unless you get a satellite phone call from Pakistan, you're not even interesting enough to get your area code noticed?
And yet, my shit is in their database. Why is that? What gives them the right?
>The government can hardly pass a damn budget. They're not that organized.
Because, yknow, the people responsible for passing a damn budget are the same ones that are responsible for orchestrating the SIGINT programs. Cmon, you know better than that. "The Government" is not a singular entity. This disorganized entity can apparently architect and effectively run programs such as PRISM, DISHFIRE, XKEYSCORE, and that operation that intercepts general purpose hardware to install backdoors who's name I can't remember right now.
Being a mess of bureaucracy and graft has never stopped any government, anywhere, from perpetrating massive crimes against its people. With that in mind, this is absolutely not a defense, nor even a mitigation, of the crimes committed.
I apologize if these posts come off as overly hostile, but you are making fallacious arguments, and you are handwaving inconvenient facts. It would be better for all concerned if you'd stop doing that.
I realize you won't change your opinion, and I respect that. I responded to a comment below addressing some of this if you'd like to read it.
It really just confuses me that a group like HN, generally very open-minded, are so willing to assume the very worst based on very limited, curated, non-refutable evidence. Non-refutable because of security concerns. Its like someone ripped every 18th page out of a book, and from that subset, created their own version of the book. They changed the ending, and flipped the protagonist and antagonist. The story is not accurate.
That's a more complicated issue than a simple 'he lied to Congress'. What he said to in front of Congress was flat out wrong - no one's disputing that. Did he lie? That would require an intent to mislead the committee, which would be a difficult thing to do since everyone on the committee had previously been briefed on it. In fact, he corrected his testimony to Sen. Wyden's staffers several days later when he realized the mistake according to the ODNI General Counsel[1]. He couldn't correct himself publicly because the information is classified.
This calls into question why Sen. Wyden asked Clapper to begin with. It's illegal for Clapper to disclose classified information publicly, but as a sitting senator, Wyden would have immunity for anything brought to the Senate floor. If Sen. Wyden thought it was an issue that should have been brought forward publicly to the constituents that he represents (which he apparently did, since he asked the question in a public forum), he should have done it himself instead of trying to get Clapper to take the fall for him.
Again, that implies that he had intent to mislead. It's easy to prove that he was wrong - it's a lot harder to prove intent. Wyden decided to ask that question to a senior intelligence official who was not part of NSA (Clapper is Director of National Intelligence - responsible primarily for collaboration between the intelligence agencies) and he asked it out of the blue during a hearing that mostly focused on tensions in the Middle East. It's within the realm of possibility that Clapper actually misinterpreted his question, or just plain did not consider a program that we later found only had 23 people working on it (out of around a hundred thousand or so people across all of the intelligence agencies). Wyden clearly knew the answer to his question and wanted the public to know it. Did Wyden lie to his constituents through omission?
>"and he asked it out of the blue during a hearing that mostly focused on tensions in the Middle East"
Are we talking about the same question? Your claim directly contradicts Wyden's statement on the matter.
Do you believe that Wyden's statement is true? And if not, what evidence do you have, and do you believe Wyden is a liar because he intended to mislead people by saying the following? Or did you accidentally make a "too cute by half" factual error or "least untruthful statement" when you claimed he "asked it out of the blue", and it was never your intent to mislead?
>"So that he would be prepared to answer, I sent the question to Director Clapper’s office a day in advance."
Yes, I would consider it out of the blue. Sen Wyden posed follow-up question to something that Gen Alexander said 8 months earlier, and he waited until the day before to pose it instead to DNI Clapper at a committee hearing that 1) was focused on developments in overseas national security threats over the past year and 2) Gen Alexander wasn't going to be present for. I don't doubt for a second that Clapper didn't see it - you don't wait until the last moment to submit a question unless you're trying to pull a political stunt. If he sent it a week or two prior, I could understand some outrage.
I have no idea what was going through Clapper's head at the time - maybe he did consider the 215 program or maybe he didn't. What he said was factually wrong and he tried to correct it but couldn't do so publicly.
This isn't trying to get the truth out - this is politics. Wyden is an elected representative - he has a duty to act in the best interests of his constituents. He was fully briefed on the program. If he felt that the information should have been public, he should have made it public - as a sitting member of the Senate he was authorized to do so. James Clapper was not. Wyden didn't correct Clapper on the spot. He didn't ask for more details. He didn't ask something like 'can you address any domestic collection programs that would fall under the Section 215 authorities?' He didn't do a damn thing publicly until the program was leaked months later, then used it as an opportunity to advance his own political career. Don't act like Clapper is some sort villain but Wyden is a hero.
I certainly am interested in talking about this intellectually, and presumably so were you when you just said "We can talk all day about politicians lying in front of congress. Would you like to?"
Yes, I would like to. Why do you think I'm not interested in talking about this intellectually? Do you not believe me when I say that? When I asked you a direct question in response to an accusation you made, and you dodged the question by trying to go meta. Did you not mean what you said when you invited me to talk about lying politicians all day?
To me, it appears that you are the one who is not interested in talking about this intellectually, so you tried to change the subject to attacks on Snowden's personality, then when that didn't work, you avoided answering a simple question by going meta, then when that didn't work, you projected your own disinterest in having an intellectual discussion onto me.
If that's the best line of argument that NSA apologists can come up with, it's no wonder they're having problems recruiting honest intelligent people.
You claimed that "They changed the ending, and flipped the protagonist and antagonist. The story is not accurate." Who do you mean, exactly? Please explain your accusations, or withdraw them if you're unwilling to support your unsubstantiated claim that the story is not accurate.
All you've offered as evidence against the story so far are your ad-hominem attacks against Snowden, right out of the US Government's playbook to demonize him and distract from the real story, just as Snowden himself predicted.
To continue having an intellectual discussion, please answer my question:
Is James Clapper a protagonist or antagonist for lying to congress?
Wow talk about ad-hominem, that's a brass-bound example right there. Just post the link without the running commentary on another contributors character, please.
I'll agree it was a bit mean, but I have sympathy for the annoyance that prompted it. irishcoffee responded to a thoughtful comment about how culture can shape attitudes, with a one-line quip about how his DoD buddies say communities like HN are clueless, following up with specific but unsourced claims about Snowden being an attention-seeker, and ultimately plays the card "I'm a single dad working full time. Time is hard to come by" as an excuse for why he didn't source them. IMO then it's not fallacious to expose that for the lacking and possibly deliberately disingenuous argumentative tactic that it is.
If he chooses to post actual evidence, we should move on to discussing that. As long as he only presents his "hominem" (in the form of secondhand claims from his friends, what he supposedly read once, and what the other demands on his personal time are) as evidence, ad-hominem is the only response he'll get and deserve.
I appreciate your candor. I would like to back up my claims, and given the time, would do so at my lunch break/free time tomorrow. I have no reason to lie and nothing to hide.
Thanks. I realize I may have sounded like I was definitively accusing you of lying or manipulating us. I'm not, but a more accurate description would be that so far your behavior looks suspicious and you haven't given very solid information. Although I tend to "side with" Snowden, I would not be surprised if there is more to him than meets the eye, so I would be interested in seeing if he has a history of grandstanding. (On the other hand, as others have pointed out, if what he has released is correct and against the will of the citizens/law/human rights, does it really matter if the disclosure fits a pattern of attention-seeking from the messenger?)
P.S. What may be irking some commenters is that HN threads are so "time-sensitive." In another hour this thread will probably slip off the front page and out of mind. So some people may be anxious to see a source before that happens. Or they downvoted so agressively, so that unsourced claims will be seen by fewer people during the small period of time the thread is active, while it could legitimately take you a few days to find a source.
I'm still looking for the specific article, but this works in a pinch. He is very open and caviler about being the moral police. He decides what is right and wrong, and flip-flops his ideals when it serves him.
His attention-seeking, which you've latched on to, was one example of his personality. The links I posted show more of what I was trying to convey. He marches to the beat of his own moral code and changed it on a whim whenever it served his needs.
I brought all that up to say, he leaked for his own benefit, or out of anger for being wronged, or something. What he leaked, whatever you've seen, is what he wanted you to see. He painted his own picture to the world, and the people he wronged can't set the record straight because of national security concerns. Its an unfair fight.
Everyone is convinced NSA is out to get them, to monitor them, invade their privacy. throwing the law out the window and carte blanche having their way with whatever data they want.
NSA I'm sure, has a huge legal team. Before they worked at NSA, the lawyers passed the bar. They took an oath to uphold the law. They wouldn't just let people break the law, if for no other reason than, they might get caught. I'm also pretty sure each DoD entity has an IG department. If someone does something wrong, and gets caught, they get in a lot of trouble.
There is a whole series of checks and balances in place. If something is wrong, its the law you have a beef with.
And again to answer your question, he leaked what he wanted, painted the picture he wanted, manipulated people to believe whatever he wants them to, knowing he couldn't be contradicted. He could literally say whatever he wants at this point and people gobble it up. People believe what they want, based on what he says, without ever pretending to consider the idea of possibly entertaining the idea of giving the DoD the benefit of the doubt.
He asked: "Why do you feel that Snowden's alleged attention-seeking behavior is more important than the content of the leaks?"
You said nothing about why his behavior is more important than the content of the leaks. What's so unimportant about the content of the leaks, that you think something so trivial as your armchair psychiatric evaluation of his personality is more important than anything he leaked?
"If someone does something wrong, and gets caught, they get in a lot of trouble." Did Clapper get in a lot of trouble for lying to congress under oath?
Though I recognize the thread is pretty much over with, I'll add on to irishcoffee's claim...
It's very important to understand what Snowden's motives in evaluating the validity of the NSA documents. None of the documents have been released in their entirety, and often times the only thing that is released is a paragraph or two, or perhaps a couple of slides. Is there enough context in the partial source material presented to back up the article's claims, or is there more to the story? There have been several times when the media released one story, only to be contradicted when they later released further portions of the same document. For example, see [1], [2] and [3].
If he's whistleblowing on these program like he claims, there's no reason to doubt the validity of the documents; if he's just a disgruntled systems administrator with an axe to grind, the documents we see may cut down to remove the context and just show us what he and Greenwald want us to see, knowing full well that the NSA generally can't provide evidence denying the claims without releasing more classified information. When you add things like claims that other writers were forbidden from criticizing or contradicting Greenwald's narrative on Snowden at the Guardian[4] and at the Intercept on other subjects[5], it adds to suspicions that we're getting a distorted view of the subject.
Regarding Snowden's grandstanding, you don't even need to go all of the way back to high school to start seeing claims that don't quite mesh with reality. He lied about his qualifications to get his initial job as an NSA contractor[6] and by his own admission took the Booz Allen job specifically to gather information to leak[7]. That doesn't strike me as whistleblowing - instead of "I saw something wrong and I'm reporting it" it's instead "I'm determined to find something wrong and report it." That alone should sound sirens in everyone's head that whatever was released had a skewed perspective to it.
He claimed to be a senior intelligence official, while the NSA claims he was a low-level systems administrator. If we look at his actual words, though, compare for example his description of PRISM in 2013[8] to his description of it in 2014 after all of the details were released[9]. They're so different that it's apparent to me that he didn't actually know any of the details on PRISM beforehand except for general information mixed with his own assumptions. Other sources have documented a whole litany of other contradictions in his statements ([10] for example).
I've seen so many people say not to focus on Snowden, focus on the documents, but you can't fully evaluate the context of the documents without knowing his motive. Is he a heroic whistleblower like he claims, or is he a disgruntled ex-employee trying to lash out at his former employer and gain notoriety in the process through misleading disclosures?
Thank you for very clearly articulating whats I've been fumbling around trying to say, and for doing the reference legwork in a much better way that I did. I feel like only one side of this story is ever represented around here.
Excellent, thanks. Even the professional reporting on PRISM seemed to evolve over time (or maybe my understanding evolved) -- I wonder if it's a similar reason that Snowden's statements changed? Anyway, I agree it's suspicious, and Greenwald is a bit slippery too.
I do have some objections off the top of my head, if somewhat superficial.
> by his own admission took the Booz Allen job specifically to gather information to leak ... instead of "I saw something wrong and I'm reporting it" it's instead "I'm determined to find something wrong and report it."
He'd already decided there was something wrong, though: "“Much of what I saw in Geneva [as a CIA spy around 2007],” he said, “really disillusioned me about how my government functions and what its impact is in the world.”" and "Snowden has said he first contemplated leaking confidential documents around 2008." On a different altercation, "The incident convinced him, Snowden says, that trying to work through the system would lead only to reprisals." And he started stealing documents before Booz Allen Hamilton, according to the NSA: "It was that summer of 2012, Ledgett says, when Snowden made his first illegal downloads."[1]
Those claims about his formative experiences could of course be fabrication to help his credibility, or maybe semi-honest retroactive re-framing of genuine incidents to justify his current course in his own mind. I'll assume they're honest, for purposes of explaining why I don't find the Booz Allen job so damning.
So, he's made a decent case that taking the Booz Allen Hamilton job, while driven by admitted "ulterior" motive, wasn't merely "I'll have a peek at secret info and see who I can 'sell' it to later". He already had some ideas what was wrong and who he wanted to tell about it. Now, I will grant you that his perception of the documents he gathered to support his opinion was then biased, and that the collection of documents available biases what they can be used to claim. But that seems an unavoidable part of humans forming and expressing opinions. So long as his "opinion" wasn't formed based on what would "play well" in the media or something like that, I don't really see an issue here.
If I haven't beaten this to death, another way to say what I'm trying to say here: imagine he worked in the same place for 5 years, and then in the last 3 months decided to start actively gathering documents to support a thesis. Would you say that skewed his results the same way? Why or why not? Because arguably, he did work in the same environment for 5+ years, and I don't see why just switching to another defense contractor for access poisons any opinion-forming or research he does there. If it does, we have to distrust anybody who has ever acted on an opinion in order to persuade us of it, because that means anything they say is skewed and they are now trying to fit facts into their narrative instead of the other way around. (Which is probably a good way to lean toward, but not very helpful if you take it to an extreme and want to ever learn about things that happen outside of your immediate consciousness.)
> is he a disgruntled ex-employee trying to lash out at his former employer
But it only became his former employer by Snowden's own choice to leak, as far as I understand both Snowden and the government say. Are you saying he now regrets losing his cushy $122k/yr job with Booz Allen, so we can't trust him? That's a stretch IMO -- the documents were obtained before his employer became the ex-employer, so they can't inherently be tainted afterward. And at this point, it's probably mostly the journalists picking through the documents and potentially coming up with misleading excerpts and framing, but why would their reason to do so be to spite their source's ex-employer? Snowden might be a naive idealist, an attention seeker, a troll, a spy, or something else, but "disgruntled ex-employee" is not making any sense to me. Maybe I'm taking it differently than you meant.
> Are you saying he now regrets losing his cushy $122k/yr job with Booz Allen, so we can't trust him?
No, I'm saying that I wouldn't be surprised if something happened while he was in Hawaii that inspired him to leave with a bang. Apparently he left the CIA station in Geneva in 2009 because he received a derogatory performance report regarding his behavior and work ethic, and decided to leave prior to the CIA conducting a more thorough investigation.[1] He arrived in Hawaii in March 2012, so he had apparently only been there for a few months before he started stealing documents. He had spent around a year each working systems administration jobs under a contract Dell for the NSA in Japan and the CIA in Maryland prior.
I also don't doubt that he had planned to leak prior to switching over to Booz, since he initially contacted Greenwald about four months prior to taking the job, in addition to the government's claims that he began downloading them all in 2012. But I doubt that it was because he saw something and insisted that it must be brought to light. If that was the case, he wouldn't have walked out with so much data. He claimed to have "carefully evaluated every single document [he] disclosed to ensure that each was legitimately in the public interest"[2], but he took out somewhere between 50 thousand and 1.7 million documents, depending on whose numbers you go by. This is a collection of documents that dozens of reporters, several dedicated solely to NSA reporting, haven't managed to go through over the course of two years, but somehow he himself carefully evaluated the potential damage and public interest value of every single document in less than eight months while simultaneously still working his 9-5 job. I don't buy it. If his intent was to blow the whistle on something, he would have just grabbed the few documents he needed and gone to press with them. The fact that he didn't leads me to believe that he had some other intent.
> "The incident convinced him, Snowden says, that trying to work through the system would lead only to reprisals."
What you left out from the paragraph that quote was pulled from was that it wasn't some shady intelligence operation that apparently convinced him to not work through proper channels, but that he claims was reprimanded for modifying his own performance report in a stunt to prove that there was an issue with the security in one of the systems used by human resources (there's slightly more information in this article: [3]) I don't know the details, but in every place I've worked bypassing security to modify your personnel files would be grounds for losing your job, regardless of what point you were trying to make.
And again, that's just his story - there's no evidence to back it up. Same thing for story about getting the banker drunk in Geneva to recruit him as a CIA asset; and distributing pornographic photos at NSA; and that the NSA took down all internet connectivity in Syria during their civil war; etc. Most importantly, that also goes for his claim that he voiced his concerns through internal channels. When NBC made a FOIA request to verify Snowden's claim that he had raised his concerns, the NSA responded that the only e-mail they could find was asking a generic question about legal authorities mentioned in a training program[4]. If Snowden wanted to maintain credibility at this point, he could have instantly produced the e-mails and said 'Look! The NSA is lying!' Instead, he just made a claim that they were lying without producing any evidence. I find it hard to believe that he walked out the door with thousands upon thousands of documents, but forgot to bring a copy of his own e-mails that would corroborate his story.
I'm sorry - I just think there's way too many aspects of his story that sound a bit too fishy. I could go on about other aspects regarding the NSA reporting, and Snowden's relationship with Glenn Greenwald/Laura Poitras, and questions about why he went to China and how he ended up in Russia, etc., but that diverges a bit from the subject of his grandstanding/credibility and I think that's probably enough for now
> I'm saying that I wouldn't be surprised if something happened while he was in Hawaii that inspired him to leave with a bang.
This is a fair point, especially in light of how his CIA stint ended. I started considering it myself, but didn't think much of it because it seems like the NSA & co. would be gleefully trumpeting such a thing if they knew it. For example, they said one of the first things he stole was a technical employment test with answers, and implied he used it to cheat (in my link from the last post.) Can you think of such an incident that the NSA wouldn't know about, or wouldn't reveal publicly?
And since you are arguing that he both a) leaked because he was disgruntled about something at work, and b) committed to leak months before changing jobs, the possible scenarios get even narrower, as they would have to carry over between jobs. Does he just hate the entire current US intelligence sector in general? Well, he's not keeping that a secret, so it shouldn't really be a mark against his credibility.
Now, just because I can't think of a reason he wanted to "leave with a bang" that we wouldn't know about, doesn't mean it can't be true, but it deflates that theory quite a bit IMO.
> If his intent was to blow the whistle on something, he would have just grabbed the few documents he needed and gone to press with them.
But his claim (or a popular simplification of it) is that the US is violating the rights of everyone, all the time, for any reason they feel like. He's not blowing the whistle on one office or something, it's a whole multi-billion dollar industry run by major branches of the US Government. If he just brought every document about PRISM, or just the Verizon metadata arrangement, or just personally hacking sysadmins at telecoms, or just tapping Google's private fiber lines, or just tapping Yahoo's private fiber lines, it would not be near as powerful as showing they are doing all of the above, and more! I don't know that he ever planned this, but there is also a practicality argument that it might be easier to "collect it all" first, flee, and sift through it for a few weeks full-time from the comfort of Hong Kong.
> What you left out from the paragraph that quote was pulled from
OK, and you left out where I introduced that quote with "On a different altercation, ... " Yes, I probably took too much license editing it, but it was meant as a quick allusion to his claims to have raised concerns through the "proper channels" at NSA and been ignored. In the full, more accurate context, it shows that on that occasion, he went to some lengths to work within the system to raise a concern (reading between the lines, it sounds like his boss eventually helped him to inject some Javascript tags into Snowden's personnel file, as a proof-of-concept for the vulnerability), and got nothing but trouble for trying to help in the way that was supposedly approved ("His immediate supervisor signed off on it" from your link).
> getting the banker drunk in Geneva to recruit him as a CIA asset
Yes, I am shocked the CIA didn't jump in and confirm or deny that this happened.</sarcasm> What proof would you expect? Granted, if it's not (dis)provable it's of little worth to us, but it's not really meant to be something we're persuaded to believe, just an anecdote about a formative experience. I don't know, is it inherently disingenuous to tell a story you can't prove, with the purpose of explaining your worldview?
> I find it hard to believe that he walked out the door with thousands upon thousands of documents, but forgot to bring a copy of his own e-mails that would corroborate his story.
First, that article says NBC sent a FOIA, but the single email shown was not received from FOIA. I'm not sure it matters, though.
How would anyone but the NSA and Snowden know with some certainty that any emails he did produce were legitimate? Would they admit to us if they were legitimate? (Tip: commit hashes of your proof to the Bitcoin blockchain early, so you can at least prove you were thinking about something before a certain date.) Hmm, I guess this goes for all the documents' authenticity, but I can imagine it's easier to confirm those than emails. Maybe he didn't really care about corroborating his story, or wasn't planning "a story" that far in advance. It's kind of funny that this is such a point of contention. Is anyone really saying the NSA would have stopped if they knew some sysadmin named Ed Snowden didn't like it? I guess alone it's pretty small, but it's another of several doubts about his credibility, that's why it's so hotly contested.
I agree that his claim about evaluating every document is suspect, and several of the other items you mentioned.
> it seems like the NSA & co. would be gleefully trumpeting such a thing if they knew it.
I don't think so for two reasons:
1) they don't talk much about anything unless they absolutely have to for classification and vetting reasons (this gets into topics like overclassification and whether or not things are really necessary for national security - but that's a different debate). For example, the op-ed that Michael Hayden wrote[1] in the USA Today in response to the 'NSA audit reveals thousands of violations' articles was apparently originally going to be written by the NSA itself, but the declassification and vetting process prevented a timely, point-by-point response[2]. I'm surprised that the e-mail was released so quickly. Overall, the NSA's response has been bumbling, and I think that has a lot to do with existing public relations policy that doesn't fit well with a fast-moving media.
2) There's a pending court case, and it's usually good policy to stay mum about anything regarding any pending cases until afterwards. I don't know that it's necessarily good policy now, as Snowden is probably never going to come back and face trial, but he is still indicted.
> Does he just hate the entire current US intelligence sector in general? Well, he's not keeping that a secret, so it shouldn't really be a mark against his credibility.
No, it's an indication that we should treat the leaks may have a skewed perspective, and we should keep that in mind when evaluating them. The credibility issue comes into place when he gets on national television and tells the American people “I reported that there were real problems with the way the NSA was interpreting its legal authorities. And I went even further in this, to say that they could be unconstitutional, that they were sort of abrogating our model of government in a way that empowered presidents to override our statutory laws. And this was made very clear. And the response was, more or less, in bureaucratic language, was, ‘You should stop asking questions.’"[3] The e-mail he sent did in fact ask a question about legal authorities, but nothing like what he described to the public; there were no concerns raised at all. Even his description of the response was a lie: instead of 'you should stop asking questions' the guy said 'Please give me a call if you'd like to discuss further'. On top of that, the e-mail was sent months after he first contacted Greenwald and Poitras - he was almost on his way out the door to Hong Kong at that point. That's the kind of stuff that speaks to his credibility. When you know that he hates the NSA and will make bald-faced lies on television should raise some flags when evaluating the leaks.
This is getting away from the Snowden credibility issue and more to issues with the reporting, but ...
> If he just brought every document about PRISM,
... for which all of the reporting turned out to be wrong. They blew a massive intelligence source over perceived mass civil liberties violations when the truth ended up being 'We can get content on specific accounts from Google/Yahoo/etc. when we present them with a court order.'
> or just the Verizon metadata arrangement,
... I probably wouldn't have had so much of a problem if he released that one and stopped there. Even so, the details from initial story still didn't match reality. On top of that, the program has debated at length in public and in Congress since it was initially disclosed back in 2005[4].
> or just personally hacking sysadmins at telecoms,
1) I don't care that GCHQ hacked Belgacom - it does not affect me at all; 2) we still lack a lot of context behind this - Why did GCHQ break in? What information did they obtain? Where they using this access to spy on legitimate intelligence targets, or something we would object to? The story was presented simply as 'they hacked a Belgian telecommunications company - be outraged!'
> or just tapping Google's private fiber lines, or just tapping Yahoo's private fiber lines,
I'm pretty sure Google and Yahoo didn't lay their own transcontinental undersea fiber optic lines. That's the nature of the internet - at some point your communications pass over lines owned by someone else. I'm a lot more angry at Google for not bothering to encrypt their transnational data than I am at GCHQ for intercepting it - that means the intelligence services of EVERY country their traffic passed through had access to it.
> it would not be near as powerful as showing they are doing all of the above, and more!
Regarding NSA staying quiet for classification and legal reasons: I presented an instance of them releasing info when it served their ends, as a counterpoint to this, but I suppose ultimately we can't count on them announcing anything like that.
I am a bit bothered by the general response, "They would win this argument if they allowed themselves to tell you everything" that is often given in support of the spies. To outsiders, it's indistinguishable from "We know we'd be shut down if we admitted what's going on, but we feel the ends justify the means, or we like the money, etc." It feels unfair and underhanded, but I guess it is unavoidable and legitimate too.
That's a great point about the timing of that email. Also about "he hates the NSA and will make bald-faced lies" synergistically combining to discredit him (though I am not so convinced Snowden is the one lying.)
> the program has debated at length in public and in Congress since it was initially disclosed back in 2005
Yes, it wasn't really new, but if releasing new documents spurred greater public debate and nearly caused the House of Reps to vote to defund the program[1], is it not an effective activism tactic? I mean, you can call it traitorous, but you seem to be saying it was totally unnecessary, when its release caused a law to be drafted and voted on that probably wouldn't have otherwise.
> The story was presented simply as 'they hacked a Belgian telecommunications company - be outraged!'
And people wouldn't be outraged if there was no merit to it. Around here, we're all wondering if we will be personally hacked because of one user (or potential users) on a system we have authority over, and what consequences that could have on our personal life and reputation, employment, and our company's reputation. Yeah, it feels sort of silly to think NSA could bother me, but the targets of that hack would have said the same, until they learned the truth (or whatever filtered version the journalists fed them.)
Yeah, I was oversimplifying about the nature of those fiber lines, and you're right that it was irresponsible of them. Well, I guess you can thank Snowden for forcing companies like Google and Yahoo to clean up their act. If there's one legacy he'll have, it's that more engineers will think of the NSA bogeyman (justified or not, illegal or not, accurately portrayed or not) whenever they design things. Maybe Snowden's ulterior motive is to scare people into better security, by lying if he must? ;)
P.S. What do you think of William Binney? He basically supports Snowden and says some of the same things, but maybe doesn't have as bad of credibility issues.
> I am a bit bothered by the general response, "They would win this argument if they allowed themselves to tell you everything" that is often given in support of the spies.
I don't think they're winning the argument here, at least not as far as public approval. It's completely anecdotal, but I've noticed something interesting about the kinds of responses people have on the subject: people who don't follow the issue at all tend to completely disapprove of Snowden, call him a traitor, cite terrorism, etc.; people who are somewhat passionate and read all of on the subject tend to have the polar opposite opinion; and people who go into extreme depth on the subject (reading all of the leaked documents, reading the laws, watching the debates and the congressional hearings, etc.) tend have much more nuanced opinions. It's hard to have debates on the subject because of both the amount of secrecy involved and the amount of misinformation floating around. I think the NSA needs a big adjustment to how it handles interactions with the media if it's going to gain any traction with the public. At the same, the American public needs to come to grips with the fact we employ people for the purpose of spying, and that's not necessarily a bad thing.
> I mean, you can call it traitorous, but you seem to be saying it was totally unnecessary, when its release caused a law to be drafted and voted on that probably wouldn't have otherwise.
Actually if Snowden had stopped at the domestic phone records collection program, I don't think many people would really have much issue with him. It's everything that came afterwards that bugs me. The 215 program was and continues to be very controversial. What doesn't help the debate is the amount of misinformation about the program. The PCLOB laid the entire program out in one of their reports[1], and several officials have summarized exactly how they are using the data and what they're allowed to use it for (see [2] for example), but it continues to draw arguments citing things like this[3] where they include several types of metadata that the NSA isn't permitted to get like location data, names, message content. I'd love to see someone to do a research paper where pull the exact types of data collected under this program from 100 or so phones and say 'this is the actual information we were able to obtain from it'. I've done it myself on a very small sample of phones (3 phones over about two months) and made some interesting conclusions, but nothing like some of the detractors have made.
I'm not saying that legitimate violations of the law shouldn't be reported, but we haven't seen that. What we have seen a lot of is 'look at this tool/program that NSA is using', then an insinuation that it could be used against anyone without actually showing who it has been used against or why. The giant revelation that Glenn Greenwald promised showing actual Americans who were targeted by the NSA ended up instead showing 5 Americans that the FBI through FISA warrants. If something bad is going on, I want to see actual wrongdoing, not potential for wrongdoing. The police have the technical capability to indiscriminately gun down every person they see, but no one is arguing that we should disarm them based on something they could do.
> Around here, we're all wondering if we will be personally hacked because of one user (or potential users) on a system we have authority over, and what consequences that could have on our personal life and reputation, employment, and our company's reputation.
I think one of the biggest problems that has arisen from the Snowden revelations is that it's completely upended people's perceptions of the threat model. Telecommunications providers shouldn't be surprised that they're a target, because they would be a prime target for hackers even if there weren't any intelligence services. They sit in a very privileged position on the internet. For the most part, I'd say the people that have to worry about being targeted by the NSA or any other intelligence service already knew ahead of time that they were potential targets. If you don't deal with anything pertaining to national security issues or provide means to gain access to national security information, your primary concern should not be the NSA (or GCHQ/Mossad/FSB/BnD/etc.)
This leads to lots of bad security practices as people try to secure themselves from the NSA but leave themselves more vulnerable to more plausible threats. Tor is a primary example - it might hide you from someone trying to target you specifically, but will make you significantly more vulnerable to someone who doesn't care who they're attacking (i.e. just about every criminal). Articles like this[4] made me cringe: battered women were seeking some means to escape from their abusive boyfriends/spouses, and the Tor Project managed to convince them that they would be safer from them by browsing the web using Tor.
With regards to William Binney, he hasn't worked in the agency for nearly 15 years, so I don't put much credence into anything he says after 2001. His description of ThinThread, which he advocates, sounds terrifying: instead of trying to filter out and discard as much domestic communication as possible, ThinThread apparently takes in all of the communications and encrypts the domestic traffic for later use if they obtain a warrant. It's hard to definitely evaluate it without a more detailed technical description, though.
Your first paragraph reeks of confirmation bias. It's a truism (and/or a pat on your own back) for you to say "and people who go into extreme depth on the subject [...] tend have much more nuanced opinions." Such thinking makes it all too easy to discard countervailing opinions. Of course my opinion is nuanced and correct! Those other people simply haven't read enough, otherwise they would come to the same conclusions that I have!
I don't have much to add to the discussion other than to say that people have spent miles of text, sweating this thread out, yet no one has budged a bit on either side of this discussion. Some generosity and good faith "shoe-switching" might go a long way in seeing the middle ground between "the government is completely in the clear to keep on trucking" and "the NSA should be abolished."
As an aside, I wish HN would give you notifications when someone responds to your comment - I didn't see this for two days and I'm not sure if you're ever going to see this, but anyway...
I wasn't trying to imply that my opinion was the correct one - of course, I am naturally a bit biased on the matter. :) I was trying to say that the whole "the NSA is 100% evil" argument is just as ignorant as the "the terrorists will win if the NSA doesn't read your e-mail" argument. Based on your 2nd paragraph, I think we're in agreement on that front.
I've watched debates like [1] where you put the NSA and ACLU in the same room and civil discussion ensues. I'd like to see more debate on those lines.
I appreciate your candor too, and I'm taking what you've said at face value, that you want to back up your claims, and have no reason to lie and nothing to hide. And that you would like to talk all day about politicians lying in front of congress.
So please answer my question:
Is James Clapper a protagonist or antagonist for lying to congress?
And my friends would be amused by your friends. I know a few DoD-type guys who operate in these informal government contractor circles. I have seen some wild stuff involving private companies, NASA and intel agencies. Lot of these CIA things are being outsourced to contractors. Similar to the private intel network of Sid Blumenthal providing info to Hillary Clinton, from an easily hacked AOL email no less.
The power and influence, along with whims of eccentric players, in these contractor groups is really getting out of hand.
And we all want attention in some way, including you for posting your comments and me for mine. It could be both a noble thing Snowden did and something he wants some recognition for doing. Basing your analysis on whatever he did in high school is quite silly. Most everybody was looking for some attention then and likely going about it the wrong way.
This kind of thing is a great example of why Snowden had to release a large trove of documents to reporters. Earlier whistleblowers were easily dismissed this way, but now the personal attacks are basically irrelevant -- we have the documents and can make our own judgments about who's horribly misinforming us.
He could generate a lot more attention for him as a person if he wanted. Instead he let the world largely focus on the material he could extract. Which is good, because this shouldn't be about him: If it was the media and government would try even harder to find irksome material about him as a person (Bullshit like "his girlfriend was a stripper, and this is why we should not trust the material").
That's quite a battle to wage, considering that at least two of Silicon Valley's largest companies are built around surveillance and invasion of privacy, and their core business model is selling their user's private information.
The article doesn't truly address such a large claim -- it basically could be titled "After Snowden, the NSA Faces Recruitment Challenge from 3 College Students".
The NSA has nearly unlimited hiring potential with just the pool of military folks alone that work there. There are constant hiring freezes for a year at a time, because a lot of buildings are over capacity.
If one of these college students were to apply to the NSA through NSA.gov (mandated as the only way someone is allowed into the agency), they would have to apply a minimum of 2-4 times, because the application stays good for about 90 days, and the average applicant waits 6 months to a year to get accepted. This is assuming they're applying straight through without having someone with hiring power pull their application from the queue. After that, the process to get a clearance could take anywhere from another 6 months to 2 years (possibly more in some exceptional cases) and costs the agency about 250k.
So, it goes without saying that bringing onboard a fresh college student who isn't going to even get to walk through the door at least a year after applying, can pale in comparison to bringing on someone who already has a clearance and training. The article assumes that the NSA relies heavily on its external recruitment, but the vast majority of folks working there just change out of a uniform into jeans and a shirt.
I do think the real issue is not whether the NSA can fill cubes, but whether they can stay ahead of the threat curve. NSA competes with, but not for, the employees of foreign intelligence services; likewise, they used to compete for the same talent pool as top tech companies, but not against those companies.
Then they decided to turn the Big Ear inwards and go to war with US tech companies. Now firms like Google, Microsoft, Apple, etc. are building active defenses against the NSA, which means that they're hiring for the same problem domain, with better salaries and benefits, no security checks or polys, and no stigma (and a lot of prestige) attached to the position. As a result, NSA is threatened with losing precisely those talents necessary to keep ahead of foreign adversaries.
The savage irony of this is that both the NSA and tech companies are at a Nash equilibrium that is non-Pareto optimal; NSA loses top-tier candidates, and tech companies have to expend resources to protect themselves from NSA and other threats. An ideal scenario would be for a trusted NSA to work with tech companies to support strong crypto and security, but that's a nonstarter in the political and bureaucratic climate.
Personally, I'd like to see the defensive aspects of the NSA broken out into a separate agency, preferably either cabinet-level or independent, with the singular mission of protecting the security and privacy of all Americans, covering everything from crypto to vulnerability discovery to privacy recommendations and (where applicable) rulemaking. You would assume that NSA would still be in competition with a hypothetical Information Security Assurance Agency for discovering vulnerabilities, but the ISAA would not have the balancing test of "does this vulnerability threaten Americans more than it helps us listen on our adversaries?" Think of it as a FEMA for the cybersecurity age.
Salaries and pensions are no joke either. I was reading about how recruitment works. It seems they have a relationship with many CS and Math professors who recommend bright students directly to NSA headhunters. I imagine working on some of the problems they do can be very exciting. Not everyone feels this need to publish publicly.
I find it hard to believe there's any sort of recruitment shortage. The NSA does today what it did 5, 10, 15, etc years ago. People interviewing for those positions know exactly what they're getting into then the same way they know what they're getting into today. The whole "OMGZ SPYING ON MY MAY-MAYS" sells on here on reddit, but apparantly lots of people don't take that view and instead see sigint as a legitimate need, like having a standing military with nuclear weapons or intervening into foreign countries. Arguably, good sigint means less conflicts and more wins. Hitler's Germany was damaged greatly by sigint hero Alan Turing. Funny how we celebrate Turing, but a modern Turing today would be vilified instantly. The world, if anything, is much more dangerous today than in the 30s considering how many nations have nuclear weapons. Honestly, if I had the choice I'd rather work there than find new ways to deliver annoying click-bait ads at a place like Facebook or get kids hooked on some milquetoast WoW-clone.
The Chinese, Iranian, and Russian sigint guys aren't taking some moral stand either. They're just getting their assess to work the same way we do.
> Funny how we celebrate Turing, but a modern Turing today would be vilified instantly.
For that comparison to work, we would need a modern Third Reich or World War as well. Tapping into European email in 201x is hardly the same as spying on the Nazis.
Well that seems very much up for debate by the powers that are the U.S. Government... if you're not an American you're a potential terrorist; if however, you are an American, you're a potential terrorist too. So they're just gonna record everything and if you float, you're a witch and they'll burn you at the stake and if you drown then you were innocent and... sucks to be you; Oh wait, that was something else...
The point of omnipresent surveillance is to be proactive and prevent threats before they arise. There is no way to measure its success. If you oppose it, pick a better reason to base your argument on.
Unlike you, I don't believe success, or really anything, is necessary to justify the existence of the NSA or what they do. Realistically, that boat sailed the first time necessary and proper was invoked.
How considerate. As if the legal system matters at all to the existence of the NSA. Wikimedia's case notwithstanding, it's abundantly clear the spy agencies can only be peacefully resisted with privacy enhancing technology. It's obvious why they've been degrading public cryptographic standards and pushing for back doors.
The Stasi controlled every aspect of life in East Germany, including the postal service and communications industry. In the US, FOIA documents reveal a history of domestic political spying on civil-rights leaders such as MLK, and on a wide variety of legitimate organizations.
Throughout history, suspicionless surveillance has been carried out by mafioso to oppress and control.
Of your suspicionless surveillance, you assert "this time is different". The assertion fails.
The Nazis could use your arguments word for word on dissenters of the Gestapo.
No, but his team was also on the receiving end of policies like only using Enigma data for certain events. He knew of attacks that were probably avoidable that led to significant casualties. We can play the moral card all day here.
There's a world of difference between systematically eradicating privacy rights across the globe and withholding potentially life saving information because revealing it would risk exposing your source and thus your ability to do more good in the future.
We celebrate Turing because he contributed a lot to a fairly noble cause.
Spying on the rest of the world that you're not currently at war with is not such a cause, it's a travesty, an insult and has the net negative effect of fracturing the world further and reducing the amount of goodwill between NATO allies.
Please do not soil Turing's legacy by trying to conflate the two.
I'm not sure the world is a much more dangerous place than it was in the 1930s, at ground level that's just another appeal to fear, the general consensus seems to be that the world is getting safer rather than the opposite. Unless you live above a bunch of oil in the ground.
The US Military and associated intelligence branches have crafted heros, but also committed atrocities against our own men and women in uniform. That used to be the line they didn't cross.
You can give an enlisted man syphilis and see what happens. You can even overtly target black enlisted men and see what happens.
But you do the same kind of experiment with the civilian population and you are straight fucked.
I guess if we're obliterating that line, then sure, what's the difference? You're either cop or little people.
Sorry if I wasn't clear, that's what I intended to convey.
In the public sector we mostly consider employment solely based on its benefits because under US law there is only so much bad shit that your employer is allowed to cause you to endure.
Employment with the US Military or associated intelligence services MUST be considered with the stark fact in mind that a core tenant of your employment is signing over your life. Not to die nobly for just causes. Simply to give over your life for nearly any purpose deemed fit by your superiors.
Had an interview with them about three months after I applied. Well, had a phone interview with them at least. It lasted about three questions because, unfortunately, I had smoked pot in the last year (the one time I had done it in my life actually).
I'm actually not sure if I should have failed it after the second question, which was whether or not I work closely with any foreign nationals. Doesn't everyone in the tech sector? I work closely with a Romanian, a Filipino, and a guy from Sierra Leone. They may all be US citizens now, but i have no idea, so I said "no", after trying to get some guidance from the interviewer (she offered none).
Strangely, after my failed three question phone interview I still got an in person interview request and it took two calls to straighten that out.
If I lived in the Denver or DC area, I'd probably apply again in six months or so (once my one year has lapsed), but I just don't think it's worth moving across the country for a job there.
The pot question won't immediately disqualify you -- you'd just have to sign a waiver saying your employment means you're not allowed to use illegal substances. They'd also ask you and confirm this in the lifestyle polygraph.
The foreign nationals question is a matter of seeing how deep your clearance process is going to go. If you're in Kansas and the only people you know are from Kansas and all of your Facebook friends live in Kansas, it's going to make it easy for the FBI agents (who conduct the clearance work) to do the required interviews. If you start listing foreign national contacts, each one of them has to be investigated individually (the ones who are close relatives), and that's a lot of work. It's basically easier to fail someone on that and hire the person in Kansas.
Generally, for something like pot, agencies are going to want a year of abstinence before they'll talk to you. Likely, it'll come up in your clearance interviews and you may have to sign a piece of paper stating that you won't do it again. For longer term drug use or other drugs, the agencies may funny about it. If you're curious the Adjudicative Desk Reference (ADR) gives some guidelines on how the process works:
It's long, but gives a pretty clear indication on the kinds of questions asked. Basically, they're looking for foreign contacts for which you've had "close and/or continuing contact" whose nature falls under 4 categories
1. Affection
2. Obligation
3. Influence
4. Common interest
If I recall correctly, that fourth one was added about five years ago. Anyway, check page 59 in the link.
Can't speak for NSA, but CIA bans all illegal substances in the last 365 days. That may have changed in the past 10 years though. If you have any history of substances, you'll have to do the waiver.
That is the standard for DOD clearances in general. No illegal substance use in the past year, and any at all needs to be adjudicated (to use their terminology).
Nitpick (since I just noticed it): general clearance investigations are handled by the Office of Personnel Management; special clearance investigations are handled directly by the program or agency granting the special clearance.
Is asking such questions (smoking pot, questions about your social life) in a job interview legal in the US? From what I know, this would be illegal in most European countries.
For national security positions; absolutely. Those questions are due to the potential for coercion as well as character determination. As far as Europe, MI6 definitely asks those questions. Not sure about DGSE in France though. If you answer in a way that's "negative" that doesn't hurt you as much as lying. If everyone knows about your transgressions, there is less leverage for cohesion by a foreign agency. But if you're keeping a secret, that's exceptional leverage that can be used to blackmail you into betraying secrets.
You hit on a great point. The possibility to be coerced is pretty much the single biggest part of the entire security investigation. It includes being coerced because:
-Financial debt, so all of your finances are inspected
-Family connections, so all of your family is investigated
-Marital affairs, so you're asked about it during the poly
-Pirating software, again asked about it on the poly
...and all sorts of other things. The big thing you hit on is that this isn't very painful unless you try to hide it. If you try to hide something and it comes out in the investigation, you'll almost certainly be disqualified.
One thing I learned in the briefings I saw after getting my clearance was that the single biggest motivator for betrayal was a thrill-seeking narcissistic personality, followed closely by political agendas. Financial (including bribery/blackmail) and romantic blackmail concerns were so tenuously correlated as to be laughable to suggest they are meaningful as a potential exploitation.
The only reason that "smoking pot" has potential for coercion is that the US government makes such a doggone huge stink about it. Homosexuality and mental health issues lie in the same category - if they didn't make a stink about it, being gay or whatever wouldn't be an issue, and nobody would be able to coerce anyone about it.
The NSA, at least, is not without imagination. They will have perceived the issue with making a stink about X causes X to be a handle for coercion. Therefore, the NSA wants pot smoking to be in issue they can disqualify people with, they want other arbitrary categories of actions to be disqualification issues. Why? My guess is control: mental health issues and sexual behavior outside of vanilla are pretty darn common. Finding such problems gives the NSA itself a handle on their own people, to coerce things from them.
And as far as "character" goes, haven't we heard enough about that in the past few years to realize that "good character" is just another form of racism/elitism, like "good breeding" or a "gentleman's C" grade at an Ivy League school?
The coercion justification is really bizarre though. The only reason anyone could coerce you because they know you smoke pot is because it's a big deal to the NSA, so the NSA asks because they know that because of their self-imposed policy it creates the possibility for coercion.
If instead they just decided that if they found out one of their employees smoked pot that they wouldn't care the coercion potential would magically disappear overnight.
But I guess that's too logical for the government to consider.
Varies by state and a lot is illegal (age, race, marital status), but in this specific case they're talking about clearance questions which are different (getting a secret/top secret clearance). For these questions basically anything goes.
At least in Sweden you can in principle ask any question you want, but you open yourself up to lawsuits if the person being interviewed feels they didn't get the job due to their answer (or refusal to answer) any question about family/politics/religion/sexuality etc. etc.
In Germany you can only ask about drug use if the people will work with heavy machinery. No questions about race, gender, kids, or age are allowed and can be used to file a lawsuit if asked.
The federal police and intelligence agencies will also background check your friends and family. That being said, amongst German IT professionals people working for the government have the image of being a bit slow and only there for the job security. The best graduates certainly don't go there, and because patriotism/nationalism is very low the agencies cannot even advertise with "Do it for your country, if not for the money".
It's an illegal substance; it must be bought from illegal merchants; engaging in black market commerce exposes one to the risk of blackmail, coercion &c.
It'd be weird if it weren't disqualifying.
(I think it ought to be 100% legal, but until it is, users are too great a risk)
Well, sure. In itself. But in terms of a security clearance, a use of drugs means you might be susceptible to bribery/ extortion/ blackmail over such use (or someone might helpfully keep you supplied in exchange for information).
As a technicality, they're not asking it as part of the job interview itself, they're asking it as part of either a security clearance, or a "pre" security clearance to see if they should even bother.
> Is asking such questions (smoking pot, questions about your social life) in a job interview legal in the US?
I suppose you can ask any question you like in a job interview.
It isn't that certain questions are illegal; it's that there are certain bases on which employers may not discriminate - so called protected classes of individuals[1]. If you ask someone a question about whether they are married or pregnant, you might create the perception that you are discriminating on those bases. Not delving into those areas in interviews is merely a prudent HR policy to avoid the appearance of impropriety; actually discriminating on those grounds, however, is illegal.
Job interviews are not the same as security clearance checks (which some govt/govt contractor jobs require). I don't know what if anything is "out of bounds" in the context of those...
EDIT: For a bit more information on the types of questions you might run into during a clearance check, here's a PDF of the form you fill out, SF86[2]. I don't know how closely they hew to this in the in-person interviews but I've heard anecdotally that the investigators primarily clarify and confirm responses you gave on the clearance form. Note that it is 127 pages long. The first 60 or so pages are basic information about you, your relatives, your marital status, people who know you well, education, personal military history and employment. Here are some of the more interesting sections along with the page number they start on:
- Foreign Contacts (p62)
- Foreign Activities (p66)
- Foreign Business, Professional Activities, and Foreign Government Contacts (p75)
- Foreign Travel (p83)
- Psychological and Emotional Health (p87)
- Police Record (p89)
- Illegal Use of Drugs and Drug Activity (p96)
- Use of Alcohol (p103)
- Financial Record (p109)
- Use of Information Technology Systems (p116)
- Association Record (p119) features the question: "Are you now or have you EVER been a member of an organization dedicated to terrorism, either with an awareness of the organization's dedication to that end, or which the specific intent to further such activities?" along with a form which you can helpfully use to provide the name and street address of the organization as well as any contributions you made:
> Are you now or have you EVER been a member of an organization dedicated to terrorism, either with an awareness of the organization's dedication to that end, or which the specific intent to further such activities?
At a guess that question is only there so you can be prosecuted if the answer you give is in contradiction to what is already known about you. I highly doubt they actually expect to find anything new like this.
Regarding the pot question, they came to my college and gave a group interview and someone asked the pot question and they told a story about a girl who had applied and passed, but they found pot in the last year, even though she passed the polygraph. They figured out she was sauced at a party and smoked, and were unable to let her in. Granted this was 10 years ago, so something might have changed.
> After that, the process to get a clearance could take anywhere from another 6 months to 2 years (possibly more in some exceptional cases) and costs the agency about 250k.
Excellent. I see an opportunity here. Apply en-masse and let it go after you get the clearance.
You don't want to endure an SCI or a single scope clearance unless you have to. It is not fun at all. My clearance back in the day took over a year before it was finally granted and it involved turning over lots of rocks I would have rather left unturned. NSA and CIA clearances involve a poly, which is an experience one doesn't generally enjoy. Several days in some hotel room outside the Beltway getting drilled over and over again; or so I've heard.
I found the process of getting a mere "Secret" clearance in 1985 and again in 1991 pretty invasive, enough so that I don't believe I would take a job that required any clearance. I'm not a shady character at all, but having old friends call you up and say that a sweaty guy in a suit is asking questions, and then telling you "I spilled my guts" is not a good experience. If you get a clearance, your family and a lot of old acquaintances are going to have brushes with The Law. This may not be a good experience for everyone.
They are debunked, but they're still intimidating enough to be useful on a lot of people. I have friends who claim to have 'faked out' their poly, and friends who claim they cracked under the pressure and tried to admit everything wrong they'd ever done in their life (not that the examiner cares about throwing a frog at your sister when you were 5). On balance, it's useful for weeding out a certain percentage of people.
That doesn't stop the NSA from doing them. I applied to work for the NSA as a mathematician in 2007-8 and went through two separate trips to Fort Meade and two separate polygraphs.
It's not about collecting or verifying information.
The goal of the exercise is to make you fearful, intimidated, and compliant, and to reinforce the government's dominance over you. The polygraph is just a prop. The examiner is the one really measuring you. Even if your saint's halo is still slightly visible at noon on a sunny day, you will always be given the impression that you barely passed.
So it hardly matters that a polygraph is pseudoscience, because the placebo effect is real. If you think you're being objectively measured by a machine, instead of subjectively judged by a man, that makes his job simpler.
Otherwise, it's Iocaine Powder.
(I can neither confirm nor deny whether I have any actual experience with polygraph testing, or whether I know anyone who does.)
I remember seeing a U.S. government counterintelligence film (maybe linked from HN?) meant to discourage people, especially exchange students, from being recruited as assets of Chinese spy agencies. It was based on a true story in which an American was recruited and then applied for a clearance at the instigation of his foreign contacts. In the film, he was caught as a result of failing a polygraph: when uncomfortable questions arise during the examination, he asks to discontinue it and withdraw his application, and they don't let him get away with that; they end up prosecuting him and he pleads guilty to espionage charges.
I couldn't help thinking that the polygraph might have worked in that situation mainly because he believed it would!
That's somewhat of an insider joke about security clearances. (Though I can still neither confirm nor deny that I am an insider, or that I understand why the joke I just told may or may not be funny.)
Pseudoanonymous people posting on the Internet can't be trusted anyway, right?
I've never taken a polygraph or even heard about this. Care to elaborate?
How is a polygraph test stressful? I mean, obviously it's probably stressful just for the fact that some random stranger is going to ask questions, some of them probably pretty personal, but other than that which I think applies to any random stranger (with or without a poly in hand), why exactly did you make that remark? Is there anything out of the obvious that would make it even more stressful?
The only similar thing I Can think about, was this TV show I saw once (pretty shady if you ask me), where a guy and a girl (best friends testing their best-friendship supposedly) where put on a "polygraph" test (as far as they explained, it was just a heart rate detector), and the tv host would then proceed to make personal questions, getting more "intense" and earning more money as the show progressed, losing money everytime the "poly" detected a lie, or winning if it was the "truth".
At the end they asked questions like, "are you in love with her?" and of course, being that a lot of best-friendships were probably just friendzoned-friends, almost always the answer was "yes".
And so the amount of stress of publicly expressing that hidden love, at the risk of (that almost always happened) having the girl answer the same question with a big "no", for a chance to win money, was pretty tacky and stressful.
Is this related to what you were talking (minus the money,k the tv show, the girl... the fun basically)?
We used to help guys get contracting jobs in the 100k-120k range in D.C. (300k for afghanistan).
Now the same contracts are hiring people on at 40-50k, and people are taking the jobs because they already gave up their government spot. The contracting world has pretty much turned inside out because of the upheavals over recent years. Most of the contractors I know are aiming for government jobs now.
The way government contracting is set-up, it was guaranteed from the beginning to end up this way.
There are so many re-competes and re-bids for contracts that are supposed to be multi-year, that pretty much every fucking year a new company comes in and under-bids a contract. The company isn't going to take the hit, so the employees basically get to re-apply for the same position at a lower salary.
The government claims that this system was developed to ensure fairness to the companies bidding on jobs, but it seems an awful lot like the real purpose was to drive employee wages down. Hopefully it doesn't start to drive down private sector wages in the DC area.
FYI, this doesn't happen at Raytheon SI. They're mainly in Florida, Maryland, Virginia, and Texas. They're hiring. Desired skills relate to reverse engineering, disassembly, emulators, JIT, hypervisors, compilers, binary static analysis, and embedded systems. It's a place with extreme flex time, T-shirts and jeans (or shorts even), normally 40-hour weeks with the option for paid overtime if you want it, your choice of desktop OS, real walls (most locations), and lots of mischievous bright nerds with maker attitude.
Its not just a fucked company, its most of the large defense contractors. The building I worked in had people from most of the largest companies. I don't think we had anyone from Raytheon, but most of the other big names were present.
A lot of the blame lies with the leadership of the organizations that are hiring the contractors. At some places, a government agency will stick with the same company as long as things are going well, at other places, they automatically accept the lowest bid every single year, even though doing it sabotages their own projects and puts people out of work.
Sounds like your company (or at least your part of Raytheon) is willing to fight for its employees. I made the move to private sector a little over a year ago after my entire team was laid-off. Things are so much better now that its hard for me to consider ever working for the government again, but if things change I'll probably look into Raytheon SI first.
While my corner of Raytheon was not nearly as nice as milspec's is, it was not the situation you describe either. Layoffs from my business unit were rare, though a former business unit had some serious problems after a number of contract losses and overruns. I got raises every year, though about half of them were shit.
We only got involved in big contracts, though. New business that wasn't measured in at least tens of millions was ignored, unless it was an add-on to an existing contract.
This is spot on. Everyone thinks contractors make more, this is no longer the case. A lot of contractors I know personally are going fed because of the stability and job security.
It's....not. It's part of the Department of Defense. Although this department includes the military forces (minus the coast guard), the vast majority of its member agencies are all civilian agencies, and the person who heads it up (Secretary of Defense) is a civilian.
> It's....not [part of the military]. It's part of the Department of Defense.
I think you're picking hairs. While NSA is not strictly a military branch, NSA is a defense agency within the DoD. It is not directed by a civilian, but by a commissioned officer of the military. That seems pretty damned close enough to me.
> the vast majority of its member agencies are all civilian agencies
I don't know how you came to this conclusion, as the actual numbers and ratio of military vs. civilian personnel is still classified to the best of my knowledge. To the best of my (circumstantial) knowledge, the ratio for civilian vs. (usually US Navy) military personnel is likely somewhere around 60/40. I couldn't tell you which category is civilian vs. military, though.
> the person who heads it up (Secretary of Defense) is a civilian.
I'd love to know how you came up with your conclusions, as you seem to have some familiarity with the Beltway, because they don't match my experiences.
> I don't know how you came to this conclusion, as the actual numbers and ratio of military vs. civilian personnel is still classified to the best of my knowledge. To the best of my (circumstantial) knowledge, the ratio for civilian vs. (usually US Navy) military personnel is likely somewhere around 60/40. I couldn't tell you which category is civilian vs. military, though.
I'm not saying this to be mean, but you didn't parse my comment properly, so I'll break it down.
>Although this department includes the military forces (minus the coast guard), the vast majority of its member agencies are all civilian agencies, and the person who heads it up (Secretary of Defense) is a civilian.
This department is referring to the Department of Defense. The next sentence refers to its member agencies, not the members of its agencies. The member agencies (the agencies that are a part of the Department of Defense) are mostly civilian agencies, which you can see listed out on the wikipedia page here: http://en.wikipedia.org/wiki/United_States_Department_of_Def...
In it, you'll see that there are 15 defense agencies, 4 intelligence agencies, and 3 military departments, for a grand total of 19 to 3.
The "it" in that sentence is referring to the Department of Defense -- which was initiated by "this department". The person you linked to DIRNSA, which has nothing to do with what I was saying.
It is a building where the DoD and all of the top military brass work. All DoD aka "military" decisions ultimately come from the Pentagon, where the final say for all things DoD reside.
Disclaimer: I never worked at the pentagon, but am a US Army veteran who was in Military Intelligence from 2001-2005.
History has shown that if you join an intelligence service, you basically forfeit your right to a fair trial if anything ever goes wrong.
Your potential future opponent can make anything secret and off-bounds that you want to present in court, has unlimited funds and no qualms to invade your private life and present anything bad about you, has unlimited funds to haunt you for the rest of your life, and has no conscience except to preserve itself, even if it was in the wrong. I've also got a hunch that their culture is not "let's all chill and find the truth" but has more of a clan-like "you're either with us or against us" vibe. And this organization has guns, lots of guns.
So in effect, it's a bit like joining the Mafia.
Considering this, one has to wonder why anybody would ever join such a service.
I'm not well educated in this regard, but my general understanding is that such agencies tend to protect their own. Police men will protect other police men. The CIA will protect employees against crimes they may have committed.
In general, you're only going to have a problem like this if you do something to piss off the rest of your organization. But as long as you conform they are more likely to protect you than turn against you.
Don't snitch. Give unconditional respect to everyone that's a made man or higher in the organization. Follow orders. Don't snitch. Pay your superior their cut of your business. Don't step on anyone else's toes [without getting permission first]. Don't snitch.
The unwritten rules for any corrupt organization are pretty simple. "Keep your mouth shut," is always one of them, and possibly the only unforgivable offense.
There is a feedback problem people don't realize when a moral filter is added to an organization.
I observed in Financial Tech that when the world judged bankers as bad... it attracted self-identified bad people to become bankers. People who desired to do good filtered themselves out of the industry, leaving a really horrible selection of individuals running our national financial institutions.
Its really hard to digest, but I think self-identified good people MUST work at 'bad' places. Or else those places will become even worse as they become lost in a sea of real evil.
Places turn "bad" as-such when they are beyond repair. Do you believe that's it's possible to make the groups in power reform? If not, then it's impossible to make such a bad organization into a good one again, and we must start from scratch by cutting off the sections which have gone bad.
Moreover, it is wrong for anyone to rationalize complicity in injustices. It doesn't matter what our intentions or level of prior ignorance are. If you make your money off things connected to something wrong, your way of life becomes wrong by connection.
Perhaps these bitters truths are even more difficult to accept, and perhaps that is why people more commonly choose the more comfortable route of believing that they bear no responsibility for the company they keep.
But for ages, you'll just have to follow orders and do the bad stuff, otherwise get fired. Hell, someone else in the thread talked about a friend who didn't even know what he was working on. For good people to have a good effect, they have to be at the top, and getting there without doing bad things seems hard.
No idea what the solution here is, but I agree the feedback issue is important.
> "there are some of them ... that puts them off or they have doubts." On the other hand, Ziring says, the Snowden leaks have sparked other students' interest. "[They say], 'I actually know some of what you do now, and that's really cool and I want to come do that."
I don't buy this. I find it just short of impossible that anyone is looking at the leaks and saying, "Yes, I want to be part of your wholesale abrogation of the Fourth Amendment. I used to think you were just a spy agency, but now I know you're the Information Nomenklatura and I want in!"
Obviously patriotism devotion to country and Constitution was very much desirable for recruits. The problem is a few of those patriots actually believe in the Constitution which at this point would make them quite dangerous. They would need to be filtered out and/or continuously brainwashed and monitored.
"We want you to be patriotic, but not too much, just enough to swallow our brainwashing".
The problem is it attracts undesirable people. They already have tons of polygraphs which accept either extremely honest people, or psychopaths. This will attract people who would have been happy working for the Stasi, SS or KGB -- particularly vile authoritarian types.
Remember that even during the unpopular wars the military attracted people who just wanted to play with guns and kill other people. Same with police force. Bullies from high-school grow up want to keep bullying but they can do it within the law.
Why? I can believe that there are a significant minority of people who genuinely believe they have nothing to hide and that the Fourth Amendment protections go too far.
I find it very disturbing, but they do exist in sufficient numbers to support the machinery that executes these things. I used to work with some of them.
As someone who has had to do it: even in a supposed talent shortage, really fucking hard. Even in the rare instances I could get an interview I probably sounded like an idiot giving generic and slightly evasive answers.
To be honest I'd be leery of hiring a former intelligence agent regardless of technical ability. I'm sure if they wanted to plant someone it wouldn't be someone with NSA on his/her resume, but the thought would be hard to shake.
Interesting perspective. For the record, I was doing radar signal processing for a contractor for the Navy. While there I bumped into plenty of people who were in the Order of Secret Squirrels, and got the definite impression that once you join you never really leave.
Well, I'm not completely out, just at a contractor that does predominantly unclassified work.
It was a combination of finding someone to take a chance on me and the classification of my last program easing. When I started, "I do stuff" was about the extent of what I was allowed to say. When I left the name and nature of the program had been declassified so I could at least talk about some concepts in detail, though still not specific problems.
I ended up in NLP, which is similar enough to signal processing that the company was willing to roll the dice. I did have to take a pay cut, though.
Why couldn't you say "It's classified" and have general answers and then follow that up with "But I'd like to prove my skills to you directly"?
I could understand suspicion if you were coming from some unknown enterprise company and wouldn't elaborate on your previous work, but this is still the NSA (that we all hate but are still super smart).
> Why couldn't you say "It's classified" and have general answers and then follow that up with "But I'd like to prove my skills to you directly"?
Well, first you'd have to get an interview with a resumé full of generic statements and a network that exists exclusively in the world you are trying to leave. Then you'd have to find a company willing to give you that chance. Took me two years to do that successfully.
> I could understand suspicion if you were coming from some unknown enterprise company and wouldn't elaborate on your previous work, but this is still the NSA (that we all hate but are still super smart).
Not all of us are coming from the NSA. I couldn't believe how many recruiters and engineers had never even heard of Raytheon.
Probably less of an issue than you think. It's pretty common in DC. There are recruiters who specialize in placing people who work in "Clearance" jobs.
If you want a job at another cleared contractor. Getting out of this very siloed world is really hard, though. For a number of reasons, actually; nit being able to provide detail is just one of them.
Imagine you are a hiring manager at Lockheed Martin, and you have two candidates' resumes in front of you:
One has a bunch of certifications, a TS/SCI with polygraph, a list of skills/technologies that overlap strongly with the ones you are interested in, work experience with your biggest customers (responsible for 85% of revenue), but only has very vague information about what he has done specifically. Everything looks like a good fit, but it is hard to tell for sure because of the vagueness.
The other has an excellent, detailed, resume listing several jobs in the purely private sector. Even though he has worked in large enterprises, they weren't DoD and so the technology overlap isn't quite as good. But by and large you think he'd be an excellent fit based on the projects he has undertaken so far.
It will cost you six figures and take at least many months to get the second candidate security cleared, which will be necessary before he can start working on the project you have in mind. He might fail to get cleared in which case you will have to start all over.
This thought exercise suggests that someone with an NSA background will have significant trouble straying far from government-connected "private industry" work.
GovCloud is pretty much AWS (I got the impression basically a separate DC, switches, racks, etc. - an airgap of some sort I guess) and is accredited for U//FOUO workloads, which is where a lot of work has shifted to make it easier for contractors that are having trouble clearing people to TS/SCI quickly as well as to be able to do some work on platforms outside of a SCIF.
Contrary to the prevailing popular opinion that defense is run by complete idiots, a lot of programs are run by extremely intelligent people... that have a litany of pressures that are completely contradictory that results in completely insane outcomes.
"Imagine you are a hiring manager at Lockheed Martin".
I'd say walking away from that job might be the best option. You're not part of the mil/industry complex any longer, you sleep better after the next drone bombing of civilians, based on intel received from RQ-170 or similar.
It really depends on the project, but in my case, I could talk about technology, but not the specific problem we were trying to solve. I have the unclassified cover names listed on my resume as well.
It's funny how before the whole scandal was public (or at least, before I personally became aware of it), the NSA sounded like a hip place to work: for example, their keynote here was quite cool:
There's a flip side to this. Academia's hiring practices inherently prevent talented people from returning to academia. Hiring is slow (it takes at least six months), and it is absolutely contingent upon the candidate having a great publication record.
When you leave for more than a year or so, it's a one-way ticket out. As an academic, I would love to have greater liquidity in the industry/academia job market.
In the UK certain academic disciplines have a long record of post docs disappearing off for a few years and then coming back, often driving a nicer car. Being publicly funded universities probably helps, but all it takes is establishing a relationship with the university in question. There's enough DOD grant money out there that if they wanted to they could probably change academic hiring practices to support that process. So could private industries for that matter.
I have occasionally applied for (non-academia) software development jobs at universities, usually in relation to the health care sector.
It takes all of them at least a month to even set up an initial phone screen, and some can't even manage that. Also, they tend to pay way below market wages.
It's not just the hiring practices for researchers and professors. That idiocy likely extends all the way down to the part-time gardeners. You can't afford to endure the process unless you already have a job.
The only reason universities can get away with this is because they are largely protected from competition, and are usually the largest single employer in whatever city they may be in.
I work at a university as a software dev. I got offered the job, interviewed, and started working in a couple weeks. It was actually a very seamless process.
The pay for my area is comparable to private jobs, but I don't get all the startups benefits like pingpong and snacks. It's just a basic office job. The good part though is that there is no bureaucracy and I have free roam to develop in any environment I want.
I'm not an academic but I work for one. If that makes sense.
This is a non-trivial point. Those black holes on your records DO influence hiring managers. Say you worked for #ThreeLetterAgency for 10 years in a very secretive manner. Depending on state laws, you may not even be able to say which languages, o-scopes, or databases that you are proficient in. That leaves an employer with pretty much nothing to go on to evaluate your skills. Guess what will happen then?
Yes, this gets into the brokenness of hiring and interviewing, a problem a lot of start-ups are tackling, but the problem is there today. Many people in #ThreeLetterAgency know this and may feel trapped in the job, and rightfully so.
So, have some compassion for your fellow humans in these #ThreeLetterAgencys. They have families and kids just as we do, and a different set of courages and viewpoints than what we see and feel.
Given the scale of the operation that the NSA appear to be running, I would imagine that it would be in the organisation's own interest to provide 'outward trajectories' for those employees who were developing doubts about the work they did. Better that (from the NSA's point of view) than a few dozen Snowdens.
I'd imagine a transfer from highly classified work to less highly classified work, followed over time with the opportunity to work with external contractors and then perhaps move into the commercial sector.
People quit bad jobs and even switch industries all the time. I think you're overestimating how many of us are going to be shedding tears for those poor hardworking folks, chained to their data collection with golden handcuffs.
Shedding tears is overestimating it by a lot. Just remember that these are people too, with hopes and dreams like the rest of us. They have weaknesses and holes too, possibly ones that keep them in their jobs. They do have unique and restricted viewpoints, but they should be viewed just as we view all others. That said, it is a shame that these people cannot help guide policy and democracy with such more informed views that they are allowed to see.
(Even though the article is as close as it gets to a fluff piece. No solid data beyond a couple of stories)
There has been Zero meaningful change after Snowden's leaks.
This means essentially that that NSA routinely spies on all Americans, scoops up all communications Worldwide, runs various programs to undermine the Security of computer & Internet systems and acts like a massive advanced persistent threat.
Imagine the same story with "After Snowden, the <biggest illegal hacker club worldwide> Faces Recruitment Challenge" Not surprising if you think that most bright people have a somewhat evolved moral compass.
Edward Snowden had predicted a radicalization of a class of professionals. We're coming to the point where, similarly to nuclear physicists after Hiroshima, we decide as a community to not let our skills be used for unethical purposes.
Well, one of the most early ethical battles of Manhattan project nuclear physicists was questioning if the H-bomb should be built, and how did that turn out? The US ended up building a massive nuclear arsenal, well beyond any limit of absurd necessity or reason.
The NSA only has a hiring crisis because they are attempting to scale in similar ways. Hopefully there is a turn in ethics, but that isn't a solution.
It's really hard to predict how our skills and projects will be used. Whether nuclear energy or a surveillance system, it might be primarily amazing and then be used for unethical purposes.
Instead, the technical community should demand more transparency and control over the applications of their technologies.
One could argue that those skills actually prevent far worse unethical actions. Without Hiroshima, how might World War II have ended? How would the Chinese and Koreans feel if Japan weren't defeated? Spend a few minutes at the Nanking museum or perhaps read about Bataan or Korean comfort women and then the moral high ground gets a bit slippery. One might, if one were so inclined, make an argument that nuclear weapons prevented World War III due to the mutually assured destruction concept. The Cold War would have become very hot if the politicians of both the Soviet Union and the U.S. didn't have to fear for their own annihilation.
War and politics is dirty and not as academic as many people would like to think. It never is black and white. For example, if we take the moral high ground, our enemies won't. Pacifism sounds good until it's your sister getting raped in your living room or your parents being shot out of the sky.
The theory that Japan wouldn't have been defeated without the Bomb is contended, at best. A far more likely outcome would have been A) the Soviets invading Japan (leading to Japan surrendering to the Allies to maintain their territorial integrity) or B) massive depopulation as a result of the ongoing firebombing. Basically, they'd either have surrendered, or become mostly irrelevant (like North Korea if it weren't for China).
Yes, Japan committed atrocities in WW2, but the US wasn't the Good Guy either.
There are no good guys in war. It's all just propaganda. And the thing with propaganda is that in order to claim any moral high ground after the war you have to abandon your propaganda and deal with the facts. The US never did that. Instead it dragged itself from one war to the next while pretending to be at peace.
The US is at war. It has been for a long time. Only it has outgrown the need of having an enemy. There's probably a clever 1984 reference in here.
The US has become a servant to its warfare, sustaining a state of war perpetually, moving from one "enemy" to the next, churning out propaganda for itself and for its allies. Except the propaganda has shaped its culture so much its citizens not only barely notice it anymore, they unknowingly perpetuate it themselves. And our advancements in technology allow the warfare itself to become less and less noticeable to them, too. Instead of scared men in tanks, we are demanding casual suits behind joysticks -- because it makes the warfare so much cleaner and easier, for us.
The US isn't a mighty eagle. It's quickly becoming a scared canary in a cage, pecking at buttons to make the scary people go away.
I think you're proving his point, which IIUC wasn't that the Bomb was necessary to end WW2, it was that there are differing opinions on whether the Bomb was necessary to end WW2.
The U.S. has always been highly morally questionable - after all, it's one of a few nations founded by a successful genocidal campaign, which we called Manifest Destiny. The perks of being successful with genocide is that you get to define the story as you wish, since there's nobody to call you out on it.
We're not the only country in that boat either, as I think the grandparent post was trying to point out. Japan, if left unchecked, would've happily raped and pillaged all of Korea - they were well on their way already. Russia was just waiting to come in and crush Japan, payback for the Russo-Japanese war 40 years earlier. Germany, of course, started to war in an attempt to exterminate the Jews.
While we're at it, let's not forget about the Armenian genocide (which Turkey still denies), and the recurring genocides in Africa (in particular the Tutsi genocide in Rwanda) in more recent history.
What you seem to gloss over is that Germany's crimes still play a strong role in the politics and culture of present-day Germany (to the point of obsessive paranoia about any expression of patriotism).
Even Japan -- which compulsively avoids admitting any wrongdoing -- is regularly facing the crimes of its past.
The US is not just built on the successful genocide of Native Americans. There is also the slavery and racial segregation (which still reverberates throughout American culture and politics though everyone seems to pretend it's no longer an issue). Then there's the religious fundamentalism (resulting in the Prohibition, the Red Scare, the War on Drugs, homophobia, Creationism and all kinds of other systemic problems). The internment of Japanese Americans during WW2. The McCarthy era (which likely re-enforced the underlying causes of the social problems we still see today by persecuting left-wing activists). The various CIA assassinations and coups, especially in South America. The gaming of Middle Eastern countries (including funding Islamist extremists until 2001). Agent Orange and other crimes in Vietnam. The mass seizure of communication data of its allies (both political and civilian). The mistreatment of Muslim or Arabian-looking Americans after 9/11. The blanket Authorization for Use of Military Force that cemented the US's permanent state of quasi-war. Drone strikes, including those against its own citizens abroad. Guantanamo, Abu Ghraib and black sites. Detention of citizens and foreign nationals without any process or trial. Extraordinary rendition and enhanced interrogation (i.e. torture). Systemic police brutality (Occupy, Ferguson, etc). Interfering with Ukraine prior to the secession of the Crimean peninsula ("Fuck the EU", right?). And so on and so forth.
The US is not just morally questionable. It is morally reprehensible. And it's chock-full of itself. The only reason everybody else is tolerating this behaviour is that the US is armed to the teeth and willing to go down fighting. The US isn't on top because it's good. The US is on top because it is holding the world at gun point.
Here's hoping that when the American economy is eventually overshadowed by whatever powerhouse comes next (my bet is still on China or India) it won't do something incredibly stupid and hurt us all.
Privacy is not just a moral good but necessary to for society to survive and thrive in the long-run. Countries and governments frequently do not act in their own best interest and I view mass surveillance as one of these instances.
For an interesting perspective on this, take a look at The Fog of War with Robert S. McNamara. He contrasts the firebombing of Tokyo with the use of nuclear weapons, among a variety of other topics.
FAS was founded in 1945 by many of the Manhattan Project scientists who wanted to prevent nuclear war and is one of the longest serving organizations in the world dedicated to reducing nuclear threats and informing the public debate by providing technically-based research and analysis on these issues.
Good. My fondest wish is that no computer science or math graduate ever chooses to go to work for the NSA again, ever. Screw those assholes. I don't care how much they cry "oooh, sigint is needed for national security" - I'm more scared of our government than I am of any foreign (or domestic, as far as that goes) "terrorist" group.
The way I see it, these guys have created and are fighting an undeclared war on the American people... they've decided that "if you're not one of us, you're a bad guy". Fuck that.
The NSA essentially had a recruiting office on campus at the University of Kentucky. Even being Pre-Snowden, I remember everyone having a general feeling that the NSA was probably doing bad things, yet a lot of people still went to interview with them. Hell, even I did.
It seems like that for some, the idea that the NSA was spying on everything was a big draw for them to join. They also liked the prestige, money, and benefits.
I am not convinced that the NSA is facing a huge recruitment challenge. If anything it might just mean that more bad people get recruited.
I've a tough time believing they're having difficulties recruiting. Nothing has come from the Snowden leaks. Half of America has been very effectively turned against the guy. The rest don't care.
There's also no shortage of the morally bankrupt or patriotically brainwashed.
I don't know how those working with these entities can sleep at night knowing they're working to wreak havoc on their fellow American and further condemn their children and their children's children to a life under an oligarchy that listens to their every word.
It's funny to me that even before Snowden NSA (like literally every other federal agency) was facing a monumental challenge because you can hardly find anyone with decent qualifications to accept the middling salaries and hard cap on potential compensation as a government worker. Why go to NSA as a GG-9 (there's other schedules than GS, guys) out of college when you could go to Google for maybe similar... and maybe actually get to share your work possibly?
The other part of the equation is that cost of living in the DC area has risen quite a lot and tech salaries in private sector have met the tide when most federal workers can't keep up with it. When it takes two federal workers at about $70k / yr each to have a chance at a comfortable living in the suburbs it's pretty sickening. Median house price in Fairfax County hit $700k the other year, and up in Anne Arundel County in Maryland it's maybe $550k last I saw years ago).
Although I'm not American and disapprove many NSA privacy concerns, I can't blame their technical employees: they are choosing a stable high-paying job.
Articles like this try to put an ethical burden on analysts while ignoring the real actors and influences behind an ethical issue. Analysts are just doing their job and one certainly can't blame them.
A lot of people hold personal opinions that aren't obligated to follow what courts decide. Not to invoke Chewbacca's law, but do you think OJ was innocent?
Yes, it was ruled invalid. That doesn't make it invalid. That ruling was pure evil. The trials were a sham, existing only so that a democracy could participate in dishing out victor's justice. It's revenge, pure and simple, coldly ignoring the pressure that people were under.
This is also why I think Snowden did the right thing: he may have "betrayed his country" by helping inform the public about what is going on, but it was his moral responsibility to do so. If he had kept his mouth shut, he would have become an accomplice to the crime.
I've already been in a situation where I could choose between serious jail time and refusing orders I did not agree with so I'm pretty sure which side I would come down on.
So, with all respect mr. Anonymous Coward you haven't a clue what you're talking about.
Principles come at a price, that's for sure.
I can see why you have a problem with this worldview.
Unless refusing orders would mean somebody else jails you, no you haven't been in that situation. The deal is that you follow orders and maybe get jailed/executed after losing a war, or you disobey orders and definitely get jailed/executed right away.
In addition to Hans Fritzsche, Franz von Papen, and Hjalmar Schacht in Nuremberg, over 1,000 Japanese defendants were acquitted of war crimes in postwar trials.
Sure, Göring was sentenced to death by hanging, but he conspired to steal Jewish property after Kristallnacht and there was clear evidence he was complicit in the attempted extermination of the Hungarian Jews. So, yeah, didn't go well for him.
Contrast that though with the higher ranking Dönitz, effectively head of state. His defense actually worked fairly well, and he received a lighter sentence.
On charges that he sunk neutral vessels, his defense countered that the US had done the same, so he received no additional jail time.
On charges that he waged unrestricted warfare against British merchants, he received a "not guilty" as his defense argued that the merchants had all supported the war effort.
He claimed that he didn't know anything about the policy in the camps, since he was only involved with naval matters. He was the final head of a genocidal state, and received just a 10 year sentence, lighter than some murderers get.
EDIT: I think you're right that there are mitigating factors when people are acting under orders (especially given the behavior in question falls well short of genocide), but I don't think the Nuremberg trials were a sham trial.
People working for dubious 3-letter agencies aren't absolved from responsibility or reflection; they are not supposed to be soulless drones. I disagree with you: I think we really can appeal to their moral sense to get up and say that what they're being asked to do goes against their ethics. Of course six-figure jobs and sweet maths problems are strong incentives to listen less closely to one's moral compass. Cognitive dissonance must be strong at the NSA offices.
It may go against your ethics, but that's a problem you will have to resolve within yourself. Even if you think it's unethical, you don't have the right to prevent other people from marrying same-sex partners or eating beef. The same goes for working for oil companies, weapons manufacturers, or the NSA.
That's not a rebuttal. Tempting as it may be, I will not go for the straw man argument about meat/weapons/LGBT issues.
Obviously I'll have to come to terms with the fact that "people in the world" have different priorities to mine regarding ethics; that doesn't change the fact that I believe certain things to be wrong and that (independently) I believe people should be held accountable for actions, even if just following orders (which was the original argument I was responding to).
Working for the NSA isn't a human rights issue, another reason that the gay marriage thing is a straw man. I'm not claiming someone shouldn't have the right to work for them, I'm just saying if they're instructed to do "wrong things" that those things are still "wrong" even if you're only doing them for your boss. (for whatever values of "wrong" -- hence your point about ethics being individual)
If you just don't like it, then whatever. There are no consequences. The problem arises when you try to outlaw things other people are doing because you personally believe they are wrong. If I'm RMS and I believe proprietary software is wrong, sure. I can be my crazy self and advocate free software. Shutting down Microsoft for paying employees to do "wrong things" that are perfectly legal is where the line is crossed, and that's essentially what people are saying about the NSA.
The judges are the historians, and they tend to have the last word.
You've conveniently created a nice sliding scale from those that marry their same-sex partners all the way to those employed by the NSA and if the present (international) trends are any indication you may very well be right in the way you ordered those, maybe the last two should be swapped, time will tell.
I'm sure people of the future will find all kinds of ethical flaws in the way we live today. After all, 500 years ago, slavery was normal and accepted.
Personally, I'd bet that our mistreatment of computer programs and robots will be considered so obscene that nothing else we do will even register.
If anyone at the NSA is reading this, I urge you to consider following Snowden's example and help to further weaken the NSA and protect our constitution.
(case in point: I was slightly nervous writing this, but hopefully my VPN will keep me anonymous)
I wonder which is true -- this, or tptacek's assertion that this would be irrelevant to NSA recruiting, 2+ years ago.
I'm pretty amazed at how much the NSA story has remained in popular press and thinking. I really didn't expect it. That probably accounts for the recruiting problems.
Think about it this way: other countries have no apparent problem feeding high-caliber talent into overtly, unmistakably evil applications of offensive security. Look at China, for instance.
I don't think the Snowden saga had zero impact on recruiting at NSA; I just think the long-term marginal impact to NSA staffing is negligible.
Worth adding: this article and my comment can't really falsify each other; they're somewhat orthogonal.
I guess I mainly think about IA/defense. NSA blowback is keeping good IA/defense (and in particular, people building IA/defense tools) people from joining USG. Instead, those people join private companies to build tools to protect companies from, among other threats, USG, or work on actual privacy tools for end users directly aimed at defeating governments.
I don't know the people in the pipeline into TAO/offensive side well enough to speculate much about recruiting efforts. All the more kinetic offense people I know are there because 1) they believe deeply in the US/constitution/etc. 2) view the world in black/white 3) enjoy kicking in doors, so I assume the same is true in the TAO world.
" On the other hand, Ziring says, the Snowden leaks have sparked other students' interest. "[They say], 'I actually know some of what you do now, and that's really cool and I want to come do that," he says."
That would be a true pity, because NSA serves a great and legitimate purpose. They do a wonderful job for our nation. Sure, some of that work is not what some folks would like—frankly, there's one allegation which, while neither illegal nor unconstitutional, I don't like[1]—but that doesn't really matter: to the extent that the courts have deliberated, NSA has the national security of the United States of America at heart.
What really makes me sad, though, is not its putative recruitment challenge, but the unpatriotic attitude of so many folks. The NSA do good and important work; it is good and important to labour in the service of one's nation. You can't blame them for acting within the outer limits (but still within the limits) of the law, because that's how nation-states work. That's not even a bad thing: if you wish to reduce the power of the NSA, reduce the power of the State, period.
There's a very good chance that I'll be hell-banned for this post; if so, I've really enjoyed conversing with all of you, and hopefully I'll be able to converse with you again.
[1] I have neither seen nor heard any allegations of activity which is actually illegal or unconstitutional; everything I've seen has been stuff someone wishes were such. Well, I wish some things illegal were legal, and some things legal were illegal. You can wish in one hand and spit in the other, and see which fills up first.
If the government will not act then a talent drain might be the next best thing. The NSA has clearly strayed from it's intended goal (or at least the one they present publically) and is a black organization that answers to seemingly no one. I'd rather that talent go to companies I use daily to protect me against not only my own government but other governments. It's clear to me that our government doesn't care about securing it's citizens but rather weakening crypto so that they can monitor everything we do. I see the NSA as a hugely corrupt and frankly evil organization that I wouldn't consider joining in a million years. Any organization that can outright lie to congress (and the American people) without repercussions is one we should burn to the ground (figuratively).
I understand the need for secrets but there is difference between keeping secrets and monitoring every American citizen (and many people around the globe) without a warrant or cause.
Here is to hoping that NSA becomes a graveyard of talent that eventually crumbles in on itself or is just so woefully equipped to compete with the private sector that we just do away with it. I cannot for the life of me come up with a single redeeming quality of the NSA in my life (I'm 24 so they may have done some good in the past but I seriously doubt it and even if they have the bad has FAR outweighed the good in my eyes).
>>If the government will not act then a talent drain might be the next best thing.
Is it? While the NSA conducts unconstitutional mass surveillance and has played a huge role in eroding privacy, it also performs a lot of legitimate duties. I personally don't want the country's primary intelligence agency to be populated with a bunch of mediocre people.
Does it? I'd be very interested in what duties it performs that are considered legitimate that are not part of larger system that erodes privacy. As is a program that does not target American citizens in illegal (illegal by everyone's but the NSA and their team of dirty lawyers) that serves a real need.
> I personally don't want the country's primary intelligence agency to be populated with a bunch of mediocre people.
I'd rather that happen and the talent go to the private sector (Commercial and OS) because at least I have a say in which of those I support. As it is now a portion of my taxes fund this machine that infringes on our rights in the name of security.
Maybe. There's a lot we don't know about the NSA. Starting with something as ridiculously basic as what it's budget is. In practice I suspect they answer to the executive branch more than anyone else (hardly ideal) but who knows.
> the Snowden leaks have sparked other students' interest. NSA computer scientist Ziring also helps lead academic outreach for the agency. "[Students say], 'I actually know some of what you do now, and that's really cool and I want to come do that," he says.
That's crazy. I'm inclined to believe they're just trying to avoid an awkward conversation with a grown man about how shitty his life choices have been
I think it's more about changing perceptions of the NSA. Most think of government as working slow, being archaic and having no effect. The Snowden leaks showed that the NSI is pushing the limits both technologically and tactically (whether you agree/think it's legal or not).
As someone who feels the same way, I don't understand how someone who cares about technology can dismiss that point of view so casually. Every single developer I know can at least admit that the NSA's malware is technically impressive.
Letting your fascination for technology lead you like this is a very dangerous thing.
More than anything such a fascination or simply the lure of money allows one to be controlled in ways that could easily lead to serious regret in the longer term.
How is it leading me anywhere? If anything, it's probably my belief in the obsolescence of privacy that makes it easier for me to appreciate what the NSA is capable of, rather than the other way around.
It's the same kind of fascination that gets people to work on bio-weapons and other singularly negative items.
I'm a bit less cynical than you by the looks of it and I definitely do not believe in the 'obsolescence of privacy', in fact I think that privacy is one of the most important rights that we have.
Appreciating what the NSA is capable of technologically whilst at the same time despising them for what they do to the world at large is entirely possible.
To me it is very clear that all these politicians and their plans would go nowhere without enablers.
I don't see your point. Most large projects require the combined effort of many people, especially if you want to be confident in their quality and get them shipped on time, as I'm sure the NSA does. Is that supposed to be a bad thing? Or did you just want to have fun by calling people enablers because they do something you disagree with?
As for your views on privacy, I don't expect that most people can change their fundamental beliefs like what constitutes a human right. Especially not as the result of anonymous internet comments. As always, progress depends on people with outdated views dying out naturally.
> Most large projects require the combined effort of many people, especially if you want to be confident in their quality and get them shipped on time, as I'm sure the NSA does. Is that supposed to be a bad thing?
Not in and of itself, it all depends on the goals and the side effects.
> Or did you just want to have fun by calling people enablers because they do something you disagree with?
No, I call them enablers because by themselves politicians typically can't do much. They need others to do the work for them.
> As for your views on privacy, I don't expect that most people can change their fundamental beliefs like what constitutes a human right.
Maybe they don't have to. Maybe we could set up a universal declaration of such rights. And maybe we could give it a sexy name, such as 'Universal Declaration of Human Rights'.
Barbaric methods of violating private property, kewl?
Thanks Mao, but everything is relative. Maybe what you need is a nice fat doobie. While you're lighting up next to me, know that I as a proud simpleton, find cans of _diesel fuel_ to be "technically impressive". Imagine that?
> Piece by piece, you cease to exist. It takes about half an hour to vanish someone, completely.
I don't really see the appeal, but maybe I don't have the perspective to appreciate the skill that goes into dissolving human bodies properly. I still wouldn't call someone crazy if they did.
This makes me very happy to hear that people are steering clear of the NSA. It often surprises me how easy it is to find people to do whatever you want them to do, regardless of the ethics of it.
How come there's so many people willing to work at a cigarette company? What kind of programmers are willing to help their government attack Github? How can so many smart people join the NSA and essentially attack the internet?
...which is one of the major reasons why I haven't pursued this option. But it's still darn interesting, and I do believe that many of the NSA's missions are upstanding and moral.
I spoke to an NSA employee recruiting on campus a few years ago, well before the Snowden leaks. I asked him if he genuinely felt like he was defending America or if sometimes he felt like he was just a tool in someone's political agenda. His answer was, "no - I wouldn't say it always about some political agenda". Conversation ended pretty abruptly...
> Ever since the Snowden leaks, cybersecurity has been hot in Silicon Valley. In part that's because the industry no longer trusts the government as much as it once did. Companies want to develop their own security, and they're willing to pay top dollar to get the same people the NSA is trying to recruit.
And that's one way to fight back. Starve or own the talent pipeline. Buy them away from the NSA's front door. Similar to how Apple controls much of the manufacturing capacity for smart phones.
On the plus side (for the NSA), this effect may filter out some of the people whose moral/ethical orientation would prove to be a liability in that organization.
Two people did not try to attack the NSA yesterday. Three people met in a hotel room overnight, two of them stole the third's car in the morning, and as they were escaping they took a wrong turn into the NSA. The driver's decision or panic to ram the police car was one more bad decision; I doubt they even knew they were taking the NSA exit, and I seriously doubt that attacking the NSA was their premeditated plan. But it's early days.
Back in 2007-8, I went through the lengthy interview process to join the NSA. In the end, it didn't work out, and although I was devastated at the time, I'm glad the job offer was pulled.
When news of Snowden first broke out, the first thing I said was "there but for the grace of the gods go I".
And he wasn't even an NSA employee. I'm surprised Booz Allen Hamilton isn't yet mentioned in this thread. The NSA uses(or used) a ton of contractors. If they're giving top secret access to BAH employees, I highly doubt they're as sophisticated as they say (which I doubt anyway)
While I agree with the first half of that (I wish them mediocrity as well), Snowden's revelations make it pretty clear that they are not mediocre at what they do.
It takes some skill to deploy and run such a large-scale and pervasive operation.
People who work on building surveillance, people who have done it, people who may do it in the future, are your classmates in your CS program, your colleagues in your startup, your neighbors, your fellow conference attendees, you.
Folks who work at NSA (and all the other places that don't get so much press) read xkcd religiously, they go to DEF CON, they have Linux and math t-shirts, they read HN, they are reading this thread right now, and all the other threads.
If people like you in the cultures that you're part of decide that surveillance is cool and exciting, that's more talent to take the billions of dollars and vast intellectual challenges of figuring out how to eliminate the vestiges of privacy. If they decide it's uncool and sketchy, that's more talent that goes elsewhere and does something else.
There are many overlapping subcultures in technology and they don't all understand or talk to each other that much, and plenty of technology employers are recruiting out of many different subcultures, so you can't assume that the culture you create in your circles will control the path of technology. But the cultural attitudes of people in the tech world can have a powerful effect on what people decide is worth working on.