Slashdot Mirror

← Back to Stories (view on slashdot.org)

It's Time To Split Up NSA Between Spooks and Geeks

Posted by timothy on from the sideline-coaches dept.

Hugh Pickens writes "Noah Shachtman writes in Wired that most of us know the National Security Agency as the supersecret spook shop that allegedly slurped up our email and phone calls after the September 11 attacks, but not so many know that the NSA is actually home to two different agencies under one roof: the signals-intelligence directorate, who can tap into any electronic communication, and the information-assurance directorate, the cybersecurity nerds who make sure our government's computers and telecommunications systems are hacker- and eavesdropper-free. 'The problem is, their goals are often in opposition,' writes Shachtman. 'One team wants to exploit software holes; the other wants to repair them.' Users want to know that Google is safeguarding their data and privacy. The trouble is that when Google calls the NSA, everyone watching sees it as a package deal. Google wants geeks, but it runs the risk of getting spies, too."

12 of 122 comments (clear)

  1. Why does Google need to 'partner' with the NSA? by mschuyler · · Score: 5, Interesting

    Aren't they smart enough and rich enough to hire their own geeks? SIGINT is the main job of NSA, period. If you want to hire the wolf to guard the hen house, you take the consequences.

    --
    How about a moderation of -1 pedantic.
    1. Re:Why does Google need to 'partner' with the NSA? by aristotle-dude · · Score: 5, Informative

      Google & NSA have been in bed together for ages. Heck, you know that thing called Google Earth? It used to be called Keyhole. NSA footed 10% of the bill on that.

      Wrong agency. It was the CIA who funded Keyhole through INQTEL.

      --
      Jesus was a compassionate social conservative who called individuals to sin no more.
    2. Re:Why does Google need to 'partner' with the NSA? by jeff4747 · · Score: 5, Insightful

      Because besides having the best "hackers" on the planet, the NSA also has the best sysadmins on the planet. Because the aforementioned 'hackers' practice against them.

      This, btw, is why the author's idea is terrible. You want both offense and defense in the same agency so that they can share techniques.

  2. Nonsensical ... by krou · · Score: 4, Insightful

    Okay, so TFA is arguing that creating a new agency 'that didn’t include the spooks would' avoid conflict and bring about 'acceptance across the government and the private sector'.

    But right in the beginning, it says '[Google] wants geeks, but it runs the risk of getting spies' when it contacts the NSA.

    If there is no guarantee that Google doesn't end up getting spooks from the NSA, who can say this new agency won't have spooks in there from the NSA?

    Am I missing something here, or is there some magical reason why this new agency won't have spooks embedded there, and it should be trusted any more than the NSA?

    --
    'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
    1. Re:Nonsensical ... by jumpinp · · Score: 5, Insightful

      Oh, so you want a government/agency you can trust. Sorry, all out of that.

  3. Hell No by DesScorp · · Score: 5, Insightful

    We do not need yet another federal agency. Splitting them in two will only result in two bigger agencies with an ever ravenous appetite for more tax funds.

    One of the worst things Bush did post 9/11 was creating the spate of new federal agencies. Can anyone say that their flying experience is actually better after TSA was created? Anyone?

    How much good did creating yet another layer of intelligence bureaucracy do us? Did intelligence get any better after we made the Director of Central Intelligence obsolete by creating a Director of National Intelligence? Not one damn whit. It just grew the federal payroll some more, and added more bloat and bureaucracy.

    Vital intelligence work needs to be done, but we need to be trimming down these agencies, not creating new ones.

    --
    Life is hard, and the world is cruel
  4. Two sides of the same coin by Daniel+Dvorkin · · Score: 4, Insightful

    Keeping our systems secure, and breaking into the other guys' systems, are damn near the same job. It is a good thing to have the people responsible for both working together, and maybe trading jobs occasionally. There is no American computer security and Russian computer security and Chinese computer security: there is only computer security, and systems which are more or less secure. The NSA has historically been about the only government agency that really seems to get this, and it would be a real mistake to break it up.

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    1. Re:Two sides of the same coin by budgenator · · Score: 3, Interesting

      I've read the article twice and it doesn't support it's own conclusion, if you except as a given that the NSA is bad, a loose cannon in regards to real American's rights it follows logically, if you don't think the NSA is inherently bad the article just panders to the tinfoil hat crowd. Google, an American Corp, and many other Corporations were attacked by an entity that appears was either the Chinese Government, a proxy of the Chinese Government or an entity specifically trying to make it look like the Chinese Government for their own nefarious purposes. Getting the "big guns" involved to help sort out the mess is the only reasonable response, it's what they are supposed to do and what they do.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
  5. Re:Of course by Anarki2004 · · Score: 5, Funny

    and you can't have Red Hat without a subscription (well support at least).

    --
    The teachers will crack any minute, purple monkey dishwasher.
  6. They already did, and it made things worse by Animats · · Score: 5, Informative

    This is old info, but NSA used to have a big internal division - the important stuff was at Fort Meade, and the less important stuff was at "FANX", the "Friendship Annex" (out near Friendship Airport, now called Baltimore Washington International). Support functions like personnel were at FANX, and still are.

    Computer security was at FANX. Which was a problem. Being banished to FANX was bad for your career. The top NSA people didn't go to the computer security side of the house. So computer security languished for years.

    All this was back when the USSR was the enemy, and NSA has changed a lot since then. But they still have Fort Meade and FANX, and less important stuff is still at FANX.

    For a while, in the 1980s and 1990s, NSA did do serious computer security evaluations. Industry hated it, because products could fail. The original policy was that a company could submit products for evaluation by NSA. In the first round of evaluation, the NSA people told the company what was wrong, and gave them a chance to fix it. The second round was pass/fail; if NSA could break into it, it failed. There was no third round. Some highly secure systems did pass the tests, but they were not mainstream systems.

    The process is now more "industry friendly". Evaluations are made by outside labs, paid by the companies being evaluated. Companies can keep trying over and over until they pass. Failures are not publicized. There are versions of Windows that have passed some level of Common Criteria testing.

    The "geeks and spies" division in the article is bogus. NSA is all geeks. (Mostly the middle-aged federal employee version thereof.) It's buildings full of people working at desks. There are no "NSA agents". The spies and the guys with guns are at CIA, FBI, DIA, and in the intelligence units of the armed services.

  7. Re:If the NSA handles SIGINT, who handles SIGTERM? by cryptoluddite · · Score: 4, Funny

    SIGSTOP is handled by KAOS.
    SIGCONT is handled by CONTROL.

    SIGHUP? It's handl#`%${NO CARRIER

    /wrists for making a no carrier joke

  8. Re:Smarts by dgatwood · · Score: 4, Insightful

    Someone good in math is far more likely than average to have or be able to develop expertise in any given use of computers.

    Careful there. Being good at math---being capable of learning higher level math concepts---is not the same as having taken the time to do so. A lot of very people don't bother going beyond a certain point simply because their primary interests lie elsewhere. And to some degree, being too analytical can actually hurt your ability to write good software.

    Writing software is not an entirely analytical process. It has some analytical components, particularly in understanding how the parts fit into the whole. However, creating the code itself is also an artistic process in many ways. You must consider all the different ways of doing something and choose the best one, based not just on the current needs, but also on a general feeling about what you might want to do with the code in the future without going overboard.

    • Overly analytical people often over-plan and over-design, resulting in code that is too complex to maintain, is too slow, or takes too long to finish. Getting everything perfect the first time is too important, so nothing ever gets done.
    • Overly artistic people tend to not plan enough, painting themselves into a corner. The result is that the entire project gets thrown out and redesigned every couple of years because they need to add a new feature and the design can't readily accommodate it.

    Thus, good programming requires a very delicate balance between analytical abilities and creative/artistic abilities. Analytical skills are necessary, but not sufficient.

    I would actually argue that programming skills tend to be more strongly correlated with musical ability than math education. Good musicians are generally good at analytical tasks, including math, but also have the artistic ability needed to take that critical step back and pay attention to the system design, the UI, etc.

    I've always found it staggering how many of my coworkers are musicians. In my department alone, it's at least one in three, and many of the people who aren't musicians have kids who are. Whenever we have a department party, we usually get together a group of people and jam. And my previous employer was the same way.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.