Slashdot Mirror

← Back to Stories (view on slashdot.org)

It's Time To Split Up NSA Between Spooks and Geeks

Posted by timothy on from the sideline-coaches dept.

Hugh Pickens writes "Noah Shachtman writes in Wired that most of us know the National Security Agency as the supersecret spook shop that allegedly slurped up our email and phone calls after the September 11 attacks, but not so many know that the NSA is actually home to two different agencies under one roof: the signals-intelligence directorate, who can tap into any electronic communication, and the information-assurance directorate, the cybersecurity nerds who make sure our government's computers and telecommunications systems are hacker- and eavesdropper-free. 'The problem is, their goals are often in opposition,' writes Shachtman. 'One team wants to exploit software holes; the other wants to repair them.' Users want to know that Google is safeguarding their data and privacy. The trouble is that when Google calls the NSA, everyone watching sees it as a package deal. Google wants geeks, but it runs the risk of getting spies, too."

7 of 122 comments (clear)

  1. Why does Google need to 'partner' with the NSA? by mschuyler · · Score: 5, Interesting

    Aren't they smart enough and rich enough to hire their own geeks? SIGINT is the main job of NSA, period. If you want to hire the wolf to guard the hen house, you take the consequences.

    --
    How about a moderation of -1 pedantic.
    1. Re:Why does Google need to 'partner' with the NSA? by aristotle-dude · · Score: 5, Informative

      Google & NSA have been in bed together for ages. Heck, you know that thing called Google Earth? It used to be called Keyhole. NSA footed 10% of the bill on that.

      Wrong agency. It was the CIA who funded Keyhole through INQTEL.

      --
      Jesus was a compassionate social conservative who called individuals to sin no more.
    2. Re:Why does Google need to 'partner' with the NSA? by jeff4747 · · Score: 5, Insightful

      Because besides having the best "hackers" on the planet, the NSA also has the best sysadmins on the planet. Because the aforementioned 'hackers' practice against them.

      This, btw, is why the author's idea is terrible. You want both offense and defense in the same agency so that they can share techniques.

  2. Hell No by DesScorp · · Score: 5, Insightful

    We do not need yet another federal agency. Splitting them in two will only result in two bigger agencies with an ever ravenous appetite for more tax funds.

    One of the worst things Bush did post 9/11 was creating the spate of new federal agencies. Can anyone say that their flying experience is actually better after TSA was created? Anyone?

    How much good did creating yet another layer of intelligence bureaucracy do us? Did intelligence get any better after we made the Director of Central Intelligence obsolete by creating a Director of National Intelligence? Not one damn whit. It just grew the federal payroll some more, and added more bloat and bureaucracy.

    Vital intelligence work needs to be done, but we need to be trimming down these agencies, not creating new ones.

    --
    Life is hard, and the world is cruel
  3. Re:Nonsensical ... by jumpinp · · Score: 5, Insightful

    Oh, so you want a government/agency you can trust. Sorry, all out of that.

  4. Re:Of course by Anarki2004 · · Score: 5, Funny

    and you can't have Red Hat without a subscription (well support at least).

    --
    The teachers will crack any minute, purple monkey dishwasher.
  5. They already did, and it made things worse by Animats · · Score: 5, Informative

    This is old info, but NSA used to have a big internal division - the important stuff was at Fort Meade, and the less important stuff was at "FANX", the "Friendship Annex" (out near Friendship Airport, now called Baltimore Washington International). Support functions like personnel were at FANX, and still are.

    Computer security was at FANX. Which was a problem. Being banished to FANX was bad for your career. The top NSA people didn't go to the computer security side of the house. So computer security languished for years.

    All this was back when the USSR was the enemy, and NSA has changed a lot since then. But they still have Fort Meade and FANX, and less important stuff is still at FANX.

    For a while, in the 1980s and 1990s, NSA did do serious computer security evaluations. Industry hated it, because products could fail. The original policy was that a company could submit products for evaluation by NSA. In the first round of evaluation, the NSA people told the company what was wrong, and gave them a chance to fix it. The second round was pass/fail; if NSA could break into it, it failed. There was no third round. Some highly secure systems did pass the tests, but they were not mainstream systems.

    The process is now more "industry friendly". Evaluations are made by outside labs, paid by the companies being evaluated. Companies can keep trying over and over until they pass. Failures are not publicized. There are versions of Windows that have passed some level of Common Criteria testing.

    The "geeks and spies" division in the article is bogus. NSA is all geeks. (Mostly the middle-aged federal employee version thereof.) It's buildings full of people working at desks. There are no "NSA agents". The spies and the guys with guns are at CIA, FBI, DIA, and in the intelligence units of the armed services.