It's Time To Split Up NSA Between Spooks and Geeks 122
Hugh Pickens writes "Noah Shachtman writes in Wired that most of us know the National Security Agency as the supersecret spook shop that allegedly slurped up our email and phone calls after the September 11 attacks, but not so many know that the NSA is actually home to two different agencies under one roof: the signals-intelligence directorate, who can tap into any electronic communication, and the information-assurance directorate, the cybersecurity nerds who make sure our government's computers and telecommunications systems are hacker- and eavesdropper-free. 'The problem is, their goals are often in opposition,' writes Shachtman. 'One team wants to exploit software holes; the other wants to repair them.' Users want to know that Google is safeguarding their data and privacy. The trouble is that when Google calls the NSA, everyone watching sees it as a package deal. Google wants geeks, but it runs the risk of getting spies, too."
Re:Why does Google need to 'partner' with the NSA? (Score:5, Informative)
Google & NSA have been in bed together for ages. Heck, you know that thing called Google Earth? It used to be called Keyhole. NSA footed 10% of the bill on that.
Wrong agency. It was the CIA who funded Keyhole through INQTEL.
They already did, and it made things worse (Score:5, Informative)
This is old info, but NSA used to have a big internal division - the important stuff was at Fort Meade, and the less important stuff was at "FANX", the "Friendship Annex" (out near Friendship Airport, now called Baltimore Washington International). Support functions like personnel were at FANX, and still are.
Computer security was at FANX. Which was a problem. Being banished to FANX was bad for your career. The top NSA people didn't go to the computer security side of the house. So computer security languished for years.
All this was back when the USSR was the enemy, and NSA has changed a lot since then. But they still have Fort Meade and FANX, and less important stuff is still at FANX.
For a while, in the 1980s and 1990s, NSA did do serious computer security evaluations. Industry hated it, because products could fail. The original policy was that a company could submit products for evaluation by NSA. In the first round of evaluation, the NSA people told the company what was wrong, and gave them a chance to fix it. The second round was pass/fail; if NSA could break into it, it failed. There was no third round. Some highly secure systems did pass the tests, but they were not mainstream systems.
The process is now more "industry friendly". [niap-ccevs.org] Evaluations are made by outside labs, paid by the companies being evaluated. Companies can keep trying over and over until they pass. Failures are not publicized. There are versions of Windows that have passed some level of Common Criteria testing.
The "geeks and spies" division in the article is bogus. NSA is all geeks. (Mostly the middle-aged federal employee version thereof.) It's buildings full of people working at desks. There are no "NSA agents". The spies and the guys with guns are at CIA, FBI, DIA, and in the intelligence units of the armed services.
Re:This is all wrong. (Score:1, Informative)
Um, internal security is a function of the FBI not the NSA - the NSA's job is to gather [electronic, CIA and DIA deal with humInt] on other governments/organizations. It is the FBI's job to investigate domestic ends of these sorts of things and for that, we have warrants, etc. to ensure liberty.
Re:This is all wrong. (Score:3, Informative)
Just ban them from listening in on Americans, as an official policy, and don't worry about it.
I'm sorry but that's purely wishful thinking on your part.
In 1976, the Church Committee reports found NSA obtained copies of millions of private telegrams sent from, to or through the United States in its SHAMROCK program. [icdc.com]
On August 17, 2006, District Court Judge Anna Diggs Taylor ruled in ACLU v. NSA [wikipedia.org] that NSA violated the First and Fourth amendment by warrantless tapping American citizens in the aftermath of 9/11.
In April 2009, intelligence officials admits that NSA had been engaged in “overcollection” of domestic communications of Americans. [nytimes.com] In one extreme case they even wiretapped a congressmen while he was overseas.
Please note that I am not wearing tinfoil hats and all my sources came from either from Congressional hearings or court rulings.
Re:Hell No (Score:2, Informative)
Not "better".. Safer [aero-news.net]..
Re:They already did, and it made things worse (Score:1, Informative)
I have to say that 153 sounds like an awfully high death toll if we're talking about desk workers.
NSA also includes CSS (Central Security Service) which provides crypto support to military branches. Some of the NSA/CSS personnel wind up on various missions which can be risky... e.g. manning various posts, on board planes/boats, etc.