All of the blah blah blah about “damage to national security”. If any single person with access to these networks can do this kind of damage if they so happen to wake up on the wrong side of the bed one day, then ‘national security’ is not a secure system. It’s as secure as how those tens or hundreds of thousands of people with security clearance feel in the morning…
Which is true of basically any company too. They’re not secure because all it takes is a trusted person to go rogue.
> They’re not secure because all it takes is a trusted person to go rogue.
That's right, which is exactly why we have hefty consequences when someone does it. What would you suggest be an alternative? Have no secrets? Give medals to leakers?
The more you compartmentalise the more obviously you decrease efficiency of your operations.
But then you are competing with other countries, these countries may be compartmentalising less and be more efficient due to that and then you will get beaten by these countries.
If you compartmentalise extremely few will have good idea of the full picture, and from my experience I know that it's really hard to work without knowing full picture or why exactly you are doing something.
I doubt it, I think you would get much more access to much more data much easier if you manage it properly. If you put their data on the street there are no friendly nations. Other countries can also easily insert their people and access everything. The effort is much more worth while. Bad people can evade persecution much easier with access to their file.
It's easy to pressure people but if they don't have access or if it sets off the alarm it's pointless.
It doesn't work in practice. Everything ends up siloed and nobody can compares notes even if they think to do so.
Snowden was a network admin with access to backups or something IIRC so compartmentalization does little. He stole the parent container.
At some level, you have to trust people. Mandatory job rotation goes a long way. You don't want people becoming familiar enough with any system to learn how to exploit it. Move them around to change the rules of their environment faster than they can find loopholes, and occasionally change the tech stack to nullify retained knowledge.
And the access log? Lol. Best way to figure out who's onto you is to take a peek at the list of who's asking about you and what their interest is. You've just compromised the investigative team in implementing this.
The most irritating resume-updating event going on at my own job right now is an arbitrary shift to using retarded APT-style codenames for individual humans under investigation.
It used to be bad enough if the subject was trans and changed names halfway through the investigation, but now all identities are obfuscated by some FozzyBear or WakaWaka bullshit. It makes presenting a coherent timeline impossible.
Ideally there'd be a CMS that implements EAV row-level access controls for case management so we can selectively disclose case intel to other teams but I haven't found a good one we can afford.
Besides, there is a difference between personal lives and the dealings of a government. The latter is supposed to work for us. Do what is the in our best interest. Why do they need to keep secrets? Even military related decisions shouldn't be a secret. If they decide to attack Iraq, I'd like to see a transcription of all related discussions prior to the attack. Surely, if the attack was in the best interest of the people, there is nothing to hide, right? I'm not talking about undercover agents that can risk lives; I'm talking about the type of the discussions that are kept secret because they _aren't_ in the best interest of the people.
sorry to break your little bubble but it doesnt work like that in the real world. Even if you opened every single secret in your country, there are hostile countries out there that wont share the same goodwill with you. Even if both of you told each other "look these are all my secrets" there is always the lingering question whether that was everything or not. I think this is called Prisoner's dilemma iirc
You can't copy-paste technology, only information. And information isn't everything. Before your weaker competitor can master the technologies the information he copied enables, you should already have new technologies. If not you are stagnant and should loose.
If your strength relies on lots of secrets you are weak. With enough secrets your strength is just perception not a fact.
Hard agree. Better compartmentalization should be the norm. A true need-to-know basis policy requires way more discipline than we have today. That requires every level to actually be competent enough to deeply analyze the problems they're trying to solve and generalize their requirements. SOL on that these days.
> A true need-to-know basis policy requires way more discipline than we have today.
I don't think it's just discipline. It will decrease efficiency massively having to work around those bureaucratic hurdles.
> That requires every level to actually be competent enough to deeply analyze the problems they're trying to solve and generalize their requirements.
That could be right. Your solution perhaps could work, if everyone was superhuman and was able to work with limited information, having perfect communication without knowing the big picture or the goals.
From working with corporations, to me it's almost impossible to work well without knowing big picture. It's a huge difference, how much of everything I'm able to know. It can easily mean 10x or 100x or infinite efficiency difference.
If everything is compartmentalised and you need to do your task, you need to know something, but in order to know it, you may not even know who to really ask. And if you do, then who knows, when you will receive the answer.
Requirements of everything are just far too complex to be able to perfectly share this information without the context.
The person who needs to know more would be your boss.
Compartmentalization doesn't create knowledge gaps, but incompetence does. In the corporate world the incentives aren't aligned well. You get promoted for delivering business results instead of good solutions. Most corporate middle managers defer their responsibilities to their employees which is why you end up having to know so much and do all the legwork of asking around. Lucky you that's a lot of power they're just giving away. Oh hey so that's why any random low level employee can leak so much information! Who woulda thunk it?
Assuming they became your boss through technical merit they should be able to adequately describe requirements and anticipate implementation details. They could do it themselves if they had the time, but they don't anymore. Good requirements shouldn't need follow up questions beyond you potentially not knowing how to do something. You ask your boss.
Your boss doesn't have to know the whole project to deliver their piece. This funnels all the planning towards the top and they have massive incentive to shut the fuck up and not leak anything. It really is that simple.
But the boss could not have as specialized skillset and knowledge as the lower level worker would have, so the boss couldn't be able to know as much, compared to what lower level worker would need to find out.
Responsibilities have to be delegated from the up, down, because upper level can't possibly have all the knowledge and skill of the skill-workers themselves as they are not spending 100% of their time on this exact skill work.
> Assuming they became your boss through technical merit they should be able to adequately describe requirements and anticipate implementation details.
For a period of time when they are within the domain yes. However if you are not constantly working in the domain to the same extent as the skill worker, you won't be able to keep up with the information. In order to be able to be on the exact same level of information you would need to spend the same amount of time on the skill work itself.
> Good requirements shouldn't need follow up questions beyond you potentially not knowing how to do something.
There's no way you can write such good requirements in any at least even slightly remotely complicated project. Nobody could write such requirements. The complex things are always iterative. You can only do simple, repetitive things like that. Absolutely nothing innovative.
> This funnels all the planning towards the top and they have massive incentive to shut the fuck up and not leak anything. It really is that simple.
This could only work in something like military with standard processes and where everyone follows this routine and orders. But not in intelligence work. Intelligence work is never that straightforward.
That second link is not evidence that they planted it. It's evidence of them using illegal means to discover it. These are not the same thing. Faking probable cause to search your car is not evidence that they planted drugs.
Same as being exonerated for a wrongful conviction. It doesn't mean you didn't actually commit the crime and should let a wrongfully-convicted pedophile manage your daycare center. You really need to dig deeper than the headline to know what was wrongful about the conviction-- the actual offender later being caught is not the same as a procedural error by the prosecutor.
Given that possession isn't the only charge for Schulte, it wasn't planted. None of this was even necessary to make the case; they could easily have dropped these charges.
From the Reddit AMA "I am Andrew Bustamante, a former covert CIA intelligence officer and founder of the Everyday Espionage training platform. Ask me anything."
> "Does the cia use child prostitutes to control assets?"
> "I plead the 5th. The things we use to control assets are unsettling enough without going into details."
Actual violent offenders, murderers, molestors, rapists, etc get far less time and better circumstances.
Leakers continue to leak because the majority of the u.s. population believe their government is corrupt and deserves to be exposed. Said government would produce better outcomes by not continually proving their corruption. Federal corruption is concrete history, it's there on Wikipedia to read, but only the allowed parts.
It's a big club, you ain't in it, and theyre deciding your life for you.
Which is true of basically any company too. They’re not secure because all it takes is a trusted person to go rogue.