Will they be approached at a later date by past acquaintances to circumvent normal mechanisms and allow access data?
Can they be coerced to circumvent normal mechanisms and allow access to data?
How much were they aware of about what the NSA was doing, and were they aware it may have/definitely did break the law? Should that even be considered?
I'm not saying it would prevent hiring, but it would sure be on my mind.
Look at the converse - these employees have already been through a thorough background investigation and have been entrusted with highly secure data. These employees probably also have a higher (or at least average) tolerance against "being coerced" as you say into circumventing security mechanisms enforced by their employer - I can only imagine the counterintelligence nightmare that would exist if the clearance vetting process didn't try to weed out easily coerced individuals.
My point being: try not to focus on the negatives of the news, and remember that these are real people, many incredibly talented and trustworthy.
So, these real people. One of them comes to you for a sysadmin job. NSA and a high-ish security clearance is on their resumé.
Are they ignorant, apathetic, or malicious? It's one of the three. They either don't know what their government is perpetrating (and aren't paying attention), they know and don't care (because the dollar overrides all morals), or they know, care, and are playing for the other team.
"They're real people" is just an emotional appeal that ignores a very real ethical dilemma. Real people actually suck sometimes.
Nice use of the 'false choice' rhetorical device.
I'm not sure why you think that every employee of a large organization is somehow ideologically synchronized, operationally involved, and morally responsible for every policy decision made by the organization.
That isn't even true in small organizations, never mind large need-to-know organizations.
You needn't be ideologically synchronized or operationally involved to be complicit in oiling the machine responsible for the crimes that keep coming out recently.
Moral responsibility comes in when you decide to take money from these people instead of deciding to yourself "You know, maybe I don't want to be part, however small, of crimes against the public".
And that takes it right back to ignorance, apathy, or malice.
How is it narrow? I said I would be hesitant, but it wouldn't immediately exclude them as a candidate. I don't believe ignoring this past employer would be appropriate the same way I don't believe ignoring a past employer who happened to be a main competitor. Just because it may be unlikely, doesn't mean it should be ignored.
> These employees probably also have a higher (or at least average) tolerance against "being coerced" as you say into circumventing security mechanisms enforced by their employer
Depending on the attributes that make them hard to coerce (e.g. patriotism), what's a plus for government employment may be a negative in this specific assessment. A patriotic employee may be hard to coerce when working for the government, but depending on the line taken, the government may have a significantly easier time coercing them when they are working somewhere else ("but it's for national security!".
> My point being: try not to focus on the negatives of the news, and remember that these are real people, many incredibly talented and trustworthy.
The undercurrent of my comment, which may not have been clear, is that these admins may find it harder to find employment in the private sector after the recent NSA revelations. That's unfortunate because I'm sure most of them are completely innocent and great employees, making this layoff even worse than it sounds.
Edit: s/public sector/private sector/. Duh.
There is a bit of hyberbole about the "automation of tasks" and the "small severance/bureaucratic manner", both of which are (get this craziness): funny.
Things merely are.
I don't want to prejudge them with loaded terms such as as "bad" or "good". Sometimes events which would appear to benefit an individual are harmful to that individual or other individuals, and sometimes events which seem harmful are beneficial.
Yes, it's unfortunate that those individuals will have to expend more effort to prove their value to other people, but this is something which we all must do.
You're suggesting that phenomena have no intrinsic right and wrong?
From the perspective of the universe-at-large you are quite correct.
But not from the human perspective.
Sure it's important to see the big picture. But it's also important to give a shit about the little picture.
If you're teaching taxpayers or helping them in any other way then most of your department got the axe a decade ago.
Not that we'll ever know.
"Government agency hires army of contractors to automate jobs of 900 people"
They're building a layer of abstraction to separate the running of the systems from the data.
Instead of having system admins maintain the software state and hardware state on a forest of servers, it's a lot simpler to have VMs that delete and reprovision themselves whenever they have a software issue.
When you add in virtual HDDs or UNC paths for data locations, then the system is completely abstracted from the underlying hardware. If one of these physical hypervisor host systems has a hardware problem, the virtual servers on it can usually be live-migrated to other hosts, and the hardware can be repaired/replaced by a low-level hardware-only tech. When the hypervisor OS has an issue, it can be automatically reimaged as well.
Changes like this have made Office365 much more efficient than BPOS, and are likely at play in AWS and other datacenters as well as the NSA's.
It will be interesting to see how the human element of networks evolves over time.
I'm thinking back to the HDD firmware hack that was on HN earlier this week -- if a HDD was exposed directly to a VM, that would definitely be a plausible attack vector.
If someone with $100M wants to get you, they're probably gonna find a way.
I would say that the timing suggests that it's more to do with leaks than it does infrastructure.
Furthermore, a lot of people in these types of positions (sysadmin work etc; and I say that as someone who does this type of work myself, though not at a three letter agency) get a feeling that they're good enough to get away with it - whether or not it's actually true.
Making an announcement like that just seems exceptionally stupid.
It's not all that rare to see sysadmins that get fired or even just perceive mistreatment by coworkers or employers to jump the shark and mess up the systems they're meant to take care of.
To use an example - now a human swaps out a backup tape and has physical access to it. By replacing this with a tape robot, you've taken the insecure part - that person - out of the loop.
Edit: and so it wouldn't surprise me if a government department with huge budget tended to accrue employees over time. The "easy" path is retention.
However, there are a lot of people that are normal and decent but they don't get much play in the media.
Once this setup work has been done, they can make do with fewer admins.