I wonder if NSA really comprehends the breadth of what's going on here. I don't think Snowden was a singularly disgruntled guy who happened to have clearance.
His former coworkers are going to be smart, American, and patriotic too. Some percentage of that class of people will have strong opinions about being complicit in borderline-Constitutional activities. Snowden was the first to come forward, but do you really think there isn't a significant pool of sympathizers still at NSA considering making a similar move?
Requiring cooperation between two analysts does raise the bar somewhat. But I think NSA would be making a mistake to assume that this is an isolated problem, with a tactical solution. I hope that the next guy (or pair) to come forward is as circumspect as Snowden seems to have been. Thank goodness Bradley Manning didn't work at NSA -- that scenario would have real consequences for the world, instead of the noisy internal (and important and necessary) squabbling we'll be doing for the next several months.
Yeah. The worst of it is the corollary - you need to fire people that are ideologically impure. If people openly start talking about how they consider the Constitution to be an important document that needs to be protected by individual actions, then they can easily find an ally to make up the second person. To make the two person rule effective, you have to eliminate anyone that openly admits that they may very well break the organisation's rules in favour of the Constitution.
That will be the NSA's finest hour - firing people for stating that they support the US Constitution...
NSA really should have had better internal controls in place for decades, if this leak is anything to go by.
They got lucky, nothing more, that Snowden is a concerned citizen and not an actual spy. No single person should be able to do what Snowden did even if you assume all NSA analysts are 100% comfortable with the mission.
In nuclear weapons two-person concept is a huge, huge, huge deal. NSA's stuff might not be to the exact same level of seriousness but at the same time "TOP SECRET" implies grave risk to national security if leaked and their internal controls should have been equal to the risk implied by that.
TS/SCI is relatively common because it doesn't give you access to much. It just means you've been vetted. Actual secrets are still organized by code word, and you can only access them if you're explicitly read in (i.e. given "code word clearance"). Some more details: http://www.outsidethebeltway.com/clearance_fever/
Clearance does not equate to access, or with "need to know". It simply means someone has been screened to a certain degree of trustworthiness to properly handle classified material.
"They got lucky, nothing more, that Snowden is a concerned citizen and not an actual spy."
Actually Snowden may have been the NSA's lucky break. Doesn't it seem likely that there are poeple selling secrets to enemies within NSA/Booz Hamilton? This forces them to deal with a system that probably makes that relatively easy.
That may solve the whistle-blower problem, but it doesn't solve the spy problem. There are actual spies, paid in cash, who traffic government secrets, who need to be stopped regardless of your opinion on whistleblowers.
There's plenty of ways to make it physically difficult to copy out data onto portable storage without following protocol, so that it is not "honor-based":
For starters, disable all USB ports other than on dedicated systems that are closely monitored. Then you can physically (with a guard at the door), verify that no data is copied out without a second person signing in with the person doing the copying, and signing out the data being copied. Add on electronic restrictions requiring acknowledgement from a second person, and regular audits of who takes out what, and it'd be a lot harder to get data out without finding someone to help you, knowingly or not.
There will always be workarounds, but you can at least make people put in more efforts into doing things that increases the chance they'll be noticed.
I am reminded of something someone* said about leaks in 2006:
The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption.
Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.
In other words, in an increasingly digital world, its gets easier and easier for large scale leaks to happen, and although you can take measures to try and stop that, overall those measures will damage your effectiveness even more. Some leaks are 'good' and some are 'bad', but over time, in a leaky world, the overall long term effect should be positive - a move towards more openness.
* its pretty obvious who, but I don't want to derail.
"The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption."
- Julian Assange, The Nonlinear Effects of Leaks on Unjust Systems of Governance
I'm not mad about it because I pay taxes. Minor children, tax-exempt institutions, those with no income: they all deserve to be free of unjust government surveillance. Conflating the issue with the paying of taxes in a progressive tax system may introduce the rationale that those that pay the most taxes are the most deserving to not be watched.
In fact, some of nation's largest taxpayers (in the black corporations) are actively cooperating in this endeavor, so making this about taxes would seem to argue that the "taxpayer" has already spoken.
You bring up a point (perhaps frivolously)that I haven't seen before. With many many minors owning cell phones, where does the court stand on collecting meta-data from children. The law is very clear when it comes to crimes on how minors are treated, this seems to make assumptions without guardian approval or regards to their status as minors.
There would need to be unilateral storage regardless of potential profiling during mining -- otherwise the cellular profile of a child, in this case, would make a secure line.
Honestly, how do you people even bring yourselves to talk about these laws in the context of existing legal frameworks?
I'm not trying to be rude to you as much as I am express my frustration about what the government's doing, but look, nothing about this was particularly legal (we can debate the legality of FISA warrants off-thread, I'm happy to).
Certainly any sort of whole-sale capturing of traffic or messages or pictures or calls could cause the government to be in possession of materials that they shouldn't, but that's really not saying a whole lot, now is it?
I don't even think about these gross violations of our Constitution to even be a "legal" matter. How can you? It's not like a court can rule against these laws. The ruling is just suppresssed.
I think the point is that "protecting the children" is one of the few things that are an easy fight politically. The rules over gathering data on children are fairly strict, and could be a fine technicality to enforce a moratorium on the wide surveillance. They may not be lawful, but bureaucracies are notorious for being susceptible to goofy policy enforcement. (One could joke they answer to a higher authority that way.)
Of course, they also have the option to say fear is worse, enact special complicated safeguards that filter out children, or any number of other weasel work-arounds. But it's something, at least.
Given that the NSA has been willing to violate the Constitution, which is literally the highest law of the land, what makes you think they care at all about a few pesky child protection rules?
It's like paying attention to the speed limit while mowing down pedestrians in your car.
First, who cares? Honestly, of all the things I'm upset about, pretty much the bottom of the list is "pictures from Tor get mirrored in an NSA facility". The "terrible" things about child porn come from it's production, distribution and sale. None of those things are happening by it getting picked up in a dragnet and put on a HD. No one's going to be motivated to stop the government over CP if they haven't over privacy.
Second, child porn is bad. But do we really have to take their bullshit strategy of "OHMHYGOD THE CHILDREN!?" when "OH MY GOD, ANY SENSE OF PRIVACY?" should suffice?
tltltl;dr: If a "legal technicality" were going to trip up the NSA, it ought to be the Fourth Amendment.
I completely agree that "the children" is a minor blip in the entire program, but it is a blip that has a lot of emotional response attached to it.
I again agree that current laws can't even compare to something of this scale. But laws about minors and their entrapment or protection might be enough to waken the laymen on this apparent abuse of power.
We have that system of "he who pays the taxes makes the rules", except instead of taxes, it's campaign contributions. (Which, incidentally, often results in the donors paying far less taxes.)
Nuclear launch codes. Locations of strategic assets (eg, nuclear missiles). Identities of people in Witness Protection. Closed court records regarding children. Personal information collected as part of tax collection (eg, income). Identities of foreign informants.
Here's the difference: the government is quite open about doing all those things. We can ostensibly debate and influence policy on all of them, because the policy itself is not secret.
But when even the policy is secret, it is totally beyond even the possibility of democratic control.
My favorite example of why the government shouldn't be allowed to keep that many secrets is the Supreme Court case which established the concept of "National Security" (secrets). It was a wrongful death lawsuit regarding a plane crash just after WWII (if I recall correctly). The government said, "we can't release any details of the crash because it's a matter of National Security". SCOTUS said fine and the families of the men killed in the crash were told to pound sand.
Jump forward to the modern day, when the details of the crash are accidentally released with a bunch of other declassified information. It turns out that the flight had absolutely nothing to do with "National Security", it was just a routine flight in a plane with a poor maintenance history. The government was just covering their asses to avoid paying out for wrongful deaths, and bullshit so hard they created a legal precedent.
Fun fact: the PAL codes on Strategic Air Command's Minuteman nuclear missiles were set to 00000000. To quote President Skroob, "That's amazing - I've got the same combination on my luggage!".
To some extent I'm not sure the "launch codes" themselves -- if there is something you need to type into a console at the missile base itself to actually launch the missile and there isn't just a shiny red button -- need to be that secret. There should be a boatload of physical security protecting nuclear missiles. If there isn't, we're doing it wrong. It's not like we should be letting random people reach the point they could fire the missile.
But launching nuclear missiles is a command decision so the weak point in the system is the means by which an order to launch is authenticated. And whatever secret tokens are used in that process, those I want as few people as possible to know (ideally zero).
Also, evidence obtained in a way that violates Constitutional amendments and that is therefore barred from admission in a case. Medical records (incl. genetic testing results). Tax returns. Information about a person inadvertently collected pursuant to a valid investigation, or otherwise not relevant to the investigation.
The saddest part of the story is that there are two quotes, one from a democrat and one from a republican, and both are falling all over themselves in a rush to brand a whistleblower as a traitor.
The second saddest part of the story is that the person responsible for securing the biggest DWH of all time freely admits that they have no protection against rogue sysadmins, most of whom don't even work for the NSA.
The "second saddest part" makes me realize why all of the government agencies get C's or less in the NIST tests for securing systems. When the NSA can't even employ their own in-house sysadmins, there is no real hope for defense against political espionage.
If Snowden was the first to leak information, who was the first to sell it? The way Snowden describes the access seems like a joke.
One has to also wonder: how many have sold it before Snowden leaked it? I have a hard time guessing the ratio of people willing to silently sell information versus loud do-gooders, but I have a strong suspicion it is greater than one. And of course one person can sell multiple times...
GREAT POINT.
If someone could leak this much information as a sysadmin and do it effectively, how could it have not been sold?
The value of such information would be astronomical to other spy agencies who would be opposed to us.
Frankly, who Snowden's employer was on paper is irrelevant. There is nothing about being a government employee that makes one more loyal or trustworthy or any other characteristic. Everybody goes through the same vetting process by the same government agency to receive a clearance.
If anything, a contractor is going to have additional vetting. As an employer, the federal government is bound by constitutional restrictions that private employers are not. For example suspicion-less drug testing is not a requirement for a clearance (affirmation that you haven't used illegal drugs is a requirement, but actual testing is not). However most private employers are all gung-ho on the drug testing front and do force employees to be tested to whatever level their local state laws permit (there is significant variance by state as to what a private employer can require).
That's an over-simplification that obscures the important issues. What matters is in what way their interests diverge - espionage and whistle-blowing are of no more interest to a contract employer than to the government itself because the contract employer is answerable to the government. Most contract employers live and die at the whim of their single customer.
> That's an over-simplification that obscures the important issues. What matters is in what way their interests diverge - espionage and whistle-blowing are of no more interest to a contract employer than to the government itsel
Whistleblowing, sure, generally. Espionage on behalf of a foreign power, probably; espionage on behalf of the company itself... heck, government contractors in non-security related fields not-infrequently expend considerable effort to gather non-public information about their current and potential employers and competitors.
I'd say you have a point when talking about wholesale outsourcing of an entire division to a private contractor. But individuals who report to managers which are government employees are not a consequential risk.
Even then it isn't quite espionage that's the problem but simply working to steer more business their way - inside information on operations feeds into the lobbying arm of the contractor and the lobbyists convince congress to create or expand the work available for which the contractor has a high probability of winning the bid.
Those are the senators that have probably said something to someone over a phone that ... that just maybe might get them into trouble if it ever leaked out.
Or perhaps the emphasis should be on ANALYST. An Analyst maybe not, a sysadmin, oh, yeah, sure (and we have about 1000 of those).
But really, I don't believe anything they say, or believe that I'm capable of figuring out the true meaning of the careful wording that they think they are using to 'technically' tell the truth while intentionally making everyone think they meant something else that was really a lie. I mean, Clapper has already admitted he lied to Congress, right?
Especially when they're clearly using regular words re-interpreted into jargon to intentionally mislead the people responsible for their oversight.
"Collect" apparently has an intelligence-community meaning that's quite different to the regular dictionary definition - when the NSA says they don't "collect" data, what they seem to mean is that their computer systems intercept and archive that data, but that human analysts haven't (yet) looked at it.
In what other profession would you get away with making up a new definition of a word that's almost 100% opposite to the "regualar" meaning of that word, then using the word with your meaning when talking to the government? "Oh no, I didn't 'steal' that money - in the investment-banking-community, 'steal' means spending stolen money. I haven't spent any of that money yet- it's still sitting in my bank account - so no, I didn't steal any money."
The statement that a singleanalyst can eavesdrop on domestic communications without properlegal authorization is incorrect.
The words italicized are qualifiers- that is they reduce the scope of the statement. It is uncertain that if you removed any one of those qualifiers the statement would still be true.
Looks like he won the seat in a gerrymandered district. This manipulation of district boundaries takes advantage of people who vote along party lines regardless of an individual candidate's qualifications.
This point simply cannot be overstated. The absolutely deplorable level of "oversight" performed by Congress is a direct function of the degree to which they've been able to insulate themselves from the electorate. Being able to select who can and can't vote against them is one of their most effective means for doing this. Indeed, this practice explains why so many of them can hold onto their seats while continuing to act against the interests of their constituents in ways beneficial to their funders.
In short, gerrymandering, closed primaries, and private campaign finance form the Triangle of Doom. In combination, they provide the noose with which Congress is choking America to death. Abuse at the hands of the NSA (and their multi-billion dollar web of contractors) is just the latest, and perhaps the most chilling example of this phenomena.
> Now, in all fairness they do have a cragy coast, but it is very clear the districts are unconscionably gamed.
I'm not sure how it was done in the source for that news article, but gerrymandering-detection algorithms should ignore natural borders in that regard. See, for example, this paper which measures gerrymandering in terms of convexity: http://mathdl.maa.org/images/upload_library/22/Polya/Hodge20...
> * "We have to learn from these mistakes when they occur,” Representative Charlies Ruppersberger said to Alexander in the hearing. “What system are you or the director of national intelligence administration putting into place to make sure that if another person were to turn against his or her country we would have an alarm system that would not put us in this position?"*
So now the good Representative Ruppersberger is taking part in the automatic branding of Mr. Snowden as one who has turned against his country. For whistleblowing.
But it's the easier path. It's hard to fix the problems they have. It's easy to throw someone under the bus, dust your hands off and declare "job well done."
From the article: Representative Michelle Bachmann emphasized that the NSA should answer “how a traitor could do something like this to the American people,”
Heh yeah. I guess I'm desperately clutching to the (futile?) belief that US congress is primarily stuffed with politicians of the dangerously incompetent and naive kind rather than the evil lizard people kind. People like Bachmann make me wonder though.
The House is stuffed with politicians who appeal to their constituency. Unfortunately, the area Bachmann is from is filled with people who are similar to her.
I can understand that but surely one should be able to expect a member of congress to possess sufficient intelligence and moral judgement to be capable of recognising the stark truth of a situation when it's been laid out so unequivocally?
I mean, after watching the USA Today interview, it takes some pretty spectacular mental gymnastics to paint what Snowden has done as anything other than being in the public interest. Her constituents may be ill informed but she's a fucking member of congress for christ's sake.
> I can understand that but surely one should be able to expect a member of congress to possess sufficient intelligence and moral judgement to be capable of recognising the stark truth of a situation when it's been laid out so unequivocally?
Perhaps, but not always of sufficient moral character to, one they have the spotlight, not try to deflect attention away from the stark truth when that stark truth is hostile to their personal preferences.
They also had a functional Dictatorship system. Well, functional for a time... until it went wrong. I think they were actually onto something with that idea though. The flaws likely could have been corrected. A common theme with most dictatorships gone awry is a rogue general, but the real problem is a military comprised of men that are willing to follow a rogue general.
Most dictatorships and kingships are functional when the person in charge is. The problem is that when they go awry, they can go extremely awry, and many innocent people get caught in the twists; and so the lands that had been gradually accumulated during the centuries of the Republic gradually slipped away under the inconsistent rule of the Empire. Democracies have the great advantage that, while they don't function as efficiently at their best, they never go quite as awry as Caligula or Pol Pot.
Rome, of course, had many occasions where the military was no longer willing to follow a rogue commander (the literal translation of Latin imperator, usually translated as emperor). So they kicked him out and installed a new one, in what we now call a coup d'état. The problem is, it turns out that militaries are not particularly good at determining which commanders are acting in accordance with the commonweal of the nation and which are not. The values you need to run a successful regiment are not the same values you need to run a successful country, and in many ways, they are opposite.
So I don't think that encouraging mutinies in the military really solves the problem.
The political issues also aren't really all that clear cut.
While Julius Caesar's opponents called themselves "The Good", and were indeed the principle actors of the Roman Republic, the Roman Senate was also a homogenous bunch of rich assholes (nothing at all like our current Senate). Caesar was allied with a number of outsiders, including a number of liberated women, who felt oppressed by the old Republic.
That's not to say the Roman Empire was flowers and gummy bears, or would have been if Caesar had lived. Or that it was even better or could have been better than the Republic. But losing the oligarchical Republic wasn't necessarily that big a tragedy.
More like their conquer and receive tribute strategy started to not work any more and military technology and techniques were transferred to their conquered territories.
That was the downfall of the Roman Empire; the downfall/transition of the Roman Republic (the one with dictators, not emperors) was of a different nature, which is not quite as easy to sum up: http://en.wikipedia.org/wiki/Crisis_of_the_Roman_Republic
Nobody cares about anything unless it disturbs their daily rituals. At the end of the day, if they are still able to go to work, collect a paycheck, watch a movie, see their family, they aren't going to care.
Similarly with government workers. They don't care. They want a paycheck. It's not their fault, it's somebody else.
Until the government starts pointing fingers, nothing is going to happen.
It is not rational to agree with being spied on, lied to, and having our rights revoked. It's apathetic, and frankly, disgusting. Long as we can still instagram and facebook and tweet whatever the fuck we had for lunch today!!!!!! Right?
I believe this was the kind of thing that Wikileaks has been shooting for all along--make the keeping of dirty secrets so cumbersome that it becomes infeasible to keep them. This chicken has already flown the coop: the next leak will likely come from elsewhere, and again the government will be forced to scramble and plug hole that already leaked.
Full body cavity scans on every entry and exit... A micro-sd card, USB plug, and necessary bits to connect them are easily small enough to be swallowed, hidden under your tongue, stuck up your anus or hidden in any number of ways.. Clearly they need to be regularly strip-searched and x-rayed.
Coincidentally, I'm re-reading Snow Crash, read it first in the nineties.
When I first read it I felt a little like a snickering boy looking up dirty words in the dictionary, reading about failed institutions and government military and intelligence services as spun off corporations.
Now if you skim off the entertaining over-the-topness from the book, you have today. Booz Hamilton anyone? That program's never going away, there's too many jobs, billions, and lobbying money at stake.
> was one of close to a thousand systems administrator
Huh, that gives some idea as to the operational scale of NSA systems.
It's ironic how much we're learning about how the secretive NSA does things.... from public releases by the NSA themselves, in their attempts at PR damage control.
I dunno, from a purely tech standpoint, it's a classic problem isn't it? How do you stop your sysadmin from fleeing with all of your company's data?
I think the current solution is to just trust that your sysadmin's career would be over if he/she took your data. Kind of doesn't work as well for stuff like this, though, considering the person who'd steal your data probably at this point doesn't care.
"The rule required that anyone copying data from a secure network onto portable storage media does so with a second person who ensures he or she isn’t also collecting unauthorized data."
Don't mind me over here by myself, I'm not copying anything...
Hmmm. The impression I have is that Snowden had access as a sysadmin, not as an analyst. That is, he didn't really have any duties that called for him to access the "secret" data. If the systems allow sysadmins to bypass proper authorization procedures, what good is another authorization procedure? Perhaps they'd be better off auditing the ACLs. In the Cloud Era, very few machines ever need to allow root access.
However, this scheme would seem to prevent previous "laptop leaks", so I think it's a good idea.
OK so here's the question: who thinks that everything the NSA does should be public knowledge - not just what they do, but everything they have, all their data, everything.
I'm sure some people do, but would imagine most don't. Most want a public overview of what they are doing and what rights they have, but understand that specifics/data need to stay secret.
For this to be the case, surely they do need to make sure security is as tight as possible. But on the flip side, if they were able to 100% prevent all leaks, it would mean that nothing like this could happen again, i.e. the kind of leaks that we want to see. So where should the line be drawn?
I guess I shouldn't have expected less than badmouthing from the cynical HN crowd!
Why is it that everyone chooses to omit the most important thing about this new rule? It was designed especially to make sure the next Edward Snowden would have an accomplice when taking vac...fleeing to another country and would feel less homesick thanks to the presence of a fellow motherland-er.
I for one, welcome the attention and kindness of our new NSA overlords.
PS: Dear NSA agent reading this, I lost access to my old Yahoo! Mail account where I still have love letters sent by my ex-girlfriend and goth poetry I wrote when I was 18. Think you could help me? Thanks for your help! XOXO
I once worked at a company which had a form of the two-person rule for production changes. The company's change control team thought that by requiring a second person on the development team to 'certify' that the change was 'good', they could cut down on some vaguely imagined problems.
What really happened:
Bob (via IM): Hey Mary, here's a change request link, can you hit 'approve' real quick?
Mary: Done
I bet that some slightly more sophisticated version of this will happen with this new 'two-person' rule.
I seem to remember watching a documentary of the Berlin wall in which soldiers in the guard towers were not in casual communication with soldiers walking the wall/fenced area. None of them were there to keep people out, but in. Watchers monitoring watchers... Wish I could remember which documentary it was.
“What system are you or the director of national intelligence administration putting into place to make sure that if another person were to turn against his or her country we would have an alarm system that would not put us in this position?”
The thing is, Snowden didn't turn against his country. Snowden turned towards his country...and against the schnooks who were undermining it.
There's a balance here. There is danger in making it too hard for somebody with a conscience to use it to make things better. The fact that it took this long for the truth to get out suggests to me that the controls they already have in place (along with whatever social pressures surround them) might be fine or even a little too strict.
I'm simply dumbfounded by this. Why is nobody at the top taking any steps to do anything about the fact that Snowden had almost unhindered access to spy on whoever he wanted? That seems like a far more concerning security hole to me.
How well will the "two-person" rule work, once the second person starts to treat it like a rubber-stamp process? How do you prevent that from happening without introducing big inefficiencies?
> “We have to learn from these mistakes when they occur,” Representative Charlies Ruppersberger said to Alexander in the hearing. “What system are you or the director of national intelligence administration putting into place to make sure that if another person were to turn against his or her country we would have an alarm system that would not put us in this position?”
So the lesson is not how to prevent the NSA's domestic spying, but how to prevent getting caught?
Am I the only one who thinks the NSA should be doing something to ensure that this doesn't happen again, as in precautions against the gathering of data by an individual?
While Snowden did have proper justifications and reasons for the exposure, the fact that he was able to is still not a good thing for the NSA isn't it? Someone else who might not have America's interest could do the same thing theoretically which is bad.
If they are operating according to the laws of the land, they have "nothing to hide" from Edward Snowden and his ilk. This move looks pretty suspicious to me...
Right. When you find a way to magically control the bits read from one hard drive and can ensure that same sequence of bits isn't "copied" and written to a different storage medium... without a "second person".... well, you let me know.
I guess with some right group policy settings, a TPM and BitLocker, you could get close maybe. Still going to be challenging to keep me from booting the machine, logging into it and catting that file... somewhere. Give me `wget` and a script and I could transmit data using only GETs.
Most systems will not have any sort of external media - no floppy drives, no removable hard disks, no cd burners. USB ports will be filled with epoxy and any peripherals will also be physically secured to their ports. Wherever possible drivers for external media will simply be removed from the OS installation image for those systems.
That will leave a handful of system that do have external media. Those will have extreme access restrictions - at a minimum account restrictions and audit logs that will be regularly correlated with a hand-written log that contains timestamps and signatures of both people. They may even put the system in a room with keycard access that requires two different keycards and associated PINs to be entered before the door opens.
Are you speculating or speaking from experience? Either way, I'd like to imagine in these scenarios that the really, really secure stuff is kept offline or somehow on a non-Internet connected network.
I am speaking from experience on non-NSA programs.
It goes without saying that their entire operational network is firewalled with an air-gap. If a user needs to have internet (or other extranet) access from the same desk as their operational network, they will have an entirely separate terminal for it, they may even have rules that require a minimum distance between the two terminals.
The NSA doesn't care at all if you copy the bits from there drives and publish them. What they care about is if you copy the content and publish that. With the right crypto, the bits would be indistinguishable from random data.
There are well established crypto systems that requires any n keys to decrypt. Plug in n=2, and you have a crypto enforced 2 person policy.
If you push decryption to the client (where it should be anyway, don't want plain text over the wires), then even with access to the data center, you cannot get the plaintext.
What I don't think pure crypto can get you is a quota on how much an individual can access.
Also, the fact that a single person can bypass whatever alarm systems they have means that if an external adversary gets root, they are undectable.
> the implied means of power, the threat of force, rather than by direct military force
Sure, right, that's kinda what I implied with my post. As long as I have access to decrypted bytes in memory and I have access to: my eyeballs + pen + paper, then the jig is up.
The TPM+BitLocker scenario would protect the data on the hard disk and prevent offline attacks and would prevent someone from trying to extract the key from the running OS.
> the implied means of power, the threat of force, rather than by direct military force
Ding ding, exactly. That's why I mentioned "Group Policy". At best, you could attempt to restrict user access to the LIVE mounted decrypted data... but at that point you're trusting the client and a dedicated individual would get around it.
which would give you a chokepoint to be able to cut off access to the encrypted data, but there are a thousand problems with this scenario as well, just from a technical standpoint.
Is there any reason you wouldn't want to do it this way. Aside from the security benifits of having the data be in plain text for as little as possible (and eliminates a centralized point of failure), this also offloads CPU resources to the local computer, which is a win from a purely efficiency standpoint as well.
Sigh, no idea how that slipped onto my clipboard. I was looking up a good "hegemony" definition for an unrelated discussion. Sorry about that. I meant to reference the line in your post, but it's not important.
>Is there any reason you wouldn't want to do it this way
Hm, so I didn't spend a ton of time thinking about it, but it doesn't seem conventional to me and thus I'm inclined to think there's probably something "bad" obviously... but I'm not sure.
It seems like it would be hard to have work "properly", in terms of actual day-to-day usage. For example, what if I really do need to access hundreds of 1GB files all day? Or a thousands of tiny files? Or one massive file? Etc.
Additionally, you'd lose any advantage of having plain-text on server, like potentially losing collaborative editting/viewing, etc.
A better solution is to stop making your country one people want to escape from.
Or in the NSA's case, stop violating the Constitution, lying to Congress, etc so people don't feel compelled to blow the whistle.
Is it that hard to follow the Constitution?