North Korea also has a three-person rule for its soldiers at the DMZ to make it harder for any one to defect.<p>A better solution is to stop making your country one people want to escape from.<p>Or in the NSA's case, stop violating the Constitution, lying to Congress, etc so people don't feel compelled to blow the whistle.<p>Is it that hard to follow the Constitution?
I am reminded of something someone* said about leaks in 2006:<p><i>The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption.</i><p><i>Hence in a world where leaking is easy, secretive or unjust systems are nonlinearly hit relative to open, just systems. Since unjust systems, by their nature induce opponents, and in many places barely have the upper hand, mass leaking leaves them exquisitely vulnerable to those who seek to replace them with more open forms of governance.</i><p>In other words, in an increasingly digital world, its gets easier and easier for large scale leaks to happen, and although you can take measures to try and stop that, overall those measures will damage your effectiveness even more. Some leaks are 'good' and some are 'bad', but over time, in a leaky world, the overall long term effect should be positive - a move towards more openness.<p>* its pretty obvious who, but I don't want to derail.
"The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie. This must result in minimization of efficient internal communications mechanisms (an increase in cognitive "secrecy tax") and consequent system-wide cognitive decline resulting in decreased ability to hold onto power as the environment demands adaption."<p>- Julian Assange, The Nonlinear Effects of Leaks on Unjust Systems of Governance
The saddest part of the story is that there are two quotes, one from a democrat and one from a republican, and both are falling all over themselves in a rush to brand a whistleblower as a traitor.<p>The second saddest part of the story is that the person responsible for securing the biggest DWH of all time freely admits that they have no protection against rogue sysadmins, most of whom don't even work for the NSA.
Now Sunday's oddly worded press release makes more sense:<p>"The statement that a SINGLE analyst can eavesdrop on domestic communications without proper legal authorization is incorrect"<p><a href="http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/880-odni-statement-on-the-limits-of-surveillance-activities" rel="nofollow">http://www.dni.gov/index.php/newsroom/press-releases/191-pre...</a>
> "make sure that if another person were to turn against his or her country"<p><a href="http://en.wikipedia.org/wiki/Dutch_Ruppersberger" rel="nofollow">http://en.wikipedia.org/wiki/Dutch_Ruppersberger</a><p>Dear Maryland: Please vote intelligently at your next opportunity.
The most disturbing comment from the article:<p>> * "We have to learn from these mistakes when they occur,” Representative Charlies Ruppersberger said to Alexander in the hearing. “What system are you or the director of national intelligence administration putting into place to make sure that if another person were to turn against his or her country we would have an alarm system that would not put us in this position?"*<p>So now the good Representative Ruppersberger is taking part in the automatic branding of Mr. Snowden as one who has turned against his country. <i>For whistleblowing</i>.<p>This is the wrong path.
From the article: Representative Michelle Bachmann emphasized that the NSA should answer “how a traitor could do something like this to the American people,”<p>After watching the USA Today interview with Binney, Drake, Weibe and Radack (<a href="http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/" rel="nofollow">http://www.usatoday.com/story/news/politics/2013/06/16/snowd...</a>), Bachmann's demand and the language she used make me incandescent with rage.<p>I cannot get over the ignorance of the woman to be able to come out with something like that in good faith.
“When one of those persons misuses their authority it’s a huge problem.”<p>But of course, this doesn't apply to the Government.<p>Why can't someone in power admit that surveillance has gotten out of bounds, maybe illegally, rather than devise ways to counter such divulgations?
I believe this was the kind of thing that Wikileaks has been shooting for all along--make the keeping of dirty secrets so cumbersome that it becomes infeasible to keep them. This chicken has already flown the coop: the next leak will likely come from elsewhere, and again the government will be forced to scramble and plug hole that already leaked.
> was one of close to a thousand systems administrator<p>Huh, that gives some idea as to the operational scale of NSA systems.<p>It's ironic how much we're learning about how the secretive NSA does things.... from public releases by the NSA themselves, in their attempts at PR damage control.
I dunno, from a purely tech standpoint, it's a classic problem isn't it? How do you stop your sysadmin from fleeing with all of your company's data?<p>I think the current solution is to just trust that your sysadmin's career would be over if he/she took your data. Kind of doesn't work as well for stuff like this, though, considering the person who'd steal your data probably at this point doesn't care.
"The rule required that anyone copying data from a secure network onto portable storage media does so with a second person who ensures he or she isn’t also collecting unauthorized data."<p>Don't mind me over here by myself, I'm not copying anything...
OK so here's the question: who thinks that everything the NSA does should be public knowledge - not just what they do, but everything they have, all their data, everything.<p>I'm sure some people do, but would imagine most don't. Most want a public overview of what they are doing and what rights they have, but understand that specifics/data need to stay secret.<p>For this to be the case, surely they <i>do</i> need to make sure security is as tight as possible. But on the flip side, if they were able to 100% prevent all leaks, it would mean that nothing like this could happen again, i.e. the kind of leaks that we <i>want</i> to see. So where should the line be drawn?
I guess I shouldn't have expected less than badmouthing from the cynical HN crowd!<p>Why is it that everyone chooses to omit the most important thing about this new rule? It was designed especially to make sure the next Edward Snowden would have an accomplice when taking vac...fleeing to another country and would feel less homesick thanks to the presence of a fellow motherland-er.<p>I for one, welcome the attention and kindness of our new NSA overlords.<p>PS: Dear NSA agent reading this, I lost access to my old Yahoo! Mail account where I still have love letters sent by my ex-girlfriend and goth poetry I wrote when I was 18. Think you could help me? Thanks for your help! XOXO
I once worked at a company which had a form of the two-person rule for production changes. The company's change control team thought that by requiring a second person on the development team to 'certify' that the change was 'good', they could cut down on some vaguely imagined problems.<p>What really happened:<p>Bob (via IM): Hey Mary, here's a change request link, can you hit 'approve' real quick?
Mary: Done<p>I bet that some slightly more sophisticated version of this will happen with this new 'two-person' rule.
I seem to remember watching a documentary of the Berlin wall in which soldiers in the guard towers were not in casual communication with soldiers walking the wall/fenced area. None of them were there to keep people out, but in. Watchers monitoring watchers... Wish I could remember which documentary it was.
I though this question was interesting:<p><i>“What system are you or the director of national intelligence administration putting into place to make sure that if another person were to turn against his or her country we would have an alarm system that would not put us in this position?”</i><p>The thing is, Snowden didn't <i>turn against his country</i>. Snowden turned <i>towards</i> his country...and <i>against</i> the schnooks who were undermining it.<p>There's a balance here. There is danger in making it <i>too hard</i> for somebody with a conscience to use it to make things better. The fact that it took <i>this long</i> for the truth to get out suggests to me that the controls they already have in place (along with whatever social pressures surround them) might be fine or even a little too strict.
I'm surprised they weren't already using a threshold-scheme. (Similar to this: <a href="http://en.wikipedia.org/wiki/Threshold_cryptosystem" rel="nofollow">http://en.wikipedia.org/wiki/Threshold_cryptosystem</a> )
I'm simply dumbfounded by this. Why is nobody at the top taking any steps to do anything about the fact that Snowden had almost unhindered access to spy on whoever he wanted? That seems like a far more concerning security hole to me.
How well will the "two-person" rule work, once the second person starts to treat it like a rubber-stamp process? How do you prevent that from happening without introducing big inefficiencies?
> <i>“We have to learn from these mistakes when they occur,” Representative Charlies Ruppersberger said to Alexander in the hearing. “What system are you or the director of national intelligence administration putting into place to make sure that if another person were to turn against his or her country we would have an alarm system that would not put us in this position?”</i><p>So the lesson is not how to prevent the NSA's domestic spying, but how to prevent getting caught?
Am I the only one who thinks the NSA should be doing something to ensure that this doesn't happen again, as in precautions against the gathering of data by an individual?<p>While Snowden did have proper justifications and reasons for the exposure, the fact that he was able to is still not a good thing for the NSA isn't it? Someone else who might not have America's interest could do the same thing theoretically which is bad.
>... “When one of those persons misuses their authority it’s a huge problem.”<p>Since people working in groups never abuse their authority, this sounds like a foolproof plan.
If they are operating according to the laws of the land, they have "nothing to hide" from Edward Snowden and his ilk. This move looks pretty suspicious to me...<p>;-)
Hey Booz Allen, we need another 6000 analysts to double team your other 6000 analysts.<p>Truly yours,<p>Current NSA Chief, and future Booz Allen Hamilton CEO.
Right. When you find a way to magically control the bits read from one hard drive and can ensure that same sequence of bits isn't "copied" and written to a different storage medium... without a "second person".... well, you let me know.<p>I guess with some right group policy settings, a TPM and BitLocker, you could get close maybe. Still going to be challenging to keep me from booting the machine, logging into it and catting that file... somewhere. Give me `wget` and a script and I could transmit data using only GETs.