Vetting NSA, CIA Applicants and the Black Budget (analysis)

Written by David Michaelis

Why would the NSA give contractors full access to all the data it collected about Americans and world citizens? And then there’s the Black Budget. Analysis.

aNewDomain.net — The process of vetting CIA and NSA applicants is turning out to be a real challenge — who exactly can you trust in the post-Snowden era?

The NSA and CIA’s Black Budget was recently disclosed by The Washington Post. Of course, former NSA contractor and NSA PRISM whistleblower Edward Snowden provided that document.

Vetting Applicants?

Among the various revelations is this one: The CIA discovered at some point that in a subset of job seekers whose backgrounds raised questions, roughly one out of every five had “significant terrorist and/or hostile intelligence connections.”

As Techdirt comments:

But what’s really interesting about this statement from the CIA is not so much how many applicants with ties to terrorists are looking for intelligence work. Every intelligence agency will have its fair share of spies and moles angling for a spot on the inside. No, the more interesting question would be: how many are already working for the CIA?

Finding spies and moles within the government has been an axiom of all intelligence work in the CIA.

But the recent revelation about system-administrators having back-end access to NSA files upends the old rules.

According to the Post’s account, the NSA planned to investigate at least 4,000 of its employees and contractors in 2013, thanks in part to new software that could detect anomalous behavior by the workforce.

That evidently that didn’t turn out too well. Seems Hawaii, where Edward Snowden was working as a contractor, was one of the few NSA locations where the anomaly detector wasn’t hooked up. Oops.

How do you run an organization where 4,000 of your employees are suspect?

Managerial Failure

This is precisely why Snowden had such an easy job. You’ve got to wondering what the NSA and the people who run it were thinking?

The NSA top management clearly had no understanding of the hacking culture and the push toward transparency exemplified by Wikileaks founder Julian Assange, miliary leaker Bradley Manning or, now, Edward Snowden.

A gross oversight. And it led to major managerial failure, which in turn had to sprout from NSA’s organizational culture.

The failure to understand the IT tools available and to creatively manage their departments with sophistication and knowledge led to the large breaches in security the U.S. is freaking out over now.

It seems the old rule applies. The shoemaker really does always go barefoot.

Look at Google and Microsoft.  Do you think its sys ops have access to absolutely everything in the system? 

About the NSA, Facebook founder Marc Zuckerberg had a few words. At a TechCrunch conference in San Francisco, he said:

 

I think they did a bad job balancing those things here … frankly I think the government blew it–communicating the balance of what they were going for here with this.”

Zuckerberg said, for example, that the U.S. government’s initial assurances that the spying was only on non-American citizens was useless for U.S. companies with global reach. Basically, that means all tech companies.

“The morning after this started breaking, a bunch of people were asking them what they thought,” Zuckerberg said at the San Francisco conference. (They said) “don’t worry, we’re not spying on any Americans. Wonderful, that’s really helpful for companies trying to work with people around the world. Thanks for going out there and being clear. I think that was really bad.”

The managers of these corporations would be fired if open source mentality, backdoors and unlimited access were the routine. Cisco keeps secrets from Chinese competition. Meanwhile, the NSA gives contractors complete open access. And no one is surprised the contractors are freely digging around government-grabbed phone records to check on spouses, partners and prospective dates.

Has anyone been fired from the NSA for managerial dis-function? It’s hard to say, but I think not.

Silent Circle - Building a Hackproof Network

Credit: Silent Circle, the shut down e-mail service. Silent Circle just announced an encrypted Android message service.

Need to Know

There needs to be an established “Need to Know” hierarchy, one that is created alongside a solid system that deals with information flow.

Senator Wyden, who will head the fight to de-fund the NSA, said to Rolling Stone:

We can’t even get our arms around how many there are and what it is they’re doing, and this is another area that is really urgent business on the reform agenda. I think there are certainly areas where contractors can perform a useful role. But when you’re talking about an inherently governmental function, I think that’s where I draw the line. It is clearly time for the Congress to get to the central policy question here, and that is to recognize that there is a difference between a whole host of functions that contractors can perform that are not inherently governmental and these roles for contractors that are inherently governmental. One that is going to be part of an upcoming debate, I hope, which is something Senator Udall and I and others are pushing, is to declassify that report on torture. I think it will give us new momentum for drawing a sharp line on the contractor issue . . . and I think when Americans get to read about the role of contractors in some of those interrogations, they’re going to share our view.

What will It Cost?

The budget for this major upgrade is:

  • $6.1 billion for data processing and exploitation, including information filtering, message decoding, translating broadcasts, processing imagery, preparing information for computer processing, and storing and retrieving data.
  • $6.2 billion for data analysis whereby data is distilled and correlated with other material and turned into intelligence reports provided to the president.

Does the President and the American tax payer think they will get ROI on these billions? It seems so — oh, and yes please, you can open my mail while you are at it.

Larry Seltzer, in an article on Snowden and the NSA documents, said:

The NSA, which has as many as 40,000 employees, has 1,000 system administrators, most of them contractors. As a system administrator, Snowden was allowed to look at any file he wanted, and his actions were largely audited. “At certain levels, you are the audit,” said an intelligence official.

Billions have been spent, as the recently published docs by the Washington Post revealed.

How exactly does the CIA control its contractors? By telling them: “What you do not know will not hurt you!”

Maybe this is also true for USA tax payers. Have a look at the Black Budget Pie. The Congress, coming back this week , will decide if the ROI is really worth the invasion of privacy practiced by the NSA.

The Black Budget Pie Chart

Image credit: U.S. Government

We don’t know the details, thanks to the self censorship of the Washington Post. It answered the request made by the Director of National Intelligence, James Clapper Jr., who told the Post that the details shouldn’t be shown to the world.

“Our budgets are classified,” he said, “as they could provide insight for foreign intelligence services to discern our top national priorities, capabilities and sources and methods that allow us to obtain information to counter threats.”, the Washington Post confirmed that two of those oversight pillars—the Executive branch and the court overseeing the spying, the Foreign Intelligence Surveillance Court (FISA court)—don’t really exist. The third pillar came down slowly over the last few weeks, with Congressional revelations about the limitations on its oversight, including what Representative Sensennbrenner called “rope a dope” classified briefings.

For aNewDomain, I’m David Michaelis.

Based in Australia, David Michaelis is a world-renowned international journalist and founder of Link Tv. At aNewDomain.net, he covers the global beat, focusing on politics and other international topics of note for our readers in a variety of forums. Email him atDavidMc@aNewDomain.net.