But after spending all that time helping in my tiny way to protect Google -- one of the greatest things to arise from the internet -- seeing this, well, it's just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.He's joined by a colleague who writes about seeing his systems mentioned in the NSA Powerpoint slides:
What we see here in both of these posts is very bad news for NSA. What we see is the passion so frequently seen in long-time Internet Security people. I can confirm that one of the motivators for choosing this line of work is a sense that you're fighting the Good Fight. That while you're making a good living, you're also making the world a better place.The packet capture shown in these new NSA slides shows internal database replication traffic for the anti-hacking system I worked on for over two years. Specifically, it shows a database recording a user login as part of this system:
We designed this system to keep criminals out . There's no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we've got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason .
Just about all of the long-time security guys I know (and I know a lot, having been in this field for going on 30 years) feel this way. Certainly all of the best feel this way.
That's what the NSA has violated. In a sense, the best security guys will now look at the NSA with feelings similar to what they'd have looking at a rapist. Actually, it's worse than this: the NSA is supposed to be one of the guardians of security (I'm looking at you, National Computer Security Center). They're supposed to be protectors, and instead have violated those who were in their care.
Now that you understand the emotions, think on the consequences. As long as people thought that the NSA was also fighting the Good security Fight, there was quite a lot of good will and common ground. Sure, they were the Federales, and a big bureaucracy, but they were the Good Guys. Lots of us were willing to help out. I've posted here about some of the programs they have (no, I'm not linking to the posts).
Now, it's different. I don't know that I go quite as far as Google's Brandon Downey, but I sure know where he's coming from. And I sympathize with his outrage. And I'm not the only one.
Sure, NSA will be able to buy some talent, but they'll never get the best. What they used to get for free now will have a price tag.
And the best talent will now be thinking on ways to make the NSA's job harder. I think that this is the biggest cost of the whole PRISM program, one that will in the long run make us less safe in all sorts of ways. That's a damn shame, because the program seems to be pretty much ineffective:
I remember when the NSA was pretty effective. That was a while ago.