The Spooks Will Never Have Their Software Self-Spying Working
Mark Hosenball seems to have gotten as obsessed with the Intelligence Community’s inability or unwillingness to implement the automated Insider Threat tracking software mandated by Congress (see here and here). After reporting last week that the Hawaii NAS location where Edward Snowden worked didn’t have insider threat detection software installed because of bandwidth problems, he reported earlier this week that DOD will miss the new Congressionally mandated deadlines to have it working, again partly for bandwidth reasons.
But the intelligence agencies have already missed an October 1 deadline for having the software fully in use, and are warning of further delays.
Officials responsible for tightening data security say insider threat-detection software, which logs events such as unusually large downloads of material or attempts at unauthorized access, is expensive to adopt.
It also takes up considerable computing and communications bandwidth, degrading the performance of systems on which it is installed, they said.
[snip]
The latest law requires the agencies to have the new security measures’ basic “initial operating capability” installed by this month and to have the systems fully operational by October 1, 2014.
But U.S. officials acknowledged it was unlikely agencies would be able to meet even that deadline, and Congress would likely have to extend it further. One official said intelligence agencies had already asked Congress to extend the deadline beyond October 2014 but that legislators had so far refused.
If the Intelligence Committees were unable to get the IC to take this mandate seriously after the Chelsea Manning leaks, I don’t see any reason they’ll show more focus on doing so after Edward Snowden. They seem either unable to back off their spying bandwidth draw far enough to implement the security to avoid another giant leak, or unwilling to subject their workers (or themselves?) to this kind of scrutiny.
This is why I made the Ozymandias joke the other day. Parallel with our headlong rush toward destruction via climate change, the IC doesn’t seem able to reverse the manic demand for more data long enough to protect the collection systems they’ve got, or at least the mission critical ones. That is not a sign of an organization that can survive long.
This problem is a solved one. There is an old adage in computing, “Never underestimate the bandwidth of a semi full of hard drives.” I imagine there’s a requirement in the order that interferes with this solution, but there’s no reason why they can’t fly the data to its destination, and likely could do so for a competitive cost.
Maybe the software doesn’t currently have the requisite backdoor.
“Unwilling to subject themselves to this kind of scrutiny.”
This software has been imposed from oversight; imagine how fast they could get this operational if it was something wanted.
“Manic demand” correctly gets to the heart of things, namely, the prevailing IC psychopathology. Clapper et al are adamant about the need to collect information because, well, that’s their raison d’etre. The idea of NOT collecting something is both inconceivable and intolerable. And their views have prevailed — and likely will continue to prevail — because the other significant players in the drama have lamely abdicated their checks-and-balances obligations. The inmates really are running the asylum.
Unfortunately government isn’t like people or companies where failure or ineptitude normally have consequences. I thought the FBI would have changed its culture in the 40 years since J. Edgar was buried in his tutu, but it still has trouble understanding the Constitution. The NSA, as unproductive a unit as I’ve seen will continue to garner big budgets as will the DEA, CIA, DoD and FBI out of proportion to their effectiveness.
@Arbusto: Oh, I don’t think they’ll suffer bureaucratic consequences.
But we have to assume for every Manning and Snowden there are at least 10 people taking and selling material. And if those people are able to walk with the same volume of information then the entire premise of the secrecy protecting the data — both that it protects sources and methods, and that exclusive access to it permits us better insight on events than our adversaries and friends — is false. Worse, because we think we’re the only one who knows these things but in fact our adversaries do too.
Which means the intelligence bureaucracy is increasingly a very expensive system that helps our adversaries more than it does us. It’s similar to what I suspect has gone on with the F-35, that China has ensured it is just screwed up enough to remain nominally viable, even while ensuring it will ultimately do none of the things it is supposed to do.
If our adversaries can encourage our already well-known tendencies to lead us to pursue very expensive very ineffective programs, it is a huge strategic win.
if you are not familiar with software systems design, as i am not, most particularly in a government environment, this article will give you a flavor of how difficult that work can be for the experts:
http://www.washingtonpost.com/blogs/wonkblog/wp/2013/10/27/reader-mail-can-agile-development-work-for-government-anyway/?hpid=z15
the article involves software design for the affordable care act registration, but its message helps in understanding, at least vaguely, other systems design problems in the government environment.
i view the comments by these experienced individuals as i do the comments of select experts who show up here from time to time and give us excellent glimpses into the complexities of their professional world – computers, telecommunications networks, law, legislative process, …
@emptywheel:
Yep. Al qaeda, its affiliates, subsidiaries and franchises, have already won by the overreaction of Bush the Lesser and Obama LLC on our hard won liberties. Those will never be returned to that of pre 9/11. The industrial and governmental espionage of China and the like is just icing on the over reaction cake.