Maybe NSA “Moonlighting” Is Another Name for “Public-Private Partnership”?

As you’ve likely read, NSA’s Chief Technology Officer has so little to keep him busy he’s also planning on working 20 hours a week for Keith Alexander’s new boondoggle.

Under the arrangement, which was confirmed by Alexander and current intelligence officials, NSA’s Chief Technical Officer, Patrick Dowd, is allowed to work up to 20 hours a week at IronNet Cybersecurity Inc, the private firm led by Alexander, a retired Army general and his former boss.

The arrangement was approved by top NSA managers, current and former officials said. It does not appear to break any laws and it could not be determined whether Dowd has actually begun working for Alexander, who retired from the NSA in March.

Dowd is the guy with whom Alexander filed 7 patents for work developed at NSA.

During his time at the NSA, Alexander said he filed seven patents, four of which are still pending, that relate to an “end-to-end cybersecurity solution.” Alexander said his co-inventor on the patents was Patrick Dowd, the chief technical officer and chief architect of the NSA. Alexander said the patented solution, which he wouldn’t describe in detail given the sensitive nature of the work, involved “a line of thought about how you’d systematically do cybersecurity in a network.”

That sounds hard to distinguish from Alexander’s new venture. But, he insisted, the behavior modeling and other key characteristics represent a fundamentally new approach that will “jump” ahead of the technology that’s now being used in government and in the private sector.

Presumably, bringing Dowd on board will both make Alexander look more technologically credible and let Dowd profit off all the new patents Alexander is filing for, which he claims don’t derive from work taxpayers paid for.

Capitalism, baby! Privatizing the profits paid for by the public!

All that said, I’m wondering whether this is about something else — and not just greed.

Yesterday, as part of a bankster cybersecurity shindig, one of Alexander’s big named clients, SIFMA, rolled out its “Cybersecurity Regulatory Guidance.” It’s about what you’d expect from a bankster organization: demands that the government give what it needs, use a uniform light hand while regulating, show some flexibility in case that light hand becomes onerous, and never ever hold the financial industry accountable for its own shortcomings.

Bullet point 2 (Bullet point 1 basically says the US government has a big role to play here which may be true but also sounds like a demand for a handout) lays out the kind of public-private partnership SIFMA expects.

Principle 2: Recognize the Value of Public–Private Collaboration in the Development of Agency Guidance

Each party brings knowledge and influence that is required to be successful, and each has a role in making protections effective. Firms can assist regulators in making agency guidance better and more effective as it is in everyone’s best interests to protect the financial industry and the customers it serves.

The NIST Cybersecurity Framework is a useful model of public-private cooperation that should guide the development of agency guidance. NIST has done a tremendous job reaching out to stakeholders and strengthening collaboration with financial critical infrastructure. It is through such collaboration that voluntary standards for cybersecurity can be developed. NIST has raised awareness about the standards, encouraged its use, assisted the financial sector in refining its application to financial critical infrastructure components, and incorporated feedback from members of the financial sector.

In this vein, we suggest that an agency working group be established that can facilitate coordination across the agencies, including independent agencies and SROs, and receive industry feedback on suggested approaches to cybersecurity. SIFMA views the improvement of cybersecurity regulatory guidance and industry improvement efforts as an ongoing process.

Effective collaboration between the private and public sectors is critical today and in the future as the threat and the sector’s capabilities continue to evolve.

Again, this public-private partnership may be necessary in the case of cybersecurity for critical infrastructure, but banks have a history of treating such partnership as lucrative handouts (and the principle document’s concern about privacy has more to do with hiding their own deeds, and only secondarily discusses the trust of their customers). Moreover, experience suggests that when “firms assist regulators in making agency guidance better,” it usually has to do with socializing risk.

In any case, given that the banks are, once again, demanding socialism to protect themselves, is it any wonder NSA’s top technology officer is spending half his days at a boondoggle serving these banks?

And given the last decade of impunity the banks have enjoyed, what better place to roll out an exotic counter-attacking cybersecurity approach (except for the risk that it’ll bring down the fragile house of finance cards by mistake)?

Alexander said that his new approach is different than anything that’s been done before because it uses “behavioral models” to help predict what a hacker is likely to do. Rather than relying on analysis of malicious software to try to catch a hacker in the act, Alexander aims to spot them early on in their plots.

One of the most recent stories on the JP Morgan hack (which actually appears to be the kind of Treasuremapping NSA does of other country’s critical infrastructure all the time) made it clear the banksters are already doing the kind of data sharing that Keith Alexander wailed he needed immunity to encourage.

The F.B.I., after being contacted by JPMorgan, took the I.P. addresses the hackers were believed to have used to breach JPMorgan’s system to other financial institutions, including Deutsche Bank and Bank of America, these people said. The purpose: to see whether the same intruders had tried to hack into their systems as well. The banks are also sharing information among themselves.

So clearly SIFMA’s call for sharing represents something more, probably akin to the kind of socialism it benefits from in its members’ core business models.

In the intelligence world, they use the term “sheep dip” to describe how they stick people subject to one authority — such as the SEALs who killed Osama bin Laden — under a more convenient authority — such as CIA’s covert status. Maybe that’s what’s really going on here: sheep dipping NSA’s top tech person into the private sector where his work will evade even the scant oversight given to NSA.

If SIFMA’s looking for the kind of socialistic sharing akin to free money, then why should we be surprised the boondoggle at the center of it plans to share actual tech personnel?

Update: Reuters reports the deal’s off. Apparently even Congress (beyond Alan Grayson, who has long had questions about Alexander’s boondoggle) had a problem with this.

14 replies
  1. Dan says:

    So, has Dowd’s salary been cut in half and all of his pension and health insurance benefits been canceled (since he is now a part time employee)?

  2. bloopie2 says:

    Lots of government employees spend their working hours outside of government offices and in private industry offices. If you are overseeing their work, that’s how you do it. (What do you think all those spies are doing rummaging through your virtual drawers?) We know that the CIA exercises oversight of Congress; maybe Dowd is exercising NSA oversight of the private sector?

  3. P J Evans says:

    If the stuff being patented was done by them while they were working for government, then, as I understand it, the patents belong to government, regardless of whether they were on the clock or not. (That’s how courts have ruled in cases where ordinary people have tried to get the patents for stuff they invented on their own time, in cases with actual corporations. Several of my father’s patents are held by DOD.)

  4. jools says:

    How is it possible that these people can “claim” a patent when working in “collaboration” w/others? I read somewhere that some computer engineers who worked in collaboration with these Spooks, are really pissed that THEIR work is now being patented. Afraid of being blacklisted/blackballed, they stay mum. Sleazy. Just sleazy.

  5. lefty665 says:

    Back in the prior millennium the wheels at NSA did not moonlight. Some of the spokes did, but it was in areas unrelated to their work. Same with pastimes, they were not related to the Agency’s work.
    Asserting that Dowd is not breaking the law is a straw man. The threat of compromising “national technical means” by moonlighting in a national security or related technology field used to make that a career ender, de-facto and in policy. When did that change, and what is the policy now?
    Also in the dim dark reaches of the past, DIRNSA was a career capstone. Directors rode their generous three star pensions and health care into retirement, in part to ensure they did not inadvertently compromise the Agency. Why the hell is Alexander doing what he is doing, and why is nobody saying WTF?
    Lust for money used to be an indicator that someone was ripe to be turned to compromise Agency “national technical means” as a spy. How is it any different when someone is in thrall to the private sector? Corrupted by money is corrupted by money regardless of source, or wrapping oneself in the flag while selling out the country.

    • bloopie2 says:

      I wonder if he would turn on the government, in favor of his employer, if the need arose. Divided loyalties?

      • lefty665 says:

        Sort of the way it has worked throughout the ages isn’t it? People would be screaming if Alexander was selling his services to Gazprom, but the action is no different. Global corporations have limited national loyalties.
        Heading gracefully into generous retirement after a career of public service has been one way to ensure that loyalties stay uncontested and opportunities for inadvertent compromise limited.
        Considering how Alexander corrupted NSA’s mission, is it any surprise that after he left he would take what he learned there and sell it to the highest bidder? Corrupt is corrupt, bit by yer own dog, again.

        • lefty665 says:

          Looking at it from the other end of the telescope, Dowd on the Gov’t payroll working with Alexander in a capitalist corporation creates an incestuous relationship. We called it Fascism when the Italians and Germans did it.
          Once upon a time the world fought a war to defeat Fascism. Today it seems that Obama has institutionalized Duhbya’s unconstitutional post 911 excesses. Change we can believe in.

  6. Don Bacon says:

    The Hill, Oct 21

    A top National Security Agency official has suspended his part-time work for a new company amid public scrutiny over the potential conflict of interest.

    Patrick Dowd, the NSA’s chief technical officer, will no longer be employed with former NSA Director Gen. Keith Alexander’s new cybersecurity startup.

    • RUKidding says:

      Interesting. Well what goes on behind closed doors and money under the table is harder to scrutinize. Why did Alexander want Dowd to work with him? What was Dowd selling that was of such interest that a Big Cheese at BigSpy Inc would have enough time to work 20 hours per week in the private sector?

      All very curious but sadly a huge sign of our times. Is Dowd done with SELLING OUR data to the highest bidder? Methinks not.

  7. Hima Culpa says:

    Shades of Old Crow Charles Riechers. Dowd is presumably proofing his suicide note right now, waiting for the duplicate key to turn in the latch.

  8. x174 says:

    reads like a bedtime story: nsa and j.p. morganchase collaborating. all that seems to be missing from this tale is the fed; you know, the people who released the $2 billion pallets to Iraq or Lebanon or somewhere (Risen), the people who didn’t see the 2008 financial crisis (Bernanke). i wonder how long jpmc, the fed and nsa have been collaborating?

Comments are closed.