- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Hackers selling out by working for NSA? I'm not convinced
The open letter is written by DJ Pangburn and appears on the Death + Taxes site. His argument is that hackers who join the government are going to "the dark side" and that once employed, they'll be tasked with all kinds of evil that has nothing to do with making us safer. He writes:
As reported by Reuters, Richard “Dickie” George, technical director of the NSA’s Information Assurance Directorate (cyber defense wing)–we’ll henceforth call him Simply Dick—is looking to recruit you to work on the “hardest problems on Earth.” They’re appealing to your ego, your vanity. Simply Dick is looking for hackers only in it for the game; those willing to become pro-state, or at least ideologically neutral.
In short, they are looking for those willing to sell out. The deal? No threat of prison and a steady paycheck doing the power’s bidding.
Let’s briefly consider some of the hard problems you’ll be working on. You’ll be part of an immense bureaucratic apparatus that operates in the United States, spying on its own citizens through warrantless wiretaps, except you won’t be wiretapping phones, you’ll be tapping American citizens’ emails, search results and other communications. And there are domestic projects that the NSA keep secret and thus beyond our current awareness.
Maybe some of you already hack average American citizens and you’ll have no problem doing such work for a government spy agency or a corporation. Then the NSA or Bank of America is probably where you belong. Good luck.
He makes some valid points. The government does misuse its intelligence assets. There are indeed so many layers of bureaucratic nonsense that it can be impossible to accomplish anything remotely close to the public good. The lead up to the Iraq War was a good example of intelligence assets misused. Remember those weapons of mass destruction?
But to turn away from government service for those reasons is a cop out.
That's why nothing ever gets better, because instead of trying to fix what's broken, we walk away and whine about everything from the sidelines.
You’ll be disrupting state and individual sovereignty daily in foreign countries, all to ensure political, economic and military hegemony; though you will be told that it’s simply to combat terrorism. Maybe you’ll have some fun going after Chinese hackers, but couldn’t you just as easily do this from the comfort of your own home without a suit telling you what to do?
But none of this concerns me as much as the idea that people with the talent to hold government to account would so willingly join its ranks.
In the future, hackers will be integral to dissent—in a sense, you already are in light of WikiLeaks, Anonymous and LulzSec.
Those of us without hacking expertise do expect that some of you will work for the state, whether it’s because you’re ideologically neutral or you’re a patriot and want to smoke the evildoers out of their caves. But, we also hope far more of you won’t sell out—that you will maintain the counter-culture and grow it.
Finally, he argues, hackers need to stay outside of government because they need to remain outsiders to keep the feds honest.
That's true to a point. But you know what? The hacker community has been working on the outside trying to do that all along. Far as I can tell, the feds are no better for it.
Here's my counter-argument to the hacking community:
We need more of you on the inside, where the suits can see your work up close and see from your perspectives why something is worrisome. We need you to help the feds build up a better defense against the attacks so easily pulled off on a routine basis by those working for other nations, like China.
There's no question that you will be asked to do work that conflicts with your values. If that happens, you can try to change things from inside. If you fail and get the boot, you can tell us all what really goes on in the government and you can otherwise resume your normal lives.
We'll all be wiser for it, and you will at least have taken your best shot.
The goal shouldn't be to simply go work for the NSA and do whatever they tell you. The goal should be to go in there and slap the old, tired machinery around so the rust will fall off the gears.
If the NSA people at Defcon are there to pull you into a do-nothing job or, worse, a job that does indeed threaten the liberties of innocent Americans, you'll be in a pretty good whistle-blowing position. And besides, if the NSA is really there to recruit you into something evil, they deserve to have that backfire on them in the end.
That said, I know several people who have worked for the NSA and they are not paper-pushing bums. They believe in their country and have given all their energy to make a positive difference. Some have succeeded. Some have failed. But at least they tried.
This community has asked for respect all along, and here's a real chance to make it happen.
Take a chance and go for it. If it turns out to be a bad deal, you will at least know what the reality is and will be more effective at making change happen from the private sector.
I have nothing against Pangburn. We've never met. And, as I've said, his letter includes some very valid concerns.
It's his conclusion that misses the mark.
Oh, one other thing: If you think a person who goes to work for the NSA is selling out, you probably haven't -- as Chris Eng from Veracode said on Twitter -- "seen an NSA paycheck."
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment