Tag Archive | NSA

Contractors (Not) Vetting Contractors

A less cynical person might be surprised.  But as it turns out, something is rotten in the state of Securitystan.  In order to work for a sensitive government department, a person needs a background check and to be cleared.  This is how we make sure that no one is about to go Edward Snowden on America’s national secrets.  Now, this is a lot of effort.  As a part of the government’s general commitment to outsourcing whatever it can’t cut, it has left this duty to the care of private firms.  They are paid for every single person they clear.

The incentives are pretty clear, and the private sector has responded.  USIS, one of the largest security clearance contractors, may have fallen down on the job of performing clearance checks.  “Fallen down on the job” doesn’t really cut it.  They didn’t cut corners, or maybe let a few people slip through.  No, they were rubber-stamping applications so fast they needed special software to mark an application as “approved” the minute they came in the door.

Initially, USIS would dump cases manually. Soon after the dumping started, however, USIS began using a software program called Blue Zone to assist in the dumping practices. Through Blue Zone, USIS was able to identify a large number of background investigations, quickly make an electronic “Review Complete” notation indicating that the ROIs at issue had gone through the review process even if they had not, and then automatically release all of those ROIs to OPM with the “Review Complete” notation attached. By using Blue Zone, USIS was able to substantially increase the number of background investigations that could be dumped in a short time period.

Perhaps the private sector isn’t the answer here.  It doesn’t take an economic genius to know that paying per-head fees encourages faster throughput.  And if the government has outsourced most of its capacity to actually do background checks that just makes it harder to audit the contractors.  It’s an excellent combination for some good old-fashioned fraud.

The federal experiment in contracting has had a good long run, but it sure seems the pendulum has swung too far.  When contractors are responsible for huge parts of our national security infrastructure with little to no oversight, the United States is just asking for more Snowden-type incidents.  It seems almost as if the whole affair – this USIS fiasco included – is just designed to swing the pendulum back towards the government doing more in-house.  As USIS shows, the reason to do so goes far beyond just cost.

Revenge of the Contractors

Charles Stross, the scifi writer, has written a fantastic post on why the spies of the NSA/CIA/TLA* have sown the seeds of their own destruction. In short, a culture of lawlessness needs loyal agents that these agencies have purged and replaced with hired-gun contractors, who might not toe the party line so well. It’s excellent and should be read right now, but the punchline sums it up well:

“…slighted and bruised employees who lack instinctive loyalty because the culture they come from has spent generations systematically destroying social hierarchies and undermining their sense of belonging are much more likely to start thinking the unthinkable.”

This is absolutely correct! If you look at the sociological literature on why good people do bad things, the role of “socialization” is key. That is, the pressure for group acceptance is strong enough that people can abandon their sense of morals and go along just to get along. For its ultimate extension, see the book “Hitler’s Willing Executioners” about how a regular Army unit (i.e.., mostly middle-aged non-Nazi reservists) became front-line agents of the Holocaust. Similar pressures operate in any tightly-bound organization – likely much much more so under the incredible isolation and pressure of clandestine intelligence work. The reliance on outside contractors like Edward Snowden populates the ranks with people that haven’t been socialized into the NSA culture and can react with horror when they find out what’s really going on.

This is an upside of the “contractor revolution” I’ve never thought of. While contractors are more expensive relative to career civil servants, they can serve as a countervailing force to the excesses that socialization engenders. This isn’t limited to illegal spying – consider whether an independent consultant or a career civil servant is more likely to spill the beans on an SEC director taking bribes. Especially given that the consultant herself is often the employee of a large impersonal bureaucracy (e.g., Booz Allen Hamilton) to which she may owe little allegiance.

The ultimate conclusion is that the principal-agent problem is one nasty son of a bitch. The principal-agent problem is conventionally stated with the observation that employees hired for a task may have different interests than their employer (for example, taking bribes). Consultants are often touted as a solution to the principal-agent problem by making sure that employees are toeing the line, but they bring principal-agent problems of their own. Namely that their work is ultimately in the hands of their own agents that may have agendas differing sharply from the employers.

As Mitt Romney once said, “Corporations are people, my friend”. A poorly phrased but astute point, which is that these massive bureaucracies comprise many people of varying motivations. Corporate America may come to regret the destruction of the employer-employee bonds of loyalty, because it is a two-way street. However, this is ultimately a great thing for America because it increases the possibility for credible restraint of wrong-doing. Corporations and government bureaucracies terrified of their own employees are much less likely to misbehave in the first place.

So let’s raise a glass to Edward Snowden, may he be the first of many.

*:Three Letter Agency

NSA Conspiracy Theories Turn Out To Be Totally Correct

Today the Washington Post ran a story that should (but won’t) finally make government spying a household issue.  Under the name PRISM, the NSA has had a direct line into the servers of leading internet companies – Google, Facebook, Skype, and others.  For years, they have been able to tap into virtually all the information that these companies have collected about people, using cross-connections and logins to track people across the entire internet.  The Post is somewhat unclear on whether the actual content is being collected, or metadata – for example, an email’s timestamp and destination is metadata, whereas the actual subject line and text are the content itself.

This is not only unconstitutional, but very obviously and blatantly unconstitutional.  The Fourth Amendment to the US Constitution reads in full as such:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Emails and Facebook data very clearly count as “papers and effects”, reading their data without their consent is obviously a “search”, and pulling indiscriminately from all web traffic is an extremely unreasonable search.  Somehow I doubt that the NSA got warrants either.  Their justification is that certain statistical signifiers are used to indicate at least 51% certainty that a target isn’t American – though of course even when they’re spying on foreigners they end up pulling tons of data on Americans as well (e.g., emails sent from Americans to the targets).

To state the obvious: this is illegal behavior from the NSA and horrifyingly shameful behavior from Silicon Valley.  With all their self-righteous talk of privacy and user protection, this is craven and disgusting behavior from companies that aspire to be trusted partners for all Americans.  As for the NSA, those responsible should be fired and preferably jailed.

On the bright side, it’s kind of funny that it turns out all the conspiracy theories about the NSA have turned out to be correct.  For many years, kooky nuts have insisted that the NSA has been watching every electronic communication in America.  It generally focuses on the ECHELON system (the NSA sure seems to be fond of all-caps names, incidentally) but it turned out to be called PRISM.  Responsible adults generally respond by pointing out that such a vast conspiracy would be impossible to keep secret, and furthermore would be so obviously illegal that the NSA’s lawyers would steer clear.  Well, the responsible adults were wrong and the kooks were right.