Sam and His (not so) Crazy Ramblings

If you haven’t already done so, start here.

Go ahead, I’ll wait.

Sam and I don’t go way back, but he’s easily the most intellectual and yet accessible thinker on these sorts of issues, especially as they interact with other disciplines. While he can’t draw from decades of experience behind closed doors, you’d never know it based on his grasp of the issues.

Having said that, there are some things that only a grizzled old veteran of the intelligence wars – actual and bureaucratic – can shed light on, hence the following response…

1) NSA will be half the size it is today.

Why I think he’s wrong.

It takes a LOT to reduce the size of a federal agency; even more so an intelligence agency. I’ve been in the IC through fat times and lean, cold war, hot wars, peace dividend and war on terror and I’ve never seen an agency shrink in any significant way. It might not grow as fast as expected, it might shrink somewhat through natural attrition, but to say “half the size” is basically nonsense from a historical perspective.

Where I think he might be on to something.

The NSA is really two outfits in one: an intelligence agency and a security agency. They can complement each other but they don’t have to be under the same roof. In fact pulling the security agency out of NSA, making it a separate entity, and retooling it into an agency that supports security at both the national and individual level would go a long way in both winning back public trust, as well as actually making it harder for malicious outsiders to hurt us.

2) NSA becomes a contractor free agency.

Why I think he’s wrong.

Go into any intelligence agency today and you have 4 categories of people: managers, a thin slice of very senior subject matter experts, a lot of very junior people trying to be experts, and sandwiched in between is a layer of mid-careerists who, when they’re not trying to jockey for the senior SME slot once the geezer in it dies, is acting as a project manager or COTR for various efforts that are carried out by contractors. The IC can’t function without contractors because Congress won’t allow the IC to hire more employees. They won’t allow them to hire more employees but at the same time they won’t stand for a reduction in the number of missions that need to be executed. The only solution to that problem is contractors.

The IC also cannot hire enough technical experts in enough subjects to keep pace with the demands of their missions. The whole point of contractors is to bring them on to address new or advanced issue X, and then leave (or reduce their presence) once things are in hand. What we have is perpetual 1-base plus four option year contracts. Serving as a federal employee for 30 years, retiring, and then coming back as a contractor to work on the same mission for another a decade or more isn’t unusual, its standard practice. Same number of missions, same changes in technology, means contractors are here to stay.

Where I think he’s on to something.

Contracts need to be: short(er) term efforts that are focused on hard technical problems, with the goal of getting things to the point where more generalist feds can take over. The size of contracts need to be reduced. Hundreds of millions of dollars doesn’t buy more success, it just buys more butts in seats.

3) Elements of NSA working toward national infrastructure security are split off.

No argument.

4) NSA and CyberCom split

The sooner the better.

5) NSA has to invest in privacy preserving security as penance

See #1 above.

6) Individuals may find themselves under congressional investigation

Why I think he’s wrong.

NSA abuses, real or imagined, intentional or unintentional are a fringe issue. People in the crypto and privacy sub-culture care, some people in computer and information security care, people who have no idea how SIGINT works but are happy to have yet-another reason to hate the gov’t care…but the vast majority of everyone else doesn’t. Outside of New York, Washington DC, and a few other major cities, I challenge you to walk out into the street and find someone who has heard of this issue in any more than a passing sense. Then find someone so mad about it they’re going to take political action. Taxes, social security, health care: that’s what the majority of people in this country care about. NSA Internet surveillance of the ’10s is not NSA (and CIA and FBI) surveillance of people in the 70s.

Where I think he’s on to something.

If intelligence agencies are good at one thing its burying bodies. Is anyone going to find themselves in front of Church Committee 2.0? No. Will the people who were leaning the furthest in the foxhole on efforts that were exposed going to find themselves asked to quietly find their way out the door? Absolutely. This is how it works: the seniors thank and then shepherd those that pushed the envelope to the side, those who take their place know exactly where the line is drawn and stay weeeellll behind it. They communicate that to the generations that are coming up, and that buys us a few decades of sailing on a more even keel…

…until the next catastrophic surprise…