Some arguments For and Against NSA surveillance

There has been much debate over whether or not the NSA’s surveillance programs are helping or hurting the United States of America. In this post, we explore some of the arguments that support these programs and those that do not. After reading each argument, we’d love to hear your thoughts on this.

Note: These arguments do not reflect the opinions of the owner of this blog and are simply a collection of arguments from online communities.

For

1. The programs are legal and they contain checks and balances so as not to let the NSA run completely free with them. They may have the ability to collect mass amounts of data, but that’s just it… collection, not eavesdropping. In order to take a peek at these records they need reasonable cause and approval.

2. Terrorism is the real threat to civil liberties. Another attack like 9/11 could cause the public to give the government free reign to do whatever they need to do to stop the bad guys. This could result in an even greater loss of privacy if the government took these programs to the next level. Better to sacrifice a little privacy now rather than all of it later. Not to mention that stopping a terrorist attack would save countless lives depending on the size of the attack.

Against

1. Surveillance of this level threatens the very democracy that this country was built upon. Giving this amount of information to the government puts our freedom of speech and association at risk. It wouldn’t be hard to put a stop to a possible Tea Party rally or other political meeting, before it began, by figuring out the details beforehand.

2. This massive collection of data could come back to haunt you someday, even if you do not think you are doing anything wrong. With all of the data they have on you, even if you are completely innocent, it would not be hard to add pieces of data together to portray you as being guilty of a crime you didn’t commit. Or if you decide to run for office someday, the “dirt” that could be dug up on you would all be right there waiting to be used.

So what do you think about all of this? Are you pro or con NSA surveillance and why?

NSA Leak: Did Snowden take the “Security” out of National Security Agency?

From Wikileaks to Whistleblowers, for example todays’ NSA PRISM story, we keep seeing new ways that private or sensitive data can be breached.

In this instance, an I.T. contractor working for Booz Allen, Edward Snowden, released details of a NSA domestic surveillance program. How did he get access to this [probably classified] information, you ask?

Said Snowden: “When you’re in positions of privileged access like a systems administrator … you’re exposed to a lot more information in a larger scale than the average employee … Anybody in positions of access with the technical capabilities that I had could suck out secrets and pass them on the open market to Russia … I had access to the full rosters of everyone working at the NSA, the entire intelligence community and undercover assets all around the world … If I had just wanted to harm the U.S. … you could shut down the surveillance system in an afternoon.”

Is that shocking to you? It should be. How does a low level IT admin get access to virtually everything – internal confidential documents, secret data…? The mere act of managing these systems allows administrative access to “privileged” accounts.

In virtualized or cloud environments, this situation is exacerbated. But, companies like HyTrust provide the security and controls necessary to address this issue. Clearly, solutions are available to address the problem . . . so why weren’t they being used?

Snowden indicated that he revealed what he knew about the NSA because he felt the public had a right to know about wrongs being committed. A modern day Robin Hood, he may have done what he did for the common good. But whether someone breaches sensitive information for good or evil (Sheriff of Nottingham, Benedict Arnold), the same breach can have devastating consequences for businesses.

This is something every business can learn from, said Eric Chiu, president of HyTrust. Wired Magazine recently published this article on the topic- Brand Damage Through Information Access, written by Chiu.

“Without implementing adequate role-based access controls based on least-privileged access, organizations are granting systems administrators god-like access to every piece of data that runs on every system,” Chiu advises.

In a recent Dark Reading article, Scott Hazdra, principal security consultant for Neohapsis states: “Authorized users are authorized users,” meaning that if someone has authorized access to data, then it may be near impossible to know if that person has malicious intent when accessing it. He advises: “You need to set aside a little time to see who has access to what and actually identify specific access controls.”

Lingering questions remain in the PRISM issue: Is Snowden a traitor or a hero? What other information might he be able to leak? Will he receive asylum? What do you think?