The future of the NSA: fight the hackers or embrace the hackers
With its well-known habit of uncompromising surveillance, the NSA has earned itself something of a poor reputation among internet users. But while the spying side of the agency is what it is most famous for, it is actually made up of two different divisions: offensive and defensive.
Later this week the NSA is expected to announce an internal restructuring that will see the two divisions merging. This presents the agency with an interesting predicament: does it continue to work to fight the efforts of hackers, or does it adopt hacker-like techniques to help gather data? Experts says that the merger is a mistake, largely because the aim and modus operandi of the two departments are diametrically opposed.
The dilemma comes about because while the offensive Signals Intelligence Directorate (SID) actively seeks security holes and uses backdoors to attack foreign nations, the defensive Information Assurance Directorate (IAD) seeks to plug security holes to protect companies and governments. The NSA seems determined to go ahead with the merger, despite advice from experts and the Obama administration that greater separation would actually be the best move.
The reshuffle means that the NSA will have to choose between exploiting security holes or fixing them so they can't be exploited by others -- there really is no middle ground. Writing for the Guardian, Danny Yadron points out:
The NSA could decide not tell a tech company to patch a security flaw if it knows it could be used to hack into a targeted machine. This could leave consumers at risk.
The choice is stark. Is the NSA of the future going to concern itself with offense or defense? Working as it currently does with hackers and companies, the NSA risks straining relationships and threatening its own internal operations no matter which route it goes down.