This morning on CBS, a former CIA exec was on, he was appointed to Obama's council to review the NSA.
This idiot, thinks that instead of the NSA holding the data, we should give this data to a private consortium and then the NSA will need to get a judges order to query the data.
Two problems with this.. I don't trust the NSA, but I don't trust private business either, to do the right thing. I am responsible for massive amounts of data, and I keep coming across passwords to data that are so simple... the password is password in many databases. These are systems that are supposed to be so tight... and here I find some idiot made a service account a simple password (yes we have complexity rules, but I find someone turned it off to set this, it predates me)... Many companies are trying to fix this, but it is a half assed job, as many will file for an exception and be granted it.
Also the testing of passwords is just too simple... they only test a very limited list.
I don't trust most companies (the people in them) to do the right thing. So the last thing I want to do is see this mess be handed over to the private sector.
Now do I trust the NSA, NO!!! But if we are going to keep this program going, we need to keep it at the NSA.. These guys while not perfect, are certainly more secure than the private sector. Of course you have Snowden who proved it's not very secure.. but add more people and more entities in, and watch it be so open that it's a joke.
The biggest danger is from within.. The next biggest danger is arrogance, in thinking you are inpenetratable, so you protect everything inside, so if you are a little loose, it's ok.
The next biggest danger is the outside, because there are always groups, people, or terrorists that want your info, or to take you down.
Stupid rules... Now lets talk about drones.. military and otherwise.. Eventually someone will hack a drone and attack us with our own drone..
Too many think technology is the answer and you can protect it.. You can't believe its secure... you have to think it's insecure. You need a secondary system that even monitors the primary system and protects it, then a system that protects that, and a system that protects that... .... you get the point... you can't be sure..
My former office mate was tasked with breaking into the phone systems to find the vulnerabilities... He was good and did so quite easily.. Sometimes the phone companies were slow to close the hole thinking it wasn't an easy hack... Stupid right??? If he did it, why wasn't it easy.. Arrogance..