At its heart these decisions suggest ineffective oversight in the U.S. government. It isn’t at all unusual for any agency, public or private, to act in ways that enhance its mission. Nor is it unusual for them to prioritize a benefit for them over a larger exposure for the company or nation.
This is why you have things like internal audit and compliance so that, when this happens, the executive in charge can be caught and disciplined for putting his needs over those of the organization he works for, or in the case where an organization misacts, over the needs of the investors, customers, or, in this case, the citizens.
When do we say enough is enough?
An agency with “security” in its name should have security as a priority. This means such an agency should be working to assure we are secure and that should more important than finding ways to break into things. In short, when given a choice between doing something that fixes a security exposure for the nation and exploiting that exposure the choice should naturally fall to fixing it.
The fact it currently doesn’t suggests there is something seriously wrong in the U.S. with the concept of security, the understanding of technology, and the related oversight in the NSA and for the sake of the nation we need to say enough is enough and get it fixed.
If we don’t and we continue down this path of connecting everything there is a real likelihood that this practice will have national catastrophic consequences. Bottom line: There should never be a case like the one that appears to exist today – one in which a U.S. Agency appears to be a greater security problem than an asset. Fixing this should be a higher priority than it obviously is.
Sign up for CIO Asia eNewsletters.