Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The solution, which they're implementing now (http://www.forbes.com/sites/andygreenberg/2013/06/18/nsa-dir...), is to require two or more administrators present whenever anyone has to build, maintain, or otherwise access potentially sensitive software, computers, information, etc.

They would be required to report on any strange activity they see from the other administrator(s).

Extremely inefficient, but it's far more secure than just allowing any administrator to do what they want with stuff.



This is a great example of Assange's "secrecy tax" degrading the effectiveness of the organization.

So leaks payoff twice -- once in direct transparency, and again by damaging the ability of the organization to act.

http://cryptome.org/0002/ja-conspiracies.pdf

  The more secretive or unjust an organization is, the more leaks induce
  fear and paranoia in its leadership and planning coterie. This must
  result in minimization of efficient internal communications
  mechanisms (an increase in cognitive "secrecy tax") and consequent
  system-wide cognitive decline resulting in decreased ability
  to hold onto power as the environment demands adaption.


It is the good 'ol "No Lone Zone". Nuclear ICBM sites have those. You need our accountabil-a-buddy with you at all times.

Here is an example placard from a Titan II site:

http://www.flickr.com/photos/mattblaze/4182509642/

(By Matt Blaze)

Not a bad concept. But your accountabil-a-buddy has to be at the same level as you technically. One can easily fool or mislead non-technical people. "Q: What are you doing?" "A: Rebooting the flux capacitor"


I've worked (in non-government contexts) under rules that required two people for certain actions.

My experiences with such processes is that unless you can have some sort of technical measure that proves both people are actually paying active attention to what is being done, the second person will often just zone out. Sometimes, if asked even a few hours later, they won't even have a clear recollection of the event taking place, much less what was actually done.


Additionally if you both double up and cut the workforce, chances are the two will be doubling up in another way too, i.e. both working on different tasks and claiming to keep an eye on eachother.

But really, you are going to lay off 90% of the sysadmins and require two different people involved to change a password?

What this shows is if anything how much you need a combination of good monitoring and enough people. And once one account is compromised you have a chance for the sysadmin to be using sock puppets for accountability actions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: