Ishmael Jones: Spy versus Spy

[Valin]

Power Line

Scott Johnson

May 15 2017

 

Ishmael Jones is the pseudonymous former CIA case officer and author of The Human Factor: Inside the CIA’s Dysfunctional Intelligence Culture. He has forwarded his comments on certain aspects of the CIA’s vulnerability. He advises that his comments have been reviewed and approved by the CIA’s publications review board. Mr. Jones writes:

CIA secrets were once typed on paper and stored in safes. Even the typewriter ribbons were removed at the end of the day and locked away. Secrets could still be exposed but it was harder. A traitor like Aldrich Ames had to ferret his way into offices at CIA Headquarters to gain physical access to documents written on paper. Then he had to smuggle those documents out of the building.

Today a clever software engineer who is not even located within the Headquarters building can have access to it all and can download it all. Tens of thousands of intelligence agency employees sit in front of tens of thousands of linked computers sown throughout the Washington, D.C. area.

The people who have sold the software driving this system will insist there are firewalls between these computers, but the massive, relentless leaking, the Wikileaks CIA dump as well as the recent NSA dump and the resulting worldwide hack –- with no ability to find out who did it — say otherwise.

 

 

(Snip)

[Valin]

From the comments

 

 

Daniel Menes ·

University of Virginia

I have worked as a software developer in the DC area, and I've seen the inside of the swamp that Ishmael Jones describes. He is both correct and incorrect.

He is correct that the software specifications are written by salesmen who often have little knowledge of or interest in software engineering, but have personal connections in the intelligence world. He is further correct that the quality of the product often suffers as a result. Much of it is crude, buggy, and fails to deliver on the glitzy features that the sales department had promised--features which, often, were ill-thought out and of dubious value to begin with.

But Jones is wrong, I think, that this is the root of the security problems that we have seen. I think those problems stem much more from problems in the culture and organization of the agencies themselves. Simply put, they are large, disorganized bureaucracies where nobody is really running the shop.

Furthermore, I am skeptical that the "reform" that he and Issa propose will correct the problem. I do not know the details, but it sounds like he is proposing some kind of anti-competitive regime that makes it hard for small players to enter this market. Currently, it is fairly easy for a small entrepreneurial company to enter the market, developing useful software for federal intelligence agencies. I suspect that the effect of Issa's "reform" will be to encourage monopolization by a few big players. This may result in a market that looks less messy. But I doubt if this will lead to more secure software; it will certainly not lead to more innovative software; and it is unlikely to lead to less wasteful acquisition.

The problems with acquisition, like the problems with security, stem I think from the lack of focus, direction, and accountability within the agencies themselves.