[achingtooth]

People in this thread are talking about how they wouldn't trust the NSA at all. I went to a presentation and talked with people from the NSA before and at face value they seemed like a silicon valley tech company. In their presentation they talked about how they were interested in open source, diversity, big data, artificial intelligence, and all the other buzzwords. They all seemed like they genuinely thought what they were doing was helping people. I know what they've done (and continue to do) but it's strange being able to attach a face to an action. You're more likely to believe them and buy what they are saying. I suppose the best thing to do is check over their code and accept it if everything looks good. They probably are being genuine.

As a an extra piece of information that I found interesting, they were pushing the diversity stuff hard. Everyone that gave the presentation were women (and they weren't low level people), they had an African-American person that worked there talk about how inclusive it was, they talked about how they're super accepting of LGBTQ+ people, and on and on. The tech stuff was for like 5 minutes, then the rest was on diversity (at a tech presentation, looking for recruits). I'm not exaggerating.

[TimTheTinker]

Something to keep in mind is the fact that even (or especially) within agencies like the NSA, secret operations are kept secret from every staff member who doesn’t need to know about it for the op to succeed (higher-level people too).

Also, they know they have a public image problem since Snowden and are doing everything they can to change that.

It’s likely you can trust the individuals you saw to be nice people. But that doesn’t mean the agency as a whole can be trusted not to compromise the digital privacy and security of American citizens (not to mention citizens of other countries).

EDIT: As another commenter noted, the NSA is unfortunately a combination of red and blue teams within a single agency. So when you see positive signals that they’re working towards improving security, don’t believe for a moment that they aren’t working equally hard towards pwnage.

[awelkie]

If this was before 2015, there's a chance the person giving the talk about inclusivity was my father-in-law; I know in the last few years of his career there he got involved in the push for diversity. He always talked very fondly of his career at the NSA.

I think in a lot of ways the NSA is a better workplace than any silicon valley tech company; you don't really have to worry about profitability, there's an enormous breadth of interesting work to be done, and you get to work with a lot of really talented people (I think the NSA is the largest employer of mathematicians in the US). Of course there are downsides too, like the low pay (set by Congress) and the constant drug tests and polygraphs.

Based on my discussions with him, I believe that the organization has two conflicting goals; to improve the IT security of the US and its allies, and to weaken the IT security of everyone else. And there are historical examples of the NSA doing both. But internally apparently there is a lot of debate about what the NSA should be doing, especially post Snowden. So yeah, I can believe that plenty of people at the NSA are deservedly proud of their work. Not everyone there is a cynical government drone working to undermine IT security globally. But of course when the NSA starts contributing to your project, you don't know which of their two goals they're working towards...

As an aside, my father-in-law is a very passionate mathematician, and in his retirement he just published a book on some interesting and approachable topics in mathematics that much of the HN crowd would probably find interesting: https://bookstore.ams.org/mcl-22/

[oefrha]

If the polygraphs are anywhere close to as bad as some CIA/NSA/etc. personnel describe online (e.g. [1]), no amount of money or interesting work can get me to have myself violated like that.

[1] https://antipolygraph.org/statements/statement-038.shtml

[tehjoker]

I don't know anyone that works there, but there was this article in The Intercept a while back about how management has become more corporate. That was back in 2005/2006. https://theintercept.com/2018/08/15/nsa-sigint-curmudgeon-si...

[netwanderer3]

Even though the NSA falls under Department of Defense, their stated mission is to collect and process global information so more or less it is functioning very similarly to a human brain, providing intelligence and guidance not only in the security area, but it's also influencing all American domestic and international policies.

Even back in 2010, the NSA was already collecting over 1.7 billion of communication records every day. As far as I know, that amount probably doubles every couple of year so just imagine the enormous size of data that they have to process. It's no wonder the NSA is the only single entity in the world that own gigantic centers of supercomputers. Without AI technologies their information analysis mission would be nearly impossible so it just makes perfect sense the NSA is after those technologies. Honestly I would be surprised if they don't already own quantum computing power.

In addition to low-level firmware codes, I imagine for all those 1.7 billion records of data to be routed back to the NSA every day without a trace, completely invisible to the rest of the world, it must have required another hidden layer of network protocol beyond the current OSI model that we have. The low-level firmware codes must work in sync and convert data following the model of this hidden network protocol for it to transfer away successfully without being detected.

For it to operate effectively, the NSA must be miles ahead of any Silicon Valley company. Their work is truly astonishing no matter how you look at it.

[jacquesm]

I'm not sure about the NSA but I know that plenty of employers of that kind would frown upon having their personnel (or ex personnel) identified like that without their consent.

[awelkie]

You're right of course. With Mel I know he's very forthright about his career in the NSA, so I figured it would be alright. I just confirmed with him too, just to make sure.

[jplayer01]

So all of this makes what they actually do as a living okay? You know, dragnet surveillance, physically wiretapping Google's internal network, backdooring encryption, etc.? Since when are we trusting the face value of anything somebody at the NSA says? Where's the skepticism gone from the Snowden days? Like, these people aren't our friends. Any code contributions from organisations like this, which do not have our best interests at heart and at worst actively attempt to subvert efforts at hardening encryption and other security efforts, need to be combed over with a fine-tooth comb.

Hell, as a European, the NSA is very clearly the enemy. Their goal is to protect US citizens, maybe, with very unconstitutional methods. They have little to no interest in the privacy or legal rights of people outside of the US, and yet have an unimaginable global reach.

[snazz]

The fact that they’re not committing their changes under a pseudonym or front company suggests that they’re okay with the world knowing about what they’re up to. Same with their reverse-engineering toolkit.

What Snowden publicized was, for the most part, completely hidden from the view of society. The NSA wasn’t coming to tech conferences announcing their new surveillance tools.

Don’t think that the new parts of Coreboot won’t attract scrutiny from security-conscious companies and individuals.

[ionised]

> The fact that they’re not committing their changes under a pseudonym or front company suggests that they’re okay with the world knowing about what they’re up to.

They are not committing their most secretive and effective tools on GitHub for Christ's sake.

[ggg2]

what snowden released had several previously public benign components.

[tellme_throwa]

It can be a "defensive" move from NSA though, they have other ways to "attack"...

[1f60c]

No, it doesn’t, but I haven’t heard anyone claim that.

[CraneWorm]

Basically, the coolest job ever.

[kpU8efre7r]

Are they breaking any laws?

[ionised]

They've likely broken many laws, but we'll never hear about it, much like the CIA.

[geofft]

I think a comparison to tech companies is quite apt - there are people at Facebook, Palantir, Oracle, Microsoft, Google, Amazon, etc. who are quite genuine about doing some open-aource stuff to improve the world, but for each of those companies you will find plenty of people who quite earnestly believe the company's wider mission will hurt the world. Do you accept network stack acceleration patches from Facebook if they'll accelerate mining personal data? Do you applaud improved V8 performance if it drives people from local apps onto monitored and monetized webapps? etc.

I think it makes sense to be cautious about all of these. I don't think the NSA is an abnormal risk to society, compared to the other major OSS contributors out there.

[pdkl95]

> they were interested in open source, diversity, big data, artificial intelligence, and all the other buzzwords

I'm sure they were. Being interested in modern technology doesn't imply anything about someone's intentions.

> They all seemed like they genuinely thought what they were doing was helping people.

I've known and worked with several people that used to work at the NSA. I have no doubt at all that they believed they were doing important, helpful work. For many people, most of the time, that was probably true. However, even the best intentioned person will have a hard time actually verifying that speculation; by definition, someone who believed that the NSA's work was good/helpful probably also believes it's important to respect compartmentalization and not ask too many questions about things they don't need to know.

However, this is expected, because it's what most people believe about themselves. As Quark explained[1] about his own motivations as a smuggler, "No one involved in an extra-legal activity thinks of himself as nefarious. I'm a businessman, okay?"

> they were pushing the diversity stuff hard

I saw the same pro-diversity effort at the DOE. I wouldn't be surprised to see similar efforts throughout the public sector. None of this says anything related to the NSA's trustworthiness.

[1] DS9 s06e25 "The Sound of Her Voice"

[JohnStrangeII]

It's a military agency whose stated mission goal (among others) is to be able to compromise any military or civil information processing system used by non-US citizens.

You're a bit gullible if you think that the nice folks from the NSA you meet have any say in what their agency does with the technology and projects they are involved in. I'm sure this aspect of it is one of the more frustrating parts of working for the NSA, especially right now, but it's also fair to say that they probably know what they signed up for.

[majia]

Not sure how diversity is related to the potential conflict of interest of NSA work...

[mrob]

More diversity means more chance of another Snowden. People are more likely to take risks to protect people similar to themselves, and more diversity increases the chances that the NSA is harming people similar to their own employees.

[majia]

Are you implying snowden is a woman/African American/lgbt or an advocate for these groups?

[mrob]

No. People do not only help people similar to themselves. I'm just talking about probabilities.

[ionised]

> I went to a presentation and talked with people from the NSA before and at face value they seemed like a silicon valley tech company.

Why is that a reason to trust them?

> They all seemed like they genuinely thought what they were doing was helping people.

The worst people in history all thought they were doing good too.

> As a an extra piece of information that I found interesting, they were pushing the diversity stuff hard

Diversity at the NSA doesn't factor whatsoever into whether I trust them or not. The damage they've done to secure communications and their cavalier attitude to dragnet surveillance is all I need to know about them.

Don't buy into the PR bullshit.

[stjohnswarts]

The NSA is a huge place, you saw only a small segment. Their primary role is to spy on US and international citizens and make sure that nothing diabolical is going on. PRISM (and other programs revealed by Snowden) showed that they have no qualms about violating the Constitution and privacy rights of citizen in pursuit of their job. I am sure there are lots of good people at the NSA just working 9 to 5 feeding their families, however don't overlook that their job is to spy on anything and everything that is going across the internet in order to look for threats to the country, whether it is constitutional or not.

[cannedslime]

> they seemed like a silicon valley tech company.

Yeah I don't trust them...

[geggam]

Talk to people who worked at the NSA 15 years ago and their opinions of what is happening now.

If they trust you enough the truth is interesting.

[mankeysee]

Of course, thats the image they would love to present. And of course, why would they even have the actual people in the know making these presentations.

And it is very natural they'd be interested in Big Data and Artificial Intelligence. Even a fool could understand why.

[stakhanov]

Don't drink the kool-aid. ...they probably have a bunch of LGBT African-American women whose sole job it is to be visible.

The NSA is one of the few companies legally allowed to do stuff like only hire you if you're a U.S. citizen and even say so in their job advertisements, and keep you out of certain kinds of roles (the ones where the real action is, probably), without being held to transparency standards and nondiscrimination laws that would apply to private corporates. They can always cite undisclosed nonspecific security concerns rather than having to say "We didn't allow that person into that role because it isn't a middle-aged white guy".

[achingtooth]

I'm 19. I've never been a fan of the NSA, my bad I should have been more clear with what I meant. At least I got a cool notepad https://i.imgur.com/yu103Lg.jpg

[stakhanov]

When I was in college I used to have positive sentiments towards college recruiting events too. It made me feel very special to think that these organizations wanted to engage in a dialoge of sorts and be in business with me and my fellow students. Now (15 years later), I realize that these people are basically actors in a live-action TV advertising spot and no more credible than one either.

The core is usually HR-people who do these kinds of events as a fulltime gig. They are usually very much out of touch with the rest of their organization because they do indeed spend all their time talking to students, and almost no time engaged in whatever business their organization is actually engaged in. To spice things up, they throw in one or two "real" employees. The reason they come is because there will be an HR policy whereby an employee is enouraged to spend one day per year on an activity like that to tick a box for their next promotion, so they grudgingly go there, but still secretly think of it as a waste of time. They still play their role though in the live-action TV advertising spot and put on a friendly face.

My own experience is that I was quite entrepreneurially-minded when I was in college. I wanted to be in business with a lot of organizations, just not as an employee. I used to go to all these events, hoping that they can put me in touch with people who do certain things, know certain things, get to decide certain things, etc. etc. I would always hit a brick wall. Because the people at the recruiting fair are there solely to get you to interview for the internship program or whatever. If you approach them with any other kind of request, the HR-people are neither incentivized to, nor, in most cases, able to accommodate you. For the real employees (the guy doing his one-day-a-year-stint), you as a college student, are not worth actually investing time into, so they won't do anything for you either.

In other words: Their presence at the recruitment event is not the presence of a human being that wants to engage with you on a human level, nor the presence of an organization that wants to be in business with you, but rather the presence of a robot who can accept your application for the internship program and who is not programmed for any other kind of interaction with you.

You don't need to take my word for it, either. You can easily put it to the test.

Next time you go to one of these events, bring a pencil and say: "I will happily interview for your internship program, but as a sign that you are SERIOUS about wanting to engage in a business relationship with me, I would like you to use company money to buy this pencil from me for 50 cents".

Witnessing what happens next will hopefully rid you of feeling special. -- I can assure you, you won't sell a single pencil. If you do: That's the company you should work for.

[achingtooth]

I'm not in college, I live as a digital nomad in Eastern Europe. My parents wanted me to go down the traditional path so they made me talk to various companies/agencies to make sure I didn't want to get a normal job and go to school before I left. Your post made me even more glad I didn't go down the traditional path though.

[morpheuskafka]

Don't all federal government jobs generally require US citizenship?