[atonse]

I love how we say this with a straight face and ignore the fact that the best hackers _anywhere_ are mostly currently or formerly employed/trained by the government: NSA, FBI, same with Israeli hackers trained by the IDF, Russian and Chinese hackers, pretty much everyone is a current or former state actor.

So yeah I'd trust NSA lending its talent to securing our payments infrastructure over some of the people that were in that Google thread that got paid 300k to do hardly any work in years. But this is a false dichotomy.

[refurb]

I somehow doubt the NSA would be the ones building it. It would probably be farmed out by the govt like the ACA website.

I agree it would be terrible if the govt ran it, but would make sense is for the govt to actually plan it and put regulations around it. Provide a framework for private companies to work off of.

[atonse]

That's why I said lending their talents. The NSA and FBI would definitely consult on something that big.

Actually they'd do it regardless of whether it was built by the public or private sector.

I'm in the DC area – so I know exactly how bloated and utterly incompetent most defense contractors are (I worked for a couple). So I have nearly zero faith in them doing a better job.

[maximente]

i would wager a fair amount of US dollars that, given past behavior/track record, the offensive mission of NSA would almost certainly result in some sort of backdoor that would eventually be used by opposing actors to pull down the data directly.

the defensive NSA guys would probably be blamed post-facto in some sort of delicious intra-organizational bull-bleep.

[atonse]

That's a different argument. I'm addressing this notion that the government is oh so incompetent and the only people that can do this is the private sector, when many countries have upgraded to excellent government-run (but private sector built) payment systems that work just fine.

[brenden2]

I respectfully doubt many talented folks are giving up $500k+/year jobs to work for Uncle Sam at below market rates.

[atonse]

No it's the opposite. A lot of people getting $500k were trained by Uncle Sam and left.

My point was that you can't say the government would mess it up when the government (really, many governments as I outlined above) has done a phenomenal job of training many of our best private sector hackers.

[chimeracoder]

> My point was that you can't say the government would mess it up when the government (really, many governments as I outlined above) has done a phenomenal job of training many of our best private sector hackers.

That's very different from saying that the government's core competencies include developing and operating secure consumer-facing web services that are also convenient to use.

There's a very big difference between having the raw resources and actually executing.

[atonse]

I forgot to mention another point that someone else mentioned (and I added to).

I live in the DC area. If you think that your average government contractor would do a much better job, you'd be shocked.

[whatshisface]

The NSA has a history of being so offence-focused that it wouldn't be very wise to trust them.

[ethanbond]

Alternatively, it has a public reputation of being extremely offense-focused.

[maximente]

well, we know without a doubt that they withhold info related to vulnerabilities in order to prioritize continued offensive success. that doesn't bode well for any non-offensive work, and there's no reason to believe that has changed.