, 10 tweets, 3 min read Read on Twitter
I've had a few people mention to me the "lack" of oversight on NSA and the #EternalBlue losses that are now being used by adversaries to hack Baltimore, etc.

I have some thoughts on the public outcry on this point & the challenges of oversight.
NSA and its activities are overseen by the House and Senate Intelligence committees, that do their work in behind closed doors, in SCIFs, because most of the subject matter is classified at very high levels (TS/SCI). This means deliberations are not public.
The lack of public oversight means that outside observers like @KimZetter, the ACLU, CDT, or even now, myself, have little insight into the conversations that happen between the NSA & HPSCI and SSCI. We don't know if the NSA gets raked over the coals, or pats on the back.
Even when members like @RonWyden or @RepAdamSchiff, who raise serious questions and are known to be thorough and skeptical overseers, the public sees little signs of it because of the classification. That means both the hearings and the legislation isn't visible.
The problem with the secrecy is that one of the essential functions of oversight, to show that the nation's representatives are asking on the public's behalf, doesn't actually create that confidence in the public's mind.
The other problem with the secrecy, is that the legislators are the only ones who can challenge the NSA's arguments that a) the tools are too important to disclose, b) they've done enough to mitigate risk, or c) the status quo is fine.
When I've been on the inside, you can think you're asking all the tough questions and standing in as proxy for the American people's concerns, but then when the program actually comes to a public debate, you find your sense of alarm wasn't high enough. See, e.g. 702.
Between TSP/702/215 and Eternal Blue, I have started to question the wisdom of holding the conversations around risk on these tools at such high classification levels that they aren't debated more broadly, especially in the private sector, where the impacts are greatest.
The other thing that's clear is that these tools are not being sent through the Vulnerabilities Equities Process, as they are supposed to, to have a broader conversation about risk. techdirt.com/articles/20160…
So, the bottom line is that Congress, despite what it may think is aggressive oversight behind closed doors, needs to have a broader conversation about where the lines are in disclosure, tool development, and hacking. Because there are more voices who need to come to the table.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Mieke Eoyang
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!