ICS 171 – Intro to security

Project #3
This project is to give you one more opportunity to look at a current controversial IT security
issue, analyze it, and come up with an informed opinion. As a security specialist, much of the
analysis and decision making you do will be based on your ability to “put yourself in another
person’s shoes”, but more importantly, on your ability to defend a position.
1) Watch the following videos [United States of Secrets]
a. http://www.pbs.org/video/frontline-united-states-secrets-part-one/
b. http://www.pbs.org/video/frontline-united-states-secrets-privacy-lost/
2) Given your experience and the research you already did (#2), answer the following.
a. What was the most disturbing item or item(s) from the videos and why?
b. How would affect you as a security professional in an organization that has to
work with the government? What if you were a civilian IN the government –
would you defend or attack the position taken by the agency?
c. Should this affect the average user? Average company (assume company uses
and depends on IT services or some sort? What about other countries?
d. Has your view of the relationship of information security and government
changed? Should a government be allowed to collect this information in the
name of national security?
Draft a paper (APA format, same as the research paper) that answers the above. Keep the
paper between 5 and 7 pages. This paper is focusing on your ability to answer the questions
keeping a broad view (looking at all the angles), while choosing a specific (focused) viewpoint;
and defend your answers
Final grading for the paper is as follows:
Meets requirements: 30%
Depth of Analysis 35%
Writing defense 35%

* We are not condoning or agreeing with any elements or statements (both written and verbal) shown in

the video. We are looking at a video in the public domain that is controversial and has possible global

impact. The right or wrong of the data presented is not the issue, it’s the perception of the data by the

general public as well as the effect on security professionals (of all types) that is the focus of this paper.
 th th
In 2014 A show titled “Frontline” on the PBS channel premiered it’s 9 and 10 episodes “United states of secrets” parts 1 and 2. This episode(s) told the story of the government project called

“The Program” in which the government is allowed to surveil citizens after the events of 9/11.

Something I found disturbing about these videos is the unnecessary intervention used on the people who were thought to be a person of interest/ whistleblower. Taking someone like Diane Roark for

example, A staffer from the house intelligence committee had been a whistleblower for Thinthread, had been in charge of overseeing the NSA had her house raided by FBI agents in 2007 after

being accused of leaking sensitive information to James Risen, an NYT reporter. A second example may be Thomas Drake a former NSA senior executive and whistleblower. After Drake found that

communicating to other NSA officials was not doing anything to help the privacy issue he decided to take matters into his own hands and sent encrypted emails to a news reporter. Shortly after his

emails were found and he was found guilty under the espionage act 5x and could’ve faced up to 35 years in prison. But four days before the trial, it was averted. In exchange for him pleading guilty

the court dropped the original charges and prison time (Though he still served 1 year and 240 hours of community service).

If I were to be a security worker in the government at this time this would make me scared because it’s my own people being targeted in my own organization and I could even be next in this sort of

blame game going on. I would also be embarrassed on how the government is handling the situation when we are supposed to believe they take care of us. If I were to be a civilian in the government

I would take the side of the people against surveillance. I understand why we would want to have information on everyone especially after 9/11 but there should’ve been a less intrusive way of

finding bad people out there and even without spying on the internet there are still other methods of finding information. That being said I would be against the agency for their mishandling of the

situation.

To the average user this would be very concerning since everything I do is out there for someone I don’t know to see. As a common person I wouldn’t know what to do about this and I couldn’t

imagine being ignorant to all of this, at least nowadays we know we aren’t always alone when online. The Average company was affected by this as well since all of their company emails and

private info has been behind a wall of glass the whole time. What’s even more upsetting is that companies like microsoft were in on the whole thing, collecting user data using PRISM, a wiretapping

program that collects things like emails, google messages, skype calls constantly. It’s not all online too at an AT&T location a worker named Mark Klein found a wire leading to the 7th floor of a

building connected to a splitter which allows data to be sent in two different directions without the knowledge of anyone.

My view hasn’t changed on info security or the government. It has actually probably strengthened my views since they were anti-spy in the first place. I didn’t trust the government in the first place

and now that I know such large events as such have occurred it just adds on to the list of reasons why. It’s honestly not surprising that the program existed with our funny little government. The

government should not be able to collect this information even in the name of national security because it violates so many people’s privacy and personal space. Why should the government be

allowed to dig into the people’s information but they hide everything? why do they need to hide everything of theirs but look into everyone else's business?. Us as the civilian population don’t have

many things to hide since mostly everything we do is in the public domain but the government locks everything they have away, wouldn’t they have bigger things to hide than we do?. The answer is

yes as we know thanks to Edward Snowden who leaked government documents for all to see and the reason we know about these programs like thinthread and PRISM. The (probably) only way we

would’ve found out about all these programs is from Edward without his contribution we would most likely still be spied on (more than usual) which only reinforces my beliefs on trusting the

government.
In conclusion, The way the government handled the people involved with the leak was very unprofessional and unnecessary. Raiding peoples houses and taking to court was just not the appropriate

response with the information given especially not with the severity of the action done. Putting myself in the shoes of a worker at the time I would just be distraught at the way my organization

handled this and displeased. Also putting myself in the shoes of a civilian I would feel really mindblown that something like that was happening behind my back all along without knowledge or

consent. And lastly my view on the government is vitalized and strengthened because these events only confirm it further.