Agreed, especially the part about "evident that such action is now considered normal." Isolated incidents aren't enough. It's the pattern of behavior throughout the company, especially one's own superiors, that matter.
I would add some more limitations:
1. Don't quit because of the actions of another division you have no contact with.
2. Instead of quitting, do the right thing until they fire you. Ex: As an NSA employee, instead of using exploits to install trojans, write-up an explanation of the exploit and ask your boss to submit it to CERT. Notify your boss's boss of what is happening. Report your orders to the ethics committee. As an police officer, instead of testifying that you stopped the person for a tail light out, testify that the FBI called you and told you to pull the car over and wouldn't say why. That forces things into the open. Only then would the courts get a chance to address it.
Years ago, the NSA used to help secure U.S. computer systems. They developed encryption, and fixed known security holes. They made SELinux. If the NSA offered to hire me to go to companes and help secure their software, I would take that job, regardless of what other divisions of the NSA do. That would be a chance to not only do the right thing, but to influence from within. Sometimes it is a stronger statement to stay and do the right thing, than to leave.
A personal example from my experience: I work for a company with about 50,000 employees. Even as I type this it sounds crazy huge to me. The company is actually a really good, moral company, in my opinion. My division, which probably has a few thousand employees, makes devices that detect cancer, bloodborne diseases, etc. The idea is to help hospitals detect things faster, and prescribe the proper antibiotics faster. It's a good company.
So last year I heard that a court ruled my employer was using anti-competitive practices to muscle into the market for syringes or something like that. It was a civil suit brought by a competitor. It was a product that is not made by my division so I don't even know who or where. So should I leave in protest? Should the janitors leave? Or the CEO's receptionist? Or the guy who comes out and fixes the piece of equipment that might save someone's life? Maybe it should just be the people in that other division. I honestly don't know. When the company sent out the email, I really wanted to know what exactly the company had done and who did it. I was angry. I wondered if they would address it at the company quarterly meetings. But I don't even know if it happened 10 years ago or 10 weeks ago. I don't know what country it even happened in. With a company with divisions in 10+ countries, and 50,000 employees, it might as well have been some other company that did it. I submit that quitting would have been silly.