Comment Re:So... (Score 1) 634
Yep, the NSA action on sysadmin rights seems necessary. Not clear what they think they're going to automate though.
A related problem is who watches the watchers. When the Snowden story first broke, the NSA ensured us that only 20 people could(*) access to the top stuff and that all their activity was logged. Well, who reads those logs? Two of the twenty people? Is that exciting work for a top person? All bollocks. Made me wonder if Snowden had passwords via sysadmin keylogging. Until I saw the handy web interface that came out a few weeks ago and realized he didn't need any special access. That is the biggest story in this whole volcano of stories. Anyone with access - and it was surely more than 20 - only had to tell Skynet a reason from a dropdown select box. No human approval was needed to get a full data stream. Workers were encouraged to always get more data, not less. Sure, if you looked up your ex's emails, you might get in trouble some day. But if the bad guys were offering you a hefty sum to pay off the house she took from you, for a one-time breach and ticket to Tahiti - that approval system was a joke.
*But "could" meant "should."