Re "You said they already only allow a select group of people have access to the data and that's their security model, now you say that the way to fix the problem is to only allow access to trusted staff? Who is this "select group" if it's not "trusted staff"? A select group of untrusted staff?"
Thats the big question. Encrypt and tell all the workers they are not trusted at any level and all have to get permission/keys everyday?
That breaks down that esprit de corps, comradery or respect and excellence. Taking orders/tasks from a contractor alters gov/mil staffs outlook on their job. Staff start to wonder if they are been demoted, blocked or have done something wrong, been reported, face downsizing, replacement by a contractor, a hunt for a someone and they are caught up in it. Their work suffers, rumours spread fast in communities.
Trust the gov workers but never the contractors? Some contractors are more trusted who have to see the networks as part of their contract? A new layer of tasks and workers to look after and track.
All that while global and domestic collection builds up 24/7. The US has done a lot of testing on how to work with its staff.
How to trust them, educate them, track them, reward them, know if they have been in contact with anyone, or to test them with fake files or unexpected chat downs/encounters in the community or while on holiday. If not self reported, thats an issue.
Thats what kept the NSA safe for so many decades. Thats the methods the US told its other 5 eye members to try with their own staff.
That all fails when rushed in contractors get equal access and need to work with all material.
Re "A random contractor should not be allowed to walk out with 50TB worth of data."
That is just random files floating around the networks so staff can cross reference and search. Plain text, sorted, indexed so future generations of staff next week, month or decade can look back and draw results. Internal tracking of such data flows would slow the networks and allow spies to track if they are been investigated by self searching their own logs. Any changes and they know they are under suspicion.
That could endanger decades of discovery or placing of fake material and allow escape.
The FBI tried that and found internal spies would look if any action was been taken surrounding their work or teams. Bureaucracy expects a file to be created somewhere and that can be searched for given equal or greater access. A strange new team with project access but no contact could be new security.
The change was a flood of contractors and staff growth. New missions, different contractors who could alter things, give orders and had a more easy path to support and advancement. Yet the same security system of trust the staff, work the data stayed in place as it had always worked so well until it did not.
Any attempts to secure things away from the contractors invokes political support and seen as anti-capitalist or budget envy. Contractors are clearing other contractors just to bring in skills and keep up with the global/domestic work load. The final security that worked was to walk the life of all applicants. Talk to all friends, teachers, extended family and look in local paper documents, paper court records, interest in books, magazines, friends of friends and get a good profile of everything.
That is now digital. The person exists and the federal/state computer says the grew up in a fly over state, passed their exams really good and another agency totally trusts them. The polygraph tester passed them after a chat down and internet log search to see if they looked up "polygraph". None of their self submitted friends are been tracked by any state or federal task force or police database...
That final real world aspect to decades of great security is now not working in a rush to find skills, languages, foreign thinking.
The UK did rushed interviews in the 1930's-40-50's to get Russian and German skills. A lot of interesting people got invited in and moved up the ranks.
Collection at any cost is becoming the only mission.