re "A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group."
Internally the NSA don't have an alarm for that. Nobody could do any gov work if "alarms" or encryption got installed at that level and had to be cleared every few hours.
Why not? If private companies are expected to have access controls and adequate auditing for sensitive data and face fines for data breaches, then why isn't the NSA held to the same standard when they have access to much more sensitive data? if a private company has a breach, it can face multi-million dollar fines. What's the punishment when the NSA (who has access to far more data than many people prefer) loses that data because they can't be bothered to secure it out of "convenience". When a hospital has a data breach and your medical records are available for download, would you accept "Well, we could never do any medica work if we had any access controls or auditing for access to your medical data." At least in the case of a hospital, they have a good excuse - it literally is a matter of life-and-death - if the ER doctor can't pull up your medical records, you may die while waiting for treatment. But convenience and expediency is not excuse, even for a hospital.
Everything is decrypted and reduced to plain text. Thats the mission to decrypt and read, sort and index. The select humans allowed in to read and search the material are the "security".
So the NSA *requires* invasive access to all sorts of personal data, but they can't protect it at all? Every employee with some sort of clearance needs access to everything with no access controls at all?
Somehow that seems unlikely, and is not the level of care most people expect for such databases.
A random contractor should not be allowed to walk out with 50TB worth of data.
The select humans allowed in to read and search the material are the "security".
Note that there are about 5 million people with some sort of security clearance, 1.4M have a "top secret" clearance, so how select is that group? The NSA is estimated to have 40 - 50 thousand employees (the exact number is, ironically, secret), if even just half of them have access to data, that's not a very select group of employees, and there are guaranteed to be more leaks.
The idea is to allow the NSA workers to dig deep into all the raw data and find the gems that every other branch of the US gov and mil missed due to a lack of skill or clearance.
East Germany faced such a walk out of all their spies in the West as raw data in the 1950's. They fixed it by splitting the data up so no one person could ever see all the data lists alone again. A complex buddy and the need for senior staff to be present if such data was requested stopped walk outs
The GCHQ faced the issue of a cleared person with access to photocopier without a counter and daily uncounted paper refills. The ability to just copy secret vault material was limited only by the size of a folder to carry paperwork home in everyday. The GCHQ fixed the issue by securing the hardware and been more staff aware.
In the digital age the NSA has to trust its staff, contractors and people the contractors offer as trusted or who other agencies pass as trusted.
So this problem was solved 50 years ago, yet the NSA can't manage to solve it with modern computer systems?
The skilled staff ratio to material gathered is just getting so complex, jargon packed or in need of translation that a lot of contractors have to be ready to look. Its all plain text to help that work flow of a global collect it all policy. Then add in the sorting of the domestic collection.
That's a common criticism of the NSA -- they already have a haystack of data and can't find the needles they are looking for.
The fix is to encrypt internally and only trust tested NSA staff again. That would remove the contractors funding and they have political friends to get their access and contracts back.
You said they already only allow a select group of people have access to the data and that's their security model, now you say that the way to fix the problem is to only allow access to trusted staff? Who is this "select group" if it's not "trusted staff"? A select group of untrusted staff?