As for my comment: I don't understand what's wrong with the arrangement presented in the article. Would someone please give concrete examples of (realistic) scenarios where this would be extremely detrimental to the US, or at least more harmful than the current arrangement of contracting private firms to perform government work?

Is your position that when the government brings in a whole company from the private sector to do work, then that's perfectly fine, but when they bring in an individual, it's not? Why? All of the same safeguards seem to be in play.

Also, having a risk of conflict of interest is different from having a conflict of interest.

He said he understood it had been approved by all the necessary government authorities, and that IronNet Cybersecurity, not the government, would pay for Dowd's time spent with the firm.

Dowd, he said, wanted to join IronNet, and the deal was devised as a way to keep Dowd's technological expertise at least partly within the U.S. government, rather than losing him permanently to the private sector.

Seems straightforward to me. The US government needs technically competent people, and they wanted to keep this technically competent person. The arrangement was approved by all necessary authorities.

You can hold one of two viewpoints: The NSA is necessary, or the NSA is unnecessary. It seems pretty hard to argue that it's unnecessary. And if it's necessary, then surely it's also necessary for them to have highly competent people. (Would you rather an extremely powerful organization have extremely competent people, or incompetent people?) So if competent people are being lost to the private sector, then why not make special arrangements to retain their talent in some capacity?

You seem to have stumbled on to the fact that sometimes anonymity is the only way to allow honest discussion. The trade off is that it also allows jerks to be jerks.

I, personally, would prefer allowing a few more jerks in order to also allow people to be honest without being lynched. The reason I bring this up is that usually you find the pro-NSA commenters making arguments against a right to anonymity/privacy. What they generally mean is that others should not have a right to anonymity/privacy, because they are potentially bad people...but when "I" need it, it is justified.

Not saying this to you, personally, it is human nature to be hypocritical in such a way. Sometimes we just need to have it pointed out to us.

Personally, I get really frustrated when I spend 20 minutes writing out what I think is a respectful, thoughtful response with links to all of my sources, only to watch it get downvoted into oblivion only because (as far as I can tell) I'm conveying a minority opinion. It kills discussion and turns threads into echo chambers.

I turn on showdead and run my mouse over every grayed-out comment now. I think we'd have better discussions on divisive topics if people would save the downvote button for actual abuse instead of just indicating that they don't agree with you.

I just want to restate what jen_h said: Everyone should turn on showdead and read that comment. In addition to the comment being comprehensive, they also claim to have worked for the NSA. If that's true, then they have a unique and important perspective on this issue.

When someone lets us know about them, we unkill good comments that should obviously not be dead. Since there are too many posts for anyone to see them all, we rely on all of you to help us. The reliable way to do that is by emailing a link to hn@ycombinator.com. General complaints are less likely to reach us, for the same reason that the original problem probably didn't.

We have a plan that I'm optimistic will greatly improve this situation. It involves turning most of this moderation, including what's [dead] vs. not, over to the community. But we don't know yet when we'll be able to implement it.

You can email the mods about stuff like bans you consider unfair at hn@ycombinator.com, in my experience they are very responsive.

But the CTO at the NSA with access and intimate knowledge of the entire body of classified information in his field of work, selling his services to the highest bidder in the exact same field? I guess if the client was Huawei he'd be rotting in prison by now, a traitor and spy.

I don't know about "perfectly fine", more of a "has significant problems with revolving door corruption and lobbying" but be that as it may, the conflict of interest seems pretty clear to me.

Given your premise that the NSA is necessary and it is in our general interest that it is effective, then the NSA's CTO is exactly the guy who should be playing companies off against each other to get a better deal for the public money he's spending. It's pretty hard to do that well if have any ties with one of the companies in question, let alone strong ones.

It would be a different story if part of the deal was that IronNet would never bid for, or in any way be involved in any NSA contract, but that doesn't seem to be the case (unless I missed something?).

Will there be a scramble for other highly ranked NSA employees by other companies in the same line of work?

So I'm viewing this from the implications of the effect on the market rather than the effect on NSA.

This is not nearly to the level of 'constitutional protections' - but is instead another indication of the inability to properly regulate an entirely secret bureaucracy. The NSA has all the failings and issues that any other large bureaucracy has - however it has difficulty utilizing the common mechanisms to regulate its less efficient behaviors.

It's also quite concerning that they think there's only one person that could be the NSA's CTO, and that they can perform that role part time. It's possible to entertain many ideas about the rights or wrongs of the NSA, but that would be admitting to a serious long term management failure.

This is basically an end around all of that. I doubt IronNet has any type of clearances to work on classified information. Furthermore, they are in the business of selling, brokering, etc. information that many times the US Govt considers classified (aka Harmful to US Interests if release).

Imagine this scenario. IronNet is "studying" an advanced hacking group and attempting to determine their TTPs (Again to make $$$, whitepapers, consulting, etc). So on Friday, NSA employee walks into the room and looks at their work. They can just ask "Are we on the right track?" He can simply shake his head yes/no..etc. Its like having the frickin Oracle in the room. You can do all kinds of dances so you don't reveal classified information, but help them.

This is obviously unethical at a minimum. If a lower level government employee did this, he would definitely be persecuted.

It's now almost an assumption that some General or Commissioner is spending the last years if their career sucking up to various third parties (at taxpayer expense) to ease the transition into private sector life. That wasn't the case decades ago.

The NSA case is more egregious because these folks are literally reading our mail. There can be no tolerance for even the appearance of ethical lapse of impropriety. Every aspect of these peoples professional lives are secret -- how can the public or US attorney be assured that the country isn't being sold out to enrich individual aspirations and wallets?

Also, IronNet intends to charge clients $1 million per month according to another article.

My position is that, if someone is in charge of defending America, then their first impulse shouldn't be to start a private company to charge clients millions of dollars to protect them from hackers. If Alexander has truly invented something so revolutionary and also completely unrelated to his work at NSA, then why doesn't he give to NSA or some other agency to help protect us all?

Why? Because this is the same old story of government->corporation=get rich.

The ethical issues here are very serious and very simple. To begin, Dowd (the CTO of NSA) is not an irreplaceable commodity or even particularly qualified relative to his peers. He is however a very close personal friend of the former Director of NSA - who is now competing for contracts awarded by NSA - and in his CTO position retains a massive influence over what technologies get adopted and what contracts get awarded with NSA's ~$10b a year budget. On top of this already obviously disqualifying conflict of interest, the NSA is handicapped with a part-time, 20-hour-a-week CTO in the midst of the largest intelligence scandal in the NSA's history.

Beyond this, Keith Alexander, who supported Dowd in his pursuit of the CTO position, just began a company that competes solely based on his former NSA assocation (the desire to benefit from decisions informed by classified knowledge) and personal patents that he alleges sprang fully formed from his head during his time at NSA but were in no way influenced or produced as a result of his classified knowledge.

Alexander has lost direct access to current classified information as a result of terminating his ties to the NSA. However, as a result of this scheme, he can retain access to that information by having the HIGHEST RANKED TECHNOLOGY OFFICIAL AT THE NSA on his personal payroll with a perfect 50/50 time split. Dowd's equal time commitment (and surely larger pay via Alexander's company) create an unreasonably high incentive to develop greater loyalty to Alexander's $1m-a-month-for-classified-consulting company (http://www.foreignpolicy.com/articles/2014/07/29/the_crypto_...) than he has to the NSA.

This is the same reason you can't take a side job working for Kaspersky while you work in NSA's TAO division developing malware.

It doesn't matter whether or not it's a great deal for the employee: it's a bad deal for the country.

It's not necessary to keep this guy around and let him double dip at the same time. It's a conflict of interest and a security risk too. As the CTO of the NSA he will be privy to technologies that would benefit a private security firm in thwarting NSA intrusion.

Not to be hyperbolic (but why not?) I look at it as both a sell out and cash in!

And here is the CTO working part-time for private companies. I wonder how discussions with clients at this security consultancy go? "Should we use TLS for our internal networks?" "Uhh.. let me think about this... uhh.. I think that's classified".

Right, that is clearly how it will go down.

This isn't political extremism. There have been scores of agencies in the past that have been shut down due to abuse and mismanagement (including FEMA, which no longer exists), and what's left of the defunct agencies that still need to function have been rolled into other agencies (in FEMA's case, the DHS).

For a (completely random and poorly thought out) example, foreign surveillance could be rolled into the CIA. The Lawrence Livermore National Laboratory has done some great work on improving cryptography for everyone, and could be the group responsible for doing that. That said, the private sector seems to be doing a perfectly good job developing cryptography on it's own.

If they can't do the job correctly, let's find someone that can.

Seems insane to me. What's next? The Stingray makers hiring FBI's director Comey as an "advisor"? You don't see see this as a huge conflict of interest?

  NSA takes seriously ethics laws and regulations at all levels of the organization

xkcd, as so often happens in these circumstances, has already illustrated this problem rather well. http://xkcd.com/898/

I think this is more likely two "buddies" rubbing each other's backs.