There is a lot of news today on the NSA’s Perfect Citizen program. The idea behind Perfect Citizen is that our nations infrastructure can be compromised and that the NSA needs to be monitoring it for attack. My major concern with this comes from the Wall Street Journal article where they say “While the government can’t force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.” This sounds a lot to me like “Allow us to monitor all of your network traffic or you won’t get government business.” And because this is the NSA where is the oversight and will it be public. The classified contract was awarded to Raytheon so we can guess that the oversight will be classified also.
What is to stop them from gathering more information than they are supposed to? Maybe my issue is that I remember the NSA’s illegal warrantless wiretaps and how that ended with the government giving the NSA and Telcos a free pass.
Update: So the NSA responded and said that Perfect Citizen is not about spying on individuals, it is just “vulnerability assessment and capabilities development”. The question may be, why call it Perfect Citizen then and not something related to vulnerability assessment or why was it classified if it is really just vulnerability assessment?
Update 2: Sometimes it is just nice to have someone agree with you.