Do you need THE best software-development talent to be able to build comprehensive surveillance like the big agencies? Like THE Christiano Ronaldo or THE Michael Jordan of programming.
Or is this more about funds and the power to set such a system in motion?
My thought is that much of the problem is tactical, logistical, organisational, and capabilities-oriented.
Consider the problem domain:
1. There's a vast amount of information flowing around the world. Much of it remains at best poorly protected, and until recently, that was even more the case.
2. Much of surveillance revolves around access to the channels themselves. Which means places such as satellite uplink/downlink centres, transoceanic cable landfalls, major switching hubs, telecoms hubs (AT&T's notorious San Francisco closet), etc.
3. Then you've got the problem of simply ingesting the information. For that, you need fat pipe of your own, and massive storage.
4. Then the problem of classifying and prioritising the information, or identifying and tracing specific targets. Again, in both cases, scale matters more than capability, where scale is both a matter of data (transmission, storage, processing) and above all access.
If you want to tap a specific landline, or cellphone, or cloud / online storage provider, do you have the tactical assets in place to be able to do so? E.g., official or unofficial liasons with the organisation in question. If official, how do you maintain that relationship (what balance of carrots and sticks). If unofficial, do you risk burning through such assets by utilising them. Google, to take an example, apparently looks poorly on employees directly accessing user data, and could well discipline or terminate any staff or contractors who do so. This doesn't mean that the NSA doesn't have and cannot use such assets, but they can likely only use each one a small number of times, possibly only once. That raises the costs for any such access, though again, scale offers a potential counterweight. (Rinse, wash, and repeat for all non-Google organisations, I'm actually raising them as an example here on account of their apparently stringent internal controls.)
5. Technical capabilities. For any given channel, there are the fundamental information-theoretical problems of establishing a link, transferring, and comprehending data. Depending on the complexities involved, this may be easy or hard, but there's almost certainly a fixed setup cost for any given service. This also means that the surveillance entity will likely target technical sources by some balance of total size (likelihood that any given target will be on it) and specific interest (that a particular target is there).
Such resources are again finite, and suggest yet another possible defeat: by embracing rapid change, workfactor for achieving technical penetration increases.
I'm arguing my own way through this, but in general, I'd think that size matters more than skill, though the two complement, and there are almost certainly instances in which brute intelligence and capability in conceiving of exploits is an essential factor.
Do you need THE best software-development talent to be able to build comprehensive surveillance like the big agencies? Like THE Christiano Ronaldo or THE Michael Jordan of programming.
Or is this more about funds and the power to set such a system in motion?