So with the PRISM program outed, the main thrust of discussions is about its legality and consequences. But what interests me is a rather non-political issue of general competence. One would think that the NSA and in general any security agency would take risk assessment and mitigation seriously. And having its cover blown ought to be somewhere close to the top of the list of critical risks. Yet the obvious weak point of letting the outsiders with appropriate clearance access deep inside the areas with compromising info was apparently never addressed.

Even the standard approach of having tiered access for everyone regardless of the clearance level, and automatically checking and flagging every unusual escalation was either not implemented or cleverly subverted by a low-level admin. And given the Bradley Manning security breach, one would expect even a half-decent internal security officer to be rather paranoid. And who knows what other low-ranking admins quietly did and probably are doing with what information and for what purpose and in what organizations.

I am wondering, is it reasonable to assume that the people responsible for the integrity of a spy agency are this inept? Or is what we see now is somewhere low on the list of risks and is being handled according to plan? Or, if you go deeper in the conspiracy mode, is orchestrated for some non-obvious reason?

Personally, I hope it's the last possibility, because I'd take competency over ineptitude anytime, nefarious purposes or not.