It is a very hard (and well known) security design problem to make system that the system builders and maintainers themselves can't access. Its possible, but few do it even today.
Russia intelligence is an external threat, and its threat model is well know. Whistleblowers are an internal one.
So to me, its not difficult at all to see why external well know threats are today less likely to happen, while new internal ones are missed. I have the same view of Windows security, in that Russian hacker has a hard time to break in, but a Microsoft employee would have a much easier time.
Different threat models. I assume you are well familiar with the concept so I am a bit baffled by your baffledness.
side note: After they identified Robert Hanssen as a rouge entity, were the NSA unable to provide evidence after the fact? This is after all the question I originally made.
Russia intelligence is an external threat, and its threat model is well know. Whistleblowers are an internal one.
So to me, its not difficult at all to see why external well know threats are today less likely to happen, while new internal ones are missed. I have the same view of Windows security, in that Russian hacker has a hard time to break in, but a Microsoft employee would have a much easier time.
Different threat models. I assume you are well familiar with the concept so I am a bit baffled by your baffledness.
side note: After they identified Robert Hanssen as a rouge entity, were the NSA unable to provide evidence after the fact? This is after all the question I originally made.