regarding the inability for NSA employees to report ethical violations in a manner that did not assure retribution: this is actually a somewhat difficult anonymity / privacy question in the context of highly compartmented information and operations, where knowledge of a subset of specific details is sufficient to imply strong suspicion and scrutiny to a very small number of individuals... ... assuming you don't circumvent the apparently mediocre constraints to this information in the information systems that contain it. ;) --- while academically interesting, in all practical terms we should render this question moot and provide absolute communication origin[0], destination[1], and content[2] privacy to all network users in all locations under all circumstances guaranteed by constitutional law, prosecutorial discretion, and practical realities (read: implementations resistant to Tailored Access Operations like efforts (NSA TAO / CNE related programs) this latter guarantee will require a bit more design, coding and deployment, fun problems to solve![3] 0., 1. "peer communication endpoint privacy" - this is a hard problem. the existing implementations are not usable and insufficiently large in anonymity set (too few users): zero knowledge high latency mail like messaging mixes, even if the twitter mixes are pretty cool. a proper solution would be datagram based, NAT busting, low latency (read: sufficiently real-time for video and voice), the majority protocol across the Internet and local intranets and ad-hoc mesh nets and other networks, in an implementation that resists all known general purpose (wide scale) and specialized (highly targeted and/or weaponized bleeding edge and/or privileged positioned) attacks. 2. strong encryption like: alligator wrapped forward secrecy intended streams, and equivalent techniques, solve this problem. clearly there is much work to do in the implementation and protocol side of crypto integrity. very, very much work... 3. "NSA TAO / CNE related programs" resistance is a very tall bar. they rolled this out at DEF CON, of course. the soon departing .gov Alexander rolled into town with some world class shit, no doubt... is it really going to be 33 years before we can talk about it? for better or for worse we won't have Snowden to disclose this (http://cryptome.org/2013/10/26-years-snowden.htm) as he's too classy to drop dox on specific field operations and highly technical method and tools information. hmmm...