US Still Can't Figure Out What Snowden Took; What Happened To Those Perfect 'Audits'?

from the total-failure dept

Remember how the NSA’s biggest defenders keep insisting that the NSA’s perfect “audits” prevent abuse? Here’s Keith Alexander insisting that such audits are perfect:

“The assumption is our people are just out there wheeling and dealing. Nothing could be further from the truth. We have tremendous oversight over these programmes. We can audit the actions of our people 100%, and we do that,” he said.

Addressing the Black Hat convention in Las Vegas, an annual gathering for the information security industry, he gave a personal example: “I have four daughters. Can I go and intercept their emails? No. The technical limitations are in there.” Should anyone in the NSA try to circumvent that, in defiance of policy, they would be held accountable, he said: “There is 100% audibility.” Only 35 NSA analysts had the authority to query a database of US phone records, he said.

Yet, many months after the initial leaks, it’s being reported that the US government still doesn’t know what Snowden took:

More than two months after documents leaked by former contractor Edward Snowden first began appearing in the news media, the National Security Agency still doesn’t know the full extent of what he took, according to intelligence community sources, and is “overwhelmed” trying to assess the damage.

First off, this shows that the claims of 100% auditability are complete crap. If they can’t tell what Snowden took so many months later, they don’t have very good auditability at all. Furthermore, this raises serious questions about the NSA’s data management capabilities. For all the claims that there are no “willful” or “intentional” violations by the NSA of people’s privacy, it seems difficult to believe they can know that. Here’s a case where they flat out know that someone got access to all sorts of documents, and over many months they still can’t figure out what he got. And, yet, they expect us to believe that they can tell with perfect accuracy what their staffers are doing with the data they have access to? Seriously?

Yes, there have been thousands of “accidental” violations that were caught in audits, but it seems highly likely that there are intentional violations that the NSA just doesn’t know about. If they can’t track what an outside contractor is downloading, how can they even pretend that they have control over their data and information?

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “US Still Can't Figure Out What Snowden Took; What Happened To Those Perfect 'Audits'?”

Subscribe: RSS Leave a comment
HappyBlogFriend (profile) says:

Re: Know what's even scarier?

silverscarcat wrote:

This basically implies that a hacker could break into the NSA, steal all the data inside and spread it out to whomever they wanted to and the NSA would never know how much was taken.

In other words, the government is lucky that their data was taken by someone with Snowden’s integrity.

Their data was insecure, a breach was bound to happen, and they wouldn’t treat Snowden as an enemy if they had any idea what sort of damage a real enemy can do.

Anonymous Coward says:

Re: Re: Know what's even scarier?

In other words, the government is lucky that their data was taken by someone with Snowden’s integrity.

I don’t think they’re that lucky. I strongly suspect that if Snowden, a contractor and essentially an intelligence amateur, got his hands on all that, that the professionals working for other governments have long since availed themselves of far more. The only difference is that they are unlikely to start leaking it to the press.

Jose_X (profile) says:

Re: Re: Re: Know what's even scarier?

Any person allowed administrator privileges (and the clearance and trust that implies) has potentially a lot of power.

Other governments can know more through espionage (or putting a gun to “Snowden”‘s head or watching him very closely) than perhaps through hacking.

Finally, while I know the NSA helped build the SE Linux infrastructure, you still have to use it and use it wisely (ie, by giving as little access as possible to anyone who shouldn’t have access). I just read that the NSA had fallen asleep at the wheel keeping data sufficiently compartmentalized. Snowden had access to things he didn’t need to have access to, I’m guessing.

Trust has to exist to some extent. The idea is that people who violate that trust will have the weight of the US gov to deal with later if they are caught.

Jose_X (profile) says:

Re: Re: Re:2 Know what's even scarier?

BTW, I just saw Keith Alexander’s Black Hat speech on youtube.

100% auditability was used several times. It did not refer to system administration.

It was used in the context of NetFlow. It was used in the context of 2 query programs. The speech was about those 2 programs, a meta data program and prism.

For example, a little over 20 minutes into his speech [27:15 in the vid I saw]: “So on this program [Prism/FAA 702 authority], 100% auditability on every query that we make, and that is overseen by our inspector general, our general counsel.”

Or the example, in the context of NetFlow [15:30]: “you know that we can audit the actions of our people. 100% in this case.”

Even the quote Mike provided qualifies the 100% auditability with “these programmes,” and there were no other programs mentioned or detailed in the speech (at least to any degree, iirc).

So, there is no claim at all iirc that every command taken by a sys admin is audited. Every instance I remember refers to NetFlow or to either of the 2 query programs (meta-data and Prism).

I am sure the NSA has a lot more auditing, but the 100% was used in a very limited scope.

Uriel-238 (profile) says:

Re: Re: Know what's even scarier?

In other words, the government is lucky that their data was taken by someone with Snowden’s integrity.

The government is lucky that [the only data leak to surface so far] was by someone with Snowden’s integrity.


I suspect the ones with more nefarious purposes (e.g. sending commercial intel to China) are still in place continuing their work.

Jose_X (profile) says:

Re: Know what's even scarier?

Snowden had legal access to access lots of things, I’m assuming, and access he did. The NSA would know this was a lot of material over a long time period perhaps. So they might know the worst case scenario as a decent upper bound.

Anyone with insider access from afar can do the same thing.

How easy it may or may not be for a hacker to disguise him/herself as an insider or hijack a session is a different question altogether.

[So I don’t think it implies that a hacker can break in nor that a bunch of data can be touched without anyone knowing. But, independently, there appears to be a significant chance lots of people might have access to lots of data since many insiders could have been sloppy (or “sloppy”) in the past. And we are not talking about Secret or any other designation besides Classified, I don’t think.]

Lurker Keith says:

multi-edged swords

Maybe instead of arresting Snowden, Obama should make him head of the NSA (or Intelligence as a whole). Obviously, someone who knows how to get the data out unnoticed knows what holes in security to plug.

However, that is a double, or even, triple edged sword. Once Snowden properly secures the NSA from breaches, assuming he’s a good guy, whoever takes over will have that better security & the public can know less when a leak is necessary for the greater good.

Joseph Ratliff (profile) says:

Just because they can...

“We can audit the actions of our people 100%, and we do that,”

Just because they have the ability to audit, doesn’t mean they actually use it 100% of the time (in fact, from what I’m reading, it seems they rarely use it at all).

And that’s the problem, they (our Government officials in support of this NSA stuff) keep saying what they are capable of doing, instead of saying what they are actually doing… or coming clean with the public.

barleyblair (profile) says:

Another Possibility

Mike, an alternate reason why the NSA is unable to determine the scope of Snowden’s access is that the systems were designed to provide plausible deniability in the event that someone suspected that the appliances were being used to specifically target Americans for non-terrorism-related matters…. If the stakes are big enough, there are incentives to design specific flaws into the process. Look at Satyam and how it used its ERP to hide financial misdeeds.

Anonymous Coward says:

And if the NSA did know what Snowden took, would they speak of it? It can’t escape thought that the NSA knows what he took and they are scared, very scared. Which would align with the massive international pressure to get him back.

Snowden’s releases have been very strategic, building up over time and exposing more abuse. We haven’t seen the end of it, and we certainly have not seen the peak of it.

sinizt3r (profile) says:

Blind leading the Blind

If they can’t track what an outside contractor is downloading, how can they even pretend that they have control over their data and information?

I’m honestly worried about Our data and theirs!.. But what would the funniest thing..
If Snowden didn’t take anything but memorized everything.. With no checks or balances anywhere to be found everyone’s left clueless and Snowden made a very clear point “Once you see something, you can’t unsee it” So even with total security.. face the facts and realize there’s none to be had,
Control is a figment of our imagination.. you’d think an agency such as the NSA would understand that. And realize this needle stack is causing them and our officials to look like the Terrorists to many Americans and Others around the World

Anonymous Coward says:

They have all that data, and any decision on what to do with that data is General Keith Alexander’s.

So he’ll be reading his enemies emails, spying on political opponents, even listening on his allies phone calls to check if they’ve gone off message, and all the creepy things out of control Generals do. None of that will be logged, because whether its logged is simply his decision, under his control.

I bet he has some serious leverage over UK and NZ politicians.

Like Firefox and its ‘in Private’ browsing mode, that doesn’t log anything, Alexander will have his own InPrivate search mode.

So until the constitutional protections are restored, even Obama is the General’s bitch.

There is however, one group of people that can catch him and can prove what he’s done. The 90% sysadmins that can get to the low level database logs.
TOR still works despite the recent NSA attacks. Any of you have a conscience?

Jay (profile) says:

[Begin rant]

So… Obama has basically told us that his MO is to cover for the state as much as possible. Given that Manning’s only crime is exposing the secrets of the government, it’s not a surprise that they went to give him as much time as possible.

They didn’t want the audits. They just wanted the power. That’s it. All he wanted was to change public perception around these leaks. The enemy of the state is the people itself, and Obama along with these high ranking officials don’t want to be answerable to the public.

It reminds me of the movie “Cool Hand Luke”. Hell, let’s update that to Major Payne. You have a Nasty Drill Seargeant man in charge aiming to destroy the morale of kids or the prisoners in his care and after putting the people through hell what does he say? “What we have here is a failure to communicate!”

Yeah, that’s a great motto for those in charge…

Release documents piecemeal until a new leak exposes more, betraying the role of our Constitution, and giving more power to corporate interests has basically caused us to see the problems of our democracy as it stands now.

The bureacracy hs the state, the spiritual essence of society, in its possession, as its private property The general spirit of the bureacracy is the secret, the mystery preserved within itself by the hierarchy and against the outside world by being a closed corporation. Avowed political spirit, as also political mindedness, therfore appears to the bureacracy as treason against its mystery. hence, authority is the basis of its knowledge, and the deification of authority is its conviction

What Snowden and Manning have done is betray this cabal and given secrets to the enemy of the state: The public.

The mergeance of corporate state with Allen Booz and the NSA has given us a lot of secrecy and we have the results.

Growing inequality…

State propaganda…

Execution of Americans for doing nothing more than living their lives with their behaviors being more and more criminalized as we speak.

We seriously need a change in our lives because THIS is truly atrocious for being able to go on for so long.

JaDe says:

Devil's Advocate.

What Gen. Alexander said could all be true. The NSA might very well have 100% audibility at the application level but have few if any audit controls at the system level. The software I work on is this way. We have tons of auditing controls in our application so we know which users(i.e. NSA Drones) did what actions. However if some one with admin rights (i.e. Snowden) logged on to the server, they have free reign for the most part. This would be highly irresponsible of them and I would hope they have better controls on their systems, but you never know. The NSA is obviously trying to rectify this, in part by firing 90% of their sysadmins.

Or… They’re all a bunch of lying dirtbags.

Anonymous Coward says:

if they cant figure out what has been taken, why are they going overboard with the lies to protect what was taken? why are they doing whatever they can to get other countries (read fucking idiots in the UK here!) to do whatever they can to go down the same road as the US, ie, pulling the most blatantly obvious intimidation stunts against people? and dont forget the statement that ‘those that condone the leaks and the reporting’ are basically traitors. yet strangely enough there is nothing about the governments introducing censorship and other methods which will have greater impact on the world, not just the respective country, and will probably destroy democracy while they’re at it!

Anonymous Coward says:

Re: Re: Re:

This is true. I obviously was awake only enough to catch the meaning and not the truth behind the words… Dang it!

Still the point is valid. When you think you are bulletproof, all of a sudden someone find something bigger and better. The line by Inspector Gordon talking to Batman about this new guy the “Joker” at the end of Batman Begins comes to mind….

Namel3ss (profile) says:

And to think the NSA spying isn't even the whole picture

As horrible as all the NSA spying is, I have to say “but wait there’s more!”

Once Obamacare comes online, and the IRS (who is charged with enforcing Obamacare) has access to all our medical records, we will all be well and thoroughly screwed. Imagine the NSA and IRS, the two most hated agencies in the govt, knowing basically everything about you. Scary stuff indeed.

As for the NSA part of it, just one more reason (maybe the biggest one) that Obama has to go. Yes it started under Bush, but Obama doubled down on all of Bush’s failed policies and basically became Bush on steroids.

John Fenderson (profile) says:

Re: And to think the NSA spying isn't even the whole picture

Once Obamacare comes online, and the IRS (who is charged with enforcing Obamacare) has access to all our medical records

Obamacare does not give the IRS access to all our medical records, nor does the IRS need to have such access to do what it’s tasked with. The IRS’ involvement is basic and simple: you provide them with proof of insurance (assuming you’re required to have it), or they assess a surcharge. That’s it.

Imagine the NSA and IRS, the two most hated agencies in the govt, knowing basically everything about you.

I don’t have to imagine that, because that’s the way it’s been for years already.

That One Guy (profile) says:

Re: NSA and their audits

No, the biggest reason to believe that they have no idea what Snowden grabbed was the continual lies they keep putting out, ones that their own evidence counters, which is absolutely demolishing any credibility they or the government might have had.

It’s one thing to lie, but it’s another altogether to lie when you know that the other person has solid evidence that you’re lying, which strongly suggests that they really do have no idea what Snowden has.

Jim says:

Doesn't mean it's not unconstitutional

It doesn’t matter how many people have access to query. They are violating the 4th amendment to the constitution by merely collecting the data. No, the FISA court, nor even Congress can change the constitution. They can’t rule something legal and have it in violation of the constitution.

As long as they collect they are violating the constitution, and that is breaking the law.

Anonymous Coward says:

So now one and one make two.

This answers the why of David Miranda’s detaining in the UK. It was hoped to gain access to the info he was carrying to identify the next set of leaks so that they wouldn’t look so clueless when the next leaks come out.

It’s about as damning as it gets for the US’s claim they knew but didn’t request his incarceration. Again fancy footsteps around the real truth. They wanted his info, not his imprisonment and doing it before customs means no national laws to deal with.

The US and it’s spy agency is up to it’s eyeballs in the involvement despite the claims.

Dave (profile) says:

Look out behind you!

Uncle Mike said: “First off, this shows that the claims of 100% auditability are complete crap. If they can’t tell what Snowden took so many months later, they don’t have very good auditability at all. Furthermore, this raises serious questions about the NSA’s data management capabilities.”

If they don’t know what our friend Snowden took, how are they going to keep the REAL bad guys out of the pile? Wanna bet they get raided constantly, without knowing it? Them furrin hackers are pretty smart, ya know. I bet they get in all the time and those cross-eyed idiots in DC haven’t a clue.

Dave (profile) says:

Re: Look out behind you!

Something else to think about: IF the bad guys ARE raiding the pile as I believe they are, think of what a treasure trove of personal data, card numbers, account numbers, passwords, etc. it is, assuming of course that NSA is collecting what we think it’s collecting. If this is true, you can expect a massive identity theft upsurge soon.

Disgusted (profile) says:

Can we afford this?

I’ve been asking for a while, and have gotten no answers. In this climate of poor economy, rampant unemployment, and a sequestered Federal Budget, how can we justify a clandestine organization like NSA spending untold billions on a program that’s essentially illegal. What, exactly, are they trying to accomplish? How will (or does) this benefit us? Who’s getting all of the contracts and money?

And don’t raise the specter of “terrorism”. That’s pure BS and we all know it. 9/11 was a masterfully orchestrated fluke that probably won’t happen again. If it does, are the NSA spooks trying to convince us they will catch on BEFORE it happens? Not bloody likely. They can’t even tie their own shoe laces.

In the mean time this “terrorist” boogyman has the general public so flustered and confused and paranoid that, in effect, the bad guys have already won. This is NOT the America that won WWII and vanquished both the Germans and the Japanese. We couldn’t do that now if our lives depended on it, and they just might.

th (profile) says:

Exaclty right

Exactly right. The whole argument has been, we will know if someone is accessing our info. Even if you go rogue, we will nail you. Thus, there is deterrence.

The fact that this turns out not to be true is a problem , to say the least. The NSA needs to get straight on this point. They are putting in jeopardy the systems that they know only too well have the capacity to prevent a civilization destroying biological attack or the successful release of an engineered virus .

They need to focus on what their conduct has been- with respect to punishing dissenters, hiding from Congress, deceiving the public, covering up, and especially malignantly and gratuitously going after people like Binney in such a way that Snowden happens in the first place.

They act as if things are happening to them and they’re pissed instead of acting like they know the world they live in, what might happen and the best way to react should it happen.

Binney happened and the way you handled it lead directly to Snowden.

Snowden happened and the way you’re handling it is now jeopardizing everything.

The attitude of the NSA, their own idea of their relationship to the nation appears to be autocratic and imperial. This appears to be because they consider their mission to be so critical to the nation that the basics of it it shouldn’t be questioned or reviewed or even meaningful dissented from, even internally.

It’s not small irony that this is exactly what happened to the HAL 9000 computer in the movie 2001. The computer was unable to cope with the gravity of the knowledge it had and concomitant need for secrecy and that stopped it from conferring with outsiders and in the end seeing them only as threats to its “mission”.

There is more than a little of that going on here.

Because the fact is, the type of threats the nation faces are totally sui generis and may require on the part of everyone some rethinking about aspects of governance, privacy, transparency and the consent of the governed. These are things that go to the foundations of how we are constituted as a nation and a people.

I do blame the NSA now. For their apparent frat boy culture that, for instance, permitted passing around tapes of phone sex between our servicemen and women and their loved ones back home. For their ham-handed, low IQ and autocratic response to a true patriot like Binney. For their failure to understand that the nation needs to be brought current on the nature of the threats we face and what impact and sacrifices that may have on and require of civil society.

For being caught entirely flatfooted by Snowden (you really never considered what to do if this happens? Really? Really????) and trying to lie their way out of it instead of using it as a teaching moment about why, what and when they do what they do.

The enemy gets a vote. You , NSA and the administrations, should know this better than anyone. The model you have of keeping the American public and Congress in the dark as much as possible, not because doing so keeps necessary secrets but because you’re afraid of the culture shock Americans would experience if they knew, generally speaking, what you know, feared what you feared, worried about what you worry about, has got to go.

We need to all get on the same page so we can move forward as a nation, as a people unified in part by a shared understanding of the world and the real threats in it, not one that is being torn apart by paranoid ideas that their government is moving towards some totalitarian state.

Art (profile) says:

still not asking the right questions

The statement said 35 NSA analysts had access to the queries. The question is how many outside contractors had access, since they aren’t direct NSA employees. If they only have to audit their actual workers…I wouldn’t be surprised if they use the concept of 3rd party business records access to get around some limitations to using these queries. Remember if it comes from a 3rd party they can get whatever records they want.

hopponit (profile) says:


“I wonder if the NSA got the keys to just about every DRM system ever created and the Obama administration is worried that Snowden got that information. That would explain why the US and UK administrations are so insanely over the top on their responses to Snowden.” Thank you. I hadn’t thought of that. It makes me wonder if the DRM keys are tied into something else that we aren’t supposed to know about. I’m thinking of maybe some back room deals or favors for the content holders. Something that provided some kind of under the table money (bribes!) that need to be hidden. A whole lot can be boiled down to the desire for money or power.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...