NSA's Latest Euphemism For Security Lapses That Allowed Snowden Leaks: The Leaks Were 'Masked By His Job Duties'
from the in-other-words,-it-was-not-secure dept
We’ve already covered a few times how, despite the NSA’s (and its defenders’) repeated claims that its systems can’t be abused because of its vaunted “auditability,” the fact that Snowden got access to all those documents without anyone being able to figure out what he took shows that the audits don’t work. It became clear that the audits appear to only apply to analysts, but not sys admins like Snowden, and there are around 1,000 of those, leading to the obvious question: how many others also got classified info without anyone noticing it? One officials has tried to make it out that Snowden was “too brilliant” to work for the NSA, since he covered his tracks. While every indication is that Snowden was, in fact, quite good at his job, and able to cover his tracks well, it’s not at all clear that what he did was particularly unique or special.
In fact, the latest spin from the NSA is to claim that he wasn’t that “gifted” at all, but rather than the leaks were “masked by his job duties.”
“His job was to do what he did. He wasn’t a ghost. He wasn’t that clever. He did his job. He was observed [moving documents], but it was his job.”
That report also quotes the NSA’s CTO as saying that now, about four months later, the NSA finally has a “good idea” of what Snowden got:
“We have an extremely good idea of exactly what data he got access to and how exactly he got access to it,” says the NSA’s chief technology officer, Lonny Anderson.
Only took four months. Of course, all of this, once again, raises all sorts of questions. It shows that the NSA’s audits were basically non-existent for a very large number of people. It shows that the NSA has almost no legitimate way to go back and see if there were widespread abuses among others with similar “job duties.” If it was his “job” to do these kinds of things, and there was no real way to track him without many months of work (and even then, only to the degree that the NSA has a “good idea” of what he did), then there’s no real accountability there at all. At this point, it seems reasonable to use this to assume that the NSA’s systems aren’t even remotely secure, and have regularly been abused, without anyone at the NSA even knowing about it. After all, the NSA itself is admitting that someone doesn’t even need to be “that clever” to abscond with tens of thousands of classified info on top secret programs and leave an almost non-existent trail.