Snowden Says NSA Employees 'Routinely' Passed Around Naked Photos That Had Been Intercepted

from the because-of-course-they-would dept

One of the repeated talking points by the NSA for years has been about how there are all these “strict controls” on who has access to data and how it’s used. We’ve seen pretty clear evidence that the NSA’s definition of “strict controls” (like so many NSA definitions of plain English words and phrases) is different than what most people consider “strict controls.” After all, it insisted for months that Snowden didn’t have any access to actual surveillance data… until it was revealed that he did. There were also all those cases of flagrant abuses of the NSA’s system that were revealed last fall. The NSA pretended this showed how good they were at catching anyone who abused the system, but the details suggested otherwise. Many of the “caught” abuses only came out years later when the people who abused the systems to spy on lovers and friends admitted to it during interviews.

Keith Alexander insisted that the NSA had “100% audibility” of the actions of their employees and they made sure that no one abused their powers:

“The assumption is our people are just out there wheeling and dealing. Nothing could be further from the truth. We have tremendous oversight over these programs. We can audit the actions of our people 100%, and we do that,” he said.

Addressing the Black Hat convention in Las Vegas, an annual gathering for the information security industry, he gave a personal example: “I have four daughters. Can I go and intercept their emails? No. The technical limitations are in there.” Should anyone in the NSA try to circumvent that, in defiance of policy, they would be held accountable, he said: “There is 100% audibility.”

Of course, that doesn’t explain why so many of the “LOVINT” cases only came out after people self-confessed many years later, rather than through any audits.

Meanwhile, in the latest Ed Snowden interview (done with the Guardian’s Alan Rusbridger), Snowden reveals that NSA employees routinely would share naked photos that had been intercepted:

?You’ve got young enlisted guys, 18 to 22 years old,? Snowden said. ?They’ve suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records. In the course of their daily work they stumble across something that is completely unrelated to their work in any sort of necessary sense. For example, an intimate nude photo of someone in a sexually compromising position. But they’re extremely attractive.

?So what do they do? They turn around in their chair and show their co-worker. The co-worker says: ?Hey that’s great. Send that to Bill down the way.? And then Bill sends it to George and George sends it to Tom. And sooner or later this person’s whole life has been seen by all of these other people. It’s never reported. Nobody ever knows about it because the auditing of these systems is incredibly weak. The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights. Why is that in a government database??

Then Alan Rusbridger, The Guardian?s editor-in-chief, asked: ?You saw instances of that happening??

?Yeah,? Snowden responded.


?It’s routine enough, depending on the company that you keep, it could be more or less frequent. These are seen as the fringe benefits of surveillance positions.”

Of course, none of this is really that new. Way back in 2008, you may recall, that it was revealed that NSA analysts were listening in on pillow talk phone calls between Americans overseas and loved ones back home… and sharing those recordings around the office:

Not only were calls between Americans listened to and recorded on a regular basis, the “good parts” (i.e., phone sex) were sent around to other operators to listen to as well. One of the operators said that on a regular basis messages would be sent around with messages like: “Hey, check this out. There’s good phone sex or there’s some pillow talk, pull up this call, it’s really funny, go check it out.”

That was revealed years before Snowden even worked for the NSA. It would appear that little has changed.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Snowden Says NSA Employees 'Routinely' Passed Around Naked Photos That Had Been Intercepted”

Subscribe: RSS Leave a comment
Vidiot (profile) says:

Old-school version

Pre-Internet, telco employees would routinely get their jollies by monitoring late night bedroom conversations… phone sex, essentially. According to people I knew, CO (central office) technical staff were expected to monitor “line quality” by listening to random calls; and once you found something steamy, the monitoring might just go on and on and on. Ahh, good times.

zip says:

Re: Old-school version

It gets worse than that. Many people kept telephones next to their bed, and the vibrations from their voices could easily be picked up by their phones sitting just a foot or two away, and their ‘bedtime’ conversations transmitted down the copper wires. It’s not unlike those things we did as kids, like putting your ear against a (sheetmetal) HVAC vent and clearly hearing people talk from the far side of the building. People don’t seem to realize that metal transmits sound extremely well, and all the wires, pipes, and ducts in a building can easily be employed as ready-made listening devices.

Just like the NSA, I’m sure there must be plenty of telephone company workers with some wild stories to tell.

Anonymous Coward (user link) says:

“Snowden Says NSA Employees ‘Routinely’ Passed Around Naked Photos That Had Been Intercepted”

but those pictures were passed around for security purposes. Think of it this way. If a doctor has a patient profile and he’s not sure what’s wrong with the patient or is not sure what treatment is best s/he may consult with other doctors to help diagnose and treat the patient. This is the same thing!! See, some TSA agents may not be sure if there is something in the photo that poses a threat so they pass around these pictures to other experts to get a second opinion. It’s for your own security!!

Anonymous Coward says:

My favorite part of the interview is when Snowden suggested that Dropbox is probably a PRISM wannabe and that NSA-loving Condoleezza Rice is on Dropbox’s Board of Directors.

Snowden is then asked if he uses Google or Skype for private conversations, and bursts into laughter at the thought. Snowden’s a wise individual.

He then goes on the recommend SpiderOak for cloud storage, due to their Zero-Knowledge encryption system. I used SpiderOak for a while. It’s a great service.

Unfortunately SpiderOak has offices in US jurisdiction. Which means they’re subject to secret National Security Letters.

Once the Snowden stories broke, I decided to stop using SpiderOak. Every US company is required by law to assist the US federal government, or face prosecution.

That means SpiderOak can be compelled to push out software updates that target individual users. That update would then log a user’s password from their keyboard, which would then allow the NSA to decrypt everything because all SpiderOak user keys are stored (encrypted by your plain text user password) on SpiderOak’s servers.

Even if user keys weren’t being stored on SpiderOak’s servers in encrypted format, it still wouldn’t make a difference. The National Security Letter would just force SpiderOak to grab the user’s key off their personal computer and upload it somewhere. Just like the above scenario. Via a customized, targeted software update that steals the key off a user’s computer.

SpiderOak stores user keys (encrypted) on their servers, in case a user’s hard drive crashes. Normally SpiderOak never sees a user’s password. User passwords are never sent over the wire in plain text. Even if SSL/TLS is used, a plain text password still isn’t being sent using SSL/TLS.

Only a salted hash of the user’s password is sent to SpiderOak in order to authenticate the user. If the hash matches what SpiderOak has on file, then SpiderOak sends the user’s key back to them. Then the user decrypts the outer encryption layer around their key, locally on their own computer, by typing in their plain text password. They now have access to the symmetric encryption/decryption key and can encrypt/decrypt files in their SpiderOak account.

It’s an impressive design. Unfortunately they’re not immune to National Security Letters that force them to log a user’s plain text password, by pushing out a keylogger update to targeted users if compelled to do so in secret from a Nation Security Letter. No US company is immune to that requirement.

valery555 (user link) says:


Snowden to be romantic and idealistic identity. In Russian hackers usually work on bandits and terrorists. In America, the hackers are working highly paid experts. Protecting Data from all the intelligence world – a complex and expensive project. Do not quite understand how he he is going to solve this problem. Where will the money or assistants?
About Snowden and Russian hackers – article (in Russian).

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...