US Still Can't Figure Out What Snowden Took; What Happened To Those Perfect 'Audits'?
from the total-failure dept
"The assumption is our people are just out there wheeling and dealing. Nothing could be further from the truth. We have tremendous oversight over these programmes. We can audit the actions of our people 100%, and we do that," he said.Yet, many months after the initial leaks, it's being reported that the US government still doesn't know what Snowden took:
Addressing the Black Hat convention in Las Vegas, an annual gathering for the information security industry, he gave a personal example: "I have four daughters. Can I go and intercept their emails? No. The technical limitations are in there." Should anyone in the NSA try to circumvent that, in defiance of policy, they would be held accountable, he said: "There is 100% audibility." Only 35 NSA analysts had the authority to query a database of US phone records, he said.
More than two months after documents leaked by former contractor Edward Snowden first began appearing in the news media, the National Security Agency still doesn’t know the full extent of what he took, according to intelligence community sources, and is “overwhelmed” trying to assess the damage.First off, this shows that the claims of 100% auditability are complete crap. If they can't tell what Snowden took so many months later, they don't have very good auditability at all. Furthermore, this raises serious questions about the NSA's data management capabilities. For all the claims that there are no "willful" or "intentional" violations by the NSA of people's privacy, it seems difficult to believe they can know that. Here's a case where they flat out know that someone got access to all sorts of documents, and over many months they still can't figure out what he got. And, yet, they expect us to believe that they can tell with perfect accuracy what their staffers are doing with the data they have access to? Seriously?
Yes, there have been thousands of "accidental" violations that were caught in audits, but it seems highly likely that there are intentional violations that the NSA just doesn't know about. If they can't track what an outside contractor is downloading, how can they even pretend that they have control over their data and information?