Snowden Says NSA Employees 'Routinely' Passed Around Naked Photos That Had Been Intercepted

from the because-of-course-they-would dept

One of the repeated talking points by the NSA for years has been about how there are all these "strict controls" on who has access to data and how it's used. We've seen pretty clear evidence that the NSA's definition of "strict controls" (like so many NSA definitions of plain English words and phrases) is different than what most people consider "strict controls." After all, it insisted for months that Snowden didn't have any access to actual surveillance data... until it was revealed that he did. There were also all those cases of flagrant abuses of the NSA's system that were revealed last fall. The NSA pretended this showed how good they were at catching anyone who abused the system, but the details suggested otherwise. Many of the "caught" abuses only came out years later when the people who abused the systems to spy on lovers and friends admitted to it during interviews.

Keith Alexander insisted that the NSA had "100% audibility" of the actions of their employees and they made sure that no one abused their powers:
"The assumption is our people are just out there wheeling and dealing. Nothing could be further from the truth. We have tremendous oversight over these programs. We can audit the actions of our people 100%, and we do that," he said.

Addressing the Black Hat convention in Las Vegas, an annual gathering for the information security industry, he gave a personal example: "I have four daughters. Can I go and intercept their emails? No. The technical limitations are in there." Should anyone in the NSA try to circumvent that, in defiance of policy, they would be held accountable, he said: "There is 100% audibility."
Of course, that doesn't explain why so many of the "LOVINT" cases only came out after people self-confessed many years later, rather than through any audits.

Meanwhile, in the latest Ed Snowden interview (done with the Guardian's Alan Rusbridger), Snowden reveals that NSA employees routinely would share naked photos that had been intercepted:
“You've got young enlisted guys, 18 to 22 years old,” Snowden said. “They've suddenly been thrust into a position of extraordinary responsibility where they now have access to all of your private records. In the course of their daily work they stumble across something that is completely unrelated to their work in any sort of necessary sense. For example, an intimate nude photo of someone in a sexually compromising position. But they're extremely attractive.

“So what do they do? They turn around in their chair and show their co-worker. The co-worker says: ‘Hey that's great. Send that to Bill down the way.’ And then Bill sends it to George and George sends it to Tom. And sooner or later this person's whole life has been seen by all of these other people. It's never reported. Nobody ever knows about it because the auditing of these systems is incredibly weak. The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream from the intended recipient and given to the government without any specific authorization without any specific need is itself a violation of your rights. Why is that in a government database?”

Then Alan Rusbridger, The Guardian’s editor-in-chief, asked: “You saw instances of that happening?”

“Yeah,” Snowden responded.

“Numerous?”

“It's routine enough, depending on the company that you keep, it could be more or less frequent. These are seen as the fringe benefits of surveillance positions."
Of course, none of this is really that new. Way back in 2008, you may recall, that it was revealed that NSA analysts were listening in on pillow talk phone calls between Americans overseas and loved ones back home... and sharing those recordings around the office:
Not only were calls between Americans listened to and recorded on a regular basis, the "good parts" (i.e., phone sex) were sent around to other operators to listen to as well. One of the operators said that on a regular basis messages would be sent around with messages like: "Hey, check this out. There's good phone sex or there's some pillow talk, pull up this call, it's really funny, go check it out."
That was revealed years before Snowden even worked for the NSA. It would appear that little has changed.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Jul 18th, 2014 @ 4:00am

    Bah, this is no news, I go through those regularly. Now he's confusing NSA surveillance with the Internet. /s

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Vidiot (profile), Jul 18th, 2014 @ 5:52am

    Old-school version

    Pre-Internet, telco employees would routinely get their jollies by monitoring late night bedroom conversations... phone sex, essentially. According to people I knew, CO (central office) technical staff were expected to monitor "line quality" by listening to random calls; and once you found something steamy, the monitoring might just go on and on and on. Ahh, good times.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Bt Garner (profile), Jul 18th, 2014 @ 5:55am

    So let's get this straight. If I pass around a sexually explicit photo at my job, I will get fired for sexual harassment, and creating a hostile work environment. But if I worked for the NSA.. .then all is well, right? Where do I sign up for this job?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 5:56am

    Typo

    > That was revealed years before Snowden even worked for the NSA.

    Should be, "That was revealed years before Snowden even worked for the NSA contractor, Booz Allen Hamilton."

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 6:12am

    Re:

    I believe you have to sign a contract with the red horny one.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Anonymous Coward, Jul 18th, 2014 @ 6:36am

    Re:

    This is the problem with the DOJ going after the 'Dark Net'. They cannot tell the difference between the actual Dark Net and the NSA stream.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 6:43am

    And this is what Whatever supports?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    private frazer, Jul 18th, 2014 @ 7:12am

    please stop making out that GCHQ and the NSA are evil! I mean, if you've done nothing wrong you've got nothing to hide. Stands to reason.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    zip, Jul 18th, 2014 @ 7:18am

    Re: Old-school version

    It gets worse than that. Many people kept telephones next to their bed, and the vibrations from their voices could easily be picked up by their phones sitting just a foot or two away, and their 'bedtime' conversations transmitted down the copper wires. It's not unlike those things we did as kids, like putting your ear against a (sheetmetal) HVAC vent and clearly hearing people talk from the far side of the building. People don't seem to realize that metal transmits sound extremely well, and all the wires, pipes, and ducts in a building can easily be employed as ready-made listening devices.

    Just like the NSA, I'm sure there must be plenty of telephone company workers with some wild stories to tell.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Michael, Jul 18th, 2014 @ 7:27am

    I just sent out a bunch of naked pictures of myself.

    Take that you NSA spying bastards!!!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 7:33am

    No worries. Those photos are nothing to hide, right?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Call me Al, Jul 18th, 2014 @ 7:44am

    Re:

    Bravo sir!

    If we can strike them all blind with appalling naked pictures then we could make a great leap forwards for civil liberties.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 7:47am

    Re: Typo

    The NSA directly supervised him. He worked for the NSA as a contractor.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Baron von Robber, Jul 18th, 2014 @ 8:28am

    And if any of those pics are under the age of 18?

    Oh my!! Somebody is in big trouble...er alot of people.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 8:28am

    Hopefully this will be useful for getting the puritan crowd on our side. Unconstitutional spying is well and good to them, but naked pictures? It fits with the Bill Clinton precedent of illegitimate sex life being impeachable, war crimes not.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 8:41am

    "Snowden Says NSA Employees 'Routinely' Passed Around Naked Photos That Had Been Intercepted"

    but those pictures were passed around for security purposes. Think of it this way. If a doctor has a patient profile and he's not sure what's wrong with the patient or is not sure what treatment is best s/he may consult with other doctors to help diagnose and treat the patient. This is the same thing!! See, some TSA agents may not be sure if there is something in the photo that poses a threat so they pass around these pictures to other experts to get a second opinion. It's for your own security!!

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 8:44am

    Re:

    (oops, I meant NSA, though I'm sure the TSA does the same thing for similar reasons).

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    MonkeyFracasJr (profile), Jul 18th, 2014 @ 8:45am

    TITS OR GTFO!

    I for one, would like examine the evidence!

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 8:50am

    My favorite part of the interview is when Snowden suggested that Dropbox is probably a PRISM wannabe and that NSA-loving Condoleezza Rice is on Dropbox's Board of Directors.

    Snowden is then asked if he uses Google or Skype for private conversations, and bursts into laughter at the thought. Snowden's a wise individual.

    He then goes on the recommend SpiderOak for cloud storage, due to their Zero-Knowledge encryption system. I used SpiderOak for a while. It's a great service.

    Unfortunately SpiderOak has offices in US jurisdiction. Which means they're subject to secret National Security Letters.

    Once the Snowden stories broke, I decided to stop using SpiderOak. Every US company is required by law to assist the US federal government, or face prosecution.

    That means SpiderOak can be compelled to push out software updates that target individual users. That update would then log a user's password from their keyboard, which would then allow the NSA to decrypt everything because all SpiderOak user keys are stored (encrypted by your plain text user password) on SpiderOak's servers.

    Even if user keys weren't being stored on SpiderOak's servers in encrypted format, it still wouldn't make a difference. The National Security Letter would just force SpiderOak to grab the user's key off their personal computer and upload it somewhere. Just like the above scenario. Via a customized, targeted software update that steals the key off a user's computer.

    SpiderOak stores user keys (encrypted) on their servers, in case a user's hard drive crashes. Normally SpiderOak never sees a user's password. User passwords are never sent over the wire in plain text. Even if SSL/TLS is used, a plain text password still isn't being sent using SSL/TLS.

    Only a salted hash of the user's password is sent to SpiderOak in order to authenticate the user. If the hash matches what SpiderOak has on file, then SpiderOak sends the user's key back to them. Then the user decrypts the outer encryption layer around their key, locally on their own computer, by typing in their plain text password. They now have access to the symmetric encryption/decryption key and can encrypt/decrypt files in their SpiderOak account.

    It's an impressive design. Unfortunately they're not immune to National Security Letters that force them to log a user's plain text password, by pushing out a keylogger update to targeted users if compelled to do so in secret from a Nation Security Letter. No US company is immune to that requirement.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    nasch (profile), Jul 18th, 2014 @ 9:23am

    tenaka

    So kenichi tenaka, do you still think NSA spying is no problem if you're not a terrorist?

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    limbodog (profile), Jul 18th, 2014 @ 9:37am

    Re:

    I hope you did a search for encryption technology first, to guarantee they spied on you. "What is TOR?"

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 10:05am

    Re:

    Any good non-US alternative?

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Chris Brand, Jul 18th, 2014 @ 10:13am

    "auditable" doesn't mean there are audits

    It's great to make things "auditable", but you still aren't going to find problems unless you actually do audits...

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Easily Amused (profile), Jul 18th, 2014 @ 11:05am

    how odd... it appears that the cadre of security apparatus white-knighters all took the same day off....

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 1:16pm

    There's a cool FOIA request

    here's a cool FOIA request.

    I want copies of all emails from any NSA employee toe any other NSA employee that contain attachments which might reasonably be considered NSFW images.

    We'll just select the time period when Snwden was working there.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Jul 18th, 2014 @ 7:32pm

    Re: Re:

    You are all extremists. Click this link to find out why.

    Ha ha. By clicking on that link, the NSA now considers you an extremist and is targeting you. This is way better than a rickroll. ::trollface::

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Jul 19th, 2014 @ 2:00am

    Re: tenaka

    He's probably fapping away at the thought.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Jul 19th, 2014 @ 4:04am

    Re: "auditable" doesn't mean there are audits

    ...and do it on contractors as well as "our people."

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    valery555, Jul 22nd, 2014 @ 11:48am

    Snowden

    Snowden to be romantic and idealistic identity. In Russian hackers usually work on bandits and terrorists. In America, the hackers are working highly paid experts. Protecting Data from all the intelligence world - a complex and expensive project. Do not quite understand how he he is going to solve this problem. Where will the money or assistants?
    About Snowden and Russian hackers - article (in Russian).
    http://newreal.org/snoud1.htm

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.