Where exactly is Edward Snowden? Where are the documents he downloaded from the NSA’s computers? How many copies of the data has he made? Who else has he given them to? What will those people do with the information? We don’t have answers to any of these questions, and we might never get them. But what we’ve learned over the last few days should be extremely worrying.
First, in an interview with the South China Morning Post, Snowden admitted that he sought a job with the government contractor Booz Allen Hamilton specifically so that he could gather documents about the NSA. Now it’s also clear that before he flew the coop to Hong Kong and then Moscow, he made numerous copies of the documents he downloaded, and handed them out to many people around the world. According to journalist Glenn Greenwald, the data are encrypted, but Snowden has arranged for the people who have the files to get full access to them “if anything happens” to him.
Two weeks ago I asked why we should trust the NSA with our data if it couldn’t keep it secure from a single rogue employee. But now the question is more urgent, because it’s become clear that Snowden didn’t just “go rogue.” Instead, his actions look like a precise, long-planned, perfectly choreographed infiltration of the U.S. government. Snowden spent months figuring out which agency to hit, how to get access, which documents to download, which journalists to leak to, which organizations to join up with, and where and how to escape. Everything he’s done—right down to tricking the world into thinking he’d be on a flight to Havana—seems like the work of a canny agent, not a mere disgruntled IT guy.
This is very bad news. From what we can tell, the NSA has no good defense against such a well-planned incursion. It may be able to erect security measures to prevent another similar hit by an employee, but because the data it collects are so valuable, it will always remain vulnerable to an organized attack. That answers the question I raised a couple of weeks ago: Why should we trust an agency that can’t secure its own data with our personal info? We shouldn’t.
The only saving grace in this story is that Snowden claims to have had the noblest of aims. He wanted to expose the globe-spanning scope and hand-of-God reach of United States surveillance infrastructure in an effort to provoke democratic discussion. There’s no reason to distrust him; everything we know about Snowden, especially his voluminous Web postings, shows that he really believes in what he’s doing.
Still, there’s a name for what Snowden did. It’s called hacking. In the jargon, Snowden is a “white hat”—a kind of ethical attacker who exposes security holes in an effort to improve the overall security of the system. But Snowden just as easily could have been a black hat—a hacker bent on wreaking havoc, a guy who cracked open the NSA in order to get dirt on powerful individuals or to sell U.S. secrets to foreign governments. From what we know so far, it wasn’t very difficult for Snowden to get a job in the NSA. After getting his foot in the door as a security guard for the CIA, he followed the rules and moved up the chain, garnering ever-greater clearances as he traveled from job to job. He didn’t even have to be very discreet; he could make his views known online even while working for the CIA and NSA. He hatched the sort of operation any determined, patient enemy could have set up. Iran, China, the Syrian Electronic Army, or al-Qaida, which spent years planning 9/11, could have sponsored someone like Snowden. Indeed, they may have already.
You might argue that the NSA and other intelligence agencies simply need to tighten their security procedures to make it harder for insiders to repeat Snowden’s hack. That’s what they’re vowing to do now. Gen. Keith Alexander, the NSA’s director, has said the agency will institute a “two-man rule,” which would require two IT people to sign into secure systems in order to gain access to sensitive information. This is a reasonable measure but hardly a foolproof one. The NSA has 1,000 system administrators working on its tech infrastructure. If they vetted those guys as thoroughly as they did Snowden—i.e., not very well—then isn’t it plausible that there may be some who are working in pairs? OK, but what if they go back and re-vet their workers, scouring their histories for the sort of warning signs that might have tipped them off to Snowden (his professed distaste for the surveillance state, for instance)? Well, that might tip them off to the white hats, but the black hats aren’t going to be posting screeds online. They’re going to be clean as a whistle.
Maybe you think I’m being paranoid, or that I’m not considering all of the mitigating factors in the Snowden story. For one thing, while we know that Snowden could access court documents and presentations outlining surveillance systems, it’s still not clear that he had access to actual wiretapping intelligence itself. In an online chat with the Guardian, he reiterated his claim that, as an NSA systems administrator, he had the power to wiretap “anyone.” He suggested that while there are policies against doing so, there aren’t technical limits on wiretapping, and that even the policies—such as audit trails to monitor who is looking at what—are easily circumvented. But other evidence suggests he’s exaggerating. Large tech companies claim that the government did not have a mirror of their data and needed specific legal clearance to get information on their customers; if that was the case, it’s difficult to square with Snowden’s claim that he could have monitored federal judges or the president.
On the other hand, so what if I’m being paranoid? When so much information is at stake, and when the agencies charged with protecting it let their deepest secrets escape, paranoia seems to be the most reasonable stance. The Internet age has taught us that the only way to keep private information private is to keep it out of databases that are beyond our control. That’s the advice I always give readers about their most banal details: If you don’t want your boss to find out about your beer pong championship, don’t put that photo of the crowning ceremony online. Even if you post it under tight privacy settings, it can get out to a wider audience. When you make your data accessible, searchable, and sharable for your own purposes, the best assumption is the worst-case scenario—that it’s one step away from being accessible, searchable, and sharable for everyone. You should be paranoid about your data. To be anything but paranoid is to be careless.
That’s the fundamental problem with the NSA’s surveillance program. As a matter of course, the government is now collecting and saving our call records, and it might also have deep access into other electronic communications. It assures us that it has policies in place to prevent the misuse or distribution of this information. But if the information is valuable enough, lots of people have an incentive to get at it, and all it takes is one successful attack—after that, copies of the data could be distributed everywhere, instantly. Thus, even if the government is just collecting telephone metadata and isn’t reviewing it, you should be concerned. Someone has access to that data, and that someone might not be as noble as Snowden. He could post everything online. He could sell it to identity thieves. He could blackmail you. Or he might blackmail politicians, businesspeople, judges, TSA agents, or use the data in some other nefarious way.
Is this way over the top? Am I wandering into the realm of fantasy? Should I stop cooking up such outlandish scenarios? Yeah, maybe. But a just-turned-30-year-old has stolen the nation’s most secret documents and is now hiding out in Putin’s Russia. There’s really no other choice than to be worried.