Tuesday, August 27, 2013

Ed Snowden Covered His Tracks Well; How Many Other NSA Staffers Did The Same?

from the gone-baby-gone dept

As we've seen, the NSA's story on "abuses" keeps changing. First there were no abuses at all, then there were a whole lot of abuses (but all unintentional) and now we know that there also were a bunch of intentional abuses. But here's the thing: these are only the abuses that the NSA caught. And, even then it's sketchy. As Marcy Wheeler has detailed, many of the "unintentional abuses" look like they were merely classified that way, when, in reality, they may have been intentional. Thanks to the magic of the NSA's special dictionary, they redefine abuses that exceed legal authority but are "performing the mission that the NSA wants them to perform" not as "abuses" but as "mistakes."

Either way, that only counts the abuses and "mistakes" that the NSA's audits discover. As we pointed out, it appears the NSA still has no idea what Ed Snowden took, which calls into question how good these so-called "audits" are. The latest reports coming out reveal that Snowden carefully bypassed or deleted the logs concerning his downloading actions:
The U.S. government's efforts to determine which highly classified materials leaker Edward Snowden took from the National Security Agency have been frustrated by Snowden's sophisticated efforts to cover his digital trail by deleting or bypassing electronic logs, government officials told The Associated Press. Such logs would have showed what information Snowden viewed or downloaded.

The government's forensic investigation is wrestling with Snowden's apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission, said the officials, who spoke on condition of anonymity because they weren't authorized to discuss the sensitive developments publicly.
Remember when Snowden claimed that, from his desk, he could run searches on anyone, and various NSA defenders like Rep. Mike Rogers scoffed at the idea and called him a liar? They claimed that any such searches would turn up in the audits. But, of course, if you can delete the log files, then those audits are meaningless.

And, if Snowden could do it, it's very, very likely that he's not the only one employed by the NSA or contracting for the NSA who knows how to cover their digital trail. And that leads to a very obvious question: sure, the NSA knows about thousands of unintentional violations and a bunch of intentional violations -- but what about all the violations it has no idea about because someone was able to bypass or delete the log files? Given that NSA employees almost certainly know that searches are audited, you'd have to imagine that nearly everyone who decided to willfully violate the law to, say, spy on a love interest (hello: LOVINT) or, perhaps, a personal enemy, would also seek ways to do so without leaving an incriminating log file. Snowden's efforts show that's possible -- meaning that it's likely others knew that as well.

And, given that it appears that top NSA brass may have been taken by surprise by this rather basic revelation (no audits are perfect, and smart folks like ones the NSA employs often know how to get around such things), it seems quite likely that the number of intentional NSA violations is much, much, much higher than is being reported, in part because the NSA itself still hasn't been able to figure out what happened.

No comments:

Post a Comment