Vanished ... Edward Snowden. Photo: Reuters
Where exactly is Edward Snowden? Where are the documents he downloaded from the NSA's computers? How many copies of the data has he made? Who else has he given them to? What will those people do with the information? We don't have answers to any of these questions, and we might never get them. But what we've learned over the last few days should be extremely worrying.
First, in an interview with the South China Morning Post, Snowden admitted that he sought a job with the government contractor Booz Allen Hamilton specifically so that he could gather documents about the NSA. Now it's also clear that before he flew the coop to Hong Kong and then Moscow, he made numerous copies of the documents he downloaded, and handed them out to many people around the world.
According to Guardian journalist Glenn Greenwald, the data are encrypted, but Snowden has arranged for the people who have the files to get full access to them "if anything happens" to him.
Recently I asked why we should trust the NSA with our data if it couldn't keep it secure from a single rogue employee. But now the question is more urgent, because it's become clear that Snowden didn't just "go rogue."
Instead, his actions look like a precise, long-planned, perfectly choreographed infiltration of the US government. Snowden spent months figuring out which agency to hit, how to get access, which documents to download, which journalists to leak to, which organisations to join up with, and where and how to escape.
Everything he's done - right down to tricking the world into thinking he'd be on a flight to Havana - seems like the work of a canny agent, not a mere disgruntled IT guy.
This is very bad news. From what we can tell, the NSA has no good defence against such a well-planned incursion. It may be able to erect security measures to prevent another similar hit by an employee, but because the data it collects are so valuable, it will always remain vulnerable to an organised attack. That answers the question I raised a couple of weeks ago: Why should we trust an agency that can't secure its own data with our personal info? We shouldn't.
The only saving grace in this story is that Snowden claims to have had the noblest of aims. He wanted to expose the globe-spanning scope and hand-of-God reach of United States surveillance infrastructure in an effort to provoke democratic discussion. There's no reason to distrust him; everything we know about Snowden, especially his voluminous web postings, shows that he really believes in what he's doing.
Sign up for Computerworld eNewsletters.