Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

We need to talk about Edward Snowden

Slate/ AFR | June 27, 2013
Why should we trust the NSA with our data if it couldn't keep it secure from a single rogue employee. But now, it's becoming clear that Snowden didn't just "go rogue."

Still, there's a name for what Snowden did. It's called hacking. In the jargon, Snowden is a "white hat" - a kind of ethical attacker who exposes security holes in an effort to improve the overall security of the system. But Snowden just as easily could have been a black hat - a hacker bent on wreaking havoc, a guy who cracked open the NSA to get dirt on powerful individuals or to sell US secrets to foreign governments.

From what we know so far, it wasn't very difficult for Snowden to get a job in the NSA. After getting his foot in the door as a security guard for the CIA, he followed the rules and moved up the chain, garnering ever-greater clearances as he traveled from job to job. He didn't even have to be very discreet; he could make his views known online even while working for the CIA and NSA.

He hatched the sort of operation any determined, patient enemy could have set up. Iran, China, the Syrian Electronic Army, or al-Qaida, which spent years planning 9/11, could have sponsored someone like Snowden. Indeed, they may have already.

You might argue that the NSA and other intelligence agencies simply need to tighten their security procedures to make it harder for insiders to repeat Snowden's hack. That's what they're vowing to do now. General Keith Alexander, the NSA's director, has said the agency will institute a "two-man rule," which would require two IT people to sign into secure systems to gain access to sensitive information.

This is a reasonable measure but hardly a foolproof one. The NSA has 1000 system administrators working on its tech infrastructure. If they vetted those guys as thoroughly as they did Snowden - ie not very well - then isn't it plausible that there may be some who are working in pairs?

OK, but what if they go back and re-vet their workers, scouring their histories for the sort of warning signs that might have tipped them off to Snowden (his professed distaste for the surveillance state, for instance)? Well, that might tip them off to the white hats, but the black hats aren't going to be posting screeds online. They're going to be clean as a whistle.

Maybe you think I'm being paranoid, or that I'm not considering all of the mitigating factors in the Snowden story. For one thing, while we know that Snowden could access court documents and presentations outlining surveillance systems, it's still not clear that he had access to actual wiretapping intelligence itself. In an online chat with the Guardian, he reiterated his claim that, as an NSA systems administrator, he had the power to wiretap "anyone."


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.