NBC News
delved into a key security issue with the Edward Snowden leaks: Just how does a technical contractor have access to so much information? Turns out, it's a combination of antiquated systems and far too much power placed in the hands of the 1,000 system administrators, most of them contractors, in the agency.
“It’s 2013 and the NSA is stuck in 2003 technology,” said an intelligence official. [...]
As a system administrator, Snowden was allowed to look at any file he wanted, and his actions were largely unaudited. “At certain levels, you are the audit,” said an intelligence official.
He was also able to access NSAnet, the agency’s intranet, without leaving any signature, said a person briefed on the postmortem of Snowden’s theft. [...]
If he wanted, he would even have been able to pose as any other user with access to NSAnet, said the source. [...]
[A] system administrator has the right to copy, to take information from one computer and move it to another.
So much for the great internal systems the NSA has for monitoring its work force to ensure compliance with the law. But we already knew this was a problem, with the revelation of
LOVEINT, the term the NSA has used to designate when agents illegally use their power and their tools to spy on their romantic interests. That, the NSA tells us, hardly ever happens. They know that because only a handful of agents have self-reported that they've done this. Because the NSA relies on staff to self-report when they break the law. There's a fail-safe system for you.
Not to worry, an intelligence official says, because while "U.S. intelligence has invited so many people into the secret realm, [...] most people aren’t willing to vacuum everything up and break the law." They're just willing to break the law to spy on their lovers. But what happens, in a system so rife with security flaws, when we've got a president who decides to use exploit those weaknesses for personal or political gain? It wouldn't be the first time it happened, and it would be far too easy now.