Since the disclosures and claims made by Whistleblower Edward Snowden came out last week, besides claiming that the government has successfully used the phone metadata and/or PRISM programs to avert "more than 50 attacks", other counter-claims have been made that Snowden has been 'grandiose and exaggerating" when he says for example that he had the "authority to wiretap the President, if he had his [email address]".
http://tpmdc.talkingpointsmemo.com/...
A former top lawyer at the NSA and CIA dismissed Snowden’s claim as a “complete and utter” falsehood. “First of all it’s illegal,” Robert Deitz told the Los Angeles Times. “There is enormous oversight. They have keystroke auditing. There are, from time to time, cases in which some analyst is [angry] at his ex-wife and looks at the wrong thing and he is caught and fired,” he said.
This betrays a real failure to understand exactly what Snowden's job was. He wasn't an NSA analyst, he was a Systems Administrator. If the NSA has keystroke monitoring,
who do you think installs and maintains that software?
The System Administrator Does.
If the NSA has rules and limits on what any particular analyst can or can't see - who do you think assigns and updates those authorities?
The System Administrator. More over the flip.
In full disclosure I write this as former employee of a Government Contractor (Northrop Grumman), who during the my longest stint working with a contractor also had a TS/SCI clearance. (Which technically is greater than "Top Secret" and includes access to code-word protected compartmentalized programs). I've also been a Systems Administrator on a variety of platforms and a DBA.
So when it comes down to the point of whether Snowden has been grossly exaggerating his power and authority in his position as System's Administrator for the NSA, many of those who argue they he's overstating his case have often failed to understand the fact that a System Administrator has to have ALL AUTHORITIES and has to have access to Everything in order to allow and/or disallow those access privileges to anyone else.
From Snowden's Guardian Chat:
More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.
Ok, so Snowden's point is really focused on the unlimited potential of the technology.
"Restrictions are policy based". Which means they are procedural for the most part, or at the very most Controlled by Access Restrictions Set by the Systems Administrator. Which means that none of those restrictions would apply to the Administrator themselves, or anyone with access to the "raw SIGINT databases".
There is a valid debate as to whether the NSA should even possess such well stocked "raw SIGINT databases" which - on their face - are Constitutionally troubling since they sweep up and catalog millions of phone, email and internet communications from all over the globe and also (for phone metadata) within the U.S. (One could argue that this data isn't private since, according to the Supreme Court, it is owned by the companies that are providing it to the NSA, not the individuals who generated it by making a phone call or initiating a chat using that companies hardware or software, but I'll leave that issue for another diary)
It may be a fair argument that this technology itself is like the atom bomb, too powerful to be placed in the hands of a single individual - particularly an individual like Snowden. The question remains open however, as to whether the cross reference potential between the various sources of information could possibly be achieved in other ways, particularly when the information is made deliberately incomplete by more specific Warrant requests, as opposed to the all inclusive metadata FISA Warrant that Snowden has disclosed.
Would changing and limiting things on the technological level, as Snowden suggests, effectively render the primary benefit of the system - the ability to identify and recognize suspicious communication patterns by people who are attempting to avoid detection - null and void?
I can't say that I know, but as a DBA and understand the basic principles of data retrieval, I do know that you can't search and get results on something you don't have, and that if you don't have it - you may not even realize that you're missing it. You can't find a needle, if your haystack is incomplete.
This juxtaposition, between needing a near comprehensive view of the metadata to pinpoint which detailed content may need to be examined and the privacy concerns of millions of individuals who generated that data - and don't WANT their detailed content plumbed indiscriminately - is the sharp fulcrum of this debate.
Those who criticize Snowden while arguing for continuing the system as is have said there are various "safeguards in place". The problem is that as Administrator, none of those safeguards could possibly apply to Snowden or people like him. If the technology exists, then a SysAdmin can use it if they want to. And probably cover their tracks after doing it. Period.
I've only seen this point made clear by other people with direct experience and access to those sames systems, specifically the three previous NSA Whistleblowers (as noted by the rec'd Diary by Jesselyn Radack) who attempted to come forward "within the System" as some argue Snowden should have. All of whom found that their efforts were futile and some were even prosecuted for them.
http://www.usatoday.com/...
Q: Thomas Drake, you worked as a contractor for the NSA for about a decade before you went on staff there. Were you surprised that a 29-year-old contractor based in Hawaii was able to get access to the sort of information that he released?
Drake: It has nothing to do with being 29. It's just that we are in the Internet age and this is the digital age. So, so much of what we do both in private and in public goes across the Internet. Whether it's the public Internet or whether it's the dark side of the Internet today, it's all affected the same in terms of technology. ...
One of the critical roles in the systems is the system administrator. Someone has to maintain it. Someone has to keep it running. Someone has to maintain the contracts.
Whistle Blower William Binney: Part of his job as the system administrator, he was to maintain the system. Keep the databases running. Keep the communications working. Keep the programs that were interrogating them operating. So that meant he was like a super-user. He could go on the network or go into any file or any system and change it or add to it or whatever, just to make sure — because he would be responsible to get it back up and running if, in fact, it failed.
So that meant he had access to go in and put anything. That's why he said, I think, "I can even target the president or a judge." If he knew their phone numbers or attributes, he could insert them into the target list which would be distributed worldwide. And then it would be collected, yeah, that's right. As a super-user, he could do that.
During his Congressional Testimony National Security Director Keith Alexander admitted that the NSA has about 1000 different System Administrators.
http://livewire.talkingpointsmemo.com/...
"There are system administrations throughout NSA and in all our complexes around the world," Alexander said. "And there is on the order of a thousand system administrators, people who actually run the networks, that have in certain sections, that level of authority and ability to interface with the system."
So it seems to me that the weakest link, regardless of the FISA Court or periodic internal audits, keystroke monitoring or Congressional Oversight, are people like
Edward Snowden who have root access to the servers and the ability to
reset their own authority, can enable and
disable the security checks and if so desired -
Get Any Information They Want. Without Limit. Without Oversight.
All of which means that the most significant correction that the NSA may have already made to protect the current system from misuse is the establishment of a "Two-Man Rule" for Systems Administrators.
http://www.forbes.com/...
“Working with the director of national intelligence what we’re doing is working to come up with a two-person rule and oversight for those and ensure we have a way of blocking people from taking information out of our system.”
I've worked in environments with a two-man rule, and it can be pretty effective at preventing one person from overstepping their bounds.
Unless two of them decide to overstep their bounds together, that is.
Vyan
10:05 AM PT: Just as an aside before I head out, the other consequence of the "Two-Man" rules is that it effectively doubles the head-count requirement for persons in that position just to do the job of one person. With over 1000 Administrators currently, we'll now need about 1,500-2000 of them each earning about $120,000 each (as Snowden earned from Booz/Allen). Whose gonna try and get the funding for this (which is conservatively about $180 Million $60-$120 Million)?