Security

EXCLUSIVE: How the NSA plans to prevent another Snowden

Image Credit: Meghan Kelly/VentureBeat

The National Security Agency is working overtime to make sure another Edward Snowden doesn’t happen again. But many of the methods are rubbing current NSA employees the wrong way.

Two former NSA officials told VentureBeat that the agency, still reeling from the Snowden debacle, has unleashed even stricter guidelines to restrict access to sensitive data.

PRIVAC, or privileged access, is the NSA’s term for access to highly sensitive channels that contain data on active NSA collection programs, the former officials said. In recent months, the agency has curtailed PRIVAC for civilian contractors, limiting them to a need-to-know basis.

“With PRIVAC, you have access to lots of NSA systems. Some individuals must have PRIVAC to access different machines. And more often than not, that person is a civilian contractor,” a former NSA official told VentureBeat.

“So, the NSA finds itself in a position where they have this incredible architecture, and they’ve become very rigorous about not letting contractors have PRIVAC where possible,” the first former official said.

“And this is a good thing if you’re trying to lock down your systems.”

Both former NSA officials declined to be identified because they were discussing ongoing, internal agency processes.

An army of contractors

Snowden, 30, was a contractor placed into the NSA by his then-employer, Booz Allen Hamilton, a massive contracting company that supplies many civilian workers to the NSA.

The NSA employs around 35,000 staffers and 15,000 civilian contractors. Another 10,000 in the U.S. Cyber Command are also under the NSA’s purview. It is charged with collecting and interpreting foreign intelligence, but it is generally supposed to avoid eavesdropping on American citizens within the U.S. without probable cause.

With PRIVAC, employees, both NSA and contractors, have the capability to change network addresses, copy data, and install apps without raising red flags. That is exactly what Snowden did, using his access from NSA’s Hawaii outpost to download thousands — and perhaps millions — of documents on classified intelligence collection programs with names like PRISM, MUSCULAR, and TEMPORA.

Snowden, who fled first to Hong Kong and then to Russia, handed that information to several journalists, who have been publishing their findings over the past year in various newspapers and online.

The files and slideshows Snowden handed over appeared to show how the NSA and its British partners, the GCHQ, among others, had co-opted the servers of Google, Facebook, and Apple, for example. The documents also described how the NSA routinely intercepted the calls of foreign leaders friendly to the U.S. and eavesdropped on average American citizens’ phone calls, apparently far overstepping its legislated bounds.

‘We’ve got big problems’

Snowden’s leak was a big embarrassment to the NSA and led to the end of some of its intelligence operations, such as wiretapping of foreign leaders’ phones.

“The agency is re-vetting everybody. Management is saying, ‘Screw it, we’ve got big problems on our hands.’ And you’ve got massive amounts of caseloads, and no time to do it. And new rules. People are running around like crazy,” one former NSA official said.

As it stands now, full-time NSA employees are issued blue badge, and civilian contractors get green badges. Because of Snowden, NSA management is pressuring contractors to become full-time employees.

“They are adding additional controls to supplement who has access to the networks,” the source said.

As VentureBeat first reported, Snowden is thought to be living at least part-time in dacha situated inside a retirement community 70 miles south of Moscow reserved for favored KGB and FSB cadres.

Former KGB major general Oleg Kalugin claimed Snowden is working for the Russian FSB, a claim repeated by former NSA director Michael Hayden. Subsequently, former NSA director Keith Alexander told Bloomberg TV the same thing.

Snowden has denied the allegations that he’s collaborating with Russia.

Snowden is wanted for espionage by the U.S. government. He could not be reached for comment.

The pendulum swings

But in its rush to prevent another Snowden scandal, the former NSA officials told VentureBeat, management was overdoing it.

“Clearly, the pendulum has swung hard in other direction,” to the dismay of many NSA employees, the second source told us.

“Doing the job now has become more difficult given the constraints,” this former NSA official told VentureBeat. “They’ve compartmentalized data more and who has access to it. New tools have been unleashed to see who is looking at what. It’s kind of like nuclear ICBMs. With nuclear missiles, you need two sets of eyes even when you’re doing maintenance. It’s called access control.”

The latest lockdown is a reversal of an increasing openness within America’s vast intelligence community over the past decade. After 9-11, agencies made the major shift from a “need to know” basis to one of “need to share.” This meant that agencies who before kept extremely sensitive intelligence data to themselves were ordered to share it with other agencies. That opened up the pool of people with access, eventually including contractors like Snowden. It also became much more aggressive about pursuing intelligence targets within the U.S.

The first former NSA official said agency collection teams operating internationally have been affected by the recent lockdown too.

“The mission prerogative overseas, offsite, was always get the data out there, and then lock it down later. It bit us in the butt badly.”

Now the pendulum is swinging back.

In the end, the second NSA official said Snowden never had access to raw intelligence streams. He accessed PowerPoint presentations about the intelligence programs, but not the intelligence itself.

“It was surface level information, PowerPoint slides that everybody in the agency had access to. He never had access to email and phone calls with like, guys in the Sudan,” the source said.

“People in the agency who really have access, they have access to raw data intelligence. What he stole was not even the stuff people want to protect,” the former official said.

16 comments
Alex Redman
Alex Redman

they just created another snowden puppet lapdog, while they are saying this. the propaganda and lies continue! they wont stop until you believe all the shit NSA/Snowden team says!

Eric Chan
Eric Chan

How to prevent another Snowden 101 : Stop violating the constitution. Problem solved.

D'mpho Simon
D'mpho Simon

Most probably another WILL happen, hackers4life

Nick Dodson
Nick Dodson

This reminds me of bad programmers. There is a problem with the code: Bad Programmer: I will program around it. Good Programmer: I will fix the root problem.

Klancy Kennedy
Klancy Kennedy

Well, one thing they haven't considered yet is following the law, and also having processes in place so if someone asks, "Is this legal" (the way he asked eleven times), a good answer can be provided. You know, they'll do all sorts of stuff except apply the most simple, thorough, and mutually agreeable solutions.

Alex Redman
Alex Redman

Yup. Snowden never did what he claimed anyways - its never been done yet!

Takeshi Young
Takeshi Young

Wow, talk about bureaucracy. 35,000 staffers and 15,000 contractors? What do all these people even do all day?

Nicholas M. Cummings
Nicholas M. Cummings

They should be more conscientious of their practices instead of how to hide them

Abhishek Harge
Abhishek Harge

The fact that two former employees would talk to you about it, kinda tells me they can’t.

Filipa Padre
Filipa Padre

my cousin Dana and Mr Arkin had already warn THE ENTIRE UNIVERSE, if not the NSA, about the Snowdens of the world in a thingy called Top Secret America at the Wa Po. They don't listen....

Joshua Darlington
Joshua Darlington

they should hire a millennial or some one with a clue about 21st century information dynamics. their whole retro oriented incompetent approach would be a joke if it wasnt so dangerous

Wendy Sue Buckleman
Wendy Sue Buckleman

Okay - as a Computer Science Major at UNM in the mid-80s who realized that something weird was up with everyone and moved to the Fine Arts Department, I am so laughing at this line and had to post before I could do anything else, "In recent months, the agency has curtailed PRIVAC for civilian contractors, limiting them to a need-to-know basis." RECENT MONTHS...so if you are paranoid it is because you should be?

Chrissy Raymond Holman
Chrissy Raymond Holman

Yea, perhaps if independent contractors for the government are given whistle-blower protections like salaried employees.