The National Security Agency is working overtime to make sure another Edward Snowden doesn’t happen again. But many of the methods are rubbing current NSA employees the wrong way.
Two former NSA officials told VentureBeat that the agency, still reeling from the Snowden debacle, has unleashed even stricter guidelines to restrict access to sensitive data.
PRIVAC, or privileged access, is the NSA’s term for access to highly sensitive channels that contain data on active NSA collection programs, the former officials said. In recent months, the agency has curtailed PRIVAC for civilian contractors, limiting them to a need-to-know basis.
“With PRIVAC, you have access to lots of NSA systems. Some individuals must have PRIVAC to access different machines. And more often than not, that person is a civilian contractor,” a former NSA official told VentureBeat.
“So, the NSA finds itself in a position where they have this incredible architecture, and they’ve become very rigorous about not letting contractors have PRIVAC where possible,” the first former official said.
“And this is a good thing if you’re trying to lock down your systems.”
Both former NSA officials declined to be identified because they were discussing ongoing, internal agency processes.
An army of contractors
Snowden, 30, was a contractor placed into the NSA by his then-employer, Booz Allen Hamilton, a massive contracting company that supplies many civilian workers to the NSA.
The NSA employs around 35,000 staffers and 15,000 civilian contractors. Another 10,000 in the U.S. Cyber Command are also under the NSA’s purview. It is charged with collecting and interpreting foreign intelligence, but it is generally supposed to avoid eavesdropping on American citizens within the U.S. without probable cause.
With PRIVAC, employees, both NSA and contractors, have the capability to change network addresses, copy data, and install apps without raising red flags. That is exactly what Snowden did, using his access from NSA’s Hawaii outpost to download thousands — and perhaps millions — of documents on classified intelligence collection programs with names like PRISM, MUSCULAR, and TEMPORA.
Snowden, who fled first to Hong Kong and then to Russia, handed that information to several journalists, who have been publishing their findings over the past year in various newspapers and online.
The files and slideshows Snowden handed over appeared to show how the NSA and its British partners, the GCHQ, among others, had co-opted the servers of Google, Facebook, and Apple, for example. The documents also described how the NSA routinely intercepted the calls of foreign leaders friendly to the U.S. and eavesdropped on average American citizens’ phone calls, apparently far overstepping its legislated bounds.
‘We’ve got big problems’
Snowden’s leak was a big embarrassment to the NSA and led to the end of some of its intelligence operations, such as wiretapping of foreign leaders’ phones.
“The agency is re-vetting everybody. Management is saying, ‘Screw it, we’ve got big problems on our hands.’ And you’ve got massive amounts of caseloads, and no time to do it. And new rules. People are running around like crazy,” one former NSA official said.
As it stands now, full-time NSA employees are issued blue badge, and civilian contractors get green badges. Because of Snowden, NSA management is pressuring contractors to become full-time employees.
“They are adding additional controls to supplement who has access to the networks,” the source said.
As VentureBeat first reported, Snowden is thought to be living at least part-time in dacha situated inside a retirement community 70 miles south of Moscow reserved for favored KGB and FSB cadres.
Former KGB major general Oleg Kalugin claimed Snowden is working for the Russian FSB, a claim repeated by former NSA director Michael Hayden. Subsequently, former NSA director Keith Alexander told Bloomberg TV the same thing.
Snowden has denied the allegations that he’s collaborating with Russia.
Snowden is wanted for espionage by the U.S. government. He could not be reached for comment.
The pendulum swings
But in its rush to prevent another Snowden scandal, the former NSA officials told VentureBeat, management was overdoing it.
“Clearly, the pendulum has swung hard in other direction,” to the dismay of many NSA employees, the second source told us.
“Doing the job now has become more difficult given the constraints,” this former NSA official told VentureBeat. “They’ve compartmentalized data more and who has access to it. New tools have been unleashed to see who is looking at what. It’s kind of like nuclear ICBMs. With nuclear missiles, you need two sets of eyes even when you’re doing maintenance. It’s called access control.”
The latest lockdown is a reversal of an increasing openness within America’s vast intelligence community over the past decade. After 9-11, agencies made the major shift from a “need to know” basis to one of “need to share.” This meant that agencies who before kept extremely sensitive intelligence data to themselves were ordered to share it with other agencies. That opened up the pool of people with access, eventually including contractors like Snowden. It also became much more aggressive about pursuing intelligence targets within the U.S.
The first former NSA official said agency collection teams operating internationally have been affected by the recent lockdown too.
“The mission prerogative overseas, offsite, was always get the data out there, and then lock it down later. It bit us in the butt badly.”
Now the pendulum is swinging back.
In the end, the second NSA official said Snowden never had access to raw intelligence streams. He accessed PowerPoint presentations about the intelligence programs, but not the intelligence itself.
“It was surface level information, PowerPoint slides that everybody in the agency had access to. He never had access to email and phone calls with like, guys in the Sudan,” the source said.
“People in the agency who really have access, they have access to raw data intelligence. What he stole was not even the stuff people want to protect,” the former official said.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.