NSA and the Pandora’s box of surveillance

June 24, 2013

Let’s assume for a moment that National Security Agency Director Gen. Keith Alexander was telling the truth yesterday on ABC News’s This Week when he said that the NSA material leaked by Edward Snowden “has caused irreversible and significant damage to our country and to our allies.”

That would mean that the United States, Canada, the United Kingdom, New Zealand, Australia and other friendly nations that depend on the NSA’s ability to suck electrons out of the ether, store them, sort them, and computer-analyze them for intelligence purposes, have suffered mightily. Unlike tornados, tsunamis, earthquakes or hurricanes — disasters that tend to inflict only temporary damage that can be repaired — Snowden’s leaks have visited upon the national security of the allies a blight that can’t be rolled back or ameliorated. It’s permanent. It’s everlasting. You know, it’s irreversible, as the general said.

According to Alexander, the Snowden breach ravages a program that has contributed to the “understanding and, in many cases, disruptions” of 50 terrorist plots, obviously implying that the unauthorized disclosures will hinder the future understandings and disruptions. While Snowden is the confessed thief of the data, he’s not the one who made the theft possible. Surely his superior, or his superior’s superior, or his superior’s superior’s superior, or somebody on the NSA organization chart designed a flawed system that was easily defeated by a junior contractor. Surely a large bag filled with heads will roll at the NSA for this grievous lapse, and Alexander will accept responsibility for his own shortcomings and step down from the NSA so the president can assign a more competent director.

Instead of asking Alexander for his resignation, This Week host George Stephanopoulos needled him with penetrating questions about Snowden’s heist, asking “why the alarm bells didn’t go off?” and “what’s to say this couldn’t happen again?”

Alexander had no concrete answer for how the alleged crown jewels of terrorist identification could have been stolen and were now on a world tour bound for South America. He cribbed his answer from every dairy farmer ever to lose a cow to say:

Well, this is a key issue that we’ve got to work our way through. Clearly the system did not work as it should have.

Exactly! The gate has issues causing it not to close as advertised.

Then Alexander deflected the onus from himself and the NSA, and placed it on Snowden because a threatened bureaucracy always blames down. (Did any generals lose any stars over Bradley Manning’s leaks to WikiLeaks? No.) The NSA, you see, didn’t really fail. It was Snowden who failed. Alexander continued:

[Snowden] betrayed the trust and confidence we had in him. This is an individual with top secret clearance whose duty it was to administer these networks. He betrayed that confidence and stole some of our secrets.

Then Alexander got around to Stephanopoulos’s question of why the $10 billion-a-year government agency won’t experience another Snowden-esque theft.

We are now putting in place actions that would give us the ability to track our system administrators, what they’re doing, what they’re taking, a two-man rule. We’ve changed the passwords. But at the end of the day, we have to trust that our people are going to do the right thing.

Change the passwords! Yes, such a good idea! New tracking systems and a two-man rule for access to data, too! But then Alexander wilts, confessing that no real protection exists outside of trusting the NSA’s estimated 35,000 to 50,000 employees and contractors to do the right thing. A big organization that needs to trust the thousands of employees who are said to have access to the surveillance programs is only setting itself up for future disappointment and another televised chat for its director with George Stephanopoulos.

A secret shared by a thousand people isn’t much of a secret. As Snowden has demonstrated and Alexander has confirmed, the NSA’s surveillance programs are inherently vulnerable and easily compromised. The NSA has demonstrated that it can neither guarantee the secrecy of its surveillance systems nor safeguard the privacy of the individuals who generate the bits of data. As the NSA’s surveillance system continues to expand, its collections will become only more vulnerable, as hundreds or maybe thousands of new employees and contractors sign on to manage the data load and devise new means of extracting and manipulating data. Alexander may be tempted to re-change the passwords and establish a four-man rule for access to data, but will he? The data can only be useful to the government if it remains accessible, and if there’s more data the demands for access to it will only rise, which means more potential Snowdens will be touching it. The NSA has a tiger by the tail.

Assuming that Snowden has maintained access to gigabytes of NSA data he purloined, I wonder when the Fort Meade signal-grabbers will begin to regret having collected and centralized such a sensitive, transportable stockpile. Not quite a Pandora’s box, the NSA hoard exudes similar destructive power. Dispensed to the press by a civil libertarian like Snowden, it can be a weapon to blunt the surveillance state that created it. But in the hands of a hostile nation or belligerent force like al Qaeda, it might become a how-to guide to advanced surveillance. And the data, oh, the data! A document from 2008 quotes Gen. Alexander asking (let’s hope he was joking), “Why can’t we collect all the signals all the time?” If unchecked, the NSA’s data collection will eventually make Jorge Borges’s idea of Library of Babel — a universal library of everything — look like a toddler’s collection of Golden Books. After all, Borges was only looking back to the beginning of time; IBM estimates that 90 percent of the data in the world has been created in the last two years, suggesting a surveillance state must expand like an exploding star just to keep up.

As the surveillance state expands to collect everything — and Moore’s Law will make it possible — we’ll stop begging our own government to keep our data safe and start praying criminals and foreign enemies don’t pilfer it.


The always cheeky Steven Brill asks about Booz Allen’s liability in the Snowden leaks. Send your cheeky comments to Shafer.Reuters@gmail.com and visit the dunghill I call my Twitter feed. Sign up for email notifications of new Shafer columns (and other occasional announcements). Subscribe to this RSS feed for new Shafer columns.








PHOTO: A reporter takes a mobile phone picture of National Security Agency (NSA) Director U.S. Army General Keith Alexander as he takes his seat to testify before a U.S. House Permanent Select Committee on Intelligence hearing on recently disclosed NSA surveillance programs, at the U.S. Capitol in Washington June 18, 2013. REUTERS/Jonathan Ernst 


We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/

Surely the real issue here is whether that data collection on the part of the Federal Government is and was legal under the Constitution. If this is not a “search” then what is it? A cow? A bagel? An “accident”? And if the word “unreasonable” means “not having a reason”, how could any kind of blanket, “fishing expedition” search be “reasonable”?

So the question is whether we have a massive, deliberate violation of their oath to defend the Constitution from domestic enemies by Federal employees of very high rank? If that is not a “high crime” what is?

Pol Pot ran a secure government. Would you like that kind of security? Until they come for you, every victim of a police state thinks it cannot happen to them. Are we stuck with a police state because we can find powerful people who want one? Do we have law in addition to procedure? If not, what are we protecting?

Posted by usagadfly | Report as abusive

At least Snowden worked from the USA. What about all the Chinese contractors who served a similar role?

What about all the Snowdens who have easily off shored -sold this data for profit. All that data can be review at will with off shore systems?

What about all the Snowden’s who sell the live data for political gain or financial gain from non disclosure?

It’s not just un-constitutional invasion of privacy – it’s the massive ease to digitally comb data for trends and non disclosure to control many aspects of our society and is too much of a temptation for corporate greed.

There is no freedom from some data points owned by the government – social security, finance, education, employment family relations. The free thinking parts that makes it’s way to the digital highway are a treasure trove for criminals and political organizations and we make it easy for them by authorizing full access across all of this data – run by an incompetent agency.

11 billion dollars to manage and watch 50 terrorist organizations with 2 or 3 members in each and half of who are cohersed to perform a terrorist plot by being given bribe money by government officials in an attempt to up their count on stopping terrorist plots.

Is it worth it? That is a whole lotta cash for what ifs. Guess we have to trust our government or perform some civic duty – like Snowden just did.

Posted by Butch_from_PA | Report as abusive

Great article. Funny how government officials scrambled to defend such a vulnerable and unconstitutional system, which is a mission impossible protecting itself. When 35K people know about it what’s the meaning of “secret”? If it’s not so secret what’s the meaning of hiding from people? If it’s not worth hiding what’s the point of lying about it? If lying about it is not a big deal why making a huge fuss about it around the whole planet? Or the other way around – if it’s such a big deal why put all blames on a contractor – where is the “bag of heads”?

Posted by Whatsgoingon | Report as abusive

Alexander isnt gonna be replaced because the government has a history of internal non-punishment.
NOBODY that i can remember in the past 10 years that ‘leaked’ information that helped the government, tortured prisoners, illegally spied on people (remember CIA before the patriot act?) ever got punished for anything or even fired or so much resigned.

Posted by eJunior | Report as abusive

The mess is far bigger than anyone on the outside imagines.

For insight read up on:

http://en.wikipedia.org/wiki/Edwin_P._Wi lson
42,000 pounds of C-4 to Q-daffy, plus SEALS to train them on how to use it. Follow up by tracking the use of C-4 by terrorists around the world, from USS Cole to Locherbie.

http://en.wikipedia.org/wiki/John_Anthon y_Walker
Navy spook who worked directly with the NSA. Sold the Soviets so much info that complained to him about the volume.

http://en.wikipedia.org/wiki/Robert_Hans sen
The FBI agent who was supposed to catch the Wilsons and Walkers. Innovative user of spy cams on people like his wife.

It’s bad. Really, really bad. And the waste of money is unimaginable.

Posted by ARJTurgot2 | Report as abusive

THE U.S. “STASI” WORLD!!! “Documents they saw “also show how millions of federal employees and contractors must watch for ‘high-risk persons or behaviors’ among co-workers and could face penalties, including criminal charges, for failing to report them. Leaks to the media are equated with espionage.” http://www.poynter.org/latest-news/media wire/216685/journalists-react-to-controv ersial-question-david-gregory-asked-glen n-greenwald/

Posted by MIKEROL | Report as abusive

“We are fast approaching the stage of the ultimate inversion: the stage where the government is free to do anything it pleases, while the citizens may act only by permission; which is the stage of the darkest periods of human history, the stage of rule by brute force.” – qutoed from Ayn Rand

Posted by BidnisMan | Report as abusive

Tired of your rights being exploited by the NSA?

Here’s the REAL problem: Freedom on the Rocks – Tyranny versus Terrorism will give you the true scope, intent and end-goal of the NSA’s digital

http://www.argusleader.com/article/20130 620/VOICES05/306200011/My-Voice-Freedom- Rocks-federal-tyranny-versus-terrorism

Here’s the solution (at least individually). It’s a free Digital Privacy Black Paper; it shows you, with simple technical references and resources, how to disappear yourself and your personal communications from the prying eyes and master data recorders of the NSA and other elements of our intrusive national security apparatus. Enjoy!

https://s3.amazonaws.com/sm-cdn/reports/ NSA-Black-Paper.pdf

Please pass this onto your friends, family, and business associates.

Posted by sam2sam | Report as abusive

What’s the old saying? “In order for two people to keep a secret, one of them needs to be dead”?

Trust 35K employees? Hell, trust 150 employees? Really? The highly specialized, highly trained, high-tech, 007, super-secret NSA organization that’s supposed to be protecting us in our beds from terrorism doesn’t get that? I don’t think I’m going to sleep safer tonight.

The question isn’t who can the NSA trust – it’s who can WE trust to rationally balance our Constitution with national security? Congress? That’s a hoot.

Posted by JL4 | Report as abusive

There’s a guy who been working at the bank for 25 yrs. each day, on each transaction he bilkes customers of 5 cents, and hides it in a huge van he keeps parked behind the bank.

On the night of his golden watch party, around 7:30 his van with 4,3 M$ in it get stolen. The guy who stole the van is caught on the bank’s security tape. Police starts a state wide search for this dangerous van stealing felon… The bank employee cries foul especially since all his pension money was in the van too!

Now who is the REAL crook in this parable? May i so bluntly ask?

Reflecting on his employee’s bad luck, the bank’s VP muse that if he had been less spendtrift he could has installed a car alarm on his precious van. The VP’s brother, being the mayor of the city, and also quite taken by this sad tale, urgently compelled his council to pass a law making it mandatory that all vans in the city be equipped with car alarms with GPS trackers. Now such a catastrophe will not recur!

Posted by eupalinos | Report as abusive

Even if a majority of Americans think the surveillance is legal and constitutional, they should be concerned that the NSA, by collecting anything and everything, has created a high value target more valuable than Fort Knox. It is indeed, as Shafer says, a Pandora’s box.

We should all be gravely concerned by the ability of the NSA to protect this data. If they are telling the truth that they are just now introducing a “two-man rule,” the public should have no confidence in their ability to secure the data whatsoever. Even retail stores have the two-man rule. If a clerk overrides a price, that clerk must get a manager to approve that override. The NSA just now decided to implement that rule?

It sounds like American corporations do a better job of securing their data than the NSA, and they have been vulnerable to significant breaches. Unless the NSA can get their act together, it’s only a matter of time before their massive data collection makes us less secure.

Posted by vwoodhull | Report as abusive

The most “secure” networks are shown to be vulnerable to determined hackers the majority of the time. The kind of surveillance reported recently is a powerful weapon aimed at American citizens that is absurdly presumed to be safe from falling into the wrong hands. In reality it’s impossible to expect it to stay out of the wrong hands.

This is the most important reason why people should be contacting their Senators and Representatives about this.

Posted by angercharm | Report as abusive

Your last line presumes that the criminals and foreign agents are not already in the government. Given their attraction to power it would be wise to assume that criminals and agents are over-represented in government vs the general population. Think of the commercial and investment advantages that can be gleaned with this info to say nothing of statecraft. I bet this thing leaks like a sieve — it’s just most of the leaks end up lining pockets and overseas retirement accounts.

Posted by not_sure | Report as abusive

Fantastic article, I’m really surprised the MSM came up with something this thought provoking.

Posted by mwilliams6464 | Report as abusive

GPSs on Citizens cars and cells being Mandatory has nothing to do with Terrorism. It’s not meta data nor electronic public communication.

It is the mandatory physical tracking of every citizen. 1967 Katz Vs America said that Privacy extended to the individual is extended to Physical Location.

Tracking – where American Citizens go – when they go – who they go with – what building they enter – the exact time – when they come home. This is tracking private citizens! It has nothing to do with terror. If the president wants to prove he’s going to change violations of privacy. Begin here and prove it.

Posted by kenezen | Report as abusive