NSA: Lots of little acts of whistle-blowing taking place since Snowden went AWOL

Reuter’s has a new report out headlined “Exclusive: NSA delayed anti-leak software at base where Snowden worked — officials”.

Basically the report says that super “anti-leak software” that was supposed to have been installed in the Hawaii facility where Mr. Snowden worked before he left for Hong Kong never was installed because of a quite hard to believe reason. Even though the reason for the software non-installation seemed far fetched, I decided to believe it for the time being. So that was my first reaction.

My second reaction, on re-reading was: Hey, this is one of those little acts of whistle-blowing that are so helpful to us outsiders in understanding NSA’s foibles.

My third reaction (I had to read it again) was that there was something troubling about the report. Here are some passages in the report that caught my eye:

(Reuters) – The U.S. National Security Agency failed to install the most up-to-date anti-leak software at a site in Hawaii before contractor Edward Snowden went to work there and downloaded tens of thousands of highly classified documents, current and former U.S. officials told Reuters.


The purpose of the software, which in the NSA’s case is made by a division of Raytheon Co, is to block so-called “insider threats” – a response to an order by President Barack Obama to tighten up access controls for classified information in the wake of the leak of hundreds of thousands of Pentagon and State Department documents by an Army private to WikiLeaks website in 2010.

The main reason the software had not been installed at the NSA’s Hawaii facility by the time Snowden took up his assignment there was that it had insufficient bandwidth to comfortably install it and ensure its effective operation, according to one of the officials.


[A spokeswoman for the NSA said] “We open our facilities only after we have met all of the necessary regulatory, statutory, and infrastructure requirements.”


The NSA Hawaii facility, known as a Remote Operations Center, opened in January 2012, replacing an older site located in a nearby World War II-era facility.

[Emphasis all mine.]

So we have:

  • NSA failed to install anti-leak software that was provided to it
  • as the result of Chelsea Manning’s leak in 2010
  • and pursuant to an order by President Obama that the software should be installed

Then it goes on to say:

  • the reason the software was not installed was because of low bandwidth in the facility
  • even though the facility had been only recently commissioned in 2012, two years after 2010
  • and despite an NSA spokeswoman emphasizing that NSA opens facilities “only after we have met all of the necessary regulatory, statutory, and infrastructure requirements”

Well clearly, the spokeswomen has that last assertion wrong.

President Obama makes an order, presumably soon after Chelsea Manning’s leak, which would still be in 2010. Then, two years later, NSA opens a new facility with deficient infrastructure, so deficient that a software program will prove too much of an overload for the shaky system, if it is installed.

Then one year later in 2013, Mr. Snowden comes along and takes full advantage of the shaky system, the lack of bandwidth and the lack of anti-leak software. What a surprise!

Instead of blaming Snowden, from General Alexander on down, all those in executive positions in NSA should be blaming themselves for their own catastrophic balls up.


Prof. John Schindler “doesn’t know” why key people at TorProject aren’t brought up on terrorism charges

Last night on twitter:

I find this an odd response. When security professionals treat the word “terrorism” in a flippant manner, it devalues the seriousness of the word (which normally should evoke visions of car bombs in Times Square).

This is not the best PR for the security profession if they want to impress congress and grab more money.

Attaching the word to a publicly funded project run by a group of rather clever computer geeks evokes an image as far away from the Times Square car bomb as it is possible to get. Which scenario is more likely to screw more money out of congress: combating computer geeks or combating car bombs?

Security Professionals should smarten up and at least try to act as though they are serious minded individuals concerned with the “real” threats.

John R. Schindler: Professor of National Security Affairs at the U.S. Naval War College.

The Tor Project: sponsored by the Naval Research Laboratory from 2006 to 2010.

(Currently sponsored by the US Department of State Bureau of Democracy, Human Rights, and Labor from 2013 to 2015.)