NSA: Lots of little acts of whistle-blowing taking place since Snowden went AWOL

Reuter’s has a new report out headlined “Exclusive: NSA delayed anti-leak software at base where Snowden worked — officials”.

Basically the report says that super “anti-leak software” that was supposed to have been installed in the Hawaii facility where Mr. Snowden worked before he left for Hong Kong never was installed because of a quite hard to believe reason. Even though the reason for the software non-installation seemed far fetched, I decided to believe it for the time being. So that was my first reaction.

My second reaction, on re-reading was: Hey, this is one of those little acts of whistle-blowing that are so helpful to us outsiders in understanding NSA’s foibles.

My third reaction (I had to read it again) was that there was something troubling about the report. Here are some passages in the report that caught my eye:

(Reuters) – The U.S. National Security Agency failed to install the most up-to-date anti-leak software at a site in Hawaii before contractor Edward Snowden went to work there and downloaded tens of thousands of highly classified documents, current and former U.S. officials told Reuters.

-snip-

The purpose of the software, which in the NSA’s case is made by a division of Raytheon Co, is to block so-called “insider threats” – a response to an order by President Barack Obama to tighten up access controls for classified information in the wake of the leak of hundreds of thousands of Pentagon and State Department documents by an Army private to WikiLeaks website in 2010.

The main reason the software had not been installed at the NSA’s Hawaii facility by the time Snowden took up his assignment there was that it had insufficient bandwidth to comfortably install it and ensure its effective operation, according to one of the officials.

-snip-

[A spokeswoman for the NSA said] “We open our facilities only after we have met all of the necessary regulatory, statutory, and infrastructure requirements.”

-snip-

The NSA Hawaii facility, known as a Remote Operations Center, opened in January 2012, replacing an older site located in a nearby World War II-era facility.

[Emphasis all mine.]

So we have:

  • NSA failed to install anti-leak software that was provided to it
  • as the result of Chelsea Manning’s leak in 2010
  • and pursuant to an order by President Obama that the software should be installed

Then it goes on to say:

  • the reason the software was not installed was because of low bandwidth in the facility
  • even though the facility had been only recently commissioned in 2012, two years after 2010
  • and despite an NSA spokeswoman emphasizing that NSA opens facilities “only after we have met all of the necessary regulatory, statutory, and infrastructure requirements”

Well clearly, the spokeswomen has that last assertion wrong.

President Obama makes an order, presumably soon after Chelsea Manning’s leak, which would still be in 2010. Then, two years later, NSA opens a new facility with deficient infrastructure, so deficient that a software program will prove too much of an overload for the shaky system, if it is installed.

Then one year later in 2013, Mr. Snowden comes along and takes full advantage of the shaky system, the lack of bandwidth and the lack of anti-leak software. What a surprise!

Instead of blaming Snowden, from General Alexander on down, all those in executive positions in NSA should be blaming themselves for their own catastrophic balls up.

Prof. John Schindler “doesn’t know” why key people at TorProject aren’t brought up on terrorism charges

Last night on twitter:

I find this an odd response. When security professionals treat the word “terrorism” in a flippant manner, it devalues the seriousness of the word (which normally should evoke visions of car bombs in Times Square).

This is not the best PR for the security profession if they want to impress congress and grab more money.

Attaching the word to a publicly funded project run by a group of rather clever computer geeks evokes an image as far away from the Times Square car bomb as it is possible to get. Which scenario is more likely to screw more money out of congress: combating computer geeks or combating car bombs?

Security Professionals should smarten up and at least try to act as though they are serious minded individuals concerned with the “real” threats.

John R. Schindler: Professor of National Security Affairs at the U.S. Naval War College.

The Tor Project: sponsored by the Naval Research Laboratory from 2006 to 2010.

(Currently sponsored by the US Department of State Bureau of Democracy, Human Rights, and Labor from 2013 to 2015.)

Gen Clapper: Shouldn’t the 1.7 million figure have remained classified?

From Gen. Clapper on down, the spooks are insisting that Mr. Snowden took 1.7 million files/documents with him when he left Hawaii for Hong Kong.

Before that revelation, everyone thought the figure was closer to 58,000.

Shouldn’t the spooks have kept their 1.7 million figure classified and stuck with the 58,000 figure?

All it has done, releasing this stupendously large figure, is make poor Gen. Alexander look terrible. It speaks to his incompetence more clearly than anything I know. Certainly more than the 58,000 files did.

HE was the guy who let the files walk out the front door of the Hawaii exchange. He was in charge, he was supposed to be the man for the job, people looked up to him. Now he is deeply in the shit.

And it is not as though he did not have prior warning this might happen — Chelsea Manning demonstrated very, very clearly what happens when security is treated in a lackadaisical manner — he demonstrated it to the World! Yet somehow poor Gen. Alexander missed the significance of the message. Edward Snowden knew Alexander’s blind spot, that’s for sure.

Anyway, that’s why I think it would have been better for Gen. Alexander if everyone had kept their trap shut about the 1.7 million.