Both These Things Cannot Be True

Last Friday, NSA’s Compliance Director John DeLong assured journalists the violations NSA reported in 2012 were “miniscule.” (I noted that the report showed some of the most sensitive violations primarily get found through audits and therefore their discovery depend in part on how many people are auditing.)

Today, as part of a story describing that NSA still doesn’t know what Edward Snowden took from NSA, MSNBC quotes a source saying NSA has stinky audit capabilities.

Another said that the NSA has a poor audit capability, which is frustrating efforts to complete a damage assessment.

(We’ve long known this about NSA’s financial auditing function, and there have long been signs they couldn’t audit data either, but apparently MSNBC’s source agree.)

For the past several months, various Intelligence officials have assured Congress and the public that it keeps US person data very carefully guarded, so only authorized people can access it.

Today, MSNBC reports NSA had (has?) poor data compartmentalization.

NSA had poor data compartmentalization, said the sources, allowing Snowden, who was a system administrator, to roam freely across wide areas.

Again, there have long been signs that non-analysts had untracked access to very sensitive data. Multiple sources agree — and possibly not just non-analysts.

While I’m really sympathetic for the people who are reportedly “overwhelmed” trying to figure out what Snowden took, we’re seeing precisely the same thing we saw with Bradley Manning: that it takes a giant black eye for intelligence agencies to even admit to gaping holes in their security and oversight.

And in NSA’s case, it proves most of their reassurances to be false.

Tweet about this on Twitter39Share on Reddit0Share on Facebook29Google+0Email to someone

18 Responses to Both These Things Cannot Be True

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18

Emptywheel Twitterverse
emptywheel @NadiaKayyali But I agree--really past time to make the FBI's horribleness visible. @astepanovich @aestetix
5mreplyretweetfavorite
emptywheel @NadiaKayyali Guessing your employer doesn't take part. Just don't start teaching young children. @astepanovich @aestetix
5mreplyretweetfavorite
emptywheel @jeremyscahill She's not a group tho. She's singular. @onekade
8mreplyretweetfavorite
emptywheel @HayesBrown Yes, but it's prime "ruing lattes with awful artificial pumpkin flavor" season. Which requires all out vigilance.
9mreplyretweetfavorite
emptywheel Starting a betting pool on how long it'll be until Obama regrets claiming Iraq has formed a new inclusive govt.
15mreplyretweetfavorite
emptywheel @dangillmor Maybe now we can have a hearing -- as we should.
17mreplyretweetfavorite
emptywheel @astepanovich Anyone, if only you were still a FOIA monster you could FOIA "external system activity."
19mreplyretweetfavorite
emptywheel RT @kurtopsahl: @csoghoian Only phone seized in example story: "When corrections officers [entered] cell, he smashed the phone." http://t.c…
21mreplyretweetfavorite
emptywheel @astepanovich Dunno. But teachers shouldn't have too much fun when vacationing in Mexico, I'd guess.
23mreplyretweetfavorite
emptywheel @astepanovich But only if you're a teacher and everyone knows they're a bunch of thugs anyway, that shouldn't be let near kids.
28mreplyretweetfavorite
emptywheel @occbaystreet Right. I do think it'll make it a LOT harder to do border searches. But there may be some sexier vulnerability too.
30mreplyretweetfavorite
emptywheel @barryeisler Can you rewrite your scene so it makes as little sense as that one? I'll give you a diamond!
32mreplyretweetfavorite