Both These Things Cannot Be True

Last Friday, NSA’s Compliance Director John DeLong assured journalists the violations NSA reported in 2012 were “miniscule.” (I noted that the report showed some of the most sensitive violations primarily get found through audits and therefore their discovery depend in part on how many people are auditing.)

Today, as part of a story describing that NSA still doesn’t know what Edward Snowden took from NSA, MSNBC quotes a source saying NSA has stinky audit capabilities.

Another said that the NSA has a poor audit capability, which is frustrating efforts to complete a damage assessment.

(We’ve long known this about NSA’s financial auditing function, and there have long been signs they couldn’t audit data either, but apparently MSNBC’s source agree.)

For the past several months, various Intelligence officials have assured Congress and the public that it keeps US person data very carefully guarded, so only authorized people can access it.

Today, MSNBC reports NSA had (has?) poor data compartmentalization.

NSA had poor data compartmentalization, said the sources, allowing Snowden, who was a system administrator, to roam freely across wide areas.

Again, there have long been signs that non-analysts had untracked access to very sensitive data. Multiple sources agree — and possibly not just non-analysts.

While I’m really sympathetic for the people who are reportedly “overwhelmed” trying to figure out what Snowden took, we’re seeing precisely the same thing we saw with Bradley Manning: that it takes a giant black eye for intelligence agencies to even admit to gaping holes in their security and oversight.

And in NSA’s case, it proves most of their reassurances to be false.

Tweet about this on Twitter39Share on Reddit0Share on Facebook29Google+0Email to someone

18 Responses to Both These Things Cannot Be True

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18

Emptywheel Twitterverse
JimWhiteGNV RT @JoshHarkinson: One court convicted him of murder. Another set him free over bad police work. Now he's the NRA's top lawyer: http://t.co
37sreplyretweetfavorite
JimWhiteGNV RT @TimothyS: "We have no way of knowing how people like [Alexander] formed their business relationships..." Me, in NYT last year: http://…
6mreplyretweetfavorite
emptywheel All these privacy NGOs don't know whether they're endorsing contact chaining on location or not. That's ... rash.
25mreplyretweetfavorite
emptywheel Again, Leahy's USA Freedom retains "connection" chaining--which has never been publicly defined. Why legislate blind? http://t.co/KqEa9AkAeT
26mreplyretweetfavorite
JimWhiteGNV Good plan. RT @Casual_Obs: @JimWhiteGNV yeah, we're leaving asap.
30mreplyretweetfavorite
JimWhiteGNV RT @smsaideman: @JimWhiteGNV hey, I was offended when Alberto Gonzalez was teaching at TTU.... because he was TEACHING!
31mreplyretweetfavorite
JimWhiteGNV So fear mongers get to profit directly from their fear mongering and war criminals can become educators. The US is hitting rock bottom.
36mreplyretweetfavorite
emptywheel @LysaMyers Dunno. Assume OKC measures it, tho.
38mreplyretweetfavorite
JimWhiteGNV How in the world is someone who specialized in night raids and hiding prisons from ICRC a good candidate to run an educational system?
39mreplyretweetfavorite
JimWhiteGNV Holy shit! Notorious war criminal McRaven to be next University of Texas Chancellor? Just wow... http://t.co/eCHuCC46c7
40mreplyretweetfavorite
emptywheel @ashk4n Right: we don't (at least I don't) know whether Internet dragnet moved to 12333 or FBI dragnet or both. But "end bulk"!
42mreplyretweetfavorite
emptywheel RT @ashk4n: Even though 2 sections call for 'Prohibition on bulk collection' in new #USAFreedomAct, #EO12333 collection persists http://t.…
42mreplyretweetfavorite