Both These Things Cannot Be True

Last Friday, NSA’s Compliance Director John DeLong assured journalists the violations NSA reported in 2012 were “miniscule.” (I noted that the report showed some of the most sensitive violations primarily get found through audits and therefore their discovery depend in part on how many people are auditing.)

Today, as part of a story describing that NSA still doesn’t know what Edward Snowden took from NSA, MSNBC quotes a source saying NSA has stinky audit capabilities.

Another said that the NSA has a poor audit capability, which is frustrating efforts to complete a damage assessment.

(We’ve long known this about NSA’s financial auditing function, and there have long been signs they couldn’t audit data either, but apparently MSNBC’s source agree.)

For the past several months, various Intelligence officials have assured Congress and the public that it keeps US person data very carefully guarded, so only authorized people can access it.

Today, MSNBC reports NSA had (has?) poor data compartmentalization.

NSA had poor data compartmentalization, said the sources, allowing Snowden, who was a system administrator, to roam freely across wide areas.

Again, there have long been signs that non-analysts had untracked access to very sensitive data. Multiple sources agree — and possibly not just non-analysts.

While I’m really sympathetic for the people who are reportedly “overwhelmed” trying to figure out what Snowden took, we’re seeing precisely the same thing we saw with Bradley Manning: that it takes a giant black eye for intelligence agencies to even admit to gaping holes in their security and oversight.

And in NSA’s case, it proves most of their reassurances to be false.

Tweet about this on Twitter39Share on Reddit0Share on Facebook29Google+0Email to someone

18 Responses to Both These Things Cannot Be True

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18

Emptywheel Twitterverse
bmaz RT @JackofKent: Today the Tories will deride the Human Rights Act, which you can enforce in court, and praise Magna Carta, which you cannot.
2hreplyretweetfavorite
bmaz @MonaHol @emptywheel It absolutely is worth it. More people should understand what's being done. It is just sad this is "news" cause its not
3hreplyretweetfavorite
emptywheel @MonaHol I believe it can be shown to be either non-compliant or partial, but haven't looked closely yet. @bmaz
3hreplyretweetfavorite
emptywheel @MonaHol What is actual news abt ACLU release is govt has now committed to what their 12333 compliance is. @bmaz
3hreplyretweetfavorite
emptywheel @MonaHol Glad docs are out so other people stop getting snookered by sources. But that was easily avoidable. @bmaz
3hreplyretweetfavorite
emptywheel @MonaHol It was also laid out in FISCR opinion declassed in 2009. Big part of 2007 debate on FAA. And so on and so on @bmaz
3hreplyretweetfavorite
emptywheel @MonaHol For those who haven't read 2009 docs this might be surprising. But far more substantive details already in record. @bmaz
3hreplyretweetfavorite
emptywheel @MonaHol Not in the least surprising. Many of my 50+ posts on all this lay that out. Clarke testified to same. @bmaz
3hreplyretweetfavorite
emptywheel @pwnallthethings First shot at Awlaki may have been parts of DOD going rogue, but generally agree. @normative @BradMossEsq
3hreplyretweetfavorite
emptywheel @pwnallthethings That said, on both torture and Awlaki killing, case is strong POTUS did not comply w/Findings reqt @normative @BradMossEsq
3hreplyretweetfavorite
emptywheel @pwnallthethings Actually think Findings like system is minimal change that should have come fr Snowden's leaks. @normative @BradMossEsq
3hreplyretweetfavorite
emptywheel @pwnallthethings My related take: http://t.co/6iv5GLytTM That said, EO 12333 spying not done under Findings @normative @BradMossEsq
3hreplyretweetfavorite