Both These Things Cannot Be True

Last Friday, NSA’s Compliance Director John DeLong assured journalists the violations NSA reported in 2012 were “miniscule.” (I noted that the report showed some of the most sensitive violations primarily get found through audits and therefore their discovery depend in part on how many people are auditing.)

Today, as part of a story describing that NSA still doesn’t know what Edward Snowden took from NSA, MSNBC quotes a source saying NSA has stinky audit capabilities.

Another said that the NSA has a poor audit capability, which is frustrating efforts to complete a damage assessment.

(We’ve long known this about NSA’s financial auditing function, and there have long been signs they couldn’t audit data either, but apparently MSNBC’s source agree.)

For the past several months, various Intelligence officials have assured Congress and the public that it keeps US person data very carefully guarded, so only authorized people can access it.

Today, MSNBC reports NSA had (has?) poor data compartmentalization.

NSA had poor data compartmentalization, said the sources, allowing Snowden, who was a system administrator, to roam freely across wide areas.

Again, there have long been signs that non-analysts had untracked access to very sensitive data. Multiple sources agree — and possibly not just non-analysts.

While I’m really sympathetic for the people who are reportedly “overwhelmed” trying to figure out what Snowden took, we’re seeing precisely the same thing we saw with Bradley Manning: that it takes a giant black eye for intelligence agencies to even admit to gaping holes in their security and oversight.

And in NSA’s case, it proves most of their reassurances to be false.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

18 replies
  1. Snoopdido says:

    Emptywheel wrote: “And in NSA’s case, it proves most of their reassurances to be false.”

    And all of their supporters’ (Wittes, Rubin, Gewirtz, etc.) wishful thinking in their NSA audit and statistics analyses are based on GIGO – Garbage In, Garbage Out.

  2. Mellvis says:

    I think they know EXACTLY what’s missing and they are scared shitless that it’ll get out. Not that Idisagree with your premise here. They are definitely lying to us.

  3. Mellvis says:

    I think they know EXACTLY what’s missing and they are scared shitless that it’ll get out. Not that I disagree with your premise here. They are definitely lying to us.

  4. peasantparty says:

    I found my notes on the Senate Judiciary Sub-Committee hearing on Civil and Human Rights. Sadly, I didn’t date it. This hearing was to discuss Drones and Human Targeting. It was led by D. Durbin.

    The reason this particular hearing stood out for me was the comments and questions by Senators. Also, the White House had delayed this particular hearing for a week in order to get scheduling for their own witnesses. The hearing took place anyway without a Government witness.

    The things that stood out most to me were the Senators discussing the Patriot Act and the AUMF. Most all of them stated they were advised those two bills were to be used specifically to go after Osama Bin Laden, and Terrorist. One of the panelists on the witness table spoke to the Civil Liberties issues for Americans and how both of those bills/acts MUST be repealed or reworked drastically to be in compliance with the Constitution and Civil Liberties. That panelist/witness was Professor Rosa Brooks.

    They discussed the need for the Administration and the Agencies of NSA, DHS, etc. to provide much more detail regarding:

    The use of human targeting under those programs by more specifically naming the Battlefield. Where and When is an area declared the battlefield that those bills allow surveillance and targeting. When did it become a war zone, why and if so, who declared it.

    Franken said All of the OLC memos should be made public and even more important that not all of them had been released to members of Congress.

    The AUMF, along with the Patriot Act gives the Security Agencies the ability to spy in all their capacities wherever terrorists are determined to be and that area then becomes a defacto BATTLEFIELD!

    None of those programs were conveyed to Congress in a way that all innocent American Citizens would be caught in a dragnet along with their contacts of three hops. A great number of the questions were glossed over or said they would be answered in closed session.

    At each new revelation we have had from Snowden and others, I keep thinking back to this particular hearing. There were only two witnesses on that panel that tried to express the gravity of these programs on our Liberties and Privacy.

  5. peasantparty says:

    @peasantparty: I should also add that a Yemini, educated in the US was present and spoke at the hearing regarding Drones in Yemen. His name was Farea Al-Muslimi.

    He described the constant fear and results of Drones in his country.

  6. Snoopdido says:

    Siobhan Gorman and Jennifer Valentino-Devries of the Wall Street Journal have a new piece up entitled “New Details Show Broader NSA Surveillance Reach – Programs Cover 75% of Nation’s Traffic, Can Snare Emails” (

    Since it is behind the Wall Street Journal’s paywall, go to Google News and search for “New Details Show Broader NSA Surveillance Reach”. Then click on the link that Google News gives you and you’ll be able to get through the paywall to read the story.

    There is more new detailed information about the UPSTREAM collection on major fiber hubs (Blarney, Fairview, Oakstar, Lithium and Stormbrew, among others) on that the NSA and the telecom companies do that was originally described by the AT&T whistleblower Mark Klein. It is well worth the read!

  7. Mindrayge says:

    I think at this point, if they didn’t already know, the NSA is aware of what Snowden has. Not everybody at the the NSA of course but no more than a handful of people know.

    My personal suspicion is that Snowden has the contents of an e-mail server. And not just any e-mail server but likely the one on which the top of the food chain in the NSA use.

    The kinds of documents that have been released so far are not the kinds of documents that would likely be found on the same servers and, in particular, the FISA rulings would only be on a limited number computers that store documents. We have seen so far: presentations, IG Reports, Problem Reports, Legal memos, FISA orders and exhibits, and even an internal newsletter.

    It isn’t likely that Snowden would have been going to all kinds of different servers to obtain the documents because the more activity Snowden conducted the greater the risk of discovery. This would pertain to both access to servers and even the transport of that content across NSA networks. There has to be some monitoring of activity that exists that would have been beyond Snowden’s reach. Even as a Systems Administrator his credentials wouldn’t have given him access to everything nor would it have given him the ability to cover any tracks in all circumstances.

    The EINSTEIN 2.0 (they may have 3.0 in place) system the government uses splits traffic coming into and out of servers in the government network to machines that try to discover breaches and disclosures of information based on the content of the traffic. I doubt Snowden would have been able to bypass that monitoring system.

    There are systems and servers that are never accessed outside of Fort Meade. That is, unless you were within Fort Meade itself they would be inaccessible.

    The documents (and whatever else Snowden has) are not encrypted. Encrypted data in the NSA (and other agencies) is a complicated subject. Data of a certain secret classification can only be encrypted using a Key generated for that level of classification. There are usually different keys, and often different encryption algoritms, used for transmission, protocols, content, link and trunk, etc.

    The actual secure networks they use only allow transit between nodes of traffic with the same level of encryption using the same key types and algorithms. Servers would have a classification level as well such that encrypted data with a classification higher than the server itself could not be stored on it.

    So it is very likely that EINSTEIN or other monitoring systems would notice encrypted traffic coming to Hawaii and certainly any unencrypted content from classified servers in the traffic.

    However, hot backups of servers, or regular backup of servers to widely distributed locations – like Hawaii for one example – would certainly exist to provide the necessary continuity and access in adverse circumstances. It is not likely that all of these hot backup sites contain all of information stored at Fort Meade in its entirety.

    It is not likely that all of the different servers where the documents we have seen so far would have come from would all just so happen to end up in Hawaii.

    However, the one kind of server that would likely have all of these files we have seen so far is an e-mail server. These documents would be attachments to e-mails. And the content of the server would almost certainly be unencrypted. This is because to be more efficient e-mail servers only store one copy of an attachment and link to that rather than have multiple copies of the same file taking up space unnecessarily. If the attachments were encrypted every copy of the attachment (to different recipients) would be unique even if it was the same file.

    As I say, this is my speculation. I have entertained the idea that since Alexander is likely a pack rat Snowden may have gotten a hold of his personal storage server. But at the same time, I expect Alexander would be anal about encrypting his stash. I have a hard time believing that Snowden could operate undetected for the period of time he did unless he had access to the physical machines, and not over the wire, that the documents we have seen came from.

    And lastly, with regard to my speculation, it would explain why the Administration is acting so desperate to get the content back, or at least destroyed. I have no doubt that the NSA knows where Snowden got the documents and what else he almost certainly has.

    There are other reasons for my speculation that have to do with constraints given the time frame under which the operation to not only get the information but also be able to get it out and ultimately to publication but I am not in the business of helping the NSA

    Of course I could very well be wrong!

  8. jerryy says:

    @Mindrayge: It could be that the NSA has an idea of what he potentially has… meaning they finally checked around to see what they actually keep stored away on their servers.

    In spite of the dragons patrolling the halls and moats surrounding the castle, being on the inside is the best place to take down a system, even easier if getting info is all you want from it. Very few question those in trusted positions (remember once you have been confirmed as trusted, you are trusted.) A system admin runnig some tests would barely be looked at by those that expect him to be one of them.

    Do not forget the lessons Kevin Mitnick taught.

    (For those of you that do not remember, Kevin was once feared as so great a hacker that he was almost declared the single greatest threat the US had ever faced. The folks at the DOJ were so scared of him, after he was fianlly caught, they tried to convince a judge at his hearing that he could dial up NORAD from a pay phone and take over all the nuclear missiles by whistling into the phone. Yeah, that really happened. Here is the lesson part: he knew very little about hacking, he was very good at social engineering, mostly he talked people out of their passwords, etc by being the trusted one on the inside.)

  9. orionATL says:


    glenn greenwald + “we have thousands of documents”.

    “thousands”? that’s a lot.

    from where would “thousands” of docs come from?

    quien sabe? :))

  10. RHIL says:

    @peasantparty: “I found my notes on the Senate Judiciary Sub-Committee hearing on Civil and Human Rights. Sadly, I didn’t date it.”

    Per C-span video archive the hearing was
    “Targeted Killing of Terrorist Suspects Overseas”
    held on Apr 23, 2013 – 2h23 min
    Video is available to watch along with searchable transcript at

  11. rollotomasi says:

    I think Glenn Greenwald stated at one point that he was not convinced that the NSA knew what all Snowden had downloaded – and I have tended to agree with this, based mainly on Snowden’s assertion that he could access data on pretty much anyone he wanted. The NBC report seems to corroborate Snowden. This all points to a serious lack of internal control over the data, and is an important area that I hope future Greenwald, et al reports will address.

    I strongly expect this lack of control applies not only to the ability to access the information, but also to the ability to detect access, in particular unapproved, unwarranted, illegal access. When you throw private contractors into the mix (such as Snowden’s one-time employer), this makes control issues even dicier.

    That’s also why I think the much vaunted “audit,” with its dependence on self-reporting and after-the-fact automatic alerts, likely did not get near the extent of the problems. Any audit worth its salt would have identified and addressed these internal control issues in a significant way. If these control deficiencies are as pervasive as I suspect they are, it could mean that significant portions of the NSA’s activities may be unauditable. I mean, if they cannot reconstruct what Snowden has after-the-fact, what does that say about their ability to figure out what is currently going on?

  12. peasantparty says:


    I’ve been extra busy the past 6 days, and did not have time to hunt up the link.

    As with all those hearings you have to listen to what is not exactly being spoken.

    I definitely got the impression that what the Govt. claims gives them the ability to use these programs on Americans is not very Legit at all.
    I also felt that without actually coming out to say in the open the connection to Drone programs hidden within the AUMF that is said to be connected to the Patriot Act; is not ever going to be identified. That is why all the OLC memos will not be released. Unless, they have people working on it this minute to rework it all.

    Clearly the dragnet program on Innocents is not legal, nor Constitutional. The reason that the US is so peeved about Snowden is that he is giving proof of what they are actually doing without proper legal justifications.

    Ms. Brooks said quite a few things, mostly in the area of Warfare, and Security in a War Zone. However, NOBODY has bothered to explain how these Warfare Security processes have warped into the hoovering up of all electronic communications, nor the actual Civil Liberties compliance of them.

    I’m guessing they are going to try to delve deeper into Lindsay Graham’s comments about the battlefield to justify this. The big problem is that the declaration of war and the area of War has not been identified. They can say they are searching the globe for terror, but in order to do these types of programs legally according to their own laws/Acts; they failed to designate a country or a state. They also have not reworded the legalese to reflect a post Bin Laden model.

    Are ALL of AMERICA’s communications the Battlefield?

  13. peasantparty says:

    @rollotomasi: Exactly!

    And why store all of the information gathered? Especially since they cannot audit, find, or quickly act on a specific so-called threat.

    Also, if they have to hunt wrong doing over three hops of contacts something really stinks!

  14. earlofhuntingdon says:

    They say in AA, and presumably in all therapeutic analysis, that the first step toward fixing a problem is to admit having one. I don’t think that notion applies to governments and large corporations. They employ armies of apologists and spin doctors, Ph.D. after Ph.D., to devise ways to apologize without ever admitting wrongdoing. Their formulas imply that the “chief spokesperson” is where the buck stops and that s/he will fix the problem. In truth, they have no intention of doing any such thing. Rather, their job is to distract and disarm, putting off the act and the cost of fixing problems to another financial quarter, another post-election victory nirvana.

    Of course, “not knowing” how big a problem is can also be a subterfuge. It can imply, for example, that a problem is bigger (or smaller) than it is, whichever is useful to a larger campaign, without having to backup such claims with evidence.

    It is also a standard way to lie without committing perjury, as in the related statement, “I have no recollection of that, Senator.” And it is a “least worst” option. Admitting to incompetence or negligence creates less liability than reckless acts or intentional misconduct. (Just as obstruction of justice carries fewer penalties than torture or murder.) All in, the formula gets low marks for openness, accountability or leadership.

Comments are closed.