Hrm I wonder what are the chances that someone at the NSA or doing contract work for the NSA has a buddy at a company and that person decides to use their NSA powers to get their buddy's competitor's emails from Google Apps and send those emails to their friend. If there are safeguards in place from keeping this from happening how was Snowden able to take so many documents with him when he went to Hong Kong. Ok so maybe he didn't take any of that kind of data, maybe I'm reaching. If this kind of thing did happen would they let the affected company know? Would anyone know?
This is getting overlooked, but a 2009 NYT article claimed an NSA analyst looked through Bill Clinton's email out of curiosity (he was caught). I think this is very revealing.
Many government and private sector systems share these types of problems.
Think Facebook and the DMV. As controls mature around the process, trolling through the data becomes relatively easy to enforce. My understanding is that in most state DMVs, looking up the driving record of a public figure or similarly flagged individual by some clerk is immediately detected, and "curiosity" lookups on friends and family eventually get caught by audit.
One unintended consequence of the Snowden leak is to advertise this service to US businesses. My guess is that the discreet inquiries are already winging their way towards Congressmen.
With the exception of the handful of Members on relevant intelligence committees, most Members of Congress were not aware of the massive scope of this program, or even that it existed in its current form.
Access to this type of information by a private citizen would require a hell of a lot more access than writing a big check to a Representative can get you.
Color me skeptical, but it doesn't appear that there's anything that's outside the scope of what a big check to a congressperson can get you these days. I do hope you're right, though.
I don't understand your objection. My point was that US businesses are likely to be highly aware of the possibilities of PRISM now, after the Snowden leaks. That most US congressmen weren't aware of PRISM before the Snowden leak is neither here nor there.
And while it's certainly possible that they will all simply be told to shoo (and I didn't assert otherwise), a large number of big, clouty US companies (not individuals) hinting that they would like to see some more results from PRISM aggregates to the kind of political pressure that I'm not certain Congress will simply ignore.
The safeguards for actual analysts who use the data "officially" are probably a lot stronger than for sysadmins (like Snowden) who have access through side channels. They probably log access through the front door of the webapp and would question someone doing queries on blatantly non-work related things -- this has caught people in healthcare looking up the medical records of famous people, in the past.
They could probably still get access to a very limited number through some pretext, or with cooperation from other staff (like sysadmins or the reviewers), but it's less of a risk with NSA I think than it is with other agencies.
Exactly, except for the logging part: It would appear that either Snowden was able to circumvent the logging policies via his admin privs or they were not in place.
When I was head of an IT division within lockheed (non-classified) I could have accessed anything - with admin accounts i was the sole owner of. I was ethically precluded from doing so...
At a company where there is "open access" with "logging the shit out of access (e.g. Facebook) -- then this situation could arise where an arbitrary employee could access any data, assuming they had the knowledge of where to find the info they were looking for, didn't get caught and the logging was either faulty, ignored or fictitious -- or the employee used an account other than their own to avoid suspicions.
It would be interesting,actually, to understand to what deep level of privs B.A.H - as a company - was afforded to NSA data/systems/programs/etc...
One thing I am not clear on is how this employee of a 3rd party def contractor (albeit, supposedly the biggest to the NSA) was able to access information that is considered to be so deeply secret to the USG? Is this an indication that a significantly "important" program (PRISM) was, for the most part, outsourced to be run by contractors such as Snowden within BAH?
Did Snowden systematically seek out, deftly, access to information over a long period of time through his privs afforded him as a sys ad? This to me is the most intriguing and unknown part: For how long was Snowden planning this? Was this something he truly accomplished on his own? Or was there a cast of supporting characters that we are unaware of"
If there is no supporting characters who helped him put this together - that this guy is one of the most brilliant high-school drop-outs I have heard of.
If there is a cast of supporting characters were they operating as whistleblowers in support of the seemingly patriotic reveal that we have thus far seen?
Or was there a supporting cast of characters that have helped snowden architect this whole event, masterfully - it seems, for a motive that we, the outsiders, are not yet aware: There seem to be three possible realities if this is true:
1) Snowden plus team is a smokescreen designed to purposefully air this info to further the surveillance agenda by seeing how far the world acquiesces to it. Stir up a reaction that can result in tighter controls of liberty when protesting pops up and the USG can claim that these are all threats to our national security and these efforts are vital.
2) Snowden plus team are truly patriots and heroes and are looking to stop the furtherance of USG/tyranny over individual freedom and are airing this info to allow for an open dialogue.
3) Snowden and team really are double/triple agents and are an attack on the USG directly attempting to make the USG look bad and have the US lose face/credibility...
(I am sure there are countless other potential scenarios that the NSA/USG have mapped out... I would be REALLY interested in hearing them for consideration)
---
My personal opinion is simple - I am very happy this series of events has taken place as I have known of Echelon for decades - and now feel that there is 100% irrefutable proof that it is in place... what the next steps are is unclear, but I hope that it is an awakening and invigoration of people all over the world to fight to make this place a better world to live in rather than a worse one.
Snowden didn't circumvent anything, because he hasn't released anything. Snowden has made a lot of grandiose claims which he can't actually back up, because beyond a few slides and some very common knowledge stuff (NSA hacking China) which he could've outright made up he hasn't been able to show he could do any of the stuff he claims.
If you were aware of any notable hacking incidents in China, and could claim to have privileged knowledge, then it's easy to say the NSA were behind whatever you want (just in this case, obviously the NSAs mission would imply it attempts hacking of foreign networks).
PRISM is disclosed via a powerpoint presentation. Presentation as in, a thing you tend to show to a large audience. Its highly likely he was simply given a copy of it after being shown it, since good internal education and knowledge sharing is a pretty core concept to running a successful enterprise.
Snowden didn't circumvent anything, because he hasn't released anything.
He clearly has released top secret documents; your assertion that he "hasn't released anything" is simply untrue. If you truly feel this isn't a leak, you obviously think the top secret classification is irrelevant and disagree with the US gov. on this. Some examples of his assertions verified by documents:
NSA keeping daily phone records for every American
NSA receiving data from US internet companies
GCHQ (and thus NSA) keeping 3 days complete internet traffic passing through UK
GCHQ (and thus NSA) keeping the content of all UK text messages
Re access controls at the NSA, I find it telling that an analyst was able to look at Bill Clinton's emails and only be reprimanded afterward - if proper legal controls on each target of surveillance were in place, or even perfunctory control by supervisors, that could never have happened.
He's released - again - a powerpoint presentation. The NSA phone record stuff? That was public knowledge in 2007. The GCHQ stuff seems like it was a powerpoint presentation too - no one's claimed anything more.
It's a leak, yes. He should be prosecuted for it, yes. But it's also widely disseminated internal data by nature of being a presentation.
Everything else is him claiming to have knowledge of things, without providing specific details beyond "his word". There's no reason to think he had the powers he claims to have and he's been leaking the NSAs foreign survieillance programs in broad-strokes like a sieve, but American specific stuff? Mysteriously quiet. With equally quiet walkbacks of the claims by the Washington Post and Guardian.
My question is, what has Snowden released which confirms the idea that he had the type of broad-ranging access which you claim.
Nothing you just cited confirms that: the first is Verizon phone records. Again - public knowledge since 2007 if anyone was actually paying attention.
The second and third are a warrant of the type used to request surveillance (you know, due process and all that) and a document of procedures for minimizing data on US citizens.
Both documents, explicitly dealing with not collecting broad-ranging data on US citizens and demonstrating oversight and limitation to the process. So again, where is the smoking gun? Where is any proof that Edward Snowden has done more then simply make a copy of a library of guidelines and procedures for NSA employees? Because nothing you just linked proves that he has anything substantive which actually proves wrongdoing, overreach, or the NSA going beyond mission parameters.
Some of your assertions were simply untrue - if you want people to take you seriously, don't try to distort the truth. If the documents above were common knowledge they would not be stamped 'TOP SECRET/NOFORN', he released more than the powerpoint slides, etc.
Because nothing you just linked proves that he has anything substantive which actually proves wrongdoing, overreach, or the NSA going beyond mission parameters.
To take just this one example, I consider tracking the domestic phone records of all Americans daily to be a huge infringement of the NSA's stated mission and the privacy of hundreds of millions of Americans, which you so blithely dimiss as 'public knowledge'. YMMV on that, but frankly your arguments that this is nothing of consequence are absurd given the reaction of the US President, Congress, the NSA, Foreign governments, and journalists around the world to these leaks - clearly they are important and clearly the revelations have shocked many people.
People have been throwing hyperbole around liberally in this issue, so again: powerpoint slides or mundane documents, none of it proves what you're claiming it proves. Edward Snowden has not shown he had any of the capability or access he is claiming. The fact it's marked "Top Secret" does not prove this - confidential information is always "need-to-know" - you can have Top Secret clearance but you don't get to just go and ask for all the Top Secret documents in the archive unless you have a provable reason to have them. It was perfectly clear what I was saying, if you want to get pedantic then its certainly too early to wildly speculate on Edward Snowden's secret NSA leaking team (as in the parent of this thread).
You may consider the phone records a huge infringement but again: this program was public knowledge. There were articles written about it. In fact it was public as early as 2006:
[http://usatoday30.usatoday.com/news/washington/2006-05-10-ns...]. Edward Snowden releasing anything on it is thus mundane except for the fact Edward Snowden is doing it, and again - doesn't prove that he actually knows anything significant or had the type of access he claims to have.
Which is the point here: not what you personally find invasive, but the idea that Edward Snowden has the goldmine of data and knowledge people are wildly speculating he does, despite scant evidence in that direction.
No you have it wrong. The rules, while explaining how to deal with data, provide loopholes to basically capture and store everybody (US citizens included). The point is that they are writing laws that should be illegal and are interpreting the patriot act in ways it was not supposed to be interpreted.
Just because you failed to release interesting classified materials doesn't mean you weren't trying to. Just because you didn't kill anybody doesn't mean you don't get charged with attempted murder.
Sorry. I guess I presumed that your very first statement of "Snowden didn't circumvent anything" meant that he had nothing interesting in the first place. Which implies that he has nothing to release even if he wanted to.
So if he's charged with espionage, even if he hasn't released anything, does that mean he has circumvented something? Or that access to that information didn't actually require being circumvented in the first place?
According to Google "NSA powers" in their case are restricted to FISA orders, so I'm not sure how a random worker at a government contractor can produce these. Snowden was a sysadmin for a contractor and that is how he got his hands on their internal documents.
Is no one else paying attention to anything beyond the "slides" in this story?!
Aren't the NSA claiming they only need a FISA warrant if both ends of the correspondence are (reasonably believed to be) US citizens on US territory? For those of us in "the rest of the world" or any Americans corresponding with us I believe the restrictions on the NSA are "Yeah, do whatever the hell you want!"
FISA, the Foreign Intelligence Surveillance Act, only creates warrants for surveilling foreign persons. It also requires that the surveillance actively minimize data collected on US persons in the process.
The NSA is claiming that FISA warrants are required if either end is a foreigner, and that if the connection is US-US that they're not allowed to examine that conversation at all.
