A Snowden job, when snow jobs meet the NSA

Most people are well aware that a 29 year old NSA contractor has released various levels of classified documents to the press. This has caused a furor in the government as they both try to hold Snowden accountable and not comment on the veracity of the documents. I am not going to comment on the veracity of the documents or discuss the credibility of Mr. Snowden. I can make fun of the entire situation, but there is an interesting trend that is starting to be illuminated.

The other case for the credibility of Mr. Snowden.

Rather than attack the veracity of the documents that Mr. Snowden has release the focus has been on his statements that he is a spy, made $200K a year, where he worked, his lack of education, his political naivety, and his propensity for grandiosity. The focus has circled around him rather than the documents. If I was setting up an information operation to discredit him I can see no way to be more successful than that.

Consider though a different view and criticism.

  • Mr. Snowden was a low-level contract employee in the information technology department who allegedly had access to high-level classified documents.
  • Mr. Snowden was able to access, retrieve, and copy high-level classified documents as a contractor.
  • The NSA is the perceived government expert agency at information security and this happened under their noses.
  • The NSA is supposed to be the trusted repository of our personal lives and arbiter of signals intelligence but a low level contractor gained access to the classified information.
  • The vetting process of the federal government for security clearances did not detect a hostile entity within the system.
  • The contracting management did not detect or manage their employee and basically was just a body shop.
  • The contracting process put a person with no college education, no high school diploma, and obvious maturity issues into a trusted position that usually would require advanced schooling and time in service.
  • Snowden accessed classified information and was able to travel to a communist controlled country without detection.
  • And, many more allegations

The old hands in the government will say that contractors are a way of life and those in the know will laugh because NSA has struggled with this issue for quite some time. The fact that something is known, and then not fixed is not an excuse. It is a reason to fire leadership. The credibility of an agency to arbitrate and analyze within the rule of law signals intelligence is suspect if they can’t control access of a low-level employee. The various attacks on Mr. Snowden’s veracity are valid, credible, and provide just how messed up the NSA must be internally.

Each and every criticism applied to the case of Mr. Snowden is also a critique of the vetting process, inherent problems of government in general and the NSA specifically. If Mr. Snowden is indicative of the caliber of talent that the NSA is willing to contract at great expense, for their information technology practice I am deeply concerned.

The excuse made by government in support of the expensive contracting process is that the system will not allow for hiring people like Mr. Snowden. On the face of it that is a good thing. I would prefer that the government NOT hire more Snowdens. My concern is that the contracting process has even more of these type of people with access to classified information. The statement by the contracting companies that most leaks are done by government employees does nothing to support more trust in a system that is broken. Obviously the entirety of the system is suspect.

Another excuse is that a system with literally millions of people supporting it with security clearances a few bad eggs will get through. That is an interesting and broadly sweeping generalization of the vetting process. So, we should expect that the center of information security, the trusted source of signals intelligence, the possessor of all the nations secrets, the expert agency at information security will ultimately fail. Then why were they given the authority in the first place?

One element of being a spy agency is that you get to declare wild success without providing evidence of the classified activity. When you fail horribly you can claim that you can’t be successful every time.  With minimal credible technical oversight (the experts are the experts) and minimal information for political oversight the NSA has an interesting place. Yes, the NSA will always complain that politicians are, “Up in their business making their life difficult.” As a person who takes privacy and civil liberties seriously I am ok with that.

I am very interested to watch this particular witch hunt. With each and every piece of evidence that Mr. Snowden was a rascal we get to see how bad the failure of the national intelligence system has grown.  I expect in the next few weeks that focus will turn towards the Defense Security Service and the Office of Personnel Management. These two agencies represent the vetting agencies for security clearances. The NSA has a primary responsibility for those working within their system and the intelligence community have special provisions for clearing their workforce. That does not make the case for trust higher. It just shows with even special provisions failure can occur.

I guess I won’t be getting an invite this year to the NSA Christmas party.

2 comments for “A Snowden job, when snow jobs meet the NSA

  1. Turing
    June 14, 2013 at 8:55 am

    Maybe you’re just making a rhetorical point, but it looks like you’re conflating some things in this:

    The excuse made by government in support of the expensive contracting process is that the system will not allow for hiring people like Mr. Snowden. On the face of it that is a good thing. I would prefer that the government NOT hire more Snowdens. My concern is that the contracting process has even more of these type of people with access to classified information. The statement by the contracting companies that most leaks are done by government employees does nothing to support more trust in a system that is broken. Obviously the entirety of the system is suspect.

    The government system can’t hire people like Snowden because it’s so long, so onerous, and usually so badly compensated. The USG hiring process would not have allowed someone with Snowden’s lack of academic credentials in (which might be good, but there is little to say he wasn’t capable at his job), and could never offer him the salary BAH did. Which, by the way, is another problem in the reporting: Hawai’i comes with a huge cost-of-living adjustment since it’s so expensive to live there, so the 200K salary is after whatever housing bonus or extra bump he got for location.

    The conflation is between the system not allowing a Snowden to be hired because of institutional constraints and not allowing a Snowden to be hired because of adverse selection. Since the clearance process for Snowden almost certainly started when he was in the military, and then conducted by the same people who do NSA clearances when he was vetted for BAH, there’s no reason to believe his being hired directly by the NSA would have weeded him out as a threat.

    Remember, the most likely place a person with ill intent is likely to get caught is in the lifestyle (vs counterterrorism) polygraph. These polygraphs are only redone every few years for routine updates. Personally, I think the polys are entirely without merit, but even assuming they’re any good, Snowden’s actions might have come between his latest poly and his update. So when he took the first one, he had done nothing wrong. Even if you think the poly actually works on a technical level, it’s unlikely to pick up “leans towards not liking NSA-style snooping”.

  2. sam
    June 14, 2013 at 9:34 am

    I understand what you’re saying, but the fact that the government can’t do something is not an excuse to not fix that process. Having been through the government hiring process and the security clearance process I would state emphatically you are right in how you describe the system. It isn’t a point of conflation but contradiction. The contracting process failed. To be sure I’m less worried about the criticism of Snowden than I am of the systemic failures hidden by the attacks against Snowden.

    I’ve taught the vetting process to the government as a government employee. I’ve personally taken hundreds of polygraph exams (a story in and of itself). I remind my students that almost every modern spy passed a polygraph. That doesn’t make it right for the IC and NSA to not root out the bad guys better. Systemic failures should be attacked and fixed not made into excuses. Apparently the NSA forensic process has identified when and what was accessed, but the NSA access controls did not work. In the past a director of infosec at NSA said she ran with the assumption of breach and knew that they had moles within their systems. That is a pretty enlightened attitude. Though definitely monday morning quaterback’n it is obvious that the NSA system is still broke. It will likely remain broke.

    I do believe his time in the Army was to short to get a clearance. I think from what I’ve read his access was not SCI. He had to have an IC badge but was likely only TS. Considering the scrutiny I was under (“You ride motorcycles!”) as a government employee and I was not in the IC I can’t imagine how this guy got through. I do understand that I was at a higher level than Snowden and my behavior was looked at from a policy angle as well as national security perspective.

    My opinion is that he broke the law. In the past a person trying to make a political point would be arrested (Ghandi, Martin Luther King) and they would take the punishment as part of the statement. They would not flee to communist controlled foreign nation. Perhaps I’m a bit of romantic but then again I went to college and read “On civil disobedience” and Mr Snowden referred to colleges as diploma mills.

    You added quite a bit to the discussion, thank you.

Leave a Reply