How the NSA Has Failed to Implement Secure Procedures Post-Snowden, and the Most Recent Case of Stolen Confidential Material from The U.S. Government
Following the close of an investigation conducted by the Federal Bureau of Investigation (“FBI”) and the United States Department of Justice into the potential leak of classified national security information by Presidential nominee Hilary Clinton, the national security of the United States has once again become potentially compromised. The most recent leak of top-secret information from the National Security Agency is one of nearly a half dozen that have occurred in the last three years.
In early June 2013, The Guardian Newspaper reported that the US National Security Agency (“NSA”) possessed a secret court order directing Verizon Wireless to hand over all its telephone data to the NSA on an “ongoing daily basis”. The report was followed by disclosures that the NSA had tapped directly into the servers of nine Internet firms including Google, Microsoft, Yahoo, and Facebook to track online communication through a surveillance program known as Prism. It didn’t take long for some large floodgates to break open, exposing NSA surveillance and spying on citizens and Presidents of many other countries including China, Russia, Italy, Brazil, Germany, and EU embassies. Shortly thereafter, The Guardian revealed that ex-CIA systems analyst Edward Snowden was responsible for the top-secret leaks.
“Documents leaked to the Washington Post during the course of this scandal suggested that the NSA breaks US privacy laws hundreds of times every year. Further, the papers revealed that US citizens were inadvertently snooped on for reasons including typing mistakes and errors in the [surveillance] system.”
Three years later, the NSA is again under intense scrutiny for its handling of government secrets, and particularly for its reliance on outside contractors employed by Booz Allen Hamilton Holding Corp, the same consulting company that employed Edward Snowden. This time, a man name Harold Martin has been arrested and charged with the theft of classified government property and the unauthorized removal and retention of classified materials. He is suspected of hoarding the top-secret material in his house and his car for more than a decade. Top secret is the highest level of government classification and is defined by the government as material that if disclosed, “reasonably could be expected to cause exceptionally grave damage to the national security.”
However, it’s been questioned whether Martin can be said to have had the same motivations as Snowden did in the taking of confidential information. While Snowden stole an immense amount of documents and passed them on to journalists to shed light on massive government surveillance programs, Martin has admitted to knowingly possessing top-secret information among his possessions in his home and his car, but his intentions are still unclear. In August, files from high-tech hacking tools that were developed by the NSA were posted online by an anonymous group that called itself the ShadowBrokers. Part of that breach included 300 megabytes of tools and techniques used to infiltrate computer firewalls. Authorities are still unsure whether Martin, who had top secret security clearance, was responsible for this recent leak of NSA hacking tools released online, which is still an leak that has yet to be resolved. Martin possessed some documents that had the same date as some of those documents uploaded by the ShadowBrokers in their leak.
In 2011, President Obama created the National Insider Threat Task Force to assist in the efforts of detecting and deterring high priority leaks. The Obama Administration along with the Justice Department has made it their priority to prosecute leakers, and have prosecuted more than all of its predecessors combined. After the Snowden disclosures, the NSA adopted new technical measures to control information, instituted new rules on downloading sensitive data, and implemented audit trails and more frequent screenings of network access by system administrators. The number of people who have access to classified information has also been reduced by seventeen percent in the last few years. However a representative from the House Intelligence Committee said Martin’s arrest made it “painfully clear that the Intelligence Community still has much to do to institutionalize reforms designed to protect in advance the nation’s sources and methods from insider threats.” Cybersecurity specialist James Lewis notes, “This was not supposed to happen again.” Most of those who work with intelligence agencies are “highly motivated and very patriotic and wouldn’t do this. But you only need one and that’s why they’re having trouble.”
Martin’s case seems to be a much more subtle threat to U.S. security compared to that of Snowden, however, it is also a much harder sort of insider threat to detect when an individual keeps those documents among their own possessions. Even though NSA employees with top-secret security clearance are being continuously reevaluated for any possible threats, it is almost impossible to prevent an insider who is intent on stealing data from doing so. It is still suggested that more work can be done to reduce the chance of another Snowden case, especially in terms of the security of the people and computer networks that house some of America’s most closely held secrets. NSA has yet to effectively implement its post-Snowden security improvements, which if action is not taken soon in the wake of the Martin case, may lead to even more confidential information leaks with the increase in advanced technologies across the globe.