Diametrically Opposed FCC Commissioners Both Agree That Tom Wheeler Should Pull Back On Net Neutrality Rule Making

NSA Still Has No Idea How Many Documents Snowden Took... But Insists We Can Trust Them Because They Audit Everything

from the there's-a-disconnect-there dept

Thu, May 8th 2014 11:59am — Mike Masnick

In the ongoing saga over the NSA's snooping on just about everyone, the one message the NSA and its defenders keep going back to is this idea that we need to "trust" them. And they insist that the trust is fine because everything they do is carefully monitored and audited. In John Oliver's recent interview with former NSA boss, General Keith Alexander, Alexander insisted that this kind of tracking and auditing was fool-proof, claiming that it had caught the twelve people who had abused their authority to spy on specific individuals. Except that Alexander was flat out lying there. First of all, internal investigations have shown thousands of abuses, not just twelve. As for the twelve that Alexander is talking about, when we looked through the details, it became clear that only three of the twelve were caught because of audits. And many were only caught because the guilty party later confessed -- sometimes many years later.

In other words, all this talk of how we should "trust" the NSA because its audits are so good... don't pass the basic laugh test. Yes, twelve people were caught, but nine of them were caught because they confessed themselves or others turned them in. Your guess is as good as mine about how many others abused the system without getting caught at all. Alexander insists that number is zero, but he has no way to know that.

Meanwhile, every time the NSA talks about how wonderful its auditing system is, it seems worthwhile to remind them that Edward Snowden walked out the door with a bunch of documents and no one noticed. At all. As we've been pointing out for months, that should call into question just how good those "audits" are.

And, to make this point even clearer: nearly a year after Snowden walked out the door with all of those documents, the NSA still has no idea what he took. As Glenn Greenwald points out, Alexander is still saying the NSA has no idea how much Snowden took:

AFR: Can you now quantify the number of documents [Snowden] stole?

Gen. Alexander: Well, I don’t think anybody really knows what he actually took with him, because the way he did it, we don’t have an accurate way of counting. What we do have an accurate way of counting is what he touched, what he may have downloaded, and that was more than a million documents.

In fact, the NSA keeps changing its story on how many documents. Early on, Greenwald had suggested it was in the 60,000 to 70,000 range. Just a few days ago, Ewan MacAskill, the often-overlooked Guardian reporter who was with Greenwald and Laura Poitras when they first met Snowden, told a conference that Snowden had 60,000 documents. Yet, by November, the NSA was claiming it was over 200,000 documents. And in December it suddenly jumped to 1.5 million, and then days later, 1.7 million -- based on the assumption, as Alexander admits above, that Snowden took everything he "touched."

But just that very admission highlights that the auditing system the NSA keeps insisting we should trust is completely broken. As we've noted, if the NSA can't tell how its own systems are being used, then it has no idea how they're being abused. Even worse, the NSA has no idea if other people with powers similar to Snowden may have taken other documents and given them to those who actually mean to do us harm, rather than reporters looking to serve the public interest.

In admitting that the NSA has no way of knowing what Snowden did, Alexander is admitting that all this talk of the infallible audit system is all smoke and mirrors. And, because of that, the claims that we can trust the NSA not to abuse its systems are equally untrustworthy.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: audits, ed snowden, keith alexander, nsa, surveillance

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Michael, 8 May 2014 @ 12:09pm

I don�t think anybody really knows what he actually took with him

You could open a dialog with Snowden and, you know, ask - if you weren't still trying to drop him down a very deep hole for exposing your mess.
[ link to this | view in chronology ]
- ChurchHatesTucker (profile), 8 May 2014 @ 12:35pm
  
  Re:
  I suspect Snowden's reaction would be along the lines of "Don't you know? How lax is your own security?"
  [ link to this | view in chronology ]
  - Michael, 8 May 2014 @ 12:43pm
    
    Re: Re:
    So far, he has not responded like that to anything. While the NSA and US government have continued to act like petulant children, his responses have all been reasonable and seem to be thought out.
    [ link to this | view in chronology ]
- Anonymous Coward, 8 May 2014 @ 12:44pm
  
  Re:
  Sure somebody knows. Snowden knows. The journalists know. It's just they don't know.
  [ link to this | view in chronology ]
Violynne (profile), 8 May 2014 @ 12:13pm

Well, the NSA has nothing to worry about. This Tuesday, Glenn Greenwald is planning on releasing more unpublished documents.

If he keeps this up, the NSA will easily be able to tally what was taken and adjust their audit accordingly.

Pulitzer Update:
Glenn: 1
NSA: -26
[ link to this | view in chronology ]
John Fenderson (profile), 8 May 2014 @ 12:17pm

Beyond trust
The trust ship has long since sailed. Nothing that the NSA or its defenders say can be trusted, period. Unless they can prove their assertions, the only rational thing to do is to ignore their claims.
[ link to this | view in chronology ]
- That One Guy (profile), 8 May 2014 @ 12:30pm
  
  Re: Beyond trust
  Actually it's still rather important to pay attention to what they're claiming, as, given they all seem to be pathological liars, if you read it correctly you can get a decent idea as to what they're actually doing, based upon what they say and how they say it.
  
  For example:
  
  Q: "Are you scooping up data from the american public?'
  A: "We are not. Not under this program."
  
  Or alternatively...
  
  A: "We are not. Not that I'm aware of, no."
  (If a low ranking grunt from the agency said something like this, it would be plausible. If a higher up in the agency says something like this though, the only 'plausible' is 'plausible deniability')
  
  Read between the lines and you get...
  
  Q: "Are you scooping up data from the american public?"
  A: "Absolutely."
  [ link to this | view in chronology ]
  - John Fenderson (profile), 8 May 2014 @ 12:47pm
    
    Re: Re: Beyond trust
    Yes, that's an excellent point. Perhaps I should revise my statement that the only rational thing to do with NSA statements is to take them as deceptive unless they can produce proof of their claims.
    [ link to this | view in chronology ]
Anonymous Coward, 8 May 2014 @ 12:19pm

So far the only one we know for sure is lying, is the government and the NSA. I am yet to hear one thing that the Snowden releases have said to be proven not to be the facts.

The record speaks for itself and if it weren't so troubling no one would be hearing anything from the NSA. The fact they are lying at all while making public announcements says they know they screwed up and cover up is called for.

This is why the public and the world doesn't trust the NSA and why they have what they would like to call a perception problem with the public.
[ link to this | view in chronology ]
- Michael, 8 May 2014 @ 12:32pm
  
  Re:
  They aren't lying.
  
  They are protecting you from the truth.
  [ link to this | view in chronology ]
Anonymous Coward, 8 May 2014 @ 12:21pm

I wouldn't swerve to miss Alexander if he walked in front of my car, no matter how much the dozens of car washes it would take to get his stink off cost.
[ link to this | view in chronology ]
- Michael, 8 May 2014 @ 12:24pm
  
  Re:
  I think he rides around in a black helicoptor.
  [ link to this | view in chronology ]
Anonymous Coward, 8 May 2014 @ 12:25pm

They audit everything so well, they had no idea for years that their employees were spying on their girlfriends.
[ link to this | view in chronology ]
Anonymous Coward, 8 May 2014 @ 12:36pm

It's hard to trust someone who spies on those who have nothing to do with terrorism. Just ask Angela Merkel.

The counter argument to what I just said, is that she's the leader of a foreign country. Therefore spying on her relates to national security.

Except, I thought Germany is a close friend and ally to the United States. Spying on friends isn't proper behavior, and suggests distrust by the NSA's behalf.

If the NSA can't even trust their own allies and friends, then isn't it hypocritical for the NSA to be asking for trust in return?

The simple fact is anything can be spun into a national security issue. Which means the NSA can spy on anyone. That's why I'll never trust them.
[ link to this | view in chronology ]
- Michael, 8 May 2014 @ 12:48pm
  
  Re:
  Spying on friends isn't proper behavior
  
  That's not really true in intelligence communities. There has always been an unwritten rule that countries (at least most of the western countries) don't get upset when intelligence agents are caught spying on each other.
  [ link to this | view in chronology ]
  - Anonymous Coward, 9 May 2014 @ 1:20am
    
    Re: Re:
    Well yeah, how else can they exploit the fucked up loophole known as intelligence sharing? You violate the rights of our citizens we violate the rights of yours without technically overstepping our bounds.
    [ link to this | view in chronology ]
- John Fenderson (profile), 8 May 2014 @ 12:50pm
  
  Re:
  "I thought Germany is a close friend and ally to the United States"
  
  The US is not the friend of any nation. I forget who said it, but a heavyweight in government once said this outright -- the US has temporary alliances, not friends, because the interests of the US may shift as time goes by.
  [ link to this | view in chronology ]
  - Anonymous Coward, 8 May 2014 @ 1:41pm
    
    Re: Re:
    "The US is not the friend of any nation."
    
    Even their own.
    [ link to this | view in chronology ]
Anonymous Coward, 8 May 2014 @ 12:44pm

Where's the logs?
Every server I know about keeps logs of all transactions it processes. What happened to the NSA server logs? Are they hiding them or did someone turn off the logging functions in the entire complex?
[ link to this | view in chronology ]
- Anonymous Coward, 8 May 2014 @ 12:46pm
  
  Re: Where's the logs?
  His job was as a system administrator. Maintaining the logs is part of his job.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 8 May 2014 @ 1:00pm
    
    Re: Re: Where's the logs?
    Not all the logs. Logs that may be used for investigating security breaches should be replicated on a different server that is not accessible to anyone but a specially designated investigator. If the NSA failed to do this, then that just makes their failure even worse.
    
    Also, being a system administrator should not give you access to unencrypted sensitive data in any company, and especially not a spy agency. The security failure on that count is absolutely mind boggling.
    [ link to this | view in chronology ]
    - Anonymous Coward, 8 May 2014 @ 1:30pm
      
      Re: Re: Re: Where's the logs?
      Logs like that only exist if your agency can be investigated. They have all the blackmail material and therefor never get investigated and thus have no need for silly little evidence trails.
      [ link to this | view in chronology ]
- Anonymous Coward, 8 May 2014 @ 1:00pm
  
  Re: Where's the logs?
  Allow me to introduce you to Microsoft SharePoint...
  [ link to this | view in chronology ]
- Chronno S. Trigger (profile), 8 May 2014 @ 1:19pm
  
  Re: Where's the logs?
  Those exact logs are what Alexander is referencing. The logs kept track of every single transaction Snowden made. Each and every file that Snowden opened was logged. However, the system is missing any information on the difference between opened and copied. If you're just looking at transactions, copied and opened look exactly the same; the file's bits are being transferred to another computer.
  
  That's why Alexander is saying he could have taking over a million. Snowden touched lots of files, but they have no way to tell which ones were copied and which ones were only opened. Granted, them changing the numbers suggests that they don't even have those logs. They probably don't have much of anything.
  
  These people cannot be trusted to do the job their suppose to do, let alone spy on each and every person they can.
  [ link to this | view in chronology ]
David, 8 May 2014 @ 12:45pm

So according to Alexander
the typical outsourced contractor goon has access to at least 1.7�million highly sensitive classified documents without requiring approval on record. There are no automatic records, and we are talking about specialists in snooping.

What could possibly go wrong?
[ link to this | view in chronology ]
Anonymous Coward, 8 May 2014 @ 12:59pm

NSA knows that records can leak, so they have an audit system designed to avoid leaks, it produces no records.
[ link to this | view in chronology ]