WASHINGTON — The American intelligence community spends billions of dollars trying to protect the United States from foreign agents. But it was “just another guy who sits there day to day in the office” who showed how easy it is for someone within to weaken the National Security Agency’s information fortress.
Edward Snowden, a midlevel computer technician, used those “just another guy” words to describe himself when he acknowledged being the source of last week’s leaks about the NSA’s surveillance programs. He also claimed that he could, in an afternoon from his desk in Hawaii, disable the NSA’s entire surveillance system. By his telling, a few clicks on a computer by any number of employees could do significant damage to US interests.
The revelations from Snowden, coupled with the trial this month of Army Private Bradley Manning on 2010 charges that he leaked hundreds of thousands of classified documents to the website WikiLeaks, have exposed damaging security holes in an era where ever more secrets are being kept in digital files — and are accessible by a greater number of people.
In a short period of time, stealing secrets has gone from the laborious task of copying papers taken surreptitiously from filing cabinets to the current age in which files can be electronically copied onto thumb drives. Manning was said to have disguised his efforts by downloading secrets onto compact discs made to look like pop music recordings.
“Bradley Manning could have extracted documents in the past, maybe even a briefcase full,” said Joseph S. Nye, Jr., a Harvard Kennedy School professor and author of the book “Presidential Leadership and the Creation of the American Era.” “But the idea that you can get a warehouse full in a Lady Gaga disc — that’s new.”
As for Snowden, his access to the top secret data might have made it technically impossible to stop him, analysts said.
“There is no product that is going to prevent that kind of a leak,” said John Prisco, the chief executive of Triumfant, a Rockville, Md., company that specializes in detecting computer intrusions and works for the Pentagon and several spy agencies. “If somebody decides they are going to go rogue and disclose top secret documents, that is not something technology is going to prevent.’’
The challenge for intelligence agencies has intensified since the Sept. 11, 2001, attacks, and more recently the Boston bombings, as they have come under increased pressure to share information with each other, thus opening more online pathways to more hard drives. At the same time, partly as a result of rapid expansion since 2001, the federal government is increasingly reliant on outside contractors, including Snowden’s employer Booz Allen Hamilton, further expanding the universe of people with access to that information. And the ability to gather and store greater amounts of information in a digital format requires more people with the ability, and access, to analyze it.
With that comes more potential people who could either spy for profit or leak information out of personal conviction.
In 2012, the office of the Director of National Intelligence said more than 4.9 million people, both government officials and contractors, had security clearances, a jump of 100,000 from the year before.
Snowden asserted in a video interview posted by The Guardian on Sunday he could have gathered and publicized far more damaging secrets, had his motivation been different.
“Anyone in the positions of access with the technical capabilities that I had could suck out secrets, pass them on the open market to Russia,” Snowden said. “I had access to the full rosters of everyone working at the NSA, the entire intelligence community, and undercover assets all over the world.”
The suggestion by some that a person leaking national security secrets is a whistleblower or even a hero is especially worrisome to the NSA. James R. Clapper, director of national intelligence, told NBC Monday the leaks “can render great damage to our intelligence capabilities.”
“They're very afraid of it,” said James Bamford, the author of three books about the NSA, who argues that the agency has done a poor job of protecting information. “They’re afraid of this cascading aspect where one case generates other cases. Edward Snowden may have been inspired by Manning. Who knows how many people have seen operations that haven’t been revealed, yet that they feel are equally offensive.”
Manning, who is now standing trial before a military court martial and faces more than 150 years in prison, is the lowest rank of soldier. Yet he had computer access to highly sensitive documents ranging from secret diplomatic cables to military commanders’ assessments in Iraq and Afghanistan.
The trove obtained by WikiLeaks, which amounted to the largest single leak of classified information in history, prompted the Pentagon to tighten access to its classified computer networks.
For example, the State Department communications that Manning is accused of downloading from the Department of Defense’s so-called Secret Internet Protocol Router Network are now much harder to access.
Computers that are compatible with thumb drives, DVD recorders, or other removable devices have been sharply restricted. And in some cases, a “two-person” rule was instituted before classified data could be downloaded from a government computer, to prevent single individuals from removing protected data.
Robert Bryant, the top US counterintelligence officer, recently issued a warning to all intelligence personnel, in which he labeled insider threats “the top counterintelligence challenge to our community.”
“Today more information can be carried out the door on removable media in a matter of minutes than the sum total of what was given to our enemies in hard copy throughout US history,” added Bryant, who heads the Office of the National Counterintelligence Executive.
President Obama established an “Insider Threat Task Force” in 2011 to “develop a “governmentwide program for deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure.”
Steven Aftergood, who runs the Project on Government Secrecy at the Federation of American Scientists, predicted that the Snowden disclosures will lead to more fundamental changes, especially at NSA.
“Why should a junior tech person have such broad access?” he said. “But a larger policy question is: Why should anyone have such access?”
Others with intimate knowledge of the classification system suspect that Snowden’s alleged actions will generate the very result he was fighting against: greater secrecy.
“The knee-jerk reaction is building more secure facilities and doing more polygraphs,” said J. William Leonard, who until 2008 was director of the Information Security Oversight Office at the National Archives, referring to the common steps to safeguard sensitive data and screen people for access.
Instead, Leonard, who oversaw the 60 executive branch agencies that create or handle classified information, believes the latest case cries out for a reassessment “of how we make and keep secrets.”
“The classification system is fundamentally the same since the Manhattan Project in World War II,” he said. “We now produce more secrets than we have in the history of mankind. You can’t keep on producing secrets the way we do and expect them to stay secure.”
In his experience, the NSA has been one of the most prolific practitioners of overclassification — making things secret that don’t need to be, he said. And that may partly explain Snowden’s actions, he said.
“The system is so corrupted by phony secrets,” he said, “that you have people inserting their judgments instead of official judgments.”