Former NSA Deputy Director John Inglis said chances are “high” that foreign governments have “accessed the full, unredacted collection of documents” ex-NSA contractor Edward Snowden stole and leaked to journalists more than a year ago.
“I’d say it’s high. He’s a smart fellow. He knows something about security and encryption. But what we have determined over 70 years of cryptologic history is that single minds never prevail against a diverse set of minds,” Inglis, who retired from the agency in January, told MIT Technology Review at Las Vegas’ Black Hat security conference last week.
“The idea that a single person could secure information against the dedicated efforts of intelligence services that are quite capable is asking a lot. There’s some amount of hubris in that.”
According to Inglis, the access afforded to Snowden as a “systems administrator” — the terminology used by the agency to describe his last job — put him in a unique position to let him access sensitive levels of intelligence not directly related to his job, but required to execute it.
“[B]y design he had more privileges,” Inglis said. “Does that expose a weakness in the system? In hindsight, Snowden went far beyond where we would have expected him to go. The challenge is how do you extend trust to individuals that you’ve gone to great time and trouble to find, vet, and develop confidence in, and allow them to exercise ingenuity, innovation, and creativity?”
Snowden, who has repeatedly alleged his last and former positions were much more significant and designed to shape him into a senior cyber-agent, recently told Wired that poor agency auditing and review were also partly to blame for his success in leaking so much intelligence.
“We need to up our game without crushing the 99.9 percent of people who have operated faithfully,” Inglis said. “We need to focus on behaviors — on the access to data in real time, instead of on defending perimeters, operating systems, or artifacts. You’re looking for a change in behavior that is an anomaly and warrants close examination.”
Inglis denied Snowden’s repeated assertions that no current whistleblower protections would have allowed him to raise his concerns legally, or remain in the U.S.
“There is law and policy that allows contractors to exercise whistleblower provisions,” Inglis said. “The record shows he didn’t attempt to do any of that. He could have privately sent a letter to congressional representatives, senators, the press.”
Snowden’s American legal team, former litigator and journalist Glenn Greenwald, historic Pentagon Papers leaker Daniel Ellsberg and others argue Snowden would neither have received protection nor fair treatment under current espionage laws and court systems.
“He said he complained around April 2013 in writing. It wasn’t a complaint, it was a straightforward question about something he had learned in a course. He received an answer that day from an NSA lawyer. This was four months after, by his own admission, he was already sharing information with reporters. I don’t see how that constitutes an attempt to be a whistleblower,” Inglis said.
According to Inglis, the signals intelligence agency considers safeguarding privacy an essential part of its mission.
“It would be foolhardy for NSA to reject technology that would at once help us pursue national security and defend privacy and civil liberties. I know it ultimately didn’t pass muster,” Inglis said of a former agency cryptographer who claimed to have invented surveillance tech addressing the agency’s dueling interests, which agency top brass elected not to implement.
“There is incidental collection, as there are two sides to every communication in the world, but you’re bound by law and policy to treat innocents as innocent until you have compelling information to treat them otherwise,” Inglis said. “If you asked [NSA employees] how they compromise between privacy and national security, they would say that the question is flawed because they’re expected to do both.”