A 1996 article in an internal National Security Agency publication warned of the dangers posed to sensitive NSA information by "rogue" systems administrators such as Edward Snowden, who 17 years later illegally leaked massive amounts of classified material to a handful of reporters.
Following the article’s public release, some experts are questioning whether NSA adequately addressed security issues involving the agency’s most sensitive information.
"A relatively small number of systems administrators are able to read, copy, move, alter, and destroy almost every piece of classified information handled by given agency or organization," noted an intelligence analyst in the information system security officer’s threat analysis division.
"It seems amazing that so few are allowed to control so much—apparently with little or no supervision or security audits," noted the author, whose name was redacted in a declassified version of the article, which appeared in a 1996 issue of the internal NSA journal Cryptologic Quarterly.
The article cited a then-recent security breach involving a contractor at a regional SIGINT (signals intelligence) operations center who "was caught accessing restricted files on a classified system."
"From an individual’s standpoint … access to electronic versions of classified documents is out of control."
The warnings were prescient. Snowden’s access to vast amounts of NSA information on some of the agency’s most sensitive intelligence-gathering capabilities allowed him to expose details of those programs by gathering and storing information available to him in his capacity as a NSA contractor.
"My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," Snowden explained. He took the job precisely to gain that access, with the intention of exposing the information to which he was privy.
Snowden insists his position was actually an "infrastructure analyst," though the agency maintains that he was a systems administrator, or had equivalent access to one.
The Cryptologic Quarterly article was less concerned about a true "rogue" agent than one who could be recruited by foreign intelligence services.
During the Cold War, the author noted, Soviet intelligence forces targeted "communicators," or U.S. intelligence agents who had access to important cryptographic information that could be used to decode intelligence dispatches.
System administrators, the author said, had become even more valuable targets, in part because they "can so easily, so quickly [redacted] steal vast quantities of information."
"Communicators of the past usually sent only relatively short messages and ‘finished’ documents, but today’s system administrators can obtain full-length copies of entire reports, including draft versions, as well as informal email messages, electronic calendar appointments, and a wide variety of other data," the author noted.
The Cryptologic Quarterly article was written during the advent of the Internet. Its recommendations were therefore geared towards an intelligence apparatus that was rapidly changing and which required changes in security procedures to keep pace.
Security experts questioned whether the NSA has adequately addressed such changes and the dangers posed by operatives with access to vast amounts of information who are nonetheless subject to little oversight.
"Snowden is a traitor but he had (unwitting) accomplices who either ignored implementing existing security measures or failed to establish the most obvious and rudimentary security plans for contractors," said Gary Schmitt, co-director of the Marilyn Ware Center for Security Studies at the American Enterprise Institute.
The Cryptologic Quarterly article, which was posted on the website Cryptome on Sunday, makes clear that some of these concerns were voiced years ago. However, it’s not clear what efforts were put in place to address the issues it raised.
"Maybe in the classified world there is a detailed report explaining how Snowden was able to get away with stealing so much information but, to date, in the unclassified world, there has been no mention of fines, firings, or any administrative repercussions for allowing Snowden to do what he did," Schmitt said.
Snowden has denied cooperating with any foreign intelligence services, the primary concern of the 1996 article. But some have questioned his claim to the "whistleblower" moniker, instead saying he is harming the ability of U.S. intelligence services to perform legal and legitimate foreign surveillance activities.
William Binney, a NSA whistleblower who exposed details of the agency’s electronic surveillance programs, recently said that Snowden was "transitioning from whistleblower to a traitor" by leaking information about NSA activities that targeted foreign governments.
"Certainly he performed a really great public service to begin with by exposing these [domestic surveillance] programs and making the government in a sense publicly accountable for what they’re doing," Binney told USA Today.
"But now he is starting to talk about things like the government hacking into China and all this kind of thing," Binney added. "That’s not a public service, and now he is going a little beyond public service."
The NSA did not respond to a request for comment by press time.