
If the NSA Trusted Edward Snowden With Our Data, Why Should We Trust the NSA? - reaganing
http://www.slate.com/blogs/future_tense/2013/06/09/edward_snowden_why_did_the_nsa_whistleblower_have_access_to_prism_and_other.html
======
ritchiea
All of the comments taking umbrage that the article isn't celebrating
Snowden's character are missing the point. While it is entirely possible that
he was qualified or even overqualified for the position he had at Booz Allen
Hamilton, nothing in his resume suggests that which raises the question who
else has access to sensitive data and secrets? The answer could be that
Snowden was an exceptional individual and that's how he got to where he was,
but it could also be that the government is terrible at hiring and granting
security clearance and there are a lot of terrible individuals with access to
secrets & sensitive data and Snowden just happened to be a standout.

~~~
known_unknowns
The security clearance process basically looks for reasonable, honest
Americans free of foreign influence.

If government actors are abusing their power to such an extent that
reasonable, honest Americans free of foreign influence feel morally obligated
to blow the whistle, then there are going to be more leaks.

It's not a flaw in the system; It's a _safeguard_ against corruption and abuse
of the system.

~~~
sliverstorm
That's not what is being discussed here. What is being discussed is the leaker
doesn't appear to be a standout individual. He isn't the top of his field. He
doesn't have numerous advanced degrees. So on and so forth. He is "garden
variety". So, given that, if a "garden variety employee" can get access to all
this data, just how many ordinary Joes have access to it? The more people,
particularly those low on the totem pole, the more opportunity for leaks to
the wrong people.

------
gkoberger
I don't think Slate is trying to crucify Edward Snowden. I think it was more
"If a high school dropout with basic computer skills can win this contract,
imagine what a talented hacker with malicious intentions could do", and just
happened to attack Snowden a bit too much.

~~~
obstacle1
Even Slate admits, though, that they have no idea what level his computer
skills are at or how good a fit he was for the job:

>Yes, he could be a computing savant anyway—many well-known techies dropped
out of school

They're basically bemoaning his lack of official credentials.

~~~
arthulia
I think the real thing to take home here is that they trusted him and he broke
that trust. Who else are they trusting that they shouldn't be?

~~~
frankacter
I though the real issue was that we trusted the American government and they
broke that trust?

------
jongraehl
The author is full of stupid snark. Clearly Snowden is an exceptional
individual; learning that he used to be a janitor, or whatever, shouldn't
cause us to throw away all the evidence we have about him and double-take
"they promoted a _janitor_?".

Perhaps the quality of his work matched his obviously high character,
regardless of his initial lack of formal credential. This is IT we're talking
about - classes are a joke.

~~~
Terretta
The janitor making good, solving the famous math conjecture on the blackboard,
is a Hollywood trope. Not sure why Slate is so adamant that the guy's story is
a disqualifier.

We don't know his story yet but this much is certain: he is by definition an
exceptional individual.

~~~
horacio
It's not only a Good Will Hunting trope, but has a very relevant, very current
real-life example that came to light a few weeks ago.

Tom Zhang, who now teaches at the University of New Hampshire, recently
published a proof of the mathematically-famous twin prime conjecture for
certain prime number pairs.

For quite some time, Zhang couldn't find work as a mathematician, and during
that period, he worked as a Subway fast-food restaurant worker.

[http://www.independent.co.uk/news/science/that-figures-
profe...](http://www.independent.co.uk/news/science/that-figures-professor-
who-had-to-work-at-subway-dazzles-world-of-maths-after-solving-centuriesold-
prime-number-riddle-8625637.html)

I believe I understand the point that Manjoo is making in his article, but
both his choice of example, and the specific derogatory language he uses to
express his reaction, makes it seem to me that he has some specific ax to
grind about the nature of technical credentials and their social cachet.

------
SeanDav
So now lack of a degree means you cannot be trusted with sensitive data - wtf?

I understand the guy is emphasizing these things to make his point but still,
wtf.

What about his morals? What about his courage? I would most definitely trust
my data to a guy that was and is prepared to go to jail for his beliefs that
my data should be treated with respect and within the law.

~~~
untog
_What about his morals? What about his courage?_

I don't think the NSA would be using the same words you are.

The more legitimate point is that he was a contractor- just how much clearance
do contractors get? That seems like the bigger worry to me.

~~~
dkrich
A lot. But first they have to go through extremely invasive and intense
background checks that in some cases take years to complete. It all depends on
the agency and the role. Some are "Public Trust" which is the barely-above
civilian clearance which takes less than a month. On the other end of the
spectrum are your top-secret clearances which take months to years to
complete. If I had to place a wager I would bet heavily that he has held a
top-secret clearance for a long time. The NSA isn't going to let anybody off
the street roam its halls.

------
malandrew
I expect this from some news sources such as CNN, but not from Slate and
definitely not from Farhad Manjoo.

Why can't we celebrate him for having the moral character to have done the
right thing instead of assault his character.

A college dropout that did the right thing by whistleblowing is 1000x better
to have in this World than an MIT, Stanford or Harvard graduate who is working
at the NSA or CIA being enabling or at least complicit in programs.

------
thret
I wouldn't be surprised if the #1 criteria for NSA grunt employees is
patriotism. If he's prepared to sacrifice everything for his country than he
seems to be the perfect candidate to me.

~~~
rdtsc
It is for CIA at least. Their tactic is that "we can teach you technical stuff
in class after we hire you, we can't teach you patriotism if you already
aren't". They like to hire ex-Marines. Someone was saying they also like to
hire Mormons.

The kink is that many patriots do actually understand and love the
Constitution and if forced to routinely go against it in their line of works,
a few will pull a Manning. That is expected. They can't have it both ways.

~~~
btilly
I have heard from multiple sources that the CIA _loves_ Mormons.

Language skills. No drugs. No alcohol. Does well in a hierarchical
environment. Check, check, check and check.

It would be against the law to ask about the underwear.

------
adventured
And so it begins, the assault on Snowden, his character, his qualifications,
etc.

~~~
gyardley
Sure, simultaneously with his canonization.

It's perfectly possible for Snowden to have done what he did and still have
negative qualities - for example, by going public he's making the entire
conversation about _him_ instead of the programs he leaked.

~~~
adventured
He had no choice but to go public. His only shot at not being disappeared,
killed, tortured, etc was to go public.

By going public, he's also encouraging others to do the same. Even if it's
just the smallest amount, it matters.

~~~
gyardley
This is total fantasy. The government has and follows an established procedure
for dealing with whistleblowers, including anonymous ones they manage to
uncover - they'll conduct an investigation, file a complaint, arrest him, and
then get an indictment.

------
mikejholly
I'm not sure that the author understands what a sysadmin is. Even a junior
sysadmin could cripple most services based on their level of access.

~~~
MaulingMonkey
More security conscientious setups use things like automatic password vaults
requiring multiple admins to access. Sysadmin also doesn't mean defacto data
access without forcing them to patch the software maliciously (you don't want
your admins accidentally or intentionally accessing data covered under HIPAA!)

Which isn't to say you're incorrect when you say how much damage a junior
sysadmin could do in most places. It _is_ to say that there are options that
make this kind of thing a lot harder, to limit the scope and damage rogue
admins can cause, and to raise the bar in terms of knowledge required. One
would hope the NSA would be employing some of them.

~~~
nknighthb
One might hope the NSA audits their contractors' security, but I'm not sure
I'd bet on it.

And somewhere along the way you have to accept that your most senior admins
aren't always going to be the ones schlepping gear around, which means
physical access.

I'm also not entirely convinced of the practicality of building a system where
there isn't at least one person who can bypass everything, especially if
they're prepared to go into exile as this guy was.

Given adequate resources, I'm sure it's possible, but there's gonna be a
shitton of money and ridiculously careful planning involved. I expect the
operational overhead to be similarly huge.

------
mtgx
Has the destroying of his credibility already started? What's next? An
uncovered rape case from his past?

------
gridmaths
Wrong Question. A better Question is :

If the Government trusted the NSA with our every phone call and email, why
should we trust the Government?

~~~
freepipi
Is it really harmful if government get your call and email?

~~~
ksherlock
If you don't have anything to hide... oh, why was the government doing it
secretly?

~~~
mpyne
"Oh, hey Ahman, hold up real quick, the government just announced that they're
tapping my phone. We'll talk again later".

~~~
nsp
I'm pretty sure if you were involved with terrorist groups, you became aware
of this sort of thing well before it made the front page of the New York
Times. The idea that keeping it out of the press prevents the targets from
knowing is naive.

~~~
mpyne
Just sayin', at the operational level it pretty much always has to be a
secret, at least while the monitoring is going on.

~~~
pyvpx
bin laden & co. knew the NSA process took 72 hours and adjusted their
communications accordingly. the operational aspects (read: deficiencies) of
many "important" monitoring functions is widely known by those who "need" to
know.

------
Zak
[http://paulgraham.com/credentials.html](http://paulgraham.com/credentials.html)

It seems unlikely Snowden was in a high-paid and important position without
having demonstrated some kind of aptitude. I have the impression he was highly
skilled.

------
randomfool
He comes off as a fairly intelligent person in the interview.

The tech community should be the most understanding when it comes to
overlooked people who kick ass on the job. Too many tech companies today are
focusing on university names, this isn't the way it always was.

Is being nice to Edward Snowden considered aiding a terrorist? The NSA
probably just fired off a warrant for the rest of my communications.

------
brady747
'If Slate trusts Farhad Manjoo with their Op/Ed writing and critical thinking,
why should we trust Slate with their journalism?'

//insert crappy article

I mean, why should we give interviews at all? Obviously someone's resume and a
class they didn't complete is all we need to know about them.

------
georgemcbay
Not a big fan of the reasons we are supposedly not supposed to trust Snowden
specifically, but the question remains a powerful one in the sense that if you
can't ensure that the data and systems you're using for something this
powerful can remain secure from the actions of _any_ single person, then you
have a huge problem.

I've worked at companies where the secrets behind our app signing key are held
to a higher standard than being entrusted to the care of any single entity.
Even ignoring how you feel about whether the PRISM system is good or bad,
shouldn't we expect the NSA to have better security policies, given the huge
scope of abuse these systems could allow?

~~~
mpyne
I didn't get the impression that Snowden actually _has_ access to PRISM
itself. If all he's doing is IT support then it could be as simple as that he
ran across the "management briefing" for it on the share drive without ever
having access to the system itself. Certainly I would hope that NSA is not
dumb enough to farm out credentialing for a system like PRISM to one of their
contractors, but who knows?

------
tzs
> He was accorded the NSA’s top security clearance, which allowed him to see
> and to download the agency’s most sensitive documents.

Document control works on two dimensions: clearance level and need to know.
You need to both have the requisite clearance level and a need to know to be
approved for access to a given document. Having a top clearance doesn't mean
you get to freely look at whatever you want, although the press and general
public seems to think it does.

------
dnautics
EXACTLY.

Not just this guy, but a contracting firm (BAH) in general? How did they get
that bid?

~~~
flyt
Is this a joke? Much of the Top Secret work performed for the government is
done by private companies under contract with full clearances.

i.e.
[http://en.wikipedia.org/wiki/Skunk_Works](http://en.wikipedia.org/wiki/Skunk_Works)

~~~
markdown
It's like capitalism gone mad, isn't it?

I believe the UK is heading in this direction as well. Thatcher started it,
but it's really gone up a few notches since then.

It's a sorry state of affairs when the schools, the fire service, the police,
the prisons, the hospitals, the soldiers of war, and even the spies are all
controlled by for-profit corporations.

------
codex
Having access to a PowerPoint about a system ("metadata") is not exactly the
same as having access to the data itself.

~~~
BCM43
Listen to the interview with him, he says he had access to the data.

------
ccarter84
But...but they're helping us secure our home networks!

"The Information Assurance Directorate (IAD) at NSA recently released a new
technical guide entitled Best Practices for Securing a Home Network." \-
[http://www.nsa.gov/ia/index.shtml](http://www.nsa.gov/ia/index.shtml)

~~~
mehmehshoe
ok...I will bite. TOR power initiate...7 proxies now!

~~~
mehmehshoe
OK..I am back from that link. The verbage was worse than sitting next to an
insurance salesman before a flight.

~~~
ccarter84
Yea sorry about that - In retrospect I shouldn't have included a brain-
deadening link

------
soup10
The very fact that Edward has the integrity to risk his life in the name of
public interest means that he's exactly the kind of person the NSA should be
trusting with our data. It's probably his combination of integrity and
competence that let him get the access he did in the first place.

------
burnstek
In my university, we had a computer security program where computer scientists
were heavily recruited to work for the DoD for a few years in exchange for a
scholarship. One of the students I knew who ended up at the NSA was a
standout, but the many others I knew were of average intellect and in many
cases were below average computer scientists. These are not the level of
people you want involved in mass surveillance programs.

What matters most to the NSA is your ability to pass a polygraph - not your
engineering skills.

------
codezero
It seems like hiring someone who isn't a tech genius (assuming Snowden isn't
one, but it doesn't matter) is exactly what the NSA should want, the less
technically advanced their employees, the less likely they are to be aware of
the wrongness of what they are doing, especially if they are given simple
tools that do all the work for them and mask the technical guts behind a point
and click interface that "anyone" can operate.

------
cdooh
Please. This is not about can we trust them because someone leaked, any civic-
minded person would have done what he did if they had big enough balls. Are we
trying to say that out of the thousands of employees the NSA has no one else
but this one guy felt there was something wrong with this program?

------
thehar
Obviously slate.com's journalist doesn't understand how most of Silicon Valley
works with recruiting these days and those "top companies" contributing to
PRISM's dataset.

------
benjamincburns
If we trusted Verizon with our data, why should we trust ourselves?

------
freepipi
Great article, the awareness of security is terribly bad

