Privacy SOS

NSA can’t trust ‘brilliant’ people, will replace sysadmins with computer programs

It’s no wonder General Keith Alexander has set in motion plans to fire up to 90 percent of NSA systems administrators, and replace them with computer automated sysadmins. NBC news reports that Edward Snowden gained access to and downloaded highly classified materials by using his sysadmin credentials to impersonate top-level officials on the NSA’s classified network, NSAnet:

As a system administrator, according to intelligence officials, Snowden had the ability to create and modify user profiles for employees and contractors. He also had the ability to access NSAnet using those user profiles, meaning he could impersonate other users in order to access files. He borrowed the identities of users with higher level security clearances to grab sensitive documents.

Once Snowden had collected documents, his job description also gave him a right forbidden to other NSA employees– the right to download files from his computer to an external storage device.  Snowden downloaded a reported 20,000 documents onto thumb drives before leaving Hawaii for Hong Kong on May 20.

Snowden’s documents became the basis for a series of articles in the Guardian and the Washington Post detailing the extent of the U.S. government’s collection of data and metadata on emails and phone calls.

“The damage, on a scale of 1 to 10, is a 12,” said a former intelligence official.

The NSA declined to comment.

But the NSA has already commented, albeit indirectly. In early August, NSA director General Alexander told a cybersecurity conference that human beings couldn’t be trusted to manage the NSA’s systems anymore.

"What we're in the process of doing – not fast enough – is reducing our system administrators by about 90 percent," he said.

The remarks came as the agency is facing scrutiny after Snowden, who had been one of about 1,000 system administrators who help run the agency's networks, leaked classified details about surveillance programs to the press.

Before the change, "what we've done is we've put people in the loop of transferring data, securing networks and doing things that machines are probably better at doing," Alexander said.

Using technology to automate much of the work now done by employees and contractors would make the NSA's networks "more defensible and more secure," as well as faster, he said at the conference, in which he did not mention Snowden by name.

Computers do what they are told, and don’t have morals. That’s not a reliable bet when it comes to human beings. Brilliant people are especially troublesome, an official told NBC:

“Every day, they are learning how brilliant [Snowden] was,” said a former U.S. official with knowledge of the case. “This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

That puts the NSA and other secretive government agencies that rely on highly-intelligent employees in a tricky situation: they want to hire the best, but the best — by virtue of their brilliance — may not always obey. 

© 2021 ACLU of Massachusetts.