ASPEN, Colo. – The National Security Agency is implementing a series of procedural changes to guard against insider threats like that posed by former NSA contractor Edward Snowden, whose leaks of classified information have caused “significant damage” to U.S. security, the head of the NSA and U.S. Cyber Command told the Aspen Security Forum on Thursday.
Gen. Keith Alexander, who heads the two agencies, said he has “concrete proof that terrorists have taken action and made changes” based on the information Snowden has made public.
Alexander said he knows what information Snowden downloaded and took from NSA computers and responded “yes” when asked if it was a lot.
“It was a huge break in trust and confidentiality,” he said.
As a result, the NSA is implementing several changes to the way it handles and secures its data, he said.
At the forefront is a “two-person” rule that will require two people to execute certain activities, certainly including the systems administration that Snowden performed. There also will be a requirement that two persons are needed to gain access to secure rooms, like server rooms. The use of removable media, like thumb drives, to move or download data will be severely restricted. And programs underway to encrypt files to make them readable will be expedited.
Deputy Secretary of Defense Ashton Carter, speaking earlier Thursday, reiterated that Snowden’s leaks caused “substantial” damage.
“This is a failure to defend our own networks,” Carter said. “… The insider threat is an enormous one. This failure originates from two practices that we need to reverse: “first, the concentration of huge amounts of data in one place and the lack of compartmentalization of data, and second, giving too much authority to get and move classified information to one individual.
“Both are mistakes and have to be corrected,” he said.
Anthony Romero, executive director of the American Civil Liberties Union, said Snowden “did this country a service by starting a debate” on what information the government should be allowed to collect.
Alexander and others, including NSA General Counsel Ray De, said the NSA’s program to collect from phone companies and store millions of records of Americans only allowed the NSA to look at the “metadata” and not the content of the messages. To do that, the government must get permission from special Foreign Intelligence Surveillance Act courts, or FISA courts based on proof of reasonable suspicion of a connection to terrorism.
Alexander said the NSA stores the information so it can have quick access but he would be willing to support having the information remain with phone companies if laws could be passed to ensure quick access by the government.
Ellen Shearer is co-director of the National Security Journalism Initiative, as well as the William F. Thomas Professor of the Medill School of Journalism, Media, Integrated Marketing Communications at Northwestern University. She teaches in the school’s Washington Program. Before joining the Medill faculty, she was a senior editor at New York Newsday, a consulting editor at Newhouse News Service, marketing executive at Reuters, and held positions as senior executive, bureau chief and reporter at United Press International.
