As The Guardian has taken center stage in the Snowden drama, serving as the English-language conduit of choice for publishing classified information about the National Security Agency and its partners that was stolen by Edward Snowden, it’s taken heat from the British government about its possibly illegal activities.
As a dodge, Guardian editors have taken to throwing around the “no big deal” excuse because, they claim, 850,000 people in the US, UK, and partner governments had access to this stuff. It was simply Ed, one in an (almost) million, who did the dirty deed. For one of the many iterations of this nonsense see here.
Yet nonsense it is. It plays on the fact the US and Allied governments have given out a lot of high-level clearances in recent years. But it requires a bit of explanation to understand the details – and why The Guardian is lying.
Everybody at NSA – whether military, civilian, or contractor – holds an active TOP SECRET (TS) security clearance with Sensitive Compartmented Information (SCI) access. That’s what it takes to get in the door at NSA. This is granted after a Single Scope Background Investigation (SSBI) including a “full scope” polygraph (i.e. you’re asked lifestyle as well as counterintelligence questions while you’re strapped to “the box”). To maintain TS/SCI access, you’re reinvestigated, including polygraph, every five years. A basic run-down of the DoD/IC security clearance system can be found here. If you want to know how the many and varied levels of classification are used in day to day DoD/IC work, this is numbingly detailed and best taken with a stiff drink.
But TS/SCI is just the basic level of clearance at NSA and its partner and Allied agencies. Above that there exist many kinds of caveats and special programs that go (or have gone) by weird names such as GAMMA, VRK (Very Restricted Knowledge), and ECI (Exceptionally Controlled Information). Across DoD they have similar SAPs (Special Access Programs). The bottom line is that nobody at NSA sees “everything.” The entire system is in fact designed to prevent any one person from seeing everything.
Called “need to know” – or more formally compartmentization – this means that every person only gets access to what s/he needs to be “read on” for to do the job at hand. Strange as it sounds outside cryptologic channels, it’s perfectly normal not to exactly know what the guy down the hall, or even sitting in the next cubicle over, does all day; you may not have a confirmed need to know, so you don’t. Even spouses and partners who both work at NSA are expected to maintain to “need to know” in their pillow talk.
To get access to really juicy SAPs you may need to undergo special investigation, including additional polygraphs, and in every case you sign paperwork that’s basically another non-disclosure agreement on top of all the ones you’ve already signed to be “in access” at NSA. Security is taken pretty seriously, particularly when very sensitive cryptologic programs are involved.
The bottom line is that The Guardian and its defenders are simply lying when they assert that 850,000 people saw the stuff that Ed stole. No, they didn’t. Not once, ever. Even as an NSA counterintelligence officer with ridiculously high level clearances and accesses to do my job, I never saw “everything” – because that’s literally impossible in the system. Every person’s access is specifically tailored to what he or she needs to know to do the job, and nothing more.
Which is why Ed had to hack NSA systems for months and years, including stealing the log-ins and passwords of others, who presumably had better accesses than a mere system administrator would, to get a look at the TS/SCI+ information he wanted to steal and expose to the world, while making off to Moscow as a finishing touch.
Whether The Guardian broke British law is a matter I will defer to legal experts, but on the matter of who had access to the stolen information they are publishing for the world to see, they are simply telling one lie after another. It should stop at once.
UPDATE: I’ve been attacked by anti-NSA activist Marcy Wheeler for allegedly not providing “evidence” that The Guardian actually said what … they said. The Guardian has cited the “850,000 had access to this stuff” lie in many forms since the summer; mere Googling will reveal many of them, here’s another current example if you like that sort of thing. Marcy is probably the most informed literature Ph.D. without any intelligence experience regarding SIGINT within at ten or twelve miles from wherever you’re sitting at this moment. This one’s for you, Marcy!