Prior to the earthshaking revelations wrought by the disclosures of NSA-contractor-turned-whistleblower Edward Snowden, the security apparatus of the United States was ignorant as to how many of its own operatives had access to its most secret information for download and transfer, according to a new declassified government report.
The declassified 2016 Department of Defense inspector general report also noted that the National Security Agency (NSA) was not able to make any "meaningful" cuts in security access, or even completely identify those employees who were granted "privileged" access to extremely sensitive databases.
The declassified report, in a heavily redacted form, was obtained through a Freedom of Information Act lawsuit brought by the New York Times.
It revealed that US security agencies, including the NSA, found that conforming to new mandates to limit access to sensitive information was almost impossible, as the agencies themselves were unaware of the number of employees and contractors who had been granted access.
So many NSA contractors and employees enjoyed the status of being either designated data transfer agents or users with privileged access, that Snowden's leaks come as little surprise — and many have expressed disbelief that it did not happen sooner, according to the Washington Free Beacon.
Portions of the declassified report that were not redacted revealed that authorities at the NSA asserted to the inspector general that they had misplaced a "manually kept spreadsheet" that documented how many privileged users existed, in spite of multiple requests for the information.
The disappearance of the data made any identification of the exact number of privileged users impossible, resulting in the NSA's inability to cull the required number. The Agency simply "arbitrarily removed" access from some privileged users, who were then forced to reapply to the agency for their access, according to the Free Beacon. The same arbitrary actions were taken against those contractors and employees with data transfer permissions.
The seemingly random cut-and-paste methodology brought to bear by the NSA following Snowden's revelations of unregulated and illegal global spying by the US intelligence agency were followed up by a highly touted "Secure the Net" campaign, which purported to eliminate loopholes in the security of the US intelligence community.
But leaks continue, as another former NSA contractor, following in Snowden's footsteps, was charged in early June with leaking classified information about alleged Russian election hacks.
The declassified report affirmed that while the NSA has made some progress in limiting the number of people who have deep access to sensitive data, it "did not fully meet the intent of decreasing the risk of insider threats to its operations and the ability of insiders to exfiltrate data."
A spokesperson for the NSA released a statement to the Times in response to the report that acknowledged the observations of the inspector general.
"We welcome the observations and opportunities for improvement offered by the US Defense Department's Inspector General," the spokesperson said, cited by the Free Beacon.
"NSA has never stopped seeking and implementing ways to strengthen both security policies and internal controls," the spokesperson added.
