BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

NSA Implementing 'Two-Person' Rule To Stop The Next Edward Snowden

This article is more than 10 years old.

The next Edward Snowden may need a partner on the inside.

On Tuesday, National Security Agency Director Keith Alexander told a congressional hearing of the Intelligence Committee that the agency is implementing a "two-person" system to prevent future leaks of classified information like the one pulled off by 29-year-old Booz Allen contractor Edward Snowden, who exfiltrated "thousands" of files according to the Guardian, to whom he has given several of the secret documents.

"We have to learn from these mistakes when they occur," Representative Charlies Ruppersberger said to Alexander in the hearing. "What system are you or the director of national intelligence administration putting into place to make sure that if another person were to turn against his or her country we would have an alarm system that would not put us in this position?"

"Working with the director of national intelligence what we’re doing is working to come up with a two-person rule and oversight for those and ensure we have a way of blocking people from taking information out of our system."

That "two-person rule," it would seem, will be something similar to the one implemented in some cases by the military after Army private Bradley Manning was able to write hundreds of thousands of secret files to CDs and leak them to WikiLeaks. The rule required that anyone copying data from a secure network onto portable storage media does so with a second person who ensures he or she isn't also collecting unauthorized data.

It may come as a surprise that the NSA doesn't already have that rule in place, especially for young outside contractor employees like Snowden. But Alexander emphasized that Snowden was one of close to a thousand systems administrator--mostly outside contractors--who may have had the ability to set privileges and audit conditions on networks."This is a very difficult question when that person is a systems administrator," Alexander responded. "When one of those persons misuses their authority it’s a huge problem."

Alexander added that the system is still a work in progress, and that the NSA is working with the FBI to collect more facts from the Snowden case and to implement new security measures in other parts of the U.S. intelligence community.

When asked how Snowden had gained such broad access to the NSA's networks despite only working for Booz Allen for three months, Alexander said that he had in fact held a position at the NSA for the twelve months prior to taking that private contractor job.

The questions about the NSA's lack of leak protections came in the midst of a conversation that largely focused on the NSA's justification for the broad surveillance those leaks revealed. In the hearing, Alexander claimed that more than 50 attacks have been foiled with some help from the NSA's surveillance programs such the collection of millions of Americans' cell phone records and the collection of foreigners' Google-, Facebook-, Microsoft- and Apple-held data known as "PRISM," both disclosed in Snowden's documents. One newly-revealed bombing plot targeted the New York Stock Exchange, and another involved an American donating money to a Somalian terrorist group.

Of those more than 50 total cases, ten of those plots involved domestic collection of phone records, according to Alexander. But when Representative Jim Himes questioned in how many cases that collection was "essential," his question went unanswered.

Alexander also fended off criticisms that the Foreign Intelligence Surveillance Act court system, which oversees the NSA's requests to use data it's collected--often from Americans--is a "rubber stamp process" that approves nearly all of the NSA's actions. That court reported  in April that it had received 1,789 applications for electronic surveillance in an annual report to Congress. One request was withdrawn, and forty were approved with some changes. The other 1,748 others were approved without changes.

"I believe the federal judges on that court are superb," Alexander told Congress. "There is, from my perspective, no rubber stamp."

But a significant portion of the hearing also focused on the NSA's security vulnerabilities highlighted by Snowden's leaks, rather than its surveillance. Representative Michelle Bachmann emphasized that the NSA should answer "how a traitor could do something like this to the American people," and how to "prevent this from ever happening again." She asked Alexander how damaging the leaks were to the NSA's mission, and he responded that they were "significant and irreversible."

Snowden has taken refuge in Hong Kong, where he conducted a live Q&A on the Guardian's website Monday. In that conversation, he wrote that "the consent of governed is not consent if it is not informed," and that "truth is coming, and it cannot be stopped."

At the hearing, a member of the committee ended with a personal question about that young leaker's fate: What's next for Snowden?

FBI deputy director Sean Joyce answered, simply, "Justice."

Follow me on Twitter, and check out my new book, This Machine Kills Secrets: How WikiLeakers, Cypherpunks and Hacktivists Aim To Free The World’s Information.