Former NSA executive: Snowden leaks caused 'significant disservice' to the Internet

Former NSA executive: Snowden leaks caused 'significant disservice' to the Internet

Summary: Edward Snowden caused more damage to the Internet than the U.S. intelligence community did, according to a former deputy director of the NSA. But of course, he would say that. So, now what?

(Image via CBS News)

NEW YORK — Edward Snowden sure has caused a lot of headaches in the IT security community.

His reported leaks have led the industry going into overdrive mode over the past ten months in order to counter some of the previously unthinkable tactics used by the U.S. National Security Agency and the wider intelligence community.

In spite of blowing the whistle on some of the encryption-cracking efforts, the fiber-cable tapping, and the zero-day flaw exploitation, Snowden was the one who caused damage to the Internet, according to one former senior NSA official. 

Former NSA deputy director of training Col. Cedric Leighton said in remarks at the Bloomberg Enterprise Technology Summit in New York City on Thursday that Snowden's leaks had performed a "significant disservice" to the worldwide health of the Internet.

He was talking about the recent moves by Brazil and other countries to reconsider the decentralized nature of the foundation of the Internet.

Quick to respond, Trend Micro chief technology officer Raimund Genes said Europe's efforts to strengthen policy within its 28 member state border was "going over the top."

He added that policy was not always the answer, and that the security industry should also find solutions to benefit customers the most.

Undermining the fabric of the Internet

The panel pitted the U.S. intelligence agency's actions against the rest of the world — the Snowden leaks have touched almost every nation — and led with the discussion on nation states' efforts to create their own versions of the Internet, including keeping citizen data within their own respective borders.

"The Internet was created to be global, and it should stay global," Genes added.

"If Snowden is able to get millions of documents from the NSA, what does that say about the security industry designed to protect customer interests?" — Raimund Genes

"When you have a situation where all of a sudden, everyone goes into 'tribal' mode — a German cloud, a Swiss cloud, or any other separate internet, they are significant nationalistic attempts. What happened with Snowden, it's more of an excuse than a policy, it's more of an excuse to re-nationalize the Internet," Leighton said.

This, he suggested, was the beginning of the end for the Internet as we know it.

But Genes was quick to turn the tables on the former NSA deputy director.

"It made us more aware that nothing is really safe," Genes remarked. "If Snowden is able to get millions of documents from the NSA, what does that say about the security industry designed to protect customer interests?"

Leighton defended the NSA's actions, calling some of the reporting of the disclosures "sensational" and "haphazard," and warned that only part of the story was being told.

The NSA has, arguably, responded in its own haphazard and unpredictable way — often issuing vague comments or the rare denial, but mostly a "no comment."

Exploiting the Internet's weaknesses

While the NSA has always said that it's "doing its job," the question is now how does that mission change, or should it change, in a post-Snowden world? The White House has already adopted a recommendation to limit which zero-day attacks and other cyberweapons it uses.

Another panel member, Palo Alto Networks chief security officer Rick Howard, said following the mild-mannered dispute that nobody in the security industry understands what the boundaries are for intelligence services — pointing to the intelligence agency's stockpile of zero-day exploits.

Howard admitted his company was "having a hard time dealing with it."

Genes asked the former NSA deputy director: "Isn't the job of the government to also protect the Internet?" 

Last week, the NSA denied that it knew of the Heartbleed bug in advance of its disclosure. This law in the commonly used OpenSSL affected millions of websites and servers around the world.

The White House issued a statement saying it would report zero-day flaws if it discovered them, so long as it doesn't interfere with national security objectives. As The New York Times put it, the Obama administration will "let [the] NSA exploit some Internet flaws."

While Leighton acknowledged that "the NSA can do its job without exploiting zero-day flaws or using its vulnerability stockpile," he added that it would make its job "far more difficult."

Cybersecurity data sharing: CISPA revisited?

Leighton's trail of thought suggested how the U.S. government works together with private industry partners — particularly those in the security fields — in order to share data and information on cyberthreats, before they become a major issue.

"The government and the private sector need a common sense of agreement. You give security clearances on a need-to-know basis to the right companies, and you tell those companies that we are working together to minimize zero-day vulnerabilities. It would be a concerted effort to go after the bad guys."

He was talking about CISPA, or the Cyber Intelligence Sharing and Protection Act.

Leighton's comments come just a few weeks after the new NSA director Vice Admiral Michael Rogers testified to a Congressional committee about the importance of cyberthreat data sharing.

Under previous incarnations of CISPA, this meant a company like Facebook, Twitter, Google, or any other technology or telecoms company, including cell service providers, would be allowed to hand over vast amounts of data to the U.S. government and its law enforcement agencies — for whatever purpose the feds deem necessary — and face no legal reprisals.

CISPA was highly opposed by privacy advocates and civil liberties groups, which described the bill as a "privacy killer" and "dangerously vague," yet it was supported widely by Silicon Valley and other technology firms. 

The bill eventually crumbled on the Senate floor after a failed vote, with Sen. Jay Rockefeller (DWV), chairman of the Senate Commerce Committee, citing "insufficient" privacy protections. The White House previously said the President would veto the bill should it pass to his desk.

Rogers said in mid-March that while cybersecurity legislation was a "step in the right direction," he highlighted that information sharing between private companies — such as Silicon Valley giants — would be, "in the long run… probably the right answer."

Rogers was confirmed as the joint NSA and United States Cyber Command chief on April 1.

Topics: Security, IT Policies

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Uh, no. No they did not.

    "Former NSA deputy director Col. Cedric Leighton said in remarks at the Bloomberg Enterprise Technology Summit in New York City on Thursday that Snowden's leaks had performed a "significant disservice" to the worldwide health of the Internet."

    It was the actions of the NSA which led to this.

    "...and warned that only part of the story was being told."

    Then by all means: Let's hear your side. I'm sure there are many people that would love to engage the NSA in an open and honest dialog about their actions.
    • People are already...

      ...on the defensive. I think part of the reason the NSA isn't saying much is because right now NOTHING they could say would go over right.
      luke mayson
      • Dirty Bunch

        of peeping Toms looking into EVERYBODY'S lives who remind me of Bob & Cheryl Ugly.
        And about as good to look at as well.
    • Exactly!

      The sheer arrogance of these mother^*&^*&(.
  • Maybe my take is wrong...

    If the NSA had not been engaging in the released activity all this would be a nonissue. As I see it the NSA got caught with their collective hands in the cookie jar now they want to silence the ones that catch them. In other words, the government can screw the people, but woo be to the person(s) that disclosed that fact.

    In my mind Snowden is a whistle blower nothing more. If a private business attempted to silence a whistle blower the government and lawyers would be jump on that company like ugly on a gorilla.
    • Maybe your take is wrong... Yeah I think so.

      What snowden did is treasonous and only damages our country. He's not a whistleblower. In order to be a whistleblower, you have to report illegal acts or misconduct. Instead he gave up information that helps keep our country safe, and helps keep our troops safe on the battlefield. I'm sure we will bounce back but it's definitely done damage. Meanwhile chickensh*t is in Russia, and there's no doubt they have all the other cassified documents he stole.
      • Im with you...

        Yep Snowden is nothing more that a traitor to his nation. If he really cared about doing right he could have tried to get a closed congressional meeting with the oversight committee, or raised issues publicly without disclosing the actual information, and I'm sure with some thought there are other alternatives to.

        He is simply nothing more or less than a straight traitor who ran straight to the Russians to spill his guts. The sooner the media gets around to not reporting anything else he has to sat except to publish 'The traitor Snowden attempted to release more information' and not report the information the better. Same goes for the other looser Assange...
        • Are you getting paid well?

          Cause it is a hard job....
          • Doing OK...

            I actually work for myself and doing OK... how about yourself? Things going well? Looking forward to summer approaching? It's heading into winter down here in the southern hemisphere so missing those warmer days already.

            (Not seeing the point to the question, but hey - nothing wrong with some polite conversation...)
        • Snowden

          Read about Binney et al
          You are breathtakingly uniformed
          Gunga Gin
        • ridiculous

          Aside from the unlikely chance that some random person can get the oversight committee together for him, it wouldn't matter, because many of these members knew of the shit the NSA was doing, but were legally bound to keep it a secret, or they supported the illegal activity. Ron Wyden has been trying to warn us for years about this. Snowden would simply be telling them what they already knew.
        • I'm NOT with you

          Your facile incorrect and hugely prejudicial interpretation of the Snowden affair is chilling . Unless you live in a country where the mainstream press has lost the ethos of what was always part of the fifth estate.
          When you watch Faux News , do you ever question the content or the motives behind the 24/7 terror warnings?
          He did not run straight to the Rusdians to spill his guts. He was refused sanctuary by several countries, including Germany, and with the US breaking laws to be hot on his tail he went to Russia as a reluctant choice, having given all his files to several Western news people. There was nothing left for him to give to the Russians alone.perhaps you are one if the many people who he embarrassed, who think it is ok to invade privacy, trample on the fourth Amendment, lie to Congress, and shame the American people. Your parents would be proud.
          Gunga Gin
          • There were other countries wanting to take him in...

            Didn't he hear about those? (Google it - to see which ones...)

            He chose Russia and waited there for WEEKS... I don't recall the precise reasons, but the way they were said it seemed very woolly at the time.

            Never mind the recent live broadcast, where he and his chum Putin were lying outright on national television in saying Russia doesn't spy on its citizens (really? The KGB is just a manufactured fiction to sell spy-genre product back in the delightful "cold war" days of the 1950s-1980s??) I'm sure the FSB, GRU, and SVR services that replaced the KGB are just as fictitious, yes?

            P.S. Why would anyone watch FOX news, an entity that - for a "professional" outlet that spends time and money making and selling a product - put out so much debunked information, inaccurate information (especially when a republican offifcial does something illegal, FOX (used to, anyway) label them as "Democrat". Even McCain!), and highly spun and contrived articles that don't withstand any scrutiny.
          • Other countries

            There was nothing woolly about it. It was clear from discussions in the German parliament that many internally did not feel Snowden would be safe there given the deep taint that Germany has with respect to American influence. As for finding other countries that are not under the American thumb (you have US soldiers stationed in 175 countries), ones with honourable intentions, it might not have been that easy. Just because they said they would have taken him in, often was after the fact, e.g. countries learning the US had been spying on them too, or who had their planes illegally grounded and searched etc.

            Snowden wound up in Russia not for any ideological affinity. It was simply the only place that his advisors felt he could be safe. Putin is not his chum unless you have evidence otherwise which comes from an objective source. You must be naive if you want to take any offers of asylum at face value. This was the case of a single honest man up against some very evil and powerful men who would stop at nothing to silence him. They would even lie to Congress, cf. Rogers, Brennan, Clapper etc.

            All it takes for evil to triumph is for good men to do nothing. There were 40,000 NSA employees who did nothing. Edmund Burke was right on.
            Gunga Gin
      • Violating the Constitution isn't illegal?

        That's the contention. Not sure how you missed that.
      • Its the NSA not GSA

        The us was full right to protect their nation within its own borderd.

        The problem is that they did not stay within their own borders.
        Snowden did the right thing by making sure tha those illegal actions were known
        To the world and warned the world and its citizens of the wrong doings of your
        Government. Calling him a traitor is fine because that only shows us how truly
        Easy Americans truly are brainwashed by their government.

        Acting like you own earth and have the right to do anything you want.
        And on top of thst you are totally clueless because you will give up all your freedom
        In the name of national security hence thats what the N stands for not Global.

        911 turned you into sheep that will place security above everything that your fore father's fought for to gain independence and freedom. Your land of the free is now s police state
        And the ironic thing is it was by your own free will ;)
        • PS

          Snowden didn't undermine the fabric of the Internet NSA did !
        • Actually...

          NSA is restricted by law to foreign intelligence gathering only, which is one of the sources of controversy. And the US Constitution specifically prohibits unreasonable searches and seizures, which has been understood for over two centuries to include general searches. General searches were widely used British colonial authorities in the 18th century to catch smugglers and greatly resented by American colonists in the years before the Revolutionary War, which is why the search restriction language was written into the Constitution in the first place. Prism looked a lot like a general search to many of us and the potential for abuse (intended or not) was rather obvious.

          My position regarding Edward Snowden is highly ambiguous, as those who have read my posts regarding the Snowden affair many or may not have inferred. He doesn't legally qualify as a traitor and I don't think he does so even morally; nor do I think he qualifies as a spy. But what he did appears to be illegal and should be, as it's impossible for any government to conduct effective intelligence gathering without a large amount of secrecy; and the world is far to dangerous a place to shut down our intelligence agencies. His disclosures promoted a badly needed debate and exposed practices that appear to be potentially abusive, if not downright illegal, no matter how well intentioned they might be. They also injected a healthy amount of mistrust into the widely touted system of "cloud computing". which I also think was a good thing. But the disclosures also stirred up a great deal of nonsense about impending totalitarianism from people who look for any excuse to discredit the US and delegitimize liberal democracy generally.

          I can't answer the question of whether he did the right thing, as I don't have enough data. My own first impulse would have been to go first to a member of Congress I trusted with the appropriate clearances. Given that he did it, I think he should have stayed in Hawaii, hired a lawyer and dared the US Attorney to prosecute him with everybody looking on (which is when officials tend to be on their best behavior). Under the circumstances, a jury might have even acquitted him. But we'll probably never find out, since he ran away and will probably never set foot in the US again. To that extent, having to live as the temporary guest of Vladimir Putin (subject to deportation at any time) is not how I'd want to live, but that's what he's chosen, so he'll have to live with it.

          In short, I consider him neither hero or villain; but something in the middle. He probably meant well, but I think his judgment was suspect and his courage more so.
          John L. Ries
          • Choosing Russia

            He did not choose Russia. He was turned away by several other countries, notably and to their shame Germany. The US broke laws to try and capture him and read about Binney if you really think he could have had a fair hearing, something he can't even get on a blog.
            Gunga Gin
          • He chose to leave the country

            Russia is what he's stuck with, unless he decides to risk jail by going home.
            John L. Ries