Former NSA contractor Edward J. Snowden, currently on the run, has set a precedent which may hamper future whistleblowers in the United States.
Once the now-fugitive leaked details about surveillance on American citizens to the media, Snowden went on the run — moving from Hong Kong to Russia over the weekend — and is expected to attempt to reach Cuba. The U.S. government has revoked his passport and warned other countries not to help the former contractor on his international travels, predictably using political weight to try and bring the whistleblower to heel and back on American soil.
The former Booz Allen Hamilton contractor leaked information about the controversial PRISM data mining scheme to U.K. publication The Guardian, where the story was quickly picked up by media outlets worldwide. Now charged with espionage, theft and conversion of government property, whether or not Snowden manages to board a connecting flight and make it to Ecuador where he has applied for asylum remains to be seen.
There is something ironic about exposing spying in order to be charged with espionage. However, as reported by The New York Times, the situation plunges deeper than including only one individual. Not only has Snowden left an enraged, sleep-deprived government in his wake, but he may be the cause of future headaches for the next generation of IT staff.
The situation between Snowden and the National Security Agency has placed scrutiny on information technology and system administrators worldwide. These IT staff are required to keep systems functional and working smoothly, and so often have unrestricted access to every part of a network.
As 'super users,' system administrators do not always possess relevant security clearance, but are able to access files from a network's root, complete with full privileges.
However, if you have an axe to grind, this responsibility also hands you all the tools and data you need on a plate — something the NSA is determined to stop from happening again.
In a television interview on Sunday, NSA director Gen. Keith B. Alexander acknowledged this issue, and has outlined plans to boost the security of networks containing sensitive information. The agency is soon to institute a "two-man rule" which would stop the institution's 1,000 system administrators from having complete freedom over a system. Instead, a second check will be required before sensitive information is accessed.
Some agencies already have implemented similar systems, which are comparable to a safe that needs two keys to unlock. However, the concept is not just present in cryptography; instead, other industries also use the system as a safety measure. When a plane is repaired, another engineer is required to pass the vehicle — and the nuclear industry also makes use of similar checks. Now it seems security will also be tightening in the digital field. Eric Chiu, president of computer security firm Hytrust, told the publication:
"The scariest threat is the systems administrator. The systems administrator has godlike access to systems they manage."
Software could also be used to monitor staff access, but a good systems administrator is likely to be able to circumvent such checks. In addition, some U.S. officials argue that more thorough employee vetting protocols are the best long-term solution to stop rogue IT members of staff slipping through the net.
However, even with additional security measures being taken, it's unlikely to prevent whistleblowers from eventually reaching their goals. Chris Simkins, the former Justice Department counterespionage lawyer, commented that it is "more difficult than it sounds" to keep confidential information from being leaked.
"At the end of day, there's no way to stop an insider if the insider is intent on doing something wrong. It's all about mitigating."