How many of the thousands of individuals with similar access may have abused their power for nefarious ends?

How many abuses did or did not take place at the National Security Agency over the past decade will probably never be known. I’m not referring to the fact that it is unlikely the public will ever be provided a full audit of the NSA’s activities. The more frightening reality is the NSA itself probably doesn’t even know how many serious abuses may have taken place over past several years.

Case in point is the mere existence of Edward Snowden.

As a contracted system administrator Snowden had vast access. He spent months reading and downloading thousands of highly classified documents that there was no reason he should have been looking at, given his job title. He had time to carefully vet everything he downloaded.

Unlike LOVEINT, which is personal frightening but probably not a top priority for the NSA internal security, what Snowden was doing should have been their number one concern. Snowden’s behavior should have sent off red flags left and right.

If the NSA had effective internal security systems and rigorous checks, there is no way Snowden should have been able to do what he did. Yet Snowden not only was able to operate unnoticed for a long time, but allowed to leave the country with this information. The NSA only found out because Snowden came forward, and even after Snowden came forward the NSA still couldn’t determine the extend of what he took.

Snowden took his actions with the noble goal of informing the public, but how many of the thousands of individuals with similar access may have abused their power for nefarious ends? How many others used this power to settle personal grievances, gather insider information to make gains in the market, blackmail others, or even spy for foreign countries?

The fact that Snowden exists proves the NSA’s internal security had holes big enough to drive a truck through. Even if the NSA does a true audit it may be meaningless because we have clear proof their checks were woefully inadequate.

Some significant abuses could have taken place using the NSA’s vast databases and no one, not even the NSA top brass, may ever find out.

Image by DonkeyHotey under Creative Commons license