POSTED: 6:35 p.m. HST, Feb 13, 2014
LAST UPDATED: 6:53 p.m. HST, Feb 13, 2014
WASHINGTON » The National Security Agency has told Congress that it forced out a civilian employee after a lengthy investigation to "assign accountability" for the disclosure of intelligence secrets by Edward J. Snowden, one of its former contractors.
Two others — identified only as an active-duty military member and another contractor — were "removed from access to NSA information" and facilities last August. But because neither worked directly for the NSA, the agency told the House Judiciary Committee in a letter, any further action would have to be determined by their employers.
The letter, first reported by NBC News, was intended to answer congressional queries about who, beyond Snowden himself, would be held accountable for the security lapses that led to his disclosures. The answer appeared to suggest that no senior officials of the NSA or its oversight organization, the office of the director of national intelligence, would be disciplined or fired for what officials have called the largest and most damaging disclosure of classified material in American history.
The director of the NSA, Gen. Keith B. Alexander, is retiring next month after serving far longer than his predecessors. The director of national intelligence, James R. Clapper Jr., who has also been a focus of criticism for failing to police the speed at which security upgrades have been conducted throughout the intelligence community, remains in office.
Both men and their wives were guests at the state dinner Tuesday night for French President Fran?ois Hollande, which was widely interpreted as an indication they remained in good stead at the White House.
The NSA letter was written by the director of the agency's legislative affairs office, Ethan L. Bauman, and provided the first public account of howSnowden obtained access to materials for which his own passwords would not give him access.
It said that an "NSA civilian" — reported to be Snowden's supervisor, although the letter did not say that — gave the 29-year-old contractor his Public Key Infrastructure certificate to gain access to documents on NSA Net, the intelligence agency's intranet.
Vanee M. Vines, an agency spokeswoman, declined to identify the employee who resigned or to say if he or she had supervised Snowden. The employee presumably was a colleague at the NSA facility in Hawaii where Snowden worked. It was not clear if the contractor and the member of the military mentioned in the letter also worked there.
A Public Key Infrastructure certificate is a first step in enabling access to a restricted computer system. But gaining access also requires passwords, and the letter from the NSA alleged that Snowden used digital deception to obtain the password; the civilian NSA employee entered his password onSnowden's computer, not realizing that "Mr. Snowden was able to capture the password, allowing him even greater access to classified information."
In past interviews, Snowden has denied that he stole the passwords of colleagues to gain access to any material in the NSA's systems.
The New York Times reported Sunday, and Clapper later confirmed to Congress, that Snowden released a web crawler inside the NSA's computer systems once he had gained access. That crawler, which automatically indexes the NSA Net and could copy any documents in its path, would essentially use the passwords that Snowden held, legitimately or illegitimately.
Snowden later copied files delivered by the crawler to an external storage device, like a thumb drive or hard disk drive, before leaving his NSA job last April and heading to Hong Kong. He is now living in Moscow.
The letter to the committee suggested that the NSA has understood how Snowden obtained passwords since June 18, when "the NSA civilian admitted to FBI special agents that he allowed Mr. Snowden" to use his credentials.
The NSA said that it "initially suspended the civilian's access to NSA sensitive compartmented information" and revoked his security clearances in November. The civilian resigned Jan. 10.
How Snowden gained access to documents for which his passwords would not give him clearance is a secondary issue to two questions reverberating around the intelligence agencies and the Justice Department: Exactly how much material did he take with him when he left Hawaii, and did he have the help of a foreign intelligence service?
On the first question, intelligence officials have estimated that he "accessed" 1.7 million documents, or more. But it is unclear how many of those he downloaded onto some kind of removable media and took with him or placed in the Internet cloud.
Snowden's advocates have said that the amount he took has been exaggerated by Alexander, Clapper and other officials, as part of an effort to paint him as a traitor rather than a whistle-blower.
Glenn Greenwald, an advocacy journalist who received much of the Snowden trove, sent out a Twitter message Thursday about the NSA report to Congress, commenting sarcastically that "there's no reason to be the slightest bit skeptical about a memo prepared by the NSA about Snowden & intended for public release #USMedia."
The report's finding that an NSA civilian employee bore at least some responsibility will complicate the argument that the origin of the leak was an overreliance on contractors by the agency.
Sen. Dianne Feinstein, D-Calif., who heads the Senate Intelligence Committee, suggested last summer that there should be legislation severely restricting the access that contractors have to the intelligence agency systems; that effort failed after intelligence officials explained how deeply they depend on outsiders to design and operate those systems.
Booz Allen Hamilton, where Snowden worked in his final job in Hawaii, has designed key elements of the NSA networks.