Jack Goldsmith at Lawfare asks a good question:
How is the NSA Director Alexander’s claim that “we can audit the actions of our people 100%” (thus providing an important check against abuse) consistent with (a) stories long after Snowden’s initial revelations that the White House does not “know with certainty” what information Snowden pilfered, (b) reported NSA uncertainty weeks after the initial disclosure about what Snowden stole, (c) Alexander’s own assertion (in June) that NSA was “now putting in place actions that would give us the ability to track our system administrators”?
One part of the question is easy to answer: things that NSA does in June to track systems administrators don't tell us much about what Snowden stole in January. The harder question is how to square NSA's claims of strict privacy protection with its lack of insight into what Snowden stole. I don't know the answer for sure, but I've got a good guess: Because NSA does a better job of protecting Americans' private data than it does protecting its sources and methods.
Take a close look at slide 7 of the latest leaked powerpoints.
It shows a sample search for a particular email address, including a box for "justification." The sample justification ("ct target in n africa") provides both the foreign intelligence reason for surveillance and the location of the target. What's more, the system routinely calls for "additional justification." All this tends to confirm NSA's testimony that database searches must be justified and are subject to audits to prevent privacy abuses.
How does this square with Snowden's famous claim to Glenn Greenwald that he could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email"? Snowden and Greenwald have an agenda, of course, and the claim has been widely questioned. Greenwald's latest article is an attempt to bolster the claim by offering evidence of NSA's capabilities where individuals are concerned. Greenwald grudgingly acknowledges, as he must, that "searches conducted by NSA analysts are periodically reviewed by their supervisors within the NSA." But, citing Snowden, he claims that the safeguards aren't that good:
"It's very rare to be questioned on our searches," Snowden told the Guardian in June, "and even when we are, it's usually along the lines of: 'let's bulk up the justification'."
But why are we being asked to accept Snowden's word on that? For that matter why are Snowden and Greenwald relying on indirect evidence to support their "wiretap anyone" claim? After all, Snowden joined NSA to steal its data and reveal what he considered abuses. If he wanted the world to know how easy it is for an NSA employee to wiretap anyone from accountants to the President, why didn't he just do it? He could have put the results on one of his thumb drives along with the other Top Secret data and walked out of the building.
I suspect he didn't do it because he knew that the systems that protect against such activity are a lot more carefully monitored than the systems from which he was stealing other classified data. So maybe he could have done it, but only once and only at great risk of being caught. If that's what he means by being able to wiretap anyone, well, hell, he could have murdered anyone, too.
So, Jack Goldsmith, I think that's your answer. It can easily be true both that NSA heavily safeguards its wiretapping databases and that NSA does not know exactly what data Snowden stole. That would be the logical outcome if NSA placed a higher value on preventing abuses of its wiretapping tools than on preventing theft of classified data.
And why would NSA do that? Simple. Bureaucracies do more of what they're rewarded for and less of what they're punished for. So if NSA has been punished more severely for privacy violations than for security violations, it will put a priority on avoiding privacy violations. And that's exactly what's happened. The deluge of overlapping and politically charged oversight triggered by a misuse of NSA's wiretapping tools is far more painful to NSA than a counterintelligence investigation of leaked secrets.
Which brings me around to a point I've made in testimony (here and here). Contrary to the critics, existing oversight mechanisms -- from the FISA court to the Justice Department and the inspectors general -- are having a big impact on NSA's behavior. Arguably, existing oversight mechanisms have already led NSA to protect privacy better than it protects national security. Adding more oversight, as Congress seems inclined to do, will shift NSA's priorities further in the same direction. At some point, I fear, that will lead to a serious national security failure.