Share This Page

NSA worker who let Snowden skirt safeguards resigns, memo says

| Thursday, Feb. 13, 2014, 8:03 p.m.

A National Security Agency employee has resigned from his job since admitting to FBI investigators that he allowed Edward Snowden, then an NSA contractor, to use his personal computer credentials to gain access to classified information, according to an agency memo.

The unidentified employee was not aware that Snowden intended to obtain classified material for the purposes of disclosure, said the memo, which was reported by NBC News.

The employee is one of three people who have been under investigation for their unwitting involvement in Snowden's effort to remove the material in what may be the largest breach of classified information in history.

None was accused of collusion, said a senior U.S. official familiar with the investigation. “It's a violation of procedures . . . but no ‘Hey, let's conspire with him to steal information,'  ” said the official, who spoke on condition of anonymity because the investigation is ongoing.

The security clearance of the employee who resigned, a civilian, was revoked in November, and he was notified of a proposal to fire him. He resigned Jan. 10, said the memo, which was addressed to the staff directors of the House Judiciary Committee.

The two other people, a military member and a contractor, had their access to NSA facilities and material revoked in August, the memo said. All worked at a regional NSA facility in Hawaii, where Snowden was a contract employee for Dell and later Booz Allen Hamilton, officials said.

The resignation appears to be the first personnel action to result from the breach. Snowden, who has been granted temporary asylum in Russia, shared large amounts of intelligence with several journalists. Their stories began appearing in June and have stirred national and international debate about the proper scope of NSA surveillance.

According to the memo, written by Ethan Bauman, the NSA's legislative affairs director, the civilian allowed Snowden to use his public key infrastructure (PKI) certificate to gain access to classified information on NSANet, the agency's intranet, “access that he knew had been denied to Mr. Snowden.” PKI is a system of identity credentials designed to prevent unauthorized access to sensitive computer networks.

The memo stated: “Further, at Mr. Snowden's request, the civilian entered his PKI password at Mr. Snowden's computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information.”

Lawmakers expressed concern on Thursday about the security lapses at the agency. “It is unacceptable that the NSA's security protocols and breaches were so easily circumvented,” said Senate Judiciary Committee Chairman Patrick Leahy, D-Vt. “This is the same NSA that asks us to trust that it will keep safe massive amounts of data on innocent Americans, and that we should have faith in its internal policies and procedures.”

He said that “for months, I have been asking who is being held accountable, and while the NSA director has testified that they have taken a number of steps as a result of the leaks, it is clear that more needs to be done to protect our national security and our privacy.”

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.