It's kind of staggering that a contractor like Snowden had access to information like this. What possible reason could someone at his level have for looking this up?
Thats what happens when you outsource your administrators.
If i remember correctly the CIA made a hosting deal with Amazon.
So every high level Amazon administrator can access highly classified informations.
And for Snowden he saw the black hole and everything they are planning he must have seen some very scary stuff, hopefully he wont be the guy in jail or death with a mark on his head "Told you so." and we did not act.
There is no difference in the amount of scrutiny given to contractors' background checks vs. government employees.
Take for example the fact that all weapons used in the military are designed and built by private contractors. Would you say it's a risk to allow contractors to have full access to weapons data when they are the ones that design and build it?
You know I keep hearing this myth. As if a real employee/agent could never leak information. TS/SCI clearance is the same for everyone. Cleared is cleared.
No it's not. All classified material is provided on a "Need to Know" basis. You can't just have a clearance and get access to every classified document out there, that's ridiculous.
Just to expounded. Once you get passed Secret almost everything is compartmentalized.
To speak to the Snowden leaks, in there entirety they now are clearly, far outside the scope of any single user, unless that user was a multi-department head or higher. It is more likely that the leaks are from multiple users now. The story posted yesterday about the access level of the information lends this theory some credibility, although none to the means of access.
>> Thats what happens when you outsource your administrators.
Wait, I understand that he was a contractor. But wasn't he previously an NSA employee too. So he basically stayed in the same chair, but just got a bigger pay check. Revolving door and all that. I wouldn't go so far as to call it outsourced, his work was still 'in-house'.
Amazon will be developing it, and probably managing it, but it is not part of the primary Amazon infrastructure so outside of those contracted to work specifically on the CIA system, Amazon employees shouldn't have access.
Regarding Amazon, I highly doubt that. As an Amazon employee, I know that only staff administrators with government clearance/certification can access AWS-GovCloud systems for maintenance. And the auditing of maintenance is pretty intense too.
It is a pretty good indicator of effectiveness of the clearance process, in my mind. I'd hate to be the person that signed off on granting Snowden's clearance.
It was a total failure of the 'compartmentalization' mode of thought, probably by Snowden's own design. He had the somewhat unique authorization to take files off-facility on a thumb drive, then used other clearance-level user information to pull 'juicy to leak' intel.
He was also a sysadmin, so... Quis custodiet ipsos custodes? if you're in charge of user authorities, you're probably in a pretty good position to get into stuff you shouldn't.
I like the quote NBC News [1] used from their 'former intelligence official' :
The real issue is why did they have human L/P access on their PKI system. Usually unclass systems require PKI regardless of L/P. Even the DOD contracting system requires both.
And if they did not have L/P then the issue is far more concerning in that PKI was compromised.
