Encryption Would Have Stopped Snowden From Using Secrets

Edward Snowden could have been thwarted from leaking classified U.S. documents if the National Security Agency encrypted the information to make it unreadable, two former senior cybersecurity officials said.

Snowden would have needed a digital key to decipher the secrets after gaining access to them if the data was scrambled, Ira Gus Hunt, former chief technology officer for the Central Intelligence Agency, and Howard Schmidt, a former U.S. cybersecurity coordinator, said in interviews yesterday at a conference in San Francisco.

Snowden, a systems administrator working for NSA contractor Booz Allen Hamilton Holding Corp. (BAH), probably would have been exposed if hed tried to get decryption keys, they said.

We have to get to the point where the data itself, independent from the systems, is appropriately protected everywhere all the time, said Hunt, who left the CIA in October and is on the advisory board at eSentire Inc., a Cambridge, Ontario-based security software company.

My goal would be that all data is encrypted everywhere all the time. The only way data can move in the system, at rest or in transit, is in an encrypted form.

The documents Snowden obtained and leaked to the Washington Post and the U.K.s Guardian newspaper exposed secret NSA programs, including the collection of billions of bulk phone records from Verizon Communications Inc. (VZ) and other carriers and the hacking of fiber-optic cables abroad to steal e-mail and Internet data from Google Inc. (GOOG) and Yahoo! Inc. (YHOO) U.S. prosecutors last year filed theft and espionage charges against Snowden, who has since been living in Russia under temporary asylum.

Google, Yahoo and Facebook Inc. (FB), among other companies, have since strengthened encryption on data flowing through their networks and made their digital keys more complex. Encryption uses a mathematical code to scramble data.

Vanee Vines, an NSA spokeswoman, declined to comment. Outgoing NSA Director Keith Alexander, in testimony yesterday to the U.S. Senates armed services committee, said the agency has made 40 changes in its systems, developed better insider-threat detection capability and conducted more random security checks.

A NSA civilian employee allowed Snowden to use his encrypted digital certificate to access classified information, according to a Feb. 10 letter the NSA sent to the House Judiciary Committee. The employee resigned, according to the letter.

Snowden encrypted the data after he stole it. The documents he exposed revealed the NSA has tried to weaken common encryption standards and is developing a computer capable of breaking encrypted data.

Read more:
Encryption Would Have Stopped Snowden From Using Secrets