Copyright ©2013 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

STEVE INSKEEP, HOST:

Okay. Let's learn some more here. Officials tell NPR they understand how Edward Snowden got his hands on the documents he subsequently leaked. Here's NPR's Tom Gjelten.

TOM GJELTEN, BYLINE: The Snowden disclosures just keep coming. Almost every week some newspaper publishes some new detail about the NSA's surveillance programs or the agency's relations with the court that oversees its activities. It may seem no one knows where this will end, but the NSA's chief information officer, Lonny Anderson, says investigators have Snowden's leaks mostly figured out.

LONNY ANDERSON: We have an extremely good idea of exactly what data he got access to and how exactly he got access to it.

GJELTEN: In interviews with NPR, two government officials share that part of the Snowden story in one of the most detailed discussions of the case to date. They say the documents that Snowden leaked, the memoranda, the PowerPoint slides, the reports, were all stored on a part of the NSA's internal website. The documents were put there so NSA analysts could read them online and discuss them. Anyone with the right top secret clearance could visit that page and read the documents.

One lesson of 9/11 was that when secret information is shared, analysts are better able to connect the dots. As a systems administrator, Snowden actually had the responsibility to go to that intranet page and move especially sensitive documents to a more secure location. It was the perfect cover for someone who wanted to leak the documents. Because of Snowden's leaks, says the NSA's Lonny Anderson, that document sharing site has changed.

ANDERSON: Someone today could get access to that intranet because it still exists. Could someone today do what he did? No.

GJELTEN: Officials tell NPR Snowden was actually observed accessing secret documents, but the assumption was he was just doing his job. We now know he was taking the documents for his own purposes, even a top secret surveillance court opinion. Lonny Anderson.

ANDERSON: Then you go back to who put the opinion there. He didn't put the opinion there. He just took advantage of the fact the opinion was there.

GJELTEN: The officials interviewed by NPR won't say how Snowden was able to take the NSA documents out of his workplace. That question is part of an ongoing investigation. As of last June, when Snowden's leaks came out, some NSA computers were equipped with USB ports where thumb drives could be used.

As the agency's chief technologist, Lonny Anderson says NSA security officers have now limited the options employees have for storing data on their own, thumb drives included.

ANDERSON: One thing we have done post-media leaks, if you will, is lock those down hard so that those are all in two-person control areas.

GJELTEN: Anderson says the NSA now intends to make it impossible for people like Snowden to work completely on their own. Going forward, Anderson says, the ability to move anonymously on NSA networks will be gone.

ANDERSON: If you've got privileged access to our network like a systems administrator, if you're being given a privilege that very few people have, you're not going to do anything alone.

GJELTEN: The NSA will now be tagging data with identifiers. This means people the agency leadership decide don't need to see a document won't be able to see it. And those who do see it will have their handling of that document monitored and recorded. Joel Brenner, a former NSA inspector general, says one lesson of the Snowden episode is that the agency apparently had trouble keeping two important ideas in mind at the same time.

JOEL BRENNER: One of those important ideas was, and is, that we've to do a really good job at sharing information, at disseminating it to people who really need to know it, and doing it fast. The other really important idea is that a lot of this information, if it gets in the hands of people who ought not have it, hurts us very, very badly. So that information has to be protected.

GJELTEN: With the NSA's new determination to protect information, there should be more security. The danger is that there may be less information sharing. Tom Gjelten, NPR News, Washington.

INSKEEP: You hear Tom's reporting right here on MORNING EDITION from NPR News.

Copyright © 2013 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.