We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

Q&A: Former NSA Deputy Director John C. Inglis

The NSA’s deputy director at the time of the Snowden leaks argues that it makes sense for the agency to simultaneously aim to compromise and improve online security.

The Snowden documents leak continues to affect U.S. policy and international relations.

More than a year after ex-National Security Agency contractor Edward Snowden began leaking details of the agency’s electronic surveillance programs, questions remain about how he accessed so many documents, and about the technology they described. At the Black Hat computer security conference in Las Vegas last week, Rachel Marsden put some of those questions to John C. Inglis, who retired as deputy director of the NSA in January. Since June, Inglis has been a strategic advisor to Securonix, a Los Angeles company that sells software to help companies detect unauthorized actions by their employees.

John C. Inglis
Former NSA Deputy Director John C. Inglis

Edward Snowden has been described by NSA officials as an administrative employee, working for an outside contractor. Yet he was able to access to all kinds of top-secret classified information. How did this happen?

Snowden was a system administrator, so by design he had more privileges. Does that expose a weakness in the system? In hindsight, Snowden went far beyond where we would have expected him to go. The challenge is how do you extend trust to individuals that you’ve gone to great time and trouble to find, vet, and develop confidence in, and allow them to exercise ingenuity, innovation, and creativity? We need to up our game without crushing the 99.9 percent of people who have operated faithfully. We need to focus on behaviors—on the access to data in real time, instead of on defending perimeters, operating systems, or artifacts. You’re looking for a change in behavior that is an anomaly and warrants close examination.

Given what you know about the technological capabilities of other intelligence services, what is the possibility they accessed the full, unredacted collection of documents Snowden had without his knowledge?

I’d say it’s high. He’s a smart fellow. He knows something about security and encryption. But what we have determined over 70 years of cryptologic history is that single minds never prevail against a diverse set of minds. The idea that a single person could secure information against the dedicated efforts of intelligence services that are quite capable is asking a lot. There’s some amount of hubris in that.

How do you respond to Snowden saying that there is no provision for an NSA contractor to whistleblow?

There is law and policy that allows contractors to exercise whistleblower provisions. The record shows he didn’t attempt to do any of that. He could have privately sent a letter to congressional representatives, senators, the press. He said he complained around April 2013 in writing. It wasn’t a complaint, it was a straightforward question about something he had learned in a course. He received an answer that day from an NSA lawyer. This was four months after, by his own admission, he was already sharing information with reporters. I don’t see how that constitutes an attempt to be a whistleblower.

How does the NSA reconcile its dual missions of signals intelligence (finding ways to gather private data) and information assurance (finding ways to protect U.S data)? For example, the agency has been accused of pushing the flawed Dual_EC_DRBG encryption standard (see “NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds”).

The bias must be defense. And if we were to pull the information assurance mission away from the signals intelligence mission, I’m confident that you will find a dumbing down of the insights that the information assurance guys had about the true nature of the vulnerabilities in cyberspace. They would be cut off from those who discover those vulnerabilities. The vast preponderance of things that NSA discovers are pushed for purposes of defense to those who defend these systems.

Could technology be used to make mass surveillance programs more respectful of privacy? Former NSA cryptographer William Binney says that he helped build a system with such safeguards but that it was rejected by the agency’s leaders.

It would be foolhardy for NSA to reject technology that would at once help us pursue national security and defend privacy and civil liberties. I know it ultimately didn’t pass muster. There is incidental collection, as there are two sides to every communication in the world, but you’re bound by law and policy to treat innocents as innocent until you have compelling information to treat them otherwise. If you asked [NSA employees] how they compromise between privacy and national security, they would say that the question is flawed because they’re expected to do both.

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.