Edward Snowden: Humorous & Shocking Findings from the [Partially Redacted] House “HPSCI” Report

Conspiracy

The House Permanent Select Committee on Intelligence (HPSCI) released in December 2016 a partially-redacted copy of its September 15, 2016 report on its, “Review of the Unauthorized Disclosures of Former National Security Agency Contractor Edward Snowden” (“House Report”).

The House Report describes Snowden in the same tenor and tone that the Warren Report described Lee Harvey Oswald: loner, complainer, and general loser.  Yet the House Report, like the Warren Report, also took to task various government agencies for their failures at the hands of the aforedescribed loser.  This uncomfortable balance between ridiculing Snowden yet chiding the spy agencies which he fooled comes across as a tad whiny.  The House Report reveals glaring NSA computer system vulnerabilities which, if this were the FTC investigating private companies, would result in severe sanctions (see here).

The report is here.  It is 38-pages however about one third of it is redacted.

Some curiosities found in the House Report:

  • Snowden’s “broken legs” story as to why he left Army basic training was untrue — he had shin splints.
  • Snowden did not have a GED as he claimed.
  • He “modified CIA’s performance review software in connection with his annual performance review, by manipulating the font.”  No further explanation was provided.
  • There is a security database shared amongst the intelligence community to verify clearance called “Shared Castles” (bravo whoever came up with that name).  You can read up on security clearance, and Shared Castles, here.  Interestingly, Google-searches for “Shared Castles government database” yields remarkably little information.
  • When switching jobs between the CIA and the NSA, the NSA checked the Shared Castles database right away before the CIA (later) updated Snowden’s profile with negative details about Snowden’s CIA performance.  Oops.
  • Snowden allegedly crashed an NSA server with a (Microsoft?) patch.  Oops.
  • Snowden used scraping programs, wget and DownThemAll! inside the NSA system to download 1.5 million documents.  Frightening.
  • NSA allowed its personnel and contractors “who lack a work reason to use removable media” like USB drives.  Frightening.
  • “When he fled Hong Kong, Snowden left a number of encrypted computer hard drives behind.”
  • Snowden called himself “Cincinnatus” when he contacted reporter Glenn Greenwald.  Lucius Quinctius Cincinnatus was a “legendary figure of… Roman manliness and civic virtue.”  You can read about him here.  Surprisingly, the House Report desisted from explaining the origin of Snowden’s handle and further intimating, as the House Report authors liked to do, that Snowden is a bit of a douche.
  • Snowden failed the standardized NSA test on FISA Section 702, the government’s legal basis for spying.  Yet this was the focus of his disclosures.
  • “It is likely Snowden does not know the full contents of all 1.5 million documents he removed.”  This charge was uncited and not supported by further information.
  • Snowden picked his documents from two classified sources — NSANet (seriously?) and the much cooler named Joint Warfighter Information Computer System (JWICS).
  • Years later, the NSA has not implemented several of the (fairly basic) security protocols it said it would.
Data Breach
Christopher Hopkins to Speak on “Cybersecurity & Data Breach Risks in 2022” at the Florida Creditors Bar Association

Special thanks to the Florida Creditors Bar Association for inviting me to speak at their annual conference in Orlando this year. We discussed spear phishing, business email compromise, and man-in-the-middle attacks as well as ethics issues and practical steps how to protect lawyers and law firms from these risks. For …

E-discovery
Privacy Guide for Your Apple iOS 15 Devices

Take 5 minutes to run through the settings on your iOS 15 (iPhone and iPad) security settings to ensure you are not leaking data. This article, originally published in the Palm Beach Bar Association Bulletin, explains the steps in a single page article so you can protect your devices and …

Data Breach
Dangers of the Dark Web (Law Firm Leaders Summit 2021)

Is your data on the dark web? How about your usernames and passwords? Likely. At the Law Firm Leaders Summit this week in Orlando, I had the opportunity to discuss the dark web; three ways people get hacked; and how to find your information on the dark web. Thanks for …