Edward Snowden may not have acted alone, and may have had outside assistance, when he leaked information about the U.S. National Security Agency's data collection and surveillance programs earlier this year.
Snowden's access to information he shouldn't have known existed raises questions about whether he had help in collecting information about NSA programs, Representative Mike Rogers, a Michigan Republican and chairman of House Intelligence Committee, said Thursday.
[ Also on InfoWorld: NSA surveillance court says no limits on phone records collection. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]
Rogers didn't say directly whether he suspects Snowden, a former NSA contractor, had help from inside or outside the agency. Newspaper columnist David Ignatius, moderating a Washington Post Live panel on cybersecurity, asked Rogers if he was saying there was "evidence that Snowden had help from another government."
"I didn't say 'evidence' or 'government,' but that was pretty good," Rogers answered. "As someone who gets to see all of it, it raises concerns that there may have been help in ... his search queries and in some of the security measures he circumvented."
Rogers said he's not surprised other governments are "fanning the flames" of controversy over the NSA programs, even though most other nations have their own unchecked intelligence-gathering services. "This may be the most brilliant espionage operation conducted against the United States in the history of the world," he said. "This is a very dangerous time for us."
Snowden's access to information raises a lot of questions, Rogers said.
"When you look at some of the things he did that may have been a little bit beyond his capabilities, when you look at the kinds of information he queried and the way he queried it on his smash-and-grab and run out the door to the bastions of Internet freedom, China and Russia, there's some things in there that don't quite add up just yet," Rogers said. "We're a little concerned there may have been more to this story than meets the eye."
Snowden, granted political asylum in Russia, is now "in the loving arms" of a Russian intelligence agent, Rogers said.
General Michael Hayden, former director of the NSA and the CIA, suggested there was another explanation for Snowden's access. It appears Snowden was engaged in a "sustained, long-term campaign" to take information from the NSA, with the contractor moving from job to job to gain more access, Hayden said.
Snowden wasn't "suddenly offended by something he came across," Hayden said. Snowden was responsible for pulling data to share among intelligence officers, and the information-sharing culture in U.S. intelligence agencies following the 9/11 terrorist attacks on the U.S. made it easier for someone like Snowden to see more data, he said.
That explanation "isn't inconsistent" with Rogers' concerns about Snowden having help, Hayden added.
Both Rogers and Hayden said Snowden's leaks create serious national security problems for the U.S. There's evidence that the leaks have prompted terrorist organizations to shift their communication strategies to avoid surveillance, Rogers said.
The leaks will lead to a lack of trust in the U.S. government's ability to keep secrets, Hayden added. "Why would anyone, domestic or foreign, be willing to have confidence in the United States to undertake anything that requires any kind of discretion ... in order to go do things that are lawful, appropriate, effective, but edgy?" he said.
Hayden, responding to recent criticisms of the NSA's dual role of surveillance and cybersecurity, defended the agency. The NSA exploits vulnerabilities in communications but determines when there are vulnerabilities that "nobody but us" can take advantage of, he said.
Reported back doors on the Internet that the NSA exploits could be vulnerable to other attacks, one audience member said.
"What do you with a vulnerability?" Hayden said. "Do you patch it, or do you exploit it? If even with the vulnerability, it requires substantial computational power, substantial other attributes, you have to make the judgment, 'who else out there can do this?'
"If there's a vulnerability in here that weakens encryption, but you still need four acres of Cray computers in the basement in order to work it, you kind of think ... 'that's a vulnerability that we are not ethically or legally compelled to try to patch'," he added. "It's one that ethically and legally we could try to exploit in order to keep Americans safe."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.