Article Lead Image

This is how the NSA plans to stop the next PRISM leak

The agency is implementing a "2-person rule" for copying data to portable devices.

 

Tim Sampson

Internet Culture

Posted on Jun 19, 2013   Updated on Jun 1, 2021, 1:08 pm CDT

While continuing to monitor the online secrets of countless Americans, the National Security Agency has announced plans to keep its own secrets more secure. 

While testifying before the House Intelligence Committee Tuesday, NSA Director Keith Alexander told members of Congress that his agency would be implementing a “two-person” security system similar to the one adopted by the military in the aftermath of WikiLeaks. The new protocol is a direct response to the information leak by Edward Snowden, who exposed details of the NSA’s top secret PRISM program for monitoring online communications.

The “two-person rule” would require anyone copying data from a secure NSA network onto removable storage devices to do so with a second person on hand. In theory, this person ensures that whoever is making the copies is not collecting data for unauthorized purposes. 

“Working with the director of national intelligence what we’re doing is working to come up with a two-person rule and oversight for those and ensure we have a way of blocking people from taking information out of our system,” Alexander said according to Forbes.

The agency director told the committee that this new security system is still a work in progress. But several members of the committee were surprised this kind of protocol didn’t already exist, given the number of private contractors outside the agency, like Snowden, who have access to sensitive material. 

Snowden, 29, was a system administrator with the firm Booz Allen Hamilton. He copied thousands of key documents detailing the extent of the PRISM program, including a PowerPoint presentation and a contract between the NSA and Verizon and leaked them to the press before absconding to Hong Kong. Though he is gone, the NSA has nearly a thousand other systems administrators who, like Snowden, mostly work outside of the actual agency. 

Snowden’s story is in many ways similar to the tale of Army Private Bradley Manning, who copied hundreds of thousands of top secret files onto CDs in order to leak them to WikiLeaks. So it should come as no surprise that the government is responding in a similar way. The two-person rule was adopted by the military after Manning’s information dumps.  

Even though it would take just a conspiracy of two to circumvent this system, security experts say that implementation of the two-person rule should help protect government information. But according to John Pescatore, director of emerging security trends at the SANS Institute and a former NSA agent, government agencies have been slow to adopt the two-person rule because of how cumbersome it is to implement. 

Alexander’s comments on improving his agency’s leak security came amid a broader legislative discussion about the NSA’s justification for the heavy-handed campaign of surveillance carried out under PRISM. The NSA chief claimed that more than 50 attacks have been foiled with information gathered from NSA surveillance programs. But when asked by Representative Jim Himes (D-Conn.) if this information was essential to upending these plots, Alexander did not respond.

Illustration by Jason Reed

Share this article
*First Published: Jun 19, 2013, 4:22 pm CDT