[ritchiea]

All of the comments taking umbrage that the article isn't celebrating Snowden's character are missing the point. While it is entirely possible that he was qualified or even overqualified for the position he had at Booz Allen Hamilton, nothing in his resume suggests that which raises the question who else has access to sensitive data and secrets? The answer could be that Snowden was an exceptional individual and that's how he got to where he was, but it could also be that the government is terrible at hiring and granting security clearance and there are a lot of terrible individuals with access to secrets & sensitive data and Snowden just happened to be a standout.

[known_unknowns]

The security clearance process basically looks for reasonable, honest Americans free of foreign influence.

If government actors are abusing their power to such an extent that reasonable, honest Americans free of foreign influence feel morally obligated to blow the whistle, then there are going to be more leaks.

It's not a flaw in the system; It's a safeguard against corruption and abuse of the system.

[sliverstorm]

That's not what is being discussed here. What is being discussed is the leaker doesn't appear to be a standout individual. He isn't the top of his field. He doesn't have numerous advanced degrees. So on and so forth. He is "garden variety". So, given that, if a "garden variety employee" can get access to all this data, just how many ordinary Joes have access to it? The more people, particularly those low on the totem pole, the more opportunity for leaks to the wrong people.

[cstross]

* The security clearance process basically looks for reasonable, honest Americans free of foreign influence.*

That might be enough for domestic intelligence, but it's really shooting yourself in the foot if you apply "free of foreign influence" to overseas intelligence operatives. (Because you'll never be able to recruit anyone whose exposure to the target culture is significantly deeper than a semester attending a foreign university ...)

[darkarmani]

> The security clearance process basically looks for reasonable, honest Americans free of foreign influence.

ie: not gay and without financial debt

[mpyne]

As I understand it security clearance screening is done by blacklisting, not whitelisting.

That's what would make sense for a nation with due process, but it does lead to increased risk of leaks from people with no obvious red flags that come up during the background check or in-person interviews.

[rdl]

Even "better", there are things which are highly correlated with "likely to be a security problem" which are NOT allowed to be included, or which get adjudicated away.

Generally IMO the security clearance process is not up to the task in a world with more than one threat. It worked ok against USSR when we largely could use full spectrum of information AND could assume most people without black marks were anti-USSR (due to existential threat from nuclear weapons and essentially an undeclared state of war).

Doesn't work so well now when 1) IC really had no mission in the 1990s and 2) IC today is grossly oversized and overresourced for the anti-Islamism mission. The "anti-China, anti-Russia" stuff is much more like a real peacetime intelligence service, i.e. the <<500 people we had before WW2.

[mpyne]

Yeah, though I can't give specifics we had an admin issue where I worked that got briefed to the level of a "Presidental appointee confirmed by the Senate" that was related to screening requirements (or rather, the lack thereof).

[rdl]

I'm assuming both criminal/terrorist organizations (well, and hacker groups, etc.) and tech startups actually surpass USG for a lot of personnel screening, mainly because they're small. If you only hire people you've personally known for a long time, that goes a long way. Hiring 20 trusted people is a lot easier than hiring 20k.

(Obviously USG does a better job in certain areas; generally I'd say most military facilities do a decent job on most physical security.)

[coopdog]

There are different levels. Up to a point they take everything you declare as true in conjunction with some basic checks. At the highest levels they assume everything you say is false, until investigated and proven true.

I still think the article makes a good point though, you just don't know who the hell has access to your data unless you keep it on your own servers or host the data in a country with extremely transparent privacy and law enforcement governance.