Former NSA leakers: We told you so

Snowden's leaks show the massive data collection that other leakers have been warning about, they say

Recent leaks about surveillance programs at the U.S. National Security Agency show an agency with little regard for the U.S. Constitution and laws on the books, two past NSA leakers said Wednesday.

Leaks by former NSA contractor Edward Snowden published early this month give more evidence of widespread privacy violations at the NSA, said former NSA employee Thomas Drake. "We need to confront the reality that we have a secret government that's not operating in our best interests," Drake said at the Computers, Freedom and Privacy Conference in Washington, D.C. "What's at stake is the very essence of what it not only means to be an American, but also what it means to be a citizen."

Drake and former NSA employee William Binney said Snowden's leaks confirmed many of their past warnings about the NSA's growing surveillance efforts in recent decades. Following the 9/11 terrorist attacks on the U.S., officials at the agency and President George Bush's administration chose to disregard the U.S. Constitution and laws against surveillance of U.S. residents and allow the agency to sweep in their communications, said Drake, who was indicted on 10 felony counts that were later dropped.

After 9/11, Drake said he witnessed the "United States government, in the deepest of secrecy, unchaining itself from the Constitution."

The NSA and Bush administration "revoked" the Constitution's Fourth Amendment, giving U.S. residents freedom from unreasonable searches, and "violated the legal regime" against domestic spying that the NSA had operated under since the late 1970s, he added.

An NSA spokeswoman disputed assertions that the agency is violating civil liberties.

"Without a doubt, one of the biggest misconceptions about NSA is that we are unlawfully listening in on, or reading e-mails of, U.S. citizens," spokeswoman Vanee' Vines said in an email. "This is simply not the case. NSA is unwavering in its respect for U.S. laws and Americans' civil liberties. What's more, our compliance processes are a part of a broader oversight structure in which all three branches of government play a key role."

Binney said he believes that the NSA is not recording most phone calls because it would be too cumbersome, with 10 billion to 12 billion phone calls made each day worldwide. But the former technical leader for intelligence at the NSA estimated that the agency actively wiretaps 500,000 to 1 million people worldwide.

There are no strong checks on the NSA's collection power, Binney said. "There's no privacy at all," he said.

The NSA's collection of phone records and metadata is still a privacy violation, even though the agency says it's not connecting names to the data, said James Bamford, an author of five books on the NSA. "The [phone] number is the name," he said.

The danger of the mass collection of data by the NSA is that it "buries" analysts in data, said Binney, who developed a surveillance program called ThinThread intended to allow the NSA to look at data but not collect it. The NSA dumped that program in favor of more extensive data collection.

"The biggest problem was getting data to a manageable level," he said. "We didn't have enough people, we couldn't hire enough people east of the Mississippi to manage all the data we were getting. The idea of collecting too much data is as bad as not being able to collect enough."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags James BamfordtelecommunicationVanee’ VinessecurityEdward SnowdenU.S. National Security AgencygovernmentThomas DrakeWilliam Binneyinternetprivacy

More about BushDrakeIDGNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place