WASHINGTON ? The NSA director confirmed to Congress today that leaker Edward Snowden had access to a highly sensitive database containing personal information that could be mined to track a target?s thoughts and actions and possibly predict future acts.
U.S. Army General Keith B. Alexander, commander of U.S. Cyber Command and director of the National Security Agency, told the Senate Appropriations Committee that Snowden ?had great skills as an IT (Internet Technology) system administrator.?
Alexander?s explanation came in response to a query by Sen. Dick Durbin, D-Ill., about how Snowden had advanced to trusted access to a treasure trove of secret NSA information. The 29-year-old had dropped out of high school and failed in his military experience, only to end up working for three months as a Booz Allen Hamilton employee in Hawaii under a contract with the NSA.
Alexander confirmed that Snowden, as a system administrator for Booz Allen, had access to ?a wide range of sensitive NSA information.?
Responding to Snowden?s claim that he could wiretap any phone call in the United States, Alexander said that?s false.
?I know of no way to do it,? the NSA chief said.
In defense of NSA surveillance activities, Alexander claimed the NSA data collection has prevented dozens of ?critical? terrorist events.
?We are less secure than we were two weeks ago,? Alexander further claimed, arguing Snowden?s leaks had jeopardized national security.
Snowden has access to PRISM technologies widely used by the federal government in law enforcement to collect, manage and mine macro-databases to track an individual?s personal information with the goal of profiling potential national security risks.
PRISM is an acronym for Personal Record Information System Methodology. PRISM software integrates Personally Identifiable Information, which includes name and address, with data records accessed from other sources. The sources include emails, text messages and telephone conversations.
A Department of Homeland Security document dated June 4, 2009, devoted to a privacy impact assessment for the DHS PRISM system, makes clear DHS was using a commercial off-the-shelf software program to drive the DHS PRISM system used primarily to administer and monitor DHS procurement contracts.
A similar Federal Aviation Administration PRISM system operates to manage and administer FAA outside contracts. The FAA PRISM system is contracted from Compusearch Software Systems Inc.
Similarly, the Department of Defense PRISM software is provided by Compusearch Software Systems Inc. and appears to be dedicated to managing Department of Defense acquisition and grants program.
The common characteristic is that PRISM software is designed to combine personal information with information obtained in various databases. For the FAA and DOD that includes contracting information, project management reports and financial accounting data.
The focus changes once the PRISM application has a law enforcement application.
Targeting ?persons of interest?
U.S. Secret Service PRISM-ID targets national security risks to determine who might be a potential risk to a person, place or event the Secret Service is charged to protect.
The U.S. Secret Service PRISM system appears to mirror the NSA PRISM system in its role of collecting personally identifiable information to protect the president and vice president and foreign heads of state visiting the United States.
A DHS document titled ?Privacy Impact Assessment Update for PRISM-ID,? dated Nov. 10, 2010, describes in detail the U.S. Secret Service PRISIM-ID computer technology.
The personally identifiable information obtained by the Secret Service PRISM-ID system includes the following collected on persons considered to be a potential threat to persons, events and facilities under Secret Service protection:
- Name and/or Alias;
- E-mail Address;
- Date and/or Place of Birth;
- Social Security Number;
- Driver?s License/State ID Number;
- Passport Number;
- Alien Registration Number;
- FBI and/or State Criminal Record Identification Number;
- Prisoner Number;
- Identification Numbers issued by other foreign or domestic government units; and/or
- Case Number.
The purposes for which the Secret Service PRISM-ID system collects the data include:
- Develop threat assessments for protected persons by identifying cases of interest;
- Identify individuals who have previously come to the attention of the Secret Service;
- Identify suspects for investigations in which the subject is unknown;
- Report administrative case information to Secret Service management officials; and
- Report statistical case information to the Department of Homeland Security, Office of Management and Budget, and the U.S. Congress.
The sources of information include official reports, queries of government and public records systems, emails and telephone calls, in-person meetings and information posted on the Internet or developed through investigative efforts.
An international news source reporting on the U.S. Secret Service PRISM-ID system has produced the following graphic to display the range of websites available for PII data collection:
Secret Service access to Internet search engine data permits the creation of subject profiles in which a particular targeted individual expresses interest.
The PRISM system uses sophisticated computer software to combine micro-targeted personally identifiable information with information about the individual obtainable from mining macro-database information. The system can find the activity of a specific individual by scanning macro-databases of all phone calls and Internet postings.
Once the micro-data is mined from the macro-database, a profile can be built of a particular person?s likely attitudes, interests, concerns, goals, ambitions and fears, affording the capability of surmising thoughts and feelings and predicting future actions.
Predictive algorithms are employed to assess whether or not the target is likely to take actions that pose a national security risk.