The London Sunday Times reports that Britain and the US have pulled agents out of China and Russia because information contained in encrypted files stolen by Edward Snowden have been decrypted.
“”His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted,” a source told the Sunday Times.
What can we understand from this disclosure?
Here are a few thoughts:
There is little doubt that the damage caused by Edward Snowden’s disclosure of highly classified information has been immensely damaging to US and British intelligence gathering, setting aside the latest allegation. Techniques of modern spying have been extensively exposed making intelligence gathering much more difficult if not impossible in some cases. The bottom line is that Snowden caused harm to the national security of both countries and also to the friends and allies of the US and Britain.
Snowden’s access to such a wide range of sensitive intelligence while he worked as a contractor to the US government makes clear that most of the standard rules of protecting classified information were not followed and that this sloppiness and poor administration made possible the bulk of Snowden’s criminal activity. Above all, compartmentalization of classified information, essential to minimize an insider threat, was not properly implemented.
If government files contain the names of spies and agents then our intelligence collection system is badly broken (notwithstanding Snowden), since putting this information into accessible files revealing sources and methods is an incredible systemic blunder.
The idea that a contractor would have access to files containing lists of agents and spies is unimaginable. It is impossible to be sure that it truly happened, but the statements by highly placed “sources” that this occurred is truly frightening. By now anyone connected with assisting Western intelligence has to be on the run.
Cracking encryption codes takes super computers and a lot of effort especially if files are encrypted with large key sizes and use advanced secret encryption algorithms. The chance of breaking such code is very small even if a potential adversary has unlimited resources to go against the problem.
A related possibility is that key materials were handed over by Snowden or by others to the Russians, Chinese or both. This is what happened in the John Anthony Walker, Jr.case. He was a United States Navy Chief Warrant Officer and communications specialist convicted of spying for the Soviet Union from 1968 to 1985. Walker gave the Russians key material enabling them to descramble US Navy coded messages. Walker exposed a lot of sensitive information because many State Department and DOD messages were passed on through to the Navy and hence were exposed.
There is also the possibility, not to be discounted, that no such compromise of encrypted information has happened but that the story has been leaked to cover up other spying operations that may have been compromised. The evidence? It seems a little far fetched that the government would keep any list of its spies and agents in one place, or even put such information into digital files in the first place. But if there was a mole in one of the spy agencies, the mole could have got this information. Saying it was Snowden’s fault could have been a motive on either side of the fence: that is, it could have been the Russians or Chinese putting out a false story to hide their mole or moles; it could have been the British or U.S. intelligence putting out a story to cover revealing an inside threat they have fingered. At the moment the best that can be said is that there is a state of alarm in US and British intelligence and they are deeply concerned about their assets (agents) being rolled up by the Chinese and/or Russians.
Finally there is the possibility that the reports about pulling agents out of harms way are false and that all of this is an attempt to do more damage to Snowden. I don’t believe this to be the case, however, because putting out an alarm of this kind would automatically damage all the secret relationships the intelligence community has with its operatives.
If encrypted files were compromised then it is vital to find out how. There are a number of serious cryptographers in the United States and the UK who need to be brought in to determine whether US and UK secret encryption is properly implemented. It would be an error to rely solely on the suppliers of encryption materials or in-house experts. An objective evaluation is an urgent task.
While we should assume that the glaring mistakes of managing secret intelligence have already been fixed, procedures and methods need another look by qualified experts who are independent and objective. It is frightening to think that our national security is still at risk.