> The disclosure undermines the Obama administration's assurances to Congress and the public that the NSA surveillance programs can't be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA's own tripwires and internal burglar alarms, how many other employees or contractors could do the same?<p>This is the take-home message.<p>The steady stream of security breaches and information leaks in recent years has taught us that the only way to guarantee information does not fall into the wrong hands is not to record the information in the first instance.
This hopefully puts everything into perspective for people who are all-in on NSA spying. Even if you believe it's a good thing that the government can view everyone's communications, surely this makes it clear that if the information exists somewhere, someone besides the government you trust will eventually get their hands on it?<p>You'd think politicians would realize this the most. In 20 years time when the people running the NSA have changed and a different party or group is at the top of the pyramid, are they not going to use communications you used 10 years ago for their own ends? I'm hoping pure survivalist instinct will win out eventually and some politicians will vote the right way.
"Snowden's hacking prowess"<p>So we're back to this. First the "Snowden had a Hacker Certification" nonsense (ignoring that CEHs are required by DoD for OPS jobs and aren't exactly high-quality to begin with) and now deleting log files equaling "hacking". I guess it is easier to make him seem like some super skilled hacker than admit that oversight and access controls were probably non existent.<p>Selfishly, I really don't even care about Snowden at this point but I do fear that the trend developing is to paint him as a "Hacker" putting security researchers as the next major "threat".
This is a calculated smearing, by "[government] officials, who spoke on condition of anonymity". It's blatant PSYOP. Obviously, audit trail systems are worthless if they allow deletions at will (and without, hah, a trail).
Really? They didn't consider the notion that someone might delete logs (or disable logging)? Maybe they should be using a better logging daemon...