NSA Director Keith Alexander insists Edward Snowden is exaggerating the power of NSA personnel (emphasis added):
"The assumption is our people are just out there wheeling and dealing. Nothing could be further from the truth. We have tremendous oversight over these programmes. We can audit the actions of our people 100%, and we do that," he said.
Addressing the Black Hat convention in Las Vegas, an annual gathering for the information security industry, he gave a personal example: "I have four daughters. Can I go and intercept their emails? No. The technical limitations are in there." Should anyone in the NSA try to circumvent that, in defiance of policy, they would be held accountable, he said: "There is 100% audibility." Only 35 NSA analysts had the authority to query a database of US phone records, he said.
But, wait a second, says Harvard's Jack Goldsmith, who served in the Bush Administration. One hundred percent?
How is the NSA Director Alexander's claim that "we can audit the actions of our people 100%" (thus providing an important check against abuse) consistent with (a) stories long after Snowden's initial revelations that the White House does not "know with certainty" what information Snowden pilfered, (b) reported NSA uncertainty weeks after the initial disclosure about what Snowden stole, (c) Alexander's own assertion (in June) that NSA was "now putting in place actions that would give us the ability to track our system administrators"?
That is a good question. It certainly appears that the actions of some NSA employees could not be audited 100 percent. And if you want to get really deep in the weeds, see Marcy Wheeler's argument that there are multiple NSA employees with access to private data who wouldn't be tripped up by an analyst audit, because they're working with your raw data before it is queried by the folks hunting for terrorist plots.