General Keith Alexander, who recently stepped down from his position atop the NSA, told an interviewer in Australia that he still has no idea how many documents Edward Snowden took. "I don’t think anybody really knows what he actually took with him, because the way he did it, we don’t have an accurate way of counting," he said. "What we do have an accurate way of counting is what he touched, what he may have downloaded, and that was more than a million documents."
That doesn't narrow things down much! Glenn Greenwald explains why this admission matters in the surveillance debate:
The primary defense of the NSA and its defenders is that one need not worry about the staggering sums of data they collect because they have implemented very rigorous oversight mechanisms and controls that prevent abuse. Yet Snowden spent months downloading a large amount of highly sensitive documents right under their noses. And not only did they have no idea that he was doing it, but now—even after spending large sums of money to find out—they are still completely incapable of learning which documents he took or even how many he took. Does that sound like a well-managed, tightly controlled system that you can trust to safeguard your most personal data and to detect and prevent abuse of this system by the tens of thousands of people who have access to it?
It sounds like a system with gaping security flaws run by an agency that has shown itself incapable of guarding what it considers to be its most precious secrets. Say that no NSA employee ever abuses the detailed information it has about the private communications of Americans. Even with that guarantee, why should Americans trust the NSA to safeguard its data from foreign governments and hackers?
I've yet to see any persuasive answer from NSA defenders.
In fact, if you believe, like Edward Lucas of The Economist or John Schindler of the Naval War College, that Snowden is the unwitting dupe or witting agent of Vladimir Putin, then you're effectively saying that a foreign government has already breached a trove of NSA information that could be used to manipulate elections, blackmail some unknown number of Americans, and do all manner of other mischief.
I don't think Snowden is a spy. But his success inclines me to think that the privacy of Americans will be much better protected, even absent any abuses by the NSA, if the NSA erases what it's gathered about us from its servers, rather than acting as if it can protect it all indefinitely. In the wrong hands, metadata on millions of innocents could do significant damage. Why trust the NSA and its contractors to keep it from the wrong hands?