How Can the U.S. Know Its Secrets Are Safe?

Edward Snowden's critics say uncertainty about what he took is forcing officials to presume the worst. Isn't that prudent regardless, given their inadequate security?

Edward Snowden's critics, inside and outside the U.S. government, regularly claim that his theft of classified documents is damaging to national security in part because officials must assume a worst-case scenario: that he took a couple million documents, and that China, Russia, or others gained access to all of them.

Michael Kelley's latest article reports on questions relevant to this critique. Officials claim that Snowden "touched" almost 2 million files in the course of carrying out his duties as an NSA subcontractor, he notes, and according to Lieutenant General Michael Flynn of the Defense Intelligence Agency, “Everything that he touched, we assume that he took."

There's something I don't understand about this "assume he took everything" approach.*

On one hand, I can see the logic in assuming the worst about what secrets are now known to rivals or enemies. And I see how countermeasures could prove expensive. Even if you believe, as I do, that the benefits of Snowden's disclosures outweigh the costs, it's only fair to acknowledge that there are costs, and this is one.

But another part of me thinks the following: that if Snowden could steal all these documents undetected, without intelligence officials knowing what he took even after the fact, then assuming that their contents are unknown to our enemies was foolish all along, because Snowden doesn't possess any unique, superhuman ability to steal documents. If he pulled this off, someone else could've pulled off something similar, quietly selling the stolen secrets to our enemies, rather than passing them off to foreign journalists and alerting the United States government to the theft.

Let me put it this way.

Imagine that it is somehow proved that Snowden took a minimal number of documents pertaining to surveillance and that none of them leaked beyond journalists.

Even then, would it be prudent to assume the secrecy of the other documents that were long stored with inadequate security, and that could be taken in a way that wasn't discernible? Russia has infiltrated America's intelligence agencies before. China might pay top dollar for some of the military secrets in that database. Would the NSA tell the public if it discovered a different information breach?

Quite apart from what Snowden took, the porous approach to information security he exposed may be reason enough to incur the costs of assuming our secrets are not secret.

Right? Or am I missing something?

Perhaps one lesson of the era of Wikileaks and Snowden is that not all secrets can be kept, and designing a national defense that depends heavily on them is an inapt approach.


* Updated the language in this section to make clear that Michael Kelley isn't himself making the critique that I'm questioning, just reporting on questions relevant to it.