A reflection of Charlie Miller is pictured on his computer screen in his home-office in Wildwood, Missouri April 30, 2013. Miller is a security researcher at Twitter who previously worked for the National Security Agency (NSA).
Last week Siobhan Gorman of The Wall Street Journal reported that National Security Agency analysts have occasionally used vast surveillance tools to spy on love interests.
NSA Chief Compliance Officer John DeLong told reporters that willful violations of spying rules — dubbed " LOVEINT " — happened on “very rare” occasions, adding that he didn't have exact numbers because most of the violations were self-reported.
(One situation in which self-reported abuses arise is when an employee takes a polygraph test as part of a renewal of a security clearance.)
D.B. Grady, who co-authored the book "Deep State: Inside the Government Secrecy Industry" with fellow investigative journalist Marc Ambinder, said that the lack of oversight regarding abuse by NSA analysts is the most troubling part of the admission.
"The real shocking revelation about all that is that this information is self-reported," Grady told Business Insider. "You mean there's no record? I can't download something from BitTorrent without my ISP shutting me down and these guys can spy on their girlfriends and boyfriends across the planet and nobody finds out? That's the most shocking thing of all; all of the security mechanisms lack teeth."
Grady explained that the systematic lack of security extends to analysts who want to abuse the system in other ways, such as the case of former NSA contractor Edward Snowden.
"My daughter can't buy anything on her iPad without me putting in a password, but Edward Snowden can copy the entirety of the NSA computer system without putting in a password," Grady said. "There are no internal protections, and if they exist, the people who work for the NSA are very smart. So if you want to break the system, you can break the system — Snowden proved that."
On Monday Richard Esposito and Matthew Cole of NBC reported that Snowden functioned as a "ghost user," meaning that he was able " look at any file he wanted, and his actions were largely unaudited."
One intelligence official told NBC that this was partly because " the NSA is stuck in 2003 technology.”
Another key reason is that Snowden's role as a " system administrator " meant that he was able to access NSAnet, the agency’s intranet, without leaving any signature.
“At certain levels, you are the audit,” another intelligence official told NBC.
So not only can the public add LOVEINT to the list of abuses by government workers with access to government databases, but lack of security mechanisms also means that nobody truly knows how widespread the abuses have been.
And Russ Tice, an NSA whistleblower who claims to have seen a wiretap for then-Senator Barack Obama and other prominent public officials in 2004, believes that there is much more to be learned about NSA abuse.
" Outrageous abuses ... have happened, and it's all being kept hush hush," Tice told Business Insider.
More From Business Insider