Edward Snowden used colleagues’ sign-in credentials to access some of the classified information that he later leaked, report Mark Hosenball and Warren Strobel for Reuters. Some of the colleagues have already been identified and removed from their assignments.

Edward Snowden

Snowden obtained colleagues’ passwords

Officials have said from the beginning that Snowden was able to download so much classified information at least partially due to sub-standard security procedures, but sharing passwords seems like a particularly inept breach for one of the world’s premiere spy agencies. Snowden told between 20 and 25 people that he needed their passwords as part of his job as a systems administrator, but they could have easily confirmed that this wasn’t the case. Outside of the intelligence community, we have been inundated with the message that you should never give out your password, but the high standards normally required to get clearance in the first place may have contributed to the lapse in judgment.

“In the classified world, there is a sharp distinction between insiders and outsiders. If you’ve been cleared and especially if you’ve been polygraphed, you’re an insider and you are presumed to be trustworthy,” Steven Aftergood, a secrecy expert with the Federation of American Scientists, told Reuters. “What agencies are having a hard time grappling with is the insider threat, the idea that the guy in the next cubicle may not be reliable.”

Intelligence community has exploded

The intelligence community has exploded since 9/11 and an estimated 3.5 million people now have some form of secret clearance according to Dion Nissenbaum at The Wall Street Journal, so that assumption probably needs to be re-evaluated, especially when so many of those people are contractors who don’t work directly for the government. The other employees that Snowden fooled probably knew him personally, but that still doesn’t excuse the mistake.

Snowden’s revelations have started an important conversation on privacy and surveillance, and there isn’t any evidence to support the Federal government’s assertion that the leaks have compromised American security. But if he was able to simply ask for NSA agents’ passwords and get them, it’s hard to believe that our other national secrets, many of which really do affect our safety, are any safer.