Let's go back to what he said in the online chat The Guardian hosted just after Snowden had "outed" himself as the leaker.
...audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.I'll admit that I had to google GCHQ to find out what it is...the UK's version of the NSA. I suppose that Snowden's intent in referring to them was to suggest that - like the UK - the NSA only audits 5% of the queries performed. With this latest release by Gellman, we know that to be false. As a matter of fact, what this document shows is that rather than being cursory and incomplete, SID audits are remarkably thorough.
In Glenn Greenwald's report on XKEYSCORE (the program the NSA uses to conduct these queries), he repeats a similar claim by Snowden.
Some searches conducted by NSA analysts are periodically reviewed by their supervisors within the NSA. "It's very rare to be questioned on our searches," Snowden told the Guardian in June...Regardless of what you make of these "violations," one has to assume that either Snowden didn't know about the oversight being conducted on these queries (hard to imagine since he's the one who leaked this report to Gellman and Greenwald said that Snowden thoroughly reviewed everything he leaked) or he was lying. It is therefore important to note how this story has morphed from its early form of hysteria. Right out of the gate, Snowden made an explosive claim.
I, sitting at my desk could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.Then in that on-line chat at The Guardian, he equivocated a bit.
...in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time.Here he is suggesting that there are policies that prohibit an analyst from wiretapping anyone. But his qualification is what I quoted above...that audits on those policies are cursory, incomplete and rare. Now we know that is not true. So the goalposts have been moved once again.
Duly noted. Please proceed, Mr. Snowden.
P.S. In reviewing some of Mr. Snowden's early statements, I watched this video again.
I'll just note that at approximately 3:50 he makes the now totally discredited claim about NSA having "direct access" to internet company's systems. But its what he says at about 4:50 that I find incredible for anyone who has even cursory knowledge of the internet - much less a "systems administrator."
I grew up with the understanding that the world I lived in was one where people enjoyed the freedom to communicate with each other in privacy without it being monitored...without it being measured or analyzed or sort-of judged by these shadowy figures and systems anytime they mentioned anything that travels across public lines. I think a lot of people of my generation - anybody who grew up with the internet - that's their understanding.I'm really trying to wrap my head around that one. He's talking about "privacy" of information that travels across "public" lines. It seems that he has absolutely no awareness of the contradiction. And of course when he talks about those "shadowy figures and systems," he wants us to only think about the government and not the 1,500 data points on 700 million people that Acxiom is collecting to distribute to its corporate clients. Can he really be that clueless about the fact that there is no such thing as privacy online?