Almost two years after Edward Snowden climbed the world stage, the intelligence community is just now putting the finishing touches on a computer-driven system for catching insider threats– one that promises not just to detect future Snowdens and Mannings in the act, but also to predict who the next leakers will be.
The new method, meant to identify leakers of classified information but also homegrown terrorists, drug financiers, school ground shooters, and even sexual predators, builds the security equivalent of a “credit score.” It would secretly attach to every individual, while automatically generating and changing scores as behaviors and associations trigger indicators of anomalous activity.
The initial “security scores” would be applied to insider threats (or “InThs” as they are now being called internally)—that is, people “affiliated” with the federal government. But the definition of who qualifies as being an insider is already so broad, and the methods of activity monitoring so widespread and promising, that it’s only a matter of time before some kind of security score system is applied universally.
After Snowden accessed and then downloaded over 1.5 million Top Secret documents from internal networks, some immediate changes were made in intelligence community practices. According to NextGov:
Any piece of data ingested by NSA systems over the last two years has been meta-tagged with bits of information, including where it came from and who is authorized to see …
Tagging both the data and the individual user, NSA thinks, will expose what data any individual accesses and what they do with it. It sounds definitive and big brotherish, except that there are hundreds of thousands of workers and part of the analytic process requires them to legitimately access huge amounts of data to do their jobs. Automated, real-time deterrents are the hope of deterring all but the most fervent and sneaky insider, intelligence sources say. But to catch the next Snowdens?