Aside from the obvious – vast data collection programs that included PRISM, Tempura, Upstream, XKeyscore and the NSA’s powerful facial recognition program – we learned from the Edward Snowden leaks something crucial about the country’s elite spy agency: it had holes in its own data security big enough to let a contractor walk through with massive troves of sensitive data.
According to an audit from the NSA Inspector General’s office, as of March 2018, some of those holes were still open.
Of course, the audit, published for public consumption, contains only declassified information, and it doesn’t give details. Be that as it may, starting on page 29, the audit enumerates significant outstanding inspection recommendations regarding the NSA’s failure to secure the internet and the enterprise, as well as to address insider threats.