The employee is one of three people who have been under investigation for their unwitting involvement in Snowden’s effort to remove the material in what may be the largest breach of classified information in history.
None was accused of collusion, said a senior U.S. official familiar with the investigation. “It’s a violation of procedures . . . but no ‘Hey, let’s conspire with him to steal information,’ ” said the official, who spoke on the condition of anonymity because the investigation is ongoing.
The employee who resigned, a civilian, had his security clearance revoked in November and was notified of a proposal to fire him. He resigned Jan. 10, said the memo, which was addressed to the staff directors of the House Judiciary Committee.
The two other people, a U.S. military member and a contractor, had their access to NSA facilities and material revoked in August, the memo said. They all worked at a regional NSA facility in Hawaii, where Snowden was a contract employee for Dell and later Booz Allen Hamilton, officials said.
The resignation appears to be the first personnel action to result from the breach. Snowden, who has been granted temporary asylum in Russia, shared large amounts of intelligence with several journalists. Their stories began appearing in June and have stirred national and international debate about the proper scope of NSA surveillance.
A Reuters report last fall said that “a handful of agency employees” had given their log-in credentials to Snowden and were removed from their assignments. Snowden, the report said, “may have persuaded between 20 and 25 fellow workers” to give him their log-ins and passwords by telling them they were needed for him to do his job as a computer systems administrator.
In a Google chat last month, Snowden disputed the report and said, “I never stole any passwords, nor did I trick an army of co-workers.”
According to the memo, written by Ethan Bauman, the NSA’s legislative affairs director, the civilian allowed Snowden to use his public key infrastructure (PKI) certificate to gain access to classified information on NSANet, the agency’s intranet, “access that he knew had been denied to Mr. Snowden.” PKI is a system of identity credentials designed to prevent unauthorized access to sensitive computer networks.
The memo stated: “Further, at Mr. Snowden’s request, the civilian entered his PKI password at Mr. Snowden’s computer terminal. Unbeknownst to the civilian, Mr. Snowden was able to capture the password, allowing him even greater access to classified information.”
Lawmakers expressed concern Thursday about the security lapses at the agency. “It is unacceptable that the NSA’s security protocols and breaches were so easily circumvented,” said Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.). “This is the same NSA that asks us to trust that it will keep safe massive amounts of data on innocent Americans, and that we should have faith in its internal policies and procedures.”
He said that “for months, I have been asking who is being held accountable, and while the NSA director has testified that they have taken a number of steps as a result of the leaks, it is clear that more needs to be done to protect our national security and our privacy.”
Leahy has co-sponsored legislation that would, among other things, end the NSA’s bulk collection of Americans’ phone records for counterterrorism purposes.
“If it is true that one or more NSA employees felt free to share a password with Snowden or anyone else, we have a serious security problem at the NSA and someone in charge needs to be held accountable,” said Rep. Jan Schakowsky (D-Ill.), a member of the House Intelligence Committee.
Last summer, NSA Director Keith B. Alexander and his deputy at the time, John C. Inglis, offered to resign. Their offers were rejected by the administration. Inglis retired in January and Alexander is retiring in March.