Oliver Stone’s 70 years old today. Happy coincidence. Saturday, The Guardian’s Benjamin Lee describes the septuagenarian as an “embarrassing grandfather with a string of curiously ill-advised disasters.” Stone releases his Edward Snowden drama on Friday. It’s an answer of sorts to Laura Poitras’ documentary on the same subject, Citizen Four. Aside from hopes of cashing in once again (first time, JFK) on the gullibility of conspiracy theorists around the country who thrive on their sense of vulnerability, Stone hopes his story on Snowden might contribute to efforts to win Snowden a presidential pardon. To that end, the American Civil Liberties Union and Amnesty International are about to begin petitioning President Obama to pardon Edward Snowden before Obama leaves office.
No doubt, Edward Snowden is one of the most famous or infamous personalities in the United States here in the first decades of the century. His meteoric rise to fame in 2013 when he betrayed the NSA and found refuge first in China, and then Russia, is a story worth understanding, especially if one’s truly interested in how to prevent that sort of thing from happening ever again.
That’s where Steven Bay comes in.
Bay’s a Navy Veteran, a Farsi linguist, a cybersecurity intelligence analyst, a family man, a contractor. He’s done intelligence work for the US Air Force, for the NSA in Maryland, and, finally, for the NSA in Hawai’i as a Site Lead and Senior Cyber Intelligence Analyst. And Bay knows what it means to be a broken man, to see your world come tumbling down around you in a matter of moments.
Steven Bay is the man who hired Edward Snowden. He’s the man who, in hindsight, sees all the signs that predicted Snowden was up to no good. To some extent, Bay was the NSA’s sole sacrificial lamb in the wake of Snowden’s leaks. Bay made himself available for that tragic part because, according to Bay himself, he stepped across a very minor regulatory line in supervising Snowden. So when all hell broke loose and the FBI descended on NSA Hawai’i, Bay spent a good deal of time under the light while the NSA looked on.
THE REST OF THE STORY
Now, when a presidential pardon has its best chance of success for Snowden (not that it’s ever going to happen: it’s not), when two powerful civil rights institutions are ready to catalyze a movement, when Oliver Stone is about to re-tell Snowden’s story under the guise of world-wide conspiracy, Steven Bay wants to tell what Paul Harvey called “the rest of the story.”
The Cipher’s Mackenzie Weinger reports that Bay confessed his sins earlier this week before an audience in Seattle at the IEEE Rock Stars of Cybersecurity Conference. Weinger reports, “Beyond the personal aspects of how it impacted people who worked with Snowden, Bay said he is also frustrated by the way many people view Snowden and his actions.” According to Bay, Snowden “’was kind of a junior analyst and had a relatively junior role . . . . He’s not the foremost expert on this stuff. He’s a smart guy . . . and he had experience, but he wasn’t some senior level person . . . . Ed’s not a hero.’”
Ed’s not a hero to Bay, of course, who is no longer with Booz Allen. According to his LinkedIn profile, Bay’s the Sr. Director, Chief Information Security Officer at NuVasive, a medical device enterprise.
During the course of Bay’s lecture to the Rock Stars audience, which Bay pitched as an opportunity to both correct history and help prevent similar breaches in the future, Bay shared a few lessons learned. Some may be obvious, but they bear repeating. For as surely as you’re using the same password for several different accounts, those in cleared fields are repeating these mistakes, and others, again and again.
1. Question everything. Bay relates Snowden’s epilepsy cover story. According to Bay, Snowden attributed what become more and more routine absences to his epilepsy, which he didn’t have. Nobody ever checked once this ailment started interrupting his routine.
2. Don’t compromise. Bay was a fall-guy because, according to him, he slipped up once: “’I didn’t even remember doing it, but they found it as they were going through my stuff and I did apparently copy and paste some stuff into a Word doc and sent it over to him, pertaining to his mission that he was working for the client . . . .‘”
3. Be vigilant. According to Bay, Snowden asked for access to information related to PRISM, which was unrelated to his work. That should have set off some flags, at least we can say in hindsight.
4. Don’t leave Microsoft PowerPoint slides laying around. The information Snowden unveiled wasn’t the product of some sort of insider hacking episode, Snowden took it from PowerPoint slides. According to Bay, Snowden “’simply grabbed some PowerPoints’ and ‘released those to the world . . . .’”
5. Don’t pick April 1 as a new cleared employee’s first day of work. Ironically, Snowden’s first day was April 1. April Fool’s Day 2013.