This is criminal. Every single thing he did should have left an audit trail, both as a guard against misuse, and for damage assessment in a case just like this.
I didn’t say “criminal incompetence,” because if the need for an audit trail is obvious to such as me, it surely must have been obvious to higher-ups at NSA. If the systems lack the capacity for this, it’s because somebody doesn’t want the records kept. That suggests abuse at a systemic level. (It also undercuts claims of extensive auditing here.)
Then there’s the incompetence of letting someone like Snowden have such free-ranging access to the system: “The NSA had poor data compartmentalization, said the sources, allowing Snowden, who was a system administrator, to roam freely across wide areas. By using a ‘thin client’ computer he remotely accessed the NSA data from his base in Hawaii.” Snowden and Bradley Manning. That’s who’s in charge of our secrets?
Hey, I’ve got an idea! Let’s put the federal government in charge of our health care!