How America Lost Its Secrets Read online

  Some secret methods that Snowden made public compromised the NSA’s state-of-the-art technology of which adversaries had been unaware. For example, the NSA had devised an ingenious technology in 2008 for tapping into computers abroad that had been “air-gapped,” or intentionally isolated from any network to protect highly sensitive information, such as missile telemetry, nuclear bomb development, and cyber-warfare capabilities. The secret method that the NSA used involved surreptitiously implanting speck-sized circuit boards into air-gapped computers. These devices then covertly transmitted the data back in bursts of radio waves. Once Snowden exposed this technology, and the radio frequency transmission it used, America lost this intelligence capability.

  In addition, a considerable number of the published documents did not even belong to the NSA but were copies of reports sent to the NSA by its allies, including the British, Australian, Canadian, French, Norwegian, and Israeli intelligence services. Snowden provided journalists with secret documents from the British cyber service GCHQ, describing its plans to obtain a legal warrant to penetrate the Russian computer security firm Kaspersky to expand its “computer network exploitation capability.” What the GCHQ was revealing in this secret document was its own capabilities to monitor a Russian target of interest to British intelligence. While the release of these foreign documents might have embarrassed allies of the United States, they exposed no violations of U.S. law by the NSA. It was a legitimate part of the NSA’s job to share information with its allies. This raises the question: What constitutes whistle-blowing?

  To the general public no doubt, a whistle-blower is simply a person who exposes government misdeeds from inside that government. But in the eyes of the law, someone who discloses classified information to an unauthorized person, even as an act of personal conscience, is not exempt from the punitive consequences of this act. Indeed, if a person deliberately reveals secret U.S. operations, especially ones that compromise the sources and methods of U.S. intelligence services, he or she may run afoul of American espionage laws.

  In the past, when government employees have disclosed highly classified information to journalists to redress perceived government misconduct, they were almost always prosecuted. During Barack Obama’s presidency, there were six government employees who, as a matter of personal conscience, shared classified information they obtained from the FBI, the CIA, the State Department, and the U.S. Army with journalists. They were all convicted: Shamai Leibowitz in 2010, Chelsea Manning in 2013, John Kiriakou in 2013, Donald Sachtleben in 2013, Stephen Kim in 2014, and Jeffrey Sterling in 2014. Like Snowden, they claimed to be whistle-blowers informing the public of government abuses. But because they disclosed classified documents, they were dealt with as lawbreakers. All six were indicted, tried, convicted, and sentenced to prison. Sterling, a CIA officer who allegedly turned over a document to James Risen, a Pulitzer Prize–winning reporter for the Times, was sentenced to forty-two months. The most severe sentence was meted out to Private Manning, whom an army court sentenced to thirty-five years in a military stockade, as noted earlier.

  The prison time that others received did not go unnoticed by Snowden. He had been following the Manning case since 2012. In fact, he posted about it shortly before he began stealing far more damaging documents than Manning had. He would therefore likely have been aware that by revealing state secrets he had sworn to protect, he would be risking imprisonment unless, unlike Manning, he fled the country. His motives, no matter how noble they might be, would not spare him—any more than they spared the other six—from determined federal prosecution.

  The view of those on the Snowden side of the divide is grounded not in legal definitions but in a broader notion of morality. Snowden’s supporters do not accept that the law should be applied to Snowden in this fashion. A writer for The New Yorker termed it “an act of civil disobedience.” His supporters argue that Snowden had a moral imperative to act, even if it meant breaking the law. They fully accept his view that he had a higher duty to protect citizens of all countries in the world from, as he put it, “secret pervasive surveillance.” That higher duty transcended any narrower legal definitions of lawbreaking. Ben Wizner, a lawyer from the American Civil Liberties Union who has represented Snowden since October 2013, argues that Snowden’s taking of classified documents was an “act of conscience” that overrode any legal constraints because it “revitalized democratic oversight in the U.S.” and, without question, caused a much-needed debate on government surveillance.

  In this ends-justify-the-means view, any person with access to government secrets can authorize him- or herself to reveal those secrets to the world if she or he believes it serves the public good. Further, because doing so would be an “act of conscience,” he or she should be immune from legal prosecution.

  For Snowden’s supporters, his “act of conscience” justifies his claim to being a whistle-blower, even though the preponderance of the secrets he disclosed had to do with the NSA’s authorized activity of using its multibillion-dollar global arrays of sensors to intercept data in foreign countries. For example, one of the thirty allied intelligence services that the NSA cooperated with in 2013 was the cyber service of Israel. Because Snowden deemed this cooperation to infringe on privacy rights, he revealed documents bearing on the NSA’s data exchange with Israel. He subsequently told James Bamford, in an interview in Wired magazine in August 2014, that supplying such intelligence to Israel was “one of the biggest abuses we’ve seen.” Snowden therefore believed he was justified in revealing information concerning Arab communications in Gaza, the West Bank, and Lebanon that the NSA had provided the Israeli cyber service, known as Unit 8200. In doing so, he compromised an Israeli source. But how could this act qualify as whistle-blowing? Providing Israel with such data was not some NSA rogue operation. It was part of a policy that had been approved by every American president—and every Congress—since 1948. Snowden had every right to personally disagree with this established U.S. policy of aiding Israel with intelligence, but it is another matter to release secret documents to support his view. If the concept of whistle-blowing were expanded to cover intelligence workers who steal secrets because they disagree with their government’s foreign policy, it would also have to include many notorious spies, such as Kim Philby.

  Snowden’s concept of whistle-blowing also applied to the NSA’s spying on adversary nations. “We’ve crossed lines,” Snowden said in regard to China. “We’re hacking universities and hospitals and wholly civilian infrastructure.” The NSA’s operations against China were such “a real concern” for Snowden that he targeted lists of the NSA’s penetrations in China. Putin echoed this expansion of the whistle-blowing concept to adversaries. He complimented Snowden for having “uncovered illegal acts by the United States around the globe.” Putin’s defense of Snowden not only implied a global concept of whistle-blowing that justifies breaking U.S. laws but also pointed to America’s double standard in publicly complaining about Russian and Chinese cyber espionage.

  Snowden’s whistle-blower interpretation gained immense public resonance. Even after President Obama and leaders of both houses of Congress roundly denounced Snowden for betraying American secrets, the majority of the public, according to a Quinnipiac poll taken in July 2013, still considered “Snowden a whistleblower who did a service revealing government domestic spying programs.” Moreover, Snowden’s revelations helped stoke a growing distrust of the American government itself. According to polls conducted by the Pew Research Center after Snowden came forward, just 19 percent of the public said that “they can trust the government always or most of the time.” The support for Snowden was not limited to America. On October 29, 2015, a majority of the European Parliament voted to award Snowden the official status of a “human rights defender.”

  The former congressman Ron Paul went even further. He organized a clemency petition in February 2014 for Snowden, stating, “Thanks to one man’s courageous actions, Americans know about the truly egregious
ways their government is spying on them,” and his son Senator Rand Paul, who was a candidate for the Republican presidential nomination in 2016, called for a pardon for Snowden.

  Senator Paul’s concern fitted with the growing public apprehension over increasing intrusion on privacy. Snowden was correct, in my opinion, in describing the threat of a surveillance state and the loss of privacy as a legitimate public concern. “We actually buy cell phones that are the equivalent of a network microphone that we carry around in our pockets voluntarily,” he pointed out from Moscow.

  The very technology involved in the electronic equipment we all use in the twenty-first century has made mass surveillance part of our daily life. There can be little doubt that our privacy has been largely eroded, if not entirely negated, by the widespread use of cell phones, credit cards, social media, and the search engines of the Internet. When we use smart phones, our location is relayed to our telephone service provider every three seconds. The phone companies collect and archive our phone usage “metadata,” which includes whom we called and how long we spoke. When we use Google to search for anyone or anything on the Internet, that activity is captured by Google, a company whose profits mainly come from making available to advertisers the results of its surveillance and collection of its users’ searches. When we use Gmail, Google’s e-mail service, used by nearly one billion senders and recipients, we agree to allow Google to read the actual contents of our correspondence to find keywords of interest to advertisers.

  When we use a credit card, the credit card company also retains data about what we buy and where we go. When we travel in automobiles equipped with GPS, every turn and stop is tracked and recorded. And when we are in public places with CCTV (closed-circuit television) cameras, our image is recorded and archived. When we use Facebook, Twitter, and other so-called social media, as over two billion people do today, we allow these companies to collect, retain, and exploit their surveillance of our movements, associations with other people, and stated preferences. When we use Amazon and other online stores, we allow them to track and archive a great deal of our commercial activity. For Internet companies such as Facebook, Twitter, and Yahoo!, like Google, collecting private data on hundreds of millions of their members provides them with vast searchable databases that are easily marketable. The exploitation of these databases is a fundamental aspect of their business plans. Without such surveillance of their users, social media companies would not be able to turn a profit. Indeed, they may be more aptly called surveillance media than social media. For those of us who use them to post pictures and communicate, any notion of personal privacy is largely illusory.

  To be sure, there is a distinction to be made between the surveillance of our activities to which we voluntarily agree in exchange for the benefits and conveniences that we gain from social media, search engines, and other Internet companies and the surveillance done by the government, which we do not voluntarily invite—or want. We willingly waive our privacy for corporations but not for governments.

  What the public might not fully realize, however, is that the government can access all the personal information in the databases of private companies if it issues a subpoena or search warrant, which it does often. As Snowden himself pointed out, “If Facebook is going to hand over all of your messages, all of your wall posts, all of your private photos, all of your private details from their server, the government has no need to intercept all of the communications that constitute those private records.” These Internet companies, even if they are only interested in exploiting the data for their own profit, cannot refuse to share this information with the NSA, the FBI, and other government agencies if they have a subpoena or search warrant.

  That reality became evident to me in my investigation of the rape charges brought (and subsequently dropped) against Dominique Strauss-Kahn, the managing director of the International Monetary Fund, in 2011. Immediately after his arrest, Cyrus Vance Jr., the district attorney of New York County, issued a subpoena for Strauss-Kahn’s cell phone records, credit card records, hotel room electronic key records, e-mails, room service bills, and the CCTV videos of his activities (some of which I published in my article about the case in The New York Review of Books). Nor is this access uncommon. According to Vance in 2016, his office issues thousands of such subpoenas every year. Even though Apple made headlines by refusing to comply with a court order to help the FBI unlock the iPhone of a dead mass murderer in 2016, it had complied with many previous subpoenas. In fact, in 2015 alone, it quietly provided the backed-up data of some seventy-one hundred iPhone customers to government authorities.

  If anyone doubts the pervasiveness of government data collection, consider a little-known government agency called the Consumer Financial Protection Bureau. Created in 2010 by Congress, it mines data on a monthly basis from some 600 million personal credit card accounts, targeting about 95 percent of the credit card users in the United States. In addition, through eleven other data-mining programs, it gathers data on everything from private home mortgages and student loans to credit scores and overdrafts in personal bank accounts. This ubiquitous surveillance of virtually every non-cash transaction came about because of advances in computer technology that made it economically feasible to mine such data.

  Snowden’s concern about NSA domestic surveillance is certainly not misplaced. Ever since the 9/11 attacks, the NSA has increasingly played a role in this surveillance state, not by its own choice, but because Congress mandated it. In 2001, it empowered the NSA to obtain and archive data on American citizens. Accordingly, the NSA obtained the billing records of customers from phone and Internet companies and archived these records. The bulk collection of these billing records was intended to build a searchable database for the government that could be used to trace the history of the telephone and Internet activities in the United States of FBI-designated foreign terrorists and spies abroad. The government’s rationale for keeping these anti-terrorist programs secret from the public was that it did not want the foreign suspects to realize their communications in America were being monitored.

  The public only learned that the phone company was routinely turning over its billing records on June 6, 2013, when Snowden disclosed it to The Guardian and The Washington Post. The documents he provided the journalists showed that the NSA had been obtaining phone records collected by Verizon every three months. While this revelation might have shocked the American public, the NSA had not acted on its own. It had acted under a warrant issued by a secret court established by Congress in 1978 as part of the Foreign Intelligence Surveillance Act for each request for records. Congress empowered the FISA court, whose judges are appointed by the president, to hear cases and authorize search warrants in secret in cases involving national security.

  As its name implies, the FISA court was meant to deal with matters bearing on foreign intelligence activities in the United States. That restriction changed after the terrorist attacks of September 11, 2001. A month after the attacks, Congress expanded the purview of the FISA court by passing the USA Patriot Act (an acronym that stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism). Part of the act, Section 215, euphemistically referred to as the “library records” provision, permitted the FISA court to issue warrants authorizing searches of records by the NSA and other federal agencies to investigate international terrorism or clandestine intelligence activities. Through these FISA authorizations, the NSA could obtain “tangible things” such as “books, records, papers, documents, and other items.” Under the interpretation of this section of the law by both the Bush and the Obama administrations, the FISA court was enabled by Congress to issue warrants to telephone companies demanding that they turn over to the NSA the bulk billing records of all calls made in America. The FISA court need only deem these records to be “relevant” to the FBI’s investigations of terrorists and spies.

  Essentially, the NSA, to create a searchable database of tele
phone billing records, used the FISA court’s controversial interpretation of the word “relevant” in Section 215. Such a “haystack,” as the NSA called the national collection of billing records, could allow the FBI to instantly find missing “needles,” as this tracking was supposed to work, even if the connections were made years earlier. For example, if the FBI had a lead on a foreign suspect, it could search the database for any telephone calls made by the foreign suspect to telephone numbers in America and then who those people called. The FBI always had this power, if it obtained a warrant, but it did not previously have the “haystack” of records in a single database. General Keith Alexander, who headed the NSA between 2005 and 2014, believed that maintaining such a haystack database made sense. “His approach was, ‘Let’s collect the whole haystack,’ ” according to one former senior U.S. intelligence official quoted by The Washington Post.

  According to critics of NSA domestic surveillance, including the ACLU, the results provided by this vast database did not justify its immense potential for abuse. In early May 2015, just three weeks before this part of the Patriot Act was set to expire, a three-judge panel of the Second U.S. Circuit Court of Appeals in New York agreed with the ACLU position, overturning a lower court decision that said it was legal. The panel found that the word “relevant” in the act was not intended by Congress to justify the acquisition and storing of the bulk records of telephone companies for possible future use. Soon afterward, Congress replaced the Patriot Act with the USA Freedom Act, which effectively transferred bulk storage of billing records from the NSA to the phone companies themselves. Despite the change in venue, the records of individuals were still not completely private. Under the new law, the FBI via a FISA warrant could still search the phone company’s databases.