NSA SECRETS

THE SNOWDEN OPERATION

INSIDE THE WEST'S GREATEST INTELLIGENCE DISASTER

Introduction

Some of my most respected colleagues tell a story that goes like this: Edward Snowden had a well-paid post inside American intelligence, as a contractor for the NSA. Disillusioned by the discovery that his employers and their allies engaged in mass collection of details of private communications, he took a cache of secret documents detailing this appalling behaviour and shared them with media outlets across the world. The noble crusader was bravely risking his career and freedom in the pursuit of truth and transparency—a sacrifice that has made him a worthy candidate for man of the year awards,¹ and for canonisation as a secular saint.
This book tells a different story. My reading of the facts is that Snowden is a 'useful idiot'.² His theft and publication of secret documents should be seen not as a heroic campaign but as a reckless act that has jeopardised our safety and played into our enemies' hands.
The damage wrought by Snowden's revelations takes five forms. It weakens America's relations with Europe and other allies; it harms security relationships between those allies, particularly in Europe; it corrodes Western public opinion's trust in their countries' security and intelligence services; it undermines the West's standing in the eyes of the rest of the world; and it has paralysed Western intelligence agencies.
All these are bad. And as it happens, they are also all Kremlin priorities: if Vladimir Putin were writing a 'to-do' list for his officials, it would have all these five points on it. Yet this aspect of the story has been largely unexplored.³ One reason is that the public has a superficial and glamourised view of espionage, fed by Hollywood thrillers and spy novels. Outsiders simply don't understand what intelligence agencies actually do. Nor do they understand the necessarily secretive and often cynical deal-making at the heart of diplomacy. That ignorance may be healthy. But when it is breached, people are shocked.
Responsible journalism has trouble dealing with secret and hence uncheckable information released by sources with a political agenda. Most of Snowden's leaked documents consist of slides, presumably used in internal presentations. But what do they represent? Are the operations and capabilities described merely planned, long since abandoned, or actually under way? How widespread are they? Who are the targets? What do the preceding and following slides say? Who is the audience for this presentation? What objections or questions were posed? This context is crucial. Journalists usually scrutinise leaked documents for exactly these links and clues. Yet in the case of the Snowden revelations, there has been no such scrutiny.
A third element fuelling support for Snowden is genuine concern about the way in which computer processing-power and digital storage affect the privacy and anonymity that we have long taken for granted. The term 'mass surveillance' may be misleading, but it resonates. Official responses to the Snowden revelations have been lame. The White House blames the NSA for allowing the documents to leak; its rebuttals to the claims made have been laconic and dutiful, rather than vigorous. Allies fume, mostly silently.
The security and intelligence agencies in democratic countries are not used to dealing with non-specialist media. They prize (rightly) secrecy over setting the record straight. Explaining why a leaked secret document does not mean what it purports to mean may result in giving away another secret, perhaps still more valuable to an adversary. Moreover, the climate created by the leaks, and memories of past deception, dissembling, exaggeration and inaccuracy on issues such as Iraqi weapons programmes, makes it hard for the agencies to put forward their case. Morale has plummeted in the face of a vehement and corrosive scepticism about the veracity of anything coming from intelligence sources.
This book is not based on complacency about the status quo. It is not a whitewash of British and other allied intelligence agencies, either regarding their reaction to the Snowden revelations or their activities in previous years. I have spent much of my career in pursuit of official secrets (in dictatorships and democracies) and have had some success in finding them. I have on several occasions prompted official leak investigations, not bly in NATO when I was the first journalist to disclose that the alliance had finally agreed to make contingency plans to protect its new members.⁴ In my book Deception I exposed the German BND's spying operations in Estonia, and described the disastrous British intelligence operations in the Baltics in the 1940s and 1950s. In all these cases I have judged the public interest more important than saving politicians and officials from embarrassment. My instinctive attitude is to mistrust official explanations. The plea of secrecy that intelligence and security officials invoke when confronted with hard questions makes it easy to cover up incompetence, corruption and treason.
Yet transparency and journalistic freedom do not trump all other considerations. Secrets may be so sensitive that journalists have no business exposing them (I have come across some of those too). Journalists may not realise the sensitivity of the secrets they have obtained: officialdom needs some kind of recourse (such as Britain's D-Notice system) to advise the media about how to make disclosures less damaging. Journalists have a duty to their readers—but they are citizens too. Their safe and comfortable lives, and those of their fellows, depend on the proper functioning of the state. They should not take this for granted.
A healthy competition between officials who want to keep secrets and journalists who try to find them out is the hallmark of a democracy. My side winning this contest can involve notional or real breaches of the law, which may in turn expose journalists and their sources to the risk of prosecution. That is part of the job: a journalist who wants to invoke a public-interest defence in breaching secrecy has to be willing to plead his case before a judge and jury if necessary. If convicted, he will hope that political pressure will bring a pardon, or that history will vindicate him. We journalists do not enjoy absolute statutory immunity, nor should we. Nobody elected us. We make mistakes, and if they are bad ones—reflecting recklessness or malice—we should expect to suffer consequences. In short, both sides in this contest between truth and secrecy need to be guided by their sense of broader responsibility. Not every breach of official secrets deserves prosecution. And not every official secret deserves to be exposed.
Some of the accusations made against the Snowden camp are silly. It is not disloyal for journalists to try to expose state malfeasance. Nor is wrong for them to profit from their discoveries. Good journalists with good skills and good sources get good information, and if they are good at analysing and explaining it, they deserve (and may even get) good money.
Finally, worries about the future of privacy in an age of limitless electronic storage, powerful algorithms and extraordinary processing power are understandable. My forthcoming book Cyber-phobia⁵ deals in detail with how our habits and attitudes need to evolve to match the rapid change of technology we use in our daily lives. In brief, my argument is for concern rather than panic. Society has evolved in the past in response to new technologies and the benefits and threats they bring. It will do so in the future too. We will find new ways of behaving, just as we have with cameras, cars, telephones and personal computers. We will need to change some laws and establish new institutions. It will be uncomfortable for everyone but it is a surmountable problem.
That broad topic bears on this e-book too. The intelligence agencies, like everyone else, are grappling with new capabilities, vulnerabilities and constraints. The American constitution, with its admirable prohibition of arbitrary searches and seizures, was not designed for the digital age, which allows large amounts of information to be stored, and sorted rapidly and repeatedly by many remote investigators. The Smith v Maryland Supreme Court judgment of 1979, which says that expectations of privacy do not apply to dialled telephone numbers, did not foresee the ability of the authorities to warehouse such material in colossal amounts and search it automatically.
In sufficient quantities and in the right context, meta-data (for example the time, duration and direction of a phone call) can be more revealing than its content. The latter requires a search warrant. The former does not. Similarly the American distinction between citizens (constitutionally protected) and foreigners (fair game) is impractical and outdated when data crosses and re-crosses national frontiers. The need to rely on (and to arm-twist) private internet, technology and telephone companies creates new problems and dilemmas. In particular, weakening commercial cryptography standards, or finding vulnerabilities and keeping them secret, for example, may bring immediate gains in terms of intelligence collection, but—if exposed—strategic losses in terms of stoking distrust of America as a guardian of global security standards.
Legal challenges on these issues in America are under way as I write this e-book and will doubtless reach the Supreme Court eventually. Political controversies are bubbling too. The presidential Review Group on Intelligence and Communications Technologies mulled how America and other countries should manage their security and intelligence agencies in the digital age (some of its recommendations were sensible, others in my view unworkable or dangerous). President Obama on January 17th announced some modest and largely cosmetic changes to the NSA's remit, but has broadly endorsed its activities and approach.⁶
Ultimately, voters will have their say, in America and in other democracies too. But it does not seem that voters wish to destroy current intelligence capabilities, or to rewrite the statute book to make privacy inviolable always and everywhere, and at whatever cost, as some Snowdenistas seemingly want.
Despite sensationalist, ill-informed and sometimes misleading commentary in much of the media, public opinion in Britain and America seems broadly to agree with the proposition that releasing state secrets damages national security. In Britain, for example, 42% of those asked in a poll last year thought the security services had broadly the right powers; a further 22% thought they should have more.⁷
The NSA and associated organisations are huge. Distinguishing the communications of terrorists and other adversaries from the innocent data of innocent Americans is tricky. Things do go wrong. In the 'LOVEINT' scandal a small number of NSA officials were found to have abused their position to snoop on people of interest in their private lives. They were disciplined. I think they should have been fired and prosecuted. Corrupt, self-interested intelligence officers are as big a threat to our freedom, or even a bigger one, as corrupt, self-interested police or judges. Their numbers may be tiny, but that is no reason for complacency.
Leaving aside wilful individual wrongdoing, it is clear that the NSA has also over-reached. Since 2011 some 56,000 e-mails of 'US persons' have been improperly read, a judgment from the FISA court reveals. But it is worth noting, first, that this was a list of errors which the NSA itself logged and reported—hardly the sign of a systematic cover-up or intentional abuse. Second, as a share of total e-mail traffic, measured in many billions, the number is vanishingly small. At other points the FISA court has also complained about the scope of the NSA's collection of meta-data, about the way in which it is accessed, and about the level of authorisation sought. Yet on reading the (mind-numbingly long) rulings from the court, it is clear that the system is broadly working. The NSA makes mistakes. It reports them. The court finds flaws in the agency's conduct and slaps it down (in sometimes stinging language).⁸ Procedures change. Politicians react. Snowdenistas may not like the system, but even before their disclosures, its checks and balances were operating broadly as intended.
If the result of the Snowden revelations is to show that intelligence agencies and their employees make mistakes, or that they operate up to the limits of their political, judicial and regulatory constraints, and sometimes clash with the lawmakers and judges who regulate them, then that is an underwhelming benefit given the damage caused. Yes, the system could be better. I strongly support the introduction of a 'public defender' in the FISA court (as, incidentally, does the NSA).9 Such a person would be security cleared to see secret information, but would also have the standing to argue against the intelligence agencies' requests for warrants. Under the current system, the agencies make their case to the judges—but with nobody to challenge them head on. (President Obama has suggested lay advocates take part in deliberating 'novel' cases). The appointment of FISA judges—currently by the chief justice alone—could be the result of a broader process.
The NSA regards foreign citizens' communications as fair game—which happens to be the position under international law. Moreover as Nigel Inkster, a former British spymaster now at a London think-tank, notes:

it is clear that much of the non-US data searched by the NSA was in fact provided by the intelligence services of the countries concerned, with the authorisation of their governments, as part of a programme of collaboration on counter-terrorism.¹⁰

For all that, people everywhere need better ways to rebut damaging conclusions that may be drawn from automatic analysis of electronic information. It would not be acceptable if, for example, an innocent non-American landed irrevocably on an international no-fly list, or were deprived of a bank account, just for being a pious Muslim who studies chemistry and likes aeroplanes.¹¹Though such worries are widespread, especially about how such capabilities might be abused in future, examples of things actually going wrong right now are remarkably scanty. Snowden has claimed:

I, sitting at my desk, could wiretap anyone, from you or your accountant to a federal judge or even the president, if I had a personal e-mail.¹²

That is a shocking claim. But it depends heavily on the world 'could'. He 'could' also have set fire to his desk. Neither form of behaviour is condoned by the NSA. Both arson and warrantless wiretaps of random Americans are punishable. With a million-plus stolen documents at their disposal, the worst case involving deliberate intrusion into individual privacy—in America or abroad—that the Snowden camp has been able to come up with so far involves six radical Muslims (one of them with American connections) whose penchant for online pornography and contact with under-age girls had come to the attention of the NSA. The agency appears to have been mulling a leak of this information, as a possible means of discrediting them and their role as propagandists for violent and extremist forms of Islam.¹³
Another slide (actually highlighting the need to stay within the law, however irksome or inconvenient it might be) implied that an unnamed 'restaurant in Texas' might be the subject of surveillance if drug runners were meeting there.¹⁴ The context was not a recommendation, but a warning to NSA staff not to repeat the errors of Minaret, a warrantless wiretapping programme in the 1960s and 1970s whose targets included Martin Luther King and Senator Howard Baker.¹⁵
That story of the targeted Muslims (if true) raises some serious questions: who would make the decision about initiating such official smears; how would they be conducted; what level of threat or nuisance would be sufficient to trigger this tactic; and what redress would someone have if the smear turned out to be incorrect? Such hypothetical questions are more troubling than—so far—the reality.
The legal framework for counter-terrorism, government hacking, data and meta-data collection, and rules on searches and seizures when international travel is involved is a work in progress. That is not the same as a closed system in which no challenge is possible. Checks and balances in a free, law-governed society do not depend on perfection for their legitimacy. The actions of the NSA and other agencies are directed by elected leaders and subject to scrutiny by lawmakers and by judges. That oversight could be better. But it is not negligible or useless (as it is in the authoritarian countries about which the Snowden camp is so strangely silent). Outcomes vary. At the time of writing, a judge in the District of Columbia had ruled that meta-data collection was illegal, while another judge in New York, in a different case, had given an opposite ruling.
As Inkster argues, even the term 'mass surveillance' is a misnomer. It implies that governments systematically monitor the content of the communications of their citizens—reading e-mails, listening to phone calls—and take actions against them as a result. In fact, he says:

The NSA and its partner agencies have been running huge quantities of communications meta-data through computer programmes designed to identify extremely small target sets on the basis of very strict criteria … searching the haystack for fragments of needles.¹⁶

An American blogger, Dan Conover, puts it like this:

The public media freak-out over NSA data collection misses the primary point of those systems entirely: the NSA's e-mail meta-data campaign is designed to efficiently collect and then discard information. Not because the NSA is a civic-minded agency that wants to protect our theoretical privacy, but because your personal e-mail isn't the target … The NSA sucks in massive amounts of meta-data because it's searching for a subtle signal (some indication of covert terrorist communication) in a vast sea of static (like me e-mailing a fantasy football trade offer to my buddy). Got it? The system isn't designed to care about you and your private data. It's designed to efficiently eliminate anything it determines to be 'not bad guy'.¹⁷

Even Snowden himself justifies his leaks not by alleging that we live in a world akin to Orwell's 1984,¹⁸but by claiming that we are heading that way. I dispute that. But what is hard to deny is that in their attempts to forestall this hypothetical threat, he and his friends have done huge, practical damage right now.

Chapter One: Real Intelligence

Every country with the capability to spy does so. Dictators like to control their subjects and bully their neighbours. Democracies want to stay safe, free and prosperous. In each case, decision-makers like to have the best available information, which includes where possible knowing adversaries' secrets. Good intelligence minimises surprises, widens choice and strengthens negotiating positions. It can come from inference, from open-source material, from electronic snooping, and from human sources: getting people to break promises and betray secrets.
Intelligence is collected in the full knowledge that the other side is doing just the same thing. Complaining that intelligence officers steal secrets is like complaining that diplomats dissemble, or that journalists simplify and exaggerate: it is what they are paid to do. Big countries do it more than small countries, and America, the richest and most powerful country in the world, does it most of all.
When it comes to collection of electronic information about their own citizens, however, other countries adopt practices which leave America looking like a bunch of milquetoasts. Russia's extensive and intrusive system of internet monitoring is both widely known and attracts little controversy.¹⁹ France allows surveillance of internet users, in real time and without prior legal authorisation, by public officials including police, intelligence and anti-terrorist agencies as well as government ministries.²⁰ A law expanding these powers was passed in December 2013, just weeks after France expressed outrage that the NSA had allegedly been engaged in similar activities there. Spying is necessarily conducted in secret, partly for operational reasons but also to save face (among victims and practitioners). Espionage is not glamorous, despite its Hollywood depictions. It is just another government bureaucracy—albeit one which involves behaviour that is always disreputable (telling lies) and often illegal (using false identities, bribing, bullying, breaking into buildings, tapping phones). Ruses, stunts, mischief and gadgets may look rather ridiculous in the cold light of day, so espionage is a tempting target for outside suspicion, investigation, denigration and ridicule.
Any politician or senior official involved in international negotiations knows that spying is routine. You have to be careful what you put in texts or e-mails, and what you say on any kind of phone, unless you have some advanced security measures in place. Even then, electronic communications are vulnerable to a sophisticated attacker. That is why serious governments have special venues for their important meetings. These typically have no windows (which are vulnerable to the use of long-range microphones involving the clever use of lasers). They are usually deep within secure government buildings. Mobile phones and other gadgets must be left outside in lead-lined lockers. This is annoying, but it is a fact of life.
Against this background, the fact that America spies on other countries, and that American allies spy on other countries, that America spies on its allies, and that those allies spy on each other, seems less shocking. Or at least it should. One of the most sensational disclosures in the Snowden material was that America's NSA spied on Germany, chiefly from a listening post on the roof of the American embassy in the heart of Berlin: part of a network run by the agency's Special Collection Service, which uses 80 foreign locations to intercept electronic communications. Among the targets was the chancellor, Angela Merkel, chiefly via an insecure old mobile phone which she uses for party and private business. Disclosed by Der Spiegel in October 2013, this caused outrage.²¹ The American ambassador was summoned to the foreign ministry to be rebuked. Mrs Merkel phoned Barack Obama to complain. Germany cancelled an intelligence-sharing agreement with the United States and Britain.²² The then justice minister Sabine Leutheusser-Schnarrenberger called for the suspension of the deal under which American counter-terrorism officials have limited access to European banking data.
For many Germans, the idea that America was spying on their country epitomised an arrogance and untrustworthiness which had rankled for years. During the Cold War, when the then West Germany needed America to secure its survival against an existential threat from the east, such grievances had to be swallowed. Now they erupt freely.
Yet the idea that American intelligence is active in Germany and other European countries is hardly surprising. Anyone with access to Google could find a pithy commentary in the Wall Street Journal written in March 2000 by James Woolsey, the former head of the CIA, called 'Why we spy on our allies'. It was prompted by a previous row about the Echelon programme, under which America and its close allies search international telecommunications traffic for keywords. A report to the European Parliament had alleged that America was collecting economic intelligence that was specifically used to stop European countries winning international contracts. Woolsey made his case with admirable bluntness:

Yes, my continental European friends, we have spied on you. And it's true that we use computers to sort through data by using keywords. Have you stopped to ask yourselves what we're looking for?²³

European companies habitually win contracts by bribery, he maintained. In most cases their products are too backward or costly to win any other way. By disclosing the payment of bribes by Europeans, the American government levels the playing field. He added that America spies on European sales of dual-use technology to rogue states and on other sanctions-busting. And he pointed out that France is a mighty practitioner of industrial espionage.²⁴
Woolsey's points were true in 2000. Nothing has changed since then. On the contrary: America is now far more aware that it faces a grave terrorist threat. And European countries have behaved in ways that make the worries of the 1990s seem mild. Germany in particular has cultivated Russia, adopted a unilateral policy of appeasement towards China, and has repeatedly undermined international sanctions on Iran.
At least some of the outrage prompted by revelations of America's spying may stem from envy. European spy agencies (Britain is a partial exception) are unable to match the NSA's capabilities and are therefore left playing the role of junior partners, offering collection services in exchange for shared intelligence. But the hypocrisy is still striking. I have already mentioned France, but Germany also has well-resourced and effective intelligence and security services which do exactly what such agencies are expected to do, including spying on other countries.²⁵
Germany's electronic intelligence agency is the low-profile Kommando Strategische Aufklärung (Strategic Intelligence Office). A report in Der Spiegel in 2008 admiringly described how this organisation, which is notionally a pure military intelligence agency, can 'bug the world'.²⁶Its targets included calls made on the civilian phone system in Russia, and the communications of drug barons in Kosovo. Some of this intelligence activity is clearly commendable. Some of it may be questionable. But it undermines the recent German outrage.
So too does a further point: that Germany is one of the world's top intelligence targets—from all directions. Chancellor Merkel's penchant for using an old-fashioned phone for her private use (she has a cumbersome but highly secure phone for government business) is no secret: it has been a subject of much jocular mention in past years. It is hardly surprising that other countries try to glean what clues they can from her text messages and phone calls. These countries, incidentally, include France, China and Russia—as well as America.
Given that German policymakers, as a rule, read English, have access to the internet, know that their country is often at cross-purposes with America, themselves receive intelligence information based on electronic intercepts, and are not stupid, what exactly is bothering them?²⁷ The answer is the publicity. Asked privately about espionage, few if any would contest the picture outlined above. But when the details of spying operations are revealed, it is often politically impossible in the targeted country for even seasoned and cynical politicians to remain silent. Faced with an irate media, and demands from opposition parties for action and explanation, they have to feign outrage.
Revelations of even the most justifiable spying create the impression of a scandal exposed. A good exhibit here is the Snowden camp's attack on Sweden's FRA electronic intelligence agency for its collaboration with Britain's GCHQ and America's NSA.²⁸ Glenn Greenwald, the American lawyer in Brazil who is the custodian of at least some of the cache of stolen material, and the most articulate public defender of its release, implies that it is wrong for Sweden to have security, defence or intelligence links with Britain and America.²⁹
For anyone familiar with European security, it is hard to see the scandal. Sweden is not a NATO member, but it has excellent if discreet relations with the alliance for entirely understandable reasons. During the Cold War, Sweden experienced frequent intrusions by Soviet submarines. Now it is experiencing dummy air attacks. One of these, on Good Friday 2013, involved Russian warplanes targeting two vital defence installations.30 Unpublished but well-sourced information suggests that the Russians also jammed Sweden's air defence radar. A leaked military intelligence report says the drill included launch codes being received to fire nuclear-armed cruise missiles. Most Swedes do not like this, and neither does the government (or the slimmed-down armed forces, which say that in the event of a crisis they would be able to defend only part of Sweden from military attack, and for less than a week).
So Swedish policymakers want to know what Russia is up to. What is the aim of the sabre-rattling? What subversion, mischief and influence peddling are under way in Estonia, Latvia and Lithuania, just the other side of the Baltic sea? Why is Russia putting nuclear missiles in its Kaliningrad enclave? What state is the Russian Baltic Fleet in? What plans does it have for the two Mistral helicopter carriers it has ordered from France? These are classic national security questions to which espionage provides at least a partial answer.
Sweden, like other small countries, cannot mount the kind of intelligence efforts it needs alone. So it exchanges information with countries that can help. America has satellites, for example, which have extraordinary abilities to look down on Russia from the sky. Sweden does not have spy satellites.³¹ But it can benefit from America's—and it is in America's interest that Sweden, a vital defence partner in the region, is secure and well informed. In turn, Sweden has intelligence assets that America may lack. These can involve collection of electronic information based on proximity to Russia, or linguistic and cryptographic capabilities. Sweden also has human intelligence assets (spies) in and around Russia which may complement or even exceed those available to American intelligence (especially in its current plight).
Why is this wrong? Not because it breaches Swedish 'neutrality': though Sweden was indeed neutral during the Second World War it does not now count itself as a neutral country (it is not part of any military alliance, which is a different status). Whether neutral, non-aligned or independent, the country must be defended: that is the responsibility of Sweden's government. Intelligence and security cooperation with other states is an entirely normal and legitimate part of that. It also helps the security of others. A recent tip-off from Sweden's FRA alerted Finland to a sophisticated Russian cyber attack on its foreign ministry.³²
It would be fair to criticise Sweden if it was heavily engaged in wasteful, unnecessary intelligence cooperation with America, against a distant or irrelevant target. But that is not the case either. Russia's behaviour in recent years provides ample proof of the problem. Nor can Swedish-American ties be criticised on the principled ground that spying (by human or electronic means) on foreign countries is illegal: it isn't. Nor does the Swedish public seem bothered by any of this.³³
Greenwald's case against Sweden (at least as far as can be discerned and inferred from his interview on Swedish television: he has declined to respond to my requests for comment) rests on America's wrongdoing. The United States, he repeatedly notes, fought a disastrous and illegal war in Iraq, and now systematically breaches laws and norms in its bulk data collection. So any country engaged in intelligence cooperation with America is tainted too. He also assumes, but does not prove, that the privacy of Swedish citizens is breached as a result of these ties. He dismisses the utility of such cooperation out of hand, even when aimed at terrorists, on the grounds that they already know the West's capabilities and take steps to avoid and evade them.
Greenwald makes much of the fact that the espionage links include economic targets. This, he argues, is hypocritical. America complains about Chinese spying on big US companies. So why is America—with Swedish help—spying on Russian energy companies? The answers would fill a book. (Readers may find mine, The New Cold War, useful.) But the brief and simple point is that Russia's energy companies are essentially political entities. Their senior managers are Kremlin appointees and cronies. They spin money off into to 'black cash' for the use of the Russian authorities in off-the-books projects at home and abroad. They are part of Russian foreign policy. If you worry about Russia, you worry about Gazprom.
The Snowdenistas' attack on Sweden was not an aberration. Looking at the pattern of disclosures, a shift is visible from those that involve 'evidence' of mass surveillance, which is a matter of genuine public controversy (although the operations described so far are all legal and in my view justified) and of the controversial hacking techniques used by the NSA (which may be legal, but are more arguably unwise), towards material that affects only the national security of the countries concerned.
Brazil, for example, reacted with an appearance of fury to revelations that America and Canada were spying on it.³⁴ It is now organising a conference on curbing foreign espionage.³⁵Revelations of Australia's spying on Indonesia infuriated the leadership in Jakarta and seriously damaged Australia's relations with its Asian neighbours. Indonesia recalled its ambassador and cancelled an intelligence sharing agreement. Yet it is obvious that Australia would be interested in the political, economic and security thinking of a neighbouring country of 250m people, which presents a potential military threat and has been the source of terrorist attacks which have killed Australian citizens.
A few days after the Swedish disclosures, another leak revealed Norwegian cooperation with the NSA. It showed that the Norwegian intelligence services have good sources within Russia, that they benefit from American help in dealing with Russian spies in Norway, and that areas of mutual interest include the Kola peninsular (a border area strewn with nuclear facilities) and the Russian energy industry.³⁶
It is hard to see how such disclosures can be justified by an appeal to the public interest. Russian bombers make regular intrusions or near-intrusions into Norwegian airspace. In December 2007 Russia sailed a naval flotilla into the middle of Norwegian oil and gas fields in the North Sea and conducted an unannounced exercise there, disrupting their operations and endangering lives by forcing a suspension of the helicopter flights which supply the rigs.
To regard Russia as an illegitimate or unfair target reveals a strange view of international politics. Someone with a wider vision of the world might recall the cyber attack on Estonia in 2007, the war in Georgia in 2008, or the death of a British citizen (Alexander Litvinenko) murdered with a nuclear weapon in the centre of London in 2006. Also noteworthy is the story of the whistleblowing accountant Sergei Magnitsky, who uncovered a $230m fraud perpetrated against the Russian taxpayer by senior officials, and died in prison in 2009 after abuse and a beating. So too are the steps Russia has taken to prevent its ex-Soviet neighbours such as Ukraine and Armenia signing free-trade and cooperation deals with the European Union. A fair-minded outsider might also note the soaring Russian defence budget, its development of advanced weapons, and its arms sales to countries such as Syria.
To be sure, all these cases are open to multiple interpretations: Russia is not necessarily wrong to defend itself and pursue its national interests. But if you believe that democracies have the right to spy on anyone at all, Russia must be high up the target list. Similarly, anyone concerned with bringing abuses to light should regard Russia (and China and Iran) as major targets. Established international human rights organisations and civil liberties outfits certainly do. They berate Western countries for their many failings, and rightly so. But the bulk of the work of outfits such as Amnesty International, Article 19, Human Rights Watch and Reporters without Borders is on abuses in non-Western countries.
The priorities of the Snowden camp are rather different. Nothing so far in their revelations has cast non-Western, authoritarian regimes in a bad light. Was Snowden really unable to find anything in the NSA's files that reveals abuses in such countries—perhaps collected by the agency but ignored by politicians for cynical reasons of Realpolitik? It would be easy to imagine some intercepts on how the Communist slave-masters of Beijing regard with glee the repeated kow-tows of Western governments on the issue of Tibet. The NSA doubtless has some insights into what the Kremlin thinks of the British government's trade-focused and amnesiac policy towards Russia. A true whistleblower might be expected to seek out such material. It would highlight Western cynicism and cowardice on human rights issues, and make the Snowden camp's case far more effectively than spurious scandals about Swedish security.
This inconsistency, I believe, is the result not just of a blinkered world outlook but of something more troubling.

Chapter Two: Selective Outrage

The intelligence agencies' capabilities are astonishing. They have the ability to plant malware on their targets' computers: either remotely, or by intercepting them before they are delivered to the customer. They can approach targets when they are playing computer games, monitor their web browsing habits, turn on webcams and microphones remotely and invisibly, use a mobile phone to bug a room, or a computer, and far more besides. They can read text messages and listen to phone calls. They have extraordinary access to the fibre-optic cables which carry data between countries and continents. The NSA and allies scamper through the plumbing of the internet like mice through the nooks and crannies of an old house. Huge slices of electronic traffic can be warehoused for days or even weeks. Powerful computers and ingenious algorithms can search for patterns and connections in a way that only recently would have seemed unimaginable.³⁷
The outline of these efforts was already known before the Snowden leaks, even if the code-names and techniques were not. The best-known programme, PRISM, stems from the Bush-administration Protect America Act. It collects data from companies under Section 702 of the Foreign Intelligence Surveillance Act (FISA) Amendments Act 2008. The physical and digital monitoring of individuals is supervised both by congressional committees and by the Foreign Intelligence Surveillance Court (also known as the FISA court).³⁸ The NSA must seek a warrant from this court if it believes that there is a greater than 50% chance of an American 'person'—ie citizen or resident—having their privacy breached.
The greater the secrecy of these programmes and capabilities, the better chance they have of tackling terrorists, criminals, enemy spies or other targets. From a taxpayer's and citizen's point of view, they represent good value for money (or at least they did until exposed and rendered useless by Snowden and his friends). The agencies can deal with complex plots hatched by well-organised outfits, and, in terrorism, with lone-wolf threats from obscure individuals who may have only the most tangential connections to known plotters. If the American administration decides that it urgently needs more information about adversaries with connections in Panama, or Papua New Guinea, or Paraguay, or Peru, or Poland, the NSA should not start from scratch. It should have capabilities which it can use immediately.
Unless you believe that the United States, Britain and other countries are inherently evil, it is hard to argue that their intelligence agencies should not develop the maximum capabilities available to them—especially as adversary countries are doing exactly the same. Whether they use those capabilities is a matter for political decision-makers and subject to judicial and legislative oversight.
Revelations about the size and scope of collection programmes may seem shocking. But they should not really be surprising. Elected governments of all political stripes in all big Western countries have given these agencies many billions of dollars or euros or pounds of their taxpayers' money. The rough size of their budgets is as well known as their huge buildings. Anyone with more than a passing interest in intelligence or security knows that the capabilities are vast too. If they were not, it would be a scandalous waste of public money.
The vulnerability of the NSA's actions was not that they were illegal, but that they were secret. Experts and specialists had a rough idea of what was going on. The general public (and even some lawmakers and officials) did not. As David Cole, a law professor, wrote in a recent New York Review of Books article,

… the meta-data programme was blessed by all three branches. The Bush administration instituted it and Obama maintained it. Fifteen federal judges on the FISA court declared it lawful. And Congress reauthorised the Patriot Act provision upon which the programme was based.³⁹

Imagine the following questions being posed in early June 2013: 'Does the NSA have the ability to read an e-mail if it really wants to? Does it have means to get round commercially available encryption? Does it cooperate with other intelligence agencies? Does it have the means to tap into international fibre-optic cables? Does it store electronic information in order to search it later if necessary? Were these capabilities envisaged at the time the relevant laws were drafted?' To all these questions the honest answer would have been 'yes'.⁴⁰
What Snowden has done is give a level of detail confirming these suppositions, coupled with, from his allies, a level of spin that verges on the hysterical, and doses of accidental or deliberate misinterpretation (as in the case of allegations that millions of telephone calls in Norway had been intercepted by the NSA).⁴¹
A more sensible question concerns not the capabilities but how they are exercised. Is it really worth spying on Angela Merkel's phone? Is the risk of the collection proportionate to the gain? These are hard questions for spy chiefs and their political masters. (The administration has now indicated that it will stop snooping on friendly foreign leaders' communications.) But to portray the NSA and its partner services, as Greenwald does, as akin to East Germany's Stasi, or to the KGB, and claiming that they have the 'literal' goal to 'eliminate privacy globally'⁴² is an extraordinary claim, which requires extraordinary evidence. So far, nothing of the kind has been forthcoming.
As Snowden's 'Christmas message' broadcast on Britain's Channel Four television stated:

A child born today will grow up with no conception of privacy at all. They'll never know what it means to have a private moment to themselves: an unrecorded, unanalysed thought. And that's a problem because privacy matters, privacy is what allows us to determine who we are and who we want to be.⁴³

But this is a huge exaggeration. What the Snowden documents do appear to show is that the NSA and allied agencies have, unsurprisingly, colossal abilities when it comes to collecting and storing meta-data. They are also able to crack or sidestep a lot of commercially available cryptography. Moreover, if they have you in their sights, they have in principle the ability (though not necessarily the time, or the authority) to find out anything about you that you store or communicate online. Those are impressive capabilities. But they do not mean that they can target everyone (nor, their defenders would argue, do they want to). Being able to see who has communicated with whom is not useful in itself. It is a good way of finding suspects to target. Such targeting may in turn need political approval or a court order. And it is does not mean that everyone is targeted. As the American blogger Bob Cesca argued:

Activists like Snowden want you to believe that NSA is directly, and without court approval, spying on you personally, because hyperbole like this feeds an agenda that involves scaring anyone susceptible to anti-government paranoia. But this quote from Snowden goes beyond anything we've read about so far, saying point blank that the government is watching everything we do. However, if this is true, Glenn Greenwald or another Snowden flack needs to reveal any and all evidence that NSA has installed cameras and listening devices in our homes and is actively observing and recording our daily activities without warrants. Again, 'watching everything we do' is a major revelation, but if evidence doesn't exist, Snowden needs to issue a clarification.⁴⁴

The Snowdenistas' exaggeration stems from a conflation of self-criticism with self-hatred. In their eyes, democracy, the rule of law and constitutional government have been so eroded that the West carries no moral weight at all. The authorities are capable of anything, so it is sensible to assume that they do what they are capable of. Why would they stop? Greenwald dismisses judicial and congressional oversight of the NSA as a stooges' pantomime. The Obama review commission was designed to 'prettify' the 'surveillance state' but not to reform it.⁴⁵ If you think that America, Britain and their allies are hypocritical, sleazy oppressors, then it becomes much easier to justify overstating your case and maximising the damage you do.
Recklessness is one explanation. Sabotage would be another. The pattern of disclosures so far does not support the idea that the Snowden camp is chiefly worried about the moral standing of America or the civil liberties of Americans, either now or as they might be threatened by a putative authoritarian government. Even leaving aside the leaks that seem deliberately designed to damage American diplomacy, others include disclosures of capabilities and programmes that clearly affect national security. One such leak was of secret parts of the intelligence budget, showing how much is spent where. The same leak in the Washington Post included secret self-assessments in 50 aspects of counter-terrorism. It noted: 'blank spots include questions about the security of Pakistan's nuclear components when they are being transported, the capabilities of China's next-generation fighter aircraft, and how Russia's government leaders are likely to respond to "potentially destabilizing events in Moscow, such as large protests and terrorist attacks".' As Paul Rosenzweig dryly pointed out on the excellent Lawfare blog, 'The Pakistani, Chinese, and Russian intelligence agencies surely appreciate the status report.'⁴⁶
Another category of leak revealed American offensive cyber-warfare capabilities.47 To be sure, digital weapons are controversial. But other countries have them too. Campaigning for unilateral digital disarmament is a respectable if idealistic approach. But there is no sign that the American people support it. And the issue is a long way from the purported abuse of privacy that Snowden wanted to expose. So too is the revelation that America launched 231 cyber attacks against 'top-priority targets'.
Some of the leaks include exactly the sort of thing that intelligence agencies are paid to do. Why is it scandalous or improper that Britain's GCHQ spied on foreign diplomats at a summit in London?⁴⁸ If the NSA is able to intercept the communications of a top Russian politician, surely it deserves praise (in private), not censure and exposure (in public). Providing the full list of Snowden's damaging disclosures would be tedious. But even the highlights are shocking. They include: how the NSA intercepts e-mails, phone calls, and radio transmissions of Taliban fighters in Pakistan, and that it is keeping a closer eye on the security of that country's nuclear weapons; an operation to gauge the loyalties of CIA recruits in Pakistan; e-mail intercepts regarding Iran; and global tracking of cell-phone calls to (as the Washington Post naively put it) 'look for unknown associates of known intelligence targets by tracking people whose movements intersect'. To the South China Morning Post Snowden revealed details of how the NSA hacks into computers and mobile phones in China and Hong Kong.⁴⁹
The obvious result of this is to damage America and its allies. Most of the criticism of the Snowdenistas has so far focused on this point. But much less attention has gone to a deeper question: in whose interest would this damage be? One candidate leaps to mind. A long-term intelligence adversary with a stellar record of penetrating and disrupting American agencies, it has a record of highly effective 'active measures' (in the parlance of its intelligence service) to sow dissension between America and its European allies. This country regards the Atlantic alliance as out-dated and ripe for demolition. It knows that NATO's credibility is waning, that the Pentagon is cash-strapped and that many European countries have lost interest in defence. It knows that in theory, the West is more than a match for it—economically, diplomatically and militarily. But in practice, division in the West levels the playing field.
That country is Russia. The uncannily good fit between the damage done by Snowden, and the Kremlin's geopolitical and intelligence interests, is in my view more than a coincidence. As Russia grapples with its own problems, the need to rely on covert measures grows (these problems include: failure to modernise, its undiversified economy's dependence on oil and gas revenues, crumbling infrastructure and a shrinking demographic base). Russia's symbolic counterweights to the European Union and NATO, respectively the Eurasian Economic Union and the Collective Security Treaty Organisation, aim to restore Kremlin influence in the former Soviet empire. That plan is succeeding. The main obstacle to its success would be determined Western resistance, which Snowden's leaks make less likely.
Russia also wants to block attempts to reboot the Atlantic alliance on the basis of economic security, through the planned Transatlantic Trade and Investment Partnership (TTIP). Stoking anti-American fury in countries such as Germany harms that deal's prospects. The Kremlin also is determined, along with China, to wrest control of the internet from the American-based committees which run it now. It wants the internet to be under governmental control, with an entrenched right for national authorities to promote 'information security'—a concept which sounds anodyne or even reassuring to Western ears, but in practice would allow authoritarian governments to censor and control their subjects' diet of information. In both Russia and China misuse of social media, for example, is perceived as a significant national security issue requiring extensive active and passive efforts by the authorities.⁵⁰Assumptions about who should control the internet are shifting as it moves away from its Anglosphere roots.⁵¹ The perception fostered by the Snowden revelations, that America is abusing internet freedom and undermining commercial cryptographic security, allows authoritarian countries to lay criticisms against the West which would have seemed laughable only a few months earlier.⁵²
These are big and important tussles. They will determine the shape of the world in coming decades. The overwhelming interest of the public in democratic, law-governed countries is that we come out on top. If we want to stay rich, safe and free, we need to win multiple battles with those who want us to be poor, vulnerable and constrained. Snowden has weakened our chances, and helped our enemies.
A further level of damage is to America's commercial interests. Big US technology companies and service providers have to varying degrees collaborated with the NSA, either voluntarily or in response to judicial warrants. Sometimes these warrants were so secret that the companies were unable to tell their customers or shareholders even in outline what they had been forced to do. Any attempt to contest the rulings had to be in secret too. They were unable to respond truthfully to requests for comment from the media or elsewhere. So long as nothing leaked, this was perhaps a defensible tactic from the NSA's point of view. If you have developed a secret and effective means of collecting electronic information, it is important that the target does not find out. Terrorists, criminals and enemy spies read English and use the internet. They will pick up clues about hardware and software which may have been compromised, and use alternatives.
Yet in retrospect, this approach taken by the NSA looks reckless. It depended on these arrangements staying completely secret. In June 2013, the Washington Post said that Microsoft, Google, Facebook, Apple, YouTube, Skype, AOL and Yahoo cooperated with the NSA's PRISM programme. The companies said that they provided data only when legally obliged to do so.⁵³
It is worth noting that the initial coverage of PRISM was accompanied by some serious inaccuracies and misrepresentations.⁵⁴ It does not give the NSA the claimed 'direct access' to these companies' servers. It is a way of transferring data collected under a court order. The Washington Post also backed away from its initial claim that the companies concerned 'participate knowingly'.
Nonetheless, the business models and brands of these companies are dented. They are furious with the administration, both for what they were made to do, and because it has been made public. Microsoft, for example, has issued a statement decrying the interception of customer data on its networks as an 'advanced persistent threat'—the term normally used for Chinese and other cyber attacks.⁵⁵ Microsoft says it will expand the use of encryption, challenge gag orders in court and make its software more transparent (to allay fears that it may contain accidental or deliberate flaws which enable snooping).
But the distorted lens through which the Snowden cheerleaders view the world magnifies failings close to home, and obscures those abroad. The shortcomings of the West become its defining characteristics. Greenwald, with his extensive experience as a trial lawyer specialising in corporate wrongdoing, provides a caustic if glib account of America's misdeeds. He cites the Bush administration's foreign policy, the rendition (kidnapping) and torture of terrorist suspects, past incidents of warrantless wiretapping, and much more besides. These are real problems and should indeed provoke soul-searching among those who wish the West to occupy the moral high ground, and for democracies to maintain their political and economic pre-eminence. But they are no excuse for nihilism.
As the journalist Brendan O'Neill points out:56

Conspiracy theorising and the cult of the whistle-blower have the same origins: a crisis of democracy, the collapse of public engagement, and a dearth of faith in politicians and even in politics itself. The more that some people feel alienated from politics, cut off from the old to-and-fro of political debate, the more they can feel tempted to embrace hare-brained stories about tiny cliques of rich folk or lizards or Jews running everything behind our backs. Conspiracy theories feed off the carcass of democratic engagement. And so it is with whistle-blowing, too: the more that radicals lose faith in both the political system, which they view as totally corrupt, and the little people, who are 'wilfully ignorant', the more they come to believe that only brave, truth-wielding individuals can save the world from enslavement by a dastardly elite.

The Snowdenistas' extremism and hyperbole reflect a mind-set which the blogger Catherine A Fitzpatrick has outlined well in her essay 'When Thinking Styles Collide'.⁵⁷ She was actually writing about the geek world's attitude to anti-piracy legislation, but the points she makes also highlight the weakness of other self-described crusaders for digital freedom, who scorn the law-making process, and judicial and parliamentary oversight, as out-of-date or irrelevant in the digital age. Geeks, she says, do not 'get' governance.

They don't understand how a bill becomes a law and don't believe in the process;
They don't understand how cases get prosecuted and how evidence has to be presented and [how] the different parts of the judicial system operate … checks and balances;
They don't get how judicial review works to determine constitutionality.

The problem, she argues, is that tech-savvy people tend to look at laws as if they are computer code. In the software world, even a tiny flaw negates a hugely strong premise. Once a bad law is on the books, they believe, it will operate like bad software: mechanically, like a guillotine. So: 'unless every single edge-case, hypothetical, problem is identified, spelled out, and remedied, nothing can stand.'
That is not the way that a modern law-governed society works. Imperfections and hard cases abound. The art of politics and administration is balancing constraints and anomalies in a way that produces the least unfair or dangerous outcomes, now and in the future. That world is messy and sometimes murky. To the self-righteous and impatient it may seem impossible to change. But for all its faults, it is capable of correction. America recovered from the McCarthy era. The Church committee reined in an out-of-control FBI after the abuses discovered in the 1970s. The same is true in other Western countries.
Zealots such as Snowden prefer their own judgment to the outcomes that this flawed, slow, muddled system provides. It is their right to believe this and to act on it—within the law. But their form of protest takes the form of stealing and publishing state secrets, in a way that causes irreversible damage (impact, as they would put it). This is not an approach that would be tolerated in other forms of protest. Anti-nuclear activists may blockade power stations or weapons facilities. Even they would regard it as irresponsible to try to sabotage them, aiming to cause maximum damage, in the expectation that the resulting debate will outweigh the harm done.

Arbitrary power is the great grievance of the Snowden camp. Who gave the NSA and GCHQ the power to bug and snoop? The real answer to that is simple: the elected governments and leaders of those countries, the judges and lawmakers who have the constitutional authority to supervise intelligence services, and the directors of the agencies in the exercise of their lawful powers. You may not like the system. You may think it needs improving (I do). But never in the history of intelligence has supervision been stronger. America in particular stands out as a country that has taken the most elusive and lawless part of government and crammed it into a system of legislative and judicial oversight. Greenwald simply dismisses such arrangements. For those in search of reform, he argues, 'the answer definitely does not lie in the typical processes of democratic accountability that we are all taught to respect'.⁵⁸Instead, he thinks the answer lies in international pressure on America. Shame and destruction, not votes, laws and institutions, bring about reform. The question about arbitrary power actually deserves to be posed in the other direction. What constitutional authority do the Guardian, Der Spiegel or the New York Times have? What gives them the right to leak their countries' most closely guarded secrets, obtained at vast expense, and with the sacrifice of tens of thousands of man-hours? Even the most passionate defenders of press freedom would hesitate to say that editors are the supreme guardians of the national interest. And even the most self-important editor would hesitate to claim omniscience. What expertise do editors and journalists have in handling these stolen secrets? How can they judge that a particular programme is worthy of exposure (rendering it useless overnight and perhaps endangering those who have worked on it) and that another can be spared the glare of publicity, at least for now and possibly ever?
The publication of secret documents, without context or challenge, has a pernicious effect on the debate that follows. As Inkster, the former British spymaster now at the International Institute for Strategic Studies in London, points out

Not even the NSA knows for certain how much information Snowden actually stole. It is clear, however, that he could not possibly have read more than a fraction of this material. It is equally clear that he did not understand the significance of much of the material he did read and that the same was true for the newspapers that published it. The resulting confusion and misapprehensions that have taken hold within the media and shaped the public debate about the NSA's bulk collection activities have not been effectively challenged or rebutted by the US and UK governments for various reasons, chief among which has been a desire not to create a damaging precedent by responding to specific allegations regarding the activities of their intelligence agencies. ⁵⁹

As far as can be inferred from Greenwald's public statements (he declined to respond to my requests for comment), his main aim is to make a splash. Asked how he chooses which material to release, and which to withhold, he answered:

We chose certain information we wouldn't disclose, eg what would help other states improve their surveillance, or anything that NSA has gathered about people (that would do the NSA's dirty work) or anything that would endanger the lives of innocent human beings. We want to publish in a way that will create the most powerful debate and greatest level of recognition.⁶⁰

That is a striking claim. Who is Greenwald to decide who is 'innocent' and who is not? Are all employees of the NSA to be counted as 'guilty' of engaging in 'dirty work'? And everyone who cooperates with them? Or only some? And guilty of what? Is Greenwald the judge, jury and executioner of the careers of public servants who have operated within the law, at the behest of elected governments, and under the oversight of courts and lawmakers?
It is only a mild caricature to say that the presumption behind the leaks is that the intelligence agencies in the West are the greatest threat to freedom on the planet. As Inkster argues, 'for those who regard intelligence services as inherently illegitimate or take the view that the US is the world's number-one rogue actor, no counter-narrative will ever be convincing'. Such fears may be the basis for a thrilling screenplay in a Hollywood movie, where vast sinister forces are marshalled against a lone hero. But they are a poor guide to real life.
One of the overwhelming impressions left by the leaked documents is, in fact, of a painstaking approach to legality. The spies did not believe that what they wrote would ever become public. Like other bureaucrats, they trumpeted their achievements in the hope of scoring points and winning favour. That comes across sometimes as chirpy or crass. But nothing revealed shows contempt for judicial oversight or a wilful desire to evade it.⁶¹
The NSA and other agencies do try to work out what the maximum is that they can do within the limits of the law. In some cases, they overstep the mark and get slapped down, sometimes crossly, by the FISC or Congress; moreover, individual officers of the agencies may knowingly break the rules. But the fact that these breaches were recorded in internal agency documents (and in the case of individual wrongdoing, disciplined) bespeaks adherence to procedure, not a cover-up.
Moreover, to err is human: bureaucratic self-aggrandisement is common in other branches of government too. Police officers sometimes intimidate suspects, fake evidence or beat up protestors. Soldiers haze new recruits or commit war crimes. Teachers and social workers abuse their power. (Even journalists can be crooked, deceitful or brutal.) Intelligence officers make mistakes too. It is true that the powers that the agencies enjoy mean that they must be particularly vigilant against abuse. But the really striking thing about the revelations to date (which are presumably cherry-picked to portray the NSA and its allies in the worst possible light) is the conscientious, tame and bureaucratic approach they reveal. It is true that the FISA court turned down few requests from the NSA. But this does not prove that the court is toothless. It reflects the fact that the NSA itself vets its own requests to weed out those that are unlikely to gain approval.
The recklessness, damage, narcissism, and self-righteousness of the Snowden camp do not invalidate all their aims. A debate on the collection and warehousing of meta-data was overdue. Collected and scrutinised, meta-data can breach privacy: if you know who called a suicide prevention helpline, or an HIV testing service, or a phone-sex line, and from where and when, the content of the calls matter less than the circumstances. These collections of meta-data, it should be noted, are not only vulnerable to abuse by nosy spooks: they are available in colossal amounts to private sector internet companies, some of whom may protect them only lightly and use them with far greater freedom than a bureaucrat.
More importantly in my view, the Obama administration has treated whistleblowers with scandalous harshness, especially those from inside the intelligence community. The hardest point for critics of Snowden is to explain what he should have done with his worries had he chosen to stay within the system. Genuine whistleblowers such as Thomas Drake, a senior NSA analyst, who believed (rightly or wrongly) that they were exposing abuses within the agency, were hounded and prosecuted under laws which would be rightly applied to spies and traitors. They are now strong supporters of Snowden's chosen course of action.
The Snowden revelations have also exposed the fact that senior officials, particularly America's Director of National Intelligence, James Clapper, have not been fully frank with Congress. He was asked in an open Senate Intelligence Committee hearing in March: 'Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?' A correct response would have been to give a boilerplate answer: data and meta-data are collected within the law and further information would be available in a closed session. Instead he answered 'No Sir'; when that response was queried, he continued: 'Not wittingly … there are cases where they could inadvertently perhaps collect, but not wittingly.'⁶² In a strict sense that was true: phone records are not exactly 'data', and storing them for future scrutiny is not exactly 'collecting'. The members of the committee were aware of the programmes concerned, having been briefed on them in classified sessions. The question was, in a sense, a trap, aimed at bouncing Clapper into revealing more than he wanted. But for all that, as a member of the executive branch, he is under a solemn duty not to mislead the legislature—or to mislead citizens who are observing its questioning of their government officials. For whatever mixture of motives or confusion, he breached that duty. He apologised later, pleading confusion not deliberate deceit. Though charges that he 'perjured' himself or deliberately lied to Congress are an exaggeration, in his place I think I would have resigned.
Lawyerly definitions of terms such as 'data', 'collect' and 'abuse' have allowed the NSA to stretch its remit in a way that some may now regard in retrospect as excessive. But it has done so within the system, not outside it. NSA officials (like their counterparts in GCHQ and allied agencies) are not cowboys, brutes or madmen. They signed up to defend their country's freedoms, not to undermine them. They tend to be sober, law-abiding types with a punctilious regard for procedures. The dire state of their morale now is a result of Snowden's disclosures. The consequences remain to be seen. The dangers of abuse in a woe-struck agency may be greater than in one where morale and corporate culture are healthy.
One can argue (and I would agree) that the NSA needs reform, that it has become too big, too dependent on private contractors, too sloppy in its security procedures, too hard to oversee and too slippery in its definitions of what it may and may not do. All these shortcomings are cause for concern (though not for panic) and are worthy subjects for discussion. As General Clapper himself has admitted: 'As loath as I am to give any credit for what's happened, which is egregious, I think it's clear that some of the conversations that this has generated, some of the debate, actually probably needed to happen.'⁶³
It is hard to dispute that the public should be aware that the NSA has stretched the definition of material 'relevant' to terrorism to include warehousing the phone records of every call made or e-mail sent in America, and that the agency has had serious rows with the FISA court. Thanks to Snowden, the public now knows this. The modest reforms announced by President Obama on January 17th are also a direct result of the Snowden leaks. But such benefits need to be weighed against the costs. Nothing evinced so far justifies the catastrophic damage that the Snowden leaks have done to national security—the worst disaster in the history of American and British intelligence.

Chapter Three: Damage Control

The mere whiff of a breach acts like nerve poison on intelligence agencies. If you lose even a single document, or believe an unauthorised person has had access to it, assumptions must be of worst-case scenarios. Assume that the Russians learn that an outwardly boring Irish insurance broker in the Ukrainian capital Kiev, for example, is actually an undercover officer of Britain's Secret Intelligence Service. What will they be able to do with that information? Will he be in danger? Will they able to find what agents he is running? If so, they must be brought out: they risk arrest. Maybe the agents are safe, but the operation cannot continue: in that case everyone involved must be stood down inconspicuously. What about colleagues? Safe houses? Dead-letter boxes? Another question is when the breach occurred. Can one be sure that this was the first instance? How solid is the 'product' (the intelligence obtained from the compromised network or individual)? Should it be assessed or analysed differently? Is it possible that the adversary used the breach to feed misleading information and then monitor the results? The answers to these questions may be 'no'. But an experienced team of counter-intelligence officers must ask them, find the answers, check and double-check. The taint of even a minor breach must be analysed, contained and cleaned.
If a single breach is a serious problem, two make a nightmare—particularly if the missing material comes from different bits of the organisation. Documents which may on their own be quite anodyne can be gravely damaging if they are combined. Revealing an intelligence officer's cover name may be no big deal. But combined with his previous travel, it could be the clue that gives the adversary details of an operation. Multiple breaches increase the problem exponentially. Each bit of compromised information must be assessed not only on its own, but in relation to every other piece of data. As the numbers mount, the maths becomes formidable. Four bits of information have 24 possible combinations. Seven have 5,040. Ten have more than three million. If Snowden has taken a million documents, the permutations that—in theory—need to be examined exceed the number of atoms in the universe.
Snowdenistas dispute claims of colossal damage. Foreign intelligence services in Russia or elsewhere do not and will not have access to the stolen material, they maintain. But dealing with secrets is a highly technical and complicated business. People build their careers on it. It requires elaborate procedures to store the information, to set and administer levels of access, to monitor who sees it, when, why and how, and particularly to authorise, log and track any copies made. It requires specially built premises, and staff who must be carefully recruited and trained and subjected to regular screening. The whole setup—with its physical, bureaucratic and human elements—involves regular checks, and possibly professional penetration tests, in which expert outsiders are tasked with trying to break the security systems. It is also designed to minimise the effects of any breach—for example by seeding the data with tell-tales (to highlight if it is being misused) or booby-traps (to act as a deterrent to malefactors). All of this takes place in the knowledge that the world's most sophisticated intelligence agencies regard other countries' secret data as a top priority.
Snowden's allies may be admirable journalists. But they do not have the experience or resources to protect the information he has stolen. Their offices cannot be made safe against electronic eavesdropping. They do not know how to make their computers truly secure. The idea that the material is safe because it is encrypted is shockingly naïve: it is child's play for a sophisticated adversary to place malware on a computer, remotely and invisibly, which logs every key stroke, and records everything that appears on the screen. Such 'end-point vulnerabilities' render even the heaviest encryption pointless. They can be delivered via a mobile phone or through an internet connection (or by some other subtle and secret means). Snowden knows this. It is possible that someone with his technical skills could keep the stolen data secure on his own computers, at least for a time and if he does not switch them on. But that becomes ever less likely over time.
Security becomes outright impossible when the material is handled by a team of amateurs. How many people have access? Who has screened them? What are their vulnerabilities—financial and psychological? Does anyone check their bank accounts? Are any of them vulnerable to blackmail? Do they have any training in avoiding 'social-engineering' attacks (such as impersonation)? What about the use of force? What happens if someone becomes disillusioned and leaves the team? A shocking example of carelessness came when Greenwald's partner, David Miranda, was stopped while changing planes at London's Heathrow Airport in August. His luggage included a number of 'thumb' USB drives and electronic devices, carrying some of the Snowden trove (as well as, some reports say, a password, apparently written on a bit of paper). Any public official who carried secret data this way would be fired and then prosecuted. A similarly sackable offence would be sending secret material across international borders by a commercial courier company such as FedEx. The editor of the Guardian, Alan Rusbridger, admits that he did just this, and jokes about it on his Twitter profile.⁶⁴ (Mr Rusbridger's defenders say that the material was heavily encrypted and that both the sender and receiver were third parties; he may feel that this ruse is fail-safe but security professionals would not.)
It is hard to avoid the conclusion that Snowden conducted his activities within the NSA in order to be as damaging as possible. Among the so far unpublished material are (by the NSA's account) 31,000 files which show what government customers asked the agency to find out about countries such as China, Iran and Russia, and its assessments of how it could respond. These 'shopping lists' are among the most closely guarded secrets in any intelligence agency. Once you know what the other side needs to find out, you can infer what they already know.⁶⁵
All this counts as primary damage: to the sources, methods and self-confidence of an intelligence or security agency. But the ripples extend farther. A spy agency's greatest asset is its reputation. Britain's MI6, for example, enjoys free publicity from decades of films featuring James Bond. The real-life business of intelligence has little to do with the stunts on screen. But the brand helps attract able people to work as intelligence officers. A reputation for integrity and skill also makes it easier to recruit sources. If you are pondering whether to trust your life to a foreign country's spies, you will want to have confidence in their ability to keep secrets. It is hard to conceive of a definition of America's national interest that does not include keeping secret the identity of foreigners who trust the country with their views, secrets—and lives.⁶⁶ But the Snowden fan club, like the cheerleaders for WikiLeaks, takes no account of this. The NSA and other agencies cannot assume that, as Snowden so blithely puts it, there is a "zero chance" that adversaries have seen the stolen documents. They have to work on the assumption that they have done, or eventually will do so.
For all these reasons, the Snowden disclosures have had a catastrophic long-term effect on British and American intelligence. As I have explained above, even the threat of a breach is enough to endanger an intelligence operation. But publishing secrets in the media introduces a whole extra level of risk. It is bad enough if the Chinese and Russian intelligence services have knowledge of (or access to) the programmes compromised by Snowden. But when they are actively publicised, even the dimmest and worst informed terrorist, anarchist or criminal gets the message. Capabilities that work when deployed stealthily become useless once everyone knows about them. Once you learn that a computer screen can be read from far away through an open window, you draw the curtains. Once you know that a computer can plant malware on a mobile phone, or vice versa, you start keeping mobile devices in a lead-lined box. To be sure, the agencies will develop new capabilities. But if your navy has been sunk, it is little comfort to be told that you can always build another one. What are you going to do in the meantime?
The pleas of the Snowden-friendly media that they screen the material before publishing it cut little ice. It is nice of them to take advice, in some cases, from government security sources about disclosures that might be particularly damaging, and even to refrain from making them. Many of the more responsible media outlets have partially redacted the documents they have published, at least protecting the names of intelligence officers. But that does not stop Greenwald from offering the same material elsewhere. His petulant remarks after his partner Miranda was stopped at Heathrow Airport did not suggest a responsible attitude to the secrets he guards. 'I will be far more aggressive in my reporting from now. I am going to publish many more documents. I am going to publish things on England too. I have many documents on England's spy system. I think they will be sorry for what they did.'⁶⁷Publishing secret documents is a grave responsibility. Surely the justification should be to expose wrongdoing, not to satisfy personal pique?
The damage was foreshadowed by WikiLeaks—a forerunner of the Snowden disclosures. A German politician, Helmut Metzner, had to resign and faced prosecution when he was outed as the anonymous source mentioned in a leaked American diplomatic cable (he denied wrongdoing and charges of espionage were eventually dropped). America's State Department has spent a great deal of time and money trying to safeguard other individuals whose identities have been wholly or partially exposed in the leaked cables. To be fair, in the versions that WikiLeaks published initially, the names of interlocutors were redacted. But a mixture of carelessness and ignorance meant that the passphrase for the unedited versions of the cables became available. The result is unlikely to have increased foreigners' willingness to meet and speak frankly with American diplomats about even mundane matters.
When intelligence sources, as opposed to mere diplomatic ones, are put at risk the damage is far greater. The stolen documents include the names of many NSA and GCHQ officers. Some of them will have been posted abroad—and may well have had sensitive contacts with locals. If their names and identities become known, then anyone who has met them, say in China, Iran or Russia, is in danger. Snowden says he will not release such material. So why did he steal it in the first place? In any case, as I have argued above, he cannot be sure that it will not leak out, given the amateurish way in which it is safeguarded. That is a profound worry to existing sources, and a grave deterrent to new ones. ⁶⁸
The disclosures of espionage by American allies damage them too. Diplomatic capital is consumed in issuing new assurances and tokens of friendship, as Australia has had to do with Indonesia. Other agreements may be put on hold. Trust is the most valuable commodity in espionage. Stolen secrets are fragile and perishable commodities. The instinctive desire of every intelligence officer and every spy service is to hoard, not to share. That preserves sources and methods, and makes the next secret easier to obtain. Handing hard-won material to a foreign partner is possible only when you believe that the country concerned is at least as trustworthy as you are yourself. The NSA's failure to keep its secrets has dented America's reputation as a trustworthy partner.
The quite unnecessary damage caused by Snowden makes it hard to believe that his aim was solely to expose wrongdoing. It looks far more likely that he was trying to cripple the NSA and its allies, and to hurt America's standing in the world. Taking a huge cache of documents, and in a way that largely defies description, analysis or mitigation, is not the action of a patriotic whistleblower. It is the behaviour of a saboteur. It is a sign of the desperation now reigning in the NSA that some are willing to offer him an amnesty even now, if he will only hand back the missing files. Nobody can be confident that they have not been seen by others. But at least the agency will have a clearer idea of what was taken, and how.
All this damage, of course, suits Russia. The NSA and other American and allied intelligence and security agencies have been a prime target for the Kremlin since even before the Cold War. The successes have been great: recent triumphs include recruiting the heads of Soviet counter-intelligence at the FBI (Robert Hanssen) and the CIA (Aldrich Ames). Signals intelligence in the 'Five-eyes' alliance of America, Britain, Canada, Australia and New Zealand has been a particular target. Western countries have shifted their attention since the end of the Cold War. The reverse is not the case. The ten Russian 'illegals' arrested in America in June 2010 prompted a lengthy, disabling and so far fruitless search within the NSA for the sources which at least one of them was believed to have recruited there. Was Snowden's decision to do what seems like deliberate damage to the NSA and America mere recklessness and vindictiveness? Or was there another motive, conscious or unconscious, in the background? No definitive answer to that is available on the evidence presently available. But some historical examples are instructive.

Chapter Four: History Lessons

In the 1970s, the nuclear disarmament movement in the West was moribund. People worried more about the energy crisis, militant trade unions, terrorism and other issues. That began to change in 1977, when the Soviet leadership launched a vigorous and successful public campaign in continental Europe against the 'neutron bomb'—an American anti-tank weapon aimed at shoring up the alliance's fragile conventional defences in Europe. The anti-nuclear cause was fuelled further by the NATO decision in 1979 to place Cruise and Pershing missiles in Europe in response to the Soviet deployment of the similar SS20 missiles from 1977 onwards.
As the anti-nuclear movement mushroomed, the Atlantic alliance came under huge strain. Ronald Reagan was seen in Europe as a warmonger and a cowboy. Pro-American governments burned political capital fighting against seductive if simplistic arguments. Surely it was better to have fewer nuclear weapons, not more? Why not try unilateral confidence-building moves to defuse tension, rather than escalate the risk of war by boosting arsenals further? 'Ban the bomb', and the romantic eccentricity of the 'Women's Peace Camp' at Greenham Common near London, had an appeal that the dry arguments for the status quo could not match. Few went as far as the Spartacist League, with their hallmark chant of 'Smash NATO! Defend the Soviet Union!' But the consensus in the peace movement was that America was a bigger threat than the Soviet Union.
The Soviet Union's own role in the anti-nuclear movement is still unclear. Defectors such as Stanislav Lunev (from Russia's GRU military intelligence service) and Sergei Tretyakov (of the SVR foreign intelligence service) have made sweeping claims. Academic studies have been more cautious. After Communism collapsed, a senior member of Britain's CND, Vic Allen, unrepentantly admitted to passing information to the East German Stasi.69 The Soviet Union financed British and other communist parties, which played a role in the 'peace' movements disproportionate to their tiny numbers.⁷⁰
What is not in doubt is that CND and the like served Moscow's purpose. To be sure, the campaigners said they opposed Soviet and Western nuclear weapons alike. But the focus of their efforts was asymmetric: they could apply political pressure to Western governments, political parties and institutions, whereas their influence in the Soviet bloc was minimal. The Soviet Union enjoyed conventional military superiority in Europe; demanding a 'nuclear-free Europe' in effect meant accepting Soviet hegemony on the continent. 'Peace' was therefore a big Soviet talking point in all international forums and discussions, both from diplomats and from nominally independent but state-funded outfits such as the World Peace Council.
Regardless of their direct or indirect involvement, the information-warfare experts of the Soviet KGB were delighted with the divisive and distracting effects the 'peace' movement was having in the West. Soviet decision-makers relied on the anti-nuclear campaigners in the West to weaken and constrain the resolve of governments there.
Their successors in the Kremlin now see a similar opportunity. Like the anti-nuclear movement of the early 1980s, modern campaigners for privacy and digital freedom see their own countries' flaws with blinding clarity, and ignore those of the repressive regimes elsewhere. They manifest a corrosive mistrust for their political leaders and public officials, to the point that little said by governments carries any weight at all.
It is worth noting that the Snowdenistas go far beyond the anti-nuclear campaigners in their thirst for damage. Disagreeing with your government's actions is one thing. Sabotaging them is another. Imagine, for example, that a British or American anti-nuclear activist got hold of the acoustic signatures of his country's nuclear submarines. These signatures—the noise that the vessels make under water—are among the most closely guarded of all defence secrets. They are distinctive and almost impossible to change. Once you know them, it becomes much easier to track a submarine and if necessary destroy it. Submarines' effectiveness largely depends on their invisibility. So publishing the acoustic signatures of the nuclear submarines would be a simple and devastating way of making them useless—in effect, sabotage.
Such a move would cost the country concerned billions of dollars. It would also tip the strategic balance in favour of countries whose nuclear deterrent remained secret and effective. Even an anti-nuclear newspaper like the Guardian would decry such a move. Yet in effect, that is what Snowden and his allies have done. They have rendered ineffective some of their countries' most expensive and sensitive defence capabilities, while leaving adversaries untouched.
Another lesson from the past concerns the scandal around the Echelon system for collecting information regarding international telecommunications. It was revealed in a series of leaks in the 1990s, eventually prompting a lengthy report by the European Parliament.⁷¹John Schindler, a former NSA analyst who is now a professor at the Naval War College in Rhode Island, sees a parallel. The exposure of Echelon, he believes, was an 'active measure' by Russian intelligence, aimed at stoking distrust between America and its European allies. Without access to classified information, that link is unprovable. But the similarities are startling. Details of the programme were divulged by a disillusioned NSA contractor, Margaret Newsham (who was working for the defence company Lockheed). The story was highlighted by campaigning journalists in the UK and in New Zealand. At first sight the message seemed sensational. America and Britain, together with other close allies, were spying on the rest of the world. They had a global network of facilities which could intercept communications—in those days faxes and telexes, as well as phone calls and the nascent internet. All this seemed to be happening without public consent or political oversight.
The result was fury—especially as one of the journalists involved, Duncan Campbell, claimed that the spying was not just for reasons of statecraft, but also in pursuit of commercial goals. American companies were gaining an unfair advantage over their rivals thanks to the muscle of their intelligence services.
On closer scrutiny, the case largely fell apart. It was exciting to know the code words for the programmes concerned, and to have the supposedly top-secret locations listed, illustrated with maps, photographs and diagrams. The silent fury of the intelligence agencies added another note of drama, as did the self-righteous hysterics of European politicians.
Yet just as with the Snowden revelations, the disclosures were not in themselves surprising. Britain's GCHQ and America's NSA exist to collect electronic intelligence. It is hardly surprising that they strive to fulfil their missions. Nor should their close alliance be a surprise. Britain and America have been cooperating closely since the start of the Cold War (as anyone viewing a James Bond film knows).
The details—the means, nature and extent—of those activities and alliances are indeed secret, but for entirely understandable reasons. Intelligence agencies, as explained above, like to keep the other side guessing. Even seemingly unimportant information about budgets, spending plans, logistics and premises can be useful to the adversary, at a potentially high cost. A secret, once released, may be a shock to the unwitting. But a shock is not necessarily a scandal.
Nor could anyone prove that anything revealed in the Echelon disclosures was actually illegal. International law does not prohibit espionage. The national laws of Britain, America and other countries gave (and give) the intelligence and security agencies a remit, and set up a system of oversight. The remit may be too wide, and the oversight too flimsy (or perhaps vice versa: views differ), but these are matters for the political process to resolve.
Perhaps the gravest charge was that America conflated commercial espionage with statecraft. That would be shocking if true. It would be illegal under American law. It would confer unfair advantages on the lucky US companies that received intelligence titbits from the government, and disadvantage their competitors. It would discredit America's reputation for fair dealing in the eyes of the rest of the world.
It is impossible to prove a negative. Those who believe that the American government and its corporate handmaidens (or Corporate America and its political handmaidens) are capable of any kind of iniquity will not be disabused of their convictions by mere denials, or the absence of facts to support them. But the campaigners against Echelon produced a remarkably thin case to support their contention. It is hardly surprising that American spies may target foreign companies. As Jim Woolsey, the former CIA director, explained in his newspaper article, they may be involved in bribery to gain an unfair advantage, or be breaking sanctions. They may have employees with access to state secrets, either now or potentially. Intelligence agencies are ingenious, curious and adaptive: that is what they are paid to be.
But the gap between spying on foreign companies and handing their commercial secrets to domestic ones is huge. And there is no evidence for it. The most likely explanation for this absence of evidence is that nothing of the kind is going on. Any programme of systematic intelligence sharing with the corporate sector would be simply too risky to contemplate (as well as being wrong). How would it be administered? Who would authorise the security clearances? How much information could be disclosed? And what about the competitors, who in litigious America would be likely to sue the government if they believed they were losing out on access to valuable information collected at taxpayers' expense?
American companies do get plenty of help from their government. They can receive briefings from officials about political and economic conditions abroad (as do executives from any country with an effective foreign service). Favours may be given through indirect channels such as consulting firms, or by hiring recently retired officials from the intelligence community. Abuses do happen. But it is striking that none of the soi-disant whistleblowers from the NSA or elsewhere, and no conscience-stricken corporate executive anywhere, has given the slightest sign, hint or proof of any programme of state-sponsored commercial espionage, either in the Echelon era or now. By contrast, evidence abounds of such espionage by other countries, chiefly China but also, notably, France.
In assessing the effects of Snowden's actions, it may help to imagine how the whole thing could have been done differently. The overwhelming evidence even from the cherry-picked documents released so far is that the NSA is a bureaucratic and rule-bound organisation. So the first thing that an employee or contractor should do when he encounters a breach in the rules is report it. The NSA, like GCHQ, has a system for this. In America, the Intelligence Community Whistleblower Protection Act of 1998 allows intelligence insiders to disclose classified information concerning a 'serious or flagrant problem, abuse, [or] violation of law' to members of congressional intelligence committees. They are obliged to exhaust other channels first, including the NSA's inspector general and the attorney general.
Snowden did not do that, largely because no such serious problem, abuse or violation was taking place. As shown above, the NSA was acting within at least the letter of the law, under congressional and judicial oversight, in accordance with the instructions of an elected president. What Snowden claims as motivation was the trajectory—that a future government would abuse the collection programmes to create an Orwellian 'surveillance state' which individuals would be afraid to challenge for fear of drawing attention to themselves.
That is a political objection. So Snowden, even without disclosing classified information, could have approached the lawmakers, especially in the Senate, who have been publicly critical of what they see as the NSA's excessive reach. He did not. He could have resigned from his job and applied for a job at one of the many think-tanks and campaigns which worry about privacy in the digital age. By providing stolen secrets he has certainly stimulated a far more intense public debate than mere assertions of an ex-employee would have done. But the quantity and quality of information stolen and published goes far beyond anything necessary to start a debate. It looks more like material for a global anti-American campaign.
Even without going through the legal channels available, Snowden could have made it easy for people to defend him as a genuine whistleblower. He could simply have taken and leaked the FISA court order showing that Verizon, the American mobile phone company, has to routinely hand over its customers' phone records.⁷² To be sure, this collection of meta-data is legal and the order was a routine renewal of a programme which has been going for years. But it was still shocking. People know that their phone companies can do this (and may be glad about it: it helps locate stolen mobile phones). They may be happy that police can analyse the data on a case-by-case basis—for example to find out who has been present at a crime scene. But there are reasonable grounds for worrying about a single government agency creating an automatic, perpetual, searchable warehouse for all such information.
A handful of other documents released by Snowden come into a similar category where a public interest defence would be plausible. If the NSA has indeed been deliberately promoting faulty encryption software, or tweaking industry standards, in order to make it easier to bug and snoop, that is a deplorable and flawed policy. A patriotic American might well try to spare the blushes of American companies who were put in an impossible position by a combination of warrants and gagging orders, while finding some material that illustrated the policy under which such measures were taken.
Had Snowden published such documents, he might well have been prosecuted. American criminal justice officials do take a literal and stern view of the law and (as I have pointed out above) this administration is particularly and deplorably heavy-handed when it comes to dealing with whistleblowers. But he would have had the strongest case for a public interest defence, or a pardon if convicted. He would have been able to say truthfully that he had sought to do the least possible damage to intelligence sources and methods, and to the economic interests of the United States, and had focused his disclosure on the secret aspect of the NSA's activities which most Americans would find controversial. He could then have argued that any harm he did by breaching his oath of secrecy was outweighed by the public good. He might have faced prosecution and jail—but if he could prove that he had taken nothing else but a limited set of documents, whose publication was embarrassing but necessary and relevant, his defence, both in law and before public opinion, would have been stronger. But he didn't.
In fact, his behaviour does not meet the most elementary tests for justifying whistleblowing. Rahul Sagar, a professor at Princeton, has defined these well in his new book Secrets and Leaks:⁷³
First, a whistleblower must have clear and convincing evidence of abuse. Second, releasing the information must not pose a disproportionate threat to public safety. Third, the information leaked must be as limited in scope and scale as possible. Snowden failed all three of these criteria. He has not shown systematic abuse, only secrecy and mistakes. He has harmed and weakened his country and its allies (indeed, for some Snowdenistas, this is a stated aim). He has stolen far more information than was necessary to make the case he purports to want to make. Why?
I have shown that the Snowden disclosures are heavily spun and damaging to American and allied interests in a way that goes far beyond the purported goals of promoting a debate about digital security. I have shown that this damage benefits Russia. I have shown that Snowden's behaviour cannot be justified as whistleblowing. For these reasons alone, he and his allies deserve condemnation. But it is possible—though not proven—that something more sinister than mere naïveté and carelessness is afoot.

Chapter Five: Our Man in Hawaii

To see the suspicious features of the story, examine the facts, as far as they are known, about Snowden's journey into and out of the world of intelligence. After incomplete formal education, he enlisted in the US Army but left after a few months—having broken his legs in an accident, he says. After joining the NSA as a security guard, he moved to Geneva to work for the CIA there, under the cover of an attaché at the American mission to the UN. This is a remarkably successful trajectory. Nobody has yet explained whether he displayed previously hidden talents, had served somewhere else to good effect, or benefited from powerful sponsors.
Some clues about his activities exist from posts he made on the Ars Technica website and in related chatrooms, under the pseudonym TheTrueHOOHA.⁷⁴ His views seem muddled rather than treasonous. He wrote of surveillance: 'we love that technology … helps us spy on our citizens better.' He was furious with administration sources who leaked classified information to reporters: they 'should be shot in the balls', he wrote. But in February 2010 his views had changed. He wrote: 'Did we get to where we are today via a slippery slope that was entirely within our control to stop, or was it an relatively instantaneous sea change that sneaked in undetected because of pervasive government secrecy?'
All this is odd (and not only because of his triple mixed metaphor). The CIA does not encourage its officers to spend time in online forums mulling the issues of the day or chatting about their private lives. The reason is simple: it is a beacon to the other side. Intelligence officers work on their targets with what is known in the trade as MICE—Money, Ideology, Coercion and Ego. Any sign of an erratic personal life, of ideological dissatisfaction, or of what psychologists call 'cognitive dissonance' offers an opening. If the target is unhappy, wanting to behave one way but forced to do something different, his mental stress can be exploited.
Russian intelligence keeps a close eye on the staff of adversary countries' foreign missions. They are particularly interested in junior employees, trying to spot which are just officials and which are intelligence officers. So it is highly likely that the Russian intelligence rezidentura in Geneva would have noticed the arrival of the young Snowden and would have spotted his real job, working for the CIA. They also as a routine measure would have tried to see what he did in his free time. They would have tried to monitor his use of the internet on his unclassified home computer in the hope of seeing a weakness—drugs, online sex, gambling—which might be a potential avenue of approach. It is likely they would have identified him as TheTrueHOOHA and observed his patchy work record, his erratic private behaviour, and his voluble and increasingly dissatisfied stance online. According to John Schindler, the former NSA analyst and specialist in counter-intelligence, Snowden would have presented the perfect target to the Russians: 'intelligent, highly naïve and totally uninformed'.⁷⁵
The next question is how they could have approached him. Clearly an overt approach would be risky and probably futile. Snowden showed no sympathy for Russia. It is therefore likely that they would have used what in spy parlance is called a 'false flag' operation. Russian intelligence, like the Soviet KGB before it, has a particular expertise in this. During the Cold War, they would identify disgruntled Western officials with strongly anti-communist views. These people would have access to secrets and grievances—perhaps because they were overlooked for promotion, or perhaps because they felt their governments were not vigorous enough in resisting the Soviet empire. The KGB officer would then make a delicate approach, showing no sign of any East European connection, but pretending instead to be from South Africa's intelligence service, the Bureau of State Security. The hapless Westerner would think he was talking to a like-minded friend. Gradually he would be coaxed into handing over small secrets, and eventually big ones. Once he was past the point of no return, the case officer might identify himself as KGB. Or he might maintain the ruse. Often it was only when (or if) the breach was discovered that the Western official would realise that far from helping a friend, he had betrayed his favourite cause to the worst enemy imaginable. A similar kind of false flag operation in volved approaching Jewish or pro-Israeli officials in the guise of a Mossad officer. The target would be reproached for his country's half-hearted support for the Jewish state and believe that he was helping its security by handing over vital information.
The beauty of false flag operations is that they can be precisely tailored to fit a target's initial vulnerability, and can then deepen and extend it. They can go through multiple stages: one intelligence officer identifies the first set of weaknesses, drawing up a detailed personality profile and a thorough picture of the target's private life and interests. Then another begins to exploit them. A third deepens the cooperation and a fourth turns the screws hard. Only when it is far too late, if at all, does the victim realise what is going on.
If the Russians indeed spotted Snowden as a potential target for recruitment, the best false flag approach would have been in the guise of campaigners for privacy and government openness. They would have been patient; carefully massaging his ego and making him feel that he was a lone crusader for justice, whose vindication would lie outside the system, not inside it. There is no proof of this. But it would certainly help explain what happened later.
Snowden left the CIA in 2009 and moved to Dell, the computer hardware company, working as a contractor at an NSA base in Japan. Two oddities stand out. One is that he abruptly ceased posting material on Ars Technica, and contributing to its chatrooms. His last substantive contribution read as follows:

It really concerns me how little this sort of corporate behaviour bothers those outside of technology circles. Society really seems to have developed an unquestioning obedience towards spooky types. I wonder, how well would envelopes that became transparent under magical federal candlelight have sold in 1750? 1800? 1850? 1900? 1950? Did we get to where we are today via a slippery slope that was entirely within our control to stop, or was it an relatively instantaneous sea change that sneaked in undetected because of pervasive government secrecy?⁷⁶

His views were getting more radical, not less. So why did he desist from sharing them? One explanation would be that he was worried about attracting the attention of his bosses or colleagues; another is that someone warned him that this could be a danger. Such a break in a pattern of activity can be a revealing clue in the counter-intelligence world. During the Cold War, Britain's spy-catchers achieved some notable success following a tip-off about readership of the Daily Worker. This was the Communist Party newspaper (later renamed the Morning Star). People sympathetic to Communism in the 1930s tended to be readers of the Daily Worker. But if approached by Soviet intelligence officers, they would be told to stop subscribing: it would be more useful to abandon overt Communist sympathies and instead get jobs within the British establishment.
Many years later, this led to some useful breakthroughs. Diligent study of newsagents' old records revealed people who had subscribed to the Communist paper for some time and then stopped. Some of them indeed turned out to have been active Soviet spies.
Along with Snowden's puzzling silence is another oddity: why did he give up the CIA so quickly? Although he had long wanted to live in Japan, a glamorous job involving intelligence operations in Geneva might seem more fun than checking computers on a military base. One explanation for this could be that Snowden was worried about the CIA's security screening. This involves repeated polygraph (lie-detector) tests and can be quite intrusive. It might reveal that he was hanging out with WikiLeaks sympathisers, for example—which would mean a speedy end to his career. Repeat screening for contractors to American intelligence (who make up an astonishing third of the 1.4m people with top-secret security clearances) is bureaucratic and onerous, but not so revealing. Another further explanation could be that he realised that being a small cog in the CIA's station in Geneva did not give him access to the secrets that would prove his contention of widespread and sinister government misbehaviour.
The next oddity is that he left his job in Japan in September 2010 and visited India for a week, ostensibly to attend a four-day course on ethical hacking.⁷⁷ India is far friendlier territory for Russian spies wanting to talk to a source than somewhere like Japan or Switzerland. There is no proof that this happened. But the trip does not quite make sense. Anyone with a security clearance would normally have to seek permission to attend such a course; it would be unlikely to be granted. It may be that procedures for dealing with contractors at the base in Japan were sloppy: in 2011 a background check on Snowden was improperly carried out.⁷⁸ At any rate, he did not declare this trip to his employers before or afterwards. If he was indeed learning hacking skills, it would be interesting to know why: the course was not needed for his job. If he went to India to meet someone, that would be interesting too. Either way, the trip looks fishy.
Snowden moved to Hawaii, and in March 2013 took a job at an NSA contractor, Booz Allen Hamilton. His new employer was worried by his resumé. It seemed to have been padded with educational accomplishments which would have been better described as aspirations.⁷⁹ He was a systems administrator, one of the unsung people who keep machines and software working properly. The job has its drawbacks—but its boringness makes mischief possible. Supervising people who are doing boring jobs is itself boring, and is often done badly. But before gaining this job, Snowden was already stealing secrets (at least as early as April 2012, American officials believe80). He says he sought the Booz Allen job because it 'granted me access to lists of machines all over the world the NSA hacked'.⁸¹He seems to have persuaded between 20 and 25 of his NSA colleagues to give him their passwords and log-ins. If true—he has denied it—this is striking. It is the behaviour of a spy, not a whistleblower. Why would someone who wanted the best for his country, and reform of his agency, entrap colleagues into a career-ruining blunder? (The people concerned have now, it seems, been dismissed.)
For Russian intelligence, sparking an association between the disgruntled Snowden and eager recipients of state secrets such as Glenn Greenwald the blogger, Jacob Appelbaum the hacker, Laura Poitras the film-maker, and others in that world of hacktivists and transparency campaigners would be a logical next step. All were associated to varying degrees with WikiLeaks, which, as I have shown above, was of great use to Russia (indeed its fugitive founder, Julian Assange, now has a show on the RT state propaganda television station).⁸² The hacker milieu is full of Westerners who are highly suspicious of their own governments for tampering with what they regard as the inviolable autonomy of the internet from any legal constraints. The KGB certainly found it a fertile hunting ground in the 1980s, using German hackers to steal NATO secrets in the days when online security was still rudimentary.⁸³
Such links and opportunities do not prove that any of the above-mentioned people are conscious agents of the Russian state, and I am not accusing them of that. (Snowden himself says the idea is 'absurd'.) But they do not need to be. The example of the peace movement shows that given the right initial direction and a favourable propaganda environment, political movements in the West can serve the Kremlin's purpose without hands-on control. It would not be hard for Russian intelligence to conceal an intelligence officer or agent of influence somewhere in the background, or for that person to broker an introduction between Snowden and his future allies.
The skimpy and confusing public accounts given so far leave plenty of room for such suspicion. One question is when Snowden first started to steal secrets. He joined Booz Allen Hamilton in March, but well before that he had offered secret files to Poitras and Greenwald. Where did he get them and when? A related puzzle is when Snowden first made contact with his future allies. As the blogger Catherine A Fitzpatrick has noted, there are no fewer than five dates given for his first contact with Greenwald.⁸⁴ It does not seem completely plausible that Snowden's first contact came only when he started sending e-mails to Poitras in January 2013. Ostensibly, she then persuaded Greenwald to install encryption software and take the mysterious anonymous would-be source seriously (Greenwald had ignored previous e-mails from Snowden, thinking he was a crank).⁸⁵ But Appelbaum was in Hawaii in March 2013 for a hacker conference, the SBoC (Spring Break of Code). A bunch of other dedicated activists attended too, including Christine Corbett, the pseudonymous hacker Moxie Marlinspike, and others. An American academic and blogger, Craig Pirrong, conjectures that what really happened was this:

Snowden was in contact with Appelbaum first, and well before January 2013, and Appelbaum directed Snowden to Poitras. It would be natural for a computer geek and hacker like Snowden to know of, and to reach out to, Appelbaum. Far more natural than to reach out to Poitras first. Under this conjecture, the timing works out. Snowden, Appelbaum, and Moxie work out their basic plan in late 2012 or early January 2013. Appelbaum activates the plan to disseminate the information via Poitras by putting Snowden in touch with her and near simultaneously Moxie initiates the SBoC to give him cover to travel to Hawaii (and perhaps too a team of unwitting accomplices that could help him cover his activities while there). They all converge in Hawaii a couple of months later.⁸⁶

The timing of Snowden's activities in Hawaii gives some support to that theory. Lindsey Mills, his girlfriend of five years (but now abandoned), has deleted her blog. But it is available on the internet archive via the Wayback Machine.⁸⁷With some acute observation, Fitzpatrick notes that Mills refers to her boyfriend disappearing off on a two-week trip on April 1st (Appelbaum's birthday is on or near April 3rd) and that she grumbles mildly about having to be a taxi-driver to a lot of people—Appelbaum's birthday guests, perhaps.⁸⁸ (Ms Mills did not reply to an e-mail seeking comment.)
Another puzzle is about Snowden's arrival in Hong Kong. According to the account given, he told Poitras and Greenwald to wait outside a particular restaurant at a particular time, until they saw a man carrying a Rubik's cube. They were to ask him when the restaurant would open and he would reply that the food was bad. That sounds sensible. Snowden would know what Greenwald and Poitras looked like but they would need to know they were dealing with the right source, not a plant or decoy. The Rubik's cube may have been signalled in a mysterious and possibly coded tweet by Christine Corbett, a hacker friend of Appelbaum's, about a 'Rubik's Cube party'.⁸⁹
The next puzzle concerns Snowden's travels after he disappeared from work, telling his employers that he needed treatment for epilepsy. If he were truly keen to portray himself as a whistleblower, why did he fly to Hong Kong? For anyone involved in American cyber-security, China is the biggest threat—bigger even than Russia. Though autonomous in economic terms, Hong Kong is firmly under the thumb of the Chinese authorities when it comes to security. Assuming he was not in a hurry, he could have flown anywhere he liked. Heading into Chinese jurisdiction—and promptly leaking details of NSA operations against China to the South China Morning Post—looks either like a deliberate snub to his former employers, or an act of boat-burning desperation, or perhaps a quid pro quo to some other party. One report in a Russian newspaper (denied by Snowden's American lawyer) says that once in Hong Kong, he celebrated his 30th birthday at the Russian consulate, spending two days there in all—mystifying behaviour for someone with his professed ideals and motivation.⁹⁰
It is possible that he was simply muddled and panicked. But for someone who had years to hatch his plan, it seems odd that he would botch something as important as the escape. Another (to me more plausible) explanation was that he was bounced into seeking asylum in Moscow.
The first article based on Snowden's material (by Greenwald) appears on June 9th. Directly after that, Snowden disappears—apparently to stay with friends in Hong Kong. But on June 11th, Putin offered him political asylum, confirmed by the Kremlin spokesman, Dmitri Peskov. On June 13th America opened a criminal case against Snowden, on charges of espionage, and warned other countries not to accept him. The net rapidly began to close: Iceland, a country which had been considered a likely destination, since its leftist government is sympathetic to whistleblowers and transparency causes, said it could consider asylum only if he actually arrived in the country.
America seems to have moved with deplorable slowness. It was not until June 20th that it issued an extradition request (though Hong Kong said on June 16th that it would entertain one). Snowden promptly went to the Russian consulate. On June 21st, America revoked Snowden's passport. He flew to Russia with another travel document—apparently one issued by the government of Ecuador via its embassy in London, where the fugitive WikiLeaks founder Julian Assange ekes out a claustrophobic existence.

One way of interpreting this chain of events is as the result of pure muddle. Snowden had no idea what to do. Neither did his friends. He ended up in Moscow simply by chance, because events precluded any other option. It is also possible to imagine that the Russian authorities might want him under their supervision. One reason would be to get closer access to his secrets (or to the cryptographic keys with which access to the secrets is controlled, if they are indeed not in Russia). With his public utterances controlled, it would also be easier to prevent him blurting out facts that would undermine the story of an innocent whistleblower acting purely on his own initiative. Certainly his arrival and stay in Moscow (with a year's temporary residence granted speedily by the authorities) did not allay suspicions. Snowden's lawyer, Anatoly Kucherena, is a notable public figure, and founder of the Institute of Democracy and Cooperation, a pro-Kremlin think-tank which aims to counter Western propaganda on human rights. He is on the 'Public Council' (a kind of advisory board) of the FSB, Russia's domestic security service.
Snowden's life in Moscow is shrouded with secrecy. He has a job, but nobody knows where. Barring a brief, staged meeting with journalists and activists at Moscow airport, he sees only his supporters. He has not given a proper press conference or opened himself to any form of scrutiny (odd behaviour, some might think, for an apostle of transparency). Nobody knows where he lives. None of this inspires confidence in the idea that he is a free agent. It supports the theory that he is a Russian one. Fitzpatrick has identified the background to one of the rare photos issued of Snowden in Moscow: on the basis of the distinctive striped pavements, the logo on a supermarket trolley he is pushing, and other visual clues it is, she believes, a shopping centre in Yasenevo, near Russia's Foreign Intelligence Service headquarters.⁹¹

Conclusion
I have spent the past months watching many of my media colleagues canonise Edward Snowden. The picture of a lone campaigner fighting for freedom and exposing abuses was initially captivating. But it didn't square with my own knowledge of our security and intelligence services. He has damaged them hugely, without exposing abuses that justify the damage. The story also didn't fit my experience of Russia. From the available clues, and based on 30 years of looking at Soviet and then Russian intelligence and propaganda operations, my conclusion is that this affair has Kremlin fingerprints on it. They may be faint and smudged, but they are there.
The operation would have one of the most prized virtues in espionage—deniability. There is no smoking gun. Snowden is Snowden, Greenwald is Greenwald, Appelbaum is Appelbaum and the Guardian is the Guardian. All the components of the operation exist in authentic form in the West. All it required were some gentle nudges to put them together. How that happened may never be told. Perhaps a thorough and truthful account of events from Snowden himself might give some clues: who were his friends in those years between Geneva and Hawaii? What was he doing in India? How did he really first come in contact with Appelbaum and Poitras? How exactly did he end up in Moscow? Who has been looking after him there and under what conditions? How did he choose what to steal and why? And what control does he have over the selection of documents to be released? Such an account is unlikely to be available soon, if ever.
I freely admit that it is possible that Snowden conceived his plan on his own, and with honourable if mistaken motives. It may well be that his allies are without exception enthusiastic and careless but not actually malevolent. It may be that Russia has watched the whole affair with bemusement, was reluctant to offer asylum, and is eager for him to leave. It is possible that Vladimir Putin is entirely sincere, if ineffective, when he says he wants no damage to be done to America as a result of Snowden's sojourn. It is all possible. But unlikely. At any rate I find it scandalous that Snowden's defenders are so blithe about his arrival and stay in Moscow. People who are so highly (and I would say unreasonably) suspicious of Western governments become bizarrely trusting where the interests and abilities of Vladimir Putin's regime are concerned.
Even if Russian intelligence is not involved, I cannot see the heroic virtues in the Snowden affair which others have celebrated. Nobody has proved that the NSA or GCHQ committed grave and deliberate breaches of the law. In the big scandals of the 1960s, the FBI illegally bugged American citizens and tried to blackmail the government's political opponents. For example, it wanted to make Martin Luther King commit suicide, by threatening him with the exposure of his adultery. No comparable examples have been produced now, and I do not believe any will be. Nobody has produced individual victims of illegal NSA activity. There is no evidence of wilful, systematic breaches of the law by the NSA, or of contempt within its ranks, at any level, for judicial and legislative oversight. There is no modern counterpart of J Edgar Hoover, the brooding madman who brought the FBI to its darkest hour.
Without such evidence of wrongdoing, Snowden and his allies have no moral authority for their actions. These include colossal breaches of secrecy and trying to paralyse or destroy one of the most important limbs of national security: tantamount to sabotage. Nobody elected them. Their decisions are irreversible and not subject to appeal. Nobody will sack them if they make a mistake. What right do they have to determine who is, as they put it, 'innocent'? What rights do the accused have in this public show trial, and how can they defend themselves?
The charge sheet I have listed is long. How can a mere media outlet have the expertise to know if stolen secrets can be safely published? Even if it chooses not to publish them, how can it have the expertise to store them safely? Why do they take official guidance seriously in the case of how to prevent the gravest damage, but ignore the general principle that state secrets should be kept, not stolen?
The Snowden affair is indeed a story of secrecy and deception—but not on the side of the intelligence agencies. Far too little attention has been paid to the political agendas of the Snowdenistas. They cloak their beliefs in the language of privacy rights, civil liberties and digital freedoms. But the ardent Snowdenistas part company with most of their fellow citizens over the issue of whether an elected, law-governed government has the right to keep and defend its secrets. Some of them dislike all intelligence and security agencies on principle. By international standards, American scrutiny of its intelligence and security agencies is unusually detailed and robust. Yet anti-Americanism seems to blind the Snowdenistas to this vital point.
The NSA, GCHQ and other agencies, their political masters and their judicial and legislative overseers have undoubtedly made mistakes. Far too much is classified, at far too high a level. Far too many people have security clearances. The administration of these clearances has become an industry, rife with cronyism, bureaucracy and incompetence. If one proceeds on the basis that anything remotely useful to the enemy should be a secret, then everything ends up classified and nothing is really secure. It is far better to classify selectively and effectively. 'Contractorisation', as Americans term it, may save money and increase flexibility, but it also invites abuse, carelessness and leaks. It is better to have a small, lean and secure intelligence organisation, entirely in the public sector, than a large public-private hybrid that leaks.
The single biggest lesson of the whole Snowden fiasco is that America's own sloppiness made it vulnerable: whether to misguided whistleblowers, saboteurs or foreign spies is secondary. The intelligence agencies and their political and judicial overseers also need to do a much better job of explaining what they do and why. The best defence against a Snowden-style leak is a broad national consensus that the agencies are to be trusted and that the measures they take are necessary. Sweden is exemplary in this respect.
It is important not to concentrate the defence case too narrowly on terrorism. That is a grave threat, but not the only one. Invoking the attacks of September 11th 2001 as justification for everything the NSA does can be a powerful defence, but it wears out with over-use. It invites pointed questions, like how many terrorists did you catch by trawling meta-data? The answers may be elusive. It is much better to justify intelligence operations on a broad, prudential basis. A country like America faces a lot of threats and they are constantly changing. Good intelligence capabilities provide a well-stocked tool-kit for dealing with them. The traditional reluctance to discuss sources and methods, for fear of rendering them useless in future, is well founded. But in an atmosphere of suspicion, it is not wholly sustainable. Grim silence is not going to restore public trust. It may be necessary to sacrifice some degree of secrecy about past operations in order to win the backing needed for future ones.
Dissent within the espionage world needs to be better managed. Intelligence agencies are meant to be good at handling people. If your internal culture is strong and expert enough to recruit and run agents, it should be capable of managing your own staff too. If problems cannot be dealt with, the individual concerned must be smoothly eased into other employment. Former intelligence officers who express their discontent publicly do not automatically deserve to be hounded. To be sure, some self-proclaimed whistleblowers have ended their careers with well-deserved disciplinary sanctions. Others seem to have gone slightly mad. But the literal-minded and sometimes vindictive-seeming approach of prosecutors and investigators stokes the mistaken impression that the intelligence agencies are out of control and persecute dissidents.
The oversight of the intelligence agencies needs to change. FISA court judges should be appointed by the whole Supreme Court, not just by the chief justice. The court's work is necessarily secret, so it must have the broadest possible political support. It also needs a public defender or privacy advocate, with a high security clearance, to challenge the agencies' contentions in individual cases, in the adversarial tradition of American justice. Senior officials must be seen to take responsibility for their mistakes. General Keith Alexander, the head of the NSA, should have resigned as soon as the scale of the breach became apparent. The organisation in which this happened—too big, too commercial, too secretive, too vulnerable—was his creation. If this is indeed, as officials plausibly maintain, the worst intelligence disaster in American history, someone must be seen to take personal responsibility. General Clapper too should resign, for having misled Congress, however inadvertently. The strongest argument in rebutting Snowden's claims is that the existing system already works and that its shortcomings are not so grave that they require huge breaches of secrecy to galvanise reform. That contention will be more widely accepted if individuals who break the rules then visibly take the consequences.
Finally, it is tempting to see intelligence failures in a tidy, narrow context: a failure of procedure here, a flawed personality there. But they usually reflect broader problems: an agency or a country which cannot attract the necessary loyalty. From this point of view, the Snowden fiasco exemplifies not only problems inside America, but also in its relations with the rest of the world. Spying on allies is a mere irritant when those alliances are strong. When they are weak, it becomes a source of incendiary rows. In Brazil, Indonesia, Mexico, Germany and many other countries, America no longer enjoys the image it once had. Relationships have decayed; trust has ebbed. This is not a new problem. George W Bush's administration made a bonfire of American soft power with its botched war in Iraq. In different ways, the Obama administration's remote, chilly and arrogant style has compounded the damage.
The rush of secret material into the public realm has distracted opinion from the real issues: motives, benefits and damage. In the best case, Snowden is a misguided whistleblower and his allies are merely reckless and naïve. By whatever mixture of luck and skill they have successfully safeguarded the most damaging and sensitive material and it will never reach our enemies. The public debate is better informed. He has delivered, perhaps, some salutary shocks.
If so, all that comes at a great cost. We have lost capabilities built up with great expenditure of time, money and skill. Our alliances are strained and our standing in the world has suffered. The price is too high.
The nightmare is that the truth is far worse: Snowden is a pawn in a hostile and continuing intelligence and information-warfare operation, with allthe extra damage which that implies. Either way, Snowden's actions are no cause for comfort, let alone celebration.

Notes
1 Of which he has won several, including from the Washington Post.
2 Often attributed to Lenin, this apocryphal saying was used in Cold War days to describe Westerners who helped the Soviet Union through their naïveté.
3 Partial exceptions include the Business Insider website which has run a series of articles by Michael Kelly, such as
http://www.businessinsider.com/everything-we-know-about-snowden-leaks-2013-11
Two people who have really followed up this story are Catherine A Fitzpatrick in her 'Wired State' blog (see http://3dblogger.typepad.com/wired_state) and John Schindler at 20comittee.com; I gratefully acknowledge my debt to both.
4 When the ex-communist countries joined NATO, the alliance was so concerned about offending Russia that it initially decided not to make any plans to defend them. This changed after the war in Georgia in 2008, thanks to the Obama administration. I revealed the decision to draw up the plans in January 2010: see
http://www.economist.com/node/15268095
5 To be published by Bloomsbury in 2015.
6 http://www.lawfareblog.com contains excellent analysis of these issues, especially by Benjamin Wittes. See also http://www.nytimes.com/2014/01/18/us/politics/obama-nsa.html
7 http://www.langerresearch.com/uploads/1155a5NSAandSnowden.pdf.
Another poll of young Americans shows a quarter backing Snowden, a quarter condemning him, and fully a half undecided:
http://www.economist.com/news/united-states/21592654-revelations-about-cyber
-espionage-dismay-barack-obamas-most-loyal-fans-snooper-blooper
8 See for example http://www.dni.gov/files/documents/1118/CLEANEDPRTT%
202.pdf
9 http://www.npr.org/blogs/thetwo-way/2014/01/09/261079074/nsa-says-it-would
-welcome-public-advocate-at-fisa-court
10 'Snowden—myths and misapprehensions' by Nigel Inkster, IISS, 15 November 2013,
http://www.iiss.org/en/politics%20and%20strategy/blogsections/
2013-98d0/november-47b6/snowden-9dd1
11 See http://www.lawfareblog.com/2014/01/a-game-changing-ruling-in-the-no-
fly-list-case.
It is worth noting that the plaintiff, a foreigner contesting the Department of Homeland Security's decision to put her on a no-fly list, launched her lawsuit well before the Snowden revelations, and seems to be heading for vindication.
12 The claim was first made in his video interview on June 10th, available at:
http://www.theguardian.com/world/video/2013/jun/09/nsa-whistleblower-edward-
snowden-interview-video
and elaborated here:
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-
data
13 'Top-Secret Document Reveals NSA Spied on Porn Habits as Part of Plan to Discredit "Radicalizers"',
http://www.huffingtonpost.com/2013/11/26/nsa-porn-muslims_n_4346128.html
14 'In 2009, NSA Said it Had a "Present Example" of Abuse Similar to Project Minaret',
http://www.emptywheel.net/2013/11/27/in-2009-nsa-said-it-had-a-
present-example-of-abuse-similar-to-project-minaret
15 A collection of documents on these and other past intelligence abuses can be found at
http://www.maryferrell.org/mffweb/archive/docset/getList.do?docSetId=1014
16 Inkster, see n10 above
17 http://xark.typepad.com/my_weblog/2014/01/if-the-nsa-freaks-you-out-you-
still-use-google-you-are-an-idiot.html
18 In his novel 1984, George Orwell wrote of a system of screens in every dwelling: 'there was of course no way of knowing whether you were being watched at any given moment … you had to live … in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinised' (pp 4-5 in the Penguin edition).
19 From July 2014, for example, Russian ISPs may be obliged to store records of all data and users' activities for a period of 12 hours, providing direct and immediate access by the FSB. This will be a costly burden on the ISPs, and will also raise security concerns. Andrei Soldatov and Irina Borogan, a brave husband-and-wife couple, have tried their best to write about the Russian security state. I strongly recommend their website, agentura.ru, and their book The New Nobility (Public Affairs, 2011).
20 http://www.lemonde.fr/international/article/2013/12/10/adoption-definitive-de-
la-controverse-loi-de-programmation-militaire_3528927_3210.html ;
http://www.theguardian.com/world/2013/dec/11/french-officials-internet-users-
real-time-law
21 See http://www.spiegel.de/international/germany/cover-story-how-nsa-spied-
on-merkel-cell-phone-from-berlin-embassy-a-930205.html ;
http://www.spiegel.de/international/world/angry-european-and-german-reactions-
to-merkel-us-phone-spying-scandal-a-929725.html ;
http://www.spiegel.de/international/world/trans-atlantic-relations-threatened-by-
revelations-of-mass-us-spying-a-908746.html
See also Anton Troianovski, 'Germany to Boost Anti-Spy Efforts', Wall Street Journal, November 20, 2013,
http://online.wsj.com/news/articles/SB1000142405270230479170457
9209740311164308 ;
Anton Troianovski, 'Germany Warns of Repercussions from U.S. Spying', Wall Street Journal, October 28, 2013,
http://online.wsj.com/news/articles/SB1000142405270230420080457
9163760331107226
22 Albeit a largely symbolic one: it had not actually been used since 1990:
http://bigstory.ap.org/article/germany-nixes-surveillance-pact-us-britain
23 http://online.wsj.com/article/SB95326824311657269.html
24 French electronic intelligence is formidable and operates with what some might think rather scanty oversight. See http://www.nytimes.com/2013/12/15/world/europe/france-broadens-its-
surveillance-power.html ;
http://www.nytimes.com/2013/07/05/world/europe/france-too-is-
collecting-data-newspaper-reveals.html
25 In Germany's case, this sometimes happens in a way that might be seen as questionable. The Nazi past creates particular obligations to countries and people who suffered horribly at the hands of the forebears of modern Germans. As a result, Germany is a loyal friend of Israel. It lobbied strongly to bring Poland into the EU. It has pursued a long and (in recent years) largely futile attempt to seek a close relationship with Russia. But it also owes a special debt to the Baltic states—three small countries which Nazi Germany consigned to the meat-grinder in its secret deal with Stalin's Soviet Union in the spring of 1939. The Baltics regained their independence only in 1991. But Germany decided to put its relations with Russia ahead of any other bothersome business with small countries. It even recruited Estonia's top defence official—in tacit collaboration with Russia's Foreign Intelligence Service—in order to find out what Britain and America were up to in the Baltic region. I write about this at length in my book Deception.
26 http://www.spiegel.de/politik/deutschland/strategische-aufklaerung-
bundeswehr-belauscht-die-welt-a-575417.html
27 Julian Lindley-French, 'What U.S. Intelligence Really Says About Europe', http://lindleyfrench.blogspot.co.uk/2013/10/what-us-intelligence-
really-says-about.html
28 Greenwald reveals his naïveté and ignorance in a television interview, available at http://www.svt.se/nyhetsklipp/nyheter/article1669193.svt. The other material he published can be found at http://www.svt.se/ug/read-all-articles-in-english
29 For a detailed look at Greenwald's rhetorical style, see
http://m.dailykos.com/story/2013/03/08/1192256/-The-Final-Word-on-Glenn-
Greenwald
30 Sources have named the air-defence headquarters, the military command centre and the FRA (signals intelligence) headquarters.
31 http://www.thelocal.se/20131105/sweden-pulled-plug-on-france-spy-
satellite-report
32 Keir Giles, 'Cyber Attack on Finland is a Warning for the EU', Chatham House, November 8, 2013,
http://www.chathamhouse.org/media/comment/view/195392.
The National Police Commissioner Mikko Paatero noted that 'we cannot follow signals in Finland or travelling through Finnish cables … but others can do it for Finland. In my opinion it's a little bit embarrassing that we can hear from somewhere else about what is happening here.' Finland now wants stronger powers to protect itself. See http://yle.fi/uutiset/finnish_police_want_web_snooping_powers/6923309 and http://yle.fi/uutiset/defence_minister_police_and_defence_forces_to_get_wider_
web_powers/6914546?origin=rss
33 http://www.thelocal.se/20131108/swedes-not-worried-about-internet-
surveillance-survey
34 http://theworldoutline.com/2013/10/everyone-spying-brazil
35 http://m.theage.com.au/federal-politics/political-news/australias-reputation-
in-indonesia-hits-new-low-20131123-2y2k2.html ;
John Schindler, 'Snowden's Thunder Down Under', The XX Committee, November 21, 2013,
http://20committee.com/2013/11/21/snowdens-thunder-down-under ;
http://www.abc.net.au/news/2013-11-18/australia-spied-on-indonesian-
president-leaked-documents-reveal/5098860 ;
http://www.smh.com.au/federal-politics/political-news/australias-reputation-
in-indonesia-hits-new-low-20131123-2y2k2.html
36 See (in English) http://www.dagbladet.no/2013/12/17/nyheter/samfunn/
politikk/utenriks/overvaking/30877258
37 This judgment by an American district court judge, Richard Leon, outlines the legal controversies around the Fourth Amendment and previous Supreme Court decisions on expectations of privacy, etc: https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0851-48
38 'NSA slides explain the PRISM data-collection program', Washington Post, June 6, 2013,
http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-
documents.
Already in 2005 the New York Times revealed how the Bush administration had secretly authorised the NSA to eavesdrop on communications within the country (of Americans and others), without specific court authorisation. This sparked a big discussion inside America, but little controversy abroad. See 'Bush lets U.S. spy on callers without court',
http://www.nytimes.com/2005/12/16/politics/16program.html?pagewanted
=print&_r=0
39 http://www.nybooks.com/articles/archives/2014/feb/06/three-leakers
-and-what-do-about-them/?pagination=false
40 The same questions could be posed of the programmes that collect satellite imagery (a subject which is still awaiting a devastating leak). American satellites are powerful enough to track an individual walking down the street, anywhere in the world (assuming it is a sunny day). Those who argue against the NSA's capabilities presumably want the satellites blinded too.
41 John Naughton, 'Edward Snowden: public indifference is the real enemy in the NSA affair', The Observer, October 20, 2013,
http://www.theguardian.com/world/2013/oct/20/public-indifference-nsa-
snowden-affair
42 See Greenwald's keynote,
https://www.youtube.com/watch?feature=player_embedded&v=
xEJIR0-KJu0#t=2537
43 http://www.channel4.com/programmes/alternative-christmas-message/4od
44 http://bobcesca.thedailybanter.com/blog-archives/2013/12/the-government-
is-definitely-not-watching-everything-we-do.html
45 Greenwald's hour-long keynote (delivered over video link) to the Chaos Communications Congress meeting in Hamburg gives an excellent account of his views. See
https://www.youtube.com/watch?feature=player_embedded&v=xEJIR0-KJu0
46 http://www.lawfareblog.com/2014/01/the-extent-of-the-snowden-disclosures.
The Washington Post piece is here:
http://www.washingtonpost.com/world/national-security/black-budget-summary-
details-us-spy-networks-successes-failures-and-objectives/2013/08/29/7e57bb78-
10ab-11e3-8cdd-bcdc09410972_story.html
47 http://www.theguardian.com/world/interactive/2013/jun/07/obama-cyber-
directive-full-text
48 http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-
g20-summits
49 http://www.scmp.com/news/hong-kong/article/1260306/edward-snowden-
classified-us-data-shows-hong-kong-hacking-targets
50 http://blogs.wsj.com/chinarealtime/2013/11/15/china-wants-greater-
internet-control-public-opinion-guidance; http://online.wsj.com/news/
articles/SB10001424127887324807704579082940411106988
51 In 1996, the US made up over 66% of the world's online population, whereas in 2012, it accounted for only 12%. 'State of the Internet in Q3 2012', comScore, December 5, 2012,
http://www.comscore.com/Insights/Presentations_and_Whitepapers/
2012/State_of_the_Internet_in_Q3_2012
52 In November 2013, a Russian official delegation in America chastised their hosts on this issue:
http://voiceofrussia.com/2013_11_15/US-ready-to-discuss-cyber-security-
with-Russia-Ruslan-Gattarov-6191/?print=1
53 http://www.washingtonpost.com/investigations/us-intelligence-mining-
data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/
06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html?hpid=z1;
http://techcrunch.com/2013/06/06/google-facebook-apple-deny-
participation-in-nsa-prism-program.
Dropbox was also reportedly involved, but denied any knowledge: Larry Page and David Drummond, 'Official Google Blog', June 7, 2013,
http://googleblog.blogspot.de/2013/06/what.html
54 http://www.zdnet.com/the-real-story-in-the-nsa-scandal-is-the-collapse-
of-journalism-7000016570;
http://news.cnet.com/8301-13578_3-57588337-38/no-evidence-of-nsas-
direct-access-to-tech-companies
55 https://blogs.technet.com/b/microsoft_blog/archive/2013/12/04/
protecting-customer-data-from-government-snooping.aspx
56 http://blogs.telegraph.co.uk/news/brendanoneill2/100252627/
whats-the-difference-between-a-whistleblower-and-a-mad-conspiracy-
theorist
57 'When Thinking Styles Collide: Silicon Valley, Congress and C.P. Snow's Two Cultures',
http://3dblogger.typepad.com/wired_state/2012/06/when-thinking-styles-
collide-silicon-valley-congress-and-cp-snows-two-cultures.html.
See also the follow-up post 'Who can be trusted',
http://3dblogger.typepad.com/wired_state/2013/12/who-can-be-trusted-
on-nsa-and-encryption.html
58 https://github.com/poppingtonic/greenwald-30c3-keynote/blob/master/
transcript/transcript.md
59 Inkster, see n10, above
60 Hamburg speech:
https://www.youtube.com/watch?feature=player_embedded&v=xEJIR0-KJu0
61 This training slide exemplifies the law-governed approach, showing exactly what NSA officials should do if and when they come across Americans' data:
http://apps.washingtonpost.com/g/page/national/whats-a-violation/391
62 http://www.washingtonpost.com/blogs/fact-checker/post/james-
clappers-least-untruthful-statement-to-the-senate/2013/06/11/
e50677a8-d2d8-11e2-a73e-826d299ff459_blog.html
63 http://www.washingtontimes.com/news/2013/sep/12/us-spy-
congress-rein-in-nsa-domestic-snooping/?page=all
64 He is excoriated here by the former British MP Louise Mensch:
http://unfashionista.com/2013/12/04/has-alan-rusbridger-exposed-
names-of-thousands-of-gchq-personnel
65 In John le Carré's novel The Russia House the plot revolves around a brilliant and successful attempt to make British intelligence hand over its crown jewels: the list of what it most wants to know about Russia.
66 This caustic piece in the National Interest, by former CIA officer David Gioe, outlines well the damage to American intelligence's reputation—and effectiveness:
http://nationalinterest.org/article/tinker-tailor-leaker-spy-the-future-
costs-mass-leaks-9644?page=show
67 http://www.huffingtonpost.com/2013/08/19/glenn-greenwald-uk-
secrets-britain-detains-partner_n_3779667.html.
Greenwald said later that his remarks, in Portuguese, were not meant to be construed this way. But he has given little reason to doubt the sentiment.
68 Paul Pilar has argued this well in the National Interest:
http://nationalinterest.org/print/blog/paul-pillar/leaks-irresponsible-
press-9633
69 http://news.bbc.co.uk/1/hi/special_report/1999/09/99/britain_
betrayed/451366.stm
70 The Communist Party of Great Britain played a leading role in CND in the 1970s, when the organisation was largely moribund. CPGB member Dr John Cox was chairman of the CND for seven years during this period. According to ex-MI5 desk officer Cathy Massiter, CND was regarded by the Security Service not as a Communist front organisation but as a Communist-penetrated organisation. Individual pro-Soviet Communists held key positions. Bruce Kent, general secretary of CND, said at the 38th Congress of CPGB in November 1983: 'We owe a debt of gratitude to the Morning Star newspaper, which has given steady, honest and generous coverage to the whole disarmament case. I do not believe we [i.e. the Communists and the CND] are so very far apart on many of the major issues. We are partners in the cause for peace in this world' (Morning Star, November 14, 1983, emphasis added). A good account of the one-sided nature of the CND campaign, together with fully sourced details of its links with the left, including the Soviet front network, is set out in Paul Mercer's book 'Peace' of the Dead (Policy Research Publications, 1986).
For details, see the website of Julian Lewis MP, for example this letter:
http://www.julianlewis.net/letters-in-the-press/3199:yes-the-cnd-was-
pro-soviet-108; and
http://www.julianlewis.net/letters-in-the-press/3158:cnd-cannot-rewrite-
history-67; as well as
http://www.julianlewis.net/selected-news-cuttings/3530:moscow-gold-
and-the-cpgb-47 and
http://www.julianlewis.net/selected-news-cuttings/3601:gorbachevs-
view-of-the-ss20s-2
71 http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//
NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&
language=EN
72 http://www.washingtonpost.com/world/national-security/verizon-
providing-all-call-records-to-us-under-court-order/2013/06/05/98656606-
ce47-11e2-8845-d970ccb04497_story.html
73 Secrets and Leaks: The Dilemma of State Secrecy (Princeton, 2013).
74 http://arstechnica.com/tech-policy/2013/06/exclusive-in-2009-ed-
snowden-said-leakers-should-be-shot-then-he-became-one
75 Interview with the author.
76 http://arstechnica.com/civis/viewtopic.php?p=503777#p503777.
He made two more contributions, one about a computer game in November 2011 and the other a rather cryptic one about a 'Dead Man's Switch' in May 2012:
http://arstechnica.com/civis/viewtopic.php?p=22878085#p22878085
77 http://articles.timesofindia.indiatimes.com/2013-12-04/india/44756015_
1_edward-snowden-information-security-koenig-solutions
78 http://news.yahoo.com/watchdog-faults-background-check-nsa-
leaker-235639806.html
79 http://www.reuters.com/article/2013/06/21/us-usa-security-snowden-
idUSBRE95K01J20130621
80 http://in.reuters.com/article/2013/08/15/usa-security-snowden-dell-
idINDEE97E0CE20130815
81 http://www.scmp.com/news/hong-kong/article/1268209/snowden-
sought-booz-allen-job-gather-evidence-nsa-surveillance
82 An excellent account of the muddled and extremist views of Assange, Greenwald and Snowden can be found at
http://www.newrepublic.com/article/116253/edward-snowden-glenn-
greenwald-julian-assange-what-they-believe
83 This is described in the 1989 classic The Cuckoo's Egg by Clifford Stoll. Fitzpatrick has a good blog post on the subject: see
http://3dblogger.typepad.com/wired_state/2013/08/the-chaos-computer-
club-and-links-to-wikileaks-assange-and-snowden.html
84 http://3dblogger.typepad.com/wired_state/2013/07/idiot-wind.html
85 A long and friendly account of the story, based on Greenwald and Poitras's account, can be found at
http://www.nytimes.com/2013/08/18/magazine/laura-poitras-snowden.
html?pagewanted=6&_r=0&pagewanted=all
86 http://streetwiseprofessor.com/?p=7524
87 https://web.archive.org/web/20130414223022/http://www.
lsjourney.com
88 http://3dblogger.typepad.com/wired_state/2013/08/surfs-up-or-
whats-up-hacker-convergences-in-hawaii.html
89 This theory is elaborated by Fitzpatrick at
http://3dblogger.typepad.com/wired_state/2013/11/the-crypto-kids-and-the-
rubiks-party-signal-to-snowden.html
90 http://www.kommersant.ru/doc/2263705 (in Russian).
See also Fitzpatrick's analysis at
http://3dblogger.typepad.com/wired_state/2013/08/edward-snowden-
partied-with-the-russians-in-hong-kong-on-his-30th-birthday.html
91 http://3dblogger.typepad.com/minding_russia/2013/10/how-to-find-
edward-snowden-in-moscow.html

Edward Lucas is a senior editor at the Economist. A former foreign correspondent with 30 years' experience in Russian and east European affairs, he is the author of, among other publications, Deception (2011), which deals with east-west espionage, and The New Cold War (2008), which gave warning of the threat posed by Vladimir Putin's Russia. He is a non-resident fellow at CEPA, a think-tank in Washington, DC. He lives in London and is married to the writer Cristina Odone. He tweets as @edwardlucas. The views expressed in this book are his alone.

NSA SECRETS

Saturday, September 13, 2014

NSA Medina Regional Security Operations Center SIGINT Conversion

NSA Texas Cryptology Center Expands

Sunday, February 16, 2014

INSIDE THE WEST'S GREATEST INTELLIGENCE DISASTER AT NSA