Arbitrary power is the great grievance of the Snowden camp. Who gave
the NSA and GCHQ the power to bug and snoop? The real answer to that is simple:
the elected governments and leaders of those countries, the judges and lawmakers
who have the constitutional authority to supervise intelligence services,
and the directors of the agencies in the exercise of their lawful powers.
You may not like the system. You may think it needs improving (I do). But
never in the history of intelligence has supervision been stronger. America
in particular stands out as a country that has taken the most elusive and
lawless part of government and crammed it into a system of legislative and
judicial oversight. Greenwald simply dismisses such arrangements. For those
in search of reform, he argues, 'the answer definitely does not lie in the
typical processes of democratic accountability that we are all taught to
respect'.58 Instead, he thinks the answer lies in international
pressure on America. Shame and destruction, not votes, laws and institutions,
bring about reform.
The question about arbitrary power actually deserves to be posed in the other
direction. What constitutional authority do the Guardian, Der
Spiegel or the New York Times have? What gives them the right
to leak their countries' most closely guarded secrets, obtained at vast expense,
and with the sacrifice of tens of thousands of man-hours? Even the most
passionate defenders of press freedom would hesitate to say that editors
are the supreme guardians of the national interest. And even the most
self-important editor would hesitate to claim omniscience. What expertise
do editors and journalists have in handling these stolen secrets? How can
they judge that a particular programme is worthy of exposure (rendering it
useless overnight and perhaps endangering those who have worked on it) and
that another can be spared the glare of publicity, at least for now and possibly
ever?
The publication of secret documents, without context or challenge, has a
pernicious effect on the debate that follows. As Inkster, the former British
spymaster now at the International Institute for Strategic Studies in London,
points out
Not even the NSA knows for certain how much information Snowden actually
stole. It is clear, however, that he could not possibly have read more than
a fraction of this material. It is equally clear that he did not understand
the significance of much of the material he did read and that the same was
true for the newspapers that published it. The resulting confusion and
misapprehensions that have taken hold within the media and shaped the public
debate about the NSA's bulk collection activities have not been effectively
challenged or rebutted by the US and UK governments for various reasons,
chief among which has been a desire not to create a damaging precedent by
responding to specific allegations regarding the activities of their intelligence
agencies. 59
As far as can be inferred from Greenwald's public statements (he declined
to respond to my requests for comment), his main aim is to make a splash.
Asked how he chooses which material to release, and which to withhold, he
answered:
We chose certain information we wouldn't disclose, eg what would help other
states improve their surveillance, or anything that NSA has gathered about
people (that would do the NSA's dirty work) or anything that would endanger
the lives of innocent human beings. We want to publish in a way that will
create the most powerful debate and greatest level of
recognition.60
That is a striking claim. Who is Greenwald to decide who is 'innocent' and
who is not? Are all employees of the NSA to be counted as 'guilty' of engaging
in 'dirty work'? And everyone who cooperates with them? Or only some? And
guilty of what? Is Greenwald the judge, jury and executioner of the careers
of public servants who have operated within the law, at the behest of elected
governments, and under the oversight of courts and lawmakers?
It is only a mild caricature to say that the presumption behind the leaks
is that the intelligence agencies in the West are the greatest threat to
freedom on the planet. As Inkster argues, 'for those who regard intelligence
services as inherently illegitimate or take the view that the US is the world's
number-one rogue actor, no counter-narrative will ever be convincing'. Such
fears may be the basis for a thrilling screenplay in a Hollywood movie, where
vast sinister forces are marshalled against a lone hero. But they are a poor
guide to real life.
One of the overwhelming impressions left by the leaked documents is, in fact,
of a painstaking approach to legality. The spies did not believe that what
they wrote would ever become public. Like other bureaucrats, they trumpeted
their achievements in the hope of scoring points and winning favour. That
comes across sometimes as chirpy or crass. But nothing revealed shows contempt
for judicial oversight or a wilful desire to evade it.61
The NSA and other agencies do try to work out what the maximum is that they
can do within the limits of the law. In some cases, they overstep the mark
and get slapped down, sometimes crossly, by the FISC or Congress; moreover,
individual officers of the agencies may knowingly break the rules. But the
fact that these breaches were recorded in internal agency documents (and
in the case of individual wrongdoing, disciplined) bespeaks adherence to
procedure, not a cover-up.
Moreover, to err is human: bureaucratic self-aggrandisement is common in
other branches of government too. Police officers sometimes intimidate suspects,
fake evidence or beat up protestors. Soldiers haze new recruits or commit
war crimes. Teachers and social workers abuse their power. (Even journalists
can be crooked, deceitful or brutal.) Intelligence officers make mistakes
too. It is true that the powers that the agencies enjoy mean that they must
be particularly vigilant against abuse. But the really striking thing about
the revelations to date (which are presumably cherry-picked to portray the
NSA and its allies in the worst possible light) is the conscientious, tame
and bureaucratic approach they reveal. It is true that the FISA court turned
down few requests from the NSA. But this does not prove that the court is
toothless. It reflects the fact that the NSA itself vets its own requests
to weed out those that are unlikely to gain approval.
The recklessness, damage, narcissism, and self-righteousness of the Snowden
camp do not invalidate all their aims. A debate on the collection and warehousing
of meta-data was overdue. Collected and scrutinised, meta-data can breach
privacy: if you know who called a suicide prevention helpline, or an HIV
testing service, or a phone-sex line, and from where and when, the content
of the calls matter less than the circumstances. These collections of meta-data,
it should be noted, are not only vulnerable to abuse by nosy spooks: they
are available in colossal amounts to private sector internet companies, some
of whom may protect them only lightly and use them with far greater freedom
than a bureaucrat.
More importantly in my view, the Obama administration has treated whistleblowers
with scandalous harshness, especially those from inside the intelligence
community. The hardest point for critics of Snowden is to explain what he
should have done with his worries had he chosen to stay within the system.
Genuine whistleblowers such as Thomas Drake, a senior NSA analyst, who believed
(rightly or wrongly) that they were exposing abuses within the agency, were
hounded and prosecuted under laws which would be rightly applied to spies
and traitors. They are now strong supporters of Snowden's chosen course of
action.
The Snowden revelations have also exposed the fact that senior officials,
particularly America's Director of National Intelligence, James Clapper,
have not been fully frank with Congress. He was asked in an open Senate
Intelligence Committee hearing in March: 'Does the NSA collect any type of
data at all on millions or hundreds of millions of Americans?' A correct
response would have been to give a boilerplate answer: data and meta-data
are collected within the law and further information would be available in
a closed session. Instead he answered 'No Sir'; when that response was queried,
he continued: 'Not wittingly … there are cases where they could
inadvertently perhaps collect, but not wittingly.'62 In a strict
sense that was true: phone records are not exactly 'data', and storing them
for future scrutiny is not exactly 'collecting'. The members of the committee
were aware of the programmes concerned, having been briefed on them in classified
sessions. The question was, in a sense, a trap, aimed at bouncing Clapper
into revealing more than he wanted. But for all that, as a member of the
executive branch, he is under a solemn duty not to mislead the
legislature—or to mislead citizens who are observing its questioning
of their government officials. For whatever mixture of motives or confusion,
he breached that duty. He apologised later, pleading confusion not deliberate
deceit. Though charges that he 'perjured' himself or deliberately lied to
Congress are an exaggeration, in his place I think I would have resigned.
Lawyerly definitions of terms such as 'data', 'collect' and 'abuse' have
allowed the NSA to stretch its remit in a way that some may now regard in
retrospect as excessive. But it has done so within the system, not outside
it. NSA officials (like their counterparts in GCHQ and allied agencies) are
not cowboys, brutes or madmen. They signed up to defend their country's freedoms,
not to undermine them. They tend to be sober, law-abiding types with a
punctilious regard for procedures. The dire state of their morale now is
a result of Snowden's disclosures. The consequences remain to be seen. The
dangers of abuse in a woe-struck agency may be greater than in one where
morale and corporate culture are healthy.
One can argue (and I would agree) that the NSA needs reform, that it has
become too big, too dependent on private contractors, too sloppy in its security
procedures, too hard to oversee and too slippery in its definitions of what
it may and may not do. All these shortcomings are cause for concern (though
not for panic) and are worthy subjects for discussion. As General Clapper
himself has admitted: 'As loath as I am to give any credit for what's happened,
which is egregious, I think it's clear that some of the conversations that
this has generated, some of the debate, actually probably needed to
happen.'63
It is hard to dispute that the public should be aware that the NSA has stretched
the definition of material 'relevant' to terrorism to include warehousing
the phone records of every call made or e-mail sent in America, and that
the agency has had serious rows with the FISA court. Thanks to Snowden, the
public now knows this. The modest reforms announced by President Obama on
January 17th are also a direct result of the Snowden leaks. But such benefits
need to be weighed against the costs. Nothing evinced so far justifies the
catastrophic damage that the Snowden leaks have done to national
security—the worst disaster in the history of American and British
intelligence.
Chapter Three: Damage Control
The mere whiff of a breach acts like nerve poison on intelligence agencies.
If you lose even a single document, or believe an unauthorised person has
had access to it, assumptions must be of worst-case scenarios. Assume that
the Russians learn that an outwardly boring Irish insurance broker in the
Ukrainian capital Kiev, for example, is actually an undercover officer of
Britain's Secret Intelligence Service. What will they be able to do with
that information? Will he be in danger? Will they able to find what agents
he is running? If so, they must be brought out: they risk arrest. Maybe the
agents are safe, but the operation cannot continue: in that case everyone
involved must be stood down inconspicuously. What about colleagues? Safe
houses? Dead-letter boxes? Another question is when the breach occurred.
Can one be sure that this was the first instance? How solid is the 'product'
(the intelligence obtained from the compromised network or individual)? Should
it be assessed or analysed differently? Is it possible that the adversary
used the breach to feed misleading information and then monitor the results?
The answers to these questions may be 'no'. But an experienced team of
counter-intelligence officers must ask them, find the answers, check and
double-check. The taint of even a minor breach must be analysed, contained
and cleaned.
If a single breach is a serious problem, two make a nightmare—particularly
if the missing material comes from different bits of the organisation. Documents
which may on their own be quite anodyne can be gravely damaging if they are
combined. Revealing an intelligence officer's cover name may be no big deal.
But combined with his previous travel, it could be the clue that gives the
adversary details of an operation. Multiple breaches increase the problem
exponentially. Each bit of compromised information must be assessed not only
on its own, but in relation to every other piece of data. As the numbers
mount, the maths becomes formidable. Four bits of information have 24 possible
combinations. Seven have 5,040. Ten have more than three million. If Snowden
has taken a million documents, the permutations that—in theory—need
to be examined exceed the number of atoms in the universe.
Snowdenistas dispute claims of colossal damage. Foreign intelligence services
in Russia or elsewhere do not and will not have access to the stolen material,
they maintain. But dealing with secrets is a highly technical and complicated
business. People build their careers on it. It requires elaborate procedures
to store the information, to set and administer levels of access, to monitor
who sees it, when, why and how, and particularly to authorise, log and track
any copies made. It requires specially built premises, and staff who must
be carefully recruited and trained and subjected to regular screening. The
whole setup—with its physical, bureaucratic and human
elements—involves regular checks, and possibly professional penetration
tests, in which expert outsiders are tasked with trying to break the security
systems. It is also designed to minimise the effects of any breach—for
example by seeding the data with tell-tales (to highlight if it is being
misused) or booby-traps (to act as a deterrent to malefactors). All of this
takes place in the knowledge that the world's most sophisticated intelligence
agencies regard other countries' secret data as a top priority.
Snowden's allies may be admirable journalists. But they do not have the
experience or resources to protect the information he has stolen. Their offices
cannot be made safe against electronic eavesdropping. They do not know how
to make their computers truly secure. The idea that the material is safe
because it is encrypted is shockingly naïve: it is child's play for
a sophisticated adversary to place malware on a computer, remotely and invisibly,
which logs every key stroke, and records everything that appears on the screen.
Such 'end-point vulnerabilities' render even the heaviest encryption pointless.
They can be delivered via a mobile phone or through an internet connection
(or by some other subtle and secret means). Snowden knows this. It is possible
that someone with his technical skills could keep the stolen data secure
on his own computers, at least for a time and if he does not switch them
on. But that becomes ever less likely over time.
Security becomes outright impossible when the material is handled by a team
of amateurs. How many people have access? Who has screened them? What are
their vulnerabilities—financial and psychological? Does anyone check
their bank accounts? Are any of them vulnerable to blackmail? Do they have
any training in avoiding 'social-engineering' attacks (such as impersonation)?
What about the use of force? What happens if someone becomes disillusioned
and leaves the team? A shocking example of carelessness came when Greenwald's
partner, David Miranda, was stopped while changing planes at London's Heathrow
Airport in August. His luggage included a number of 'thumb' USB drives and
electronic devices, carrying some of the Snowden trove (as well as, some
reports say, a password, apparently written on a bit of paper). Any public
official who carried secret data this way would be fired and then prosecuted.
A similarly sackable offence would be sending secret material across
international borders by a commercial courier company such as FedEx. The
editor of the Guardian, Alan Rusbridger, admits that he did just this,
and jokes about it on his Twitter profile.64 (Mr Rusbridger's
defenders say that the material was heavily encrypted and that both the sender
and receiver were third parties; he may feel that this ruse is fail-safe
but security professionals would not.)
It is hard to avoid the conclusion that Snowden conducted his activities
within the NSA in order to be as damaging as possible. Among the so far
unpublished material are (by the NSA's account) 31,000 files which show what
government customers asked the agency to find out about countries such as
China, Iran and Russia, and its assessments of how it could respond. These
'shopping lists' are among the most closely guarded secrets in any intelligence
agency. Once you know what the other side needs to find out, you can infer
what they already know.65
All this counts as primary damage: to the sources, methods and self-confidence
of an intelligence or security agency. But the ripples extend farther. A
spy agency's greatest asset is its reputation. Britain's MI6, for example,
enjoys free publicity from decades of films featuring James Bond. The real-life
business of intelligence has little to do with the stunts on screen. But
the brand helps attract able people to work as intelligence officers. A
reputation for integrity and skill also makes it easier to recruit sources.
If you are pondering whether to trust your life to a foreign country's spies,
you will want to have confidence in their ability to keep secrets. It is
hard to conceive of a definition of America's national interest that does
not include keeping secret the identity of foreigners who trust the country
with their views, secrets—and lives.66 But the Snowden fan
club, like the cheerleaders for WikiLeaks, takes no account of this. The
NSA and other agencies cannot assume that, as Snowden so blithely puts it,
there is a "zero chance" that adversaries have seen the stolen documents.
They have to work on the assumption that they have done, or eventually will
do so.
For all these reasons, the Snowden disclosures have had a catastrophic long-term
effect on British and American intelligence. As I have explained above, even
the threat of a breach is enough to endanger an intelligence operation. But
publishing secrets in the media introduces a whole extra level of risk. It
is bad enough if the Chinese and Russian intelligence services have knowledge
of (or access to) the programmes compromised by Snowden. But when they are
actively publicised, even the dimmest and worst informed terrorist, anarchist
or criminal gets the message. Capabilities that work when deployed stealthily
become useless once everyone knows about them. Once you learn that a computer
screen can be read from far away through an open window, you draw the curtains.
Once you know that a computer can plant malware on a mobile phone, or vice
versa, you start keeping mobile devices in a lead-lined box. To be sure,
the agencies will develop new capabilities. But if your navy has been sunk,
it is little comfort to be told that you can always build another one. What
are you going to do in the meantime?
The pleas of the Snowden-friendly media that they screen the material before
publishing it cut little ice. It is nice of them to take advice, in some
cases, from government security sources about disclosures that might be
particularly damaging, and even to refrain from making them. Many of the
more responsible media outlets have partially redacted the documents they
have published, at least protecting the names of intelligence officers. But
that does not stop Greenwald from offering the same material elsewhere. His
petulant remarks after his partner Miranda was stopped at Heathrow Airport
did not suggest a responsible attitude to the secrets he guards. 'I will
be far more aggressive in my reporting from now. I am going to publish many
more documents. I am going to publish things on England too. I have many
documents on England's spy system. I think they will be sorry for what they
did.'67 Publishing secret documents is a grave responsibility.
Surely the justification should be to expose wrongdoing, not to satisfy personal
pique?
The damage was foreshadowed by WikiLeaks—a forerunner of the Snowden
disclosures. A German politician, Helmut Metzner, had to resign and faced
prosecution when he was outed as the anonymous source mentioned in a leaked
American diplomatic cable (he denied wrongdoing and charges of espionage
were eventually dropped). America's State Department has spent a great deal
of time and money trying to safeguard other individuals whose identities
have been wholly or partially exposed in the leaked cables. To be fair, in
the versions that WikiLeaks published initially, the names of interlocutors
were redacted. But a mixture of carelessness and ignorance meant that the
passphrase for the unedited versions of the cables became available. The
result is unlikely to have increased foreigners' willingness to meet and
speak frankly with American diplomats about even mundane matters.
When intelligence sources, as opposed to mere diplomatic ones, are put at
risk the damage is far greater. The stolen documents include the names of
many NSA and GCHQ officers. Some of them will have been posted abroad—and
may well have had sensitive contacts with locals. If their names and identities
become known, then anyone who has met them, say in China, Iran or Russia,
is in danger. Snowden says he will not release such material. So why did
he steal it in the first place? In any case, as I have argued above, he cannot
be sure that it will not leak out, given the amateurish way in which it is
safeguarded. That is a profound worry to existing sources, and a grave deterrent
to new ones. 68
The disclosures of espionage by American allies damage them too. Diplomatic
capital is consumed in issuing new assurances and tokens of friendship, as
Australia has had to do with Indonesia. Other agreements may be put on hold.
Trust is the most valuable commodity in espionage. Stolen secrets are fragile
and perishable commodities. The instinctive desire of every intelligence
officer and every spy service is to hoard, not to share. That preserves sources
and methods, and makes the next secret easier to obtain. Handing hard-won
material to a foreign partner is possible only when you believe that the
country concerned is at least as trustworthy as you are yourself. The NSA's
failure to keep its secrets has dented America's reputation as a trustworthy
partner.
The quite unnecessary damage caused by Snowden makes it hard to believe that
his aim was solely to expose wrongdoing. It looks far more likely that he
was trying to cripple the NSA and its allies, and to hurt America's standing
in the world. Taking a huge cache of documents, and in a way that largely
defies description, analysis or mitigation, is not the action of a patriotic
whistleblower. It is the behaviour of a saboteur. It is a sign of the desperation
now reigning in the NSA that some are willing to offer him an amnesty even
now, if he will only hand back the missing files. Nobody can be confident
that they have not been seen by others. But at least the agency will have
a clearer idea of what was taken, and how.
All this damage, of course, suits Russia. The NSA and other American and
allied intelligence and security agencies have been a prime target for the
Kremlin since even before the Cold War. The successes have been great: recent
triumphs include recruiting the heads of Soviet counter-intelligence at the
FBI (Robert Hanssen) and the CIA (Aldrich Ames). Signals intelligence in
the 'Five-eyes' alliance of America, Britain, Canada, Australia and New Zealand
has been a particular target. Western countries have shifted their attention
since the end of the Cold War. The reverse is not the case. The ten Russian
'illegals' arrested in America in June 2010 prompted a lengthy, disabling
and so far fruitless search within the NSA for the sources which at least
one of them was believed to have recruited there. Was Snowden's decision
to do what seems like deliberate damage to the NSA and America mere recklessness
and vindictiveness? Or was there another motive, conscious or unconscious,
in the background? No definitive answer to that is available on the evidence
presently available. But some historical examples are instructive.
Chapter Four: History Lessons
In the 1970s, the nuclear disarmament movement in the West was moribund.
People worried more about the energy crisis, militant trade unions, terrorism
and other issues. That began to change in 1977, when the Soviet leadership
launched a vigorous and successful public campaign in continental Europe
against the 'neutron bomb'—an American anti-tank weapon aimed at shoring
up the alliance's fragile conventional defences in Europe. The anti-nuclear
cause was fuelled further by the NATO decision in 1979 to place Cruise and
Pershing missiles in Europe in response to the Soviet deployment of the similar
SS20 missiles from 1977 onwards.
As the anti-nuclear movement mushroomed, the Atlantic alliance came under
huge strain. Ronald Reagan was seen in Europe as a warmonger and a cowboy.
Pro-American governments burned political capital fighting against seductive
if simplistic arguments. Surely it was better to have fewer nuclear weapons,
not more? Why not try unilateral confidence-building moves to defuse tension,
rather than escalate the risk of war by boosting arsenals further? 'Ban the
bomb', and the romantic eccentricity of the 'Women's Peace Camp' at Greenham
Common near London, had an appeal that the dry arguments for the status quo
could not match. Few went as far as the Spartacist League, with their hallmark
chant of 'Smash NATO! Defend the Soviet Union!' But the consensus in the
peace movement was that America was a bigger threat than the Soviet Union.
The Soviet Union's own role in the anti-nuclear movement is still unclear.
Defectors such as Stanislav Lunev (from Russia's GRU military intelligence
service) and Sergei Tretyakov (of the SVR foreign intelligence service) have
made sweeping claims. Academic studies have been more cautious. After Communism
collapsed, a senior member of Britain's CND, Vic Allen, unrepentantly admitted
to passing information to the East German Stasi.69 The Soviet Union financed
British and other communist parties, which played a role in the 'peace' movements
disproportionate to their tiny numbers.70
What is not in doubt is that CND and the like served Moscow's purpose. To
be sure, the campaigners said they opposed Soviet and Western nuclear weapons
alike. But the focus of their efforts was asymmetric: they could apply political
pressure to Western governments, political parties and institutions, whereas
their influence in the Soviet bloc was minimal. The Soviet Union enjoyed
conventional military superiority in Europe; demanding a 'nuclear-free Europe'
in effect meant accepting Soviet hegemony on the continent. 'Peace' was therefore
a big Soviet talking point in all international forums and discussions, both
from diplomats and from nominally independent but state-funded outfits such
as the World Peace Council.
Regardless of their direct or indirect involvement, the information-warfare
experts of the Soviet KGB were delighted with the divisive and distracting
effects the 'peace' movement was having in the West. Soviet decision-makers
relied on the anti-nuclear campaigners in the West to weaken and constrain
the resolve of governments there.
Their successors in the Kremlin now see a similar opportunity. Like the
anti-nuclear movement of the early 1980s, modern campaigners for privacy
and digital freedom see their own countries' flaws with blinding clarity,
and ignore those of the repressive regimes elsewhere. They manifest a corrosive
mistrust for their political leaders and public officials, to the point that
little said by governments carries any weight at all.
It is worth noting that the Snowdenistas go far beyond the anti-nuclear
campaigners in their thirst for damage. Disagreeing with your government's
actions is one thing. Sabotaging them is another. Imagine, for example, that
a British or American anti-nuclear activist got hold of the acoustic signatures
of his country's nuclear submarines. These signatures—the noise that
the vessels make under water—are among the most closely guarded of all
defence secrets. They are distinctive and almost impossible to change. Once
you know them, it becomes much easier to track a submarine and if necessary
destroy it. Submarines' effectiveness largely depends on their invisibility.
So publishing the acoustic signatures of the nuclear submarines would be
a simple and devastating way of making them useless—in effect, sabotage.
Such a move would cost the country concerned billions of dollars. It would
also tip the strategic balance in favour of countries whose nuclear deterrent
remained secret and effective. Even an anti-nuclear newspaper like the Guardian
would decry such a move. Yet in effect, that is what Snowden and his allies
have done. They have rendered ineffective some of their countries' most expensive
and sensitive defence capabilities, while leaving adversaries untouched.
Another lesson from the past concerns the scandal around the Echelon system
for collecting information regarding international telecommunications. It
was revealed in a series of leaks in the 1990s, eventually prompting a lengthy
report by the European Parliament.71 John Schindler, a former
NSA analyst who is now a professor at the Naval War College in Rhode Island,
sees a parallel. The exposure of Echelon, he believes, was an 'active measure'
by Russian intelligence, aimed at stoking distrust between America and its
European allies. Without access to classified information, that link is
unprovable. But the similarities are startling. Details of the programme
were divulged by a disillusioned NSA contractor, Margaret Newsham (who was
working for the defence company Lockheed). The story was highlighted by
campaigning journalists in the UK and in New Zealand. At first sight the
message seemed sensational. America and Britain, together with other close
allies, were spying on the rest of the world. They had a global network of
facilities which could intercept communications—in those days faxes
and telexes, as well as phone calls and the nascent internet. All this seemed
to be happening without public consent or political oversight.
The result was fury—especially as one of the journalists involved, Duncan
Campbell, claimed that the spying was not just for reasons of statecraft,
but also in pursuit of commercial goals. American companies were gaining
an unfair advantage over their rivals thanks to the muscle of their intelligence
services.
On closer scrutiny, the case largely fell apart. It was exciting to know
the code words for the programmes concerned, and to have the supposedly
top-secret locations listed, illustrated with maps, photographs and diagrams.
The silent fury of the intelligence agencies added another note of drama,
as did the self-righteous hysterics of European politicians.
Yet just as with the Snowden revelations, the disclosures were not in themselves
surprising. Britain's GCHQ and America's NSA exist to collect electronic
intelligence. It is hardly surprising that they strive to fulfil their missions.
Nor should their close alliance be a surprise. Britain and America have been
cooperating closely since the start of the Cold War (as anyone viewing a
James Bond film knows).
The details—the means, nature and extent—of those activities and
alliances are indeed secret, but for entirely understandable reasons.
Intelligence agencies, as explained above, like to keep the other side guessing.
Even seemingly unimportant information about budgets, spending plans, logistics
and premises can be useful to the adversary, at a potentially high cost.
A secret, once released, may be a shock to the unwitting. But a shock is
not necessarily a scandal.
Nor could anyone prove that anything revealed in the Echelon disclosures
was actually illegal. International law does not prohibit espionage. The
national laws of Britain, America and other countries gave (and give) the
intelligence and security agencies a remit, and set up a system of oversight.
The remit may be too wide, and the oversight too flimsy (or perhaps vice
versa: views differ), but these are matters for the political process to
resolve.
Perhaps the gravest charge was that America conflated commercial espionage
with statecraft. That would be shocking if true. It would be illegal under
American law. It would confer unfair advantages on the lucky US companies
that received intelligence titbits from the government, and disadvantage
their competitors. It would discredit America's reputation for fair dealing
in the eyes of the rest of the world.
It is impossible to prove a negative. Those who believe that the American
government and its corporate handmaidens (or Corporate America and its political
handmaidens) are capable of any kind of iniquity will not be disabused of
their convictions by mere denials, or the absence of facts to support them.
But the campaigners against Echelon produced a remarkably thin case to support
their contention. It is hardly surprising that American spies may target
foreign companies. As Jim Woolsey, the former CIA director, explained in
his newspaper article, they may be involved in bribery to gain an unfair
advantage, or be breaking sanctions. They may have employees with access
to state secrets, either now or potentially. Intelligence agencies are ingenious,
curious and adaptive: that is what they are paid to be.
But the gap between spying on foreign companies and handing their commercial
secrets to domestic ones is huge. And there is no evidence for it. The most
likely explanation for this absence of evidence is that nothing of the kind
is going on. Any programme of systematic intelligence sharing with the corporate
sector would be simply too risky to contemplate (as well as being wrong).
How would it be administered? Who would authorise the security clearances?
How much information could be disclosed? And what about the competitors,
who in litigious America would be likely to sue the government if they believed
they were losing out on access to valuable information collected at taxpayers'
expense?
American companies do get plenty of help from their government. They can
receive briefings from officials about political and economic conditions
abroad (as do executives from any country with an effective foreign service).
Favours may be given through indirect channels such as consulting firms,
or by hiring recently retired officials from the intelligence community.
Abuses do happen. But it is striking that none of the soi-disant whistleblowers
from the NSA or elsewhere, and no conscience-stricken corporate executive
anywhere, has given the slightest sign, hint or proof of any programme of
state-sponsored commercial espionage, either in the Echelon era or now. By
contrast, evidence abounds of such espionage by other countries, chiefly
China but also, notably, France.
In assessing the effects of Snowden's actions, it may help to imagine how
the whole thing could have been done differently. The overwhelming evidence
even from the cherry-picked documents released so far is that the NSA is
a bureaucratic and rule-bound organisation. So the first thing that an employee
or contractor should do when he encounters a breach in the rules is report
it. The NSA, like GCHQ, has a system for this. In America, the Intelligence
Community Whistleblower Protection Act of 1998 allows intelligence insiders
to disclose classified information concerning a 'serious or flagrant problem,
abuse, [or] violation of law' to members of congressional intelligence
committees. They are obliged to exhaust other channels first, including the
NSA's inspector general and the attorney general.
Snowden did not do that, largely because no such serious problem, abuse or
violation was taking place. As shown above, the NSA was acting within at
least the letter of the law, under congressional and judicial oversight,
in accordance with the instructions of an elected president. What Snowden
claims as motivation was the trajectory—that a future government would
abuse the collection programmes to create an Orwellian 'surveillance state'
which individuals would be afraid to challenge for fear of drawing attention
to themselves.
That is a political objection. So Snowden, even without disclosing classified
information, could have approached the lawmakers, especially in the Senate,
who have been publicly critical of what they see as the NSA's excessive reach.
He did not. He could have resigned from his job and applied for a job at
one of the many think-tanks and campaigns which worry about privacy in the
digital age. By providing stolen secrets he has certainly stimulated a far
more intense public debate than mere assertions of an ex-employee would have
done. But the quantity and quality of information stolen and published goes
far beyond anything necessary to start a debate. It looks more like material
for a global anti-American campaign.
Even without going through the legal channels available, Snowden could have
made it easy for people to defend him as a genuine whistleblower. He could
simply have taken and leaked the FISA court order showing that Verizon, the
American mobile phone company, has to routinely hand over its customers'
phone records.72 To be sure, this collection of meta-data is legal
and the order was a routine renewal of a programme which has been going for
years. But it was still shocking. People know that their phone companies
can do this (and may be glad about it: it helps locate stolen mobile phones).
They may be happy that police can analyse the data on a case-by-case
basis—for example to find out who has been present at a crime scene.
But there are reasonable grounds for worrying about a single government agency
creating an automatic, perpetual, searchable warehouse for all such information.
A handful of other documents released by Snowden come into a similar category
where a public interest defence would be plausible. If the NSA has indeed
been deliberately promoting faulty encryption software, or tweaking industry
standards, in order to make it easier to bug and snoop, that is a deplorable
and flawed policy. A patriotic American might well try to spare the blushes
of American companies who were put in an impossible position by a combination
of warrants and gagging orders, while finding some material that illustrated
the policy under which such measures were taken.
Had Snowden published such documents, he might well have been prosecuted.
American criminal justice officials do take a literal and stern view of the
law and (as I have pointed out above) this administration is particularly
and deplorably heavy-handed when it comes to dealing with whistleblowers.
But he would have had the strongest case for a public interest defence, or
a pardon if convicted. He would have been able to say truthfully that he
had sought to do the least possible damage to intelligence sources and methods,
and to the economic interests of the United States, and had focused his
disclosure on the secret aspect of the NSA's activities which most Americans
would find controversial. He could then have argued that any harm he did
by breaching his oath of secrecy was outweighed by the public good. He might
have faced prosecution and jail—but if he could prove that he had taken
nothing else but a limited set of documents, whose publication was embarrassing
but necessary and relevant, his defence, both in law and before public opinion,
would have been stronger. But he didn't.
In fact, his behaviour does not meet the most elementary tests for justifying
whistleblowing. Rahul Sagar, a professor at Princeton, has defined these
well in his new book Secrets and Leaks:73
First, a whistleblower must have clear and convincing evidence of abuse.
Second, releasing the information must not pose a disproportionate threat
to public safety. Third, the information leaked must be as limited in scope
and scale as possible. Snowden failed all three of these criteria. He has
not shown systematic abuse, only secrecy and mistakes. He has harmed and
weakened his country and its allies (indeed, for some Snowdenistas, this
is a stated aim). He has stolen far more information than was necessary to
make the case he purports to want to make. Why?
I have shown that the Snowden disclosures are heavily spun and damaging to
American and allied interests in a way that goes far beyond the purported
goals of promoting a debate about digital security. I have shown that this
damage benefits Russia. I have shown that Snowden's behaviour cannot be justified
as whistleblowing. For these reasons alone, he and his allies deserve
condemnation. But it is possible—though not proven—that something
more sinister than mere naïveté and carelessness is afoot.
Chapter Five: Our Man in Hawaii
To see the suspicious features of the story, examine the facts, as far as
they are known, about Snowden's journey into and out of the world of
intelligence. After incomplete formal education, he enlisted in the US Army
but left after a few months—having broken his legs in an accident, he
says. After joining the NSA as a security guard, he moved to Geneva to work
for the CIA there, under the cover of an attaché at the American mission
to the UN. This is a remarkably successful trajectory. Nobody has yet explained
whether he displayed previously hidden talents, had served somewhere else
to good effect, or benefited from powerful sponsors.
Some clues about his activities exist from posts he made on the Ars Technica
website and in related chatrooms, under the pseudonym
TheTrueHOOHA.74 His views seem muddled rather than treasonous.
He wrote of surveillance: 'we love that technology … helps us spy on
our citizens better.' He was furious with administration sources who leaked
classified information to reporters: they 'should be shot in the balls',
he wrote. But in February 2010 his views had changed. He wrote: 'Did we get
to where we are today via a slippery slope that was entirely within our control
to stop, or was it an relatively instantaneous sea change that sneaked in
undetected because of pervasive government secrecy?'
All this is odd (and not only because of his triple mixed metaphor). The
CIA does not encourage its officers to spend time in online forums mulling
the issues of the day or chatting about their private lives. The reason is
simple: it is a beacon to the other side. Intelligence officers work on their
targets with what is known in the trade as MICE—Money, Ideology, Coercion
and Ego. Any sign of an erratic personal life, of ideological dissatisfaction,
or of what psychologists call 'cognitive dissonance' offers an opening. If
the target is unhappy, wanting to behave one way but forced to do something
different, his mental stress can be exploited.
Russian intelligence keeps a close eye on the staff of adversary countries'
foreign missions. They are particularly interested in junior employees, trying
to spot which are just officials and which are intelligence officers. So
it is highly likely that the Russian intelligence rezidentura in Geneva
would have noticed the arrival of the young Snowden and would have spotted
his real job, working for the CIA. They also as a routine measure would have
tried to see what he did in his free time. They would have tried to monitor
his use of the internet on his unclassified home computer in the hope of
seeing a weakness—drugs, online sex, gambling—which might be a
potential avenue of approach. It is likely they would have identified him
as TheTrueHOOHA and observed his patchy work record, his erratic private
behaviour, and his voluble and increasingly dissatisfied stance online. According
to John Schindler, the former NSA analyst and specialist in counter-intelligence,
Snowden would have presented the perfect target to the Russians: 'intelligent,
highly naïve and totally uninformed'.75
The next question is how they could have approached him. Clearly an overt
approach would be risky and probably futile. Snowden showed no sympathy for
Russia. It is therefore likely that they would have used what in spy parlance
is called a 'false flag' operation. Russian intelligence, like the Soviet
KGB before it, has a particular expertise in this. During the Cold War, they
would identify disgruntled Western officials with strongly anti-communist
views. These people would have access to secrets and grievances—perhaps
because they were overlooked for promotion, or perhaps because they felt
their governments were not vigorous enough in resisting the Soviet empire.
The KGB officer would then make a delicate approach, showing no sign of any
East European connection, but pretending instead to be from South Africa's
intelligence service, the Bureau of State Security. The hapless Westerner
would think he was talking to a like-minded friend. Gradually he would be
coaxed into handing over small secrets, and eventually big ones. Once he
was past the point of no return, the case officer might identify himself
as KGB. Or he might maintain the ruse. Often it was only when (or if) the
breach was discovered that the Western official would realise that far from
helping a friend, he had betrayed his favourite cause to the worst enemy
imaginable. A similar kind of false flag operation in volved approaching
Jewish or pro-Israeli officials in the guise of a Mossad officer. The target
would be reproached for his country's half-hearted support for the Jewish
state and believe that he was helping its security by handing over vital
information.
The beauty of false flag operations is that they can be precisely tailored
to fit a target's initial vulnerability, and can then deepen and extend it.
They can go through multiple stages: one intelligence officer identifies
the first set of weaknesses, drawing up a detailed personality profile and
a thorough picture of the target's private life and interests. Then another
begins to exploit them. A third deepens the cooperation and a fourth turns
the screws hard. Only when it is far too late, if at all, does the victim
realise what is going on.
If the Russians indeed spotted Snowden as a potential target for recruitment,
the best false flag approach would have been in the guise of campaigners
for privacy and government openness. They would have been patient; carefully
massaging his ego and making him feel that he was a lone crusader for justice,
whose vindication would lie outside the system, not inside it. There is no
proof of this. But it would certainly help explain what happened later.
Snowden left the CIA in 2009 and moved to Dell, the computer hardware company,
working as a contractor at an NSA base in Japan. Two oddities stand out.
One is that he abruptly ceased posting material on Ars Technica, and contributing
to its chatrooms. His last substantive contribution read as follows:
It really concerns me how little this sort of corporate behaviour bothers
those outside of technology circles. Society really seems to have developed
an unquestioning obedience towards spooky types.
I wonder, how well would envelopes that became transparent under magical
federal candlelight have sold in 1750? 1800? 1850? 1900? 1950? Did we get
to where we are today via a slippery slope that was entirely within our control
to stop, or was it an relatively instantaneous sea change that sneaked in
undetected because of pervasive government secrecy?76
His views were getting more radical, not less. So why did he desist from
sharing them? One explanation would be that he was worried about attracting
the attention of his bosses or colleagues; another is that someone warned
him that this could be a danger. Such a break in a pattern of activity can
be a revealing clue in the counter-intelligence world. During the Cold War,
Britain's spy-catchers achieved some notable success following a tip-off
about readership of the Daily Worker. This was the Communist Party
newspaper (later renamed the Morning Star). People sympathetic to
Communism in the 1930s tended to be readers of the Daily Worker. But
if approached by Soviet intelligence officers, they would be told to stop
subscribing: it would be more useful to abandon overt Communist sympathies
and instead get jobs within the British establishment.
Many years later, this led to some useful breakthroughs. Diligent study of
newsagents' old records revealed people who had subscribed to the Communist
paper for some time and then stopped. Some of them indeed turned out to have
been active Soviet spies.
Along with Snowden's puzzling silence is another oddity: why did he give
up the CIA so quickly? Although he had long wanted to live in Japan, a glamorous
job involving intelligence operations in Geneva might seem more fun than
checking computers on a military base. One explanation for this could be
that Snowden was worried about the CIA's security screening. This involves
repeated polygraph (lie-detector) tests and can be quite intrusive. It might
reveal that he was hanging out with WikiLeaks sympathisers, for
example—which would mean a speedy end to his career. Repeat screening
for contractors to American intelligence (who make up an astonishing third
of the 1.4m people with top-secret security clearances) is bureaucratic and
onerous, but not so revealing. Another further explanation could be that
he realised that being a small cog in the CIA's station in Geneva did not
give him access to the secrets that would prove his contention of widespread
and sinister government misbehaviour.
The next oddity is that he left his job in Japan in September 2010 and visited
India for a week, ostensibly to attend a four-day course on ethical
hacking.77 India is far friendlier territory for Russian spies
wanting to talk to a source than somewhere like Japan or Switzerland. There
is no proof that this happened. But the trip does not quite make sense. Anyone
with a security clearance would normally have to seek permission to attend
such a course; it would be unlikely to be granted. It may be that procedures
for dealing with contractors at the base in Japan were sloppy: in 2011 a
background check on Snowden was improperly carried out.78 At any
rate, he did not declare this trip to his employers before or afterwards.
If he was indeed learning hacking skills, it would be interesting to know
why: the course was not needed for his job. If he went to India to meet someone,
that would be interesting too. Either way, the trip looks fishy.
Snowden moved to Hawaii, and in March 2013 took a job at an NSA contractor,
Booz Allen Hamilton. His new employer was worried by his resumé. It
seemed to have been padded with educational accomplishments which would have
been better described as aspirations.79 He was a systems
administrator, one of the unsung people who keep machines and software working
properly. The job has its drawbacks—but its boringness makes mischief
possible. Supervising people who are doing boring jobs is itself boring,
and is often done badly. But before gaining this job, Snowden was already
stealing secrets (at least as early as April 2012, American officials believe80).
He says he sought the Booz Allen job because it 'granted me access to lists
of machines all over the world the NSA hacked'.81 He seems to
have persuaded between 20 and 25 of his NSA colleagues to give him their
passwords and log-ins. If true—he has denied it—this is striking.
It is the behaviour of a spy, not a whistleblower. Why would someone who
wanted the best for his country, and reform of his agency, entrap colleagues
into a career-ruining blunder? (The people concerned have now, it seems,
been dismissed.)
For Russian intelligence, sparking an association between the disgruntled
Snowden and eager recipients of state secrets such as Glenn Greenwald the
blogger, Jacob Appelbaum the hacker, Laura Poitras the film-maker, and others
in that world of hacktivists and transparency campaigners would be a logical
next step. All were associated to varying degrees with WikiLeaks, which,
as I have shown above, was of great use to Russia (indeed its fugitive founder,
Julian Assange, now has a show on the RT state propaganda television
station).82 The hacker milieu is full of Westerners who are highly
suspicious of their own governments for tampering with what they regard as
the inviolable autonomy of the internet from any legal constraints. The KGB
certainly found it a fertile hunting ground in the 1980s, using German hackers
to steal NATO secrets in the days when online security was still
rudimentary.83
Such links and opportunities do not prove that any of the above-mentioned
people are conscious agents of the Russian state, and I am not accusing them
of that. (Snowden himself says the idea is 'absurd'.) But they do not need
to be. The example of the peace movement shows that given the right initial
direction and a favourable propaganda environment, political movements in
the West can serve the Kremlin's purpose without hands-on control. It would
not be hard for Russian intelligence to conceal an intelligence officer or
agent of influence somewhere in the background, or for that person to broker
an introduction between Snowden and his future allies.
The skimpy and confusing public accounts given so far leave plenty of room
for such suspicion. One question is when Snowden first started to steal secrets.
He joined Booz Allen Hamilton in March, but well before that he had offered
secret files to Poitras and Greenwald. Where did he get them and when? A
related puzzle is when Snowden first made contact with his future allies.
As the blogger Catherine A Fitzpatrick has noted, there are no fewer than
five dates given for his first contact with Greenwald.84 It does
not seem completely plausible that Snowden's first contact came only when
he started sending e-mails to Poitras in January 2013. Ostensibly, she then
persuaded Greenwald to install encryption software and take the mysterious
anonymous would-be source seriously (Greenwald had ignored previous e-mails
from Snowden, thinking he was a crank).85 But Appelbaum was in
Hawaii in March 2013 for a hacker conference, the SBoC (Spring Break of Code).
A bunch of other dedicated activists attended too, including Christine Corbett,
the pseudonymous hacker Moxie Marlinspike, and others. An American academic
and blogger, Craig Pirrong, conjectures that what really happened was this:
Snowden was in contact with Appelbaum first, and well before January 2013,
and Appelbaum directed Snowden to Poitras. It would be natural for a computer
geek and hacker like Snowden to know of, and to reach out to, Appelbaum.
Far more natural than to reach out to Poitras first. Under this conjecture,
the timing works out. Snowden, Appelbaum, and Moxie work out their basic
plan in late 2012 or early January 2013. Appelbaum activates the plan to
disseminate the information via Poitras by putting Snowden in touch with
her and near simultaneously Moxie initiates the SBoC to give him cover to
travel to Hawaii (and perhaps too a team of unwitting accomplices that could
help him cover his activities while there). They all converge in Hawaii a
couple of months later.86
The timing of Snowden's activities in Hawaii gives some support to that theory.
Lindsey Mills, his girlfriend of five years (but now abandoned), has deleted
her blog. But it is available on the internet archive via the Wayback
Machine.87 With some acute observation, Fitzpatrick notes that
Mills refers to her boyfriend disappearing off on a two-week trip on April
1st (Appelbaum's birthday is on or near April 3rd) and that she grumbles
mildly about having to be a taxi-driver to a lot of people—Appelbaum's
birthday guests, perhaps.88 (Ms Mills did not reply to an e-mail
seeking comment.)
Another puzzle is about Snowden's arrival in Hong Kong. According to the
account given, he told Poitras and Greenwald to wait outside a particular
restaurant at a particular time, until they saw a man carrying a Rubik's
cube. They were to ask him when the restaurant would open and he would reply
that the food was bad. That sounds sensible. Snowden would know what Greenwald
and Poitras looked like but they would need to know they were dealing with
the right source, not a plant or decoy. The Rubik's cube may have been signalled
in a mysterious and possibly coded tweet by Christine Corbett, a hacker friend
of Appelbaum's, about a 'Rubik's Cube party'.89
The next puzzle concerns Snowden's travels after he disappeared from work,
telling his employers that he needed treatment for epilepsy. If he were truly
keen to portray himself as a whistleblower, why did he fly to Hong Kong?
For anyone involved in American cyber-security, China is the biggest
threat—bigger even than Russia. Though autonomous in economic terms,
Hong Kong is firmly under the thumb of the Chinese authorities when it comes
to security. Assuming he was not in a hurry, he could have flown anywhere
he liked. Heading into Chinese jurisdiction—and promptly leaking details
of NSA operations against China to the South China Morning Post—looks
either like a deliberate snub to his former employers, or an act of boat-burning
desperation, or perhaps a quid pro quo to some other party. One report in
a Russian newspaper (denied by Snowden's American lawyer) says that once
in Hong Kong, he celebrated his 30th birthday at the Russian consulate, spending
two days there in all—mystifying behaviour for someone with his professed
ideals and motivation.90
It is possible that he was simply muddled and panicked. But for someone who
had years to hatch his plan, it seems odd that he would botch something as
important as the escape. Another (to me more plausible) explanation was that
he was bounced into seeking asylum in Moscow.
The first article based on Snowden's material (by Greenwald) appears on June
9th. Directly after that, Snowden disappears—apparently to stay with
friends in Hong Kong. But on June 11th, Putin offered him political asylum,
confirmed by the Kremlin spokesman, Dmitri Peskov. On June 13th America opened
a criminal case against Snowden, on charges of espionage, and warned other
countries not to accept him. The net rapidly began to close: Iceland, a country
which had been considered a likely destination, since its leftist government
is sympathetic to whistleblowers and transparency causes, said it could consider
asylum only if he actually arrived in the country.
America seems to have moved with deplorable slowness. It was not until June
20th that it issued an extradition request (though Hong Kong said on June
16th that it would entertain one). Snowden promptly went to the Russian
consulate. On June 21st, America revoked Snowden's passport. He flew to Russia
with another travel document—apparently one issued by the government
of Ecuador via its embassy in London, where the fugitive WikiLeaks founder
Julian Assange ekes out a claustrophobic existence. |