26 Dec 2013

NSA - 'one Library of Congress every 14.4 seconds'


From the Washington Post. Edward Joseph Snowden emerged at the appointed hour, alone, blending into a light crowd of locals and tourists. He cocked his arm for a handshake, then turned his shoulder to indicate a path. Before long he had guided his visitor to a secure space out of public view.
During more than 14 hours of interviews, the first he has conducted in person since arriving here in June, Snowden did not part the curtains or step outside. Russia granted him temporary asylum on August 1, but Snowden remains a target of surpassing interest to the intelligence services whose secrets he spilled on an epic scale.
Earlier this year, Snowden supplied three journalists, including this one, with caches of top-secret documents from the National Security Agency, where he worked as a contractor.
Dozens of revelations followed, and then hundreds, as news organisations around the world picked up the story. Congress pressed for explanations, new evidence revived old lawsuits and the Obama administration was obliged to declassify thousands of pages it had fought for years to conceal.
Taken together, the revelations have brought to light a global surveillance system that cast off many of its historic restraints after the attacks of September 11, 2001.
Secret legal authorities empowered the NSA to sweep in the telephone, internet and location records of whole populations. One of the leaked presentation slides described the agency's "collection philosophy" as "Order one of everything off the menu."
Six months after the first revelations appeared in The Washington Post and The Guardian, Snowden agreed to reflect at length on the roots and repercussions of his choice. He was relaxed and animated over two days of nearly unbroken conversation, fueled by burgers, pasta, ice cream and Russian pastry.
Snowden offered vignettes from his intelligence career and from his recent life as "an indoor cat" in Russia. But he consistently steered the conversation back to surveillance, democracy and the meaning of the documents he exposed.
"For me, in terms of personal satisfaction, the mission's already accomplished," he said. "I already won. As soon as the journalists were able to work, everything that I had been trying to do was validated. Because, remember, I didn't want to change society. I wanted to give society a chance to determine if it should change itself."
"All I wanted was for the public to be able to have a say in how they are governed," he said. "That is a milestone we left a long time ago. Right now, all we are looking at are stretch goals."


Weighing the risks
Snowden is an orderly thinker, with an engineer's approach to problem-solving. He had come to believe a dangerous machine of mass surveillance was growing unchecked. Closed-door oversight in Congress and the Foreign Intelligence Surveillance Court was a "graveyard of judgment," he said, manipulated by the agency it was supposed to supervise. Classification rules erected walls to prevent public debate.
Toppling those walls would be a spectacular act of transgression against the norms that prevailed inside them. Someone would have to bypass security, extract the secrets, make undetected contact with journalists and provide them with enough proof to tell the stories.
The NSA's business is "information dominance," the use of other people's secrets to shape events. At 29, Snowden upended the agency on its own turf.
"You recognise that you're going in blind, that there's no model," Snowden said, acknowledging that he had no way to know whether the public would share his views.
"But when you weigh that against the alternative, which is not to act," he said, "you realise that some analysis is better than no analysis. Because even if your analysis proves to be wrong, the marketplace of ideas will bear that out. If you look at it from an engineering perspective, an iterative perspective, it's clear that you have to try something rather than do nothing."
By his own terms, Snowden succeeded beyond plausible ambition. Accustomed to watching without being watched, the NSA faces scrutiny it has not endured since the 1970s, or perhaps ever.
The cascading effects have made themselves felt in Congress, the courts, popular culture, Silicon Valley and world capitals.
The basic structure of the internet itself is now in question, as Brazil and members of the European Union consider measures to keep their data away from US territory and US technology giants including Google, Microsoft and Yahoo take extraordinary step to block the collection of data by their government.
For months, Obama administration officials attacked Snowden's motives and said the work of the NSA was distorted by selective leaks and misinterpretations.
On December 16, in a lawsuit that could not have gone forward without the disclosures made possible by Snowden, US District Judge Richard Leon described the NSA's capabilities as "almost Orwellian" and said its bulk collection of US domestic telephone records was probably unconstitutional.
The next day, in the White House, an unusual delegation of executives from old telephone companies and young internet firms told President Barack Obama that the NSA's intrusion into their networks was a threat to the US information economy.
The following day, an advisory panel appointed by Obama recommended substantial new restrictions on the NSA, including an end to the domestic call-records program.
"This week is a turning point," said Jesselyn Radack of the Government Accountability Project, who is one of Snowden's legal advisers. "It has been just a cascade."
On June 22, the Justice Department unsealed a criminal complaint charging Snowden with espionage and felony theft of government property. It was a dry enumeration of statutes, without a trace of the anger pulsing through Snowden's former precincts.
Public enemy No. 1
In the intelligence and national security establishments, Snowden is widely viewed as a reckless saboteur, and journalists abetting him little less so.
At the Aspen Security Forum in July, a four-star military officer known for his even keel seethed through one meeting alongside a reporter he knew to be in contact with Snowden. Before walking away he turned and pointed a finger.
"We didn't have another 9/11," he said angrily, because intelligence enabled warfighters to find the enemy first. "Until you've got to pull the trigger, until you've had to bury your people, you don't have a clue."
It is commonly said of Snowden that he broke an oath of secrecy, a turn of phrase that captures a sense of betrayal. NSA Director Keith Alexander and Director of National Intelligence James Clapper, among many others, have used that formula.
In his interview with The Post, Snowden noted matter-of-factly that Standard Form 312, the classified-information non-disclosure agreement, is a civil contract. He signed it, but he pledged his fealty elsewhere.
"The oath of allegiance is not an oath of secrecy," he said. "That is an oath to the Constitution. That is the oath that I kept that Keith Alexander and James Clapper did not."
People who accuse him of disloyalty, he said, mistake his purpose.
"I am not trying to bring down the NSA, I am working to improve the NSA," he said. "I am still working for the NSA right now. They are the only ones who don't realise it."
Snowden grants that NSA employees by and large believe in their mission and trust the agency to handle the secrets it takes from ordinary people - deliberately, in the case of bulk records collection, and "incidentally," when the content of American phone calls and emails are swept into NSA systems along with foreign targets.
But Snowden also said he believed acceptance of the agency's operations was not universal. He began to test that proposition more than a year ago, he said, in periodic conversations with co-workers and superiors that foreshadowed his emerging plan.
Beginning in October 2012, he said, he brought his misgivings to two superiors in the NSA's Technology Directorate and two more in the NSA Threat Operations Centre's regional base in Hawaii.
For each of them, and 15 other co-workers, Snowden said he opened a data query tool called BOUNDLESSINFORMANT, which used colour-coded "heat maps" to depict the volume of data ingested by NSA taps.
His colleagues were often "astonished to learn we are collecting more in the United States on Americans then we are on Russians in Russia," he said. Many of them were troubled, he said, and several said they did not want to know any more.
"I asked these people, 'What do you think the public would do if this was on the front page?' " he said. He noted that critics have accused him of bypassing internal channels of dissent. "How is that not reporting it? How is that not raising it?" he said.
By last December, Snowden was contacting reporters, although he had not yet passed along any classified information. He continued to give his colleagues the "front-page test," he said, until April.
Asked about those conversations, NSA spokeswoman Vanee Vines sent a prepared statement to The Post: "After extensive investigation, including interviews with his former NSA supervisors and co-workers, we have not found any evidence to support Mr Snowden's contention that he brought these matters to anyone's attention."
Just before releasing the documents this spring, Snowden made a final review of the risks. He had overcome what he described at the time as a "selfish fear" of the consequences for himself.
"I said to you the only fear [left] is apathy - that people won't care, that they won't want change," he recalled this month.
The documents leaked by Snowden compelled attention because they revealed to Americans a history they did not know they had.
Internal briefing documents reveled in the "Golden Age of Electronic Surveillance." Brawny cover names such as MUSCULAR, TUMULT and TURMOIL boasted of the agency's prowess.
With assistance from private communications firms, the NSA had learned to capture enormous flows of data at the speed of light from fibre-optic cables that carried internet and telephone traffic over continents and under seas.
According to one document in Snowden's cache, the agency's Special Source Operations group, which as early as 2006 was said to be ingesting "one Library of Congress every 14.4 seconds," had an official seal that might have been parody: an eagle with all the world's cables in its grasp.
Each year, NSA systems collected hundreds of millions of email address books, hundreds of billions of mobile phone location records and trillions of domestic call logs.
Most of that data, by definition and intent, belonged to ordinary people suspected of nothing. But vast new storage capacity and processing tools enabled the NSA to use the information to map human relationships on a planetary scale. Only this way, its leadership believed, could the NSA reach beyond its universe of known intelligence targets.
In the view of the NSA, signals intelligence, or electronic eavesdropping, was a matter of life and death, "without which America would cease to exist as we know it," according to an internal presentation in the first week of October 2001 as the agency ramped up its response to the al-Qaeda attacks on New York and Washington.
With stakes such as those, there was no capability the NSA believed it should leave on the table. The agency followed orders from President George W. Bush to begin domestic collection without authority from Congress and the courts.
Widening the net
When the NSA won those authorities later, some of them under secret interpretations of laws passed by Congress between 2007 and 2012, the Obama administration went further still.
Using PRISM, the cover name for collection of user data from Google, Yahoo, Microsoft, Apple and five other US-based companies, the NSA could obtain all communications to, from or "about" any specified target. The companies had no choice but to comply with the government's request for data.
But the NSA could not use PRISM, which was overseen once a year by the surveillance court, for the collection of virtually all data handled by those companies.
To widen its access, it teamed up with its British counterpart, Government Communications Headquarters, or GCHQ, to break into the private fibre-optic links that connected Google and Yahoo data centres around the world.
That operation, which used the cover name MUSCULAR, tapped into US company data from outside US territory.
The NSA therefore believed it did not need permission from Congress or judicial oversight. Data from hundreds of millions of US accounts flowed over those Google and Yahoo links, but classified rules allowed the NSA to presume that data ingested overseas belonged to foreigners.
Disclosure of the MUSCULAR project enraged and galvanised US technology executives. They believed the NSA had lawful access to their front doors - and had broken down the back doors anyway.
Microsoft general counsel Brad Smith took to his company's blog and called the NSA an "advanced persistent threat" - the worst of all fighting words in US cybersecurity circles, generally reserved for Chinese state-sponsored hackers and sophisticated criminal enterprises.
"For the industry as a whole, it caused everyone to ask whether we knew as much as we thought," Smith recalled in an interview. "It underscored the fact that while people were confident that the US government was complying with US laws for activity within US territory, perhaps there were things going on outside the United States . . . that made this bigger and more complicated and more disconcerting than we knew."
They wondered, he said, if the NSA was "collecting proprietary information from the companies themselves."
Led by Google and then Yahoo, one company after another announced expensive plans to encrypt its data traffic over tens of thousands of miles of cable. It was a direct - in some cases, explicit - blow to NSA collection of user data in bulk. If the NSA wanted the information, it would have to request it or circumvent the encryption one target at a time.
Making life harder for the NSA
As these projects are completed, the internet will become a less friendly place for the NSA to work. The agency can still collect data from virtually any one, but collecting from everyone will be harder.
The industry's response, Smith acknowledged, was driven by a business threat. U.S. companies could not afford to be seen as candy stores for U.S. intelligence. But the principle of the thing, Smith said, "is fundamentally about ensuring that customer data is turned over to governments pursuant to valid legal orders and in accordance with constitutional principles."
Snowden has focused on much the same point from the beginning: Individual targeting would cure most of what he believes is wrong with the NSA.
Six months ago, a reporter asked him by encrypted email why Americans would want the NSA to give up bulk collection if that would limit a useful intelligence tool.
"I believe the cost of frank public debate about the powers of our government is less than the danger posed by allowing these powers to continue growing in secret," he replied, calling them "a direct threat to democratic governance."
In the Moscow interview, Snowden said, "What the government wants is something they never had before," adding: "They want total awareness. The question is, is that something we should be allowing?"
Snowden likened the NSA's powers to those used by British authorities in Colonial America, when "general warrants" allowed anyone to be searched. The FISA court, Snowden said, "is authorising general warrants for the entire country's metadata."
"The last time that happened, we fought a war over it," he said.
Technology, of course, has enabled a great deal of consumer surveillance by private companies, as well. The difference with the NSA's possession of the data, Snowden said, is that government has the power to take away life or freedom.
At the NSA, he said, "there are people in the office who joke about, 'We put warheads on foreheads.' Twitter doesn't put warheads on foreheads."
Privacy, as Snowden sees it, is a universal right, applicable to American and foreign surveillance alike.
"I don't care whether you're the pope or Osama bin Laden," he said. "As long as there's an individualised, articulable, probable cause for targeting these people as legitimate foreign intelligence, that's fine. I don't think it's imposing a ridiculous burden by asking for probable cause. Because, you have to understand, when you have access to the tools the NSA does, probable cause falls out of trees."
When it comes to spying on allies, by Snowden's lights, the news is not always about the target.
"It's the deception of the government that's revealed," Snowden said, noting that the Obama administration offered false public assurances following the initial reports about NSA surveillance in Germany "The US government said: 'We follow German laws in Germany. We never target German citizens.' And then the story comes out and it's: 'What are you talking about? You're spying on the chancellor.' You just lied to the entire country, in front of Congress."
In private, US intelligence officials still maintain that spying among friends is routine for all concerned, but they are giving greater weight to the risk of getting caught.
US officials say it is obvious that Snowden's disclosures will do grave harm to intelligence gathering, exposing methods that adversaries will learn to avoid.
"We're seeing al-Qaeda and related groups start to look for ways to adjust how they communicate," said Matthew Olsen, director of the National Counterterrorism Centre and a former general counsel at the NSA.
Other officials, who declined to speak on the record about particulars, said they had watched some of their surveillance targets, in effect, changing channels. That evidence can be read another way, they acknowledged, given that the NSA managed to monitor the shift.
The missing files
According to senior intelligence officials, two uncertainties feed their greatest concerns. One is whether Russia or China managed to take the Snowden archive from his computer, a worst-case assumption for which three officials acknowledged there is no evidence.
In a previous assignment, Snowden taught US intelligence personnel how to operate securely in a "high-threat digital environment," using a training scenario in which China was the designated threat. He declined to discuss the whereabouts the files now, but he said he is confident he did not expose them to Chinese intelligence in Hong Kong and did not bring them to Russia at all.
"There's nothing on it," he said, turning his laptop screen toward his visitor. "My hard drive is completely blank."
The other big question is how many documents Snowden took. The NSA's incoming deputy director, Rick Ledgett, said on CBS's 60 Minutes recently that the number may approach 1.7 million, a huge and unexplained spike over previous estimates. Ledgett said he would favour trying to negotiate an amnesty with Snowden in exchange for "assurances that the remainder of the data could be secured."
Obama's national security adviser, Susan Rice, later dismissed the possibility.
"The government knows where to find us if they want to have a productive conversation about resolutions that don't involve Edward Snowden behind bars," said Ben Wizner of the American Civil Liberties Union, the central figure on Snowden's legal team.
Some news accounts have quoted US government officials as saying Snowden has arranged for the automated release of sensitive documents if he is arrested or harmed. There are strong reasons to doubt that, beginning with Snowden's insistence, to this reporter and others, that he does not want the documents published in bulk.
If Snowden were fool enough to rig a "dead man's switch", confidants said, he would be inviting anyone who wants the documents to kill him.
Asked about such a mechanism in the Moscow interview, Snowden made a face and declined to reply. Later, he sent an encrypted message. "That sounds more like a suicide switch," he wrote. "It wouldn't make sense."
Former NSA and CIA director Michael Hayden predicted that Snowden will waste away in Moscow as an alcoholic, like other "defectors." To this, Snowden shrugged. He does not drink at all. Never has.
But Snowden knows his presence here is easy ammunition for critics. He did not choose refuge in Moscow as a final destination. He said that once the US government voided his passport as he tried to change planes en route to Latin America, he had no other choice.
It would be odd if Russian authorities did not keep an eye on him, but no retinue accompanied Snowden and his visitor saw no one else nearby.
Snowden neither tried to communicate furtively nor asked that a visitor do so. He has had continuous internet access and talked to his lawyers and journalists daily, from his first day in the transit lounge at Sheremetyevo airport.
"There is no evidence at all for the claim that I have loyalties to Russia or China or any country other than the United States," he said. "I have no relationship with the Russian government. I have not entered into any agreements with them."
"If I defected at all," Snowden said, "I defected from the government to the public."

No comments: