The Snowden Files: The Inside Story of the World's Most Wanted Man
Page 17
By 2000, as encryption was increasingly employed by service providers and individuals in everyday online communications, the NSA was spending billions of dollars finding ways to get round it. Its encrypted targets included web searches, internet chats, emails, personal data, phone calls, even banking and medical records. The challenge was to convert ‘ciphertext’ – what encrypted data looks like in its raw form: that is, mathematical nonsense – into ‘cleartext’.
In 2010 a British GCHQ document warned that over time the allies’ capacities could degrade as ‘information flows change’ and ‘widespread encryption becomes more commonplace’.
At first, the eavesdroppers seemed to face defeat, or at least stalemate. One of the leaked documents from 2006 shows that, at that date, the agency had only broken the encryption of one foreign state’s nuclear ministry, a single travel reservation system, and three foreign airlines.
It was not until 2010 that the NSA made dramatic progress, thanks to BULLRUN and EDGEHILL. It used super-computers to crack algorithms, encryption’s basic building blocks. (Algorithms generate the key which can encrypt and decrypt messages. The longer the key, the better the encryption.)
But most importantly, the Snowden files show that the NSA cheated. Despite the political defeat on back doors, the agency simply went ahead and secretly introduced ‘trapdoors’ into commercial encryption software used by millions of people. It collaborated with developers and technology companies to insert deliberate, exploitable flaws into both hardware and software. Sometimes this co-operation was voluntary; sometimes bullying legal orders enforced it. The NSA, if necessary, would steal encryption keys, almost certainly by hacking into servers where the keys were kept.
Unsurprisingly, the NSA and GCHQ were keen to keep details of these most shadowy of programs under wraps. A 2010 document from Snowden shows just how restricted knowledge was of BULLRUN – and how effective it was. The PowerPoint was used to brief British staff in Cheltenham on the NSA’s recent breakthroughs, as a result of which decrypted internet traffic was suddenly streaming across the desks of analysts.
It says: ‘For the past decade the NSA has led an aggressive, multi-pronged effort to break widely used internet encryption technologies. Cryptanalytic capabilities are now coming online. Vast amount of encrypted internet data which up to till now have been discarded are now exploitable.’
The slide says ‘major new processing systems’ must be put in place ‘to capitalise on this opportunity’. GCHQ staff previously kept in the dark about BULLRUN were astonished by the NSA’s formidable new capabilities. One internal British memo reports: ‘Those not already briefed were gobsmacked.’
Snowden’s first batch of published files did not disclose details of which companies work with the NSA on counter-encryption. Or which commercial products may have back doors. But the files do give some idea of BULLRUN’s massive dimensions. A budget report for the entire US intelligence community says that 2013 funding for the program was $254.9m. (PRISM, by contrast, costs just $20m annually.) Since 2009, the agency has splashed more than $800m on ‘SIGINT [signals intelligence] enabling’. The program ‘actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs’, the report says.
The joy of the program, the NSA says, is that ordinary citizens have no idea that their everyday encrypted communications are now hackable. When the NSA inserts ‘design changes’ into commercial encryption systems, the 178-page report for the fiscal year notes, ‘To the consumer and other adversaries … the systems’ security remains intact.’
James Clapper, the director of national intelligence, stresses the importance of crypto. ‘We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic,’ he writes.
The agency is not lacking in ambition. The files show the NSA is breaking the encryption systems of 4G phones. It targets online protocols used in secure banking and business transactions, such as HTTPS and Secure Sockets Layer (SSL). It wants to ‘shape’ the worldwide encryption marketplace. Soon it expects to get access to ‘data flowing through a hub for a major communications provider’ and to a ‘major internet peer-to-peer voice and text communications system’. That sounds like Skype.
Meanwhile, the British were pressing on with their own parallel EDGEHILL project. One file shows that the British spies have succeeded in breaking into three internet providers and 30 types of Virtual Private Networks (VPN) used by businesses to access their systems remotely. By 2015 it hoped to have penetrated 15 internet companies and 300 VPNs.
The spy agencies insist that their ability to defeat encryption is essential to their mission, and that without it they would be unable to track terrorists or gather valuable foreign intelligence. The problem, as the New York Times points out, is that the NSA’s anti-encryption stealth campaign may have disastrous unwanted consequences.
By inserting deliberate weaknesses into encryption systems, the agency has made those systems exploitable. Not just by government agencies, who may be acting with good intentions, but by anybody who can get hold of encryption keys – such as hackers or hostile intelligence agencies. Paradoxically, in its quest to make Americans more secure, the NSA has made American communications less secure; it has undermined the safety of the entire internet.
The main US agency for setting security norms in cyberspace is the National Institute of Standards and Technology (NIST). It appears the NSA has corrupted this, too. A Snowden document reveals that in 2006 the NSA put a back door into one of the institute’s main encryption standards. (The standard generates random prime numbers used to encode text.) The agency then encouraged another international standards body – and the rest of the world – to adopt it, boasting: ‘Eventually the NSA became the sole editor.’
Both US and UK agencies have also devoted considerable efforts to cracking Tor, the popular tool to protect online anonymity. Ironically, the US government is one of Tor’s biggest backers. The State Department and the Department of Defense – which houses the NSA – provide around 60 per cent of its funding. The reason is simple: journalists, activists and campaigners in authoritarian countries such as Iran use Tor to protect themselves from political reprisals and online censorship.
Thus far, however, the NSA and GCHQ have been unable to de-anonymise most Tor traffic. Instead, the agencies have attacked web browsers such as Firefox, which allows them control over a target’s end computer. They have also developed the ability to ‘stain’ some traffic as it bounces around the Tor system.
Despite their best endeavours, the truth appears to be that NSA and GCHQ have not yet won cryptography’s new civil war. With the right training and some technical expertise, corporations and individuals (as well, no doubt, as terrorists and paedophiles) are still successfully using cryptography to protect their privacy.
In a Q&A with Guardian readers while in hiding in Hong Kong, Snowden himself said: ‘Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.’
And he should know.
11
FLIGHT
Terminal F, Sheremetyevo International Airport,
Moscow, Russian Federation
Sunday 23 June 2013
‘We always imagine eternity as something beyond our conception, something vast. But why must it be vast? Instead of all that, what if it’s one little room, like a bath house in the country, black and grimy and spiders in every corner, and that’s all eternity is?’
FYODOR DOSTOYEVSKY,
Crime and Punishment
Ed Snowden went underground after hastily checking out of the Mira Hotel in Hong Kong. His local legal team, barrister Robert Tibbo and solicitor Jonathan Man, knew where he was. So did someone else. Snowden had a mystery guardian angel – a well-connected Hong Kong resident. The American’s interest in China was long-standing, dating back to his time with the CIA in Geneva and his support for the
Free Tibet movement.
The precise details are murky. But it appears this benefactor invited Snowden to stay with one of his friends. Another lawyer, Albert Ho, says that Snowden shifted between several homes, staying in at least one house in the New Territories area, close to the border with mainland China. He was lost in a densely packed metropolis of seven million people.
Tibbo, a human rights lawyer, was used to dealing with clients in bad situations. A Canadian by nationality, with a pleasant manner, a smart blazer and a receding hairline, Tibbo represented the vulnerable and the downtrodden – Sri Lankans facing deportation, Pakistanis wrongly denied asylum, abused refugees.
One of his cases dated back to the darkest chapter of the Tony Blair era. In 2004, the Libyan Islamist Sami al-Saadi arrived in Hong Kong with his wife and family. He thought he was travelling back to the UK, his old home. Instead, MI6, working closely with Muammar Gaddafi’s intelligence services, bundled him on a plane back to Tripoli. There, Saadi was interrogated, tortured and imprisoned. Shortly afterwards, Blair, the then British prime minister, struck a deal with the Libyan dictator. MI6’s discreditable role in the affair emerged after Gaddafi’s 2011 fall.
Like Saadi, Snowden was another client whom, he feared, western intelligence services would render and then imprison in a dark, damp hole. Tibbo and Snowden first met after he slipped out of the Mira Hotel. The lawyer refuses to talk about the details, citing client confidentiality. But he evidently considered Snowden to be bright, a rational actor who was making his own conscience-driven choices. And a young man in a whole pile of trouble. Over the next two weeks Tibbo would juggle his regular case-load while working on Snowden’s behalf, often through the night.
The lawyers were soon sucked into Snowden’s cloak-and-dagger world. Albert Ho describes a rendezvous. He got into a car one night at an agreed spot and found Snowden inside, wearing a hat and sunglasses. Snowden didn’t speak, the lawyer told the Washington Post. When they arrived at the home where Snowden was staying he whispered that everyone had to hide their phones in the refrigerator. Over the next two hours the lawyers went through his options with him. Ho brought dinner: pizza, sausages and chicken wings, washed down with Pepsi. ‘I don’t think he ever had a well-thought-out plan. I really think he’s a kid,’ Ho said afterwards.
The lawyers’ assessment was negative. It was possible that Snowden might eventually prevail in a battle against US extradition. But in the meantime the most likely option was that he would sit in jail while the Hong Kong courts considered his asylum claim. This legal tussle could drag on for years. Snowden was horrified to discover that behind bars he would have no access to a computer.
He didn’t mind being confined in a small room. But the idea of being exiled from the internet was repugnant to him. ‘He didn’t go out, he spent all his time inside a tiny space, but he said it was OK because he had his computer,’ Ho told the New York Times. ‘If you were to deprive him of his computer, that would be totally intolerable.’
After the meeting, Ho was asked to take soundings from the Hong Kong government. Would Snowden get bail if arrested? Could he somehow flee the country? The whistleblower presented a dilemma for Hong Kong’s administrators. The territory is part of China but governed under the ‘one country, two systems’ framework; it has notional autonomy but Beijing retains ultimate responsibility for foreign affairs.
On the one hand, China’s spies would certainly be interested in keeping Snowden, if they could get access to his tens of thousands of highly sensitive NSA documents, revealing the ambit and protocols of American surveillance. On the other hand, if Hong Kong refused to repatriate him, this would place Sino–American relations under great strain. Already the US was piling on the pressure. A major international row would be an unwelcome distraction.
There were other factors, too. Snowden’s case might raise uncomfortable questions at home for the Chinese authorities. Many Chinese citizens were unaware that their own security services also engaged in domestic spying, with phone hacking, email and postal interception rampant, not to mention censorship. Holding on to Snowden could set off an uncomfortable internal debate over matters currently under the table.
Hong Kong’s chief executive Leung Chun-ying held numerous meetings with his top advisers, it was reported, struggling to decide what to do over a thorny US request for Snowden’s detention.
Public opinion in Hong Kong was largely pro-Snowden, boosted by some carefully targeted disclosures. On 12 June Snowden gave an interview from hiding to the South China Morning Post. In it, he revealed that the US hacked millions of China’s private text messages. ‘The NSA does all kinds of things like hack Chinese mobile phone companies to steal all of your SMS data,’ he told the paper. The agency had also, he alleged, attacked China’s prestigious Tsinghua University, the hub of a major digital network from which the data on millions of Chinese citizens could be harvested.
For years, Washington had complained bitterly about Beijing’s industrial-scale stealing and spying in cyberspace. In numerous documents GCHQ and NSA identify China and Russia as the two nations responsible for most cyber-espionage. Now it appeared the NSA did the same thing, only worse.
Snowden must have hoped that in the wake of his leaks the Hong Kong government would treat his case sympathetically. After Ho’s approach to the authorities, an intermediary contacted Snowden. The intermediary delivered a message. The message was that Hong Kong’s judiciary was independent. And, yes, it was possible he would spend time in jail. But – and this was the crucial bit – it also said the government would welcome his departure.
Ho sought further assurances. He told the Guardian’s Beijing correspondent Tania Branigan, who had flown to Hong Kong: ‘I talked to government officials seeking verification of whether they really wanted him to go, and in case they really wanted him to go, whether he would be given safe passage.’
On Friday 21 June the US government formally indicted Snowden with espionage. It sent an urgent official extradition request. ‘If Hong Kong doesn’t act soon, it will complicate our bilateral relations and raise questions about Hong Kong’s commitment to the rule of law,’ a senior Obama administration official said.
With his legal options shrinking by the hour, Snowden made a fateful decision. He would leave.
Six thousand miles away, someone else in hiding had been taking a close interest in these developments. Julian Assange had been frantically trying to make contact with the fugitive NSA contractor. Assange is the self-styled editor-in-chief of WikiLeaks. He had been holed up in the tiny Ecuadorean embassy in London for over a year.
Assange had taken refuge inside the apartment building – Flat 3b, 3 Hans Crescent – after his own legal options ran out. In summer 2012, Britain’s supreme court ruled that an extradition warrant served by authorities in Sweden was valid. Assange should be extradited to answer complaints from August 2010 that he sexually assaulted two Swedish women, the court said.
Assange promptly walked into the embassy and was granted political asylum by Ecuador’s leftist government. The tactic seemed extravagant to some. During the cold war, Hungary’s dissident Cardinal Mindszenty spent 15 years in the US embassy. But this was 2012, not 1956. There were few signs of state brutality amid the penthouses of London’s Knightsbridge; instead of Soviet tanks there were Bentleys and Ferraris. Thanks to his going to ground in this way, WikiLeaks had released little of significance for some time. Assange, as the New York Times’s David Carr put it, ‘looked like a forgotten man’.
Now, Assange barged his way into Snowden’s drama. Much is mysterious. But it is known his approaches came via intermediaries and through his Hong Kong lawyers. These pre-dated Snowden’s video confession, and they grew more intense after it.
From Assange’s perspective the approach was logical. Snowden was another anti-US whistleblower in trouble, apparently just like him. In 2010, Assange had leaked the thousands of classified documents obtained from the US private Chelsea Manning. Their publicati
on, in collaboration with the Guardian and other newspapers, had caused a global furore. Manning was jailed and a grand jury reportedly investigated Assange over the leaks. Assange’s woes with Swedish women were a separate matter, though the former hacker would frequently – and some would say cynically – confuse the two. But Assange did have some claim to specialised expertise in asylum issues. And the Snowden story also opened up a chance for him to step back into the limelight.
Ideologically, the two had much in common: a passionate commitment to the internet and transparency, a libertarian philosophy when it came to information, and strong digital defence skills. Snowden had at one point considered leaking his NSA files to Assange. He later reconsidered on the grounds of risk. Assange’s confined situation at the embassy in London, right under the nose of the British authorities and their NSA allies, meant inevitably that he was bugged and constantly monitored.
In terms of temperament, Snowden was nothing like Assange. He was shy, allergic to cameras, and reluctant to become the focus of media attention. He never sought celebrity. The world of journalism was utterly alien to him. Assange was the polar opposite. He liked the public gaze. Charming, he was capable of deadpan humour and wit, but could also be waspish, flying into recrimination and anger. Assange’s mercurial temperament spawned both groupies and ill-wishers: his supporters saw him as a radical paladin fighting state secrecy, his enemies as an insufferable narcissist.
Assange hatched a plan with two key elements. The first was to secure the same sort of asylum for Snowden as he had himself, from Ecuador’s populist president Rafael Correa, one of a string of leftist Latin American leaders unfriendly to US power. The second was to help get Snowden physically from Hong Kong to Quito. This was no easy thing, given that the CIA and practically every other intelligence agency on the planet were on his trail.