Surveillance Valley
Page 21
Surveillance is just a starting point. Harking back to the original Cold War dream of building predictive systems, military and intelligence officials saw platforms like Facebook, Twitter, and Google as more than just information tools that could be scoured for information on individual crimes or individual events. They could be the eyes and ears of a vast interconnected early warning system predicting human behavior—and ultimately change the course of the future.
By the time Edward Snowden blew the whistle on the NSA in the summer of 2013, at least a dozen publicly disclosed US government programs were leveraging open source intelligence to predict the future. The US Air Force had a “Social Radar” initiative to tap intelligence coming in from the Internet, a system explicitly patterned after the early warning radar systems used to track enemy airplanes.16 The Intelligence Advanced Research Project Agency, run by the Office of the Director of National Intelligence, had multiple “anticipatory intelligence” research programs involving everything from mining YouTube videos for terrorist threats to predicting instability by scanning Twitter feeds and blogs and monitoring the Internet to predict future cyberattacks.17 DARPA ran a human radar project as well: the World-Wide Integrated Crisis Early Warning System, or ICEWS, which is pronounced as “IQs.” Started in 2007 and built by Lockheed Martin, the system ultimately grew into a full-fledged operational military prediction machine that had modules ingesting all sorts of open source network data—news wires, blogs, social media and Facebook posts, various Internet chatter, and “other sources of information”—and routing it through “sentiment analysis” in an attempt to predict military conflicts, insurgencies, civil wars, coups, and revolutions.18 DARPA’s ICEWS proved to be a success. Its core technology was spun off into a classified, operational version of the same system called ISPAN and absorbed into the US Strategic Command.19
The dream of building a global computer system that could watch the world and predict the future—it had a long and storied history in military circles. And, as the documents released by Snowden showed, the NSA played a central role in building the interception and analysis tools that would bring that dream to reality.20
The National Security Agency was established by a classified executive order signed by President Harry Truman in 1952. A highly secretive body whose very existence remained hushed for years after it was created, the agency had a dual mandate. One was offensive: to collect electronic communication and signals intelligence abroad, which meant grabbing radio and satellite transmissions, tapping telephone wires, and breaking the encryption used by foreign governments. The other was defensive: to prevent the penetration of critical US government communication systems by foreign powers. In the mid-1970s, when the existence of the NSA first came to public attention in a series of congressional hearings, the agency employed 120,000 people and had 2,000 overseas listening posts with giant antennas set up around the world listening to every pin drop and mouse scratch that came out of the Soviet Union.21
The NSA was involved with the Internet from the network’s very beginnings as an ARPA research project. Starting in the early 1970s, it maintained a node on the early ARPANET and was directly implicated in using the network to transfer surveillance files on antiwar protesters and civil rights leaders that the US Army had illegally compiled.22 In 1972, the NSA hired ARPA contractor Bolt, Beranek and Newman, where J. C. R. Licklider had served as vice president, to build an upgraded ARPANET version of its COINS intelligence network that eventually plugged in to the ARPANET, CIA, State Department, and Defense Intelligence Agency.23 At the same time, it funded work on other classified ARPANET projects that would over the decades evolve into operational classified network systems, including the one that the NSA uses today: the NSANET.24
In the 2000s, as the Internet grew into a commercial telecommunications network, the NSA’s signals intelligence mission expanded as well. By the time Edward Snowden transferred to his last and final NSA contracting job at Booz Allen Hamilton in Hawaii in 2013, the agency had a bead on just about everything that flowed over the Internet. True to its spy nature, NSA played a dual role. On the one hand, it worked with companies like Google and Amazon, buying their services and helping defend them from foreign hacks and cyberattacks. And on the other hand, the agency hacked these companies behind their back—punching holes and placing bugs in every device that it could penetrate. It was just doing its job.
Snowden’s leaks revealed that the NSA had spy implants embedded in Internet exchange points where the backbones connecting countries met. It ran an elite hacker Tailored Access Operations unit that provided customized penetration solutions when the agency’s general surveillance tools could not get the job done. It ran programs targeting every major personal computer platform: Microsoft Windows, Apple iOS, and Google Android, allowing spies to extract anything and everything those devices had.25 In partnership with the United Kingdom’s Government Communications Headquarters spy agency, the NSA launched a program called MUSCULAR that secretly spliced into the internal fiber-optic cable networks connecting one Silicon Valley data center to another, allowing the agency to get a “full take” of internal company data. Yahoo! was a target; so was Google—meaning the agency vacuumed up everything that Google had, including the profiles and dossiers the company kept on all its users. NSA documents gushed about the agency’s ability to provide “a retrospective look at target activity,” meaning all the emails and messages targets sent, all the places they went with an Android phone in their pocket.26
Perhaps the most scandalous NSA program revealed by Snowden’s disclosures is called PRISM, which involves a sophisticated on-demand data tap housed within the datacenters of the biggest and most respected names in Silicon Valley: Google, Apple, Facebook, Yahoo!, and Microsoft. These devices allow the NSA to siphon off whatever the agency requires, including emails, attachments, chats, address books, files, photographs, audio files, search activity, and mobile phone location history.27 According to the Washington Post, these companies knew about PRISM and helped the NSA build the special access to their network systems that PRISM requires, all without raising public alarm or notifying their users. “The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.”28
The Washington Post revealed that PRISM is administered for the NSA by the FBI’s secretive Data Intercept Technology Unit, which also handles wiretaps on the Internet and telephone traffic flowing through major telecommunications companies like AT&T, Sprint, and Verizon. PRISM resembles traditional taps that the FBI maintained throughout the domestic telecommunications system. It works like this: using a specialized interface, an NSA analyst creates a data request, called a “tasking,” for a specific user of a partnering company. “A tasking for Google, Yahoo, Microsoft, Apple and other providers is routed to equipment [“interception units”] installed at each company. This equipment, maintained by the FBI, passes the NSA request to a private company’s system.”29 The tasking creates a digital wiretap that then forwards intelligence to the NSA in real time, all without any input from the company itself.30 Analysts could even opt-in for alerts for when a particular target logs in to an account.31 “Depending on the company, a tasking may return e-mails, attachments, address books, calendars, files stored in the cloud, text or audio or video chats and ‘metadata’ that identify the locations, devices used and other information about a target.”32
The program, which began in 2007 under President George W. Bush and which was expanded under President Barack Obama, became a gold mine for American spies. Microsoft was the first to join in 2007. Yahoo! came online a year later, and Facebook and Google plugged in to PRISM in 2009. Skype and AOL both joined in 2011. Apple, the laggard of the bunch, joined the surveillance system in 2012.33 Intelligence officials described PRISM as a key feeder system for foreign intelligence.34 In 2013, PRISM was used to spy on over a hundred thousand people—“targets,�
� in the parlance of the NSA. James R. Clapper, director of National Intelligence, described the products of PRISM as “among the most important and valuable foreign intelligence information we collect.”35
The NSA documents, as revealed by the Washington Post, offered only a glimpse into the PRISM program but enough to show that the NSA had turned Silicon Valley’s globe-spanning platforms into a de facto intelligence collection apparatus. All with the help of the industry itself. PRISM even featured an easy-to-use interface, with text alerts, no less.
These were damning revelations. And, for Silicon Valley, they carried an edge of danger.
A Threat Emerges
From their inception, Internet companies banked heavily on the utopian promise of a networked world. Even as they pursued contracts with the military and their founders joined the ranks of the richest people on the planet, they wanted the world to see them not just as the same old plutocrats out to maximize shareholder value and their own power but also as progressive agents leading the way into a bright techno-utopia. For a long time, they succeeded. Despite the slow dribble of news stories about Silicon Valley inking deals with the CIA and NSA, the industry was somehow able to convince the world that it was different, that it somehow stood in opposition to traditional power.
Then Edward Snowden screwed everything up.
Public disclosure of the NSA’s PRISM program gave a glimpse into the symbiotic relationship between Silicon Valley and the US government and threatened to upend the industry’s carefully cultivated image. This wasn’t rumor or speculation but came from primary documents lifted from the depths of the most powerful spy agency in the world. They provided the first tangible evidence that the biggest and most respected Internet companies had worked in secret to funnel data on hundreds of thousands of users to the NSA, revealing by extension the vast amounts of personal data that these companies collected on their users—data that they owned and could use in any way they wanted.
You didn’t have to be a tech expert to see that the government surveillance on the Internet simply could not exist without the private infrastructure and consumer services provided by Silicon Valley. Companies like Google, Facebook, Yahoo!, eBay, and Apple did all the heavy lifting: they built the platforms that drew in billions of users and collected a boggling amount of data about them. All that the NSA had to do to get at the data was connect a few wires, which the agency did with full cooperation and total discretion from the companies themselves.
In the months after Snowden went public, Silicon Valley and surveillance were suddenly front and center and intertwined. Arguments about the need to pass new laws that restricted data collection on the Internet by private companies joined calls to rein in the NSA’s surveillance program. Everyone now knew that Google and Facebook were gobbling up every piece of data on us that they could get their hands on. A groundswell emerged around the idea that this had gone on for far too long. New controls and limits on data collection had to be put in place.
“Google may possess more information about more people than any entity in the history of the world. Its business model and its ability to execute it demonstrate that it will continue to collect personal information about the public at a galloping pace,” warned the influential watchdog Public Citizen in a report that made headlines around the world. “The amount of information and influence that Google has amassed is now threatening to gain such a stranglehold on experts, regulators and lawmakers that it could leave the public powerless to act if it should decide that the company has become too pervasive, too omniscient and too powerful.”36
The Internet companies responded with proclamations of innocence, denying any role in NSA’s PRISM program. “Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn’t even heard of PRISM before yesterday,” Mark Zuckerberg wrote in a Facebook post. He blamed the government and positioned Facebook as a victim. “I’ve called President Obama to express my frustration over the damage the government is creating for all of our future. Unfortunately, it seems like it will take a very long time for true full reform.” Apple, Microsoft, Google, and Yahoo! all reacted in much the same way, denying the allegations and painting themselves as the victims of government overreach. “It’s tremendously disappointing that the government sort of secretly did all this stuff and didn’t tell us. We can’t have a democracy if we’re having to protect you and our users from the government,” Larry Page told Charlie Rose in an interview on CBS.37
But their excuses rang hollow. “Despite the tech companies’ assertions that they provide information on their customers only when required under law—and not knowingly through a back door—the perception that they enabled the spying program has lingered,” reported the New York Times in 2014.38
For a moment after Snowden’s leaks, Silicon Valley entered a state of paralyzed shock, frozen with fear over how to handle the scandal. It was an astounding time in history. You could almost hear the giant wheels of the Silicon Valley public relations machine grind to a halt. While analysts predicted multi-billion-dollar losses to the industry as a result of Snowden’s revelations, an army of friendly bloggers, academics, think tanks, Astroturf groups, lobbyists, and journalists sat at their keyboards, staring at their hands, waiting with bated breath for a backlash.39
Edward Snowden terrified the industry.
Catapulted to the status of a cult hero, he now wielded massive influence. He could easily focus on Silicon Valley’s private surveillance apparatus and explain that it was an integral part of the bigger surveillance machine operated by the NSA—that it was one of the two parts of the same system. With just a few words, he had the power to start a real political movement and galvanize people to push for real and meaningful privacy laws. In that moment, he had all the power. He was Larry Page’s nightmare, the embodiment of why Google had to warn its investors that privacy laws posed an existential threat to its business: “Privacy concerns relating to elements of our technology could damage our reputation and deter current and potential users from using our products and services.”40
But Silicon Valley was lucky. Snowden, a lifelong libertarian, had other ideas.
Lock and Load
Edward Joseph Snowden was born into a conservative family on June 21, 1983, in Elizabeth City, North Carolina. His father was a Coast Guard officer. His mother was a court administrator. He moved to Maryland in his teens and dropped out of high school in his sophomore year. It was then that he began to deepen a childhood interest in computers. He hung out on the web forum of Ars Technica, a technology news site with an active forum for likeminded geeks. There he came out as a right-wing libertarian: he hated the New Deal, wanted to shrink the government to the size of a peanut, and believed the state had no right to control the money supply. He preferred the gold standard. He mocked old people for needing old-age pensions. “Somehow, our society managed to make it hundreds of years without social security just fine,” he wrote on the forum. “Magically the world changed after the new deal, and old people became made of glass.” He called people who defended America’s Social Security system “fucking retards.”41
In 2004, a year after the United States invaded Iraq, Snowden enlisted in the Army Special Forces program. He listed his religion as “Buddhist.” Describing his decision to join the army, he said he felt an “obligation as a human being to help free people from oppression” and that he believed that the Special Forces were a noble bunch. “They are inserted behind enemy lines. It is a squad that has a number of different specialties. And they teach and enable the local population to resist or to support US forces in a way that allows the local population a chance to determine their own destiny.”42 Snowden never made it to Iraq (which always seemed a strange mission for a libertarian). He
broke both legs in an exercise and failed to complete basic training. His life took a different turn.
He found work as a security guard at the NSA’s Center for Advanced Study of Language at the University of Maryland. He moved quickly up the career ladder. In 2006, the CIA hired him as an information technology security specialist, a job that gave him top-secret security clearance and sent him to Geneva under State Department cover. This was no simple IT assignment. He was now a CIA field officer living in Europe. “I don’t have a degree of ANY type. I don’t even have a high school diploma,” he anonymously bragged to his online friends at Ars Technica. An acquaintance of Snowden from his CIA days in Geneva described him as an “IT genius” as well as an accomplished martial arts fighter. His father boasted that his son possessed a genius-level IQ of 145.
In a note attached to his leaks, Snowden gave journalists a breakdown of his work experience:43
Edward Joseph Snowden, SSN: ****
CIA Alias “*****”
Agency Identification Number: *****
Former Senior Advisor | United States National Security Agency, under corporate cover
Former Field Officer | United States Central Intelligence Agency, under diplomatic cover
Former Lecturer | United States Defense Intelligence Agency, under corporate cover
Despite his work as an intelligence operative at the exact moment the CIA was expanding its global surveillance and drone assassination programs, it seemed Snowden somehow remained unaware that spying was taking place all over the Internet. As he recounted his story, it was only in 2009, after taking his first private contractor job, working for Dell at an NSA facility in Japan, that it really hit him. “I watched as Obama advanced the very policies that I thought would be reined in,” he said. The US government was running a global surveillance operation. The world needed to know, and he began to see himself as the man to tell it.44 “You can’t wait around for someone else to act. I had been looking for leaders, but I realized that leadership is about being the first to act.”45