The fixed belief that all their work had life-and-death stakes colored attitudes here about the wisdom of any public debate. Outsiders had no business in decisions about where the government should and should not point its surveillance machine. People I had known for years walked away at my approach. More than one hoped aloud that I would face repercussions. A senior government lawyer asked pointedly whether reporters have a professional body to sanction unethical conduct. (We do not. Anyone can commit journalism without a license.) When I joined a small conversation at the coffee urn, a national security lawyer I had not met before remarked without preamble that the law firm of Williams & Connolly took a “very aggressive approach” to First Amendment law. It was no secret, but not especially common knowledge, that the firm represented the Post and me. I looked at him more closely. How carefully, he asked me, had I thought about the consequences of relying upon erroneous advice?
That night, Keith Alexander gave a talk. He wished he could “just get all the American people in our huddle and say, okay, here is the game plan.” He could not do that because “terrorists . . . are amongst us and they’re trying to kill our people.” Americans should take comfort in the close oversight of the FISA Court and the intelligence committees in Congress.
I stood to ask a question. We had not met in person. Alexander looked down and pursed his lips when NBC’s Pete Williams, the moderator, called on me by name. I wanted to follow up on the point that Alexander had just made. The FISA Court and Congress, if my reporting was correct, did not delve into operational details of a program like PRISM. They did not, for example, know the names of targets or the grounds for their selection. Was Alexander saying, to the contrary, that the legislative or judicial branches “are examining any of the 45,000 selectors that you’re using or what was the basis of the ‘reasonable, articulable suspicion’? I mean, they don’t go into that, right?”
“They don’t necessarily go into it,” he conceded. “Our general counsel, our IG, they do look at that and make sure that what we’re doing is right.” Alexander did not know a better way to safeguard civil liberties, he told me. In a perfectly flat tone, he added that maybe “you have greater insights.”
Nasty and suspicious. That was the verdict. I had crossed an invisible boundary. Maybe there was no avoiding it, given that I had taken Snowden’s documents and, sometimes, taken his side. Maybe I asked too many follow-up questions. Maybe a review of the video would judge me rude, insufficiently deferential to rank. The Aspen Security Forum relied on the goodwill of speakers and funding from contractors who sought government business. Academi, the latest rebranding of the Blackwater private military company, was a principal sponsor of the forum that year. (In an off-the-record lunch, the company introduced Jose Rodriguez, the former CIA operations chief who had ordered the burning of video evidence of waterboarding. Rodriguez was advising Academi on compliance with its corporate code of conduct.) No invitation came from Aspen the following year, or the next, or the next after that.
SIX
JAMBOREE
Shortly after 8:00 a.m. on February 7, 2012, NSA and CIA personnel began to arrive at a bunkerlike office building in Herndon, Virginia, a few miles east of Dulles International Airport. Cement and dark reflective glass sheathed the exterior. Fine copper mesh wove through interior walls around Top Secret spaces, sealing off electromagnetic leaks. The neighborhood itself offered a measure of camouflage. On one side, an unremarkable office park. On the other, across the road, little children at the Little Oaks Montessori Academy. The Madame Curie School, Oak Hill Christian School, and Lutie Lewis Coates Elementary School clustered nearby.
Inside, on this day, digital weapons designers from all over the United States had come to review the state of their art. Government labs showed off crackerjack new tools of electronic theft. Geeky enthusiasm set the tone. “Q,” James Bond’s eccentric gadgeteer, would have been at home if his lab produced software implants as well as toothpaste bombs. Private contractors pitched proof-of-concept designs to “circumvent or exploit” the latest security features of smartphones, computers, and network hardware around the world. Researchers shared test results from the field. Here was a way to bypass Secure Boot in Windows. Here a promising plan to compromise LTE wireless networks, enabling “discreet control of the radio” on a mobile phone and remote activation of its microphone. Here was a technique to extract cryptographic keys from silicon circuits with X-ray computed tomography. Here was STRAWHORSE, a breakthrough in clandestine surveillance of iPhones. The collective goal of the gathering, unrealized but ever in progress, was the wherewithal to penetrate any machine, any network, any electronic data source, anywhere in the world.
NSA leaders are matter-of-fact about the scale of their ambition. Stealing foreign secrets, they say, is what we pay them to do. True enough, as far as it goes, but the motto lacks proportion. The NSA, like the eagle astride the globe on the first page of the first document that Snowden gave me, really does hold the world’s telecoms in its grasp. It cannot yet reach every bit and byte, but it comes near enough. Is there room in that picture for self-restraint? Does the agency conceive of boundaries short of black letter law? Rules and regulations are vital, but so are workplace norms. Statutes leave gaps. Precedent is silent when technology upends old assumptions. Secret operations, by their nature, are difficult to test in closed judicial proceedings. There are broad swaths of surveillance, in practice, that judicial and legislative oversight do not even try to reach. That is why culture matters so much when fallible human beings acquire the power to peer into other people’s secrets. Culture fills the blank spaces between the lines. One way to gauge the NSA’s norms, admittedly ironic in the context of this book, is to listen in on the SIGINT Directorate’s conversations with itself.
Since its debut in 2006, for reasons lost to history, the annual hackers’ conference in northern Virginia has been known as Jamboree. Possibly the name is meant to be tongue-in-cheek. It brings to mind incongruous scenes of Boy Scouts and Girl Scouts and campfires and songs of peace. In the wiretappers’ Jamboree, the setting is less pastoral—a TS/SCI conference space—and the lyrics sing of digital battlefields. Jamboree celebrates technical brilliance, audacity on offense, and a relentless drive to win. It promotes a laser focus on mission accomplishment. Those are virtues among spies, important ones. They are not the only virtues. Jamboree springs from an operational world that can be nonchalant about the privacy of innocents and contemptuous of men and women who allow themselves to be “owned,” as hackers say, by American cyber warriors. Sexual innuendo, ethnic slurs, and mockery of the dead are neither furtive nor especially rare in NSA discourse. The people who speak this language among themselves show no apparent concern for reproach by superiors. They are the same people whose work may decide who lives and who dies in a conflict zone. “As many of you know, our forces in Iraq are dropping bombs on the strength of SIGINT alone,” Charles H. Berlin III, the former chief of staff of the Signals Intelligence Directorate, told his workforce in an internal newsletter in 2004.
There are many professionals in the NSA who take no part in the japery. I have little doubt that they make up a large majority. NSA personnel and veterans I have met are thoughtful about their power and conflicted about trespassing, as inevitably they do, into private terrain that does not belong to a foreign intelligence target. Among the top guns of the NSA hacker club and those who make use of their work, even so, looser language and attitudes are commonplace. Scores of examples in documents and confidential interviews reveal a tendency in those precincts to infuse official reports with snickering insults and derisive memes invented by teenagers, gamers, and nerds on the Internet.
In the autumn of 2013, I asked the Washington Post to hire one of those nerds. Ashkan Soltani, then thirty-eight, had spent his youth in hacker forums and counterestablishment technical gatherings from Def Con in Las Vegas and Hackers on Planet Earth in New York to the Chaos Computer Club in Berlin. He
had grown up to acquire academic credentials, work for state and federal agencies, cofound a start-up company, and earn a reputation in privacy and security circles. His sensibilities, for all that, stayed tuned to his roots. I sought him out with a limited brief, at first: to help me decode the most difficult technical materials in the Snowden archive.
I had relied upon exceptional colleagues at the Post to help me tell the NSA stories, foremost among them Greg Miller, Ellen Nakashima, Carol Leonnig, and Julie Tate. None of it was easy work, not by a long shot, but some stories were more accessible than others. The accessible ones grew scarcer by September. Some of the most consequential were yet to come. For those I needed another kind of help, more than I had been willing to accept. I saw tantalizing clues to operations on the edge of the law or inconsistent with stories that the government had told for years. The clues were fragmentary, like puzzles with only scattered pieces in hand. Talent ran deep in the newsroom, but I knew of no one with the computer science and engineering chops I lacked. The usual cure for this problem, a reporter’s core competence really, is to set forth into the world and find the people who know things and ask questions. Here that presented a dilemma. I did not feel free to circulate codeword-classified documents before I understood them, and seldom even then, but I could not understand them on my own. Three months into the story, I found myself stuck more often than I liked.
If I allowed someone else to review the archive with me, whom did I know well enough to trust? Who could even qualify? I needed an information scientist with an improbable range of competence in network infrastructure, endpoint security, surveillance tradecraft, public policy, and privacy law. This hypothetical candidate had to be unconflicted, uncommitted elsewhere, and unburdened by ideology that would incline him or her to cherry-pick evidence. Some people, otherwise qualified, might balk at the legal risks. No one who had held or hoped to hold a government clearance would be likely to join an excavation of classified leaks. I wrote down a few names. Others would have fit the bill, but I did not know them personally. My list resolved to one.
Over time Soltani became an alter ego in the reportorial detective work. Alongside the technical help, he supplied something I did not know I needed: a guide to the folkways of the men and women, by far mostly young men, behind the written words.
* * *
—
The first slide deck I showed Soltani, on September 19, was filled with jargon and graphics that I was underequipped to parse. If I understood the gist correctly, there was an important story here. One of the main points seemed to be that the NSA found it difficult, in some fields of operation, to pick out the signals it wanted to steal from torrents of background noise.
Soltani paged through the presentation, intently focused and somewhat awed by his first glimpse of the classified archive. He clicked from slide 3 to slide 4. He stopped. He stared. He laughed. He grabbed my arm. “You’ve got to see this,” he said. I stood up from my own machine and looked over his shoulder. On slide 4, a team from Special Source Operations explained that the collection systems at issue were unable to “apply a value to traffic types.” In other words, they dipped into a data stream without knowing as they did so what they scooped up. This was a problem, as they saw it, not because they grabbed more information than the mission required, but because the volume overtopped the banks of available storage. “Collection optimization” was required. The slide featured a photograph of a dark-furred cat, perhaps, by the look of it, a Russian Blue. Its face filled the frame, brown eyes downcast, mouth set in the impression of a frown. A label in large print read “Emo Cat,” and, in smaller letters, “No One Understands Him.”
The joke would have been plain to the intended audience, a nod to common membership in a meme-savvy group. The seas of incoming data, like the depths of the feline heart, were uncharted. Viewers were meant to laugh at Emo Cat’s despair. Cat pictures with sardonic slogans, Soltani explained to me, had their origins on the fringes of the World Wide Web. They had migrated from Internet Relay Chat rooms and avowedly misanthropic forums such as 4chan to Reddit and then to mass-market social media. Facebook kittens were cute and fluffy. Their antecedents had a mean streak, by and large. “Emo” connoted, in this case, mock-worthy pathos.
“So what?” I said. I had noticed the kitten in passing and paid it no mind.
“You don’t understand,” Soltani replied. The memes we turned up were like cave paintings, he said: simple yet revealing markers of culture. “I know these guys. These are the guys I’ve been hanging out with for years. These are the guys from Reddit and Def Con. They’re exactly the same.”
Soltani had come to the job with assumptions about the men and women behind the ramparts of the world’s most formidable electronic intelligence agency. The artifacts we discovered obliged him to think again.
“I, like a lot of people, expected the NSA to consist mostly of either close-cropped military or ‘men in black’ types,” he wrote to me later, alluding to the film about a secret agency for human-alien relations. “However, after reading through the writing style, tone, and imagery, it’s clear that at least a portion of the people there are the socially awkward Reddit nerds. (I’m envisioning young, slightly baby-faced, tubby, perhaps with a 32 oz. ‘Big Gulp’ in hand as they do their work.) These are not your typical government employees—the Rorschach that emerges from the sea of documents reveals something much more unexpected, but also much more familiar to geeks like me.”
The NSA’s blue badge employees divide between civilian hires and uniformed personnel on assignment from Army, Navy, Air Force, Marine Corps, and Coast Guard intelligence. Military employees arrive prescreened. Civilians run a gauntlet when they apply: a 567-question psychological test, a follow-up interview, the SF-86 Questionnaire for National Security Positions, and a polygraph exam to probe for counterintelligence threats. Even so, in the internet age, the NSA has had to adapt in order to recruit the cohort of gifted hackers it needs. They do not tend to arrive with spit-shined shoes and hair cut high and tight. The culture, Snowden said, is “t shirts, jeans, bleached hair, green hair, earrings, meme shirts, memes posted all over your cubicle.” Screeners make allowances. Some of the top recruits would never have made the cut in the analog age of listening posts and paper files.
Alan Tu, a mathematician and computer scientist, was not a member of that group but came to know it well. He joined the NSA straight from grad school at the Georgia Institute of Technology in 2005. At a forward outpost of the National Threat Operations Center in Hawaii, the same office Snowden joined in his final assignment, Tu carried out countersurveillance missions against state hackers from Asia. Thoughtful and judicious, he had an exceptional memory, a straight-arrow reputation, and a sheaf of classified commendations that he cannot show anyone on the outside. On one visit to Hawaii, General Keith Alexander handed him the NSA director’s challenge coin, an engraved brass token of outstanding performance.
The NTOC assignment was a hybrid of cyber defense and offense, a rarity in the NSA. Tu hunted for foreign intruders in U.S. military networks and directed new surveillance to trace their source. When he found the intruders, he helped target countermeasures. Sometimes the operations took surreptitious control of “threat actors” overseas, turning the tables to spy back on the spies. With special authority, seldom granted, the agency could launch a counterattack to disrupt or disable the foreign equipment. Tu worked closely with hackers on the offensive side of the house, including the cool kids in the Remote Operations Center, “the Rock.”
Tu left the NSA six years later with a well-rounded picture of his comrades’ strengths and flaws. “I don’t have some grudge or bombshell. Most of the work done at NSA is mundane, and most of it is not controversial, and some of it is noble,” he told me.
“Whether military or civilian, you can get oddballs,” Tu said. In the military, “you signed up at eighteen or twenty, got basic training, then three to six months of
technical school, then a clearance, and—boom—you end up at NSA. Soon after that, raw traffic access. Do you have the maturity to make good decisions? That’s a legitimate question.” On the civilian side, the people who managed hiring “had to be slightly more mellow about some of the more dramatic folks” who came from the Def Con culture, fond of pranks and cracking wise and competitive game play.
He added, “We’re known as a geeky culture.” In person, typical employees are “more introverted, quiet, more keep-to-yourself type people.” The standard agency joke is that the extroverts look at other people’s shoes as they talk. But when they sit down at their keyboards and let themselves go, they return to their natural habitat. Their briefings and classified blog posts sometimes read like “the Wild, Wild West,” Tu told me.
* * *
—
On September 20, 2013, the day after we came across Emo Cat, I brought Soltani to meet the Post editor, Marty Baron. I knew that critics of our work might seize on Soltani’s national origin, so I let Baron know before they met that he had been born in Iran. He was a longtime U.S. citizen, I explained, who left Tehran as a little boy. That sentence covered a lot of history. Soltani’s father had grown up in the Iran of Mohammed Reza Shah Pahlavi, the American-backed strongman and last in a line of absolute Persian monarchs. The elder Soltani, an accomplished musician, played the tombak, a goblet drum, and accompanied the shah when he traveled with Iran’s national orchestra. Later he became a senior executive of the Iran Insurance Company, overseeing the shah’s assets in the Persian Gulf region. The man was, in short, a poor prospect to thrive when the Islamic Revolution of 1979 deposed the shah and turned Iran’s social order upside down. Soltani’s father fled to America with two daughters in tow, leaving his wife and four-year-old Ashkan to follow after settling the family’s affairs. Ashkan and his mother soon found themselves stranded, helpless to obtain visas from a U.S. embassy held hostage by revolutionary forces. Mother and son made their way to Europe instead, then to Canada, and crossed into the United States by car. They applied for asylum, which was quickly granted. Immigration authorities issued them green cards the following year. Those were different times.
Dark Mirror Page 20