Snowden, in Moscow, resisted any such concession. “People who have the greatest, absolutely greatest incentive to tear down the reporting, to play up the harms, to invent harms as a result of this, aren’t doing it,” he told me. “They haven’t been able to. We have no evidence at all of anything going bad.”
When I pushed back, saying that some surveillance targets must have changed behavior, Snowden said I failed to understand that nothing stays the same for long in signals intelligence. The global telecommunications system is the most complicated machine ever built, its physical and virtual structures in constant flux. Facebook adjusts a protocol, Cisco updates its firmware, Mozilla squashes a bug, China upgrades the Great Firewall, someone in Russia replaces a router—any of a million things happen and something in the NSA toolkit no longer works. Every change, Snowden said, brings opportunity, too. “Sources and methods die every day,” he said. “And they die for reasons that are completely unrelated to leaks or opsec or anything like that. It is just a natural product of the intelligence process. NSA and the intelligence community are a factory for generating new sources and methods.”
Up to a limit, Snowden and Clapper might have agreed on this. Not long before my trip to Moscow, Clapper briefed members of Congress on the fallout from the first several months of Snowden leaks. The intelligence community, he said, had done a retrospective review of contemporary damage assessments after major security breaches. History suggested that early analysis overstated the harm. In the immediate aftermath of a breach, intelligence agencies commonly judged that their programs had been set back by a decade or more. That seldom turned out to be true, especially in signals intelligence, which generally found ways to reacquire its targets. “People must communicate,” Clapper said in the closed briefing. “They want to communicate. They will make mistakes, and we will exploit them.”
Still, there are significant opportunity costs in the kind of recovery that Clapper was talking about. Money and labor are diverted in large quantities to assess and repair the damage of a security breach like Snowden’s. Nobody can say much for sure about this, but the NSA will also have missed some signals, meanwhile, that it otherwise could have intercepted. There are (sometimes) costs and harms of disclosing secrets, just as there are (sometimes) costs and harms of keeping them from the public.
At heart, national security secrecy presents a conflict of core values: self-government and self-defense. If we do not know what our government is doing, we cannot hold it accountable. If we do know, our enemies know, too. That can be dangerous. That is our predicament. Wartime heightens the case for secrecy because the value of security is at its peak. But secrecy is never more damaging to self-government than in wartime, because making war is the very paradigm of a political choice.
How do we navigate this dilemma, and who gets to hold the rudder? A long list of incompetents comes to mind. Suppose we begin with me. I am not qualified to assess the harm of any given disclosure to national security, and moreover I am not responsible for the outcome. Likewise, the president and his appointees are not qualified to decide what the public needs to know to hold them accountable. I do not mean that they are unskilled in the exercise. I mean that a self-governing people cannot consent in principle for the president to conceal whatever he likes, armored with the power to impose secrecy under penalty of law.
In the American ecosystem of secrets and leaks, we have, broadly speaking, two reciprocally unqualified parties. Neither side has the power to decide alone which secrets will be kept. The government tries to keep its secrets, and usually succeeds. Journalists try to find some of them out. The news may seem to be full of unauthorized disclosures, but leaks are dwarfed by the billions of classified choices made by millions of clearance holders every year. Consequential leaks are edge cases, teaspoons from an ocean of secrecy, and the ecosystem deals with them in a process that combines competition with cooperation. Traditional mainstream media, and many of our newer cousins as well, give respectful hearings to the government when we contemplate publication of something sensitive. We negotiate a middle path, most commonly by mutual consent, however reluctant and tacit the consent may be.
* * *
—
At breakfast with Clapper in 2018, I began to explain the way the Post handles such things. I wanted to ask how he assessed the process, but Clapper lost patience before I finished a sentence.
“You know, Bart, this sounds like you’re trying to justify to me, four years later, five years later, trying to sell me that you’re a responsible journalist,” he said, interrupting. “And my point is, that’s not a reliable criterion from an intelligence perspective, protecting sources and methods.”
“All I want to ask—” I began, but Clapper rolled on, exasperated.
“You put it on us to make a judgment, well, good old Bart Gellman. He’ll protect us. Maybe you will. Maybe you won’t. Maybe someone else won’t.”
True, I wanted to say. Sometimes you get a case like the so-called Shadow Brokers leak of 2016, when parties unknown placed online a whole suite of the NSA’s most potent software exploits. It was a devastating loss, very likely worse than any damage done by Snowden. Doing damage, and laying the blame on the NSA, appeared to be the whole purpose of the leak. What I was hoping to talk to Clapper about was how the process ought to work when journalists and government make the best available choices.
Clapper rebelled against my claim that consultation was his best-case scenario once a journalist finds something out. But in that event the more reliable mechanisms of information control, as he understands them, have already failed. I was not going to give the Snowden archive back. I was not going to quash every story I found there. But neither did I want to do wanton damage. Most especially I was determined not to step on anything fragile without knowing what I had underfoot. I sometimes disagreed about the balance of public interests in any given disclosure, but I had to know what the government saw as a risk. And there were many times, as the Snowden story developed, when it was possible to remove details that my interlocutors cared about without undercutting the news value of a story.
In one story, for example, I wanted to grant a point to the government by noting that a controversial surveillance program had produced valuable intelligence. Three of the best examples were obvious nonstarters: mentioning them would blow ongoing, productive collection against a significant U.S. adversary. Glenn Greenwald and Laura Poitras, who knew about all three of these stories, had decided independently not to publish them either. (I know that only because they did not do so. We did not coordinate on decisions like that.) When Julie Tate, my Post research partner, and I worked through a huge pile of intercepts, she noticed that there were four alleged terrorist suspects—all dead by then or in custody—who had been located because of the surveillance tools I wanted to write about. I approached Clapper’s office. Was there any reason not to name the four men, now that they were no longer threats at large? The CIA, which took the lead in preparing an answer, asked that our story not mention two of the four. Officials there offered a reason, off the record, that persuasively explained their concern. The Post agreed to hold back the two names. We published the other two, and the CIA did not object.
The greatest impediment to these consultations was a catch-22 of the government’s own devising. Classified information may only be discussed on secure government communications channels. I held no classified clearance and could not use those channels. The NSA and DNI’s office therefore felt bound to insist that we talk about the most hair-raising secrets on ordinary email and telephone lines when we could not meet face-to-face. This made no sense to me. How could they possibly want that? The whole idea, from their point of view, was to identify information they thought would be harmful to disclose.
For months I begged interlocutors such as Vanee Vines, the NSA spokeswoman, to use commercial, off-the-shelf encryption software or hardware for our conversations. Shawn Turner, t
he DNI spokesman, wrote to White House spokeswoman Caitlin Hayden shortly after the Snowden disclosures began, taking note of “a change in the way Gellman wants to communicate about the information he has. He no longer wants to email us information from the document. He asked that we either meet face-to-face or use a courier to collaborate.” In fact, that had been my request from the beginning. Government-certified encryption technology was available for sale to anyone. Anything would be better than nothing. Vines was in Fort Meade, Maryland. I lived in New York. Most of the time we could not speak in person, and anyway we often wound up in conference calls with people in other states. Eight months into the process, Vines told me, “We’re aware of your concern. It’s been stated many times. We don’t have an answer for you.”
Stuck with open telephone lines, we resorted to mumbly evasions.
That thing we discussed last week . . . No, the other thing, the one about that country . . . With three syllables . . . Fourth paragraph, fourth line . . . The program named after an animal . . .
I once heard myself say to Chris Inglis, then the deputy director of the NSA, that “there’s a diagram with two rhyming words, and between those words is an acronym next to a box. Is that the capability you’re talking about?”
On one occasion I wanted to ask about a large quantity of what seemed to be unprocessed intercepts. There were no page numbers, no author, no title, and no other way I could think of to identify the contents elliptically on the phone. There were dozens of pages. Vines suggested I email them. No way, I said. We went back and forth. Finally I agreed to send an encrypted zip file. I directed Vines to a long, complex phrase that I did not have to say on the telephone. That will be the password, I said.
The next day, Vines called back to say she could not open the zip file. “My IT guys say they don’t know what’s wrong,” she said.
Your IT guys? The National Security Agency’s IT guys cannot work a zip file?
“Can you send it again with a simple password?” she asked. “How about ‘abc123’?”
She really asked that. I refused. Eventually I asked Julie Tate to print the pages and meet an emissary from the NSA outside the newspaper on 15th Street NW. Before handing over the envelope, Julie asked the man in the car to show some identification. He could not believe his ears. “You’re the one—” he sputtered, then gave up and pulled out his NSA badge. The whole scene was surreal.
* * *
—
The first time I heard the term FIRSTFRUITS, a confidential source told me to search for it on the internet. All I turned up were ravings on blogs about spooky plots. The Bush administration, according to these accounts, had an off-the-books spying program akin to the work of the former East German Stasi. FIRSTFRUITS allegedly listened in on journalists, political dissenters, members of Congress, and other threats to the globalist order. In some versions of the story, the program marked its victims for arrest or assassination. Even the respectable left-wing opinion site Daily Kos included an overheated tale about FIRSTFRUITS in its unmoderated “Community” section. As best I could tell, these stories all traced back to a series of posts by a man named Wayne Madsen, who has aptly been described as “a paranoid conspiracy theorist in the tradition of Alex Jones, on whose radio show he often appears.” (After reporting that foreign intelligence services had proof that Barack Obama’s birth certificate was a forgery, Madsen did a follow-up story that “Obama White House Wants Wayne Madsen Killed.”) I did a little bit of reading in these fever swamps and concluded that FIRSTFRUITS was a crank’s dark fantasy.
Then came the day I found my name in the Snowden archive. Once again the journalism gods reminded me that grains of truth turn up in the least likely places. Sixteen documents, including the one that talked about me, named FIRSTFRUITS as a counterintelligence database that tracked unauthorized disclosures in the news media. Madsen’s blog posts were full of outlandish accusations, for instance that the NSA relied on FIRSTFRUITS for “plugging any leaks of classified or other information that points to U.S. government’s involvement with the terrorist attacks on September 11, 2001.” Even so, the blogger knew three things that no one had reported publicly before. The NSA did have a database called FIRSTFRUITS. It focused on press leaks. And it fell under the rubric of a Denial and Deception (D&D) unit within the NSA’s Signals Intelligence Directorate.
According to Top Secret briefing materials prepared by Joseph J. Brand, a senior NSA executive who was also among the leading advocates of a crackdown on leaks, FIRSTFRUITS got its name from the phrase “the fruits of our labor.” Brand wrote that “adversaries know more about SIGINT sources & methods today than ever before.” Some damaging disclosures came from the U.S. government’s own official communications. If Washington admonished Moscow, for example, to stop funding rebels in this or that country, the admonition might reveal knowledge obtained by the NSA. This happened surprisingly often, according to Brand. He counted 399 such “demarches,” as formal diplomatic communications are known, that placed sources or methods at risk between 1999 and early 2002. Other secrets were lost to foreign spies, Brand wrote, but “most often, these disclosures occur through the media.” He listed four “flagrant media leakers”: the Post, the Times, the New Yorker, and the Washington Times. The FIRSTFRUITS project aimed to “drastically reduce significant losses of collection capability” at our hands.
In NSA parlance, exposure of a source or method of surveillance is a “cryptologic insecurity.” If exposure leads to loss of collection, that is “impairment.” I was fully prepared to believe that some leaks cause impairment, but Brand’s accounting—like many of the government’s public assertions—left something to be desired.
By far the most frequent accusation in debates about this question is that journalists caused a devastating loss of access to Osama bin Laden’s satellite phone communications. It is hard to overstate the centrality of this episode to intelligence community lore about the news media. The accusation, which as best I can discover was first made publicly by White House press secretary Ari Fleischer in 2002, relied on a sequence of events laid out in a classified presentation from Brand. As Fleischer put it, a newspaper reported that the NSA could “listen to Osama bin Laden on his satellite phone,” and this caused the al Qaeda leader to abandon the device. President George W. Bush and a long line of other officials reprised this assertion in the years to come.
I carry no brief for the Washington Times, the newspaper in question, but the tale of the busted satphone surveillance was almost certainly untrue. It relied on the following coincidence. On August 21, 1998, the Washington Times wrote in the twenty-second paragraph of a profile of bin Laden, “He keeps in touch with the world via computers and satellite phones and has given occasional interviews to international news organizations.” Shortly thereafter, bin Laden stopped using the phone. Some U.S. officials, including the CIA’s James Bruce in the documentary film Secrecy, said journalists spooked bin Laden by revealing that “we had an intercept capability.” No story actually said that until weeks after bin Laden went dark. The mere fact that bin Laden used a satellite phone had been published repeatedly since 1996, and bin Laden did not try to hide it. NBC News broadcast footage of the al Qaeda leader posing with the phone in December of that year. Bin Laden’s aides actually asked a fixer for ABC News to bring a spare satphone battery for their boss when the network came for an interview in 1997.
Why, then, did bin Laden suddenly stop using the device the following summer? The answer may be inferred only circumstantially, but circumstances are awfully suggestive. On August 20, 1998, the day before the story in the Washington Times, the United States launched barrages of cruise missiles against al Qaeda training camps in Afghanistan and a factory in Sudan, targeting, among other sites, a facility that bin Laden had recently visited. Bin Laden went deep underground, forswearing electronic communications that might give his location away. Blaming a news story for this development, rather than a
close miss on bin Laden’s life, strained all logic. Somehow it became an article of faith in the intelligence community.
In 2001, according to Brand’s NSA documents, the agency “stood up” a staff of leak trackers, allocating new positions for that purpose to a unit concerned with foreign denial and deception. The director of central intelligence established an interagency Foreign Denial and Deception Committee. The project, which began compiling records in May 1999, grew large enough, Brand wrote, that it “hired [a] contractor with FDDC funds to build [a] foreign knowledge database (FIRSTFRUITS).” One of its major purposes was to feed information about harmful news stories to the “Attorney General task force to investigate media leaks.”
In forty-nine cases, three of them involving me, the FIRSTFRUITS project produced “crime reports to DOJ.” The FBI, in turn, was left with a conundrum. What crime, exactly, was it being asked to investigate? Congress has never passed a law that squarely addressed unauthorized disclosures to reporters from public officials. There is no American counterpart to the United Kingdom’s Official Secrets Act. Government employees sign a pledge to protect classified information. If they break that pledge they can lose their security clearances or their jobs. Those are civil penalties. When it comes to criminal law, there are potential charges of theft or unlawful possession of government property. The nearest analogy in the law, however, and the charge most commonly prosecuted in such cases, is espionage.
Dark Mirror Page 28