What Ellsberg and Snowden did have in common was unbreakable confidence in their understanding of right and wrong. As a journalist, I had known my share of leakers who were driven by a cause. Certitude defined them more than any other quality, even if they came to dissent after working inside the system for some time. They were allergic to compromise, estranged from workplace norms. In my experience they claimed no special knowledge of moral truth. It was characteristic of their worldview that they believed the truth was obvious to just about everyone.
The first time I met Snowden, I tried hard to pin him down on this point. Lots of people disapprove of what they see at work, I said. “Most of them just go along. It takes a lot of—I don’t know, intellectual and moral self-confidence, right?” I asked.
“Or sociopathy,” he joked, uncomfortable with this line of inquiry.
“You have to feel like you out of all the people who could be doing it—in this case, tens of thousands of people—that you’re the one who ought to be the agent of change,” I said. “The great majority would just stay and rationalize it, right? A small number would say, ‘I can’t be part of this,’ and leave. Hardly anyone says, ‘I have to be the one who stops it.’”
Snowden lit up. “I agree. And that’s where my frustration was. . . . If you see that things aren’t changing, and you see the gravity of the situation, you may feel compelled simply to do something. Because you realize you can. You realize you have the capability, and you realize every other motherfucker sitting around the table has the same capability but they don’t do it. So somebody has to be the first.”
What distinguished whistleblowers from their peers was intolerance of belief without action. There was black and there was white and they refused to avert their eyes, even—or especially—if others would not let themselves see. Going public followed inevitably. Whatever else drove Ellsberg and Snowden, their zeal was sincere.
* * *
—
Ashkan and I came up with four, then five, then six hypotheses about how the NSA broke into the Google cloud. Maybe, we thought, the NSA had stolen the company’s master SSL certificate, enabling spies to impersonate Google services online. Your computer thought it was talking to Google, but it was talking to Fort Meade. Maybe, on the other hand, the NSA cracked the genuine certificate’s encryption. Your computer really was talking to Google but the NSA listened in. Maybe the NSA could forge a certificate. Maybe it secretly ran one of the companies (“certificate authorities”) that verified certificates as authentic. Maybe it found a bug in the software code that managed certificates in browsers. Maybe—the most disturbing prospect—the NSA knew of a “master flaw,” as Ashkan put it, in the way cryptographic certificates worked. “We’ve just figured out, we think, that NSA has a master SSL cert for the entire internet,” I wrote, hyperbolically, in a diary note early in our explorations.
Wrong. Completely wrong. Further reporting shot down all six of our hypotheses. That is what reporting is for, but we were making no progress.
Imagine the mystery in medieval terms. We knew the NSA could read secret messages that were supposed to be safe behind high castle walls. We did not know how the ramparts were breached or how many secrets were lost. Did the NSA have the queen’s guard on its payroll? Did it know how to intercept messenger ravens in flight? Did spies slip through cracks in the castle walls, pry open the portcullis, tunnel under the moats? Did some dark magic allow them to pass through walls? Some versions of this story had bigger repercussions than others.
Another day, another engineer from Google’s security team. This one met me in a dimly lit coffeehouse, table in the back. He did not swear when he saw the smile emoji, but apart from that his first words matched his colleague’s exactly: “I hope you publish this.”
“The diagram is a simplification of what we do,” he said. “It’s not fully accurate, but that does not mean they are not aware of the details.” He pointed toward the right side of the sketch, where Google data centers exchanged information “in the clear” inside their own private cloud. “The fact that they’ve investigated that and they’ve got the big smiley face on it, they’ve clearly tapped enough to be aware of how we’ve architected things. On our private backbone, traffic would be unencrypted.”
He gave a tight smile, angry but self-possessed. He wore the expression of an expert locksmith who just learned that the locks on his own house had been picked—over and over, for a very long time. One slide in the document dated the operation back more than six years. The NSA knew what Google’s networks looked like from the inside, and there was only one way it could have discovered that, he said: “They know where the plaintext is, and they’re aware of that because they went around and found it. And once they’ve found it, it seems highly unlikely they’d say, ‘That’s interesting’ and then leave it alone.”
Highly unlikely, but not logically impossible. In theory the NSA might have picked Google’s locks, looked inside, discovered a gold mine of unsecured information, and departed without touching a thing. The agency might have found a way to collect information about Google users from somewhere else. From outside the Google castle, in other words. Over the property line. In order to nail down this story, Ashkan and I needed evidence that the NSA possessed something unique to Google’s internal networks, bits and bytes that existed in no other place.
Eventually, with the help of government and company sources, we found fragments of raw collection in NSA files that matched the data structures and formats used among Google data centers. Those formats were proprietary and unique. They did not travel on the internet. Case closed. And not only for Google. The NSA was also breaking into Yahoo, Google’s Silicon Valley rival. The agency had been obliged “to develop custom demultiplexers,” one presentation said, to take apart the proprietary format that Yahoo employed for “transferring entire email accounts.” We found strong circumstantial evidence that Microsoft’s overseas data networks were compromised, too, but not quite enough to say so definitively.
Finally we understood why all our hypotheses about Google cloud exploitation had been wrong. We had been trying to answer the wrong question. We assumed it was the NSA that stripped away (“added and removed”) the SSL encryption protecting Google traffic. The question we asked was how. But that was not the way the thing worked at all. It was Google that decrypted its own traffic, as part of normal operations, just as the data left the public internet and arrived at the boundary of the company’s private cloud. The NSA acquisitions directorate did not have to break through the walls of the Google castle or dig under them. Figuratively speaking, the NSA infiltrated the gatehouse and waited for Google to open the door. As a literal matter, there were places around the world where Google’s “private glass,” the cables that linked the company’s internal networks, reached a physical junction with the fiber optic backbone of the internet. Private companies hosted the junction points. GCHQ, the NSA’s British counterpart, had a special relationship with one of those companies. The GCHQ and the NSA shared access to Google’s conduits at a location identified only as MUSCULAR. Wherever it was, a photograph shot inside the premises showed side-by-side racks of communications gear. One side of the photo was labeled “carrier equipment,” which made the fiber optic connection to Google’s network. The other side was labeled “multiplexing equipment,” which diverted an extra copy of the whole data flow to the NSA’s TURMOIL processing system. One copy in, two copies out, and Google none the wiser.
The scale of the operation was significant. According to a Top Secret accounting dated January 9, 2013, the NSA’s acquisitions directorate sent millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade. In the preceding thirty days, the report said, field collectors had processed and sent back 181,280,466 new records—including “metadata,” which would indicate who sent or received emails and when, along with content such as text,
audio, and video. Finally, we were ready to publish.
On October 30, 2013, my story with Ashkan began like this: “The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials. By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans.”
We continued, “The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies, especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process.”
By now, prompted in part by our questions, Google had launched its own investigation. The company had held its silence on most of the surveillance stories to date, but this time it let loose with a thundering statement. “We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links,” chief legal officer David Drummond said, adding, “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”
“There was a lot more emotion that day than on most days,” Microsoft’s then general counsel, Brad Smith, told me two months later. “In an industry that is very competitive, there was a lot of unity across the tech sector in terms of reaction to that news. Suddenly we realized that perhaps we didn’t know everything that was going on. Our fundamental position as a technology provider was being undermined. We didn’t have the control of our own facilities and data that we thought we had.”
Keith Alexander, the NSA director, was attending a cyber security conference when the story broke. A reporter there asked him about it. The reporter had not read our story and slightly misstated its main point. “General,” he asked, “we’re getting some news that’s crossing right now being reported in The Washington Post that there are new Snowden allegations that say the NSA broke into Yahoo and Google’s databases worldwide, that they infiltrated these databases?” Alexander seized on the word “databases” to offer what sounded like, but was not, a flat denial. “That’s never happened,” he said. “This is not the NSA breaking into any databases. It would be illegal for us to do that. And so I don’t know what the report is, but I can tell you factually we do not have access to Google servers, Yahoo servers.” Our story, as Alexander knew by then, did not say the NSA broke into servers or databases. It said the agency, working with its British counterpart, intercepted communications on private circuits among data centers. The distinction was between “data at rest” and “data on the fly.” The NSA and GCHQ did not break into user accounts that were stored on Yahoo and Google equipment. They intercepted the information as it traveled over fiber optic cables inside the company networks. Alexander then digressed to an off-topic explanation that the government obtains court orders to intercept data on U.S. territory.
Alexander and his staff had known for six days what our story was going to say. They were angry, above all, at its account of the legal context, which described “looser restrictions and less oversight” because the operations took place abroad. “Such large-scale collection of Internet content would be illegal in the United States,” we wrote.
Intelligence officials took that as an accusation of bad faith. Valerie Sayre, the NSA’s deputy director for legislative affairs, sent a heads-up by email two days in advance of publication to Bob Litt, the government’s chief intelligence lawyer. “Bart Gellman, Washington Post, is planning to run a story possibly as early as Tuesday afternoon about certain NSA 12333 collection, which he believes is being ‘backdoored’ to circumvent [FISA Amendments Act section] 702 authorities,” she wrote on October 28. “His analysis is wrong, of course.”
What was wrong, Sayre and others believed, was our implied allegation of cheating. Litt and his NSA counterpart, Raj De, said as much when they spoke at an American Bar Association conference on the morning our story appeared. De, ordinarily an even-tempered man, expressed outrage at “the implication, the insinuation, suggestion or the outright statement that an agency like NSA would use authority under Executive Order 12333 to evade, skirt or go around FISA.” Litt complained that, after all, “everything that has been exposed [in the press] so far has been done within the law.”
That was actually our own point, if a news story can be said to have a point. We did not accuse the NSA of breaking the law or evading its confines. We exposed a wide gap between what the law said, as government lawyers construed it, and what Americans had been led to believe about their privacy. De and Litt were paid to find running room in a broken field of rules and regulations. They did so in good faith, for a good cause, and the NSA took full advantage of the openings they found. The question raised by the story was whether the law needed reform, as Google executives and civil libertarians urged. Sometimes, as the writer Michael Kinsley has said, the scandal is what’s legal.
* * *
—
In early 2015, the showrunner of Showtime’s Homeland television series invited me to chat with the cast and creative team. The series, a spy drama entering its fifth season, had become a big hit among actual intelligence officers and national security types. The Homeland writers made an annual pilgrimage from Hollywood to talk to the real-world counterparts of their fictional characters. Two former CIA directors and a cabal of former station chiefs were on the list this year. Sounded fun.
Was there any chance, my friend Alex Gansa asked me, that Snowden might want to join us virtually? Unexpectedly, Snowden agreed. We decided to make his appearance a surprise. The group met at the private City Tavern Club in Georgetown, an eighteenth-century inn that had once served ale to George Washington and John Adams. There was a faint smell of leather polish and antique rugs. Halfway through lunch, as a technician fussed with a two-way video link in the clubhouse library, I told the group, “We have Snowden joining us.”
“Insane,” said Claire Danes, the star of the show, who played a bipolar CIA officer. She reached for a phone and texted someone. “I’m going to push back my flight,” she said.
Snowden appeared onscreen like the Wizard of Oz, nothing but head, larger than life. The Homeland crew had heard a lot about him, none of it good, from intelligence and State Department and White House officials. He had admirers here today, but the room was split. Snowden, it turned out, was willing to tolerate more personal questions from this group than he did from journalists. Like Ellsberg, Team Homeland brought out his discursive side.
“Your name has come up over and over again,” Gansa told him. “And honestly your name comes up, and it’s like a light switch flips. And the level of betrayal that the people [in government] feel as to what’s been revealed . . . I would just like to start with your feelings about hearing the level of vitriol that we got back.”
“So this is actually a little bit new to me, but it’s valuable to hear this,” Snowden began. Official Washington had worked hard to vilify him, so “it doesn’t surprise me that people say that. But I would be interested in knowing how many people you talk to have actually been close to these issues, have actually worked with this, knew me. How many people worked with these programs, and didn’t have second thoughts.”
At the working levels of the intelligence community, below the big bosses, Snowden thought he enjoyed some support. “Almost anytime you speak with these individuals privately, off the record, not a journalist—you’re a friend, you’re a confidant, and they really feel safe—I think you’ll find more often than not there’s a little bit more nuance there. They’re not going to say, ‘Hey, this guy’s great, give him a medal and a parade,’ and I wouldn’t expect that. I think this is an extraordinary case.
. . . But of course I’m not perfect. I’m flawed. I’m human. I could have made terrible mistakes. But I felt that I had an obligation to act.”
Snowden was in a talkative mood. “I can’t say that I can’t be criticized, I can’t say that I’m this champion of law, because I broke a lot of rules to do this act. But there aren’t a lot of people in public today who are arguing that we’d be better off if we didn’t know. I did what I could to maximize what was in the public interest and minimize what would cause harm.”
“I’m really parroting to you what we heard—” Gansa started to say.
“No, no, I understand. Don’t hold back.”
“—and that is that the fight against the bad guys has been very severely affected.”
“Did they quantify that? Did they give any specific examples? Because they’ve been making the same arguments in the newspapers off the record. But even though we’ve had literally congressional hearings on this, they’ve never provided even a single case.”
Well, Gansa said, “they’re prohibited from talking about that here. We don’t get to hear that classified stuff.”
Dark Mirror Page 31