There were all kinds of things Big Tech did not know or did not want to know about the NSA’s use of American corporate infrastructure abroad. Twelve Triple Three, the Reagan-era executive order, gave legal cover to a multitude of intrusions. Ashkan and I shifted our attention entirely to operations of this kind, the ones that happened overseas but touched Americans at home. Critics accused Snowden, and us, of gratuitous disclosure of foreign operations. The gist of our reporting project, though, was the domestic impact.
One thing we discovered was that the NSA was standing at major intersections of the internet and pulling in anything that looked like an electronic address book—email contacts and instant messaging “buddy lists.” Like an old-fashioned paper address book, these electronic listings commonly incorporated not only names and email addresses but also online handles, telephone numbers, street addresses, and business and family information. The NSA loved address books because they offered so much information about human relationships in a structured format. Computers could easily manipulate the entries and “enrich” them, in NSA parlance, with information about the same people from other repositories. Address books also helped correlate online identities when the same person used more than one.
The NSA harvested millions of address books at data crossing points around the world. Many of them, inevitably, belonged to Americans. It was the same story as the one for the Google cloud. The web did not respect geographic boundaries. Just because collection happened abroad did not mean the data was foreign.
Because of the way online services worked, they often transmitted address books when a user logged on, composed a message, or synchronized a computer or mobile device with information stored on remote servers. Rather than targeting individual users, the NSA gathered every address book it could find at its foreign outposts. The numbers grew large enough to constitute a meaningful fraction of the whole world’s email and instant messaging accounts. Analysis of that data enabled the agency to search for hidden connections and to map relationships within a much smaller universe of foreign intelligence targets.
During a single representative day, the NSA’s Special Source Operations branch collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from unspecified other providers, according to an internal PowerPoint presentation. Those figures, described as a typical daily intake, corresponded to a rate of more than 250million address books a year. Each day, the presentation said, the NSA collected contacts from another estimated 500,000 buddy lists on live-chat services as well as from the in-box displays of web-based email accounts. Although the collection took place overseas, two senior U.S. intelligence officials acknowledged that Americans were swept in. They declined to offer an estimate but did not dispute my contention that the number was likely to be in the tens of millions.
Early in the debate that Snowden provoked, Keith Alexander had defended bulk collection as an essential counterterrorism and foreign intelligence tool. “You need the haystack to find the needle,” he said. That was a bold proposition, acknowledging the immensity of a different operation, the one that collected domestic telephone records. That one applied to metadata alone. Address books often included more than metadata: nicknames, labels, and notes fields. Sometimes the contacts were listed in email accounts with the first few lines of their most recent messages. Taken together, the data would enable the NSA to draw detailed maps of a person’s life, as told by personal, professional, political, and religious connections.
The NSA had no authority from Congress or the special intelligence court that oversees foreign surveillance to collect contact lists in bulk. High-ranking officials acknowledged that the operation would be illegal from facilities in the United States. The agency avoided FISA restrictions, as it did with Google cloud exploitation, by intercepting contact lists from access points “all over the world,” one senior official told me, speaking on condition of anonymity. “None of those are on U.S. territory.” Because of the method employed, the agency was not legally required—and had no technical capacity—to restrict its intake to contact lists belonging to specified foreign intelligence targets, he said.
How could this be justified? I asked. American accounts were certain to be scooped up. The NSA believed the law entitled it to pretend otherwise. When information passed through “the overseas collection apparatus,” the official told me, “the assumption is you’re not a U.S. person.” That was indeed the formal rule. In the absence of specific information to the contrary, according to the court-approved targeting rules, “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non–United States person.”
Like other bulk programs, the address book operations were plagued by overcollection. The majority of all emails, one NSA document said, “are SPAM from ‘fake’ addresses and never ‘delivered’ to targets.” Those produced a massive take of useless contact lists, and some of them had to be “emergency detasked” by the intake system. In a briefing from the NSA’s Large Access Exploitation working group, the author called for narrowing the criteria for data interception. It called for a “shifting collection philosophy”: “Memorialize what you need” versus “Order one of everything off the menu and eat what you want.”
Mass surveillance techniques did not naturally work that way. They gathered haystacks, not straws. Another program we came across was extraordinarily ambitious: it tried to track and store the location of every device that placed a mobile telephone call, logging each phone’s whereabouts over time, provided that the device could be monitored from a switch outside U.S. territorial limits. Ashkan and I discovered a set of programs that gathered nearly five billion records a day on the whereabouts of cellphones around the world, enabling the agency to track the movements of individuals—and map their relationships—on a planetary scale.
There were at least hundreds of millions of devices in this location database. The NSA had no reason to suspect that the movements of the overwhelming majority of cellphone users, individually, would be relevant to national security. It mapped the whole universe, or as much as it could touch lawfully, because the database fed a powerful set of analytic tools known collectively as CO-TRAVELER. The CO-TRAVELER toolkit allowed the NSA to find, for example, unknown associates of known intelligence targets by tracking people whose movements intersected. If I switched off my usual phone and turned on a burner at around the same time and place, the NSA could also make that connection and identify the burner phone as mine.
Here again, the NSA did not conduct this collection for the purpose of mapping Americans, but it mapped plenty of Americans nevertheless. For one thing, tens of millions of Americans lived or traveled abroad every year, and just about everyone used a mobile phone. For another, as one senior collection manager told me, “we are getting vast volumes” of location data by tapping mobile networks that served U.S. and foreign cellphones alike.
As for other bulk collection programs, we found evidence of concern in the NSA that the high volume of phone-mapping information was “outpacing our ability to ingest, process and store” data. Unlike in some other cases, the proposed cure was not to be more selective. Instead, the NSA was building more storage and processing power to handle the data flow.
In scale, scope, and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programs that Snowden disclosed in his leak. Analysts could find cellphones anywhere in the world, retrace their movements, and expose hidden relationships among the people using them. When aggregated over time, location data is widely regarded among privacy advocates as uniquely sensitive. Sophisticated mathematical techniques enabled NSA analysts to correlate patterns of movement with thousands or millions of other phone users who crossed paths. Cellphones broadcast their locations even when they were not being used to place a call or send a text message.
“One of the key components of location data, and why it’s so sensitive, is that the laws of physics don’t let you keep it private,” privacy advocate Christopher Soghoian told me. People who value their privacy can encrypt their emails and disguise their online identities, but “the only way to hide your location is to disconnect from our modern communication system and live in a cave.” Methodical collection and storage of this geolocation database meant that the government was tracking all those devices into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes, and other traditionally protected spaces.
No refuge. No haven. No place the U.S. government would accept as sanctuary.
As always, the documents available were incomplete. I did not like the wiggle room that Bob Litt, the DNI’s general counsel, left in his official statement: “[T]here is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.” Was some other government entity doing it? Did the government buy the data or acquire it in some way that it did not count as “collection” under intelligence law? What did he mean by “bulk”? How much work did “intentionally” do in that sentence? Litt would not answer those questions.
Keith Alexander had disclosed in Senate testimony in October 2013 that the NSA ran a pilot project in 2010 and 2011 to obtain “samples” of U.S. cellphone location data. The project was discontinued because it had no “operational value,” he said then. He said nothing to suggest any doubt about his legal authority. Gathering U.S. location data “may be something that is a future requirement for the country, but it is not right now,” he said. Had that changed? We had no answers.
* * *
—
In the age of the photon, a man could take refuge in Moscow without disconnecting from the world at large. He could remain in hiding and yet emerge, virtually, to join a conversation almost anywhere. Snowden did not suffer the isolation of exiles past. “I can be involved whenever I want to be,” he told me in 2015. “When I’m giving talks at Stanford, Harvard, and Princeton, things are pretty good. The government has lost their power. The only thing they can do is not let me in the border.”
“The fact that I am so free to work, by virtue of the internet, and by my ability to armor my communications—that is something that’s really new,” he told the Homeland cast and creative team the same year. The latest innovation, he explained, allowed him to “sort of ‘possess’ a robot.” He was talking about possession in the ghostly sense. From a keyboard in Moscow, Snowden inhabited a five-foot-two automaton on wheels. It was called a BeamPro, ninety pounds of sleek steel, aluminum, and glass that its manufacturer, Suitable Tech Inc., described as a “remote telepresence.”
Everyone naturally called the thing a Snowbot. Snowden not only could speak and listen, see and be seen, but move around a room or down a hallway. He controlled the motion with the arrows on his keyboard. The effect reminded me of Rosie, the household robot in the Jetsons cartoons. In March 2014, Snowden made his public debut with a BeamPro by giving a TED Talk in Vancouver, pivoting between the moderator and his audience.
I had to go meet the Snowbot. On the day I arrived at the sleek New York headquarters of the ACLU, which represented Snowden, he had already spent hours at the office from thousands of miles away. He attended and participated in a moot court held in preparation for appellate arguments coming soon in ACLU v. Clapper, which challenged the telephone metadata program. Snowden used the robot to circumnavigate the big conference table, shifting position to talk to someone face-to-face or to examine a document. Later, he wandered down the hallway, checking the name plates on the doors, saying hello, and stopped to visit one of the lawyers, Jameel Jaffer, for a one-on-one. It sounded like a gimmick, but mobility gave Snowbot a presence that video calls did not.
“The only thing there’s trouble with is, this thing doesn’t have any arms,” Snowden told me when he beamed back in to chat that afternoon.
Ben Wizner, his principal lawyer, made an arch reference to killer cyborgs and the grand artificial intelligence in the Terminator films. “We’re not going to have Skynet yet because you can’t push the elevator buttons,” he said.
Elevators. Snowden thought on that, looked ahead to the tactical problem. “If you’re ever running away from a killer robot,” he advised me, “go hide in the elevator, because it actually kills the wi-fi signal. So I can roll into the elevator after you, but as soon as the door closes I’m totally screwed.”
“I love that,” Wizner replied. “Twenty-first-century opsec.”
Wizner was joking. Snowden was working the problem.
In retrospect, Snowden’s tactical frame of mind could produce startling results. In 2019, amid Special Counsel Robert Mueller’s investigation into Russian interference in the 2016 presidential election, I went looking for something unrelated in my notes of an interview with Snowden in 2013. I came across an exchange that had not especially struck me at the time. Snowden had been riffing on the danger that NSA surveillance could be misused for political ends. A different kind of leaker, he said, with a different kind of agenda, could have exposed communications in a devastating electoral attack.
“What if I had been a real political partisan who hated the Democrats and Obama and collected every Democratic official’s emails between now and the elections coming up in the midterm, and leaked them all out as the new October surprise,” he said then, referring to the 2014 midterms. “Think about the implications that has for the way our system of governance works. The way our elections work. That is the harm, that is the risk that these centers of gravity represent, that these databases represent.”
This conversation took place more than two years before Russia’s GRU hacked into email accounts belonging to Hillary Clinton’s campaign chairman and the Democratic National Committee. “Doxing,” which is short for document dumping, was not a novel concept at the time. Hackers had invented it as a tactic of revenge in the 1990s. Its use as a high-impact political tool, however, was yet to come. At the time Snowden spoke, doxing was most often discussed as a low-stakes prank. In March 2013, for example, a person or persons unknown had created a website, The Secret Files, that published personal information—phone numbers, addresses, and the like—for Michelle Obama, Ashton Kutcher, Beyoncé, Joe Biden, Donald Trump, and other celebrities. The devastating hack of the Sony Corp. by North Korea, and other episodes in what Bruce Schneier called “the rise of political doxing,” did not begin until about a year later. Snowden saw the potential before it happened. His mind just naturally turned in that direction.
* * *
—
By the time I met Vanee Vines in person, we had already suffered through dozens of mutually unsatisfying exchanges by email and telephone. As the lead media contact for the NSA during the Snowden drama, Vines tried to play a role that no one could have pulled off. She was a crisis manager with no authority to manage. Day after day, she bore bad news to bosses and no news at all to reporters. She had been a reporter herself, covering education at the Virginian-Pilot for the first few years after college at Syracuse. When she finished her master’s in journalism, she switched sides. Media relations was the growth industry. For the most part Vines kept her performance cool, but exasperation often lurked offstage. On the day we met face-to-face at Georgetown Law School, she had just heard George Ellard, the NSA inspector general, compare Snowden—and me as Snowden’s “agent”—to the worst traitor in the history of the FBI. Now she pulled me aside and launched a broadside. Snowden had lied to me constantly, Vines alleged, and I fell for it every time.
“You’re in love with your source,” she said. “Have you even considered he’s spinning you?”
Spin, I thought uncharitably, was her department. I did not say it. Vines was not really the culprit. On most days she delivered lines that others wrote for her. There had been w
ay too much dishonest bluster from government officials, too many artful statements crafted to distract from the truth. Members of the intelligence establishment loathed Snowden and wanted to tear him down. They believed his crimes and deficiencies were the story.
Maybe I dismissed what Vines said too easily.
* * *
—
There were signs that Snowden was capable of an instrumental approach to truth. In conversations about my work, when I got stuck on a hard reporting problem, he sometimes suggested that I provoke fresh disclosures from government officials by pretending to know more than I did.
“It sounds like I won’t be able to give you the smoking gun on the story, but I encourage you to make grave accusations when seeking comment, even if you don’t run them in the article,” he told me once. “Seems like one of the only ways to get the truth anymore.”
“I don’t claim to know something I don’t,” I responded. Snowden let it drop.
Another time he went further, proposing that I actually publish informed speculation as fact. If my story outran the evidence, he said, the government would be forced to respond and thereby reveal more. There would be a net gain for public information either way. As an example, Snowden cited the Washington Post article about mobile telephone location tracking. Ashkan and I had written that the NSA gathered nearly five billion location records a day. We would have preferred to say how many phones the agency tracked, but we did not know.
Dark Mirror Page 33