Dark Mirror
Page 48
that “[g]overnment snooping”: Brad Smith, “Protecting Customer Data from Government Snooping,” Microsoft Technet blog, December 4, 2013, at https://perma.cc/UWH8-VPL5.
an electronic address book: Barton Gellman and Ashkan Soltani, “NSA Collects Millions of E-mail Address Books Globally,” Washington Post, October 14, 2013, at https://perma.cc/ZR32-EC4Q.
“a person reasonably believed”: To accompany an article I coauthored with Ellen Nakashima and Greg Miller, the Washington Post published a 2009 version of the targeting and minimization rules. See “Classified Documents Show Rules for NSA Surveillance Without a Warrant,” https://apps.washingtonpost.com/g/page/politics/top-secret-documents-show-rules-for-nsa-surveillance-without-a-warrant/248/.
nearly five billion records a day: Barton Gellman and Ashkan Soltani, “NSA Tracking Cellphone Locations Worldwide, Snowden Documents Show,” Washington Post, December 4, 2013, at https://perma.cc/PS3M-Y5HJ.
automaton on wheels: “Meet BeamPro,” Suitable Tech Inc., https://suitabletech.com/products/beam-pro.
The Secret Files: Christine Pelisek, “Doxxing: It’s Like Hacking, but Legal,” Daily Beast, March 13, 2013, www.thedailybeast.com/doxxing-its-like-hacking-but-legal.
“the rise of political doxing”: Bruce Schneier, “The Rise of Political Doxing,” Vice, October 28, 2015, www.vice.com/en_us/article/z43bm8/the-rise-of-political-doxing.
She was a crisis manager: Vanee Vines portrayed herself this way in her LinkedIn profile, www.linkedin.com/in/vaneevines/.
to the worst traitor: I wrote about George Ellard’s comment, comparing Snowden and his “agent” journalists to FBI traitor Robert Hanssen, in chapter 7.
“It sounds like I won’t”: Snowden chat with author, November 22, 2013.
require extraordinary evidence: The aphorism was popularized by astronomer Carl Sagan in his 1980 television show Cosmos. It is a staple in the worlds of science, intelligence, and journalism.
“Gang of Eight”: The Gang of Eight referred to the chairs and ranking members of the two intelligence committees and the top two Democrats and Republicans of each chamber in Congress.
“The only thing you have”: Snowden chat with author, October 22, 2013.
“I’ve thought a lot about that”: Snowden to author, October 2, 2013.
“has access to the complete”: Snowden chat with author, June 9, 2014.
“secret sharing scheme”: Secret sharing is a mathematical algorithm for splitting a cryptographic key into parts that must be recombined in order to work. Snowden said he based his system on a famous paper by an MIT cryptographer. See Adi Shamir, “How to Share a Secret,” Communications of the ACM 22, no. 11 (November 1979), at www.cs.tau.ac.il/~bchor/Shamir.html.
the labeling debate: For a fine and subtle essay on how Snowden does and does not fit into theoretical models of legitimate civil disobedience, see David Pozen, “Edward Snowden, National Security Whistleblowing and Civil Disobedience,” Lawfare, March 26, 2019, www.lawfareblog.com/edward-snowden-national-security-whistleblowing-and-civil-disobedience. The essay was adapted from the forthcoming volume Whistleblowing Nation: Disclosing U.S. National Security and the Challenge of Dissent, ed. Kaeten Mistry and Hannah Gurman (New York: Columbia University Press, 2019).
“Treason against the United States”: U.S. Constitution, Article III, Section 3.
“[I]n an act of supreme arrogance”: Ash Carter, Inside the Five-Sided Box: Lessons from a Lifetime of Leadership in the Pentagon (New York: Penguin, 2019), 338.
“national security porn”: Ledgett was paraphrasing James Comey, who used the term “intelligence porn” to describe large-scale document dumps by WikiLeaks, not Snowden or the NSA journalists. See Tessa Berenson, “James Comey: WikiLeaks Is ‘Intelligence Porn,’ Not Journalism,” Time, May 3, 2017, https://time.com/4765358/fbi-james-comey-hearing-wikileaks/.
“6,998,329,787 is a small number”: In another version of the presentation, delivered earlier, the figure was slightly lower (6,987,139,094) and explicitly labeled “World Population” on Hunt’s presentation slide. See Ira A. (Gus) Hunt, Big Data: Challenges and Opportunities, https://info.publicintelligence.net/CIA-BigData-2.pdf.
“nearly within our grasp”: Ira A. (Gus) Hunt, CIA Chief Technology Officer, “Beyond Big Data: Riding the Technology Wave,” Government Big Data Forum, March 2012, at www.slideshare.net/brianahier/perspectives-on-big-data-mission-and-needs-gus-hunt-cia-cto.
“The value of any piece”: Matt Sledge, “CIA’s Gus Hunt on Big Data: We ‘Try to Collect Everything and Hang On to It Forever,’” Huffington Post, March 20, 2013, at https://perma.cc/W35E-W4G8.
“Collection rules prevent”: See Jennifer Stisa Granick, American Spies: Modern Surveillance, Why You Should Care, and What to Do About It (Cambridge: Cambridge University Press, 2017), 153. Emphasis in original.
160,000 actual communications: I write about these at greater length in Barton Gellman, Julie Tate, and Ashkan Soltani, “In NSA-Intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are,” Washington Post, July 5, 2014, https://wapo.st/1MVootx; and Barton Gellman, “How 160,000 Intercepted Communications Led to Our Latest NSA Story,” Washington Post, July 11, 2014, https://wapo.st/1Mq04zI.
Minimization was fiendishly difficult: A four-paragraph definition of “minimization,” full of contingency clauses, may be found in 50 U.S.C. §§ 1801(h)(1), at www.law.cornell.edu/uscode/text/50/1801.
for a lay audience: Litt cited the statutory definition under FISA law, which does not apply to surveillance under Excutive Order 12333. The concepts are similar but the rules are not identical under the executive order. See Robert S. Litt, “Privacy, Technology and National Security: An Overview of Intelligence Collection,” remarks prepared for delivery at the Brookings Institution, July 19, 2013, at https://perma.cc/L9BM-EYYP.
years to understand: Granick, American Spies, 152.
With rules so complex: One set of procedures, dating to 2013, is at “Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence Information Pursuant to Secton 702 of the Foreign Intelligence Surveillance Act of 1978, as Amended,” hosted by the National Security Archive at George Washington University, https://nsarchive2.gwu.edu/NSAEBB/NSAEBB436/docs/EBB-026.pdf.
“told MINIMIZED U.S. JOURNALIST”: This was an actual telephone call from Israeli prime minister Benjamin Netanyahu to author. I mentioned the call in a subsequent story without quoting the profanity, noting only that Netanyahu “took heated exception” to a piece about non-Orthodox Jewish conversions, a subject that caused him political trouble. See Barton Gellman, “Many Israelis Dispute Power of Rabbinate,” Washington Post, April 3, 1997, https://wapo.st/2yVQc1V.
you could not even read: The DNI’s office, to its credit, declassified some of the safeguards. But Granick describes the sequence this way: “[I]n 2013, Snowden disclosed the NSA’s FISA minimization procedures for section 702 collection. The intelligence community ultimately declassified the FBI and the CIA minimization procedures from 2014 in September of 2015. In November 2015, the procedures for all three agencies were secretly revised.” For collection overseas under Executive Order 12333, the full minimization procedures were never declassified. Granick, American Spies, 155.
“malleable secret rules”: Granick, American Spies, 154.
“surveillance professionals shy away”: Conor Friedersdorf, “If the NSA Could Hack into Human Brains, Should It?,” Atlantic, December 5, 2013, www.theatlantic.com/politics/archive/2013/12/if-the-nsa-could-hack-into-human-brains-should-it/282065/.
Senator Frank Church: Meet the Press, NBC, August 17, 1975, viewable at www.youtube.com/watch?v=YAG1N4a84Dk.
“The idea of having”: Rajesh De, interview with author, July 18, 2013.
tamper-detection device: This project, called Haven, was coauthored with security developer Nathan Freitas. See
Micah Lee, “Edward Snowden’s New App Uses Your Smartphone to Physically Guard Your Laptop,” Intercept, December 22, 2017, https://theintercept.com/2017/12/22/snowdens-new-app-uses-your-smartphone-to-physically-guard-your-laptop/.
automate “secret sharing”: This project, called Sunder, was eventually abandoned. See Conor Schaefer, “Meet Sunder, a New Way to Share Secrets,” Freedom of the Press Foundation, May 10, 2018, https://freedom.press/news/meet-sunder-new-way-share-secrets/.
“I am willing to help”: David E. Sanger and Nicole Perlroth, “Internet Giants Erect Barriers to Spy Agencies,” New York Times, June 6, 2014, www.nytimes.com/2014/06/07/technology/internet-giants-erect-barriers-to-spy-agencies.html.
End-to-End: Source code for the encryption library, which has yet to be released in final form, is at https://github.com/google/end-to-end. Google’s announcement may be found at “Making End-to-End Encryption Easier to Use,” Google Security Blog, June 3, 2014, https://security.googleblog.com/2014/06/making-end-to-end-encryption-easier-to.html.
comment embedded in the source code: Brittany A. Roston, “Google Takes a Dig at NSA with Easter Egg,” SlashGear, June 4, 2014, www.slashgear.com/google-takes-a-dig-at-nsa-with-easter-egg-04332176/.
“He’s already said”: See “NSA Speaks Out on Snowden, Spying,” CBS News, December 15, 2013, transcript at https://cbsn.ws/2P4ZkfI.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
INDEX
The page numbers in this index refer to the printed version of this book. The link provided will take you to the beginning of that print page. You may need to scroll forward from that location to find the corresponding reference on your e-reader.
Page numbers above 360 refer to notes.
Abdulmutallab, Umar Farouk, 397
Abramson, Jill, 97–98
Abu Ghraib scandal, 262–63
Academi, 186
ACLU, 321
ACLU v. Clapper, 321
Addington, David, 70, 71, 123
address books, electronic, NSA collection of, 315–18
Aftergood, Steven, 264
air gaps, 72
Albright, Madeleine, 15
Alexander, Keith, 180, 182, 185, 193, 336, 377
bulk collection defended by, 316
Google cloud story mischaracterized by, 301–2
in internal video about NSA leaks, 243–45, 246
in lies about NSA data collection, 164, 177
raids on Pandora documents proposed by, 245–46, 247, 249
al Qaeda, 184, 212
torture of suspected members of, 263
Amash, Justin, 264
American Revolution, 346
American Spies (Granick), 339
Amir, Yigal, 10
Anderson, Lonny, 36, 68, 69
Anderson, Mavanee, 55
Angler (Gellman), 11, 26, 243, 312
anonymous proxies, xvii, 45
Anthony (Tekserve technician), 233–34
Apple:
iPhone security as priority of, 215–20
Xcode software development kit of, 217
Armed Forces Qualification Test, 46–47
Army Foreign Counterintelligence Activity, 149
Army Special Forces, U.S., 46
Ars Technica, ES’s posts on, 37–38, 42–43, 50, 51, 54, 56
Ashcroft, John, 222
Aspen Institute, BG at plenary session of, 155–66, 181–82
Litt’s sparring with BG at, 144–45
Aspen Security Forum, 186
BG’s encounter with McRaven at, 151–53
Assange, Julian, 256–57
espionage charges against, 261
AT&T, 197
NSA’s collection of data from, 199, 310
Atlantic, 345
Bacon, Kevin, 159–60
Baine, Kevin, 103, 109, 114–15
and Baron’s agreement to hold Pandora backup drive, 115–16
BG’s one-on-one meeting with, 100–103
and BG’s plans to meet ES in Hong Kong, 133–34
cryptographic signature issue and, 132–33
Bair, Katie, 43
Baker, Stewart, 163
Barlow, John Perry, 7
Baron, Marty, 133, 134, 139, 195, 228
BG’s first meeting with, 104–16
custody of Pandora backup assumed by, 115–16, 246
in decision to publish NSA story, 113–14
PRISM slides shown to, 109–13
Soltani hired by, 198–99
as Washington Post editor, 89–91
Barr, Cameron, 103, 108, 228
Basic Telecommunications Training Program (CIA), ES at, 52–54
Bauman, Ethan, letter to Congress on NSA leaks by, 78
BeamPro, 320–21
Belgrade, Serbia, 59
Bellofatto, Jodon, 44
Berlin, Charles H., III, 189
bin Laden, Osama, 222
journalists falsely blamed for loss of NSA phone surveillance of, 273–74, 406
killing of, 152, 153–54
Binney, Bill, 26
MAINWAY’s precomputation confirmed by, 175–76
in resignation from NSA, 174–75
Blair, Dennis, 151
in Aspen Institute panel with BG, 156–66
NSA call data collection defended by, 165–66
Blakslee, Ed, 44–45
BLARNEY, 199, 310
Booz Allen:
ES as contractor at, 83–88
ES’s test-system proposal for, 62–63
Boston Globe, 89, 104
Brand, Joseph J., 72, 185
on FIRSTFRUITS, 274
on SIGINT leaks, 272–73
Brauchli, Marcus, 92–93, 103, 380
Brenner, Joel F., 118, 122–23
on import of FISA Amendments, 126–27
Bruce, James, 273–74
Bucharest, Romania, ES’s temporary CIA assignment to, 54–55
burner phones, xvii
Bush, George W., 54–55, 158, 273
warrantless surveillance authorized by, 26, 70, 97, 122–23, 157, 169
Bush administration, FISA amendments defended by, 126
BYZANTINEHADES, 206
CACI International, 35
Calabresi, Massimo, 94, 96
Callas, Jon, 218
Cappuccio, Paul, 95
CAPTAINCRUNCH, 86
Carter, Ash, 334
cellphones:
CIA preoccupation with security of, 215–20
NSA location tracking of, 318–20, 324–25
Central Intelligence Agency (CIA), 14
Agency Data Network of, 75
ES as contractor at headquarters of, 49–50
ES as Dell liaison with, 61–62
ES as employee of, 51
ES posted to Geneva by, 54
ES’s departure from, 56–57
ES’s disillusionment with, 55–56
Information Operations Center of, 61
Intellipedia of, 76
iPhone security preoccupation of, 215–20
Century Foundation, BG’s fellowship at, 93, 232
Cheney, Dick, 11, 26, 70, 89, 367
and creation of MAINWAY and STELLARWIND programs, 122–23, 169
China, cyber attacks by, 34–35, 57–58, 83
Church, Frank, on inherent threat of surveillance, 346
“Churchyard, Dave M.” (ES’s CIA code name), 54
cincinnatus@lavabit.com, 66
Citizen Four (film), 58
civil rights, 345
Clapper, James R., Jr., 144, 145, 213–14, 276
on abuse of surveillance technology, 348–50
/> on Alexander’s proposed Pandora raids, 247–48
on BG as possible counterintelligence target, 248–49
consultation with journalists rejected by, 268
on damage from publication of Pandora files, 266
in lie about NSA data collection, 164–65, 290
in meeting with Post editors, 228–29
NSA reporters characterized as “accomplices” by, 246–47
Trump’s attack on, 349
Classified Information Nondisclosure Agreement, 182
classified materials:
catch-22 in journalists’ consultation about, 269–71
disclosure of, as criminal offense, 101–2, 132, 182
levels of, 25, 67, 95, 265, 362
misapplication of labels to, 263–65
see also Pandora archive; secrecy, government
Clinton, Hillary, 322
Cluley, Graham, 6
Coll, Steve, 98
Comey, James B., 70, 312, 334–35
on Alexander’s proposed Pandora raids, 249
on BG as possible counterintelligence target, 249
BG’s relationship with, 312–13
on costs vs. benefits of ES’s leaks, xv
on NSA’s hacker culture, 205
on right to privacy vs. intelligence needs, 313–14
computer network exploitation (CNE), 200–201
computers, as subject to customs searches, 5–6, 364–65
COMSO, ES as CIA contractor for, 49
Congress, U.S.:
Bauman’s NSA leaks letter to, 78
ES’s claimed wiretapping of, 326–32
and secrecy classifications, 263–64
Constitution, U.S., 65
“treason” as defined in, 334
see also specific amendments
contact chaining, 158–61
unrestricted use of U.S. telephone numbers in, 176–77
volume problem of, 172–73
contempt of court, 102
CO-TRAVELER (data analysis toolkit), 318
Cotter, George R., 118, 182, 260
“Counterintelligence Threat Seminar: China” (JCITA conference), ES as instructor at, 57–59
cover names:
as clues to hacker culture, 203–4, 206–7, 208–10