--------------------------------------------------------------------------------------------------------------------------- U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program - NSA leak: Source believes exposure, consequences inevitable
https://www.washingtonpost.com/politics/government-surveillance-programs-renew-debate-about-oversight/2013/06/08/7f5e6dc4-d06d-11e2-8f6b-67f40e176f03_story.html
By Barton Gellman and Laura PoitrasJune 7, 2013
The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.
The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.
Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”
London’s Guardian newspaper reported Friday that GCHQ, Britain’s equivalent of the NSA, also has been secretly gathering intelligence from the same internet companies through an operation set up by the NSA.
According to documents obtained by The Guardian, PRISM would appear to allow GCHQ to circumvent the formal legal process required in Britain to seek personal material such as emails, photos and videos from an internet company based outside of the country.VIEW GRAPHIC
PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.
Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.
The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.
In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to certify periodically that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.
In a statement issue late Thursday, Director of National Intelligence James R. Clapper said “information collected under this program is among the most important and valuable foreign intelligence information we collect, and is used to protect our nation from a wide variety of threats. The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.”
Clapper added that there were numerous inaccuracies in reports about PRISM by The Post and the Guardian newspaper, but he did not specify any.
Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said: “I would just push back on the idea that the court has signed off on it, so why worry? This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government.”
Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.
“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.
Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that the companies would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.
An internal presentation of 41 briefing slides on PRISM, dated April 2013 and intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 items last year. According to the slides and other supporting materials obtained by The Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.
That is a remarkable figure in an agency that measures annual intake in the trillions of communications. It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.
The technology companies, whose cooperation is essential to PRISM operations, include most of the dominant global players of Silicon Valley, according to the document. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted traffic of substantial intelligence interest during the Arab Spring and in the ongoing Syrian civil war.
Dropbox, the cloud storage and synchronization service, is described as “coming soon.”
Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), who had classified knowledge of the program as members of the Senate Intelligence Committee, were unable to speak of it when they warned in a Dec. 27, 2012, floor debate that the FISA Amendments Act had what both of them called a “back-door search loophole” for the content of innocent Americans who were swept up in a search for someone else.
“As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans,” Udall said.
Wyden repeatedly asked the NSA to estimate the number of Americans whose communications had been incidentally collected, and the agency’s director, Lt. Gen. Keith B. Alexander, insisted there was no way to find out. Eventually Inspector General I. Charles McCullough III wrote Wyden a letter stating that it would violate the privacy of Americans in NSA data banks to try to estimate their number.
Roots in the ’70s
PRISM is an heir, in one sense, to a history of intelligence alliances with as many as 100 trusted U.S. companies since the 1970s. The NSA calls these Special Source Operations, and PRISM falls under that rubric.
The Silicon Valley operation works alongside a parallel program, code-named BLARNEY, that gathers up “metadata” — technical information about communications traffic and network devices — as it streams past choke points along the backbone of the Internet. BLARNEY’s top-secret program summary, set down in the slides alongside a cartoon insignia of a shamrock and a leprechaun hat, describes it as “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.”
But the PRISM program appears to more nearly resemble the most controversial of the warrantless surveillance orders issued by President George W. Bush after the al-Qaeda attacks of Sept. 11, 2001. Its history, in which President Obama presided over exponential growth in a program that candidate Obama criticized, shows how fundamentally surveillance law and practice have shifted away from individual suspicion in favor of systematic, mass collection techniques.
The Obama administration points to ongoing safeguards in the form of “extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”
And it is true that the PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.
Analysts who use the system from a Web portal at Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that “it’s nothing to worry about.”
Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from any other person.
A ‘directive’
In exchange for immunity from lawsuits, companies such as Yahoo and AOL are obliged to accept a “directive” from the attorney general and the director of national intelligence to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”
In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.
Apple demonstrated that resistance is possible when it held out for more than five years, for reasons unknown, after Microsoft became PRISM’s first corporate partner in May 2007. Twitter, which has cultivated a reputation for aggressive defense of its users’ privacy, is still conspicuous by its absence from the list of “private sector partners.”
Google, like the other companies, denied that it permitted direct government access to its servers.
“Google cares deeply about the security of our users’ data,” a company spokesman said. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
Microsoft also provided a statement: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
Yahoo also issued a denial.
“Yahoo! takes users’ privacy very seriously,” the company said in a statement. “We do not provide the government with direct access to our servers, systems, or network.”
Like market researchers, but with far more privileged access, collection managers in the NSA’s Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts. For much the same reason, civil libertarians and some ordinary users may be troubled by the menu available to analysts who hold the required clearances to “task” the PRISM system.
There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”
According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.
Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.
Poitras is a documentary filmmaker and MacArthur Fellow. Julie Tate, Robert O’Harrow Jr., Cecilia Kang and Ellen Nakashima contributed to this report.
----------------------------------------------------------------------------------------------------------------------------
Edward Snowden comes forward as source of NSA leaks
By Barton Gellman, Aaron Blake and Greg MillerJune 9, 2013Email the author
https://www.washingtonpost.com/politics/intelligence-leaders-push-back-on-leakers-media/2013/06/09/fff80160-d122-11e2-a73e-826d299ff459_story.html?utm_term=.2393908b7e13
A 29-year-old man who says he is a former undercover CIA employee said Sunday that he was the principal source of recent disclosures about top-secret National Security Agency programs, exposing himself to possible prosecution in an acknowledgment that had little if any precedent in the long history of U.S. intelligence leaks.
Edward Snowden, a tech specialist who has contracted for the NSA and works for the consulting firm Booz Allen Hamilton, unmasked himself as a source after a string of stories in The Washington Post and the Guardian that detailed previously unknown U.S. surveillance programs. He said he disclosed secret documents in response to what he described as the systematic surveillance of innocent citizens.
In an interview Sunday, Snowden said he is willing to face the consequences of exposure.
“I’m not going to hide,” Snowden told The Post from Hong Kong, where he has been staying. “Allowing the U.S. government to intimidate its people with threats of retaliation for revealing wrongdoing is contrary to the public interest.”
Asked whether he believes that his disclosures will change anything, he said: “I think they already have. Everyone everywhere now understands how bad things have gotten — and they’re talking about it. They have the power to decide for themselves whether they are willing to sacrifice their privacy to the surveillance state.”
Snowden said nobody had been aware of his actions, including those closest to him. He said there was no single event that spurred his decision to leak the information, but he said President Obama has failed to live up to his pledges of transparency.
“My sole motive is to inform the public as to that which is done in their name and that which is done against them,” he said in a note that accompanied the first document he leaked to The Post.
The Guardian was the first to publicly identify Snowden, at his request.
The White House said late Sunday that it would not have any comment on the matter.
In a brief statement, a spokesman for the Office of the Director of National Intelligence said the intelligence community is “reviewing the damage” the leaks have done. “Any person who has a security clearance knows that he or she has an obligation to protect classified information and abide by the law,” said the spokesman, Shawn Turner.
Snowden said he is seeking “asylum from any countries that believe in free speech and oppose the victimization of global privacy,” but the law appears to provide for his extradition from Hong Kong, a semiautonomous territory of China, to the United States.
Although any extradition proceeding could take months or even years, experts said Snowden has not put himself in a favorable position.
“The fact that he outed himself and basically said, from what I understand he has said, ‘I feel very comfortable with what I have done’ . . . that’s not going to help him in his extradition contest,” said Douglas McNabb, a lawyer and extradition expert.
The Justice Department said it is in the “initial stages of an investigation” into the unauthorized disclosure of classified information but declined to comment further.
A stunning revelation
Current and former U.S. intelligence officials said the revelation of Snowden’s role in the leaks will lead to a sweeping reexamination of security measures at the CIA and the NSA, and they described his decision to come forward as a stunning conclusion to a week of disclosures that rattled the intelligence community.
“This is significant on a number of fronts: the scope, the range. It’s major, it’s major,” said John Rizzo, a former general counsel of the CIA who worked at the agency for decades. “And then to have him out himself . . . I can’t think of any previous leak case involving a CIA officer where the officer raised his hand and said, ‘I’m the guy.’ ”
A half-dozen former intelligence officials, including one who now works at Booz Allen Hamilton, said they did not know Snowden or anything about his background. Several former officials said he easily could have been part of a surge in computer experts and technical hires brought in by the CIA in the years after the Sept. 11, 2001, attacks as its budget and mission swelled.
“Like a lot of things after 9/11, they just went on a hiring binge, and in the technical arena young, smart nerds were in high demand,” a former U.S. intelligence official said. “There were battalions of them.”
Officials said the CIA and other spy agencies did not relax their screening measures as the workforce expanded. Still, several officials said the CIA will now undoubtedly begin reviewing the process by which Snowden may have been hired, seeking to determine whether there were any missed signs that he might one day betray national secrets.
More broadly, the CIA and the NSA may be forced to reexamine their relationships with contractors, who were employed in roles ranging from technical support to paramilitary operations before concerns about the outsourcing of such sensitive assignments prompted a backlash in Congress and pledges from the agencies to begin thinning their contracting ranks.
Some former CIA officials said they were troubled by aspects of Snowden’s background, at least as he described it to The Post and the Guardian.
For instance, Snowden said he did not have a high school diploma. One former CIA official said that it was extremely unusual for the agency to have hired someone with such thin academic credentials, particularly for a technical job, and that the terms Snowden used to describe his agency positions did not match internal job descriptions.
Snowden’s claim to have been placed under diplomatic cover for a position in Switzerland after an apparently brief stint at the CIA as a systems administrator also raised suspicion. “I just have never heard of anyone being hired with so little academic credentials,” the former CIA official said. The agency does employ technical specialists in overseas stations, the former official said, “but their breadth of experience is huge, and they tend not to start out as systems administrators.”
A former senior U.S. intelligence official cited other puzzling aspects of Snowden’s account, questioning why a contractor for Booz Allen at an NSA facility in Hawaii would have access to something as sensitive as a court order from the Foreign Intelligence Surveillance Court.
“I don’t know why he would have had access to those . . . orders out in Hawaii,” the former official said.
The Guardian initially reported the existence of a program that collects data on all phone calls made on the Verizon network. Later in the week, the Guardian and The Post reported the existence of a separate program, code-named PRISM, that collects the Internet data of foreigners from major Internet companies.
Snowden expressed hope that the NSA surveillance programs will now be open to legal challenge for the first time. This year, in Amnesty International v. Clapper, the Supreme Court dismissed a lawsuit against the mass collection of phone records because the plaintiffs could not prove exactly what the program did or that they were personally subject to surveillance.
“The government can’t reasonably assert the state-secrets privilege for a program it has acknowledged,” Snowden said.
Journalists criticized
Snowden’s name surfaced as top intelligence officials in the Obama administration and Congress pushed back against the journalists responsible for revealing the existence of sensitive surveillance programs and called for an investigation into the leaks.
Clapper, in an interview with NBC that aired Saturday night, condemned the leaker’s actions but also sought to spotlight the journalists who first reported the programs, calling their disclosures irresponsible and full of “hyperbole.” Earlier Saturday, he issued a statement accusing the media of a “rush to publish.”
“For me, it is literally — not figuratively — literally gut-wrenching to see this happen because of the huge, grave damage it does to our intelligence capabilities,” Clapper said.
On Sunday morning, before Snowden’s unmasking, House Intelligence Committee Chairman Mike Rogers (R-Mich.) had harsh words for the leaker and for the journalist who first reported the NSA’s collection of phone records, the Guardian’s Glenn Greenwald.
Greenwald “doesn’t have a clue how this thing works; neither did the person who released just enough information to literally be dangerous,” Rogers said on ABC’s “This Week,” adding: “I absolutely think [the leaker] should be prosecuted.”
Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) agreed that whoever leaked the information should be prosecuted, and she sought to beat back media reports suggesting that the Obama administration overplayed the impact of the programs.
After opponents of the programs questioned their value last week, anonymous administration officials pointed to the thwarting of a bomb plot targeting the New York City subway system in 2009. Soon after, though, reporters noted that public documents suggested that regular police work was responsible for thwarting the attack, rather than a secret government intelligence program.
Feinstein said the programs were valuable in both the New York case and in another involving an American plotting to bomb a hotel in India in 2008. She noted that she could talk about those two cases because they have been declassified, but she suggested that the surveillance programs also assisted in other terrorism-related cases.
A chief critic of the efforts, Sen. Rand Paul (R-Ky.), said he is considering filing a lawsuit against the government and called on 10 million Americans to join in.
“I’m going to be asking all the Internet providers and all of the phone companies, ask your customers to join me in a class-action lawsuit,” Paul said on “Fox News Sunday.”
Sari Horwitz and Julie Tate contributed to this report.
Barton Gellman writes for the national staff. He has contributed to three Pulitzer Prizes for The Washington Post, most recently the 2014 Pulitzer Prize for Public Service.
Follow @bartongellman
Aaron Blake is senior political reporter for The Fix. A Minnesota native, he has also written about politics for the Minneapolis Star Tribune and the Hill newspaper.
Follow @aaronblake
Greg Miller is a national security correspondent for The Washington Post. He was among the Post reporters awarded the 2014 Pulitzer Prize for coverage of U.S. surveillance programs revealed by Edward Snowden and a finalist for the 2013 Pulitzer Prize. He previously worked for the Los Angeles Times.
Follow @gregpmiller
-----------------------------------------------------------------------------------------------------------------------------
First interview of Edward Snowden, The Guardian, 2013
https://www.theguardian.com/world/video/2013/jun/09/nsa-whistleblower-edward-snowden-interview-video
------------------------------------------------------------------------------------------------------------------------------
Opinions
Was Snowden hero or traitor? Perhaps a little of both
By Nate Fick January 19, 2017
Nate Fick is CEO of the cybersecurity software company Endgame, and a Marine Corps veteran of Afghanistan and Iraq. He is the author of “One Bullet Away: The Making of a Marine Officer.”
A catastrophic data breach. Russian complicity. Blundering institutions. Distrust of government. Reading Edward Jay Epstein’s gripping and devastatingly even-handed account of Edward Snowden, “How America Lost Its Secrets,” provides a Faulknerian reminder, during these days ringing with the same themes, that “the past is never dead. It’s not even past.”
Epstein’s revelations hit hard and don’t stop. Snowden could not have acted alone, since he didn’t have access to the secret compartments from which he took the most sensitive documents. Vladimir Putin personally authorized Snowden’s exfiltration from Hong Kong to Moscow. Snowden turned over to journalists only 58,000 of the 1.7 million documents he “touched,” the vast bulk of which had nothing to do with domestic surveillance but rather covered America’s overseas spy network, including its most sensitive sources and methods.
Epstein struggles to paint a factual portrait of Snowden without it feeling like an ad hominem attack: high school dropout, described by a classmate as having a high-pitched voice, liking the Magic card game, playing fantasy video games, owning two cats and using the online moniker Wolfking Awesomefox. Snowden washed out of Army training in 2004, worked briefly as a security guard at the University of Maryland and then got a job as, of all things, a CIA telecommunications support officer. Two years later, he received an unfavorable evaluation from his superior and was forced to resign. He then went to work for Dell as a National Security Agency contractor in 2009. As a system administrator, he had both the privileges to access vast amounts of data and the mandate to transfer it to backup servers — the perfect cover for a whistleblower or a spy.
On June 9, 2013, a video of Snowden was posted on the website of the Guardian. Shot in a Hong Kong hotel room, the disclosure begins with “My name is Ed Snowden,” and goes on to detail how the NSA was spying on U.S. citizens. Snowden comes across as calm, compelling and articulate. Overnight, he became a global celebrity and, to much of the world (including many Americans), the lead standard-bearer for data privacy and personal freedom in the digital age.
"How America Lost Its Secrets: Edward Snowden, the Man and the Theft," by Edward Jay Epstein (Knopf )
Most of the public debate since that summer has been over whether Snowden is a hero or a traitor, a whistleblower or a spy. Epstein’s answer is both — but more spy than whistleblower. And the case he builds, especially in light of disclosures since the U.S. election in November, is damning.
Since 9/11, the United States has changed in so many ways that it is already hard to remember the world where we could carry water bottles through airport security and where small-town police departments didn’t look like armored cavalry units. But changes like these are only the visible tip of a much bigger, and largely digital, iceberg. In some ways, Snowden’s disclosures of NSA surveillance, including a warrant issued under the Federal Intelligence Surveillance Act ordering Verizon to turn over all its billing records for 90 days to the NSA, and details of an Internet-monitoring program code-named PRISM, were beneficial. As Epstein writes, the disclosures “accomplished a salutary service in alerting both the public and government to the potential danger of a surveillance leviathan” and “revealed a bureaucratic mission creep that badly needed to be brought under closer oversight by Congress.”
What Snowden exposed, however, wasn’t a rogue operation. It was a series of programs authorized by presidents of both parties and Congress, and approved by no fewer than 15 federal judges. Epstein cites the current NSA director, Adm. Mike Rogers, and numerous others, including former NSA directors Mike McConnell, Michael Hayden and Keith Alexander, and former CIA acting director Michael Morell, laying out the crippling effects of Snowden’s revelations: “lost capability,” “impact on our ability to do our mission for the next twenty to thirty years,” “sources dried up; tactics were changed.” Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Intelligence Committee, concluded, “I think it’s an act of treason.”
The real scoundrel in Epstein’s telling is neither Snowden nor the security leviathan he checked; it’s the muscle-bound bureaucracy of the government and its contractors that allowed this breach to happen in the first place.
The 9/11 Commission concluded that one reason U.S. intelligence agencies failed to “connect the dots” before the 2001 attack was the existence of security-inspired “stove-piping” between, and within, the agencies. Much of that was stripped away in the following years, perhaps improving coordination, but with the unintended consequence of magnifying the risk of any particular breach, whether by a foreign spy or a disgruntled insider.
Whatever his ultimate motives, that Snowden maintained access to government secrets as long as he did was a colossal failure of the system. Five months after being forced out of the CIA, he was working on sensitive systems inside the NSA, first as an employee of Dell and later of Booz Allen Hamilton. Epstein reports that Snowden was able to keep his security clearance because the CIA had instituted a policy several years earlier that allowed voluntarily departing officers to maintain their clearances for two years after leaving. The grace period was intended to make it easier for them to find jobs among defense and intelligence contractors. When his CIA clearance finally expired in February 2011, Snowden applied — successfully — to renew it. Since 1996, the background investigations required to obtain a clearance had been outsourced to a private firm compensated according to the number of investigations it completed. The picture that emerges is of a self-dealing bureaucracy and a web of private contractors performing core government functions, more akin to Blackwater employees carrying guns and pulling triggers than to contract employees dishing out grits in a mess hall.
But the bigger problem is more subtle.
Epstein points out a culture clash that will be central to this era of national security policy: libertarian hackers in one corner, animated by a belief that information will be free; privacy advocates in another, convinced that privacy and security are zero-sum; and the national security establishment in a third, united by a conviction that some information is so important that it must remain secret (and that secrecy is even possible). The differences in perspective between Washington and Silicon Valley were neatly encapsulated in the recent, bruising debate over encryption technology. The wonks see the world in normative terms: We don’t want terrorists to have easy access to encrypted communications, so the government should regulate or outlaw the technology. The geeks, on the other hand, see the world in positive terms: Encryption technology is possible, and therefore people will use it, so the government better learn to live in that world.
The challenge arises where these worlds intersect — at the nexus of technology, security, privacy and civil liberties where the NSA operates. Will the government, with its salary caps and background checks, be able to compete for the best talent in fields like cybersecurity? And even if it succeeds in hiring and retaining skilled technical talent, can it coexist with a culture of secrecy? Morell makes the point that the NSA had moved in the direction of fostering a culture of openness, reflecting the talent pool from whence its young civilians came: “The idea was to spread knowledge and learn from the successes of others, but it created enormous security vulnerability.”
In this winter of rattled confidence in government, Epstein’s welcome reappraisal of the most destructive data breach in the history of U.S. intelligence brings nothing to mind so much as the Roman poet Juvenal’s timeless question: “Who will guard the guards themselves?”
HOW AMERICA LOST ITS SECRETS: Edward Snowden, the Man and the Theft, By Edward Jay Epstein, Knopf. 350 pp. $27.95
-------------------------------------------------------------------------------------------------------------------------
Link: Pulitzer and the WaPo on Snowden
Dostları ilə paylaş: |