Moderators: Elvis, DrVolin, Jeff
by The Consul » Thu Sep 18, 2014 7:26 pm
by seemslikeadream » Mon Oct 13, 2014 7:12 pm
Edward Snowden’s Privacy Tips: “Get Rid Of Dropbox,” Avoid Facebook And Google
Posted Oct 11, 2014 by Anthony Ha (@anthonyha)
According to Edward Snowden, people who care about their privacy should stay away from popular consumer Internet services like Dropbox, Facebook, and Google.
Snowden conducted a remote interview today as part of the New Yorker Festival, where he was asked a couple of variants on the question of what we can do to protect our privacy.
His first answer called for a reform of government policies. Some people take the position that they “don’t have anything to hide,” but he argued that when you say that, “You’re inverting the model of responsibility for how rights work”:
When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights.
He added that on an individual level, people should seek out encrypted tools and stop using services that are “hostile to privacy.” For one thing, he said you should “get rid of Dropbox,” because it doesn’t support encryption, and you should consider alternatives like SpiderOak. (Snowden made similar comments over the summer, with Dropbox responding that protecting users’ information is “a top priority.”)
[Update: In a June blog post related to Snowden, Dropbox actually says, "All files sent and retrieved from Dropbox are encrypted while traveling between you and our servers," as well as when they're "at rest on our servers," and it points to other security measures that the company is taking. The difference between Dropbox and SpiderOak, as explained elsewhere, is that SpiderOak encrypts the data while it's on your computer, as opposed to only encrypting it "in transit" and on the company's servers.]
[And here's a more complete Snowden quote, from around 1:04:55 in the video: "We're talking about encryption. We're talking about dropping programs that are hostile to privacy. For example, Dropbox? Get rid of Dropbox, it doesn't support encryption, it doesn't protect your private files. And use competitors like SpiderOak, that do the same exact service but they protect the content of what you're sharing."]
He also suggested that while Facebook and Google have improved their security, they remain “dangerous services” that people should avoid. (Somewhat amusingly, anyone watching the interview via Google Hangout or YouTube saw a Google logo above Snowden’s face as he said this.) His final piece of advice on this front: Don’t send unencrypted text messages, but instead use services like RedPhone and Silent Circle.
Earlier in the interview, Snowden dismissed claims that increased encryption on iOS will hurt crime-fighting efforts. Even with that encryption, he said law enforcement officials can still ask for warrants that will give them complete access to a suspect’s phone, which will include the key to the encrypted data. Plus, companies like Apple, AT&T, and Verizon can be subpoenaed for their data.
Beyond the privacy discussion, Snowden talked about how and why he decided to leak documents bringing the government’s electronic surveillance programs to light. He repeatedly claimed that he wasn’t pursuing a specific policy outcome, but just trying to have an open conversation about these issues:
We can have secret programs. You know, the American people don’t have to know the name of every individual that’s under investigation. We don’t need to know the technical details of absolutely every program in the intelligence community. But we do have to know the bare and broad outlines of the powers our government is claiming … and how they affect us and how they affect our relationships overseas. Because if we don’t, we are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers.
As for why Snowden hasn’t come back to the United States to stand trial, he said that when he looked at how the U.S. government treated whistleblowers like Thomas Drake and Chelsea Manning, he became convinced that he wouldn’t be able to present his case to a jury in an open trial.
“I’ve told the government again and again in negotiations, you know, that if they’re prepared to offer an open trial, a fair trial in the same way that Dan Ellsberg got, and I’m allowed to make my case to the jury, I would love to do so,” he said. “But to this point they’ve declined.”
Snowden acknowledged that there’s some irony in his taking shelter in China and Russia, countries that don’t exactly have spotless human rights or privacy records themselves. He said Russia was supposed to be a transit point on his way to Latin America — but his passport was canceled while he was at the Moscow airport.
The New Yorker’s Jane Mayer ended the interview on a light note, suggesting that Snowden was now free to enjoy some vodka. He replied, “I actually don’t drink alcohol. Little-known fact: I’ve never been drunk.”
Here’s a full video of the interview. The discussion of privacy and consumer Internet services (which, again, consisted of two questions in a row) begins at around 58:30.
by seemslikeadream » Mon Oct 20, 2014 4:18 pm
Tomgram: Laura Poitras and Tom Engelhardt, The Snowden Reboot
Posted by Laura Poitras and Tom Engelhardt at 5:01pm, October 19, 2014.
[Note for TomDispatch Readers: Call me moved. I recently went to the premiere of Citizenfour, Laura Poitras's engrossing new film on Edward Snowden, at the New York Film Festival. The breaking news at film's end: as speculation had it this summer, there is indeed at least one new, post-Snowden whistleblower who has come forward from somewhere inside the U.S. intelligence world with information about a watchlist (that includes Poitras) with "more than 1.2 million names" on it and on the American drone assassination program.
Here's what moved me, however. My new book, Shadow Government: Surveillance, Secret Wars, and a Global Security State in a Single-Superpower World, ends with a "Letter to an Unknown Whistleblower," whose first lines are: "I don't know who you are or what you do or how old you may be. I just know that you exist somewhere in our future as surely as does tomorrow or next year... And how exactly do I know this? Because despite our striking inability to predict the future, it’s a no-brainer that the national security state is already building you into its labyrinthine systems.” And now, of course, such a whistleblower is officially here and no matter how fiercely the government may set out after whistleblowers, there will be more. It’s unstoppable, in part thanks to figures like Poitras, who is the subject of today’s TomDispatch interview. Tom]
Edward Snowden and the Golden Age of Spying
A TomDispatch Interview With Laura Poitras
Here’s a Ripley’s Believe It or Not! stat from our new age of national security. How many Americans have security clearances? The answer: 5.1 million, a figure that reflects the explosive growth of the national security state in the post-9/11 era. Imagine the kind of system needed just to vet that many people for access to our secret world (to the tune of billions of dollars). We’re talking here about the total population of Norway and significantly more people than you can find in Costa Rica, Ireland, or New Zealand. And yet it’s only about 1.6% of the American population, while on ever more matters, the unvetted 98.4% of us are meant to be left in the dark.
For our own safety, of course. That goes without saying.
All of this offers a new definition of democracy in which we, the people, are to know only what the national security state cares to tell us. Under this system, ignorance is the necessary, legally enforced prerequisite for feeling protected. In this sense, it is telling that the only crime for which those inside the national security state can be held accountable in post-9/11 Washington is not potential perjury before Congress, or the destruction of evidence of a crime, or torture, or kidnapping, or assassination, or the deaths of prisoners in an extralegal prison system, but whistleblowing; that is, telling the American people something about what their government is actually doing. And that crime, and only that crime, has been prosecuted to the full extent of the law (and beyond) with a vigor unmatched in American history. To offer a single example, the only American to go to jail for the CIA’s Bush-era torture program was John Kiriakou, a CIA whistleblower who revealed the name of an agent involved in the program to a reporter.
In these years, as power drained from Congress, an increasingly imperial White House has launched various wars (redefined by its lawyers as anything but), as well as a global assassination campaign in which the White House has its own “kill list” and the president himself decides on global hits. Then, without regard for national sovereignty or the fact that someone is an American citizen (and upon the secret invocation of legal mumbo-jumbo), the drones are sent off to do the necessary killing.
And yet that doesn’t mean that we, the people, know nothing. Against increasing odds, there has been some fine reporting in the mainstream media by the likes of James Risen and Barton Gellman on the security state’s post-legal activities and above all, despite the Obama administration’s regular use of the World War I era Espionage Act, whistleblowers have stepped forward from within the government to offer us sometimes staggering amounts of information about the system that has been set up in our name but without our knowledge.
Among them, one young man, whose name is now known worldwide, stands out. In June of last year, thanks to journalist Glenn Greenwald and filmmaker Laura Poitras, Edward Snowden, a contractor for the NSA and previously the CIA, stepped into our lives from a hotel room in Hong Kong. With a treasure trove of documents that are still being released, he changed the way just about all of us view our world. He has been charged under the Espionage Act. If indeed he was a “spy,” then the spying he did was for us, for the American people and for the world. What he revealed to a stunned planet was a global surveillance state whose reach and ambitions were unique, a system based on a single premise: that privacy was no more and that no one was, in theory (and to a remarkable extent in practice), unsurveillable.
Its builders imagined only one exemption: themselves. This was undoubtedly at least part of the reason why, when Snowden let us peek in on them, they reacted with such over-the-top venom. Whatever they felt at a policy level, it’s clear that they also felt violated, something that, as far as we can tell, left them with no empathy whatsoever for the rest of us. One thing that Snowden proved, however, was that the system they built was ready-made for blowback.
Sixteen months after his NSA documents began to be released by the Guardian and the Washington Post, I think it may be possible to speak of the Snowden Era. And now, a remarkable new film, Citizenfour, which had its premiere at the New York Film Festival on October 10th and will open in select theaters nationwide on October 24th, offers us a window into just how it all happened. It is already being mentioned as a possible Oscar winner.
Director Laura Poitras, like reporter Glenn Greenwald, is now known almost as widely as Snowden himself, for helping facilitate his entry into the world. Her new film, the last in a trilogy she’s completed (the previous two being My Country, My Country on the Iraq War and The Oath on Guantanamo), takes you back to June 2013 and locks you in that Hong Kong hotel room with Snowden, Greenwald, Ewen MacAskill of the Guardian, and Poitras herself for eight days that changed the world. It’s a riveting, surprisingly unclaustrophic, and unforgettable experience.
Before that moment, we were quite literally in the dark. After it, we have a better sense, at least, of the nature of the darkness that envelops us. Having seen her film in a packed house at the New York Film Festival, I sat down with Poitras in a tiny conference room at the Loews Regency Hotel in New York City to discuss just how our world has changed and her part in it.
Tom Engelhardt: Could you start by laying out briefly what you think we've learned from Edward Snowden about how our world really works?
Laura Poitras: The most striking thing Snowden has revealed is the depth of what the NSA and the Five Eyes countries [Australia, Canada, New Zealand, Great Britain, and the U.S.] are doing, their hunger for all data, for total bulk dragnet surveillance where they try to collect all communications and do it all sorts of different ways. Their ethos is "collect it all." I worked on a story with Jim Risen of the New York Times about a document -- a four-year plan for signals intelligence -- in which they describe the era as being "the golden age of signals intelligence." For them, that’s what the Internet is: the basis for a golden age to spy on everyone.
This focus on bulk, dragnet, suspicionless surveillance of the planet is certainly what’s most staggering. There were many programs that did that. In addition, you have both the NSA and the GCHQ [British intelligence] doing things like targeting engineers at telecoms. There was an article published at The Intercept that cited an NSA document Snowden provided, part of which was titled "I Hunt Sysadmins" [systems administrators]. They try to find the custodians of information, the people who are the gateway to customer data, and target them. So there's this passive collection of everything, and then things that they can't get that way, they go after in other ways.
I think one of the most shocking things is how little our elected officials knew about what the NSA was doing. Congress is learning from the reporting and that's staggering. Snowden and [former NSA employee] William Binney, who's also in the film as a whistleblower from a different generation, are technical people who understand the dangers. We laypeople may have some understanding of these technologies, but they really grasp the dangers of how they can be used. One of the most frightening things, I think, is the capacity for retroactive searching, so you can go back in time and trace who someone is in contact with and where they've been. Certainly, when it comes to my profession as a journalist, that allows the government to trace what you're reporting, who you're talking to, and where you've been. So no matter whether or not I have a commitment to protect my sources, the government may still have information that might allow them to identify whom I'm talking to.
TE: To ask the same question another way, what would the world be like without Edward Snowden? After all, it seems to me that, in some sense, we are now in the Snowden era.
LP: I agree that Snowden has presented us with choices on how we want to move forward into the future. We're at a crossroads and we still don't quite know which path we're going to take. Without Snowden, just about everyone would still be in the dark about the amount of information the government is collecting. I think that Snowden has changed consciousness about the dangers of surveillance. We see lawyers who take their phones out of meetings now. People are starting to understand that the devices we carry with us reveal our location, who we're talking to, and all kinds of other information. So you have a genuine shift of consciousness post the Snowden revelations.
TE: There's clearly been no evidence of a shift in governmental consciousness, though.
LP: Those who are experts in the fields of surveillance, privacy, and technology say that there need to be two tracks: a policy track and a technology track. The technology track is encryption. It works and if you want privacy, then you should use it. We’ve already seen shifts happening in some of the big companies -- Google, Apple -- that now understand how vulnerable their customer data is, and that if it’s vulnerable, then their business is, too, and so you see a beefing up of encryption technologies. At the same time, no programs have been dismantled at the governmental level, despite international pressure.
TE: In Citizenfour, we spend what must be an hour essentially locked in a room in a Hong Kong hotel with Snowden, Glenn Greenwald, Ewan MacAskill, and you, and it’s riveting. Snowden is almost preternaturally prepossessing and self-possessed. I think of a novelist whose dream character just walks into his or her head. It must have been like that with you and Snowden. But what if he’d been a graying guy with the same documents and far less intelligent things to say about them? In other words, how exactly did who he was make your movie and remake our world?
LP: Those are two questions. One is: What was my initial experience? The other: How do I think it impacted the movie? We've been editing it and showing it to small groups, and I had no doubt that he's articulate and genuine on screen. But to see him in a full room [at the New York Film Festival premiere on the night of October 10th], I'm like, wow! He really commands the screen! And I experienced the film in a new way with a packed house.
TE: But how did you experience him the first time yourself? I mean you didn't know who you were going to meet, right?
LP: So I was in correspondence with an anonymous source for about five months and in the process of developing a dialogue you build ideas, of course, about who that person might be. My idea was that he was in his late forties, early fifties. I figured he must be Internet generation because he was super tech-savvy, but I thought that, given the level of access and information he was able to discuss, he had to be older. And so my first experience was that I had to do a reboot of my expectations. Like fantastic, great, he's young and charismatic and I was like wow, this is so disorienting, I have to reboot. In retrospect, I can see that it's really powerful that somebody so smart, so young, and with so much to lose risked so much.
He was so at peace with the choice he had made and knowing that the consequences could mean the end of his life and that this was still the right decision. He believed in it, and whatever the consequences, he was willing to accept them. To meet somebody who has made those kinds of decisions is extraordinary. And to be able to document that and also how Glenn [Greenwald] stepped in and pushed for this reporting to happen in an aggressive way changed the narrative. Because Glenn and I come at it from an outsider’s perspective, the narrative unfolded in a way that nobody quite knew how to respond to. That’s why I think the government was initially on its heels. You know, it's not everyday that a whistleblower is actually willing to be identified.
TE: My guess is that Snowden has given us the feeling that we now grasp the nature of the global surveillance state that is watching us, but I always think to myself, well, he was just one guy coming out of one of 17 interlocked intelligence outfits. Given the remarkable way your film ends -- the punch line, you might say -- with another source or sources coming forward from somewhere inside that world to reveal, among other things, information about the enormous watchlist that you yourself are on, I’m curious: What do you think is still to be known? I suspect that if whistleblowers were to emerge from the top five or six agencies, the CIA, the DIA, the National Geospatial Intelligence Agency, and so on, with similar documentation to Snowden’s, we would simply be staggered by the system that's been created in our name.
LP: I can't speculate on what we don't know, but I think you're right in terms of the scale and scope of things and the need for that information to be made public. I mean, just consider the CIA and its effort to suppress the Senate’s review of its torture program. Take in the fact that we live in a country that a) legalized torture and b) where no one was ever held to account for it, and now the government's internal look at what happened is being suppressed by the CIA. That's a frightening landscape to be in.
In terms of sources coming forward, I really reject this idea of talking about one, two, three sources. There are many sources that have informed the reporting we've done and I think that Americans owe them a debt of gratitude for taking the risk they do. From a personal perspective, because I’m on a watchlist and went through years of trying to find out why, of having the government refuse to confirm or deny the very existence of such a list, it’s so meaningful to have its existence brought into the open so that the public knows there is a watchlist, and so that the courts can now address the legality of it. I mean, the person who revealed this has done a huge public service and I’m personally thankful.
TE: You’re referring to the unknown leaker who's mentioned visually and elliptically at the end of your movie and who revealed that the major watchlist you're on has more than 1.2 million names on it. In that context, what's it like to travel as Laura Poitras today? How do you embody the new national security state?
LP: In 2012, I was ready to edit and I chose to leave the U.S. because I didn't feel I could protect my source footage when I crossed the U.S. border. The decision was based on six years of being stopped and questioned every time I returned to the United States. And I just did the math and realized that the risks were too high to edit in the U.S., so I started working in Berlin in 2012. And then, in January 2013, I got the first email from Snowden.
TE: So you were protecting...
LP: ...other footage. I had been filming with NSA whistleblower William Binney, with Julian Assange, with Jacob Appelbaum of the Tor Project, people who have also been targeted by the U.S., and I felt that this material I had was not safe. I was put on a watchlist in 2006. I was detained and questioned at the border returning to the U.S. probably around 40 times. If I counted domestic stops and every time I was stopped at European transit points, you're probably getting closer to 80 to 100 times. It became a regular thing, being asked where I’d been and who I’d met with. I found myself caught up in a system you can't ever seem to get out of, this Kafkaesque watchlist that the U.S. doesn't even acknowledge.
TE: Were you stopped this time coming in?
LP: I was not. The detentions stopped in 2012 after a pretty extraordinary incident.
I was coming back in through Newark Airport and I was stopped. I took out my notebook because I always take notes on what time I'm stopped and who the agents are and stuff like that. This time, they threatened to handcuff me for taking notes. They said, "Put the pen down!" They claimed my pen could be a weapon and hurt someone.
"Put the pen down! The pen is dangerous!" And I'm like, you're not... you've got to be crazy. Several people yelled at me every time I moved my pen down to take notes as if it were a knife. After that, I decided this has gotten crazy, I'd better do something and I called Glenn. He wrote a piece about my experiences. In response to his article, they actually backed off.
TE: Snowden has told us a lot about the global surveillance structure that's been built. We know a lot less about what they are doing with all this information. I'm struck at how poorly they've been able to use such information in, for example, their war on terror. I mean, they always seem to be a step behind in the Middle East -- not just behind events but behind what I think someone using purely open source information could tell them. This I find startling. What sense do you have of what they're doing with the reams, the yottabytes, of data they're pulling in?
LP: Snowden and many other people, including Bill Binney, have said that this mentality -- of trying to suck up everything they can -- has left them drowning in information and so they miss what would be considered more obvious leads. In the end, the system they’ve created doesn't lead to what they describe as their goal, which is security, because they have too much information to process.
I don't quite know how to fully understand it. I think about this a lot because I made a film about the Iraq War and one about Guantanamo. From my perspective, in response to the 9/11 attacks, the U.S. took a small, very radical group of terrorists and engaged in activities that have created two generations of anti-American sentiment motivated by things like Guantanamo and Abu Ghraib. Instead of figuring out a way to respond to a small group of people, we've created generations of people who are really angry and hate us. And then I think, if the goal is security, how do these two things align, because there are more people who hate the United States right now, more people intent on doing us harm? So either the goal that they proclaim is not the goal or they're just unable to come to terms with the fact that we've made huge mistakes in how we've responded.
TE: I'm struck by the fact that failure has, in its own way, been a launching pad for success. I mean, the building of an unparallelled intelligence apparatus and the greatest explosion of intelligence gathering in history came out of the 9/11 failure. Nobody was held accountable, nobody was punished, nobody was demoted or anything, and every similar failure, including the one on the White House lawn recently, simply leads to the bolstering of the system.
LP: So how do you understand that?
TE: I don't think that these are people who are thinking: we need to fail to succeed. I'm not conspiratorial in that way, but I do think that, strangely, failure has built the system and I find that odd. More than that I don't know.
LP: I don't disagree. The fact that the CIA knew that two of the 9/11 hijackers were entering the United States and didn't notify the FBI and that nobody lost their job is shocking. Instead, we occupied Iraq, which had nothing to do with 9/11. I mean, how did those choices get made?
by seemslikeadream » Fri Oct 24, 2014 2:24 pm
Citizenfour’s Escape to Freedom in Russia
October 23, 2014
Exclusive: An international community of resistance has formed against pervasive spying by the U.S. National Security Agency with key enclaves in Moscow (with NSA whistleblower Edward Snowden) and in London (with WikiLeaks’ Julian Assange), way stations visited by ex-CIA analyst Ray McGovern.
By Ray McGovern
In early September in Russia, National Security Agency whistleblower Edward Snowden told me about a documentary entitled “Citizenfour,” named after the alias he used when he asked filmmaker Laura Poitras to help him warn Americans about how deeply the NSA had carved away their freedoms.
When we spoke, Snowden seemed more accustomed to his current reality, i.e., still being alive albeit far from home, than he did in October 2013 when I met with him along with fellow whistleblowers Tom Drake, Coleen Rowley and Jesselyn Radack, as we presented him with the Sam Adams Award for Integrity in Intelligence.
A year ago, the four of us spent a long, relaxing evening with Snowden – and sensed his lingering wonderment at the irony-suffused skein of events that landed him in Russia, out of reach from the U.S. government’s long arm of “justice.”
Six days before we gave Snowden the award, former NSA and CIA director Michael Hayden and House Intelligence Committee chair Mike Rogers had openly expressed their view that Snowden deserved to be on the “list,” meaning the “capture or kill” list that could have made Snowden the target of a drone strike. When I asked him if he were aware of that recent indignity, he nodded yes – with a winsome wince of incredulity.
This September, there was no drone of Damocles hanging over the relaxed lunch that the two of us shared. There were, rather, happier things to discuss. For example, I asked if he were aware that one of his co-workers in Hawaii had volunteered to Andy Greenberg of Forbes Magazine that Snowden was admired by his peers as a man of principle, as well as a highly gifted geek.
The co-worker told Greenberg: “NSA is full of smart people, but Ed … was in a class of his own. … I’ve never seen anything like it. … He was given virtually unlimited access to NSA data [because] he could do things nobody else could.”
Equally important, the former colleague pointed out that Snowden kept on his desk a copy of the U. S. Constitution to cite when arguing with co-workers against NSA activities that he thought might be in violation of America’s founding document. Greenberg’s source conceded that he or she had slowly come to understand that Snowden was trying to do the right thing and that this was very much in character, adding, “I won’t call him a hero, but he’s sure as hell no traitor.”
Snowden spoke of his former co-workers with respect and affection, noting that most of them had family responsibilities, mortgages, etc. – burdens he lacked. He told me he was very aware that these realities would make it immeasurably more difficult for them to blow the whistle on NSA’s counter-Constitutional activities, even if they were to decide they should. “But somebody had to do it,” said Snowden in a decidedly non-heroic tone, “So I guess that would be me.”
Following the intelligence world’s axiom of “need-to-know,” Snowden had been careful to protect his family and Lindsay Mills, his girlfriend, by telling no one of his plans. I found myself thinking long and hard at how difficult that must have been – to simply get out of Dodge without a word to those you love.
Perhaps he felt Mills would eventually understand when he explained why it was absolutely necessary in order to achieve his mission and have some chance of staying alive and out of prison. But, not having discussed with her his plans, how could he be sure of that?
And so, learning recently of the interim “happy-ending” arrival of Mills in Russia was like a shot in the arm for me. I thought to myself, it is possible to do the right thing, survive and not end up having to live the life of a hermit. Equally important, that reality is now out there for the world to see. What an encouragement to future whistleblowers – and to current ones, as well, for that matter.
Snowden was delighted when I told him that Bill Binney, the long-time and highly respected former NSA technical director, had just accepted the Sam Adams Award, which will be presented in 2015. It was Snowden’s own revelations that finally freed up Binney and other courageous NSA alumni to let the American public know what they had been trying, through official channels, to tell the overly timid representatives in Washington.
Seeing ‘Citizenfour’
Snowden was happy to tell me about the documentary, “Citizenfour,” explaining that during his sessions in Hong Kong with Laura Poitras, Glenn Greenwald, and The Guardian’s Ewen MacAskill, Poitras seemed to have the camera always rolling during the eight days they shared in Hong Kong – including during the grand escape from the hotel. With a broad smile, Snowden said, “Ray, when people see my makeshift disguise, well, it is going to be really hard to argue that this thing was pre-planned!”
All I have seen so far is the trailer, but I have tickets for a showing Friday night when “Citizenfour” opens in Washington and other cities. With Snowden, I figured I could wait to witness the grand escape until I saw the film itself, so I avoided asking him for additional detail. Like: ”Don’t spoil it for me, Ed.”
I was encouraged to read, in one of the movie reviews, that the documentary does allude to the key role played by Julian Assange and WikiLeaks in enabling Snowden’s escape. I had long since concluded that WikiLeaks’s role – and that of Sarah Harrison, in particular, was the sine qua non for success. I hope “Citizenfour” gives this key part of the story the prominence it deserves.
I feel it is an equal honor to spend time with Julian Assange in the Ecuadorian embassy whenever I’m in London. In early September, Assange was a welcoming host and we had a long chat over dinner while I was en route to Russia via London and Berlin. (I had been invited to present at the U.S.-Russia Forum in Moscow later last month and stayed there an extra day in order to visit with Snowden.)
I had been unaware of “Citizenfour” before visiting Assange. The film came up spontaneously when I volunteered to him that the safe extrication of Snowden from Hong Kong sits atop my gratitude list of the many things he has accomplished. That drew a very broad smile and some words about the world’s most powerful country and intelligence service, “and we still got him out!”
Assange shared how important it was not only to rescue Snowden himself but, in so doing, to provide for potential whistleblowers some real-life proof that it is possible to do the right thing and avoid spending decades in prison where WikiLeaks’ most famous source Chelsea Manning now sits. This was among the main reasons why WikiLeaks cashed in so many chips in its successful effort to bring Snowden to safety. It was surely not because Assange expected Snowden to share reportable information with WikiLeaks. He gave none.
Assange was in good spirits and hoping for some break in the Kafkaesque situation in which he has found himself for several years now (receiving asylum in Ecuador’s Embassy to avoid arrest in Great Britain and extradition to Sweden for questioning regarding alleged sexual offenses).
A Stop in Berlin
I also planned to spend a few days in Berlin to coincide with the NATO summit in Wales (Sept. 4-5). On Aug. 30, the Veteran Intelligence Professionals for Sanity sent a Memorandum to German Chancellor Angela Merkel, warning her about the dubious “intelligence” adduced to blame Russia for the troubles in Ukraine. Our memo had some resonance in German and other European media, but I was saddened to find the media in the UK and Germany as co-opted and Putin-bashing as the U.S. media.
It was 25 years after the fall of the Berlin Wall. What I said in my various talks and interviews on NATO’s reneging on its promise to Soviet leader Mikhail Gorbachev not to move NATO one inch eastward, once Germany was reunited, seemed to come as a major revelation to most listeners.
“Really?” was the predominant reaction when I explained that 25 years ago there was a unique, realistic chance for a Europe “whole and free” (in words then used by President George H. W. Bush and Gorbachev) from Portugal to the Urals. Instead, even after the collapse of the Soviet Union in 1991, Russia was excluded. NATO crept steadily east toward Russia’s border.
And last February, the U.S. and EU orchestrated a coup d’état in Kiev to foster Ukraine’s “European aspirations” to cast its lot with the West and dislodge itself from Russia’s sphere of influence. [See Consortiumnews.com’s “The Whys Behind the Ukraine Crisis.”]
The squandering of a historic chance for lasting peace in Europe remains atop the list of severe disappointments encountered during my professional life. The fact that, to this day, so few seem aware of what happened, and who was – and is – to blame, is also a major frustration.
In Berlin, consolation and affirmation came in renewing friendships there and getting to know others – many of them expatriates. First and foremost among the latter is Sarah Harrison, the main figure in executing WikiLeaks’s plan to get Snowden out of Hong Kong and onward to Latin American via Moscow, where his planned journey has so far stalled.
Because the U.S. Justice Department charged Snowden with espionage and the U.S. State Department revoked his passport, his stay in Moscow ended up being quite a long one. But Harrison stayed on for as long as seemed necessary to accompany and support Snowden, as well as to be able to testify to the fact that the Russians were not using anything like “enhanced interrogation techniques” on him.
I had last seen Harrison in Moscow at the Sam Adams Award presentation to Snowden; it was great to have a chance to chat with her over a long lunch.
Flying home from Moscow, having had lunch there with Edward Snowden, lunch in Berlin with Sarah Harrison, and dinner with Julian Assange in that little piece of Ecuadorian territory in London, what came first to mind was Polonius’s advice to Laertes: “Those friends thou hast, and their adoption tried, grapple them to thy soul with hoops of steel.”
But then, above the din of the jet engines, came a more familiar and more insistent voice. It was that of Jane Fahey, my Irish grandmother, who for some reason seemed 33,000 feet closer than usual: “Show me your company, and I’ll tell you who you are!” she would say, often – very often. I think my grandmother would be as pleased with my “company” as I am – and as grateful.
by conniption » Sun Nov 16, 2014 11:34 pm
Alternet
Snowden: "I Did What I Did Because I Believe It Is the Right Thing to Do"
In an interview the NSA leaker covers the crises in our technology and surveillance, and politics.
52 COMMENTS
November 11, 2014
On October 6, Nation editor and publisher Katrina vanden Heuvel and contributing editor Stephen F. Cohen (professor emeritus of Russian studies at New York University and Princeton) sat down in Moscow for a wide-ranging discussion with Edward Snowden. Throughout their nearly four-hour conversation, which lasted considerably longer than planned, the youthful-appearing Snowden was affable, forthcoming, thoughtful and occasionally humorous. Among other issues, he discussed the price he has paid for speaking truth to power, his definition of patriotism and accountability, and his frustration with America’s media and political system. The interview has been edited and abridged for publication, compressing lengthy conversations about technological issues that Snowden has discussed elsewhere.
continued
by seemslikeadream » Wed Dec 31, 2014 12:20 pm
THE SNOWDEN EFFECT: SEASONS GREETINGS FROM YOUR FRIENDS AT THE NSA
By Charles P. Pierce on December 26, 2014
There are holiday document dumps and there are holiday document dumps. And then there is holiday document carpet-bombing from 30,000 feet.
The heavily-redacted reports include examples of data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, according to the documents. They were posted on the NSA's website at around 1:30 p.m. on Christmas Eve. In a 2012 case, for example, an NSA analyst "searched her spouse's personal telephone directory without his knowledge to obtain names and telephone numbers for targeting," according to one report. The analyst "has been advised to cease her activities," it said.
"Advised to cease her activities" is nice. Why isn't this person being advised that her bail is $50,000, cash or bond?
Even heavily redacted -- For which, please read, "Apparently splattered with hot tar before release" -- this latest missive from the puzzle palace is another item for the bill of particulars on which the NSA, and the courageous but curiously error-prone heroes who work there -- should be arraigned in the public mind.
Other unauthorized cases were a matter of human error, not intentional misconduct. Last year, an analyst "mistakenly requested" surveillance "of his own personal identifier instead of the selector associated with a foreign intelligence target," according to another report.
Assuming we believe that anything the NSA says about its spying is the truth, and I don't any more, pleading incompetence is just as unacceptable as pleading guilty. Theses aren't some idiots from the Bureau Of Mines getting drunk at the Christmas party and humping on the office copier. (Blogs never forget.) This is a bunch of meatheads who can seriously fck with the lives of Americans with just a few keystrokes. And the weaselspeak doesn't help, either.
In 2012, an analyst conducted surveillance "on a U.S. organization in a raw traffic database without formal authorization because the analyst incorrectly believed that he was authorized to query due to a potential threat," according to the fourth-quarter report from 2012. The surveillance yielded nothing.
What's the "organization" in question? It would seem to have a cause of action here. Of course, we probably can't know what it was or else the terrorists will slaughter us as we sleep, or Australia and Indonesia will go to war, or something.
After foreign intelligence is acquired, "it must be analyzed to remove or mask certain protected categories of information, including U.S. person information, unless specific exceptions apply," the NSA said in a statement before posting the documents. The extent of that collection has never been clear. The agency said today it has multiple layers of checks in place to prevent further errors in intelligence gathering and retention. "The vast majority of compliance incidents involve unintentional technical or human error," NSA said in its executive summary. "NSA goes to great lengths to ensure compliance with the Constitution, laws and regulations."
Which is why, I suppose, these heavily redacted documents dropped on Christmas freaking Eve. Great lengths, indeed.
No, gang. You don't get gold stars for "transparency" here. You don't get gold stars for having paper policies in place with which your actual personnel are too arrogant to comply, or which your actual personnel are too stupid to understand. You don't get gold stars for advising the office gossip to cease the activities regarding spying on her spouse. What you get, or what you ought to get, is congressional oversight that squeezes you to within an inch of your life. And for those who attempt to separate the ACLU's formal request from Edward Snowden's whistleblowing, forget it. You might as well try to separate the Boston Tea Party from the Second Continental Congress.
by seemslikeadream » Sat Jan 10, 2015 10:30 am
Snowden Claims U.S. Policy Is Creating A Black Market For Digital Weapons
Posted yesterday by Sarah Buhr (@sarahbuhr)
Edward Snowden says in a new interview with NOVA Next that the U.S. government wrongly promotes cyber offense strategies at the expense of weakening the system and leaving it open to cyber attacks from the black market.
“We’re creating a class of Internet security researchers who research vulnerabilities, but then instead of disclosing them to the device manufacturers to get them fixed and to make us more secure, they sell them to secret agencies,” Snowden says. “They sell them on the black market to criminal groups to be able to exploit these to attack targets. And that leaves us much less secure, not just on an individual level, but on a broad social level; on a broad economic level. And beyond that, it creates a new black market for computer weapons, basically digital weapons.”
Snowden points out that the White House’s own independent review panels have shown that not a single program has stopped an imminent terrorist attack on the United States. He does not believe the public is aware of just how disastrous these policies could backfire and questions the value of such programs that leave our own information vulnerable.
Snowden also points out that other countries such as Iran are ahead of us in realizing the problem:
“But it is important to highlight that we really started this trend in many ways when we launched the Stuxnet campaign against the Iranian nuclear program. It actually kicked off a response, sort of retaliatory action from Iran, where they realized they had been caught unprepared. They were far behind the technological curve as compared to the United States and most other countries. And this is happening across the world nowadays, where they realize that they’re caught out. They’re vulnerable. They have no capacity to retaliate to any sort of cyber campaign brought against them.”
We spend much more on research and development, compared to the rest of the world. So when it comes to our cyber security says Snowden, “We have more to lose than any other nation on Earth.”
Snowden said he didn’t want to overhype the problem, “Nobody’s going to press a key on their keyboard and bring down the government.” But he did emphasize that the threats from foreign governments were real and that we should be focusing more on the defense of our own information than focusing on others.
Snowden was interviewed for NOVA Next from Russia, where he has lived since releasing documents showing the U.S. had been spying on citizens through several technology companies. He is wanted in the U.S. on criminal charges for theft and misuse of classified information. Snowden dismissed former CIA director Michael Hayden’s predictions that he would wind up a sad and miserable drunk in Russia. Snowden said he only drinks water and that the country was actually great. “Yeah, I know. It’s crazy,” he told interviewer James Bamford.
Exclusive: Edward Snowden on Cyber Warfare
By James Bamford and Tim De Chant on Thu, 08 Jan 2015
Cyber warfare used to be the stuff of sci-fi movies and military exercises. But with the advent of the Stuxnet worm, the Sony Pictures hacking—which was allegedly carried out with the backing of the North Korean government—and this week’s assault on German government websites, large-scale cyber attacks with suspected ties to nation states are growing increasingly prevalent.
Few people have lifted the veil on cyber warfare like Edward Snowden, a former NSA contractor who leaked a massive number of documents to the press.
Highlights from Edward Snowden's interview with NOVA
Last June, journalist James Bamford, who is working with NOVA on a new film about cyber warfare that will air in 2015, sat down with Snowden in a Moscow hotel room for a lengthy interview. In it, Snowden sheds light on the surprising frequency with which cyber attacks occur, their potential for destruction, and what, exactly, he believes is at stake as governments and rogue elements rush to exploit weaknesses found on the internet, one of the most complex systems ever built by humans. The following is an unedited transcript of their conversation.
James Bamford: Thanks very much for coming. I really appreciate this. And it’s really interesting—the very day we’re meeting with you, this article came out in The New York Times, seemed to be downplaying the potential damage, which they really seem to have hyped up in the original estimate. What did you think of this article today?
Edward Snowden: So this is really interesting. It’s the new NSA director saying that the alleged damage from the leaks was way overblown. Actually, let me do that again.
So this is really interesting. The NSA chief in this who replaced Keith Alexander, the former NSA director, is calling the alleged damage from the last year’s revelations to be much more insignificant than it was represented publicly over the last year. We were led to believe that the sky was going to fall, that the oceans were going to boil off, the atmosphere was going to ignite, the world would end as we know it. But what he’s saying is that it does not lead him to the conclusion that the sky is falling.
And that’s a significant departure from the claims of the former NSA director, Keith Alexander. And it’s sort of a pattern that we’ve seen where the only U.S. officials who claim that these revelations cause damage rather than serve the public good were the officials that were personally embarrassed by it. For example, the chairs of the oversight committees in Congress, the former NSA director himself.
But we also have, on the other hand, the officials on the White House’s independent review panels who said that these programs had never been shown to stop even a single imminent terrorist attack in the United States, and they had no value. So how could it be that these programs were so valuable that talking about them, revealing them to the public would end the world if they hadn’t stopped any attacks?
But what we’re seeing and what this article represents is that the claims of harm that we got last year were not accurate and could in fact be claimed to be misleading, and I think that’s a concern. But it is good to see that the director of NSA himself now today, with full access to classified information, is beginning to come a little bit closer to the truth, getting a little bit closer to the President’s viewpoint on that, which is this discussion that we’ve had over the last year doesn’t hurt us. It makes us stronger. So thanks for showing that.
Bamford: Thanks. One other thing that the article gets into, which is what we’re talking about here today, is the article quotes the new NSA director, who is also the commander of Cyber Command, as basically saying that it’s possible in the future that these cyber weapons will become sort of normal military weapons, and they’ll be treated sort of like guided missiles or cruise missiles and so forth.
Snowden: Cruise missiles or drones.
Bamford: What are your thoughts about that, having spent time in this whole line of work yourself?
Snowden: I think the public still isn’t aware of the frequency with which these cyber-attacks, as they’re being called in the press, are being used by governments around the world, not just the US. But it is important to highlight that we really started this trend in many ways when we launched the Stuxnet campaign against the Iranian nuclear program. It actually kicked off a response, sort of retaliatory action from Iran, where they realized they had been caught unprepared. They were far behind the technological curve as compared to the United States and most other countries. And this is happening across the world nowadays, where they realize that they’re caught out. They’re vulnerable. They have no capacity to retaliate to any sort of cyber campaign brought against them.
The Iranians targeted open commercial companies of U.S. allies. Saudi Aramco, the oil company there—they sent what’s called a wiper virus, which is actually sort of a Fisher Price, baby’s first hack kind of a cyber-campaign. It’s not sophisticated. It’s not elegant. You just send a worm, basically a self-replicating piece of malicious software, into the targeted network. It then replicates itself automatically across the internal network, and then it simply erases all of the machines. So people go into work the next day and nothing turns on. And it puts them out of business for a period of time.
But with enterprise IT capabilities, it’s not trivial, but it’s not impossible to restore a company to working order in fairly short time. You can image all of the work stations. You can restore your backups from tape. You can perform what’s called bare metal restores, where you get entirely new hardware that matches your old hardware, if the hardware itself was broken, and just basically paint it up, restore the data just like the original target was, and you’re back in the clear. You’re moving along.
Now, this is something that people don’t understand fully about cyber-attacks, which is that the majority of them are disruptive, but not necessarily destructive. One of the key differentiators with our level of sophistication and nation-level actors is they’re increasingly pursuing the capability to launch destructive cyber-attacks, as opposed to the disruptive kinds that you normally see online, through protestors, through activists, denial of service attacks, and so on. And this is a pivot that is going to be very difficult for us to navigate.
Bamford: Let me ask you about that, because that is the focus of the program here. It’s a focus because very few people have ever discussed this before, and it’s the focus because the U.S. launched their very first destructive cyber-attack, the Stuxnet attack, as you mentioned, in Iran. Can you just tell me what kind of a milestone that was for the United States to launch their very first destructive cyber-attack?
Snowden: Well, it’s hard to say it’s the first ever, because attribution is always hard with these kind of campaigns. But it is fair to say that it was the most sophisticated cyber-attack that anyone had ever seen at the time. And the fact that it was launched as part of a U.S. authorized campaign did mark a radical departure from our traditional analysis of the levels of risks we want to assume for retaliation.
When you use any kind of internet based capability, any kind of electronic capability, to cause damage to a private entity or a foreign nation or a foreign actor, these are potential acts of war. And it’s critical we bear in mind as we discuss how we want to use these programs, these capabilities, where we want to draw the line, and who should approve these programs, these decisions, and at what level, for engaging in operations that could lead us as a nation into a war.
The reality is if we sit back and allow a few officials behind closed doors to launch offensive attacks without any oversight against foreign nations, against people we don’t like, against political groups, radicals, and extremists whose ideas we may not agree with, and could be repulsive or even violent—if we let that happen without public buy-in, we won’t have any seat at the table of government to decide whether or not it’s appropriate for these officials to drag us into some kind of war activity that we don’t want, but we weren’t aware of at the time.
Bamford: And what you seem to be talking about also is the blowback effect. In other words, if we launch an attack using cyber warfare, a destructive attack, we run the risk of having been the most industrialized and electronically connected country in the world, that that’s a major problem for the US. Is that your thinking?
Snowden: I do agree that when it comes to cyber warfare, we have more to lose than any other nation on earth. The technical sector is the backbone of the American economy, and if we start engaging in these kind of behaviors, in these kind of attacks, we’re setting a standard, we’re creating a new international norm of behavior that says this is what nations do. This is what developed nations do. This is what democratic nations do. So other countries that don’t have as much respect for the rules as we do will go even further.
And the reality is when it comes to cyber conflicts between, say, America and China or even a Middle Eastern nation, an African nation, a Latin American nation, a European nation, we have more to lose. If we attack a Chinese university and steal the secrets of their research program, how likely is it that that is going to be more valuable to the United States than when the Chinese retaliate and steal secrets from a U.S. university, from a U.S. defense contractor, from a U.S. military agency?
We spend more on research and development than these other countries, so we shouldn’t be making the internet a more hostile, a more aggressive territory. We should be cooling down the tensions, making it a more trusted environment, making it a more secure environment, making it a more reliable environment, because that’s the foundation of our economy and our future. We have to be able to rely on a safe and interconnected internet in order to compete.
Bamford: Where do you see this going in terms of destruction? In Iran, for example, they destroyed the centrifuges. But what other types of things might be targeted? Power plants or dams? What do you see as the ultimate potential damage that could come from the cyber warfare attack?
Snowden: When people conceptualize a cyber-attack, they do tend to think about parts of the critical infrastructure like power plants, water supplies, and similar sort of heavy infrastructure, critical infrastructure areas. And they could be hit, as long as they’re network connected, as long as they have some kind of systems that interact with them that could be manipulated from internet connection.
However, what we overlook and has a much greater value to us as a nation is the internet itself. The internet is critical infrastructure to the United States. We use the internet for every communication that businesses rely on every day. If an adversary didn’t target our power plants but they did target the core routers, the backbones that tie our internet connections together, entire parts of the United States could be cut off. They could be shunted offline, and we would go dark in terms of our economy and our business for minutes, hours, days. That would have a tremendous impact on us as a society and it would have a policy backlash.
The solution, however, is not to give the government more secret authorities to put kill switches and monitors and snooping devices on the internet. It’s to reorder our priorities for how we deal with threats to the security of our critical infrastructure, for our electronic infrastructure. And what that means is taking bodies like the National Security Agency that have traditionally been about securing the nation and making sure that that’s their first focus.
In the last 10 years, we’ve seen—in the last 10 years, we’ve seen a departure from that traditional role of signals intelligence gathering overseas that’s related to responding to threats that are—
Bamford: Take your time.
Snowden: Right. What we’ve seen over the last decade is we’ve seen a departure from the traditional work of the National Security Agency. They’ve become sort of the national hacking agency, the national surveillance agency. And they’ve lost sight of the fact that everything they do is supposed to make us more secure as a nation and a society.
The National Security Agency has two halves, one that handles defense and one that handles offense. Michael Hayden and Keith Alexander, the former directors of NSA, they shifted those priorities, because when they went to Congress, they saw they could get more budget money if they advertised their success in attacking, because nobody is ever really interested in doing the hard work of defense.
But the problem is when you deprioritize defense, you put all of us at risk. Suddenly, policies that would have been unbelievable, incomprehensible even 20 years ago are commonplace today. You see decisions being made by these agencies that authorize them to install backdoors into our critical infrastructure, that allow them to subvert the technical security standards that keep your communication safe when you’re visiting a banking website online or emailing a friend or logging into Facebook.
And the reality is, when you make those systems vulnerable so that you can spy on other countries and you share the same standards that those countries have for their systems, you’re also making your own country more vulnerable to the same attacks. We’re opening ourselves up to attack. We’re lowering our shields to allow us to have an advantage when we attack other countries overseas, but the reality is when you compare one of our victories to one of their victories, the value of the data, the knowledge, the information gained from those attacks is far greater to them than it is to us, because we are already on top. It’s much easier to drag us down than it is to grab some incremental knowledge from them and build ourselves up.
Bamford: Are you talking about China particularly?
Snowden: I am talking about China and every country that has a robust intelligence collection program that is well-funded in the signals intelligence realm. But the bottom line is we need to put the security back in the National Security Agency. We can’t have the national surveillance agency. We’ve got to go—look, the most important thing to us is not being able to attack our adversaries, the most important thing is to be able to defend ourselves. And we can’t do that as long as we’re subverting our own security standards for the sake of surveillance.
Bamford: That is a very strange combination, where you have one half of the NSA, the Information Assurances Directorate, which is charged with protecting the country from cyber-attacks, coexisting with the Signals Intelligence Directorate and the Cyber Command, which is pretty much focused on creating weaknesses. Can you just tell me a little bit about how that works, the use of vulnerabilities and implants and exploits?
Snowden: So broadly speaking, there are a number of different terms that are used in the CNO, computer networks operations world.
Broadly speaking, there are a number of different terms that are used to define the vernacular in the computer network operations world. There’s CNA, computer network attack, which is to deny, degrade, or destroy the functioning of a system. There’s CND, computer network defense, which is protecting systems, which is noticing vulnerabilities, noticing intrusions, cutting them off, and repairing them, patching the holes. And there’s CNE, computer network exploitation, which is breaking into a system and leaving something behind, this sort of electronic ear that will allow you to monitor everything that’s happening from that point forward. CNE is typically used for espionage, for spying.
To achieve these goals, we use things like exploits, implants, vulnerabilities, and so on. A vulnerability is a weakness in a system, where a computer program has a flaw in its code that, when it thinks it’s going to execute a normal routine task, it’s actually been tricked into doing something the attacker asks it to do. For example, instead of uploading a file to display a picture online, you could be uploading a bit of code that the website will then execute.
edward-snowden-nova
Edward Snowden in his interview with NOVA
Or instead of logging into a website, you could enter code into the username field or into the password field, and that would crash through the boundaries of memory—that were supposed to protect the program—into the executable space of computer instructions. Which means when the computer goes through its steps of what is supposed to occur, it goes, I’m looking for user login. This is the username. This is the password. And then when it should go, check to see that these are correct, if you put something that was too long in the password field, it actually overwrites those next instructions for the computer. So it doesn’t know it’s supposed to check for a password. Instead, it says, I’m supposed to create a new user account with the maximum privileges and open up a port for the adversary to access my network, and then so on and so forth.
Vulnerabilities are generally weaknesses that can be exploited. The exploit itself are little shims of computer code that allow you to run any sort of program you want.
Exploits are the shims of computer code that you wedge into vulnerabilities to allow you to take over a system, to gain access to them, to tell that system what you wanted to do. The payload or implant follows behind the exploit. The exploit is what wedges you into the system. The payload is the instructions that are left behind. Now, those instructions often say install an implant.
The implant is an actual program that runs—it stays behind after the exploit has occurred—and says, tell me all of the files on this machine. Make a list of all of the users. Send every new email or every new keystroke that’s been recorded on this program each day to my machine as the attacker, or really anything you can imagine. It can also tell nuclear centrifuges to spin up to the maximum RPM and then spin down quickly enough that no one notices. It can tell a power plant to go offline.
Or it could say, let me know what this dissident is doing day to day, because it lives on their cell phone and it keeps track of all their movements, who they call, who they’re associating with, what wireless device it’s nearby. Really an exploit is only limited—or not an exploit. An implant is only limited by the imagination. Anything you can program a computer to do, you can program an implant to do.
Bamford: So you have the implant, and then you have the payload, right?
Snowden: The payload includes the implant. The exploit is what basically breaks into the vulnerability. The payload is what the exploit runs, and that is basically some kind of executable code. And the implant is a payload that’s left behind long term, some kind of basically listening program, some spying program, or some kind of a destructive program.
Bamford: Interviewing you is like doing power steering. I don’t have to pull this out.
Snowden: Yeah, sorry, I get a little ramble-y on my answers, and the political answers aren’t really strong, but I’m not a politician, so I’m just trying my best on these.
Bamford: This isn’t nightly news, so we’ve got an hour.
Snowden: Yeah, I hope you guys cut this so it’s not so terrible.
Producer: We’ve got two cameras, and we can carve your words up.
Snowden: (laughter) Great.
Producer: But we won’t.
Bamford: Should mention this implant now—the implant sounds a bit like what used to be sleeper agents back in the old days of the Cold War, where you have an agent that’s sitting there that can do anything. It can do sabotage. It can do espionage. It can do whatever. And looking at one of those slides that came out, what was really fascinating was the fact that the slide was a map of the world, and they had little yellow dots on it. The little yellow dots were indicated as CNEs, computer network exploitation. And you expect to see them in North Korea, China, different places like that. But what was interesting when we looked at it was there were quite a few actually in Brazil, for example, and other places that were friendly countries. Any idea why the U.S. would want to do something like that?
Snowden: So the way the United States intelligence community operates is it doesn’t limit itself to the protection of the homeland. It doesn’t limit itself to countering terrorist threats, countering nuclear proliferation. It’s also used for economic espionage, for political spying to gain some knowledge of what other countries are doing. And over the last decade, that sort of went too far.
No one would argue that it’s in the United States’ interest to have independent knowledge of the plans and intentions of foreign countries. But we need to think about where to draw the line on these kind of operations so we’re not always attacking our allies, the people we trust, the people we need to rely on, and to have them in turn rely on us. There’s no benefit to the United States hacking Angela Merkel’s cell phone. President Obama said if he needed to know what she was thinking, he would just pick up the phone and call her. But he was apparently allegedly unaware that the NSA was doing precisely that. These are similar things we see happening in Brazil and France and Germany and all these other countries, these allied nations around the world.
And we also need to remember that when we talk about computer network exploitation, computer network attack, we’re not just talking about your home PC. We’re not just talking about a control system in a factory somewhere. We’re talking about your cell phone, and we’re also talking about internet routers themselves. The NSA and its sister agencies are attacking the critical infrastructure of the internet to try to take ownership of it. They hack the routers that connect nations to the internet itself.
And this is dangerous for a number of reasons. It does provide us a real intelligence advantage, but at the same time, it’s a serious risk. If one of these hacking operations goes wrong, and this has happened in the past, and it’s a core router that connects all of the internet service providers for an entire country to the internet, we’ve blacked out that entire nation from online access until that problem can be corrected. And these routers are not your little Linksys, D-Link routers sitting at home. We’re talking $60,000, $600,000, $6 million devices, complexes, that are not easy to fix, and they don’t have an off the shelf replacement that’s ready to swap in.
So we need to be very careful, and we need to make sure that whenever we’re engaging in a cyber-warfare campaign, a cyber-espionage campaign in the United States, that we understand the word cyber is used as a euphemism for the internet, because the American public would not be excited to hear that we’re doing internet warfare campaigns, internet espionage campaigns, because we realize that we ourselves are impacted by it. The internet is shared critical infrastructure for everyone on earth. It’s not supposed to be a domain of warfare. We’re not supposed to be putting our economy on the frontlines in the battleground. But that’s increasingly what’s happening today.
So we need to put processes, policies, and procedures in place with real laws that forbid going beyond the borders of what’s reasonable to ensure that the only time that we and other countries around the world exercise these authorities are when it is absolutely necessary, there’s not alternative means of achieving the appropriate outcome, and it’s proportionate to the threat. We shouldn’t be putting an entire nation’s infrastructure at risk to spy on one company, to spy on one person. But increasingly, we see that happening more and more today.
Bamford: You mentioned the problems, the dangers involved if you’re trying to put an exploit into some country’s central nervous system when it comes to the internet. For example in Syria, there was a time when everything went down, and that was blamed on the president of Syria, Bashar al-Assad. Did you have any particular knowledge of that?
Snowden: I don’t actually want to get into that one on camera, so I’ll have to demur on that.
Bamford: Can you talk around it somehow?
Snowden: What I would say is when you’re attacking a router on the internet, and you’re doing it remotely, it’s like trying to shoot the moon with a rifle. Everything has to happen exactly right. Every single variable has to be controlled and precisely accounted for. And that’s not possible to do when you have limited knowledge of the target you’re attacking.
So if you’ve got this gigantic router that you’re trying to hack, and you want to hack it in a way that’s undetectable by the systems administrators for that device, you have to get below the operating system level of that device, of that router. Not where it says here are the rules, here are the user accounts, here are the routes and the proper technical information that everybody who’s administering this device should have access to. Down onto the firmware level, onto the hardware control level of the device that nobody ever sees, because it’s sort of a dark place.
The problem is if you make a mistake when you’re manipulating the hardware control of a device, you can do what’s called bricking the hardware, and it turns it from a $6 million internet communications device to a $6 million paperweight that’s in the way of your entire nation’s communications. And that’s something that all I can say is has happened in the past.
Bamford: When we were in Brazil, we were shown this major internet connection facility. It was the largest internet hub in the southern hemisphere, and it’s sitting in Brazil. And the Brazilians had a lot of concern, because again, they saw the slide that showed all this malware being planted in Brazil. Is that a real concern that they should have, the fact that they’ve, number one, got this enormous internet hub sitting right in Sao Paulo, and then on the second hand, they’ve got NSA flooding the country with malware?
Snowden: The internet exchange is sort of the core points where all of the international cables come together, where all of the internet service providers come together, and they trade lines with each other, where we move from separate routes, separate highways on the internet into one coherent traffic circle where everybody can get on and off on the exit they want. These are priority one targets for any sort of espionage agency, because they provide access to so many people’s communications.
Internet exchanges and internet service providers—international fiber optic landing points—these are the key tools that governments go after in order to enable their programs of mass surveillance. If they want to be able to watch the entire population of a country instead of a single individual, you have to go after those bulk interchanges. And that’s what’s happening.
So it is a real threat, and the only way that can be accounted for is to make sure that there’s some kind of independent control and auditing, some sort of routine forensic investigations into these devices, to ensure that not only were they secure when they were installed, but they hadn’t been monitored or tampered with or changed in any way since that last audit occurred. And that requires doing things like creating mathematical proofs called hashes of the validity of the actual hardware signature and software signatures on these devices and their hardware.
Bamford: Another area—you mentioned the presidential panel that looked into all these areas that are of concern now, which you’ve basically brought out these areas. And the presidential panel came out with I think 46 different recommendations. One of those recommendations dealt with restricting the use or cutting back or maybe even doing away with the idea of going after zero-day exploits. Can you tell me a little bit about your fears that you may have of the U.S. creating this market of zero-day exploits?
Snowden: So a zero-day exploit is a method of hacking a system. It’s sort of a vulnerability that has an exploit written for it, sort of a key and a lock that go together to a given software package. It could be an internet web server. It could be Microsoft Office. It could be Adobe Reader or it could be Facebook. But these zero-day exploits—they’re called zero-days because the developer of the software is completely unaware of them. They haven’t had any chance to react, respond, and try to patch that vulnerability away and close it.
The danger that we face in terms of policy of stockpiling zero-days is that we’re creating a system of incentives in our country and for other countries around the world that mimic our behavior or that see it as a tacit authorization for them to perform the same sort of operations is we’re creating a class of internet security researchers who research vulnerabilities, but then instead of disclosing them to the device manufacturers to get them fixed and to make us more secure, they sell them to secret agencies.
They sell them on the black market to criminal groups to be able to exploit these to attack targets. And that leaves us much less secure, not just on an individual level, but on a broad social level, on a broad economic level. And beyond that, it creates a new black market for computer weapons, basically digital weapons.
And there’s a little bit of a free speech issue involved in regulating this, because people have to be free to investigate computer security. People have to be free to look for these vulnerabilities and create proof of concept code to show that they are true vulnerabilities in order for us to secure our systems. But it is appropriate to regulate the use and sale of zero-day exploits for nefarious purposes, in the same way you would regulate any other military weapon.
And today, we don’t do that. And that’s why we see a growing black market with companies like Endgame, with companies like Vupen, where all they do—their entire business model is finding vulnerabilities in the most critical infrastructure software packages we have around the internet worldwide, and instead of fixing those vulnerabilities, they tear them open and let their customers walk in through them, and they try to conceal the knowledge of these zero-day exploits for as long as possible to increase their commercial value and their revenues.
Bamford: Now, of those 46 recommendations, including the one on the zero-day exploits that the panel came up with, President Obama only approved maybe five or six at the most of those 46 recommendations, and he didn’t seem to talk at all about the zero-day exploit recommendation. What do you think of that, the fact that that was sort of ignored by the President?
Snowden: I can’t comment on presidential policies. That’s a landmine for me. I would recommend you ask Chris Soghoian at the ACLU, American Civil Liberties Union, and he can get you any quote you want on that. You don’t need me to speak to that point, but you’re absolutely right that where there’s smoke, there’s fire, as far as that’s concerned.
Bamford: Well, as someone who has worked at the NSA, been there for a long time, during that time you were there, they created this entire new organization called Cyber Command. What are your thoughts on the creation of this new organization that comes just like the NSA, under the director of NSA? Again, backing up, the director of NSA for ever since the beginning was only three stars, and now he’s a four star general, or four star admiral, and he’s got this enormous largest intelligence agency in the world, the NSA, under him, and now he’s got Cyber Command. What are your thoughts on that, having seen this from the inside?
Snowden: There was a strong debate last year about whether or not the National Security Agency and Cyber Command should be split into two independent agencies, and that was what the President’s independent review board suggested was the appropriate method, because when you have an agency that’s supposed to be defensive married to an agency that’s entire purpose in life is to break things and set them on fire, you’ve got a conflict of interest that is really going to reduce the clout of the defensive agency, while the offensive branch gains more clout, they gain more budget dollars, they gain more billets and personnel assignments.
So there’s a real danger with that happening. And Cyber Command itself has always existed in a—Cyber Command itself has always been branded in a sort of misleading way from its very inception. The director of NSA, when he introduced it, when he was trying to get it approved, he said he wanted to be clear that this was not a defensive team. It was a defend the nation team. He’s saying it’s defensive and not defensive at the same time.
Now, the reason he says that is because it’s an attack agency, but going out in front of the public and asking them to approve an aggressive warfare focused agency that we don’t need is a tough sell. It’s much better if we say, hey, this is for protecting us, this is for keeping us safe, even if all it does every day is burn things down and break things in foreign countries that we aren’t at war with.
So there’s a real careful balance that needs to be struck there that hasn’t been addressed yet, but so long as the National Security Agency and Cyber Command exist under one roof, we’ll see the offensive side of their business taking priority over the defensive side of the business, which is much more important for us as a country and as a society.
Bamford: And you mentioned earlier, if we could just go back a little bit over this again, how much more money is going to the cyber offensive time than going to the cyber defensive side. Not only more money, but more personnel, more attention, more focus.
Snowden: I didn’t actually get the question on that one.
Bamford: I just wondered if you could just elaborate a little bit more on that. Again, we have Cyber Command and we have the Information Assurance Division and so forth, and there’s far more money and personnel and emphasis going on the cyber warfare side than the defensive side.
Snowden: I think the key point in analyzing the balance and where we come out in terms of offense versus defense at the National Security Agency and Cyber Command is that, more and more, what we’ve read in the newspapers and what we see debating in Congress, the fact the Senate is now trying to put forward a bill called CISPA, the Cyber Intelligence Sharing—I don’t even know what it’s called—let me take that back.
We see more and more things occurring like the Senate putting forward a bill called CISPA, which is for cyber intelligence sharing between private companies and government agencies, where they’re trying to authorize not just the total immunity, a grant of total immunity, to private companies if they share the information on all of their customers, on all the American citizens and whatnot that are using their services, with intelligence agencies, under the intent that that information be used to protect them.
Congress is also trying to immunize companies in a way that will allow them to invite groups like the National Security Agency or the FBI to voluntarily put surveillance devices on their internal networks, with the stated intent being to detect cyber-attacks as they occur and be able to respond to them. But we’re ceding a lot of authority there. We’re immunizing companies from due diligence and protecting their customers’ privacy rights.
Actually, this is a point that’s way too difficult to make in the interview. Let me dial back out of that.
What we see more and more is sort of a breakdown in the National Security Agency. It’s becoming less and less the National Security Agency and more and more the national surveillance agency. It’s gaining more offensive powers with each passing year. It’s gained this new Cyber Command that’s under the director of NSA that by any measure should be an entirely separate organization because it has an entirely separate mission. All it does is attack.
And that’s putting us, both as a nation and an economy, in a state of permanent vulnerability and permanent risk, because when we lose a National Security Agency and instead get an offensive agency, we get an attack agency in its place, all of our eyes are looking outward, but they’re not looking inward, where we have the most to lose. And this is how we miss attacks time and time again. This results in intelligence failures such as the Boston Marathon bombings or the underwear bomber, Abdul Farouk Mutallab (sic).
In recent years, the majority of terrorist attacks that have been disrupted in the United States have been disrupted due to things like the Time Square bomber, who was caught by a hotdog vendor, not a mass surveillance program, not a cyber-espionage campaign.
So when we cannibalize dollars from the defensive business of the NSA, securing our communications, protecting our systems, patching zero-day vulnerabilities, and instead we’re giving those dollars to them to be used for creating new vulnerabilities in our systems so that they can surveil us and other people abroad who use the same systems. When we give those dollars to subvert our encryption methods so we don’t have any more privacy online and we apply all of that money to attacking foreign countries, we’re increasing the state of conflict, not just in diplomatic terms, but in terms of the threat to our critical infrastructure.
When the lights go out at a power plant sometime in the future, we’re going to know that that’s a consequence of deprioritizing defense for the sake of an advantage in terms of offense.
Bamford: One other problem I think is that people think that, as you mentioned—just to sort of clarify this—people out there that don’t really follow this that closely think that the whole idea of Cyber Command was to protect the country from cyber-attacks. Is that a misconception, the fact that these people think that the whole idea of Cyber Command is to protect them from cyber-attack?
Snowden: Well, if you ask anybody at Cyber Command or look at any of the job listings for openings for their positions, you’ll see that the one thing they don’t prioritize is computer network defense. It’s all about computer network attack and computer network exploitation at Cyber Command. And you have to wonder, if these are people who are supposed to be defending our critical infrastructure at home, why are they spending so much time looking at how to attack networks, how to break systems, and how to turn things off? I don’t think it adds up as representing a defensive team.
Bamford: Now, also looking a little bit into the future, it seems like there’s a possibility that a lot of this could be automated, so that when the Cyber Command or NSA sees a potential cyber-attack coming, there could be some automatic devices that would in essence return fire. And given the fact that it’s so very difficult to—or let me back up. Given the fact that it’s so easy for a country to masquerade where an attack is coming from, do you see a problem where you’re automating systems that automatically shoot back, and they may shoot back at the wrong country, and could end up starting a war?
Snowden: Right. So I don’t want to respond to the first part of your question, but the second part there I can use, which is relating to attribution and automated response. Which is that the—it’s inherently dangerous to automate any kind of aggressive response to a detected event because of false positives.
Let’s say we have a defensive system that’s tied to a cyber-attack capability that’s used in response. For example, a system is created that’s supposed to detect cyber-attacks coming from Iran, denial of service attacks brought against a bank. They detect what appears to be an attack coming in, and instead of simply taking a defensive action, instead of simply blocking it at the firewall and dumping that traffic so it goes into the trash can and nobody ever sees it—no harm—it goes a step further and says we want to stop the source of that attack.
So we will launch an automatic cyber-attack at the source IP address of that traffic stream and try to take that system online. We will fire a denial of service attack in response to it, to destroy, degrade, or otherwise diminish their capability to act from that.
But if that’s happening on an automated basis, what happens when the algorithms get it wrong? What happens when instead of an Iranian attack, it was simply a diagnostic message from a hospital? What happens when it was actually an attack created by an independent hacker, but you’ve taken down a government office that the hacker was operating from? That wasn’t clear.
What happens when the attack hits an office that a hacker from a third country had hacked into to launch that attack? What if it was a Chinese hacker launching an attack from an Iranian computer targeting the United States? When we retaliate against a foreign country in an aggressive manner, we the United States have stated in our own policies that’s an act of war that justifies a traditional kinetic military response.
We’re opening the doors to people launching missiles and dropping bombs by taking the human out of the decision chain for deciding how we should respond to these threats. And this is something we’re seeing more and more happening in the traditional means as our methods of warfare become increasingly automated and roboticized such as through drone warfare. And this is a line that we as a society, not just in the United States but around the world, must never cross. We should never allow computers to make inherently governmental decisions in terms of the application of military force, even if that’s happening on the internet.
Bamford: And Richard Clarke has said that it’s more important for us to defend ourselves against attacks from China than to attack China using cyber tools. Do you agree with that?
Snowden: I strongly agree with that. The concept there is that there’s not much value to us attacking Chinese systems. We might take a few computers offline. We might take a factory offline. We might steal secrets from a university research programs, and even something high-tech. But how much more does the United States spend on research and development than China does? Defending ourselves from internet-based attacks, internet-originated attacks, is much, much more important than our ability to launch attacks against similar targets in foreign countries, because when it comes to the internet, when it comes to our technical economy, we have more to lose than any other nation on earth.
Bamford: I think you said this before, but in the past, the U.S. has actually used cyber warfare to attack things like hospitals and things like that in China?
Snowden: So they’re not cyber warfare capabilities. They’re CNE, computer network exploitation.
Bamford: Yeah, if you could just explain that a little.
Snowden: I’m not going to get into that on camera. But what the stories showed and what you can sort of voice over is that Chinese universities—not just Chinese, actually—scratch that—is that the National Security Agency has exploited internet exchanges, internet service providers, including in Belgium—the Belgacom case— through their allies at GCHQ and the United Kingdom. They’ve attacked universities, hospitals, internet exchange points, internet service providers—the critical infrastructure that all of us around the world rely on.
And it’s important to remember when you start doing things like attacking hospitals, when you start doing things like attacking universities, when you start attacking things like internet exchange points, when something goes wrong, people can die. If a hospital’s infrastructure is affected, lifesaving equipment turns off. When an internet exchange point goes offline and voice over IP calls with the common method of communication—cell phone networks rout through internet communications points nowadays—people can’t call 911. Buildings burn down. All because we wanted to spy on somebody.
So we need to be very careful about where we draw the line and what is absolutely necessary and proportionate to the threat that we face at any given time. I don’t think there’s anything, any threat out there today that anyone can point to, that justifies placing an entire population under mass surveillance. I don’t think there’s any threat that we face from some terrorist in Yemen that says we need to hack a hospital in Hong Kong or Berlin or Rio de Janeiro.
Bamford: I know we’re on a time limit here, but are there questions that I haven’t—
Producer: Let’s take a two minute break here.
Bamford: One of the most interesting things about the Stuxnet attack was that the President—both President Bush and President Obama—were told don’t worry, this won’t be detected by anybody. There’ll be no return address on this. And number two, it won’t escape from the area that they’re focusing it anyway, the centrifuges. Both of those proved wrong, and the virus did escape, and it was detected, and then it was traced back to the United States. So is this one of the big dangers, the fact that the President is told is these things, the President doesn’t have the capability to look into every technical issue, and then these things can wind up hitting us back in the face?
Snowden: The problem is the internet is the most complex system that humans have ever invented. And with every internet enabled operation that we’ve seen so far, all of these offensive operations, we see knock on effects. We see unintended consequences. We see emergent behavior, where when we put the little evil virus in the big pool of all our private lives, all of our private systems around the internet, it tends to escape and go Jurassic Park on us. And as of yet, we’ve found no way to prevent that. And given the complexity of these systems, it’s very likely that we never will.
What we need to do is we need to create new international standards of behavior—not just national laws, because this is a global problem. We can’t just fix it in the United States, because there are other countries that don’t follow U.S. laws. We have to create international standards that say these kind of things should only ever occur when it is absolutely necessary, and that the response that the operation is tailored to be precisely restrained and proportionate to the threat faced. And that’s something that today we don’t have, and that’s why we see these problems.
Bamford: Another problem is, back in the Cold War days—and most people are familiar with that—when there was a fairly limited number of countries that could actually develop nuclear weapons. There were a handful of countries basically that could have the expertise, take the time, find the plutonium, put a nuclear weapon together. Today, the world is completely different, and you could have a small country like Fiji with the capability of doing cyber warfare. So it isn’t limited like it was in those days to just a handful of countries. Do you see that being a major problem with this whole idea of getting into cyber warfare, where so many countries have the capability of doing cyber warfare, and the U.S. being the most technologically vulnerable country?
Snowden: Yeah, you’re right. The problem is that we’re more reliant on these technical systems. We’re more reliant on the critical infrastructure of the internet than any other nation out there. And when there’s such a low barrier to entering the domain of cyber-attacks—cyber warfare as they like to talk up the threat—we’re starting a fight that we can’t win.
Every time we walk on to the field of battle and the field of battle is the internet, it doesn’t matter if we shoot our opponents a hundred times and hit every time. As long as they’ve hit us once, we’ve lost, because we’re so much more reliant on those systems. And because of that, we need to be focusing more on creating a more secure, more reliable, more robust, and more trusted internet, not one that’s weaker, not one that relies on this systemic model of exploiting every vulnerability, every threat out there. Every time somebody on the internet sort of glances at us sideways, we launch an attack at them. That’s not going to work out for us long term, and we have to get ahead of the problem if we’re going to succeed.
Bamford: Another thing that the public doesn’t really have any concept of, I think at this point, is how organized this whole Cyber Command is, and how aggressive it is. People don’t realize there’s a Cyber Army now, a Cyber Air Force, a Cyber Navy. And the fact that the models for some of these organizations like the Cyber Navy are things like we will dominate the cyberspace the same way we dominate the sea or the same way that we dominate land and the same way we dominate space. So it’s this whole idea of creating an enormous military just for cyber warfare, and then using this whole idea of we’re going to dominate cyberspace, just like it’s the navies of centuries ago dominating the seas.
Snowden: Right. The reason they say that they want to dominate cyberspace is because it’s politically incorrect to say you want to dominate the internet. Again, it’s sort of a branding effort to get them the support they need, because we the public don’t want to authorize the internet to become a battleground. We need to do everything we can as a society to keep that a neutral zone, to keep that an economic zone that can reflect our values, both politically, socially, and economically. The internet should be a force for freedom. The internet should not be a tool for war. And for us, the United States, a champion of freedom, to be funding and encouraging the subversion of a tool for good to be a tool used for destructive ends is, I think, contrary to the principles of us as a society.
Bamford: You had a question, Scott?
Producer: It was really just a question about (inaudible) vulnerabilities going beyond operating systems that we know of, (inaudible) and preserving those vulnerabilities, that that paradox extends over into critical infrastructure as well as—
Snowden: Let me just freestyle on that for a minute, then you can record the question part whenever you want. Something we have to remember is that everything about the internet is interconnected. All of our systems are not just common to us because of the network links between them, but because of the software packages, because of the hardware devices that comprise it. The same router that’s deployed in the United States is deployed in China. The same software package that controls the dam floodgates in the United States is the same as in Russia. The same hospital software is there in Syria and the United States.
So if we are promoting the development of exploits, of vulnerabilities, of insecurity in this critical infrastructure, and we’re not fixing it when we find it—when we find critical flaws, instead we put it on the shelf so we can use it the next time we want to launch an attack against some foreign country. We’re leaving ourselves at risk, and it’s going to lead to a point where the next time a power plant goes down, the next time a dam bursts, the next time the lights go off in a hospital, it’s going to be in America, not overseas.
Bamford: Along those lines, one of the things we’re focusing on in the program is the potential extent of cyber warfare. And we show a dam, for example, in Russia, where there was a major power plant under that. This was a facility that was three times larger than the Hoover Dam, and it exploded. One of the turbines, which weighed as much as two Boeing 747s, exploded 50 feet into the air and then crashed down and killed 75 people. And that was all because of what was originally thought was a cyber-attack, but turned out to be a mistaken piece of cyber that was sent to make this happen. It was accidental.
But the point is this is what can happen if somebody wants to deliberately do this, and I don’t think that’s what many people in the U.S. have a concept of, that this type of warfare can be that extensive. And if you could just give me some ideas along those lines of how devastating this can be, not just in knocking off a power grid, but knocking down an entire dam or an entire power plant.
Snowden: So I don’t actually want to get in the business of enumerating the list of the horrible of horribles, because I don’t want to hype the threat. I’ve said all these things about the dangers and what can go wrong, and you’re right that there are serious risks. But at the same time, it’s important to understand that this is not an existential threat. Nobody’s going to press a key on their keyboard and bring down the government. Nobody’s going to press a key on their keyboard and wipe a nation off the face of the earth.
We have faced threats from criminal groups, from terrorists, from spies throughout our history, and we have limited our responses. We haven’t resorted to total war every time we have a conflict around the world, because that restraint is what defines us. That restraint is what gives us the moral standing to lead the world. And if we go, there are cyber threats out there, this is a dangerous world, and we have to be safe, we have to be secure no matter the cost, we’ve lost that standing.
We have to be able to reject disproportionate and unjustified responses in the cyber domain just as we do in the physical domain. We reject techniques like torture regardless of whether they’re effective or ineffective because they are barbaric and harmful on a broad scale. It’s the same thing with cyber warfare. We should never be attacking hospitals. We should never be taking down power plants unless that is absolutely necessary to ensure our continued existence as a free people.
Bamford: That’s fine with me. If there’s anything that you think we didn’t cover or you want to put in there?
Snowden: I was thinking about two things. One is—I went a lot off on the politics here, and a lot of it was ramble-y, so I might try one more thing on that. The other one I was talking about the VFX thing for the cloud, how cyber-attacks happen.
Producer: So I just want sort of an outline of where you want to go to make sure we get that.
Bamford: Yeah, what kind of question you want me to ask.
Snowden: You wouldn’t even necessarily have to ask a question. It would just be—
Producer: (inaudible).
Snowden: Yeah. It would just be like a segment. I would say people ask how does a cyber-attack happen. People ask what does exploitation on the internet look like, and how do you find out where it came from. Most people nowadays are aware of what IP addresses are, and they know that you shouldn’t send an email from a computer that’s associated with you if you don’t want it to be tracked back to you. You don’t want to hack the power plant from your house if you don’t want them to follow the trail back and see your IP address.
But there are also what are called proxies, proxy servers on the internet, and this is very typical for hackers to use. They create what are called proxy chains where they gain access to a number of different systems around the world, sometimes by hacking these, and they use them as sort of relay boxes. So you’ve got the originator of an attack all the way over here on the other side of the planet in the big orb of the internet, just a giant constellation of network links all around. And then you’ve got their intended victim over here.
But instead of going directly from them to the victim in one straight path where this victim sees the originator, the attacker, was the person who sent the exploit to them, who attacked their system, you’ll see they do something where they zigzag through the internet. They go from proxy to proxy, from country to country around the world, and they use that last proxy, that last step in the chain, to launch the attack.
So while the attack could have actually come from Missouri, an investigator responding to the attack will think it came from the Central African Republic or from the Sudan or from Yemen or from Germany. And the only way to track that back is to hack each of those systems back through the chain or to use mass surveillance techniques to have basically a spy on each one of those links so you can follow the tunnel all the way home.
The more I think about it, the more I think that would be way too complicated to—
Producer: No, I was just watching your hands. That was just filling in the blanks.
Bamford: No, I was, too. That’ll be fine.
Producer: And it’s a good point of how you can automate responses and how you—
Bamford: Yeah, we can just drive in and draw in those zigzags.
Snowden: Right. I mean, yeah, the way I would see it is just sort of like stars, like a constellation of points. And you’ve got different colored paths going between them. And then you just highlight the originator and the victim. And they don’t have to be on the edges. They could even be in the center of the cloud somewhere. And then you have sort of a green line going straight between them, and it turns red when it hacks, but then you see the little police agency follow it back. And then so you put an X on it and you replace it with the zigzag line that’s green, and then it goes red when it attacks, to sort of call it the path.
Bamford: From Missouri to the Central African Republic.
Snowden: Yeah.
Producer: Are there any other visualizations that you can think of that maybe you see it as an image as opposed to a (multiple conversations; inaudible).
Snowden: I think one of the good ones to do—and you can do it pretty cheaply, even almost funny, like cartoon-like, and sort of like almost a Flash animation, like paper cutouts—would be to help people visualize the problem with the U.S. prioritizing offense over defense is you look at it—and I’ll give a voiceover here.
When you look at the problem of the U.S. prioritizing offense over defense, imagine you have two bank vaults, the United States bank vault and the Bank of China. But the U.S. bank vault is completely full. It goes all the way up to the sky. And the Chinese bank vault or the Russian bank vault of the African bank vault or whoever the adversary of the day is, theirs is only half full or a quarter full or a tenth full.
But the U.S. wants to get into their bank vault. So what they do is they build backdoors into every bank vault in the world. But the problem is their vault, the U.S. bank vault, has the same backdoor. So while we’re sneaking over to China and taking things out of their vault, they’re also sneaking over to the United States and taking things out of our vault. And the problem is, because our vault is full, we have so much more to lose. So in relative terms, we gain much less from breaking into the vaults of others than we do from having others break into our vaults. That’s why it’s much more important for us to be able to defend against foreign attacks than it is to be able to launch successful attacks against foreign adversaries.
You know, just something sort of symbolic and quick that people can instantly visualize.
Producer: The other thing I’d like to put to you, because we have to find somebody to do it, is how do you make a cyber-weapon? What is malware? What is that?
Snowden: When people are talking about malware, what they really mean is—when people are talking about malware, what they—
When people are talking about cyber weapons, digital weapons, what they really mean is a malicious program that’s used for a military purpose. A cyber weapon could be something as simple as an old virus from 1995 that just happens to still be effective if you use it for that purpose.
Custom developed digital weapons, cyber weapons nowadays typically chain together a number of zero-day exploits that are targeted against the specific site, the specific target that they want to hit. But it depends, this level of sophistication, on the budget and the quality of the actor who’s instigating the attack. If it’s a country that’s less poor or less sophisticated, it’ll be a less sophisticated attack.
But the bare bones tools for a cyber-attack are to identify a vulnerability in the system you want to gain access to or you want to subvert or you want to deny, destroy, or degrade, and then to exploit it, which means to send codes, deliver code to that system somehow, whether it’s locally in the physical realm or on the same network or remotely across the internet, across the global network, and get that code to that vulnerability, to that crack in their wall, jam it in there, and then have it execute.
The payload can then be the action, the instructions that you want to execute on that system, which typically, for the purposes of espionage, would be leaving an implant behind to listen in on what they’re doing, but could just as easily be something like the wiper virus that just deletes everything from the machines and turns them off. Really, it comes down to any instructions that you can think of that you would want to execute on that remote system.
Bamford: Along those lines, there’s one area that could really be visualized I think a lot better, and that’s the vulnerabilities. The way I’ve said it a few times but might be good if you thought about it is looking at a bank vault, and then there are these little cracks, and that enables somebody to get into the bank vault. So what the U.S. is doing is cataloguing all those little cracks instead of telling the bank how to correct those cracks. Problem is other people can find those same cracks.
Snowden: Other people can see the same cracks, yeah.
Bamford: And take the money from the bank, in which case the U.S. did a disservice to the customers of the bank, which is the public, by not telling the bank about the cracks in the first place.
Snowden: Yeah, that’s perfect. And another way to do it is not just cracks in the walls, but it could be other ways in. You can show a guy sort of peeking over the wall, you can see a guy tunneling underneath, you can see a guy going through the front door. All of those, in cyber terms, are vulnerabilities, because it’s not that you have to look for one hole of a specific type. It’s the whole paradigm. You look at the totality of their security situation, and you look for any opening by which you might subvert the intent of that system. And you just go from there. There’s a whole world of exploitation, but it goes beyond the depth of the general audience.
Producer: We can just put them all (multiple conversations; inaudible).
Bamford: Any others?
Snowden: One thing, yeah. There were a couple things I wanted to think about. One was man-in-the-middle, a type of attack you should illustrate. It’s routine hacking, but it’s related to CNE specifically, computer network exploitation. But I think in conflating in into cyber warfare helps people understand what it is.
A man-in-the-middle attack is where someone like the NSA, somebody who has access to the transmission medium that you use for communicating, actually subverts your communication. They intercept it, read it, and pass it on, or they intercept it, modify it, and pass it on.
You can imagine this as you put a letter in your mailbox for the postal carrier to pick up and then deliver, but you don’t know that the postal carrier actually took it to the person that you want until they confirm that it happened. The postal carrier could have replaced it with a different letter. They could have opened it. If it was a gift, they could have taken the gift out, things like that.
We have, over time, created global standards of behavior that mean mailmen don’t do that. They’re afraid of the penalties. They’re afraid of getting caught. And we as a society recognize that the value of having trusted means of communication, trusted mail, far outweighs any benefit that we might get from being able to freely tamper with mail. We need those same standards to apply to the internet. We need to be able to trust that when we send our emails through Verizon, that Verizon isn’t sharing with the NSA, that Verizon isn’t sharing them with the FBI or German intelligence or French intelligence or Russian intelligence or Chinese intelligence.
The internet has to be protected from this sort of intrusive monitoring or else the medium upon which we all rely for the basis of our economy and our normal life—everybody touches the internet nowadays—we’ll lose that, and it’s going to have broad effects as a consequence that we cannot predict.
Producer: Terrific. I think we ought to keep going and do like an interactive Edward Snowden kind of app.
Snowden: My lawyer would murder me.
Producer: No, you really—(inaudible) used to give classes.
Snowden: Yeah, I used to teach. It was on a much more specific level, which is why I keep having to dial back and think about it.
Producer: You’re a very clear speaker about it.
Snowden: Let me just one more time do the offense and defense and security thing. I think you guys already have enough to patch it together, but let me just try to freestyle on it.
The community of technical experts who really manage the internet, who built the internet and maintain it, are becoming increasingly concerned about the activities of agencies like the NSA or Cyber Command, because what we see is that defense is becoming less of a priority than offense. There are programs we’ve read about in the press over the last year, such as the NSA paying RSA $10 million to use an insecure encryption standard by default in their products. That’s making us more vulnerable not just to the snooping of our domestic agencies, but also foreign agencies.
We saw another program called Bullrun which subverted the—which subverts—it continues to subvert similar encryption standards that are used for the majority of e-commerce all over the world. You can’t go to your bank and trust that communication if those standards have been weakened, if those standards are vulnerable. And this is resulting in a paradigm where these agencies wield tremendous power over the internet at the price of making the rest of their nation incredibly vulnerable to the same kind of exploitative attacks, to the same sort of mechanisms of cyber-attack.
And that means while we may have a real advantage when it comes to eavesdropping on the military in Syria or trade negotiations over the price of shrimp in Indonesia—which is an actually real anecdote—or even monitoring the climate change conference, it means it results. It means we end up living in an America where we no longer have a National Security Agency. We have a national surveillance agency. And until we reform our laws and until we fix the excesses of these old policies that we inherited in the post-9/11 era, we’re not going to be able to put the security back in the NSA.
Bamford: That’s great. Just along those lines, from what you know about the project Bullrun and so forth, how secure do you think things like AES, DES, those things are, the advanced encryption standard?
Snowden: I don’t actually want to respond to that one on camera, and the answer is I actually don’t know. But yeah, so let’s leave that one.
Bamford: I mean, that would have been the idea to weaken it.
Snowden: Right. The idea would be to weaken it, but which standards? Like is it AES? Is it the other ones? DES was actually stronger than we thought it was at the time because the NSA had secretly manipulated the standard to make it stronger back in the day, which was weird, but that shows the difference in thinking between the ’80s and the ’90s. It was the S-boxes. That’s what it was called. The S-boxes was the modification made. And today, where they go, oh, this is too strong, let’s weaken it. The NSA was actually concerned back in the time of the crypto-wars with improving American security. Nowadays, we see that their priority is weakening our security, just so they have a better chance of keeping an eye on us.
Bamford: Right, well, I think that’s perfect. So why don’t we just do the—
Producer: Would you like some coffee? Something to drink?
Bamford: Yeah, we can get something from room service, if you like.
Snowden: I actually only drink water. That was one of the funniest things early on. Mike Hayden, former NSA CIA director, was—he did some sort of incendiary speech—
Bamford: Oh, I know what you’re going to say, yeah.
Snowden: —in like a church in D.C., and Barton Gellman was there. He was one of the reporters. It was funny because he was talking about how I was—everybody in Russia is miserable. Russia is a terrible place. And I’m going to end up miserable and I’m going to be a drunk and I’m never going to do anything. I don’t drink. I’ve never been drunk in my life. And they talk about Russia like it’s the worst place on earth. Russia’s great.
Bamford: Like Stalin is still in charge.
Snowden: Yeah, I know. It’s crazy.
Bamford: But you know what he was referring to, I think. You know what he was flashing back to was—and I’d be curious whether you’ve actually heard about this or not—
Snowden: Philby and Burgess and—
Bamford: Martin and Mitchel.
Snowden: I actually don’t remember the Martin and Mitchell case that well. I’m aware of the outlines of it.
Bamford: But you know what they did?
Snowden: No.
by seemslikeadream » Fri Feb 27, 2015 10:22 am
Official Reports on the Damage Caused by Edward Snowden's Leaks Are Totally Redacted
By Jason Leopold
February 25, 2015 | 11:30 am
Nearly two years after NSA contractor Edward Snowden leaked thousands of pages of documents about highly classified government surveillance programs to journalists, intelligence officials continue to claim that his disclosures have caused grave damage to national security.
"It has had a material impact on our ability to generate insights as to what terrorist groups around the world are doing," NSA Director Michael Rogers said of Snowden's leaks at a conference Monday. "Anyone who thinks this has not had an impact… doesn't know what they are talking about."
But neither Rogers nor any other US government official has supported their catastrophic assessments with specific details about the damage Snowden allegedly caused. They say doing so would erode relations between the US and its allies, and reveal details about the US government's intelligence collection activities, which remain classified.
In response to a Freedom of Information Act (FOIA) lawsuit, the Defense Intelligence Agency (DIA) recently released to VICE News more than 100 pages of internal reports prepared by a task force made up of two dozen DIA analysts that examined the alleged damage to national security resulting from Snowden's leaks.
But with the exception of some subheadings, the DIA redacted every page of its internal assessments.
Some of the DIA's redacted documents provided to VICE News in response to a FOIA lawsuit. (Additional documents below)
Those subheadings included "assessment," "talking points," "compromised information," "background" and "recommendations." The reports, drafted between September 2013 and April 2014, were used by the "leadership" of the Department of Defense (DOD) to "mitigate the harm caused to national security," according to a declaration signed by the head of DIA's FOIA office, Aleysia Williams.
"The Task Force is evaluating how the disclosure of certain classified information exposes Intelligence Community sources and methods," Williams said, noting that if the agency were forced to disclose any of the substantive information contained in the 112 documents that make up the reports, the results would be disastrous.
She added that the task force reports are "compartmentalized" and only accessible to task force members, who must sign a nondisclosure agreement and "agree to additional security in order to access the records for mission purposes." Williams' declaration was filed in US District Court in Washington, DC, where the government is arguing that VICE News's FOIA lawsuit seeking documents related to the Snowden damage should be dismissed.
The DIA, which provides military intelligence to the DOD, summarized the task force's work in a 39-page report dated December 18, 2013 and titled "DoD Information Review Task Force-2: Initial Assessment, Impacts Resulting from the Compromise of Classified Material by a Former NSA Contractor." I obtained a copy of the heavily redacted report last year, which concluded that "the scope of the compromised knowledge related to US intelligence capabilities is staggering."
But explicit details about the alleged damage Snowden caused, identified in the 39-page report as "grave," were omitted from that document as well. In fact, the existence of the DIA's report had been unknown until the White House secretly authorized the declassification of select portions of it so two Republican lawmakers could undercut the media narrative painting Snowden as a heroic whistleblower.
"This report confirms my greatest fears — Snowden's real acts of betrayal place America's military men and women at greater risk," House Intelligence Committee Chairman Mike Rogers (who shares the same name as the current NSA director) said in a statement in January 2014. "Snowden's actions are likely to have lethal consequences for our troops in the field."
Rogers did not provide evidence for his claims. But the message was clear: The Obama administration has authorized leaks of its own internal reports about Snowden for political purposes, but any attempts by journalists to dig deeper would constitute a national security threat. Gene Barlow, a spokesman for the National Counterintelligence and Security Center, told VICE News that any "open discussion of the specific damages could further compromise classified information, operations, and various sources and methods involved in intelligence activities — as well as educate our adversaries in the process."
"As the Director of National Intelligence has stated, terrorists and other adversaries of this country are going to school on US intelligence sources methods and trade craft, and the insights that they are gaining are making our job much, much harder," Barlow said.
The government's excessive secrecy extends to other Snowden-related documents as well. The DIA said it had identified 109 documents totaling 859 pages that "refer" to the 39-page damage assessment. Those documents may include, for example, emails in which officials discussed the report. DIA withheld every page, citing national security concerns and other allowed exemptions to FOIA requests.
Steve Aftergood, the director of the Project on Government Secrecy at the Federation of American Scientists, who reviewed the recent documents obtained by VICE News, said the DIA is taking a "broad interpretation of law and classification policy in order to withhold as much as it can."
"This might be a good legal tactic, but it is disappointing in every other respect," Aftergood said. "It is a missed opportunity for the agency to explain, at least in general terms, what sorts of damage it believes that Snowden did. It's hard to understand why DIA can't say as much, or more."
The DIA did, however, reveal some details about the nature of the task force reports and the documents Snowden leaked that extend beyond government surveillance programs. In a separate declaration, David Leatherwood, the DIA's director of operations, said the task force reports contain details about:
•Military plans, weapons systems, or operations
•Foreign government information, intelligence activities (including special activities), intelligence sources, or methods or cryptology
•Foreign relations or foreign activities of the United States, including confidential sources
•Scientific, technological, or economic matters relating to national security
•United States government program for safeguarding nuclear materials or facilities
•Vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans, or protection services relations to national security
•The development, production, or use of weapons of mass destruction
"The critical part of the task force's mandate was to figure out what harm was done to national security by the unlawful disclosure of this information," Leatherwood said. "To accomplish this goal, the reporting of the task force focuses entirely on identifying the magnitude of the harm. Much of that reporting, for very legitimate reasons, remains classified. The Department of Defense and the United States Intelligence Community must know what damage has been done before certain efforts to prevent future harm can be taken."
Leatherwood said DIA also classified references to newspaper articles about classified surveillance programs revealed by Snowden.
"Confirmation that these specific newspaper articles contain classified information through the release of these references under the FOIA would cause harm to national security by offering validation that the stolen information is classified," he said.
The government, in a 35-page motion asking a judge to dismiss the FOIA case, provides a breakdown of exactly how many task force documents relate to categories identified by Leatherwood. He said the task force reports are essentially guidelines that DOD and "affected agencies" use "to determine the level of harm caused and the order in which the various potential harms should be prioritized."
Read more from Primary Sources: The VICE News FOIA Blog.
On Monday, Snowden participated in a Reddit "Ask Me Anything" chat with the recipients of his leaks — journalists Glenn Greenwald and Laura Poitras (the evening before, she won an Academy Award for her documentary on Snowden). During the AMA, Snowden said that if he could have done anything differently, he would have "come forward sooner."
"Had I come forward a little sooner, these programs would have been a little less entrenched, and those abusing them would have felt a little less familiar with and accustomed to the exercise of those powers," he said.
by Searcher08 » Fri Feb 27, 2015 10:57 am
Snowden dismissed former CIA director Michael Hayden’s predictions that he would wind up a sad and miserable drunk in Russia. Snowden said he only drinks water and that the country was actually great. “Yeah, I know. It’s crazy,” he told interviewer James Bamford.
by seemslikeadream » Fri Feb 27, 2015 12:10 pm
Snowden: Spy Agencies ‘Screwed All of Us’ in Hacking Crypto Keys
BY KIM ZETTER 02.24.15 | 11:34 AM
NSA whistleblower Edward Snowden didn’t mince words during a Reddit Ask Me Anything session on Monday when he said the NSA and the British spy agency GCHQ had “screwed all of us” when it hacked into the Dutch firm Gemalto to steal cryptographic keys used in billions of mobile SIM cards worldwide.
“When the NSA and GCHQ compromised the security of potentially billions of phones (3g/4g encryption relies on the shared secret resident on the sim),” Snowden wrote in the AMA, “they not only screwed the manufacturer, they screwed all of us, because the only way to address the security compromise is to recall and replace every SIM sold by Gemalto.”
Gemalto is one of the leading makers of SIM cards used in billions of mobile phones around the world to secure the communications of telecom customers of AT&T, T-Mobile, Verizon, Sprint and more than 400 other wireless carriers in 85 countries. Stealing the crypto keys essentially allows the spy agencies to wiretap and decipher encrypted phone communications at will without the assistance of telecom carriers or the oversight of a court or government. The keys also allow the agencies to decrypt previously intercepted messages they hadn’t been able to crack.
But in stealing the keys with the aim of targeting the communications of specific customers, the spy agencies undermine the security of billions of other customers.
“Our governments … should never be weighing the equities in an intelligence gathering operation such that a temporary benefit to surveillance regarding a few key targets is seen as more desireable than protecting the communications of a global system…” Snowden wrote.
As The Intercept reported last week, the spy agencies targeted employees of the Dutch firm, reading their siphoned emails and scouring their Facebook posts to obtain information that would help the agencies hack the employees. Once on employee systems, the spy agencies planted backdoors and other tools to give them a persistent foothold on the company’s network. We “believe we have their entire network,” the author of a PowerPoint slide, leaked by Snowden to journalist Glenn Greenwald, boasted about the hack.
Snowden commented on the story after being asked what he thought about recent revelations from Kaspersky Lab that it had uncovered a spy module, believed to belong to the NSA, designed for hacking the firmware of hard drives. Snowden said the firmware hacking was “significant” but even more significant was the theft of the crypto keys.
“[A]lthough firmware exploitation is nasty,” Snowden responded, “it’s at least theoretically reparable: tools could plausibly be created to detect the bad firmware hashes and re-flash good ones. This isn’t the same for SIMs, which are flashed at the factory and never touched again.”
Julian Sanchez of the Cato Institute shared Snowden’s sentiments about the crypto theft.
“We hear a great deal lately about the value of information sharing in cybersecurity,” he wrote in a blog post about the hack of Gemalto. “Well, here’s a case where NSA had information that the technology American citizens and companies rely on to protect their communications was not only vulnerable, but had in fact been compromised….[T]his is one more demonstration that proposals to require telecommunications providers and device manufacturers to build law enforcement backdoors in their products are a terrible, terrible idea. As security experts have rightly insisted all along, requiring companies to keep a repository of keys to unlock those backdoors makes the key repository itself a prime target for the most sophisticated attackers—like NSA and GCHQ.”
by seemslikeadream » Wed Mar 04, 2015 2:28 am
Lawyer: Snowden ready to return to United States
By Eric Bradner, CNN
Updated 7:15 PM ET, Tue March 3, 2015
Washington (CNN)Edward Snowden's lawyer says he is ready to come home to the United States.
The former National Security Agency contractor's Russian lawyer said he's ready to leave the country that offered him political asylum in 2013 and return to the United States as long as he gets a fair trial.
"He is thinking about it. He has a desire to return and we are doing everything we can to make it happen," said Anatoly Kucherena, Snowden's lawyer, Agence-France Presse reported Tuesday.
Snowden has remained in Russia since he leaked thousands of classified documents to media outlets that he obtained while working for the consulting firm Booz Allen Hamilton.
"We're certainly happy for him to return to the United States to face a court in the very serious charges" he faces, State Department spokeswoman Marie Harf said Tuesday.
"So he absolutely can and should return to the United States to face the justice system that will be fair in its judgment of him," she said. "But he is accused of very serious crimes and should return home to face them."
Kucherena said Snowden has so far received a guarantee from Attorney General Eric Holder that he will not face the death penalty -- but that Snowden also wants a guarantee of a "legal and impartial trial."
Such a trial, Snowden's legal advisers have said, would mean he wouldn't face charges under the Espionage Act, a World War I-era law that was used to charge Pentagon Papers whistleblower Daniel Ellsberg.
Snowden's lawyer said he's allowed to travel outside Russia now under a three-year Russian residency permit, but that he believes Snowden would be taken immediately to a U.S. embassy as soon as he leaves the country.
"With a group of lawyers from other countries, we are working on the question of his return to America," Kucherena said.
by RocketMan » Wed Mar 04, 2015 4:26 am
by seemslikeadream » Wed Mar 04, 2015 4:40 pm
THE “SNOWDEN IS READY TO COME HOME!” STORY: A CASE STUDY IN TYPICAL MEDIA DECEIT
BY GLENN GREENWALD @ggreenwald TODAY AT 12:30 PM
Most sentient people rationally accept that the U.S. media routinely disseminates misleading stories and outright falsehoods in the most authoritative tones. But it’s nonetheless valuable to examine particularly egregious case studies to see how that works. In that spirit, let’s take yesterday’s numerous, breathless reports trumpeting the “BREAKING” news that “Edward Snowden now wants to come home!” and is “now negotiating the terms of his return!”
Ever since Snowden revealed himself to the public 20 months ago, he has repeatedly said the same exact thing when asked about his returning to the U.S.: I would love to come home, and would do so if I could get a fair trial, but right now, I can’t.
His primary rationale for this argument has long been that under the Espionage Act, the 1917 statute under which he has been charged, he would be barred by U.S. courts from even raising his key defense: that the information he revealed to journalists should never have been concealed in the first place and he was thus justified in disclosing it to journalists. In other words, when U.S. political and media figures say Snowden should “man up,” come home and argue to a court that he did nothing wrong, they are deceiving the public, since they have made certain that whistleblowers charged with “espionage” are legally barred from even raising that defense.
Snowden has also pointed out that legal protections for whistleblowers are explicitly inapplicable to those, like him, who are employed by private contractors (rendering President Obama’s argument about why Snowden should “come home” entirely false). One month after Snowden was revealed, Daniel Ellsberg wrote an Op-Ed in the Washington Post arguing that Snowden did the right thing in leaving the U.S. because he would not be treated fairly, and argued Snowden should not return until he is guaranteed a fully fair trial.
Snowden has said all of this over and over. In June 2013, when I asked him during the online Guardian chat why he left the U.S. for Hong Kong, he said: “the US Government, just as they did with other whistleblowers, immediately and predictably destroyed any possibility of a fair trial at home . . . That’s not justice, and it would be foolish to volunteer yourself to it if you can do more good outside of prison than in it.” In January 2014, AP reported about a new online chat Snowden gave: “Snowden said returning would be the best resolution. But Snowden said he can’t return because he wouldn’t be allowed to argue at trial that he acted in the public interest when he revealed the National Security Agency’s mass surveillance programs.” In that chat, he said: “Returning to the US, I think, is the best resolution for the government, the public, and myself.”
In his May 2014 interview with NBC News’ Brian Williams, Snowden said: “I don’t think there’s ever been any question that I’d like to go home.” That led to headlines like this one from CBS News — on May 29, 2014, more than nine months ago:
For many months, it has also been repeatedly reported there have been negotiations between the DOJ and Snowden’s lawyers for the terms of his return, though those negotiations have gone nowhere. In April 2014, the New York Times reported that Snowden “retained a well known Washington defense lawyer last summer in hopes of reaching a plea deal with federal prosecutors that would allow him to return to the United States and spare him significant prison time.” In June 2014, Bill Gertz reported that “Federal prosecutors recently held discussions with representatives of renegade National Security Agency (NSA) contractor Edward Snowden on a possible deal involving his return to the United States.”
Snowden’s U.S. lawyers have repeatedly said the same thing. In April 2014, New York magazine — under the headline “Snowden Hired Lawyer to Negotiate a Plea Deal” — reported:
Government officials said negotiations with Snowden’s lawyers remained at an early stage, and it doesn’t appear that there’s any deal on the horizon. However, Ben Wizner, an American Civil Liberties Union lawyer who represents Snowden, said he is still “interested in returning home” from Moscow, where he has temporary asylum. Wizner continued:
“He is and always has been on America’s side. He would cooperate in extraordinary ways in the right circumstances. But he does not believe that the ‘felon’ label is the right word for someone whose act of conscience has revitalized democratic oversight of the intelligence community and is leading to historic reforms.”
Yesterday, in Moscow, Snowden’s Russian lawyer Anatoly Kucherena held a press conference to promote his new book, was asked about Snowden’s case, and said exactly what has been known for almost two years: “He has a desire to go back, and we are doing everything possible to make that happen.” Kucherena added that lawyers in various countries have been working on Snowden’s behalf to negotiate terms for a fair trial.
Various media outlets then took these redundant, anodyne comments and distorted them into some brand new BREAKING!! event — as though Snowden suddenly decided for the first time he wants to Come Home — and then proceeded to extract from this fake narrative a series of utterly misleading, false and propagandistic claims about Snowden, Russia and the NSA. The first instance I saw of this was yesterday morning, from Politico’s digital editorial director Blake Hounshell, looking as always to generate Politico clicks by hyping empty garbage:
That was retweeted by dozens of journalists and others, treating it like some sort of new confession on Snowden’s part that he’s suddenly “ready to return” home. Over and over, print and television media outlets then spent the rest of the day screeching that Snowden has now decided he wants to come home!!! “Snowden Seeks to Return Home,” proclaimed the headline of the New York Times, while the article strongly suggested this was a new desire created by life in Moscow: Snowden “would like to return to the U.S. after nearly two years of exile in Russia.” The NSA-allied website Lawfare cited the article to claim: “Edward Snowden wants to come home.” ABC pronounced: “NSA Leaker Edward Snowden Wants to Return Home.” Reuters: “Fugitive ex-NSA contractor Snowden seeks to come home: lawyer.” And on and on and on.
Countless cable shows similarly treated this like some sort of breaking, revealing news about Snowden’s life in Russia and his desperation to return to the Land of the Free — all based on things that happened over and over during the last 20 months. The most hilariously inane was this CNN discussion of “BREAKING NOW” news hosted by Wolf Blitzer, involving his know-nothing panelists: CNN “counter-terrorism analyst” (i.e., former CIA counter-terrorism official) Phillip Mudd, the Washington Post’s David Ignatius, and Newt Gingrich, all of whom put on their Serious Expert Faces to spout utter idiocy. Let’s look at some of what they said:
Mudd: “I don’t understand why someone who is one of the most remarkable leakers we’ve ever seen gets to flee overseas, and then talk to the Department of Justice about what he wants for his trial. Come home, son, and spend your 30 years in jail. He’s cooked.”
CNN’s “expert” is apparently unaware that the DOJ very frequently — almost always, in fact — negotiates with people charged with very serious felonies over plea agreements. He’s also apparently unaware of this thing called “asylum,” which the U.S. routinely grants to people charged by other countries with crimes on the ground that they’d be persecuted with imprisonment if they returned home.
Also, with this prevailing mentality being spewed by former government officials and current news network “experts” — “come home, son, and spend your 30 years in jail. He’s cooked” — does anyone have difficulty seeing why Snowden believes he would not get a fair trial?
Ignatius: “It must be very difficult to be Edward Snowden, living in the Moscow of Vladimir Putin, at a time when Putin’s opposition is being murdered in the streets, so I can’t help but think that Snowden wants out, and the fact that he’s willing to negotiate, which he said before he wouldn’t do, is interesting.”
It’s hard to overstate how false and misleading this is. Snowden had never said he wouldn’t negotiate for his return; as I’ve demonstrated, he’s been negotiating this through his lawyers informally for a long time, and his position has always been the same: he’d like to return home if he could be assured a fair trial. David Ignatitus just made all of this up, all based on this fake news item that Snowden has had some sort of sudden change of heart.
Then there’s the bit about living in the Russia “of Vladimir Putin.” For more than 60 years, U.S. elites have been eager to tell Americans that anyone living in Russia is inherently miserable. That’s particularly true of Western dissidents: the apocryphal stories of British defector Kim Philby being destroyed by a dark, lonely, miserable existence that culminated in his drinking himself to death are often invoked to suggest that a similar fate awaits Snowden (who doesn’t drink, who lives with his longtime girlfriend, who is regarded as a hero by millions and millions of people around the world, who receives awards and prestigious appointments, and who is incredibly gratified and fulfilled both by what he did and his current life).
That’s all Ignatius is up to with these claims, all based on the obvious media-created fiction that Snowden has suddenly realized how desperate he is to leave Russia. Again, this entire conversation — like the whole media blitz yesterday about this story — is all based on utter fiction.
This “everyone-in-Russia-is-miserable” line has been a staple of U.S propaganda since the end of World War II, and remarkably, nothing has changed. Indeed, the climate created by our New Cold Warriors is, in some respects, even more desperate than the “he’s-a-Soviet-shill” tactics pioneered in the 1950s (yesterday, BuzzFeed investigated a journalist for the Thought Crime of writing articles which BuzzFeed’s blogger Miriam Elder deemed to be “pro-Russia,” and thus smeared him with evidence-free innuendo as a likely paid Kremlin agent). Yes, many political rights are severely abridged in Russia, but there are over 140 million people living in Russia and some of them are fulfilled human beings living fulfilled human lives (BREAKING!) while there is substantial human misery in the U.S. as well.
Snowden did not choose to live in Russia. He was forced to remain there when trying to leave because the U.S. government revoked his passport and bullied the Cubans out of offering him safe passage on his way to Latin America. But whether jingoists like David Ignatius can comprehend this or not, Snowden (as most people would) actually considers living in Moscow with his girlfriend and freely participating in the vital global debate he provoked to be preferable to withering in a cage inside the repressive U.S. penal state.
Blitzer: “What do you think, Mr. Speaker? He could spend the rest of his life in Moscow — it might be chilly there in the winter — but it’s better, presumably, than jail?”
I can’t overstate how many times I’ve heard people say that Snowden must be miserable in Moscow because of how cold it gets in the winter. Leave aside the bizarre view that climate is the greatest factor in determining how happy and fulfilled someone’s life is, and further leave aside the notion that all 140 million Russians must have a horrible life because it’s cold during the winter. There are other places — such as Canada, North Dakota, Sweden, Boston — that are also extremely cold; do people believe that residents there are, as a result of the weather, inherently doomed to horrible lives?
Gingrich: “I think if we can find a way to get him home, get the rest of the documents that he has not leaked . . . it’s worth doing, but I think he’d have to serve jail time, and it’d probably be fairly lengthy. I don’t think the country would tolerate this level of betrayal, not having some very significant jail time —
Blitzer: “You say lengthy. What do you think?
Gingrich: “I’m not an expert in this, but I’d say more than 10 years.”
Where to start? First, Gingrich’s belief that it’s possible to “get the rest of the documents that he has not leaked” is simply adorable. Second, Gingrich is a fascinating choice for CNN to have pontificate on proper punishments given that he is the first House Speaker to ever be punished for ethics violations, for which he was fined $300,000. Third, David Petraeus was just allowed to plead guilty for leaking extremely sensitive secrets — not out of a whistleblowing desire to inform the public but simply to satisfy his mistress — and will almost certainly spend no time in jail; Gingrich, Blitzer, Ignatius and friends would never dare suggest that the General should go to prison (just as DC’s stern law-and-order advocates who demand Snowden’s imprisonment would never dare suggest the same for James Clapper for having lied to Congress).
Most important, if you were Snowden, and you constantly heard U.S. political and media elites consigning you to prison for a decade or longer before your trial started, would you remotely believe assurances that you’d get a fair trial? What rational person would ever willingly submit themselves to a penal state that imprisons more of its citizens than any other in the world, run by people with this mentality?
And when you examine case studies like this of what U.S. media is not just capable of doing but eager to do — concoct a completely false narrative based on fictitious events and then proceed to spend a full day drawing all sorts of self-serving and propagandistic lessons from it — why would anyone regard what comes spewing forth from them with anything other than extreme suspicion and contempt?
by seemslikeadream » Thu Mar 26, 2015 10:38 am
Bring Snowden Home? European Panel Says It’s Time
March 25, 2015 by Klaus Marre
European patience with the Obama administration’s treatment of Edward Snowden is wearing thin. But is Europe ready to defy Washington over this issue?
Snowden, a former contract employee for the National Security Agency (NSA), leaked thousands of classified documents in 2013. Among other revelations, these showed that the NSA, in concert with other nations’ intelligence services, was conducting global surveillance programs on a hitherto unimagined scale.
Charged with espionage and theft of government property by the U.S. Department of Justice, Snowden applied for asylum in 21 countries, including France and Germany. The only country that agreed to harbor him was Russia, where he is now living in an undisclosed location, presumably in Moscow.
Now, a European intergovernmental body, the Committee on Legal Affairs and Human Rights of the Parliamentary Assembly of the Council of Europe (PACE), has drafted a resolution aimed at pressuring Washington to allow Snowden to return home under the shield of whistleblower protection laws.
Snowden Actions “In the Public Interest”
The resolution calls on the US to ensure that Snowden be allowed to argue in court that any harm caused by his disclosures was outweighed by their contribution to the “public interest.” During its deliberations, the committee heard from Snowden himself via a video link.
The PACE committee also recommends that its 47 member states grant asylum to whistleblowers—even national security and intelligence community employees—who face retaliation at home for actions they took in defense of the public interest.
But PACE resolutions are only advisory. Whether European leaders are actually willing to go up against Washington on this issue remains in doubt.
Last week, Glenn Greenwald – the journalist who first broke the news of Snowden’s revelations – reported that the United States threatened to withhold intelligence information from its ally Germany if that nation were to grant Snowden asylum.
“They told us they would stop notifying us of plots and other intelligence matters,” German Vice Chancellor Sigmar Gabriel said. This would mean that the U.S. would not inform Germany about an impending terror attack that might put large numbers of Germans at risk.
The US has rejected assertions that it threatened Germany, according to a report in the German “Welt,” saying that it had merely told its international partners in private what it also said in public. The US has been adamant that it does not want European countries to grant Snowden asylum, which is something some European lawmakers have called for.
The PACE committee’s draft resolution will be discussed during the parent organization’s summer session in Strasbourg in June.
Meantime, Germany’s opposition Green Party has submitted an official inquiry and asked the Chancellor’s office whether the US had ever threatened Germany with withholding information on intelligence matters.
by Nordic » Wed Apr 01, 2015 7:34 am
Unanswered questions for ex-CIA officer Edward Snowden
by Jon Rappoport
March 18, 2015
NoMoreFakeNews.com
Now that the documentary, Citizen Four, has been released, and now that it has won an Oscar, it’s time to revisit unanswered questions, which I raised soon after Snowden’s identity was revealed to the world. (Spygate archive here)
This is not an article about the value of the documents Edward Snowden took from the NSA. I leave those judgments to others.
This article is about Snowden himself and his back-story.
So far, I see no reporter who has directly asked Snowden even faintly challenging questions about his background.
I find that quite odd. And the number of people who don’t find it odd makes the situation even odder.
If a man came to me, stating he was an ex-CIA officer who had taken a huge cache of vital documents from the other major spying agency in the US, the NSA, I would want to know a great deal about him.
I wouldn’t care that he was an engaging young man who appeared to be committing a heroic act on behalf of freedom. I wouldn’t care, because I know that people who work for intelligence agencies are prepared to lie. They are trained to lie. They believe in lying. This is basic knowledge that any reasonable reporter would have.
Yet, in Snowden’s case, an exception has been made. Why?
As soon as you see a photo of Snowden for the first time, you realize he’s the perfect image of the techie’s counter-spy: young, thin, bespectacled, “vulnerable.”
You have to wonder: if he’d been 60, balding, fat, with a constant sheen of nervous perspiration on his chubby cheeks, would he have grabbed so much positive attention from the get-go? Would reporters have refrained from grilling him about his back-story?
Within a day of Snowden’s identity being revealed, details of that story appeared in the press.
Upon reading the story, a number of questions sprang to mind. To my knowledge, none of them have been satisfactorily answered, or even posed by journalists who have had direct access to Snowden.
Why do potential or possible holes in Snowden’s back-story matter? Because holes always matter. They can lead to unexpected discoveries; they can reveal that a person is more than he says he is, different than he says he is.
In 2003, at age 19, without a high school diploma, Snowden enlists in the Army. He begins a training program to join the Special Forces. The sequence here is fuzzy. At what point after enlistment can a new soldier start this training program? Does he need to demonstrate some exceptional ability before Special Forces puts him in that program?
Snowden breaks both legs in a training exercise. He’s discharged from the Army. Is that automatic? How about healing and then resuming Army service?
If Snowden was accepted in the Special Forces training program because he had special computer skills, then why discharge him simply because he broke both legs?
Circa 2003 (?), Snowden gets a job as a security guard for an NSA facility at the University of Maryland. He specifically wanted to work for NSA? It was just a generic job opening he found out about?
Also in 2003 (?), Snowden shifts jobs. He’s now in the CIA, in IT. He has no high school diploma. He’s a young computer genius?
What kind of work does he do for the CIA until, in 2007…
He is sent to Geneva. He’s only 23 years old. The CIA gives him diplomatic cover there. Diplomatic cover is serious status. Snowden is put in charge of maintaining computer-network security. A major job. Obviously, he has access to a wide range of classified documents. Sound a little odd? He’s just a kid. Maybe he has his GED by now. Otherwise, he still doesn’t have a high school diploma.
Snowden reportedly says that during this period, in Geneva, one of the incidents that really sours him on the CIA is the “turning of a Swiss banker.” One night, CIA guys get a banker drunk, encourage him to drive home, the banker gets busted, the CIA guys help him out of that jam, and then with that bond formed, they eventually get the banker to reveal deep banking secrets to the Agency.
Snowden is this naïve? He doesn’t know by now that the CIA does this sort of thing all the time? He’s shocked? He “didn’t sign up for this?”
Furthermore, if this banker story is true, and if Snowden is the source for it, why did he reveal it? All sorts of people should be able to do a little digging and figure out who the Swiss banker is—thus blowing the banker’s cover and exposing him. Was that Snowden’s intention?
In 2009, Snowden leaves the CIA.
It should noted here that Snowden claimed he could do very heavy damage to the entire US intelligence community in 2008, but decided to wait because he thought Obama, just coming into the Presidency, might make good changes.
After two years with the CIA in Geneva, Snowden really had the capability to “take down most of the US intelligence network,” or a major chunk of it? He had that much access to classified data?
Snowden goes on to work for two private defense contractors, Dell and Booze Allen Hamilton. In this latter job, Snowden is assigned to work at the NSA.
He’s an outsider, but he claims to have access to so much sensitive NSA data that he can take down the whole US intelligence network in a single day. Really?
How many people work in highly classified jobs for the NSA? Here is one man, Snowden, who is working for Booz Allen, an outside NSA contractor, and he can get access to, and copy, documents that expose the spying collaboration between NSA and the biggest tech companies in the world—and he can get away with it.
If so, then NSA is a sieve leaking out of all holes. Because that means a whole lot of other, higher-level NSA employees can likewise steal these documents. Many, many other people can copy them and take them. Are we to believe this?
“Let’s see. Who’s coming to work for us here at NSA today? Oh, new whiz kid. Ed Snowden. Outside contractor. Twenty-nine years old. No high school diploma. Has a GED. He worked for the CIA and quit. Hmm. The CIA. They don’t like us and we don’t like them. Why did Snowden quit the CIA? Oh, never mind, who cares? No problem.
“Tell you what. Let’s give this kid access to our most sensitive data. Sure. Why not? Everything. Let Snowden see it all. Sure. What the hell. I’m feeling charitable. He seems like a nice kid.”
Sometimes cognitive dissonance, which used to be called contradiction, rings a gong so loud it knocks you off your chair.
Let’s see. NSA is the most awesome spying agency ever devised in this world. If you cross the street in Podunk, Anywhere, USA, to buy an ice cream soda, on a Tuesday afternoon in July, they can know.
They know if you sit at the counter and drink that soda or take it and move to the only table in the store. They know if you lick the foam from the top of the glass with your tongue or pick the foam with your straw and then lick it.
But this agency, with all its vast power and its dollars…with the brightest, sharpest minds in the business…
Can’t protect its own data from outright theft. Can’t lock up its own store. They overlooked their own security systems. Never set them up right in the first place. Forgot to.
And they can’t track one of their own, a man who came to work every day, a man who made up a story about needing treatment in Hong Kong for epilepsy and then skipped the country.
Just can’t find him.
Can’t find him in Hong Kong, where he does a sit-down video interview with Glenn Greenwald and Poitras and MacAskill. Can’t track the reporters to Snowden’s hotel.
Can’t find that place where Snowden’s staying.
No. Can’t find him or spy on his communications while he’s in Hong Kong. Can’t figure out he’s booked a flight to Russia.
Can’t intercept him at the airport before he leaves for Russia. Too difficult.
And this man, this employee, is walking around with three or four laptops that contain the keys to all the secret spying knowledge in the known cosmos.
Can’t locate those laptops. The most brilliant technical minds of this or any other generation can find a computer in Outer Mongolia in the middle of a blizzard, but these walking-around computers in Hong Kong are somehow beyond reach.
And before this man, Snowden, this employee, skipped Hawaii, he was able to access the layout of entire US intelligence networks. Yes. He was able to use a thumb drive.
He walked into work with a thumb drive, plugged in, and stole…everything. He stole enough to “take down the entire US intelligence network in a single afternoon.”
Not only that, but anyone who worked at this super-agency as a systems-analyst supervisor, or higher, could have done the same thing. Could have stolen the keys to the kingdom.
This is why NSA geniuses with IQs over 180 decided, in the midst of the Snowden affair, that they needed to draft “tighter rules and procedures” for their employees. Right.
A few thousand pieces of internal security they hadn’t realized they needed before would be put in place.
This is, let me remind you again, the most secretive spying agency in the world. The richest spying agency. The smartest spying agency.
But somehow, over the years, they’d overlooked their own security. They’d left lots of doors open.
But now, yes now, having been made aware of this vulnerability, the Agency would make corrections.
Sure.
Should we believe the NSA is this weak and bumbling, when it comes to protecting its data, when it comes to tracking down one of its own who has stolen the farm? Or should we entertain the possibility that Snowden didn’t really steal all that information himself? Did someone at the CIA give it to him? Was this a long-term CIA op?
Yes, strange possibilities. But the world of intelligence is strange. It’s designed that way.
power outside the matrix
May 20, 2013: Snowden arrives in Hong Kong from Hawaii. He’s just taken medical leave from the NSA. This is not troubling to his employer, despite the fact that, as AFP reports, Snowden worked briefly at the US Embassy in New Delhi (2010) and abruptly left India, citing medical problems on that occasion as well.
Both times, Snowden didn’t seek medical help in the country in which he was employed.
June 1, 2013: Three reporters connected with The Guardian—Glenn Greenwald, Ewen MacAskill, and Laura Poitras—fly from New York to Hong Kong, and begin their week-long interview of Snowden. If this raises red flags, it doesn’t lead to intercepting Snowden.
June 5, 2013: The Guardian publishes its first article containing NSA leaks. The next three days see more NSA revelations, but there is no mention of Snowden.
June 9: The Guardian goes public about Snowden for the first time. According to Reuters, the NSA started an “urgent search” for Snowden several days before June 9—perhaps as early as June 1.
June 10: Snowden checks out of his hotel, but remains in Hong Kong. The US intelligence apparatus still can’t find him.
June 12: The South China Post publishes an interview with Snowden, who says he’ll stay in Hong Kong until he’s told he has to go. The NSA still can’t find him.
June 14: The UK Home Office orders airlines to deny passage to Snowden, if he tries to come to the UK.
June 20, 21: The Guardian publishes more top-secret documents from the Snowden cache.
June 23: Free and unencumbered, Snowden flies to Moscow with Wikileaks’ Sarah Harrison.
During this entire period (May 20-June23), the NSA, and other agencies of the US government, have been unable to locate Snowden?
They’ve been unable to get hold of, or disable, his famous four laptops, which presumably contain all the documents he took from the NSA. Instead, Snowden transfers the documents to Greenwald and Poitras in Hong Kong, hides out successfully, and makes his flight to Moscow.
In past articles, based on all these questions and oddities and paradoxes, I’ve spelled out alternative scenarios about who Snowden might be, and what’s really going on here. For this piece, in the wake of Citizen Four, I just want to refresh the questions, the unanswered questions about Snowden and the NSA.
And point out that no reporters who have had direct access to Snowden have pressed these questions.
He’s been given a free pass.
“Well, why should we wrangle with Snowden? He handed us the documents? Why should we look a gift horse in the mouth?”
Because in the spying game, things are not what they seem. In the spying game, ops are layered. They have multiple purposes. Cover stories. These ops conceal their bottom lines.
Snowden worked for the CIA. He was a spy. And at certain levels, the CIA and the NSA hate each other. They compete for federal money, for status, for prestige.
The NSA doesn’t just spy on private citizens. The NSA spies on politicians and bankers and corporate CEOs, and those people know it and they don’t like it, and they want to relieve themselves of that burden and that threat. They want to curb the power of the NSA as it applies to them.
They would welcome, as perhaps the CIA would, putting a crimp in NSA’s spying capabilities, limiting those capabilities in some way, at least giving NSA pause for thought about risking further exposure beyond Snowden’s disclosures.
For these and other reasons, the back-story of Edward Snowden is more than an academic pursuit, and the unanswered questions are of more than passing interest.
Educated privacy advocates who spend a great of their time commenting on security issues may not want to disturb the image of Snowden; and they certainly don’t want to be called conspiracy nuts re their view of who Snowden might be; but reporters shouldn’t care about that. Reporters should vet their sources as thoroughly as possible.
That’s SOP. Only this time, from all available information, it didn’t happen. It didn’t happen when Greenwald, Poitras, and MacAskill met Snowden. It didn’t happen after Snowden gave them his cache of NSA data. And it isn’t happening now.
Users browsing this forum: No registered users and 46 guests
Powered by phpBB® Forum Software © phpBB Group
Site design by Likely Arts based on "Deluxe" by Artodia.