Эдвард Сноуден - Permanent Record (Young Readers Edition) - How One Man Exposed the Truth about Government Spying and Digital Security

The party I’m recalling took place on a warm night on the outside terrace of an upscale café. I took my plate and sat down at a table next to a well-dressed Middle Eastern man. He seemed lonely and totally exasperated that no one seemed interested in him, so I asked him about himself. That’s the usual technique: just be curious and let them talk. In this case, the man did so much talking that it was like I wasn’t even there. He was Saudi and told me about how much he loved Geneva. With a touch of a conspiratorial tone, he then said that he worked in private wealth management and mentioned his clients.

“Your clients?” I asked.

That’s when he said, “Most of my work is on Saudi accounts.”

After a few minutes, I excused myself to go to the bathroom, and on the way there I leaned over to tell the CO what I’d learned. I passed along this information because Saudi Arabia was suspected of financing terrorism. After an intentionally long interval “fixing my hair,” or texting Lindsay in front of the bathroom mirror, I returned to find the CO sitting in my chair. I waved to my new Saudi friend before sitting down at a different table. My job identifying an asset was done.

The next day, the CO, whom I’ll call Cal, heaped me with praise and thanked me effusively. COs are promoted or passed over based primarily on how effective they are at recruiting assets with access to information on matters substantial enough to be formally reported back to headquarters.

Despite Cal’s regular meetings with the banker, the banker wasn’t warming up to him—and Cal was getting impatient. After a month of failures, Cal was so frustrated that he took the banker out and intentionally got him drunk. Then he pressured the guy to drive home drunk instead of taking a cab. Before the guy had even left the last bar of the night, Cal called the Geneva police, who not fifteen minutes later arrested the banker for driving under the influence. The banker faced an enormous fine. When the fine was levied, and his “friend” couldn’t afford to pay, Cal was ready with a loan. Suddenly the banker had become dependent on him, the dream of every CO.

In the end, though, when the CO finally made the pitch to the banker to become an asset, the man turned him down. He cut off all contact and returned to Saudi Arabia. The CO was rotated back to the States. It was a waste, which I myself had put in motion and then was powerless to stop. After that experience, the prioritizing of SIGINT over HUMINT made all the more sense to me.

In the summer of 2008, the city had its annual giant carnival that culminates in fireworks. I remember sitting with the local personnel of the Special Collection Service, a joint CIA-NSA program responsible for installing and operating surveillance equipment that allows US embassies to spy on foreign signals. The work these guys did was way beyond my abilities, and they had access to NSA tools that I didn’t even know existed. Still, we were friendly: I looked up to them, and they looked out for me.

As the fireworks exploded overhead, I was talking about the banker’s case, lamenting the disaster it had been. One of the guys turned to me and said, “Next time you meet someone, Ed, don’t bother with the COs—just give us his email address, and we’ll take care of it.” At the time I barely had a clue of the full implications of what that comment meant.

The internet is fundamentally American, but I had to leave America to fully understand what that meant. Over 90 percent of the world’s internet traffic passes through technologies developed, owned, and/or operated by the American government and American businesses.

Though some of these companies might manufacture their devices in, say, China, the companies themselves are American and are subject to American law. They’re also subject to classified American policies that permit the US government to surveil virtually every man, woman, and child who has ever touched a computer or picked up a phone.

It should have been obvious that the US government would engage in this type of mass surveillance. It should have been especially obvious to me. Yet it wasn’t—mostly because the government kept insisting that it did nothing of the sort. All of us were too trusting. But I didn’t know that until some time after I moved to Japan in 2009 to work for the NSA.

It was a dream job, not only because it was with the most advanced intelligence agency on the planet, but also because it was based in Japan, a place that had always fascinated Lindsay and me. It felt like a country from the future. Mine was officially a contractor position, and it’s ironic that only by going private again was I put in a position to understand what my government was doing.

The NSA’s Pacific Technical Center (PTC) occupied one half of a building inside the enormous Yokota Air Base. As the headquarters of US Forces Japan, the base was surrounded by high walls, steel gates, and guarded checkpoints. Yokota and the PTC were just a short bike ride from where Lindsay and I got an apartment in Fussa, a city at the western edge of Tokyo.

My official job title was systems analyst, with responsibility for maintaining the local NSA systems. Much of my initial work was that of a systems administrator, though, helping to connect the NSA’s systems with the CIA’s.

Two things about the NSA stunned me right off the bat: how technologically sophisticated it was compared with the CIA, and how much less vigilant it was about security.

It was rather disconcerting to find out that the NSA was so far ahead of the game in terms of cyberintelligence, yet so far behind it in terms of cybersecurity. My chiefs at the PTC understood the risks, so they tasked me with engineering a solution. The result was a backup and storage system: a complete, automated, and constantly updating copy of all of the agency’s most important material. It allowed the agency to store intelligence data for progressively longer periods of time. The goal quickly went from being able to store intelligence for days, to weeks, to months, to five years or more. The agency’s ultimate dream is permanency—to store all of the files it has ever collected or produced forever, and so create a perfect memory. The permanent record.

The NSA has a whole protocol you’re supposed to follow when you give a program a code name. An internal website throws imaginary dice to pick one name from column A, and throws again to pick one name from column B. This is how you end up with names that don’t mean anything, like FOXACID and EGOTISTICALGIRAFFE. But agents at the NSA would often cheat and redo their dice throws until they got the name combination they wanted, whatever they thought was cool: TRAFFICTHIEF, the VPN Attack Orchestrator.

I swear I never did that when I went about finding a name for my backup system. I swear that I just rolled the bones and came up with EPICSHELTER. Later, once the agency adopted the system, they renamed it something like the Storage Modernization Plan or Storage Modernization Program.

In the midst of my EPICSHELTER work, the PTC hosted a conference on China, and I was asked to make a presentation. To prepare, I started pulling everything off the NSA network (and off the CIA network, to which I still had access), trying to read every top secret report I could find about what the Chinese were doing online.

What I read were the technical details of China’s surveillance of private communications—an accounting of the mechanisms and machinery required for the constant collection, storage, and analysis of the billions of daily telephone and internet communications of over a billion people. Essentially, China was spying on the private lives of its own citizens. At first I was so impressed by the system’s achievement that I almost forgot to be appalled by its totalitarian controls.