Эдвард Сноуден - Permanent Record (Young Readers Edition) - How One Man Exposed the Truth about Government Spying and Digital Security

But there were certain aspects of what I was reading that disturbed me. I was reminded that if something can be done, it probably will be done, and possibly already has been. There was simply no way for America to have so much information about what the Chinese were doing without having done some of the very same things itself. What China was doing publicly to its own citizens, America might be—could be—doing secretly to the world.

And although you should hate me for it, I have to say that at the time I did my best to ignore my concerns. The distinctions were still fairly clear to me. China’s system was intended to keep its citizens in and America out. The American systems were invisible and purely defensive. Understood this way, the US surveillance model was perfectly okay with me.

But in the sleepless days that followed, some dim suspicion still stirred in my mind. Long after I gave my China briefing, I couldn’t help but keep digging around.

At the start of my employment with the NSA, in 2009, I was only slightly more knowledgeable about its practices than the rest of the world. I was aware of the agency’s surveillance initiatives authorized by President George W. Bush in the immediate aftermath of 9/11, especially the warrantless wiretapping of the President’s Surveillance Program (PSP).

The PSP empowered the NSA to collect telephone and internet communications between the United States and abroad without having to obtain a special warrant—in other words, there was no need for the NSA to prove that someone was suspected of wrongdoing in order to spy on them. That was a drastic, potentially unconstitutional change from how wiretapping had worked in the past.

The Bush administration claimed to have let the program expire in 2007. But the expiration turned out to be a farce. When Congress passed the Protect America Act of 2007 and the FISA Amendments Act of 2008, it gave the NSA approval for the warrantless collection of outbound telephone and internet communications originating within American borders.

That, at least, was the picture I got after reading the government’s own summary of the situation in an unclassified report compiled by the inspectors general from five government agencies. I couldn’t help but notice the fact that hardly any of the executive branch officials who had authorized these programs had agreed to be interviewed by the inspectors general. I interpreted their absence from the record as an admission of malfeasance, or wrongdoing by a public official.

My suspicions sent me searching for the classified version of the report, but such a version appeared not to exist. I didn’t understand. I wondered whether I was looking in the wrong places. After a while of finding nothing, I decided to drop the issue. Life took over, and I had work to do.

It was only later, long after I’d forgotten about it, that the classified version came skimming across my desktop. Once it turned up, I realized why I hadn’t had any luck finding it previously: It couldn’t be seen, not even by the heads of agencies. It was filed in an Exceptionally Controlled Information (ECI) compartment, an extremely rare classification used only to make sure that something would remain hidden even from those holding top secret clearance. Because of my position, I was familiar with most of the ECIs at the NSA, but not this one.

The report came to my attention by mistake: Someone in the NSA IG’s office had left a draft copy on a system that I had access to. Here was everything that was missing from the unclassified version. And the activities it outlined were so deeply criminal that no government would ever allow it to be released unredacted, or uncensored.

The classified version immediately exposed the unclassified document as an outright and carefully concocted lie. The only thing these two particular reports had in common was their title.

The classified report outlined what it called “a collection gap,” and pointed to the necessity of the bulk collection of internet communications. The code name for this bulk collection initiative was STELLARWIND; it was the classified report’s deepest secret. It was, in fact, the NSA’s deepest secret. The program’s very existence was an indication that the agency’s mission had been transformed from using technology to defend America to using technology to control it.

At any time, the government could dig through the past communications of anyone it wanted to victimize in search of a crime (and everybody’s communications contain evidence of something). At any point, for all perpetuity, any new administration—any future rogue head of the NSA—could just show up to work and, as easily as flicking a switch, instantly track everybody with a phone or a computer, know who they were, where they were, what they were doing with whom, and what they had ever done in the past.

The term mass surveillance is more clear to me, and I think to most people, than the government’s preferred bulk collection , which to my mind threatens to give a falsely fuzzy impression of the agency’s work. Bulk collection makes it sound like a particularly busy post office or sanitation department, as opposed to a historic effort to achieve total access to—and clandestinely take possession of—the records of all digital communications in existence.

But even once a common ground of terminology is established, misperceptions can still abound.

Most people, even today, tend to think of mass surveillance in terms of content—the actual words they use when they make a phone call or write an email. When they find out that the government actually cares comparatively little about that content, they tend to care comparatively little about government surveillance. The unfortunate truth, however, is that the content of our communications is rarely as revealing as the unwritten, unspoken information that can expose the broader context and patterns of behavior.

The NSA calls this “metadata.” Metadata is data about data. It is, more accurately, data that is made by data—all the records of all the things you do on your devices and all the things your devices do on their own. Take a phone call, for example: Its metadata might include the date and time of the call, the call’s duration, the number from which the call was made, the number being called, and their locations. An email’s metadata might include information about what type of computer it was generated on, who the computer belonged to, who sent the email, who received it, where and when it was sent and received, and who if anyone besides the sender and recipient accessed it, and where and when.

Metadata can tell the address you slept at last night and what time you got up this morning. It reveals every place you visited during your day and how long you spent there. It shows who you were in touch with and who was in touch with you.

It’s this fact that obliterates any government claim that metadata is somehow not a direct window into the substance of a communication. With the dizzying volume of digital communications in the world, there is simply no way that every phone call could be listened to or email read. Even if it were feasible, however, it still wouldn’t be useful, and anyway, metadata makes this unnecessary by winnowing the field. This is why it’s best to regard metadata not as some benign abstraction, but as the very essence of content: It is precisely the first line of information that the party surveilling you requires.

There’s another thing, too: Content is usually defined as something that you knowingly produce. You know what you’re saying during a phone call or what you’re writing in an email. But you have hardly any control over the metadata you produce, because it is generated automatically. Your devices are constantly communicating for you whether you want them to or not.