Эдвард Сноуден - Permanent Record (Young Readers Edition) - How One Man Exposed the Truth about Government Spying and Digital Security

The only hitch was getting in touch.

Unable to reveal my true name, I contacted the journalists under a variety of identities. The first of these was Cincinnatus, after a legendary farmer who became a Roman consul and then voluntarily relinquished his power. The final name I used was Verax, Latin for “speaker of truth.”

You can’t really appreciate how hard it is to stay anonymous online until you’ve tried to operate as if your life depended on it. To communicate with the journalists, I decided to use somebody else’s internet connection. I wish that were simply a matter of going to a McDonald’s or Starbucks and signing on to their Wi-Fi. But those places have security cameras and receipts and other people. Moreover, every wireless device, from a phone to a laptop, has a globally unique identifier called a MAC (Machine Address Code), which it leaves on record with every access point it connects to.

So I didn’t go to McDonald’s or Starbucks—I went driving. A high-powered antenna, a magnetic GPS sensor, and a laptop allowed me to turn my car into a roving Wi-Fi sensor.

At nights and on weekends, I drove around what seemed like the entire island of Oahu, letting my antenna pick up the pulses of each Wi-Fi network. My GPS sensor tagged each access point. What resulted was a map of the invisible networks we pass by every day without even noticing.

With this network map in hand, I’d drive around Oahu like a madman, trying to check my email to see which of the journalists had replied. Some of the journalists I’d chosen needed convincing to use a more secure method of communication known as encrypted email, which back in 2012 was a pain. In some cases, I had to show them how, so I’d upload tutorials.

Atop the parking garage of a mall, secure in the knowledge that the moment I closed the lid of my laptop, my secret was safe, I’d draft manifestos explaining why I’d gone public, but then delete them. And then I’d try writing emails to Lindsay, only to delete them, too. I just couldn’t find the words.

Read, write, execute: In computing, these are called permissions. The right to read a file allows you to access its contents, while the right to write a file allows you to modify it. Execution , meanwhile, means that you have the ability to run a file or program, to carry out the actions it was designed to do.

Read, write, execute: This was my simple three-step plan. I wanted to burrow into the heart of the world’s most secure network to find the truth, make a copy of it, and get it out into the world. And I had to do all this without getting caught—without being read, written, and executed myself.

Almost everything you do on a computer, on any device, leaves a record. Nowhere is this more true than at the NSA. Each log-in and log-out creates a log entry. Each permission I used left its own forensic trace. Every time I opened a file, every time I copied a file, that action was recorded. Every time I downloaded, moved, or deleted a file, that was recorded, too.

I used Heartbeat to compile the documents I wanted. The agency’s security tools kept track of who read what, but it didn’t matter: Anyone who bothered to check their logs was used to seeing Heartbeat by now. It would sound no alarms. It was the perfect cover.

While Heartbeat would work as a way of collecting the files—far too many files—it only brought them to the server in Hawaii, a server that kept logs even I couldn’t get around. I needed a way to work with the files so I could discard the irrelevant and uninteresting, along with those containing legitimate secrets that I wouldn’t be giving to journalists. But if I ran my searches on the Heartbeat server, it would light a massive electronic sign blinking ARREST ME.

I thought about this for a while. I couldn’t just copy the files directly from the Heartbeat server onto a personal storage device and waltz out of the Tunnel without being caught. What I could do, though, was bring the files closer, directing them to an intermediate way station.

In a forgotten corner of the office was a pyramid of disused desktop computers that the agency had wiped clean and discarded. They were Dell PCs from 2009 or 2010, large gray rectangles that could store and process data on their own without being connected to the cloud. Though they were still in the NSA system, they couldn’t really be closely tracked as long as I kept them off the central networks.

I could easily justify needing to use these stolid, reliable boxes by claiming that I was trying to make sure Heartbeat worked with older operating systems. Under the guise of compatibility testing, I could transfer the files to these old computers, where I could search, filter, and organize them as much as I wanted, as long as I was careful. I was carrying one of the big old hulks back to my desk when I passed one of the IT directors, who stopped me and asked me what I needed it for.

“Stealing secrets,” I answered, and we laughed.

The first phase of my three-step plan ended with the files I wanted all neatly organized into folders. But they were still on a computer that wasn’t mine, which was still in the Tunnel underground. Enter, then, the write phase, which for my purposes meant the agonizingly slow, scary process of copying the files onto something that I could spirit out of the building.

The easiest and safest way to copy a file off any IC workstation is also the oldest: a camera. Smartphones, of course, are banned in NSA buildings, but workers accidentally bring them in all the time without anyone noticing. They leave them in their gym bags or in the pockets of their windbreakers. But getting a smartphone loaded with NSA secrets out of the Tunnel is risky. Odds are that nobody would’ve noticed—or cared—if I walked out with a smartphone, and it might have been an adequate tool for trying to copy a single report. But I wasn’t wild about the idea of taking thousands of pictures of my computer screen in the middle of a top secret facility. Also, the phone would have to be configured in such a way that even the world’s foremost forensic experts could seize and search it without finding anything on it that they shouldn’t.

I’m going to refrain from publishing how exactly I went about my own copying and encryption (a means of securing files, which I’ll explain in greater detail later on)—so that the NSA will still be standing tomorrow. I will mention, however, what storage technology I used for the copied files. Forget thumb drives; they’re too bulky for the relatively small amount they store. I went, instead, for SD cards—the acronym stands for Secure Digital. Actually, I went for the mini- and micro-SD cards.

You’ll recognize SD cards if you’ve ever used a digital camera or video camera, or needed more storage on a tablet. They’re tiny little buggers, basically the size of your pinkie fingernail—eminently concealable. You can fit one inside the pried-off square of a Rubik’s Cube, then stick the square back on, and nobody will notice. In other attempts, I carried a card in my sock or, at my most paranoid, in my cheek, so I could swallow it if I had to. Eventually, as I gained confidence, and certainty in my methods of encryption, I’d just keep a card at the bottom of my pocket. They hardly ever triggered metal detectors, and who wouldn’t believe I’d simply forgotten something so small?

The size of SD cards, however, has one downside: They’re extremely slow. Copying times for massive volumes of data are always long—at least always longer than you want. And the duration stretches even more when you’re copying to a minuscule silicon wafer embedded in plastic. Also, I wasn’t just copying. I was deduplicating, compressing, and encrypting, none of which could be accomplished simultaneously. I was using all the skills I’d ever acquired in my storage work, making an off-site backup of evidence of the IC’s abuses.