- Home
- Edward Lucas
The Snowden Operation Page 6
The Snowden Operation Read online
Page 6
Snowden did not do that, largely because no such serious problem, abuse or violation was taking place. As shown above, the NSA was acting within at least the letter of the law, under congressional and judicial oversight, in accordance with the instructions of an elected president. What Snowden claims as motivation was the trajectory—that a future government would abuse the collection programmes to create an Orwellian 'surveillance state' which individuals would be afraid to challenge for fear of drawing attention to themselves.
That is a political objection. So Snowden, even without disclosing classified information, could have approached the lawmakers, especially in the Senate, who have been publicly critical of what they see as the NSA's excessive reach. He did not. He could have resigned from his job and applied for a job at one of the many think-tanks and campaigns which worry about privacy in the digital age. By providing stolen secrets he has certainly stimulated a far more intense public debate than mere assertions of an ex-employee would have done. But the quantity and quality of information stolen and published goes far beyond anything necessary to start a debate. It looks more like material for a global anti-American campaign.
Even without going through the legal channels available, Snowden could have made it easy for people to defend him as a genuine whistleblower. He could simply have taken and leaked the FISA court order showing that Verizon, the American mobile phone company, has to routinely hand over its customers' phone records.72 To be sure, this collection of meta-data is legal and the order was a routine renewal of a programme which has been going for years. But it was still shocking. People know that their phone companies can do this (and may be glad about it: it helps locate stolen mobile phones). They may be happy that police can analyse the data on a case-by-case basis—for example to find out who has been present at a crime scene. But there are reasonable grounds for worrying about a single government agency creating an automatic, perpetual, searchable warehouse for all such information.
A handful of other documents released by Snowden come into a similar category where a public interest defence would be plausible. If the NSA has indeed been deliberately promoting faulty encryption software, or tweaking industry standards, in order to make it easier to bug and snoop, that is a deplorable and flawed policy. A patriotic American might well try to spare the blushes of American companies who were put in an impossible position by a combination of warrants and gagging orders, while finding some material that illustrated the policy under which such measures were taken.
Had Snowden published such documents, he might well have been prosecuted. American criminal justice officials do take a literal and stern view of the law and (as I have pointed out above) this administration is particularly and deplorably heavy-handed when it comes to dealing with whistleblowers. But he would have had the strongest case for a public interest defence, or a pardon if convicted. He would have been able to say truthfully that he had sought to do the least possible damage to intelligence sources and methods, and to the economic interests of the United States, and had focused his disclosure on the secret aspect of the NSA's activities which most Americans would find controversial. He could then have argued that any harm he did by breaching his oath of secrecy was outweighed by the public good. He might have faced prosecution and jail—but if he could prove that he had taken nothing else but a limited set of documents, whose publication was embarrassing but necessary and relevant, his defence, both in law and before public opinion, would have been stronger. But he didn't.
In fact, his behaviour does not meet the most elementary tests for justifying whistleblowing. Rahul Sagar, a professor at Princeton, has defined these well in his new book Secrets and Leaks:73 First, a whistleblower must have clear and convincing evidence of abuse. Second, releasing the information must not pose a disproportionate threat to public safety. Third, the information leaked must be as limited in scope and scale as possible. Snowden failed all three of these criteria. He has not shown systematic abuse, only secrecy and mistakes. He has harmed and weakened his country and its allies (indeed, for some Snowdenistas, this is a stated aim). He has stolen far more information than was necessary to make the case he purports to want to make. Why?
I have shown that the Snowden disclosures are heavily spun and damaging to American and allied interests in a way that goes far beyond the purported goals of promoting a debate about digital security. I have shown that this damage benefits Russia. I have shown that Snowden's behaviour cannot be justified as whistleblowing. For these reasons alone, he and his allies deserve condemnation. But it is possible—though not proven—that something more sinister than mere naïveté and carelessness is afoot.
Chapter Five: Our Man in Hawaii
To see the suspicious features of the story, examine the facts, as far as they are known, about Snowden's journey into and out of the world of intelligence. After incomplete formal education, he enlisted in the US Army but left after a few months—having broken his legs in an accident, he says. After joining the NSA as a security guard, he moved to Geneva to work for the CIA there, under the cover of an attaché at the American mission to the UN. This is a remarkably successful trajectory. Nobody has yet explained whether he displayed previously hidden talents, had served somewhere else to good effect, or benefited from powerful sponsors.
Some clues about his activities exist from posts he made on the Ars Technica website and in related chatrooms, under the pseudonym TheTrueHOOHA.74 His views seem muddled rather than treasonous. He wrote of surveillance: 'we love that technology … helps us spy on our citizens better.' He was furious with administration sources who leaked classified information to reporters: they 'should be shot in the balls', he wrote. But in February 2010 his views had changed. He wrote: 'Did we get to where we are today via a slippery slope that was entirely within our control to stop, or was it an relatively instantaneous sea change that sneaked in undetected because of pervasive government secrecy?'
All this is odd (and not only because of his triple mixed metaphor). The CIA does not encourage its officers to spend time in online forums mulling the issues of the day or chatting about their private lives. The reason is simple: it is a beacon to the other side. Intelligence officers work on their targets with what is known in the trade as MICE—Money, Ideology, Coercion and Ego. Any sign of an erratic personal life, of ideological dissatisfaction, or of what psychologists call 'cognitive dissonance' offers an opening. If the target is unhappy, wanting to behave one way but forced to do something different, his mental stress can be exploited.
Russian intelligence keeps a close eye on the staff of adversary countries' foreign missions. They are particularly interested in junior employees, trying to spot which are just officials and which are intelligence officers. So it is highly likely that the Russian intelligence rezidentura in Geneva would have noticed the arrival of the young Snowden and would have spotted his real job, working for the CIA. They also as a routine measure would have tried to see what he did in his free time. They would have tried to monitor his use of the internet on his unclassified home computer in the hope of seeing a weakness—drugs, online sex, gambling—which might be a potential avenue of approach. It is likely they would have identified him as TheTrueHOOHA and observed his patchy work record, his erratic private behaviour, and his voluble and increasingly dissatisfied stance online. According to John Schindler, the former NSA analyst and specialist in counter-intelligence, Snowden would have presented the perfect target to the Russians: 'intelligent, highly naïve and totally uninformed'.75
The next question is how they could have approached him. Clearly an overt approach would be risky and probably futile. Snowden showed no sympathy for Russia. It is therefore likely that they would have used what in spy parlance is called a 'false flag' operation. Russian intelligence, like the Soviet KGB before it, has a particular expertise in this. During the Cold War, they would identify disgruntled Western officials with strongly anti-communist views. These people would have access to secrets and grievances�
��perhaps because they were overlooked for promotion, or perhaps because they felt their governments were not vigorous enough in resisting the Soviet empire. The KGB officer would then make a delicate approach, showing no sign of any East European connection, but pretending instead to be from South Africa's intelligence service, the Bureau of State Security. The hapless Westerner would think he was talking to a like-minded friend. Gradually he would be coaxed into handing over small secrets, and eventually big ones. Once he was past the point of no return, the case officer might identify himself as KGB. Or he might maintain the ruse. Often it was only when (or if) the breach was discovered that the Western official would realise that far from helping a friend, he had betrayed his favourite cause to the worst enemy imaginable. A similar kind of false flag operation involved approaching Jewish or pro-Israeli officials in the guise of a Mossad officer. The target would be reproached for his country's half-hearted support for the Jewish state and believe that he was helping its security by handing over vital information.
The beauty of false flag operations is that they can be precisely tailored to fit a target's initial vulnerability, and can then deepen and extend it. They can go through multiple stages: one intelligence officer identifies the first set of weaknesses, drawing up a detailed personality profile and a thorough picture of the target's private life and interests. Then another begins to exploit them. A third deepens the cooperation and a fourth turns the screws hard. Only when it is far too late, if at all, does the victim realise what is going on.
If the Russians indeed spotted Snowden as a potential target for recruitment, the best false flag approach would have been in the guise of campaigners for privacy and government openness. They would have been patient; carefully massaging his ego and making him feel that he was a lone crusader for justice, whose vindication would lie outside the system, not inside it. There is no proof of this. But it would certainly help explain what happened later.
Snowden left the CIA in 2009 and moved to Dell, the computer hardware company, working as a contractor at an NSA base in Japan. Two oddities stand out. One is that he abruptly ceased posting material on Ars Technica, and contributing to its chatrooms. His last substantive contribution read as follows:
It really concerns me how little this sort of corporate behaviour bothers those outside of technology circles. Society really seems to have developed an unquestioning obedience towards spooky types.
I wonder, how well would envelopes that became transparent under magical federal candlelight have sold in 1750? 1800? 1850? 1900? 1950? Did we get to where we are today via a slippery slope that was entirely within our control to stop, or was it an relatively instantaneous sea change that sneaked in undetected because of pervasive government secrecy?76
His views were getting more radical, not less. So why did he desist from sharing them? One explanation would be that he was worried about attracting the attention of his bosses or colleagues; another is that someone warned him that this could be a danger. Such a break in a pattern of activity can be a revealing clue in the counter-intelligence world. During the Cold War, Britain's spy-catchers achieved some notable success following a tip-off about readership of the Daily Worker. This was the Communist Party newspaper (later renamed the Morning Star). People sympathetic to Communism in the 1930s tended to be readers of the Daily Worker. But if approached by Soviet intelligence officers, they would be told to stop subscribing: it would be more useful to abandon overt Communist sympathies and instead get jobs within the British establishment.
Many years later, this led to some useful breakthroughs. Diligent study of newsagents' old records revealed people who had subscribed to the Communist paper for some time and then stopped. Some of them indeed turned out to have been active Soviet spies.
Along with Snowden's puzzling silence is another oddity: why did he give up the CIA so quickly? Although he had long wanted to live in Japan, a glamorous job involving intelligence operations in Geneva might seem more fun than checking computers on a military base. One explanation for this could be that Snowden was worried about the CIA's security screening. This involves repeated polygraph (lie-detector) tests and can be quite intrusive. It might reveal that he was hanging out with WikiLeaks sympathisers, for example—which would mean a speedy end to his career. Repeat screening for contractors to American intelligence (who make up an astonishing third of the 1.4m people with top-secret security clearances) is bureaucratic and onerous, but not so revealing. Another further explanation could be that he realised that being a small cog in the CIA's station in Geneva did not give him access to the secrets that would prove his contention of widespread and sinister government misbehaviour.
The next oddity is that he left his job in Japan in September 2010 and visited India for a week, ostensibly to attend a four-day course on ethical hacking.77 India is far friendlier territory for Russian spies wanting to talk to a source than somewhere like Japan or Switzerland. There is no proof that this happened. But the trip does not quite make sense. Anyone with a security clearance would normally have to seek permission to attend such a course; it would be unlikely to be granted. It may be that procedures for dealing with contractors at the base in Japan were sloppy: in 2011 a background check on Snowden was improperly carried out.78 At any rate, he did not declare this trip to his employers before or afterwards. If he was indeed learning hacking skills, it would be interesting to know why: the course was not needed for his job. If he went to India to meet someone, that would be interesting too. Either way, the trip looks fishy.
Snowden moved to Hawaii, and in March 2013 took a job at an NSA contractor, Booz Allen Hamilton. His new employer was worried by his resumé. It seemed to have been padded with educational accomplishments which would have been better described as aspirations.79 He was a systems administrator, one of the unsung people who keep machines and software working properly. The job has its drawbacks—but its boringness makes mischief possible. Supervising people who are doing boring jobs is itself boring, and is often done badly. But before gaining this job, Snowden was already stealing secrets (at least as early as April 2012, American officials believe80). He says he sought the Booz Allen job because it 'granted me access to lists of machines all over the world the NSA hacked'.81 He seems to have persuaded between 20 and 25 of his NSA colleagues to give him their passwords and log-ins. If true—he has denied it—this is striking. It is the behaviour of a spy, not a whistleblower. Why would someone who wanted the best for his country, and reform of his agency, entrap colleagues into a career-ruining blunder? (The people concerned have now, it seems, been dismissed.)
For Russian intelligence, sparking an association between the disgruntled Snowden and eager recipients of state secrets such as Glenn Greenwald the blogger, Jacob Appelbaum the hacker, Laura Poitras the film-maker, and others in that world of hacktivists and transparency campaigners would be a logical next step. All were associated to varying degrees with WikiLeaks, which, as I have shown above, was of great use to Russia (indeed its fugitive founder, Julian Assange, now has a show on the RT state propaganda television station).82 The hacker milieu is full of Westerners who are highly suspicious of their own governments for tampering with what they regard as the inviolable autonomy of the internet from any legal constraints. The KGB certainly found it a fertile hunting ground in the 1980s, using German hackers to steal NATO secrets in the days when online security was still rudimentary.83
Such links and opportunities do not prove that any of the above-mentioned people are conscious agents of the Russian state, and I am not accusing them of that. (Snowden himself says the idea is 'absurd'.) But they do not need to be. The example of the peace movement shows that given the right initial direction and a favourable propaganda environment, political movements in the West can serve the Kremlin's purpose without hands-on control. It would not be hard for Russian intelligence to conceal an intelligence officer or agent of influence somewhere in the background, or for that person to broker an introduction between Snowden a
nd his future allies.
The skimpy and confusing public accounts given so far leave plenty of room for such suspicion. One question is when Snowden first started to steal secrets. He joined Booz Allen Hamilton in March, but well before that he had offered secret files to Poitras and Greenwald. Where did he get them and when? A related puzzle is when Snowden first made contact with his future allies. As the blogger Catherine A Fitzpatrick has noted, there are no fewer than five dates given for his first contact with Greenwald.84 It does not seem completely plausible that Snowden's first contact came only when he started sending e-mails to Poitras in January 2013. Ostensibly, she then persuaded Greenwald to install encryption software and take the mysterious anonymous would-be source seriously (Greenwald had ignored previous e-mails from Snowden, thinking he was a crank).85 But Appelbaum was in Hawaii in March 2013 for a hacker conference, the SBoC (Spring Break of Code). A bunch of other dedicated activists attended too, including Christine Corbett, the pseudonymous hacker Moxie Marlinspike, and others. An American academic and blogger, Craig Pirrong, conjectures that what really happened was this:
Snowden was in contact with Appelbaum first, and well before January 2013, and Appelbaum directed Snowden to Poitras. It would be natural for a computer geek and hacker like Snowden to know of, and to reach out to, Appelbaum. Far more natural than to reach out to Poitras first. Under this conjecture, the timing works out. Snowden, Appelbaum, and Moxie work out their basic plan in late 2012 or early January 2013. Appelbaum activates the plan to disseminate the information via Poitras by putting Snowden in touch with her and near simultaneously Moxie initiates the SBoC to give him cover to travel to Hawaii (and perhaps too a team of unwitting accomplices that could help him cover his activities while there). They all converge in Hawaii a couple of months later.86