December 12, 2019

Review of Snowden's book Permanent Record - Part II: At the NSA

(Updated: December 20, 2019)

More than 6 years after the first disclosure of Top Secret documents from the NSA, after numerous video appearances and more than 4000 tweets, Edward Snowden has now written an autobiography. It's titled Permanent Record and was published simultaneously in over 20 countries on September 17.

An extensive discussion of the first half of this book, from Snowden's youth to his jobs at the CIA, is provided in Part I of this review. Here, it's about his time at the NSA, which he accuses of collecting everyone's information and storing it forever. However, the book in no way substantiates these claims, misrepresents the NSA collection programs and fails to justify his massive theft of classified data.




 


Sysadmin at the NSA in Japan

In August 2009 Snowden moved to Japan for his first job at the NSA. This was yet another a contractor job, as he was hired by Perot Systems (which was taken over by Dell in September 2009) under the Agency Extended Information Systems Services (AXISS) contract of the NSA.

His new workplace was at the NSA's Pacific Technical Center (PTC) at Yokota Air Base, near Tokyo. This facility was opened in 2003 as "the sister organization to the highly successful European Technical Center (ETC), essential technical and logistical services to vital cryptologic missions in the Pacific Theater."

Here, Snowden worked as a systems administrator responsible for maintaining the local NSA systems and helping to connect the NSA's systems to those of the CIA. As such he found out that the NSA was far ahead in terms of cyberintelligence, but far behind when it came to cybersecurity:
"In Geneva, we'd had to haul the hard drives out of the computer every night and lock them up in a safe - and what's more, those drives were encrypted. The NSA, by contrast, hardly bothered to encrypt anything."
(p. 166)

EPICSHELTER

In Japan, Snowden noticed that the NSA had no proper backup system: because of limited bandwith, local collection sites often did not send copies back to NSA headquarters. He then engineered an automated backup and storage system, that was initially named EPICSHELTER, but was later renamed into Storage Modernization Plan/Program. (p. 166-168)

This system would constantly scan the files at every NSA facility and only if the agency lacked a copy of it back home would the data be automatically queued for transmission. It's not known how accurate this description is, because no original documents about EPICSHELTER have been published.

It's likely though that the scope of the system was smaller than the book suggests and only handled documents and reports produced by NSA employees, not the data the agency intercepted (in Oliver Stone's biographical thriller the fictional Snowden says that EPICSHELTER was only "collecting our finished intel").

For its intercepted communications, the NSA already had a system with a more or less similar function: XKEYSCORE, which in 2008 consisted of filtering systems at some 150 local collection sites. Analysts instruct these local filters to select data of interest, which are subsequently transferred to the agency's central databases. Data that are not of interest disappear from the system's rolling buffer after around 30 days.



Slide from an NSA presentation about XKEYSCORE
showing its federated query hierarchy
(click to enlarge)


Leaving readers with the impression that EPICSHELTER copied and stored virtually all of the NSA's data, Snowden writes:
"The combination of deduplication and constant improvements in storage technology allowed the agency to store intelligence data for progressively longer periods of time. Just over the course of my career, the agency's goal went from being able to store intelligence for days, to weeks, to months, to five years or more after its collection. By the time of this book's publication, the agency might already be able to store it for decades." (p. 167)
Snowden then claims that it is the NSA's ultimate dream "to store all of the files it has ever collected or produced for perpetuity, and so create a perfect memory. The permanent record." (p. 168)
 

The Utah Data Center

Given that Permanent Record is the title of the book, one would expect a solid substantiation of this claim, but the only "corpus delicti" that Snowden comes up with is the huge $ 1.2 billion data center that NSA built near Bluffdale, Utah, which was probably reported first in July 2009. (p. 246-247)

Snowden says that within the NSA this data center was initially called "Massive Data Repository" but then renamed to "Mission Data Repository" to sound less creepy. This isn't a unique designation for the Utah complex though, because from other sources we know that the NSA has multiple Mission Data Repository (MDR) cloud platforms.

We can assume that Snowden looked and searched for internal NSA documents about the Utah Data Center (UDC), but either he found nothing, or nothing has been published. Maybe that's because it's simply a big back-up facility for the US Intelligence Community as a whole?

That at least seems a plausible option given its official name of "Intelligence Community Comprehensive National Cybersecurity Initiative Data Center" with the purpose of providing a secure and resilient environment supporting the nation's cyber security.

The only relevant piece from the Snowden trove is a map showing that in Utah one can find the NSA's Utah Language Center and two of the NSA's GHOSTMACHINE (GM) cloud computing platforms, codenamed gmCAVE and gmPEACH. It's not clear though whether this is the situation before or after the opening of the data center.



Slide from a 2012 NSA presentation showing the locations
of the agency's GHOSTMACHINE cloud platforms
(click to enlarge)
 

Permanent Record?

Contrary to Snowden's claim about a "permanent record", many of the data the NSA collects are actually stored for much shorter periods of time. For the programs where communications from foreign targets are collected inside the United States the maximum retention periods for unevaluated data are:
- PRISM (targeted collection from internet companies): 5 years
- Upstream (targeted collection from backbone cables): 2 years
- Section 215 (bulk collection of domestic telephone metadata): 5 years

It seems there were no clear storage restrictions for data collected outside the US under EO 12333 authority, but examples show that they were not kept very long: the NSA's main database for internet metadata, MARINA, stored data for a year, while the massive data processing system RT-RG used in Iraq and Afghanistan could hold its data initially for not more than a month.

In response to the Snowden disclosures, president Obama issued Presidential Policy Directive 28 (PDD-28) in which he determined that personal information about foreigners shall also "not be retained for more than 5 years".

However, Obama's directive didn't change the policy that encrypted communications may be stored indefinitely, something that was useful in the past when only things of importance were encrypted, but makes less sense nowadays. It's ironical that when Snowden urges us to encrypt our data, that actually means they could be stored much longer than if we don't.

Update:
On December 12, 2019, the NSA's Inspector General (IG) published a report about the retention requirements for SIGINT data. Many data have to be deleted after a number of years, but the report found several deficiencies in that process. The IG made 11 recommendations and the NSA agreed to implement all of them.


Misleading

The limitations on storing data from PRISM, Upstream and Section 215 only became public through the declassification of opinions from the FISA Court as well as from a report from the NSA's Civil Liberties and Privacy Office, both in response to one-sided press reports about these programs.

This means that while he was working at the NSA, Snowden may not have been aware of these limitations and therefore jumped to the conclusion that the agency wanted to store its data as long as possible. But by still not mentioning these limited retention periods in his book, Snowden deliberately misleads his readers.
 

Snowden's atomic moments

According to Permanent Record, Japan was Snowden's "atomic moment" where he realized that "if my generation didn't intervene the escalation would only continue" and surveillance would become "the ear that always hears, the eye that always sees, a memory that is sleepless and permanent." (p. 184-185)

There were however two moments that raised his suspicions:


1. China's domestic surveillance

The first moment was when the NSA's Pacific Technical Center hosted a conference on China and Snowden had to step in as a replacement by giving a briefing about the intersection between counterintelligence and cyberintelligence. (p. 169)

Preparing his briefing, he read about China's mass surveillance against its own citizens and then suspected that the US government was doing the same, because "if something can be done, it probably will be done, and possibly already has been". (p. 170-171)

But how could such surveillance remain secret in an open society like that of the United States, while even the censoring and monitoring measures from the tightly controlled Chinese society are well known? And what would such domestic surveillance have to do with the NSA, which is a military foreign intelligence agency?

Like more radical privacy activists Snowden seems to assume that intelligence agencies like the NSA and CIA desperately want to spy on their own citizens.* But if the government really wants to do so, there are other and easier options, for instance through the FBI and other law enforcement agencies that have the power to wiretap and access to government and private databases.

Another example of mixing these things up is when Snowden describes that he couldn't tell his girlfriend that his "former coworkers at the NSA could target her for surveillance and read the love poems she texted me." It's hard to believe that Snowden really thought that: if there would have been a reason to monitor her, it would have been done by the FBI, not the NSA. (p. 197)
 

2. The STELLARWIND report

The second moment that apparently scared Snowden was when he read a very secret report about the President's Surveillance Program (PSP), which was established by president George W. Bush after the attacks of 9/11. It gave the NSA the power to track down foreign terrorists without a warrant from the Foreign Intelligence Surveillance Court (FISC) and was therefore also known as Warrantless Wiretapping.

An unclassified report about the PSP was published in July 2009, which gave Snowden the impression that graver things had been going on than just targeted interception of terrorists. This suspicion sent him searching for the classified report on the President's Surveillance Program, which he only found somewhat later by chance. (p. 174-175)
Update:
While being interviewed for The Joe Rogan Experience podcast on October 23, 2019, Snowden said that he found the classified version of the STELLARWIND report only somewhere in 2012. It turned up when he ran some "dirty word searches" to help out the Windows network systems administration team that sat next to him when he was in the Office of Information Sharing at NSA Hawaii (see below).

The report appeared to be in a separate classification compartment under the code name STELLARWIND (STLW) and only because someone in the office of the NSA's Inspector General and who had come to Hawaii had left a draft copy on a lower-security system, it popped up as something that Snowden had to remove and delete. Instead, he read it all the way through. (p. 175)



The first page of the highly classified STELLARWIND report
(click for the full report)


After reading the highly restricted report, Snowden found that "the activities it outlined were so deeply criminal that no government would ever allow it to be released unredacted". (p. 176)

This claim requires an explanation of the STELLARWIND program, which doesn't follow in the book, despite the fact that the classified report is very detailed. It makes clear that the program encompassed 4 components:
- Targeted collection of telephony content
- Targeted collection of internet content
- Bulk collection of domestic telephony metadata
- Bulk collection of domestic internet metadata

This may look massive, but on page 9 of the report NSA director Michael Hayden is cited saying that "NSA would not collect domestic communications". Furthermore it explains that the program was only used to collect communications from:
- Members of al-Qaeda and its affiliates (since October 2001)
- Targets related to Afghanistan (until January 2002)
- The Iraqi Intelligence Service (from March 2003 to March 2004)

The content of these target's communications was collected by filtering backbone cable traffic using some 11,000 phone numbers and e-mail addresses.* On pages 38 and 39 the report says that the bulk collection of both telephone and internet metadata was also strictly limited to finding unknown conspirators of known members of al-Qaeda.

Between 2004 and 2007, all four components of the STELLARWIND program were moved from the president's authority to that of the FISA Court (FISC), based upon a creative interpretation of the Patriot Act and the new Protect America Act.

According to the original report, STELLARWIND was not used for large-scale monitoring of American citizens,* but that's not something we learn from Permanent Record, which is not only misleading but also fails to account for the reason why Snowden was apparently so upset after reading it.


Security clearance reinvestigation

In September 2010, Edward Snowden left Japan and returned to Maryland, where Dell provided him a new job as a technical solutions consultant for their CIA contract, a job that didn't require a security clearance, because the CIA refused to grant him access to classified information (see Part I of this review).

Around that time, Snowden was also due for a periodic background reinvestigation, but when the review was completed in May 2011, no derogatory information had been found. According to the HPSCI-report this was because the investigation was incomplete as, for example, it "never attempted to verify Snowden's CIA employment or speak to his CIA supervisors".

Not much later, Snowden was diagnosed with epilepsy after which he took a four-month disability leave from work until January 2012. According to his memoir, he decided "to start over" and take a less stressful job in Hawaii where the climate and more relaxed lifestyle was better to prevent epileptic seizures. (p. 215)

Did Snowden, who clearly didn't fit into a government bureaucracy, ever considered a private sector job in Silicon Valley, where there's an equally nice climate? Or was he determined enough to find out more about mass surveillance to stay inside the Intelligence Community, although not yet ready to sacrifice everything for that goal? (p. 215)
 

Sysadmin at the NSA in Hawaii

By the end of March 2012, Snowden and his girlfriend had moved to Hawaii, where he got a new job for Dell at the NSA's regional Cryptologic Center.

While most NSA employees had moved to a new building in the beginning of 2012, Snowden and other technical support workers remained in the so-called Kunia Tunnel, a three story underground bunker facility originally built for aircraft assembly during World War II.

Here, he worked for exactly one year, until March 2013, as a SharePoint systems administrator and the sole employee of the Office of Information Sharing. It was "a significant step down the career ladder, with duties I could at this point perform in my sleep." (p. 214)



The tunnel entrance to the former Kunia Regional Security Operations Center
in Hawaii, where Snowden worked from March 2012 to March 2013
(photo: NSA - click to enlarge)
 

Whistleblower?

Just like in his first job at CIA headquarters Snowden started with automating his tasks by writing scripts to do the work for him "so as to free up my time for something more interesting." (p. 214)

That more interesting activity is described in what is probably the most important and most surprising revelation of Permanent Record:
"I want to emphasize this: my active searching out of NSA abuses began not with the copying of documents, but with the reading of them. My initial intention was just to confirm the suspicions that I'd first had back in 2009 in Tokyo. Three years later I was determined to find out if an American system of mass surveillance existed and, if it did, how it functioned." (p. 215)

Here, Snowden basically admits that he isn't a whistleblower: he wasn't confronted with illegal activities or significant abuses and subsequently collected evidence of that, but acted the other way around by gathering as much information he could get, only based upon a vague and, as we have seen, rather far-fetched suspicion.

Snowden also doesn't share whether he found any concrete misconducts in those numerous files, things that could have triggered his decision to hand them over to journalists. He even omits almost all the disclosures made by the press, which makes that Permanent Record contains hardly anything that justifies his unprecedented data theft.



E-mail from Snowden as systems administrator in Hawaii, August 2012
Declassified by the NSA in June 2016
(Click to enlarge)


Readboards and Heartbeat

While his colleagues at the Kunia Tunnel watched Fox News, Snowden's quest for information started with reading what he calls "readboards", a kind of digital bulletin boards where each NSA site posted news and updates. (p. 220)

He started hoarding documents from all these readboards, creating an archive of everything he thought was interesting. After a complaint about exceeding his storage quotum, Snowden came up with the idea to share his personal collection with his colleagues, as a justification, or "the perfect cover", for collecting material from more and more sources. (p. 221, 256)

He then got approval from his boss to create an automated readboard that would perpetually scan for new and unique documents, not only from NSAnet, but also from the networks of the CIA, the FBI as well as from JWICS, the high-level Defense Department intelligence network. (p. 221)

Instead of only gathering titles and metadata like common RSS-readers do, the system had to pull in full documents so NSA Hawaii would have access to all the necessary information in case the fiber-optic cable that connected it with NSA headquarters would be disconnected as a result of a power outage or a cyber attack.

Snowden called the new system Heartbeat (not in capitals in the book) because "it took the pulse" of the NSA and of the wider Intelligence Community (IC), but the program was also important for another reason: "Nearly all of the documents that I later disclosed to journalists came to me through Heartbeat." (p. 221-222)



Mock-up of the Heartbeat interface in Oliver Stone's biographical thriller Snowden
(screenshot from Snowden - click to enlarge)


Scraping tools and stolen passwords

The HPSCI-report says Snowden started his mass downloading of NSA data somewhere around August 1, 2012, using two common scraping tools, called DownThemAll! and wget. These tools were available for legitimate system administrator purposes, but Snowden used them to scrape "all information from internal NSA networks and classified webpages of other IC elements."

This is followed by two redacted sections, so it's not known whether the report acknowledges that this scraping effort was part of an authorized program named Heartbeat. Snowden doesn't mention the scraping tools in his book, but in a video appearance on August 20, 2019, he admitted that he "wrote some scrapers".

Besides the bulk downloading, the HPSCI-report says that Snowden used "his systems administrator privileges to search across other NSA employees' personal network drives and copy what he found on their drives". He also searched for "files related to the promotion and hiring decisions" on the personal network drives of people who had been involved in decisions about jobs for which Snowden had applied.

Already in November 2013, Reuters reported that Snowden even persuaded maybe up to 25 fellow workers to give him their logins and passwords, but in a live chat in January 2014, Snowden vehemently denied this: "I never stole any passwords, nor did I trick an army of co-workers".

The HPSCI-report from 2016 confirmed Reuters' reporting and says that Snowden asked "several of his co-workers for their security credentials so he could obtain information that they could access, but he could not. One of these co-workers subsequently lost his security clearance and resigned from NSA employment."

One would expect that Permanent Record addresses these specific and quite serious accusations, but they are completely ignored. In more general terms however, the book confirms Snowden's almost insatiable desire for information regardless of whether he was entitled to it - he almost seems proud of how easy he could circumvent auditing controls and internal monitoring systems like MIDNIGHTRIDER. (p. 256)


"Collect it All"

While almost "every journalist who later reported on the disclosures was primarily concerned with the targets of surveillance", like American citizens or foreign leaders, Snowden's own curiosity was of technical nature: "the better you can understand a program's mechanics, the better you can understand its potential for abuse." (p. 222)

While Glenn Greenwald saw the slide below as evidence that NSA really wants to "Collect it All", Snowden now says that this was "just PR speak, marketing jargon" intended to impress America's Five Eyes partners and therefore gave him "no insight into how exactly that ambition was realized in technological terms." (p. 222-224)



Slide from a presentation about satellite collection capabilities
at Menwith Hill Station in the United Kingdom, 2011


Given how keen Snowden was to find out the inner workings of the NSA's collection systems, surprisingly little detail about them is found in his book. For example, the best-known and most controversial programs, Section 215 and PRISM, are addressed in only one paragraph each. (p. 222-223)

Just as little information is provided about other NSA collection programs - apparently because such details would undermine Snowden's repetitive claim that the NSA tries to collect everyone's data to store them forever. For example:

- Bulk collection of domestic telephone metadata under Section 215 was limited to counter-terrorism investigations and only used for contact-chaining with no more than 288 seed numbers in 2012, resulting in 6000 numbers that analysts actually looked at.

- Targeted collection from internet companies under PRISM doesn't allow "direct access" to the servers of the companies, has multiple layers of oversight and was used against roughly 160,000 specific foreign targets in 2018.


TURBULENCE, TURMOIL and TURBINE

The most detailed, but still rather limited description in Permanent Record is that of the technologies behind Upstream collection, which is the interception of foreign communications at backbone cables and switching facilities. Snowden says that if you want to look something up on the internet, it has to pass "through TURBULENCE, one of the NSA's most powerful weapons." (p. 225)


According to an internal NSA dictionary, TURBULENCE isn't so much a weapon, but a "framework of mission modernization". A detailed explanation of this framework on the weblog of Robert Sesek shows that it has nine different components, including TURMOIL and TURBINE, which also feature in Snowden's book:

TURMOIL is installed at many locations around the world and makes a copy of a data stream based upon selectors like e-mail addresses, credit card or phone numbers, etc. Suspicious traffic is then tipped over to TURBINE, which uses algorithms to decide whether computer exploits should be used against certain kinds of web traffic. Then, TURBINE injects the exploits in the web traffic back to the target's computer: "Your entire digital life now belongs to them". (p. 225-226)

Snowden claims that these systems "are the most invasive elements of NSA's mass surveillance system, if only because they're the closest to the user." But as TURMOIL filters communications traffic for data that match specific selectors, this qualifies as targeted collection, which is generally preferred above indiscriminate bulk collection.

It's only because Snowden has the habit of describing all the NSA's collection efforts as if they are directed against everyone and anyone ("your traffic", "your digital life") that even targeted collection sounds very scary, but as long as you're not a target, these exploits won't find their way to your computer.



A slide from an unpublished NSA presentation about the TUMULT component of
the TURBULENCE program as seen in the documentary film Citizenfour
(screenshot by paulmd - click to enlarge)
 

Exfiltrating the data

In his memoir, Snowden says that the big decisions in (his) life are made subconscious and only expressed themselves once fully formed: "once you're finally strong enough to admit to yourself that this is what your conscience has already chosen for you." (p. 214)

Snowden's preparations for leaking to the press apparently started in August 2012, which is earlier than previously assumed. But before handing over his personal collection of Top Secret files, he wanted to "search them and discard the irrelevant and uninteresting, along with those containing legitimate secrets". (p. 256-257)

This was quite difficult on monitored NSA computers, so he took an old Dell PC that he found in a forgotten corner: "Under the guise of compatibility testing, I could transfer the files to these old computers, where I could search, filter, and organize them as much as I wanted, as long as I was careful." (p. 256-257)

It seems that Snowden used this desktop computer as a "thin-on-thick" device, which means that it officially served as a thin client. According to the HPSCI-report Snowden requested such a thin-on-thick computer in late August 2012, which is less than a month after he started bulk downloading internal NSA files.


Careful evaluation?

This set-up allowed Snowden to get "the files I wanted all neatly organized into folders" and later on, he assured that he "carefully evaluated every single document I disclosed to ensure that each was legitimately in the public interest". (p. 258)

Given the huge number of files that he handed over (the book says nothing about their exact number), it's hard to imagine that Snowden was able to evaluate them as careful as he said. In his memoir he already admits how complicated this was:
"Sometimes I'd find a program with a recognizable name, but without an explanation of what it did. Other times I'd just find a nameless explanation, with no indication as to whether the capability it described was an active program or an aspirational desire. I was running up against compartments within compartments, caveats within caveats, suites within suites, programs within programs" (p. 217)

Apparently it was as difficult for Snowden as it was for the journalists to make sense out of these never-before-seen documents, but with the difference that Snowden had less than a year to study them part-time, while a dozen of journalists and their assistants have worked on them for over five years and may still haven't solved all the puzzles.

Even in his hotel room in Hong Kong, in the week before he would meet Greenwald and Poitras, Snowden was sorting his archive, and in order to make it as comprehensive as possible for nontechnical people he also put together dictionairies and glossaries of abbreviations like CCE, CSS, DNI and NOFORN. (p. 288-289)


All these efforts didn't prevent mistakes in the early press reportings, like for example that NSA had "direct access" to the servers of Facebook, Google, and other internet companies. The misinterpretation of the BOUNDLESSINFORMANT slides was another major case that made clear that both Snowden and the journalists lacked enough information about this tool.


When in April 2015, John Oliver expressly asked whether he really had read every single document, Snowden eventually backed down from his original statement saying "Well, I do understand what I turned over" and slowly conceded that his actions carried dangers regardless of his own intentions or competence.


The Rubik's Cube

The next step in exfiltrating the files was getting them out of the Kunia Tunnel complex. Taking pictures with a smartphone wasn't an option, so Snowden decided to copy them onto mini- and micro-SD cards. They have so little metal in them that they will hardly trigger metal detectors, but are extremely slow to write: it can take up to 8 hours to fill a single card. (p. 258-259)

This had to be repeated multiple times and so Snowden sneaked the SD cards past the security checks in different ways: in his sock, in his cheek (so he could swallow it if needed) and at the bottom of his pocket. He doesn't confirm or deny whether he also used a Rubik's Cube to hide an SD card, or that the cube was just used to distract the guards. (p. 259)



Oliver Stone's film Snowden showing how an SD card was hidden in a Rubik's Cube
(screenshot from Snowden - click to enlarge)


At home, Snowden transferred the files from the SD cards to a larger storage device and secured them with multiple layers and different methods of encryption. Altogether, the documents fitted on a single drive, which he left out in the open on his desk at his home, confident that they were protected by the encryption. (p. 262-263)


Handing over the files

On December 1, 2012 Snowden first contacted columnist Glenn Greenwald, but when it proved to be difficult for him to set up an encrypted communications channel, Snowden contacted film maker Laura Poitras on January 13, 2013, after he had received her public key through Micah Lee from the Electronic Frontier Foundation. (p. 250-253)

It's not clear when Snowden sent Poitras the first set of documents that she showed to Greenwald on their flight to Hong Kong.* Eventually, they each received a copy of the full archive when they met Snowden on June 2/3 at his room in the Mira Hotel.

An intriguing story that's not in Permanent Record, but was told in Harper's Magazine from May 2017 is that already on May 10, 2013, Snowden had sent (encrypted) backup copies of the NSA files in postal packages to Jessica Bruder in New York, to Trevor Timm of the Freedom of the Press Foundation, to one person who wants to remain anonymous, and to one unknown person.

In his book, Snowden tries to explain how thoroughly he secured his own archive of NSA documents (through some kind of key distribution scheme), but how about the keys for what was in these packages? And what has happened to the packages?

 

Infrastructure analyst at the NSA in Hawaii

On March 30, 2013, Edward Snowden had started a new job as an infrastructure analyst for intelligence contractor Booz Allen Hamilton (BAH) at the NSA/CSS Threat Operations Center (NTOC) of NSA Hawaii.

NTOC is a watch center that provides real-time network monitoring and cyber defense capabilities and is located in the NSA's new Joseph J. Rochefort Building (nicknamed "Roach Fort" or "The Roach"), which was officially opened in January 2012.



The Joseph J. Rochefort Building of NSA/CSS Hawaii near Wahiawa in Honolulu
where Snowden worked from mid-April to mid-May 2013.
(still from CBS News - click to enlarge)


There are different versions of the reason why Snowden took this new job. In his memoir he says that after reading about all those NSA programs, systems and tools, his final desire was to see how they were operated by the analysts who take the actual targeting decisions: "Was there anyone this machine could not surveil?" (p. 275-276)

He was especially interested in the XKEYSCORE system, which would later be presented as the NSA's "widest-ranging tool, used to search nearly everything a user does on the Internet". The Booz Allen job as an infrastructure analyst allowed him to work with XKEYSCORE to monitor suspicious activities of hostile cyber actors on the infrastructure of the internet. (p. 277)


Dual-hat authority

Another and more specific reason was given in an interview from June 24, 2013 with the South China Morning Post (SCMP) in which Snowden said that he took the new job because: "My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked".

Later, Snowden explained that in his opinion "we’ve crossed lines. We're hacking [Chinese] universities and hospitals and wholly civilian infrastructure rather than actual government targets and military targets." It was to get access to this kind of information that he took the new job, which "gave him rare dual-hat authority covering both domestic and foreign intercept capabilities".

That "dual-hat" also allowed Snowden to find out whether "vast amounts of US communications were being intercepted and stored without a warrant, without any requirement for criminal suspicion, probable cause, or individual designation."

In his new job he continued copying internal NSA documents (maybe he could still use his previous sysadmin priviliges?), but to actually exfiltrate them, he had to return after hours to his old desk with the thin-on-thick computer at the Kunia Tunnel - according to the HPSCI-report.


By-catch conversations

According to Greenwald's book No Place to Hide, Snowden had an even bigger goal in mind when he applied for the job as an infrastructure analyst: the raw surveillance repositories of the NSA. "He took a pay cut to get that job, as it gave him access to download the final set of files he felt he needed to complete the picture of NSA spying."

He succeeded and handed the files over to Barton Gellman from The Washington Post, which in July 2014 reported on these ca. 22,000 collection reports from 2009 to 2012, which contained roughly 160,000 intercepted e-mails and instant-messages. Analysis showed that they came from more than 11,000 accounts, while 9 out of 10 account holders were not the intended targets and nearly half of them Americans.

These online conversations were intercepted through PRISM and Upstream, which is targeted collection, but in Snowden's view it clearly crossed the line of proportionality. In The Post he said that such a "continued storage of data of innocent bystanders in government databases is both troubling and dangerous. Who knows how that information will be used in the future?"

The future danger is largely mitigated by the limited retention period of up to 5 years, but the fact that even this targeted collection leads to such a large amount of by-catch is one of the most problematic aspects of the NSA's operations. Therefore it's puzzling that Snowden doesn't mention this issue at all in his book, especially because The Washington Post's report is not widely known.



Witnessing abuses?

Before starting his new job, Snowden first had to attend a two-week training course at NSA headquarters. There, and during "the short stint I put in at Booz back in Hawaii, were the only times I saw, firsthand, the abuses actually being committed that I'd previously read about in internal documentation." (p. 279)

Here, one expects an explanation of these abuses, but as we will see, Snowden only presents some minor cases in which the NSA's collection system was misused by individual analysts, which doesn't even come close to an organization "in which malfeasance has become so structural as to be a matter not of any particular initiative, but of an ideology" as Snowden puts it. (p. 235)


XKEYSCORE

It's allegedly XKEYSCORE that enables these abuses, but it remains unclear whether Snowden actually has a good understanding of how this system works. At least his descriptions in the book are incomplete and misleading.

He says that by studying the technical specs he found out that XKEYSCORE works "by 'packetizing' and 'sessionizing,' or cutting up the data of a users' online sessions into manageable packets for analysis" - actually, 'sessionizing' means that the small IP packets in which internet communications travel are reassembled into a their original format for further analysis. (p. 278-279)



Diagram showing the dataflow for the DeepDive version of XKEYSCORE


Snowden describes the back end of XKEYSCORE as "an interface that allows you to type in pretty much anyone's address, telephone number, or IP address, and then basically go through the recent history of their online activity." He then says that he would have been able to type in the names of the NSA director or the US president. (p. 279)

He already claimed having such an "authority" in his very first video appearance on June 9, 2013, but afterwards, Glenn Greenwald had to admit that although such searches would not be legally permitted, they were technically possible.

The technical possibilities however are limited too, because in order to retrieve communications via XKEYSCORE, the NSA first has to have physical access to communication links that contain the target's traffic. Therefore it's definitely not the case that "Everyone's communications were in the system" as Snowden says. (p. 279)

What Snowden doesn't tell us is that the actual purpose of XKEYSCORE, and its unique capability, is finding files which are not associated with specific selectors so analysts can trace targets who are using the internet anonymously.


Intimate images

Snowden assumes that none of his new colleagues intended to abuse XKEYSCORE's capabilities, but if they would, then for personal rather than professional reasons. This led to what he calls "the practice known as LOVEINT [...] in which analysts used the agency's programs to surveil their current and former lovers". (p. 280)

It's rather exaggerated to call this a practice because in 2013, NSA Inspector General George Ellard reported that since January 2003, there had been 12 instances of intentional misuse of NSA collection systems. Of these 12 cases, only 8 involved current or past lovers or spouses, most of them foreigners and which were brought to light either through auditing controls or self-reporting.

Apparently more often, male analysts alerted each other of nude photos they found among target communications, "at least as long as there weren't any women around" - which may be one of the reasons that the NSA has adopted a strong diversity policy. (p. 280)

Snowden on the other hand was most touched by "the family stuff" and recalls how he saw a webcam recording of a little boy sitting in the lap of his father, an Indonesian engineer who had applied for a job at a research university in Iran "that was suspected of being related to a nuclear program or a cyberattack" and therefore became of interest to the NSA. (p. 281-282)

As unprofessional as some of his colleagues were by sharing nudes, Snowden seems to have had difficulty to keep a professional distance from his targets. The video with the boy reminded him so much of his own father that he, almost in shock, realized that he would probably never see his family again. (p. 282)



Daniel K. Inouye International Airport in Honolulu, Hawaii
(photo: hellochris/Wikimedia Commons - click to enlarge)


Leaving NSA Hawaii

In the weeks before leaving to Hong Kong, Snowden copied the last set of documents he intended to disclose and tried to decide in which country it would be best to meet Poitras and Greenwald. With Russia and China out of bounds, the elimination process left him with Hong Kong. (p. 283-284)

The final preparations he made "were those of a man about to die". He told his supervisor at Booz Allen that he needed a leave of absence of a couple of weeks for epilepsy treatment on the US mainland and he left his girlfriend a note saying that he was called away for work. (p. 283-284)

Then Snowden packed some luggage, including several thumb drives full of NSA documents, and four laptops: one for secure communications, one for normal communications, a decoy and one that he kept "airgapped". He left his smartphone at home, went to the airport and bought a ticket in cash for the next flight to Tokyo. There, he bought another ticket in cash and arrived in Hong Kong on May 20, 2013. (p. 285)


> To be continued!


Links & sources

- Emptywheel.net: Insurance File: Glenn Greenwald’s Anger Is of More Use to Vladimir Putin than Edward Snowden’s Freedom (May 21, 2021)
- Le Monde: Bug Brother: Pourquoi je préfère la BD sur Snowden à son autobiographie (Dec. 18, 2019)
- Emptywheel: Snowden Needs a Better Public Interest Defense, Part I - Part II (Nov.-Dec. 2019)
- Rolf's Blog: Review of Ed Snowden's "Permanent Record" (Oct. 10, 2019)
- The New York Review of Books: Snowden in the Labyrinth (Oct. 2019)
- Matthew Green: Looking back at the Snowden revelations (Sept. 24, 2019)
- The New Yorker: Edward Snowden and the Rise of Whistle-Blower Culture (Sept. 23, 2019)
- The New Republic: Edward Snowden's Novel Makeover (Sept. 17, 2019)
- Wired: After 6 Years in Exile, Edward Snowden Explains Himself (Sept. 16, 2019)
- The Guardian: Interview by Ewen MacAskill (Sept. 13, 2019)
- Der Spiegel: 'If I Happen to Fall out of a Window, You Can Be Sure I Was Pushed' (Sept. 13, 2019)
- House Permanent Select Committee on Intelligence: Review of the Unauthorized Disclosures of Former National Securitty Agency Contractor Edward Snowden (Sept. 15, 2016)
- Wired: Edward Snowden: The Untold Story (Aug. 2014)
- Vanity Fair: The Snowden Saga: A Shadowland of Secrets and Light (May 2014)


November 20, 2019

Leaked report reveals security risks at the Austrian security service BVT

(Updated: November 9, 2022)

A classified report that was published by an Austrian newspaper has revealed a range of security risks at the Austrian security service BVT, especially regarding its internal computer network.

The classified report was prepared by an investigation team from the SOTERIA group of the secretive Club of Berne, a cooperation platform in which almost all European domestic security services collaborate.


 

Austria's security service BVT

The Austrian security service is officially called Office for the Protection of the Constitution and Counterterrorism (German: Bundesamt für Verfassungsschutz und Terrorismusbekämpfung or BVT) and was created in 2002 by merging the Austrian state police with various special task forces against terrorism and organized crime.

The BVT came into a crisis after on February 28, 2018 Austrian police forces raided its headquarters, seizing large amounts of data. In August 2018, The Washington Post reported that European security services didn't trust their Austrian counterpart anymore, apparently because the Austrian interior minister Herbert Kickl from the far-right FPÖ party was too close to the Russian government.

On November 6, 2018, an Austrian newspaper published a leaked document showing that the Finnish secret service didn't want to share counter-intelligence information with BVT. In April 2019 it was reported that British and Dutch agencies also heavily restricted their intelligence sharing with the BVT. Because of these concerns, the BVT's participation in the working groups of the Club of Bern was postponed.



The headquarters of the Austrian security service BVT at the Rennweg in Vienna
(photo: Tokfo/Wikimedia Commons - click to enlarge)
   

Club de Berne (CdB)

The Club of Berne (French: Club de Berne, or CdB) is an intelligence sharing forum for the domestic security services of the 28 states of the European Union (EU) plus Norway and Switzerland and is named after the Swiss city of Bern, where it was probably founded.

The Club started in 1971 with nine members and is based on voluntary exchange of information, best practices, experiences and views as well as discussing problems related to counter-intelligence, counter-proliferation and cyber threats.

After the attacks of 9/11, the Club of Berne created the Counter Terrorism Group (CTG) which is specifically aimed at counter-terrorism. Since July 2016, the CTG has a platform for the real-time sharing of information about terrorism suspects and there's also a database which makes information about foreign fighters more easily accessible. The Dutch secret service AIVD hosts a collaboration center where analysts from 23 of the 30 CTG members can share and analyse intelligence information.



The security assessment

Now, a classified internal report from the Club of Berne about the internal security of the BVT has been leaked to the press. It was published on November 11, 2019 on oe24.at, the website of the Austrian newspaper ÖSTERREICH. They seemed to have received a copy of the 25-page report from an intelligence expert.

This isn't the first leak of intelligence information in Austria. Hardly noticed outside the German-speaking world was that in 2015, the Austrian member of parliament Peter Pilz published a range of highly sensitive documents about operation Eikonal, a cooperation between the NSA and the German BND for tapping fiber-optic cables of Deutsche Telekom.




Front page of the Club of Berne's security assessment of BVT
(click to enlarge)


Club of Berne's coat of arms

First, the leaked report shows that the Club de Berne has its own coat of arms and that its SOTERIA group has its own logo - both are on the front page of the report.

The Club of Berne coat of arms has a latin cross in red, with in three of the four quarters nine white stars on a green background. The fourth quarter is a variation on the coat of arms of Bern, with a walking bear.

It's likely that the white stars stand for the members of the Club of Berne, which started with nine members in 1971. It's not clear why there are just 27 stars, whereas, as far as we know, the Club has 30 members.


SOTERIA group's logo

Next to the coat of arms is the logo of the SOTERIA group. As indicated by the circle in an ancient decorative pattern, this group is named after Soteria, the Greek goddess or spirit of safety and salvation, deliverance, and preservation from harm. As we will see below, the networks and databases of the Club of Berne also have names from Greek mythology.

Given the topic of the report, the SOTERIA group is apparently responsible for internal security of the Club. It may not have been the intention, but the coat of arms with the big red cross, especially in combination with the Soteria-logo actually look quite esoteric.




The assessment team

The inspection of the BVT was conducted by an assessment team that visited the BVT headquarters at Rennweg 93 in Vienna on February 13, 2019. The team consisted of the following members:
- Team Leader, from the British MI5
- Team Coordinator, also from the British MI5
- Personnel security expert, from the Swiss Federal Intelligence Service (FIS) and the German Federal Security Service BfV
- Cyber security expert, from the Latvian State Security Department VSD
- Physical security expert, again from the British MI5

Deficiencies of BVT's network

During their inspection, the assessment team found a remarkable number of deficiencies. The main risk was that the BVT had just one single computer network, which was not accredited to handle and store any level of classified information.

This internal network also had connections to the public internet, which not only raised a threat to its own classified information, but also to that from the Club of Berne and to classified information of the other members of the Club. This is shown in one of the diagrams from the security assessment report:




From this diagram we learn that the computer network of the Club of Berne is called POSEIDON and that members of the Club are connected to it in various ways:

- A Voice-over-IP (VoIP) and Video Teleconferencing (VTC) capability.

- A terminal for access to the NEPTUNE network, which is accredited for classified information up to Secret and "may be used for future communications with Club members". The terminal has no connections with other networks, but data may be transferred between the NEPTUNE network and the BVT's internal network using "USB over airgap". This implies a security risk, but according to the investigators, it was "carried out by the assigned personnel in compliance with established procedures."

- A terminal for access to the PHOENIX database of the Counter Terrorism Group (CTG), which, according to the diagram, is a stand-alone machine with no connections to the BVT's network.

- Finally, yet another stand-alone terminal for NEPTUNE "web services".

Update:
The Dutch security service BVD participated in the Technical Working Group of the Club Communication Committee since 1971. Initially, the Dutch part of the NEPTUNE network was just an encrypted teletype connection that was managed by the BVD-verbindingscentrum. This NEPTUNE network existed in its original form for quite some time, but eventually the Automatiseringsafdeling of the BVD started to develop a secure data communication system.


With at least three computer terminals for the network of the Club of Berne alone, one can imagine how many different terminals there must be at intelligence and security services that also participate in other intelligence sharing groups, like the SIGINT Seniors Europe (14-Eyes).



Three pages from the SOTERIA group security assessment of the BVT
(screenshots from oe24.at - click to enlarge)


Even more security risks

The security assessment report by the SOTERIA group identifies even more security risks. The BVT allowed its employees to take mobile phones or laptops in areas where classified information up to Secret is handled, so everyone could take photos of classified documents and bring them to the outside.

Another issue was that the BVT was using four antivirus programs and one of them was developed by the Russian company Kaspersky Lab. Other intelligence services, like those in the Netherlands, decided to remove this software from their systems already in May 2018, because the risk of espionage was deemed too high.

Regarding the personnel of the BVT, the assessment says: "The security vetting is repeated every three years and may theoretically result in the revocation of the security clearance. This has, however, never happened so far." Employees could also travel to countries with "aggressive intelligence organisations" without having to report that, something that is mandatory at many other agencies.

The headquarters building of the BVT was also not very well secured: although the windows on the ground floor were barred, those on the upper floors could be opened without triggering an alarm. This also applied to the fire exit doors. Finally, there are about 100 security cameras on the building, but there were only two officials to watch them on just two screens.



Security cameras at the BVT headquarters building
(screenshot from oe24.at)


Update:
On November 12, 2020 it was announced that the BVT will be split into a federal police and a national security branch, this to prevent that intelligence from foreign partners ends up in criminal cases. The national security branch will be enlarged and modernized.


Links & sources
- about:intel: The Club de Berne: a black box of growing intelligence cooperation
- oe24.at: Wer trägt die Schuld am BVT-Chaos? (Nov. 19, 2019)
- oe24.at: Alarm: Verfassungsschutz BVT steht total blamiert da (Nov. 11, 2019)
- Swissint.ch: Die Nachrichtendienste und ihre geheimen Klubs: Ein Einblick in die unbekannte Seite der Antiterrrorkooperation in Europa (Oct. 29, 2018)
- The Washington Post: Austria’s far-right ordered a raid on its own intelligence service. Now allies are freezing the country out. (Aug. 17, 2018)


November 11, 2019

Review of Snowden's book Permanent Record - Part I: At the CIA

(Updated: December 27, 2019)

More than 6 years after the first disclosure of Top Secret documents from the NSA, after numerous video appearances and more than 4000 tweets, Edward Snowden has now written an autobiography. It's titled Permanent Record and was published simultaneously in over 20 countries on September 17.

Here I will provide an extensive discussion of this book, in which I will focus on what Snowden shares about his experiences with Signals Intelligence and Communications Security. I will also fill in some gaps by adding details from other sources like the official report by the House Permanent Select Committee on Intelligence (HPSCI) from 2016.




 


The book in general

Permanent record isn't a very coherent book as it combines Snowden's coming-of-age story with a civil liberties and anti-surveillance manifesto. Only in between we learn something about the NSA's interception capabilities, but without any new revelations like those from the years after June 2013.


Manifesto

It seems that for Edward Snowden the manifesto was the most important part of his book. Already shortly after he had arrived in Hong Kong, Snowden asked Micah Lee from the Electronic Frontier Foundation (EFF) to help build a website to publish an anti-surveillance manifesto along with a petition that people could sign. Snowden also choose the domain name www.supportonlinerights.com but eventually the site wasn't launched.



Micah Lee's design for the petition website, with the US Declaration
of Independence as a placeholder for Snowden's manifesto
(source - click to enlarge)


Among the first NSA documents that Snowden had sent to Glenn Greenwald was also a copy of his manifesto. In his book No Place to Hide Greenwald considered it "dramatic and severe" and he feared the editors of The Guardian would think it came from someone unstable, but they said: "ultimately, the documents are what matters, not him or his motives for giving them to us".

The problem, however, is that Snowden continued to speak out, so his motive, his fear for unrestricted global mass surveillance, shaped the public narrative even when his claims were not or just partly supported by what's in the original documents.

Ultimately, Snowden's manifesto was never published, but large parts of it may have found their way into his book. What signals this is the date of its release: September 17, which is Constitution Day in the United States. But according to his American lawyer Ben Wizner, Snowden was eventually "persuaded that people would be much more interested in his story than in his manifesto" and so he got the help of novelist Joshua Cohen.


Bildungsroman

Over the course of eight months, Cohen traveled to Russia to shape the book into a Bildungsroman, a literary genre that focuses on the psychological and moral growth from youth to adulthood. A review for The New Republic says: "Both Cohen’s and Snowden’s gregariousness can shade into garrulousness; their writing and speech teem with grandiosity and introspection."

They also seem to have in common that they confuse fact and fiction, especially when it's about mass surveillance: it's often not clear whether something is an existing situation, or whether it's something that might happen in the future. This already starts on page one, when Snowden says: "I helped make it technologically feasible for a single government to collect all the world's digital communications, store them for ages, and search through them at will."


Incomplete

Another deficiency of Permanent Record is that quite a number of things from Snowden's life and his (short) career in the Intelligence Community that we know from other sources are not mentioned in it, including some unanswered questions.

The book also provides a very limited and one-sided picture of the NSA because it doesn't explain that this is a military intelligence agency which spends much of its time supporting military operations and is therefore not solely trying to simply collect as much data as possible from ordinary citizens.

Another issue, not only in the book, but also in Snowden's numerous speeches and interviews, is that he constantly conflates (foreign) intelligence and (domestic) law enforcement. The latter brings people to justice who already committed a crime, the first gathers information for military and civilian decision makers in order to prevent damage to national security.


NoIndex

Permanent Record also lacks photos and, more importantly, an index, which makes it rather difficult to look things up. It almost looks as if Snowden didn't want to create metadata on the content, but the reason is probably more mundane, that is to say pushing people to buy the ebook too.

To compensate the lack of an index, everything that is derived from the book here will be followed by the relevant page numbers in gray.



The house in the Anne Arundel County neighborhood of Crofton, Maryland,
where Snowden lived with his parents from 1992 to 2001.
(photo: The Washington Post/Getty Images)
 

Snowden's early years

As most autobiographies, Permanent Record starts with a description of Snowden's youth, often a bit too detailed, which is somewhat in contrast to his contemplation that his generation was the last in American history for whom their childhood isn't digitally available in a cloud, but only in fragmented and analog ways. (p. 14)

For the young Ed, first the computer and then the early internet became a way to escape an often unfair society: he experienced that school is "an illegitimate system [that] wouldn't recognize any legitimate dissent" while computers were "consistent and fair, so unequivocally unbiased" compared to humans - an attitude that seems to explain much of his later actions and his strong faith in encryption. (p. 31, 52)


Clockwork Chihuahua

In 1998, at the age of 16, Snowden began working for Clockwork Chihuahua Studios, which in the book is called "Squirreling Industries". This was a small web design studio run from the house of its owner, which was at Fort Meade, the large military base where NSA headquarters are also located. It was there that Snowden learned of the 9/11 attacks and witnessed the chaos at the NSA compound. (p. 70-76)

Clockwork Chihuahua also maintained a website for anime fan art called Ryuhana Press, for which Snowden worked as a web editor from June 2002 to February 2004. This isn't mentioned in the book, aside from the fact that he was interested in anime and manga. The Internet Archive contains the old website of Ryuhana Press, including Snowden's profile, which combines facts and fiction:



Snowden's profile on the Ryuhana Press website (2002)
(source: Internet Archive - click to enlarge)


TheTrueHOOHA

When it comes to his early online activities, Snowden says that "Half the things I'd said I hadn't even meant at the time - I'd just wanted attention". But he didn't want to delete those old and embarrassing postings either: "I didn't want to live in a world where everyone had to pretend that they were perfect, because that would be a world that had no place for me or my friends." (p. 96-97)

One forum on which he posted between December 2001 and May 2012, was that of the website Ars Technica, first under the username The One TrueHooha, which he later changed to TheTrueHOOHA. As such, he bragged about his life in Switzerland for example, which didn't seem very smart given the fact that he was working there under diplomatic cover for the CIA (see below).


In an attempt to prove to himself that he was not just a "brain in a jar", Snowden wanted to join the US Army in 2004, but this failed due to an accident during a physical exercise. He says that his initial support for the war against Al-Qaida is now "the greatest regret of my life". But because he still wanted to serve his country, he turned to the intelligence agencies, which were desperately looking for IT people. (p. 81-82, 93)
 

Sysadmin at CIA headquarters

A short job as a night-shift security guard at the Center for the Advanced Study of Language (CASL), set up as a partnership between the University of Maryland and the Department of Defense, provided Snowden with a security clearance at the highest level: Top Secret/SCI. Through a specialized job fair he then became employed by one of the many intelligence contractors: "the CIA had hired BAE Systems, which had hired COMSO, which hired me." (p. 116-118)

In the book, Snowden says that he didn't remember the exact chronology of his job contracts because he doesn't have a copy of his résumé anymore: it was on one of his home computers seized by the FBI. Much of this is available online though, like on Wikipedia or from this detailed timeline.

Snowden's first contractor job at the CIA was from November 2005 to August 2006. His workplace, a secure office called a "vault", was in "a grimy cinder-block-walled room with all the charm of a nuclear fallout shelter and the acrid smell of government bleach" in the basement of the New Headquarters Building (NHB) of the CIA in McLean, Maryland. (p. 114-121)

This NHB was opened in 1991 and is located right behind the Old Headquarters Building (OHB) from 1961 which can be seen in numerous films, television series and documentaries:



The CIA's New Headquarters Building (NHB), where Snowden worked from 2005-2006
Right behind it we see the Old Headquarters Building (OHB)
(click to enlarge)


Snowden describes how his team of contractors was attached to the CIA's Directorate of Support (DS), which among many other things, maintains the agency's computer servers. Half of the servers at the CIA headquarters were in the OHB, while the other half was in the NHB, both set up on the opposite sides of their buildings, minimizing the risk of being destroyed at the same time. (p. 125)

The CIA also had its peculiarities: Snowden recalls a colleague who appeared to be one of the very few who still knew how to maintain a tape recorder for the agency's Directorate of Operations (DO), which didn't trust modern servers and therefore wanted backups on magnetic tapes, which were stored in a safe. (p. 129-131)

According to the HPSCI-report Snowden was responsible for managing installations and application rollouts, which apparently required that he was "read into" SIGINT and HUMINT classification compartments as well as a COMSEC compartment "that allowed me to work with cryptographic key material". (p. 125)


Curiosity

Here at CIA, Snowden already started to do what would eventually lead to his massive data-theft at the NSA. After he moved to the quiet night shifts he tried to automate as many of his dull tasks as possible so he had a lot of time for himself. (p. 127-131)

He used this time to look for information both on the public internet and on the CIA's internal networks. He called this his "education", which would be nice in most other working places, but not at an intelligence agency, where you are only supposed to read things that you "need-to-know".

On the CIA's internal networks Snowden found hardly anything noteworthy: nothing about aliens or a 9/11 conspiracy and the agency's internal reports were often "very similar to the accounts that would eventually show up on network news, CNN, or Fox days later. The primary differences were merely in the sourcing and the level of detail." (p. 132-133)


Snowden had managed to get into the Intelligence Community, but he wanted to see more of the world and so he applied for a CIA tech job abroad. He changed his green badge for a blue badge, which means he went from contractor to government employee, and as such he "solemnly swore to support and defend the Constitution of the United States against all enemies, foreign and domestic." (p. 132-135)
 

Training at The Hill

His new job at the CIA was that of a Technical Information Security Officer (TISO), for which Snowden first had to attend the Basic Telecommunications Training Program (BTTP). For him, this took place from September 2006 to February 2007 at the Warrenton Training Center (WTC) in Virginia, nicknamed The Hill.

This facility was disguised as a training center for the State Department, but is also used by the CIA and not just for training purposes as it also serves as the heart of the CIA's global communications network:
"One drill involved lugging the "off-site package," which was an eighty pound suitcase of communications equipment that was older than I was, up onto a building's roof. With just a compass and a laminated sheet of coordinates, I'd have to find in all that vast sky of twinkling stars one of the CIA's stealth satellites, which would connect me to the agency's mothership, its Crisis Communications Center in McLean - call sign "Central"- and then I'd use the Cold War-era kit inside the package to establish an encrypted radio channel." (p. 143)




Insubordination

In his memoir, Snowden describes how his class mates at the Warrington Training Center complained about violations of federal labor laws and asked him to write an e-mail about it to the head of the school. He was told to let it go, but he couldn't and sent a second e-mail, this time to the director of the Field Service Group (FSG), and also to his boss. (p. 145-146)

He was then summoned to the office of the head of the school, where his superiors were also present. They told Snowden that his e-mail was regarded as an act of insubordination because he did not follow the chain of command. He saw it as a retaliation that he was then sent to Geneva - instead of to the Special Requirements Division (SRD) which serves the more dangerous CIA sites, like he had wanted. (p. 146-148)

This issue is also part of the HPSCI-report, which specifies that Snowden had sent his concerns to the "Deputy Director of CIA for Support - the head of the entire Directorate of Support" and adds that after the meeting with the superiors, he contacted the agency's Inspector General (IG) seeking guidance because he felt he was "being unfairly targeted" by his supervisor.

He told the IG that his superiors were "extremely hostile" and "seem[ed] to believe I have trouble bonding with my classmates". He wanted the IG to help protect him from "reprisal for speaking truth to power". Like similar things from the HPSCI-report, this correspondence with the CIA's IG is not mentioned in Permanent Record.

When this report was declassified in December 2016, Snowden said on Twitter that it was "rifled with obvious falsehoods", but instead of correcting things, the book completely ignores the HPSCI-report, just like many other facts that emerged after the start of the revelations in June 2013.
 

TISO at the CIA in Geneva

Edward Snowden's first job abroad was at the CIA station inside the permanent US mission to the United Nations in Geneva, Switzerland, where he worked as a Telecommunications Informations Systems Officer (TISO) from March 2007 to January 2009.

According to the book, a TISO works under diplomatic cover, usually as an attaché (Snowden's alias was Dave M. Churchyard), and is responsible for maintaining and repairing all the technical facilities at CIA stations abroad. The largest stations have 5 of them, larger ones maybe 3, but most stations only have one such technician. (p. 139-140)

In his book No Place to Hide, Glenn Greenwald says that Snowden "was considered the top technical and cybersecurity expert in Switzerland, ordered to travel throughout the region to fix problems nobody else could. He was hand-picked by the CIA to support the president at he 2008 NATO summit in Romania." Neither of this is in Snowden's book, which also doesn't mention that he worked at the CIA station in Milan for a couple of days.



The United States mission to the United Nations in Geneva, Switzerland,
where Snowden worked from March 2007 to February 2009
(image: Google Maps - click to enlarge)


Another incident described in the HPSCI-report but not in Permanent Record is that a "few months after starting in [Geneva], Snowden asked to apply for a more senior position in [Brussels] as a regional communications officer. [...] When he was not selected for that job, Snowden responded by starting a controversial e-mail exchange with very senior officers in which he questioned the selection board's professional judgment."

Something that Snowden was more eager to share is how he found out that the CIA had no workable method for anonymous searches on the public internet, so he taught the agency's rather old-fashioned case officers to use the Tor network. (p. 154-156)

Later he says that he had also been "introduced to the Tor Project in Geneva", which could point to early contacts with hacktivists. Since then Snowden used the Tor browser not only for his private web browsing, but also to do his professional work from home. Even when this was just for his unclassified work as a Dell consultant (see below), his employer may not have liked it. (p. 209)


The Swiss banker story

For their traditional HUMINT operations, the CIA's case officers often went to social events and on some occasions they let Snowden accompany them because he could be useful for contacting potential targets from research centers like CERN. It was at such an event that he became involved in the Swiss banker story, which was first described by The Guardian on June 9, 2013.

According to The Guardian, the CIA tried to recruit a Swiss banker to obtain secret banking information. This was achieved by purposely getting the banker drunk and encouraging him to drive home in his car. "When the banker was arrested for drunk driving, the undercover agent seeking to befriend him offered to help, and a bond was formed that led to successful recruitment."

This story was received with scepticism and Swiss president Maurer stated "This would mean that the CIA successfully bribed the Geneva police and judiciary. With all due respect, I just can't imagine it." The Swiss police couldn't find any evidence for the story either.



A view of the city of Geneva and the lake in 2005
(photo via Wikimedia Commons - click to enlarge)


In Snowden's memoir, the story is less spectacular. First it wasn't a Swiss, but a Saudi private banker. Also, there was no bribing of Swiss officials: after the CIA officer wasn't able to recruit the banker by the usual means, he made a final move by letting him drive home drunk and get the Swiss police to arrest him.

The help offered by the case officer consisted of nothing more than lending the banker money to pay the high fine and driving him to work for some time. Eventually (and contrary to The Guardian's report) all of this didn't result in recruiting the banker as he refused to cooperate. He lost his job and had to return to Saudi Arabia. (p. 157-160)

According to The Guardian, Snowden said that "Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world" but the book gives no clear substantiation for that. Snowden describes the operation to recruit the banker merely as a waste, after which "the prioritizing of SIGINT over HUMINT made all the more sense to me". (p. 160-161)


First concerns in Geneva?

The Swiss banker story isn't in the HPSCI-report, but it does say that several years after Snowden left the CIA, he "claimed that, while in [Geneva] he had ethical qualms about working for CIA. None of the memoranda for the record detailing his numerous counseling sessions mention Snowden expressing any concerns about [redacted]."

Greenwald's book says that it was "at the end of his stint in Geneva, that he first began to contemplate becoming a whistle-blower and leaking secrets that he believed revealed wrongdoing." Snowden didn't act at that time, first because he hoped that the election of Obama would change things, and secondly because "When you leak the CIA's secrets, you can harm people" but "when you leak the NSA's secrets, you only harm abusive systems."

In Oliver Stone's biographical thriller we see how the fictional Snowden already became concerned about the NSA's surveillance tools after an NSA hacker in Geneva, supporting the (fictionalized) operation to recruit a banker, showed him how intrusive the XKEYSCORE system was (although the examples were also from PRISM and Section 215).

In Permanent Record there's only a more realistic encounter: when he spoke to local personnel of the Special Collection Service (SCS, consisting of NSA and CIA officers specialized in intercepting the hardest targets), one of them told Snowden that when he would meet a potential target he should "just give us his email address and we'll take care of it". (p. 160)

In line with that, Snowden emphasizes that "the obvious [NSA being engaged in mass surveillance] didn't even become thinkable for me until some time after I moved to Japan in 2009 to work for the NSA". (p. 164)



A scene from Oliver Stone's movie in which NSA hacker Gabriel Sol
shows Snowden the NSA's surveillance capabilities
(click to enlarge)


Resignation from the CIA

According to the HPSCI-report, Snowden requested to leave Geneva in September 2008, but because this was before the scheduled rotation date, it was denied. "Disobeying orders, Snowden traveled back to the Washington, D.C., area for his and his fiancée's medical appointments. Because of his disobedience, Snowden's supervisors recommended he not return to [FSG service?]."

In January 2009, the CIA eventually assigned him to a position in the Washington, D.C. area so he could be available for any medical appointments. Snowden officially resigned from the CIA on April 16, 2009, after which the agency's Security Office updated his record in Scattered Castles, the central database of security clearance holders for the US Intelligence Community.

The report suggests that the CIA put a red flag or some derogatory information in Snowden's record, which the NSA Security Office missed when it had accessed the database 3 weeks earlier to verify Snowden's security clearance - because meanwhile he had applied for a systems administrator job with NSA contractor Perot Systems.

Nothing of the above is in Snowden's book. The only reason he gives for his job change is that his new job "was a dream job, not only because it was with the most advanced intelligence agency on the planet, but also because it was based in Japan, a place that had always fascinated Lindsey and me." (p. 164-165)



> Snowden's jobs at the NSA will be discussed in Part II
 

Solutions consultant for the CIA

In September 2010, Edward Snowden returned to Maryland, where he got a new job at Dell, the company for which he had already worked at the NSA facility in Japan since August 2009. In his memoir, Snowden says that someone had convinced him that he should shift to the sales side of Dell, where he could make much more money.

His new job title was solutions consultant and as such he was the technical adviser to the account manager who had to sell as much of Dell's equipment and expertise to the CIA as possible, especially its cloud computing system. (p. 189)

Once again, the HPSCI-report has a different version and says that Dell tried to move Snowden to a position where he would support IT systems at the CIA. But because of the remark in the Scattered Castles database, the CIA refused to grant him access to classified information.

Therefore, Dell put Snowden on leave for three months while waiting for a position that did not require a security clearance to open up. Eventually, one did and in December 2010, Snowden started to work in an uncleared "systems engineer/pre-sales technical role" for Dell's CIA contract.


Epilepsy

One of the more personal things revealed in Permanent Record is how Snowden found out he has epilepsy, which was diagnosed somewhere in the Summer of 2011: "I felt defeated. The two great institutions of my life had been betrayed and were betraying me: my country and the Internet. And now my body was following suit." (p. 199-201)

Because of the epileptic seizures, Snowden had to take a disability leave from Dell and the HPSCI-report specifies that this was from August 31, 2011, to January 11, 2012: "His Dell co-workers offered conflicting accounts of how he spent his leave" which is followed by a sentence that is redacted, maybe to protect details of his medical situation.


Tor bridge relay

While Snowden was bound to his couch he witnessed and was moved by the Arab Spring, which resulted in reflections on the concepts of authoritarianism and privacy. He also wanted to help the protesters, but the only thing he could do was setting up a bridge relay for the Tor network to bypass the Iranian internet blockades. (p. 205-210)

This probably refers to the events from February 2012, when the Iranian government blocked Internet access to sites like Facebook, Twitter, and other foreign sites. It's not clear why Snowden chose to help Iranian dissidents as during the Arab Spring, internet access was blocked or limited in other countries too.

According to the weblog emptywheel, setting up the Tor bridge relay would require contact with the Tor developers, one of whom was Jacob Appelbaum. This means Snowden could have been in contact with a rather radical hacktivist already before he started his job at the NSA in Hawaii.
Update:
Appelbaum was indeed involved in helping Arab Spring activists: in an interview with Democracy Now! from April 23, 2012, he said that he had to stop the "work that I've done around the world trying to help pro-democracy activists starting an Arab Spring, for example, because I present a threat, in some cases, to those people" (Appelbaum was targeted by US law enforcement because of his affiliation with Julian Assange).



> Continue: Part II


Links & sources

- Le Monde: Bug Brother: Pourquoi je préfère la BD sur Snowden à son autobiographie (Dec. 18, 2019)
- Emptywheel: Snowden Needs a Better Public Interest Defense, Part I - Part II (Nov.-Dec. 2019)
- Rolf's Blog: Review of Ed Snowden's "Permanent Record" (Oct. 10, 2019)
- The New York Review of Books: Snowden in the Labyrinth (Oct. 2019)
- Matthew Green: Looking back at the Snowden revelations (Sept. 24, 2019)
- The New Yorker: Edward Snowden and the Rise of Whistle-Blower Culture (Sept. 23, 2019)
- The New Republic: Edward Snowden's Novel Makeover (Sept. 17, 2019)
- Wired: After 6 Years in Exile, Edward Snowden Explains Himself (Sept. 16, 2019)
- The Guardian: Interview by Ewen MacAskill (Sept. 13, 2019)
- Der Spiegel: 'If I Happen to Fall out of a Window, You Can Be Sure I Was Pushed' (Sept. 13, 2019)
- House Permanent Select Committee on Intelligence: Review of the Unauthorized Disclosures of Former National Securitty Agency Contractor Edward Snowden (Sept. 15, 2016)
- Wired: Edward Snowden: The Untold Story (Aug. 2014)
- Vanity Fair: The Snowden Saga: A Shadowland of Secrets and Light (May 2014)


In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties