(Updated: October 31, 2023)
In March 2019, The Intercept shut down access to the Snowden documents both for internal and external research. But where are these files in the first place, and what should be their future destination? During a podcast interview, Snowden himself commented on this issue as well.
Screenshot from a Brazilian television report, showing some of the Snowden files
opened in a TrueCrypt window on the laptop of Glenn Greenwald.
(screenshot by koenrh - click to enlarge)
The Intercept
The Intercept is a website that was launched in February 2014 by Glenn Greenwald, Laura Poitras and Jeremy Scahill. It was the first digital magazine of First Look Media (FLM), a hybrid for-profit and non-profit media organization set up in October 2013 by eBay-founder Pierre Omidyar.
(Greenwald already came up with the idea for a dedicated website in June 2013 in case that The Guardian would not publish his first Snowden story)
The short-term mission of The Intercept was to "provide a platform and an editorial structure in which to aggressively report on the disclosures provided to us by our source, NSA whistleblower Edward Snowden."
For the long term, The Intercept wants to provide "aggressive and independent adversarial journalism across a wide range of issues, from secrecy, criminal and civil justice abuses and civil liberties violations to media conduct, societal inequality and all forms of financial and political corruption."
External research
For its short-term mission, The Intercept had a special team of several researchers to maintain and examine the Snowden files in a secure way. Initially, documents were only published alongside the articles written by Glenn Greenwald, Jeremy Scahill, Ryan Gallagher and other reporters.
In May 2016, The Intercept also began publishing NSA documents in bulk, starting with all editions of SIDtoday, the internal newsletter of the NSA's Signals Intelligence division, which are available from 2003 to 2012. So far, a total of 1861 editions have been published in seven batches. It's not clear whether this series will be completed.
Update: On May 29, 2019, The Intercept published an eighth and final batch consisting of 287 SIDtoday articles from late 2006, bringing the total to 2148 editions of this newsletter.
Also in may 2016, it was decided to "invite outside journalists, including from foreign media outlets, to work with us to explore the full Snowden archive", to begin with journalists from the French newspaper Le Monde:
"Le Monde worked directly, during several days, in collaboration with The Intercept, on the Edward Snowden archive given to Glenn Greenwald and Laura Poitras: tens of thousands of documents exfiltrated by the former agent from the NSA servers, and safely stored by The Intercept."
As a result of this collaboration, Le Monde published a series of six articles in December 2016, mainly about GCHQ spying operations against Israel and in Africa. It seems there have been no similar collaborations with other foreign journalists.
The decision
With its first mission apparently accomplished, The Intercept will now move forward with its long-term mission: "For five years, the company expended substantional resources to continue to report on the Snowden archive, but The Intercept has now decided to focus on other priorities" - according to First Look Media CEO Michael Bloom.
How this decision was made can be learnt from a reconstruction made by Barrett Brown, which includes a timeline written by Laura Poitras:
On Tuesday March 12, on a phone call with Glenn [Greenwald] and the CFO, I am told that Glenn and Betsy [Reed, editor-in-chief of The Intercept] had decided to shut down the archive because it was no longer of value to The Intercept. This is the first time I am heard about the decision. On the call, Glenn says we should not make this decision public because it would look bad for him and The Intercept. I objected to the decision. I am confident the decision to shut the archive was made to pave to fire/eliminate the research team.
The next day, March 13, Poitras sent an e-mail to Michael Bloom saying she was "sickened" and in a memo she called on the board to review the decision: "This decision and the way it was handled would be a disservice to our source, the risks we’ve all taken, and most importantly, to the public for whom Edward Snowden blew the whistle."
This e-mail was leaked to the news website The Daily Beast, which reported about it the same day. This was likely the way how Edward Snowden heard of it, as in the Motherboard podcast interview from April 22 he said that he learnt about The Intercept's decision from the news.
On March 14, Snowden was called by Laura Poitras: "He had not been informed by Glenn or Betsy about their decision to shut down the archive. I apologize to him."
Updates:
On October 29, 2020, Glenn Greenwald resigned from The Intercept, saying that his editors conducted political censorship by preventing him from reporting on allegations concerning Joe Biden's conduct with regard to China and Ukraine. Editor-in-chief Betsy Reed disputed this and accused Greenwald of presenting dubious claims by the Trump campaign as journalism.
On November 30, 2020, The Intercept fired Laura Poitras, according to her account because she criticized how the organization failed to protect Reality Winner, who provided The Intercept with an NSA document about Russian hacking operations. According to First Look Media, however, Poitras' contract wasn't renewed after she "decided to step away from her role at the company to pursue her own projects" and had "not been active in any capacity with our company for more than two years."
On October 29, 2020, Glenn Greenwald resigned from The Intercept, saying that his editors conducted political censorship by preventing him from reporting on allegations concerning Joe Biden's conduct with regard to China and Ukraine. Editor-in-chief Betsy Reed disputed this and accused Greenwald of presenting dubious claims by the Trump campaign as journalism.
On November 30, 2020, The Intercept fired Laura Poitras, according to her account because she criticized how the organization failed to protect Reality Winner, who provided The Intercept with an NSA document about Russian hacking operations. According to First Look Media, however, Poitras' contract wasn't renewed after she "decided to step away from her role at the company to pursue her own projects" and had "not been active in any capacity with our company for more than two years."
The reason
Given that firing The Intercept's research team saves only 1.5% of First Look Media's non-profit budget, some people suspected that there may be other reasons for shutting down the Snowden archive. Pierre Omidyar, for example, could have preferred to keep his good relations with the US government.
Michael Bloom however says that the remaining documents aren't interesing enough anymore, and points to the fact that other major media outlets "ceased reporting on it years ago. Many decided that the resources required to continue to work on the archive were not justified by the journalistic value the remaining documents provide, as those documents have aged."
In 2013, The Guardian, The Washington Post and Der Spiegel each had between 10 and 30 reports based upon the NSA files, but that number declined to just a few in 2015 and since 2016 it was basically only The Intercept that continued with new reports, but these were mainly background stories without significant revelations.
Copies of the Snowden files
The actual number of documents that Snowden took away from the NSA is still unclear and disputed. According to the 2016 report from the US House Intelligence Committee, he removed more than 1.5 million documents from two classified intelligence networks: NSANet and JWICS.
(Strangely enough, the House Intelligence report says that JWICS stands for "Joint Warfighter Information Computer System" while the actual name of the network is Joint Worldwide Intelligence Communications System)
Glenn Greenwald said that the number of 1.5 million was "pure fabrication" and he could probably agree with former NSA director Keith Alexander who in November 2013 estimated that Snowden had exposed only between 50,000 and 200,000 documents.
Full copies of the files
As far as we know, complete sets of these documents are/were in the hands of:
- Glenn Greenwald (received from Snowden in Hong Kong)
- Laura Poitras (received from Snowden in Hong Kong)
- Laura Poitras (received from Snowden in Hong Kong)
Greenwald and Poitras agreed that no one other than they would ever have access to the full set of documents. And to "keep media organizations on a leash" they would only provide them with files and information on a story-by-story basis.
Four other people also received copies of the full archive, because on May 10, 2013, so more than a week before he left Hawaii, Snowden had sent backup copies of the NSA files in postal packages to four individuals:
- Jessica Bruder in New York, who had her package hidden by Dale Maharidge in North California
- Trevor Timm of the Freedom of the Press Foundation (of which Snowden became board member in 2014 and president in 2016)
- One person who wants to remain anonymous
- One unknown person
- Trevor Timm of the Freedom of the Press Foundation (of which Snowden became board member in 2014 and president in 2016)
- One person who wants to remain anonymous
- One unknown person
The existence of these packages, which was only revealed in May 2017, confirms the story from late June 2013 about a "doomsday cache" which Glenn Greenwald said was Snowden's Plan B.
According to Greenwald, the people holding the backup files "cannot access them yet because they are highly encrypted and they do not have the passwords." But "if anything happens at all to Edward Snowden, he told me he has arranged for them to get access to the full archives."
During a television interview shortly afterwards, Greenwald said that backup copies might also be somewhere out on the internet, but given Snowden's fear of putting sensitive things online that may have been a slip of the tongue, or deliberately deceiving.
Update:
According to Barton Gellman's book Dark Mirror, Snowden initially said that the idea of a cache of documents to be released in case he was killed was a "stupid revenge narrative" but after some pressure, he eventually said that he had "prepared an archive of additional documents in an encrypted container. He did not share the key with anyone. That container was filled with files that he had not had time to organize. They might be even more sensitive than the others." Snowden devised a system in which the decryption key was split and shared among Gellman, Greenwald and Poitras, so that only all three could open the dead man archive. But Snowden got doubts and in the end he did not activate the mechanism and destroyed the key for the extra container.*
Gellman's book doesn't mention the backup copies sent in postal packages.
According to Barton Gellman's book Dark Mirror, Snowden initially said that the idea of a cache of documents to be released in case he was killed was a "stupid revenge narrative" but after some pressure, he eventually said that he had "prepared an archive of additional documents in an encrypted container. He did not share the key with anyone. That container was filled with files that he had not had time to organize. They might be even more sensitive than the others." Snowden devised a system in which the decryption key was split and shared among Gellman, Greenwald and Poitras, so that only all three could open the dead man archive. But Snowden got doubts and in the end he did not activate the mechanism and destroyed the key for the extra container.*
Gellman's book doesn't mention the backup copies sent in postal packages.
There are also people who have not been in possession of any documents, but who were temporarily granted full access to the whole cache, like James Bamford, The Intercept's research team and some others.
Glenn Greenwald working with the Snowden files outside his house in Rio de Janeiro
(screenshot from a television report by Fantastico)
Partial copies of the files
Besides the complete sets of Snowden files, there are several parties that keep, or have kept partial copies:
- The Guardian (received from Snowden by Ewan MacAskill)
- ProPublica (received from The Guardian)
- The New York Times (received from The Guardian)
- The Washington Post (received from Snowden by Barton Gellman)
- Der Spiegel (received from Laura Poitras)*
- ProPublica (received from The Guardian)
- The New York Times (received from The Guardian)
- The Washington Post (received from Snowden by Barton Gellman)
- Der Spiegel (received from Laura Poitras)*
Updates:
According to Barton Gellman's book Dark Mirror, Snowden provided him and Laura Poitras the keys to an encrypted archive of documents called "Pandora" on May 21, 2013. Pandora was encrypted in TrueCrypt format and contained another archive in TrueCrypt format called "Verax". Within Verax there was a third vault called "Journodrop" which was an encrypted, compressed archive in 7z format. Gellman says that the Pandora archive was 8 gigabytes and contained over 50,000 separate documents, all neatly organized in folders.*
Laura Poitras gave Glenn Greenwald a copy of the Pandora archive just before they boarded their flight to Hong Kong on June 1. There, Greenwald, Poitras and Ewan MacAskill received additional files from Snowden.*
According to Ewan MacAskill, Snowden gave him "a memory stick. I expected it to contain one or two examples; instead, it stored tens of thousands of documents, covering both the NSA and GCHQ. These were to form the basis for subsequent reporting by The Guardian, The New York Times, and ProPublica, which became partners in investigating and publishing the story."
In November 2023, MacAskill said that a copy of the documents provided to The Guardian is still locked in the New York Times office and that The Guardian still retains responsibility for them.
In 2016, after she had moved back to New York, Laura Poitras built a secure room to house the Snowden documents, according to security expert Bruce Schneier.
According to Barton Gellman's book Dark Mirror, Snowden provided him and Laura Poitras the keys to an encrypted archive of documents called "Pandora" on May 21, 2013. Pandora was encrypted in TrueCrypt format and contained another archive in TrueCrypt format called "Verax". Within Verax there was a third vault called "Journodrop" which was an encrypted, compressed archive in 7z format. Gellman says that the Pandora archive was 8 gigabytes and contained over 50,000 separate documents, all neatly organized in folders.*
Laura Poitras gave Glenn Greenwald a copy of the Pandora archive just before they boarded their flight to Hong Kong on June 1. There, Greenwald, Poitras and Ewan MacAskill received additional files from Snowden.*
According to Ewan MacAskill, Snowden gave him "a memory stick. I expected it to contain one or two examples; instead, it stored tens of thousands of documents, covering both the NSA and GCHQ. These were to form the basis for subsequent reporting by The Guardian, The New York Times, and ProPublica, which became partners in investigating and publishing the story."
In November 2023, MacAskill said that a copy of the documents provided to The Guardian is still locked in the New York Times office and that The Guardian still retains responsibility for them.
In 2016, after she had moved back to New York, Laura Poitras built a secure room to house the Snowden documents, according to security expert Bruce Schneier.
Being under threat from the British government, The Guardian rescued their set of documents by providing copies to The New York Times and the investigative journalism platform ProPublica, where they would be better protected under the First Amendment of the US constitution.
The Guardian's own set was eventually physically destroyed in front of GCHQ technicians on July 20, 2013:
Video showing the destruction of the laptop containing The Guardian's Snowden files
The German magazine Der Spiegel published a total of 89 documents from their share of the Snowden trove, including ones that were not disclosed as part of earlier reporting. A first set of 53 documents was released on June 18, 2014 and a second set of another 36 documents on January 17, 2015.
Besides the news outlets with their own partial copies, Greenwald and The Intercept also shared selected documents from the Snowden cache with teams of journalists of more than two dozen media outlets in as many different countries.
> It should be noticed that a range of highly classified NSA documents have been published which came from other sources than Edward Snowden; see: Leaked documents that were not attributed to Snowden.
Protection of the files
In order to protect the Snowden files, only brand new laptops with no connection to the internet are used to search, sort and read them. It's not clear whether the files themselves are also stored on these laptop computers, or only on removable storage devices, like a thumb drive or an SD card.
Update:
According to Barton Gellman's book Dark Mirror, the files he received from Snowden were stored on brand new laptops which had their usb-ports sealed, wi-fi and bluetooth hardware removed and the batteries disconnected. The data on these laptops were encrypted, with the keys stored on memory cards which were also encrypted and were never in the same room except when in use. The laptops were stored in a big and heavy safe bolted to the floor of a windowless room with a high-security lock and a video camera in the hall outside. The Snowden archive was thus protected by four different credentials: door key, safe combination, digital key card, and passphrases. These credentials were divided among the reporting team members and no one but Gellman had all of them.*
According to Barton Gellman's book Dark Mirror, the files he received from Snowden were stored on brand new laptops which had their usb-ports sealed, wi-fi and bluetooth hardware removed and the batteries disconnected. The data on these laptops were encrypted, with the keys stored on memory cards which were also encrypted and were never in the same room except when in use. The laptops were stored in a big and heavy safe bolted to the floor of a windowless room with a high-security lock and a video camera in the hall outside. The Snowden archive was thus protected by four different credentials: door key, safe combination, digital key card, and passphrases. These credentials were divided among the reporting team members and no one but Gellman had all of them.*
In a 2013 Brazilian television report, Glenn Greenwald was seen using some thumb drives and a standard SD card while working with the Snowden documents.
In another television report we could even see the screen of Greenwald's laptop with several of the BOUNDLESSINFORMANT documents being opened in a TrueCrypt window. TrueCrypt was a software application used to fully or partially encrypt hard drives and removables drives using the AES, Serpent and Twofish ciphers.
Data on the external hard drive that Greenwald's partner David Miranda was carrying when he was detained at Heathrow Airport in August 2013 was reportedly also encrypted with TrueCrypt.
Glenn Greenwald working with the Snowden files outside his house in Rio de Janeiro
(screenshot from a television report by Fantastico)
The future of the files
What can or should happen with the Snowden files? Wikileaks, Cryptome and many others demanded that all the documents should be released to the public. But Snowden did not want an indiscriminate dump like how Manning's files were eventually published on Wikileaks. Instead, he insisted on responsible disclosures by independent journalists.
Accordingly, Glenn Greenwald stressed that the NSA files should "be released in conjunction with careful reporting that puts the documents in context and makes them digestible to the public, and that the welfare and reputations of innocent people be safeguarded."
The reality has actually been somewhat different: in many cases, press reports lacked a proper context, were sensationalist or even misleading because of misinterpretations. And while protecting the reputations of individuals, that of the NSA seemed "fair game".
First Look Media's CEO Michael Bloom hoped "that Glenn and Laura are able to find a new partner - such as an academic institution or research facility - that will continue to report on and publish the documents in the archive consistent with the public interest" and Greenwald tweeted that he was already looking for "the right partner [...] that has the funds to robustly publish."
But money seems not the problem: if there's one place with enough money than it's First Look Media, which was funded by eBay billionaire Omidyar with some 87 million US Dollar between 2013 and 2017 (of which Greenwald earned more than 1.6 million USD from 2014 to 2017).
In the Motherboard interview, Snowden said that "what remains in the archive is stuff that requires much more substantial effort" which would be better for a book. He said that The Intercept wasn't meant for that and that it was up to academic institutions, but they didn't dare because they depend on grants from the federal government.
Snowden also argued that handing over the files to a foreign academic institute was also not an option because then the US government would come up with the accusation of providing classified information to foreigners.
But when it's so hard to find a well-funded institution for further research and responsible publications and the final option of deleting all the files comes closer, it's also not unthinkable that someone will try to "rescue" the archive by putting everything online. After all, there have been other disclosures that were not in accordance with Snowden's intentions.
Updates:
In an "ask me anything" on Reddit from July 2020, Barton Gellman said that he stopped reporting when he "judged that the remaining documents were merely technical or bureaucratic or incremental versions of things of things I had already written -- or discussed information that I did not think should be public. (Names and photos of operational personnel; names, places and fruits of specific operations against obvious adversaries; etc.) The material is now in cold storage, as secure and inaccessible as I could devise."
According to footnote 17 on page 63 of Jacob Appelbaum's PhD thesis (very large .pdf) from March 2022, the Snowden archive of The Intercept has reportedly been destroyed. In June 2023, Appelbaum added that it was an insider who told him that The Intercept had destroyed its copy of the Snowden archive and that the company withheld many things that are in public interest.
> See also: Some new snippets from the Snowden documents
In an "ask me anything" on Reddit from July 2020, Barton Gellman said that he stopped reporting when he "judged that the remaining documents were merely technical or bureaucratic or incremental versions of things of things I had already written -- or discussed information that I did not think should be public. (Names and photos of operational personnel; names, places and fruits of specific operations against obvious adversaries; etc.) The material is now in cold storage, as secure and inaccessible as I could devise."
According to footnote 17 on page 63 of Jacob Appelbaum's PhD thesis (very large .pdf) from March 2022, the Snowden archive of The Intercept has reportedly been destroyed. In June 2023, Appelbaum added that it was an insider who told him that The Intercept had destroyed its copy of the Snowden archive and that the company withheld many things that are in public interest.
> See also: Some new snippets from the Snowden documents
Links and sources
- Menschen Machen Medien: Snowden und die große Datenmisshandlung (2023)
- Spytalk: The Curious Fate of Citizen Snowden’s Archive (2022)
- Justice Integrity Project: Snowden archives at great risk — As alarming as Assange's arrest
- Barrett Brown: Why The Intercept Really Closed the Snowden Archive
- Tim Shorrock: Why Did Omidyar Shut Down The Intercept’s Snowden Archive? - Part 2 - Part 3
- Bruce Schneier: First Look Media Shutting Down Access to Snowden NSA Archives
- Columbia Journalism Review: The Intercept, a billionaire-funded public charity, cuts back
- The Daily Beast: The Intercept Shuts Down Access to Snowden Trove
- The Intercept: The Intercept is Broadening Access to the Snowden Archive. Here's why
