The intelligence disaster wrought by Edward Snowden (pictured) carries important lessons about the character of the digital world we now inhabit. Intelligence agencies, and indeed anyone who relies on information security, is far more vulnerable than in the past.
At one time a spy was lucky to bring home a film cartridge from a Minox camera, with copies (which might not be terribly good) of a few pages of some secret document. Obtaining those few copies might take as much as 15 or 20 minutes, during which he was vulnerable to detection. A spy with legitimate access to a classified library might manage to obtain information from 10 or 20 documents in a day, assuming he knew what he wanted. Jonathan Pollard apparently obtained a few hundred sensitive documents, which he carried to his masters to be copied. He was limited to what he could carry in a briefcase. In each case, the damage was significant, because even one sensitive document might well contain crucial information.
Snowden’s theft was on an altogether vaster scale. Because he was a system administrator, he could override the settings on computers which prevented them from dumping data into thumb drives. He was acquiring data at the rate of millions of bytes per second. That might be thousands of pages per second, depending on how documents were stored. Current thumb drives are rated in the tens of gigabytes of data. A gigabyte is roughly a thousand million bytes, which is on the order of half a million pages. Snowden’s system administrator status almost certainly made it possible for him to override any firewalls within the systems he operated. The only real limit on Snowden might have been ignorance of the relative values of the documents he was stealing.
It is, moreover, nearly impossible to enforce restrictions such as ‘need to know’ in an Internet-style data base such as we currently use. Moreover, any such restrictions go against the need to ‘connect the dots’ so as to detect and thwart terrorist operations. Who can be sure of exactly what information is relevant? That is particularly the case when the distinction between foreign and home-grown terrorists seems to dissolve. How do you classify those who carried out the Boston Marathon atrocity? What is the appropriate relationship between law enforcement, which seeks to identify and penalize those who have already committed crimes, and defense against terrorist threats? Without knowing a great deal more about how well we have done, we cannot say how worthwhile defense has been.
Enormous effort has been expended to find better ways of protecting sensitive information against those attempting to penetrate our networks. Every time you use a password, you make use of such security mechanisms. Snowden is a key example of a very different problem: a human threat, or perhaps the threat of human engineering (did he reach his ideology on his own, or was he helped?). We have been seeing such examples for years, and often ignoring them. A major technology company found out accidentally that someone had been rummaging its files. It seems likely that the break in its security came when some of its senior executives visited China, leaving their laptops in their hotel rooms. Maybe the convenience of on-the-go connectivity was a bit too convenient. There is also the classic approach: cash. Every so often we read of a massive loss of personal data due to the corruption of a low-level employee. Should we believe that the same thing does not happen to corporate or military data?
We do not know enough about Snowden to say when or why he decided that it was his mission to collect secret information which could later be used against the U.S. government. It does seem that he began working this way as a contractor for the CIA, before moving over to contract work for NSA. The CIA went so far as to warn NSA that he was showing undue curiosity – electronic libraries do register who asks for what and when. As a system administrator, Snowden should not have been using the data on his networks; his job was to ensure that the networks functioned properly. Snowden may have been affected by the various Wikileaks scandals and by the US reaction to them, or he may have made his decisions well before they broke, perhaps in connection with the Wikileaks project or with the ‘Anonymous’ hacking group. No one knows, apart from Snowden himself.
It does seem obvious that Snowden benefited from a series of devastating human failures. The first was that he was granted a very high clearance in the first place. That may have been tied to the mobilization of homeland-security operations in the wake of 9-11. Suddenly large numbers of computer experts were needed, to create and to maintain systems for sharing and analyzing intelligence data. It was also suddenly necessary to extend the military clearance system into law enforcement. This requirement seems to have collided with a decision made during the late 1990s to largely or completely privatize the clearance system. By that time massive human losses due to the end of the Cold War had badly damaged the government system which had been developed to handle the mass of contractors involved in classified work. The other problem, in Snowden’s case, is that NSA seems to have failed to convince him that what it was doing was for the public good, rather than for some evil purpose.
The pool of potential computer system analysts is not large, and most of them are probably snapped up by private industry at high salaries. NSA and other government entities badly needed whoever was available. How many administrators would happily drop a talented computer analyst because he seemed to be acting oddly? How easy would it have been to obtain a replacement? To wait while the replacement navigated the clearance process?
The public cry to ‘connect the dots’ so that information already in our hands could be used to prevent atrocities translates to ‘use all the data we can have in an effective way,’ which in turn requires that data be shared at every level. That means reducing it to digital form and creating data bases which can be exploited. In theory, a terrorist operation on American soil produces an identifiable signature. If that signature can be detected, it may be possible to trace back to those involved and neutralize them.
That is largely the modern form of a classic signals intelligence technique, traffic analysis, which NSA has undoubtedly used for decades. Even if the enemy’s codes cannot be broken, careful analysis of who talks to whom (and when) yields enormous dividends. For example, in the interwar period the US Navy had key Japanese codes, and used them to follow the major Japanese fleet exercises. Its signals analysts wondered what would happen if the Japanese woke up and changed their codes (as they did in 1941). They decided to rely entirely on traffic analysis to follow the 1930 maneuvers. To their surprise, the technique worked perfectly. Among other things, it revealed the unhappy fact that Japanese observations of earlier US maneuvers had revealed US Pacific strategy to them. The Japanese had developed effective countermeasures. One consequence was that the CNO had to tell President Hoover in 1931 that the US Navy could not do much about the Japanese attack on Manchuria that year. Another was a dramatic change in US naval strategy, from the ‘through ticket to Manila’ to the step by step strategy executed very successfully during World War II.
Put this way, it is unsurprising that NSA has been collecting phone and E-mail records, in terms not of what was said but of who called whom and for how long. Once a potential threat was identified, the agency had the authority to concentrate on the individuals involved. We don’t know whether it worked, but we can see it as something more than government greed to ruin our privacy. If we have some idea of how well it works, we can decide whether the loss of privacy is justified. Snowden did not care to reveal anything about how well (or poorly) the program worked. Perhaps it worked too well for his taste.
NSA operations were international because the Internet (like terrorism) is borderless; it is non-local. You experience that every time you go instantly onto a foreign web-site: for example, there is literally no difference between going on the US version of amazon.com and going on the Japanese one (assuming you know what you want in Japanese). In better times this made the Internet a wonderful way of learning about the rest of the world. In worse times it makes the Internet a terrific form of communication across all boundaries. Thus far the only barriers have been those set up by foreign governments, like the Chinese, who fear free communication. The international character of the Internet makes it very difficult, and perhaps impossible, to split domestic from foreign communication in any meaningful way. Since the same cables may often carry voice traffic, it is not so clear how any communications can be split
Snowden also revealed the shocking (shocking!) reality that NSA has been listening to the communications of foreign leaders, including our allies. After all, such interception (to protect us from surprises) is its great responsibility. NSA is also responsible for protecting us from foreign eavesdropping, but Snowden apparently did not consider it worthwhile to reveal what anyone has done to us. It is just a bit rich to read of Chinese outrage at American eavesdropping in the light of extensive Chinese penetration of sensitive US computer systems – which was doubtless revealed partly by NSA’s penetration of Chinese communications. Allied leaders’ outrage that we were listening is presumably for public consumption: their own intelligence services would be remiss if they were not trying to eavesdrop on us. Perhaps there is a universe in which different countries do not have their own interests, and hence attract intelligence notice, but it is not the one we currently live in.
The damage Snowden has done is the classic damage of a signals intelligence disaster: he has let the opposition know what it needs to know to evade detection. Cries from leading Internet companies to kill NSA’s programs are really cries to let their clients know they are safe from surveillance of any kind. To most citizens, such safety is a reasonable expectation of privacy. To a terrorist, safety means safety from detection.
What happens now? First, to the extent that Snowden revealed details of NSA operations, many of those techniques are no longer going to be effective. NSA will develop alternatives, but that will take time. We can expect our enemies to take advantage of that window of opportunity. They have already shown considerable awareness of the danger NSA and similar agencies represent. NSA’s exploitation of the Internet will cause hostile foreign governments to work harder to wrest Internet control from the United States, and also to create their own censored Internets; China, for example, is already doing that. The freedom of the Internet, about which Snowden claims to be passionate, will evaporate.
Norman Friedman’s regular column is made available by kind permission of the Editor of Proceedings, the Journal of the United States Naval Institute