“I’ll be holding a Rubik’s Cube.”
When Laura Poitras and Glenn Greenwald entered the lobby of the hotel that day, they only knew to look for a toy. A complex logarithmic puzzle; easily solvable once you knew what you were looking for, but nearly impossible to see without the first step of the guide in place.
And so unfolded one of the largest dumps of classified government documents in modern history, the now-infamous “Snowden Leaks”. A federal contractor, Edward Snowden, along with journalists from The Guardian, The Washington Post, and the German-based magazine Der Spiegel, would unearth the single most complex and highly-funded surveillance operation to ever exist. His leaks would rip the veil off the spying arm of the U.S government, as well as dozens of other international bodies who were complicit in the construction, maintenance, and operation of the largest and most powerful spying network of all time.
But how did it come to this? How did one person make off with the secrets of millions? How could so few people see the signs until it was too late?
This is the story of the NSA, the FBI, the CIA, GCHQ, and just about every other vaguely-branded acronym-laden government agency you can think of. If you live in the developed world, you live in the surveilled world: here’s how they pulled it off.
FISA
Congressed passed the Foreign Intelligence Surveillance Act in 1978. Although it specifically allowed spying only on foreign powers and agents, it gave the government broad power to also surveil US citizens and permanent residents, laying the groundwork for more invasive and broad spying on Americans as well. Back then, FISA was mainly used to spy on phone calls, but it would later be applied to the internet as well.
FISA got rid of the need for a court order prior to engaging in such spying. It also layed out the guidelines for electronic surveillance, physical searches, access to business records, pen registers, and trap and trace devices.
In 2008, FISA was amended with Section 702, which gave intelligence agencies the power to collect foreign intelligences from non-Americans located outside of the USA. Under the amended law, many Americans would also have their communications spied on by FBI and NSA surveillance programs. Section 702 laid the groundwork for mass surveillance of Americans communicating with non-Americans through a loophole called “incidental collection.”
The PATRIOT Act
When 9/11 happened, it left the United States, and the world, in a state of abject shock. We didn’t think it was possible, and in a moment of panic the people of that country gave their Congresspeople the authority to approve any piece of legislation that could bring them an inch closer to Bin Laden’s head.
There’s a saying of unknown origin from someone in the United States government: the more over-the-top the name of a bill is, the more you know whatever’s inside it is probably “bulls**t”.
And so the USA PATRIOT Act was born.
There’s a lot of details in between, but for the sake of this story all you need to know is that the government took September 11th as its one opportunity to overhaul the permissions afforded to its own growing surveillance network. The National Security Agency, first established as we know it under Truman during the Cold War, had been waiting for the opportunity to show what it could do in wartime with the advent of technologies like cell phones, the internet, and email. The agency had a host of tricks, techniques, and tools just itching to go at its disposal, and as we soon found out – it was not afraid to use them to the full extent of their power.
So the train went off, and for years the major intelligence agencies of the Five Eyes Collective did what they do best: record the rest of us from the shadows. For those out of the know, the Five Eyes Collective is a surveillance network agreement between five major western democracies: the US, UK, Canada, New Zealand, and Australia. These five countries share any and all intelligence that might protect the other from incoming attacks by rogue nations or terrorist organizations, which means that the NSA, GCHQ, and all the other respective agencies can easily open up communication between each other at a moment’s notice.
With the authority of the FISA courts, the metadata from cell phone calls, emails, instant messages, web browsing history, and just about any other data stream you can imagine was collected en masse through programs such as PRISM, XKEYSCORE, and MUSCULAR.
Intimidating caps-locked names aside, the true intent of these programs was to essentially vacuum up petabytes of data at a time, even monitoring the communications of entire countries once the system was built out enough to handle it. The NSA – working in concert with hundreds of independent contractors and a few all-too-willing internet companies from Silicon Valley – had amassed the greatest information gathering weapon in history.
But how did a lone contractor make off with information about all of it? How could the agency that knew all, saw all, miss something so close to the bridge right below its nose?
Snowden’s Seen Enough
Edward Snowden worked as a network engineering contractor for both the CIA and the NSA, and by all appearances was simply another competent employee working among the tens of thousands that made the NSA’s beating heart tick.
But behind the scenes, Snowden was quickly becoming disillusioned with what he viewed as a clear and present threat to the sanctity of democracy, and was determined to do something about it. Though there’s no confirmation that Snowden himself witnessed this behavior, it was discovered that federal agents of GCHQ had been openly bragging about their ability to secretly activate the webcams of people they deemed “hot”. They would record hundreds of images, along with videos, of the subjects in question, and pass them around the office for other agents to see.
There’s also evidence that agents would use the network to spy on ex-lovers, even going so far as to stalk their new boyfriends/girlfriends and use their location to know where they were at all times. It apparently happened so often that the agency needed to develop an internal keyword to address the issue without raising suspicion: “LOVEINT”.
See also: How to secure your webcam
Of course these are just a few of the incidents that were actually reported, and the exploitation of the network for personal use was never properly addressed or punished within the ranks of the agency, long after it had already been discovered by superiors.
Meanwhile, the network itself only continued to surge in potential beyond anyone’s expectations. As we gave up more and more of our own information through social media, we overloaded their systems with all new ways to track us, predict our behavior, and establish the people we keep closest in our network of contacts.
Only a year and change prior to the leaks, Wired Magazine had written a story covering the construction of a monolithic data center in the remote desert of Utah, containing petabytes of server capacity buried deep under the dirt. The facility would go on to have numerous legal battles with the local municipality over water and electricity usage, with some cases even going as far to the local Supreme Court, and it’s through these openly-available documents we’ve learned what’s really stored underneath those dry, dusty hills.
It turns out the NSA had been so effective at gathering data on its own citizens and the data of those abroad that it couldn’t even sort through all of it fast enough in the time it takes to collect it. This means they needed to construct entire silos-worth of servers stacked underneath the Earth itself, where all good secrets go to die.
As Snowden witnessed a monster that was slowly growing out of control from the shadows, it was time to take action. Though it’s never been made apparent exactly how he pulled it off, Snowden would walk out the front door of the NSA headquarters in Maryland one last time sometime in June of 2013, carrying with him a trove of more than 1.5 million highly classified documents that the NSA never expected to see the light of day.
The lone contractor packed his bags, caught a plane to Hong Kong (known for their very specific extradition laws with the US), and made contact with Greenwald and Poitras to tell them what he’d seen.
The Programs (and Acronyms) You Should Know About
USA PATRIOT Act – The spark that lit the fire, the USA PATRIOT Act (actually listed under “shorter titles” by Wikipedia: the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001”) is the backbone that made this whole thing possible in the first place.
The PATRIOT Act for “short” was passed in the wake of September 11th, and gave sweeping, nearly unchecked powers to the surveillance arm of the United States. Many less-ridiculously named bills were soon passed in the UK parliament and elsewhere, and the spying network as we know it today was born.
FISA/FISC – The Foreign Intelligence Service Act is a bill that was passed with procedures meant to dictate how electronic surveillance is used, and decide the legality of every new technology that’s developed with surveillance capabilities in mind. For every new tap or tech, the NSA would need to file for a FISA request in the FISC, or Foreign Intelligence Service Courts. The system was quickly overrun with requests after the PATRIOT Act went live however, resulting in thousands of requests which were simply rubberstamped and sent through without proper time for a case-by-case evaluation of the circumstances.
PRISM – PRISM was one of the very first programs to come to light, shortly after it was revealed that Verizon had willingly been handing over call records to the US and UK governments en masse. PRISM was just as dastardly, working with major internet providers like Yahoo!, AOL, Google and Facebook to hand over user data whenever the NSA put in a formal request. Through PRISM it’s estimated that over 250,000 individual personal internet history records were revealed during the height of the program’s implementation.
MUSCULAR – This is where the NSA really started to flex its muscles, if you’ll pardon the pun. For any data on its users that companies like Microsoft or Google didn’t feel like handing over through official FISA requests, the NSA simply found a way around the back, putting taps on the wires between their backend data servers that could suck up (and even decrypt) data by the handful.
XKEYSCORE – The easiest way to describe XKEYSCORE is like the NSA’s own internal Google. Type in a name, a country, anything you need and all the data ever collected on that subject is brought up in an easy-to-digest format. XKEYSCORE was the tool that helped agents make sense of the noise gathered for every individual, and according to Snowden and Greenwald could be used to spy on “anyone, anywhere, anytime”.
MYSTIC – A massive voice-interception network designed to break into the audio recordings of phone calls and analyze the data gathered automatically. The program is said to be able to handle “virtually every” call made in the United States, and able to hold the metadata from those calls up to 30 days at a time. The Snowden Leaks showed that the NSA had been monitoring five entire countries for all calls coming in or going out of the tagged nations.
OPTIC NERVE – Webcam activation program which collected webcam images from over 1.8+ million Yahoo! users during its run. Was capable of running complex algorithmic face-detection software on hundreds of thousands of people at a time. Also responsible for one of the seedier violations of privacy, when it was discovered agents had been secretly making recordings of male and female users to pass around at their respective offices.
BULLRUN – “But encryption still keeps us safe, right?” – Everyone. “Lol, nope.” – NSA. Project BULLRUN was described in the leaks as a $250 million per-year program that was designed to brute force through some of the most complex encryption algorithms available in modern computing. Supposedly GCHQ made a “breakthrough” in 2010, opening up huge swaths of data streams that were previously closed off by an encrypted channel.
MAINWAY – This was one of the very first programs to see the light of day, almost seven years before Snowden made off with his leaks. Reported by NBC News in 2006, the existence of the now-infamous “Room-641a” showed that the NSA had built their own taps on the very backbone of our telecommunications network, gathering phone call information and content with the express knowledge of providers like Verizon and AT&T.
So What Happened Next?
Unfortunately, many of the programs that were first revealed by Snowden back in 2013-2014 are still in operation today. Some have even had their powers increased and extended since the revelations first came to light, rather than pulled back or restricted.
The Freedom Act
Congress initially expressed outrage at some of the wanton extensions of surveillance power that the NSA and FISA courts had afforded themselves during the age of the PATRIOT Act, but few representatives were able to ever actually put a damper on the way these rogue agencies utilized the tools they had created for themselves.
The closest we ever got to any rollback of NSA powers came in 2015, when the Senate passed the US Freedom Act. Many of the legal permissions the NSA depended on to keep their system running were set to expire in 2015, and while the Freedom Act does put a new level of restriction on how metadata is gathered and stored, it also extended dozens of the same programs to be re-addressed in 2019.
The consequences of the NSA Leaks have been substantial for both the American and global public, but they also supposedly had a large impact on American manufacturers of networking equipment who had been “backdoored” by the NSA’s own hacking equipment. Companies like Cisco, D-Link, and Linksys were all mentioned as “easily breakable” by the agency’s own internal documents, and it’s not clear whether any of them will ever recover from the damage the government has done to their reputation internationally.
Aside from a few more regulations placed on the way phone metadata is handled, as of today, almost all of the NSA surveillance network apparati are working just the same as they were the day that Edward Snowden stole the blueprints for how the whole thing worked. Whether or not newer, bigger, and badder spying toys have been invented and implemented on top of the old systems is unclear, but if the agency’s previous track record is anything to go by, one can only imagine what they’re getting up to four long years later.
How to Fight Back
To keep yourself on an even playing field with the NSA, GCHQ, or whoever might be spying on your local wires, check out our list of the best VPNs and run your network through a barrage of privacy testing tools through this link here!
It’s also recommended that you encrypt your text messages through apps like iMessage or Silent Phone, which will lock down your smartphone communications from any prying eyes.
Two-factor authentication is another helpful tool that the average user can employ in their battle against Big Brother, as well as a bevy of different encryption resources that can help you protect every aspect of your digital life from your email to your hard drive.
Finally, Edward Snowden himself has suggested that something as simple as adding a password manager like LastPass to your repertoire can sometimes be enough to keep you off the grid when it matters. This step wasn’t so much about fighting back against government surveillance, as it was a matter of good online privacy practices as a whole.
Regardless of what tools are at your disposal, it’s important that in the modern age of the internet you always have a toolkit ready to go that can keep your identity anonymous, your browsing habits under wraps, and your personal information out of the hands of any governments that may one day try to use it against you.
“Rubik’s Cube” by Theilr licensed under CC BY 2.0
“Edward Snowden” by Mike Mozart licensed under CC BY 2.0