Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

News & Supplemental  

Snowden’s Ride, Part 13: Glenn Greenwald, David Miranda and Destructive Counterintelligence

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained here. (The flash dri­ve includes the anti-fas­cist books avail­able on this site.)

COMMENT: A very inter­est­ing sto­ry con­cern­ing the detain­ment of of Glenn Green­wald’s part­ner David Miran­da at Heathrow Air­port sheds a poten­tial­ly defin­ing light on “Snow­den’s Ride.”

(Our series on this is long, com­plex and mul­ti-lay­ered: Part IPart IIPart IIIPart IVPart VPart VIPart VII, Part VIIIPart IXPart X, Part XI, Part XIIPart XIIIPart XIVPart XVPart XVIPart XVIIPart XVIIIPart XIXIt is impos­si­ble to do jus­tice to this analy­sis with­in the scope of this post. Please digest the rest of the mate­r­i­al, in order to come to terms with what we are pre­sent­ing.)

A Dai­ly Tele­graph arti­cle quotes a British offi­cial’s state­ment that among the mate­ri­als con­fis­cat­ed from Miran­da con­tained some very sen­si­tive infor­ma­tion.

British secu­ri­ty offi­cial Oliv­er Rob­bins stat­ed that Miran­da was car­ry­ing; ” ‘per­son­al infor­ma­tion of UK intel­li­gence offi­cers, any com­pro­mise of which would result in a risk to their lives and those of their fam­i­ly mem­bers.’ Rob­bins argued that if this data had got into the pub­lic sphere then it would have made spies and their loved ones vul­ner­a­ble to attack or recruit­ment by hos­tile forces. He said that the mate­r­i­al was, ‘high­ly like­ly to describe tech­niques which have been cru­cial in life-sav­ing counter-ter­ror­ist oper­a­tions, and oth­er intel­li­gence activ­i­ties vital to UK nation­al secu­ri­ty.’ Com­pro­mis­ing it ‘would do seri­ous dam­age to UK nation­al secu­ri­ty and ulti­mate­ly risk lives’.

Sev­er­al thoughts come to mind:

  • One won­ders what may have been in the rest of the 58,000 pages of doc­u­ments Miran­da was alleged­ly car­ry­ing?
  • We won­der if our spec­u­la­tion in a pre­vi­ous post about Green­wald’s pre­vi­ous part­ner (of 11 years) Aus­tri­an-born lawyer Wern­er Achatz pos­si­bly being some kind of case offi­cer or Under­ground Reich pay­mas­ter for Green­wald’s activ­i­ties on behalf of neo-Nazis and white suprema­cists? Was David Miran­da just being cyn­i­cal­ly used by Green­wald for his alleged couri­er activ­i­ties, or was he more involved than he main­tains? (Note that Miran­da dis­claims hav­ing car­ried sen­si­tive mate­ri­als and also claims that he did­n’t know the con­tents of what he was car­ry­ing. Both can’t be true.)
  • Eddie the Friend­ly Spook down­loaded 58,000 pages of doc­u­ments. That is the equiv­a­lent of 100 books of 580 pages each. We SERIOUSLY doubt that Snow­den read all of the mate­r­i­al he pur­loined and leaked. Leak­ing intel­li­gence files with­out know­ing in them is NOT whis­tle blow­ing. A whis­tle blow­er would approach supe­ri­ors about cor­rect­ing per­ceived abus­es, not grab­bing mate­r­i­al willy nil­ly and giv­ing it to a jour­nal­ist. That is reck­less, at best. How would the leak­er know what was there or what the con­se­quences of such behav­ior might be? In the age of WMD’s the con­se­quences could be unimag­in­ably destruc­tive.
  • Green­wald has not­ed in inter­views that he has enlist­ed help in deci­pher­ing and under­stand­ing what he has in his pos­ses­sion. Who’s help has he enlist­ed? Intel­li­gence offi­cers? If so, WHOSE intel­li­gence offi­cers?
  • The more time pass­es, the more it becomes clear that this is an intel­li­gence oper­a­tion. There can be no con­ceiv­able jus­ti­fi­ca­tion for dis­clos­ing infor­ma­tion of the type that Snow­den has appar­ent­ly leaked under the rubric of civ­il lib­er­ties, pri­va­cy, etc. These actions con­sti­tute mali­cious, strate­gi­cal­ly offen­sive coun­ter­in­tel­li­gence.

“David Miran­da Accused of Car­ry­ing Secrets that Threat­ened Spies’ Lives. This Looks Bad for Glenn” by Tim Stan­ley; The Tele­graph; 8/20/2013.

EXCERPT: Remem­ber that a cou­ple of weeks ago Glenn Green­wald’s hus­band was stopped at Heathrow air­port, detained and had his elec­tron­ic equip­ment seized? Well, we now have some idea of what was on it – and it does­n’t make Glenn look good.

The high court has just grant­ed the police pow­ers to pur­sue an inves­ti­ga­tion into pos­si­ble crimes of ter­ror­ism and breach­es of the Offi­cial Secrets Act as a result of analysing some of the data tak­en from Miran­da. And what was that data? The Gov­ern­men­t’s accessed just a small por­tion of an aston­ish­ing 58,000 pages of intel­li­gence doc­u­ments and, accord­ing to a wit­ness state­ment by Oliv­er Rob­bins, deputy nation­al secu­ri­ty advis­er to the Cab­i­net, it includes: “per­son­al infor­ma­tion of UK intel­li­gence offi­cers, any com­pro­mise of which would result in a risk to their lives and those of their fam­i­ly mem­bers.” Rob­bins argued that if this data had got into the pub­lic sphere then it would have made spies and their loved ones vul­ner­a­ble to attack or recruit­ment by hos­tile forces. He said that the mate­r­i­al was, “high­ly like­ly to describe tech­niques which have been cru­cial in life-sav­ing counter-ter­ror­ist oper­a­tions, and oth­er intel­li­gence activ­i­ties vital to UK nation­al secu­ri­ty.” Com­pro­mis­ing it “would do seri­ous dam­age to UK nation­al secu­ri­ty and ulti­mate­ly risk lives”. The Gov­ern­ment will now seek to dis­cov­er if that com­pro­mise has tak­en place.

Miran­da’s lawyer said in reply that, “Mr Miran­da does not accept the asser­tions they have made.” Pre­sum­ably, this means that he does not accept the asser­tion that the data he was car­ry­ing threat­ened UK nation­al secu­ri­ty and even the lives of its oper­a­tives. Yet this some­what con­tra­dicts some­thing Miran­da told The Guardian two weeks ago. Back then, he said, “I don’t look at doc­u­ments. I don’t even know if it was doc­u­ments that I was car­ry­ing.” So if he did­n’t look at the doc­u­ments, how can he know that they did­n’t include the kind of infor­ma­tion that the UK Gov­ern­ment alleges? . . . .


One comment for “Snowden’s Ride, Part 13: Glenn Greenwald, David Miranda and Destructive Counterintelligence”

  1. Accord­ing to the UK gov­ern­ment, the Snow­den cache of files (the ‘blue­print’ for the NSA as Gleen Green­wald char­ac­ter­ized it) may be in the hands of the Russ­ian and Chi­nese gov­ern­ments. Unen­crypt­ed

    The Guardian
    Rus­sia and Chi­na ‘broke into Snow­den files to iden­ti­fy British and US spies’

    Sun­day Times says Down­ing Street believes both nations have hacked into Amer­i­can whistleblower’s files, and that agents have been put in per­il

    James Tap­per

    Sat­ur­day 13 June 2015 20.02 EDT

    Down­ing Street believes that Russ­ian and Chi­nese intel­li­gence agen­cies have used doc­u­ments from whistle­blow­er Edward Snow­den to iden­ti­fy British and US secret agents, accord­ing to a report in the Sun­day Times.

    The news­pa­per says MI6, Britain’s Secret Intel­li­gence Ser­vice, has with­drawn agents from over­seas oper­a­tions because Russ­ian secu­ri­ty ser­vices had bro­ken into encrypt­ed files held by Amer­i­can com­put­er ana­lyst Snow­den.

    Snow­den pro­vid­ed the Guardian with top secret doc­u­ments from the US Nation­al Secu­ri­ty Agency (NSA), which revealed that west­ern intel­li­gence agen­cies had been under­tak­ing mass sur­veil­lance of phone and inter­net use.

    He fled to Hong Kong, then to Moscow, and the Sun­day Times claims that both Chi­nese and Russ­ian secu­ri­ty offi­cials gained access to his files as a result.

    The files held by Snow­den were encrypt­ed, but now British offi­cials believe both coun­tries have hacked into the files, accord­ing to the report.

    The news­pa­per quotes a series of anony­mous sources from Down­ing Street, the Home Office and British intel­li­gence say­ing that the doc­u­ments con­tained intel­li­gence tech­niques and infor­ma­tion that would enable for­eign pow­ers to iden­ti­fy British and Amer­i­can spies.

    The news­pa­per quot­ed a “senior Down­ing Street source” say­ing that “Rus­sians and Chi­nese have infor­ma­tion”.

    The source said “agents have had to be moved and that knowl­edge of how we oper­ate has stopped us get­ting vital infor­ma­tion”. The source said they had “no evi­dence” that any­one had been harmed.

    A “senior Home Office source” was also quot­ed by the news­pa­per, say­ing: “Putin didn’t give him asy­lum for noth­ing. His doc­u­ments were encrypt­ed but they weren’t com­plete­ly secure and we have now seen our agents and assets being tar­get­ed.”

    The Sun­day Times also quot­ed a “British intel­li­gence source” say­ing that Russ­ian and Chi­nese offi­cials would be exam­in­ing Snowden’s mate­r­i­al for “years to come”.


    Keep in mind that the giant hack of the US Office of Per­son­nel Man­age­ment (OPM) that just took place is also poten­tial­ly put the iden­ti­ties of US spies at risk. So it’s pos­si­ble that, if UK spies’ iden­ti­ties were also com­pro­mised in the hack, this claim by Down­ing Street could be a cov­er for the dam­age done by that hack. Of course, that hack could have been enabled by the infor­ma­tion in the Snow­den cache if, indeed, the Chi­nese and Russ­ian gov­ern­ments already broke the encryp­tion. Either way, there’s prob­a­bly going to be a lot spies on the move at the moment:

    Defense One

    OPM Breach Just Put America’s Spies ‘At High Risk’

    June 12, 2015
    By Patrick Tuck­er

    Hack­ers may now have detailed bio­graph­i­cal infor­ma­tion and a vir­tu­al phone­book of every Unit­ed States intel­li­gence asset.


    Stan­dard Form 86 — SF86 for short — is where cur­rent and prospec­tive mem­bers of the intel­li­gence com­mu­ni­ty put the var­i­ous bits of infor­ma­tion the bureau­cra­cy requires of them: Social Secu­ri­ty num­bers, names of fam­i­ly mem­bers, coun­tries vis­it­ed and why, etc. If hack­ers have got­ten away with those records, as the Asso­ci­at­ed Press report­ed Fri­day, America’s spies are in trou­ble.

    Such a theft could yield a “vir­tu­al phone­book” of U.S. intel­li­gence assets around the world and a work­ing list of each one’s weak spot, said Patrick Skin­ner, for­mer CIA case offi­cer and direc­tor of spe­cial projects for the Soufan Group. He said such a vul­ner­a­bil­i­ty was unprece­dent­ed.

    “The spy scan­dals we’ve had in the past … they gave up maybe a dozen for­eign spies. It was a big deal. This, basi­cal­ly is beyond that,” Skin­ner said. “It’s not giv­ing up for­eign spies…it’s admin­is­tra­tion, sup­port, logis­tics. Basi­cal­ly, It’s a phone book for the [intel­li­gence com­mu­ni­ty]. It’s not like they have your cred­it card num­ber. They have your life.”

    If there’s any good news about the dis­clo­sure, it’s that it could have been worse. Office of Per­son­nel Man­age­ment records don’t detail spe­cif­ic covert iden­ti­ties or mis­sions, assign­ments, or oper­a­tions. Records of that type would be held by the intel­li­gence agen­cies them­selves. “I don’t think it’s going to blow people’s cov­er but it’s going to put them at a real high coun­ter­in­tel­li­gence risk,” said Skin­ner.

    Skin­ner said some of the infor­ma­tion in SF86 records is exact­ly the sort of infor­ma­tion that he, as an intel­li­gence oper­a­tive, would look to get on peo­ple he was tar­get­ing. “At my old job, you would spend a lot of time try­ing to get that bio­graph­i­cal infor­ma­tion because it can tell you a lot,” he said. “It’s why mar­keters try to get that much infor­ma­tion from you. If you have somebody’s entire life his­to­ry and net­work you can craft a pitch to them that they don’t see com­ing.”

    What can the intel­li­gence com­mu­ni­ty do to repair the dam­age? “I don’t think they can,” Skin­ner said. SF86 “reveals so much about the per­son that it makes them incred­i­bly vul­ner­a­ble. You can’t erase your past. These are the things you can’t change about peo­ple: you can’t change your par­ents, your con­tacts, or your trav­el. For­eign con­tacts? That’s a huge deal.”

    One thing that could change as a result of the hack: OPM may begin to encrypt the data in its data­base. It’s a sim­ple secu­ri­ty pre­cau­tion that many in the tech­nol­o­gy com­mu­ni­ty say OPM should long since have had in place.


    Cer­tain­ly Skin­ner was tak­en aback. “They spend so much time train­ing us to main­tain our cov­er and then they keep this infor­ma­tion in an unen­crypt­ed data­base? I encrypt my hard dri­ve; why don’t they?”

    So a trea­sure trove of US spy iden­ti­ties have just been lift­ed by some­one and just days lat­er the UK starts reas­sign­ing all its agents while claim­ing the Snow­den cache was hacked. It’s quite a sto­ry, espe­cial­ly for any spies work­ing in the media or oth­er high pro­file areas.

    Are the two events relat­ed? It’s very pos­si­ble. But also keep in mind that
    we real­ly have no idea who has the encrypt­ed cache:


    Snowden’s Con­tin­gency: ‘Dead Man’s Switch’ Bor­rows From Cold War, Wik­iLeaks

    Kim Zetter
    07.16.13 4:31 pm

    The strat­e­gy employed by NSA whistle­blow­er Edward Snow­den to dis­cour­age a CIA hit job has been likened to a tac­tic employed by the U.S. and Russ­ian gov­ern­ments dur­ing the Cold War.

    Snow­den, a for­mer sys­tems admin­is­tra­tor for the Nation­al Secu­ri­ty Agency in Hawaii, took thou­sands of doc­u­ments from the agency’s net­works before flee­ing to Hong Kong in late May, where he passed them to Guardian colum­nist Glenn Green­wald and doc­u­men­tary film­mak­er Lau­ra Poitras. The jour­nal­ists have han­dled them with great cau­tion. A sto­ry in the Ger­man pub­li­ca­tion Der Spie­gal, co-bylined by Poitras, claims the doc­u­ments include infor­ma­tion “that could endan­ger the lives of NSA work­ers,” and an Asso­ci­at­ed Press inter­view with Green­wald this last week­end asserts that they include blue­prints for the NSA’s sur­veil­lance sys­tems that “would allow some­body who read them to know exact­ly how the NSA does what it does, which would in turn allow them to evade that sur­veil­lance or repli­cate it.”

    But Snow­den also report­ed­ly passed encrypt­ed copies of his cache to a num­ber of third par­ties who have a non-jour­nal­is­tic mis­sion: If Snow­den should suf­fer a mys­te­ri­ous, fatal acci­dent, these par­ties will find them­selves in pos­ses­sion of the decryp­tion key, and they can pub­lish the doc­u­ments to the world.

    “The U.S. gov­ern­ment should be on its knees every day beg­ging that noth­ing hap­pen to Snow­den,” Green­wald said in a recent inter­view with the Argen­tinean paper La Nacion, that was high­light­ed in a much-cir­cu­lat­ed Reuters sto­ry, “because if some­thing does hap­pen to him, all the infor­ma­tion will be revealed and it could be its worst night­mare.”

    It’s not clear if Snow­den passed all of the doc­u­ments to these third par­ties or just some of them, since Green­wald says Snow­den made it clear that he doesn’t want the NSA blue­prints pub­lished.


    Green­wald told the Asso­ci­at­ed Press that media descrip­tions of Snowden’s tac­tic have been over-sim­pli­fied.

    “It’s not just a mat­ter of, if he dies, things get released, it’s more nuanced than that,” he said. “It’s real­ly just a way to pro­tect him­self against extreme­ly rogue behav­ior on the part of the Unit­ed States, by which I mean vio­lent actions toward him, designed to end his life, and it’s just a way to ensure that nobody feels incen­tivized to do that.”

    The clas­sic appli­ca­tion of a dead man’s switch in the real world involves nuclear war­fare in which one nation tries to deter adver­saries from attack­ing by indi­cat­ing that if the gov­ern­ment com­mand author­i­ty is tak­en out, nuclear forces would launch auto­mat­i­cal­ly.

    It has long been believed that Rus­sia estab­lished such a sys­tem for its nuclear forces in the mid-60s. Pra­dos says that under the Eisen­how­er admin­is­tra­tion, the U.S. also pre-del­e­gat­ed author­i­ty to the North Amer­i­can Aero­space Defense Com­mand (NORAD), the Far East com­mand and the Mis­sile Defense Com­mand to use nuclear weapons if the nation­al com­mand author­i­ty were tak­en out, though the process was not auto­mat­ic. These author­i­ties would have per­mis­sion to deploy the weapons, but would have to make crit­i­cal deci­sions about whether that was the best strat­e­gy at the time.

    Snowden’s case is not the first time this sce­nario has been used for infor­ma­tion dis­tri­b­u­tion instead of weapons. In 2010, Wik­ileaks pub­lished an encrypt­ed “insur­ance file” on its web site in the wake of strong U.S. gov­ern­ment state­ments con­demn­ing the group’s pub­li­ca­tion of 77,000 Afghan War doc­u­ments that had been leaked to it by for­mer Army intel­li­gence ana­lyst Bradley Man­ning.

    The huge file, post­ed on the Afghan War page at the Wik­iLeaks site, was 1.4 GB and was encrypt­ed with AES256. The file was also post­ed on tor­rent down­load sites.

    It’s not known what the file con­tains but it was pre­sumed to con­tain the bal­ance of doc­u­ments and data that Man­ning had leaked to the group before he was arrest­ed in 2010 and that still had not been pub­lished at the time. This includ­ed a dif­fer­ent war log cache that con­tained 500,000 events from the Iraq War between 2004 and 2009, a video show­ing a dead­ly 2009 U.S. fire­fight near the Garani vil­lage in Afghanistan that local author­i­ties said killed 100 civil­ians, most of them chil­dren, as well as 260,000 U.S. State Depart­ment cables.

    Wik­iLeaks has nev­er dis­closed the con­tents of the insur­ance file, though most of the out­stand­ing doc­u­ments from Man­ning have since been pub­lished by the group.

    So some unknown num­ber of third par­ties have the encrypt­ed doc­u­ments, and if some­thing hap­pens to Snow­den some­how they’ll get the encryp­tion keys and pro­ceed to release them to the world. If the doc­u­ments were hacked by Rus­sia or Chi­na, these third par­ties could be one way they got their hands on the full stash of doc­u­ments, assum­ing Snow­den did­n’t hand them over direct­ly under the assump­tion that they’re safe­ly encrypt­ed any­ways. After all, as the arti­cle indi­cates, Wik­ileaks did the same thing with an encrypt­ed file back in 2010 that was uploaded to the inter­net, and no one has appar­ent­ly bro­ken the encryp­tion yet.

    Could Snow­den have used an encryp­tion method vul­ner­a­bil­i­ty that he was­n’t aware of? That seems pos­si­ble, but there’s anoth­er way gov­ern­ments could also get their hands on the unen­crypt­ed data: hack Green­wald and the jour­nal­ists work­ing with him or any­one else with access to the doc­u­ments:

    Meet the Man Hired to Make Sure the Snow­den Docs Aren’t Hacked

    By Loren­zo Franceschi-Bic­chierai
    May 27, 2014

    In ear­ly Jan­u­ary, Mic­ah Lee wor­ried jour­nal­ist Glenn Green­wald’s com­put­er would get hacked, per­haps by the NSA, per­haps by for­eign spies.

    Green­wald was a tar­get, and he was vul­ner­a­ble. He was among the first to receive tens of thou­sands of top secret NSA doc­u­ments from for­mer con­trac­tor Edward Snow­den, a scoop that even­tu­al­ly helped win the most recent Pulitzer prize.

    Though Green­wald took pre­cau­tions to han­dle the NSA doc­u­ments secure­ly, his com­put­er could still be hacked.

    “Glenn isn’t a secu­ri­ty per­son and he’s not a huge com­put­er nerd,” Lee tells Mash­able. “He is basi­cal­ly a nor­mal com­put­er user, and over­all, nor­mal com­put­er users are vul­ner­a­ble.”

    Lee, 28, is the tech­nol­o­gist hired in Novem­ber to make sure Green­wald and fel­low First Look Media employ­ees use state-of-the-art secu­ri­ty mea­sures when han­dling the NSA doc­u­ments, or when exchang­ing emails and online chats with sen­si­tive infor­ma­tion. First Look was born in Octo­ber 2013, after eBay founder Pierre Omy­di­ar pledged to bankroll a new media web­site led by Green­wald, with doc­u­men­tary jour­nal­ists Lau­ra Poitras and Jere­my Scahill.

    Essen­tial­ly, Lee is First Look’s dig­i­tal body­guard, or as Green­wald puts it, “the mas­ter­mind” behind its secu­ri­ty oper­a­tions.

    Lee’s posi­tion is rare in the media world. But in the age of secret-spilling and the gov­ern­ment clam­p­down on reporters’ sources, news orga­ni­za­tions are aim­ing to strength­en their dig­i­tal savvy with hires like him.

    “Every news orga­ni­za­tion should have a Mic­ah Lee on their staff,” Trevor Timm, exec­u­tive direc­tor and cofounder of Free­dom of the Press Foun­da­tion, tells Mash­able.

    Timm believes the Snow­den leaks have under­scored dig­i­tal secu­ri­ty as a press free­dom issue: If you’re a jour­nal­ist, espe­cial­ly report­ing on gov­ern­ment and nation­al secu­ri­ty, you can’t do jour­nal­ism and not wor­ry about cyber­se­cu­ri­ty.

    “News orga­ni­za­tions can no longer afford to ignore that they have to pro­tect their jour­nal­ists, their sources and even their read­ers,” Timm says.

    Once hired, Lee need­ed to trav­el to Brazil imme­di­ate­ly. First Look has an office in New York City, but Green­wald works from his house locat­ed in the out­skirts of Rio de Janeiro.

    Unfor­tu­nate­ly, the con­sulate in San Fran­cis­co near where Lee lives did­n’t have an open spot for a visa appoint­ment. It would be at least two months before he’d be able to leave for Brazil.

    Unde­terred, Lee cre­at­ed a smart (and legal) hack — a script that con­stant­ly scraped the con­sulate’s visa cal­en­dar to check for can­cel­la­tions. If it found any, it would text Lee, giv­ing him the oppor­tu­ni­ty to hop online and book.

    In less than 48 hours, he scored an appoint­ment and flew to Rio with­in days.

    “That’s what he does. He’s bril­liant at find­ing solu­tions for any kind of com­put­er pro­gram­ming chal­lenge,” Green­wald tells Mash­able. It’s exact­ly the kind of indus­tri­ous ini­tia­tive Green­wald need­ed.

    When he got to Rio, Lee spent one entire day strength­en­ing Greenwald’s com­put­er, which at that point used Win­dows 8. Lee was wor­ried spy agen­cies could break in, so he replaced the oper­at­ing sys­tem with Lin­ux, installed a fire­wall, disk encryp­tion and mis­cel­la­neous soft­ware to make it more secure.

    The next day, Lee had a chance to do some­thing he’d been dream­ing of: peek at the trea­sure trove of NSA top secret doc­u­ments Snow­den had hand­ed to Green­wald in Hong Kong.

    Since the begin­ning, Green­wald had stored the files in a com­put­er com­plete­ly dis­con­nect­ed from the Inter­net, also known as “air-gapped” in hack­er lin­go. He let Lee put his hands on that com­put­er and pore through the doc­u­ments. Iron­i­cal­ly, Lee used soft­ware ini­tial­ly designed for cops and pri­vate inves­ti­ga­tors to sift through the moun­tain of seized doc­u­ments.

    Lee spent hours read­ing and ana­lyz­ing a dozen doc­u­ments con­tain­ing once care­ful­ly guard­ed secrets.

    “I was­n’t actu­al­ly sur­prised. I was more like, ‘Wow, here’s evi­dence of this thing hap­pen­ing. This is crazy,’ ” he remem­bers. “At this point I kind of assume that all of this stuff is hap­pen­ing, but it’s excit­ing to find evi­dence about it.”
    Sit­ting inside Greenwald’s house, famous­ly full of dogs,

    Dur­ing his two days in Rio, Lee wore two hats: the dig­i­tal body­guard who secures com­put­ers against hack­ers and spies, and the tech­nol­o­gist who helps reporters under­stand the com­plex NSA doc­u­ments in their pos­ses­sion. In addi­tion to Green­wald, he also worked with Poitras, the doc­u­men­tary film­mak­er who has pub­lished a series of sto­ries based on the Snow­den doc­u­ments as part of both The Guardian’s and The Wash­ing­ton Post’s Pulitzer-win­ning cov­er­age.

    For Green­wald, Lee’s skills, as well as his polit­i­cal back­ground (Lee is a long­time activist) make him the per­fect guy for the job.

    “There’s a lot of real­ly smart hack­ers and pro­gram­mers and com­put­er experts,” Green­wald tells Mash­able. “But what dis­tin­guish­es him is that he has a real­ly sophis­ti­cat­ed polit­i­cal frame­work where the right val­ues dri­ve his com­put­er work.”

    J.P. Bar­low, founder of the Elec­tron­ic Fron­tier Foun­da­tion, where Lee used to work, agrees. There are two Lees, the activist and the hack­er, he says. One couldn’t exist with­out the oth­er.

    “He acquired his tech­ni­cal skills in the ser­vice of his activism,” Bar­low tells Mash­able.

    In some ways, Lee was des­tined to work on the Snow­den leaks. At Boston Uni­ver­si­ty in 2005, he was involved in envi­ron­men­tal and anti-Iraq War activism. His col­lege expe­ri­ence did­n’t last long, though. After just one year he dropped out to pur­sue advo­ca­cy full-time.

    “I had bet­ter things to do with my time than go to col­lege, because I want­ed to try and stop the war. And it did­n’t work,” Lee says.

    Dur­ing that time, he worked as a free­lance web design­er, despite no for­mal com­put­er edu­ca­tion. He start­ed teach­ing him­self the com­put­er pro­gram­ming lan­guage C++ when he was around 14 or 15 years old, in order to make video games. (Alas, none of those games are avail­able any­more.)

    Then in 2011, Lee was hired by the Elec­tron­ic Fron­tier Foun­da­tion, the dig­i­tal rights orga­ni­za­tion. “My dream job,” Lee says.

    As an EFF tech­nol­o­gist, teach­ing secu­ri­ty and cryp­to to novices was sec­ond nature for him. He was one of the peo­ple behind an ini­tia­tive in which tech­nol­o­gists taught dig­i­tal secu­ri­ty to their fel­low employ­ees over lunchtime piz­za. And as CTO of the Free­dom of the Press Foun­da­tion, he helped orga­nize “cryp­topar­ties” to teach encryp­tion tools to jour­nal­ists and activists.

    Lee became a go-to source for reporters look­ing for com­put­er secu­ri­ty and encryp­tion answers. After the first NSA leaks were pub­lished in June 2013, many reporters, not only those work­ing on the Snow­den leak, knew they’d need to pro­tect their own com­mu­ni­ca­tions. Lack­ing tech­ni­cal knowl­edge, they turned to Lee for help.

    He recalls, for exam­ple, that he helped reporters at NBC get start­ed using encryp­tion. It was only when NBC News pub­lished a series of sto­ries based on the Snow­den doc­u­ments, with the con­tri­bu­tion of Glenn Green­wald, that Lee real­ized why they need­ed his guid­ance.

    In ear­ly July 2013, he wrote what some con­sid­er one of the best intro­duc­to­ry texts about cryp­to, a 29-page white paper called “Encryp­tion Works.” Its title was inspired by an ear­ly inter­view with Snow­den — a Q&A on The Guardian’s site. The whistle­blow­er said,

    “Encryp­tion works. Prop­er­ly imple­ment­ed strong cryp­to sys­tems are one of the few things that you can rely on.”

    Those words had a pro­found effect on Lee.

    “That gave me a lot of hope, actu­al­ly, because I was­n’t sure if encryp­tion worked,” Lee says laugh­ing, his eyes bright­en­ing behind a pair of glass­es. He is lanky in jeans and a t‑shirt, behind a lap­top with stick­ers.

    He’s a true hack­er, but one who hap­pens to explain extreme­ly com­pli­cat­ed con­cepts in a way that’s easy to under­stand.

    He was one of the first peo­ple Green­wald and Poitras, both on the Free­dom of the Press Foun­da­tion board, named for their “dream team,” Green­wald says — a group that would even­tu­al­ly cre­ate The Inter­cept, First Look Medi­a’s first dig­i­tal mag­a­zine that would lat­er be instru­men­tal in break­ing new NSA sto­ries.

    “He was top of my list,” Poitras tells Mash­able.

    In the wake of the Snow­den leaks, which revealed the per­va­sive­ness of the NSA’s sur­veil­lance tech­niques, it seems no one, includ­ing jour­nal­ists, is safe. And it’s not just the NSA; oth­er branch­es of the U.S. gov­ern­ment have pres­sured jour­nal­ists to reveal their sources and have aggres­sive­ly inves­ti­gat­ed infor­ma­tion leaks.

    “Con­cern has grown in the news indus­try over the government’s sur­veil­lance of jour­nal­ists,” New York Times lawyer David McCraw wrote in a recent court fil­ing.


    At The Inter­cept, Lee is work­ing to make sure nobody leaves any traces. Mak­ing web­sites encrypt­ed, Lee says, “is the very bare min­i­mum basic of mak­ing it not real­ly easy for sources to get com­pro­mised.”

    All these prac­tices aim to pro­tect jour­nal­ists’ and sources’ com­mu­ni­ca­tions, but han­dling the Snow­den doc­u­ments, and mak­ing sure no one who has them gets hacked, is also key. Unfor­tu­nate­ly, that’s not as easy as installing an antivirus or a fire­wall.

    When exchang­ing doc­u­ments, jour­nal­ists at The Inter­cept use a com­pli­cat­ed series of pre­cau­tions. First of all, Lee says, doc­u­ments are nev­er stored on Inter­net-con­nect­ed com­put­ers; they live in sep­a­rate com­put­ers dis­con­nect­ed from the web. To add an extra lay­er of pre­cau­tion when log­ging in to air-gapped com­put­ers, jour­nal­ists must use secure oper­at­ing sys­tem Tails.

    So, imag­ine two employ­ees at First Look Media (we’ll call them Alice and Bob) need to send each oth­er Snow­den doc­u­ments. Alice goes to her air-gapped com­put­er, picks the doc­u­ments, encrypts them and then burns them onto a CD. (It has to be a CD, Lee says, because thumb dri­ves are more vul­ner­a­ble to mal­ware.) Then Alice takes her CD to her Inter­net-con­nect­ed com­put­er, logs in and sends an encrypt­ed email to Bob.

    If you’re keep­ing score, the doc­u­ments are now pro­tect­ed by two lay­ers of encryp­tion, “just in case,” Lee says, laugh­ing.

    Then Bob receives the email, decrypts it and burns the file on a CD. He moves it to his own air-gapped com­put­er where he can final­ly remove the last lay­er of encryp­tion and read the orig­i­nal doc­u­ments.

    To pre­vent hack­ers from com­pro­mis­ing these air-gapped com­put­ers, Lee real­ly does­n’t want to leave any stone unturned. That’s why First Look has start­ed remov­ing wire­less and audio cards from air-gapped com­put­ers and lap­tops, to pro­tect against mal­ware that can the­o­ret­i­cal­ly trav­el through air­waves. Secu­ri­ty researchers have recent­ly sug­gest­ed it might be pos­si­ble to devel­op mal­ware that, instead of spread­ing through the Inter­net or via thumb dri­ves, could trav­el between two near­by com­put­ers over air­waves, effec­tive­ly mak­ing air-gapped com­put­ers vul­ner­a­ble to hack­ers.

    If this all sounds a lit­tle para­noid, Lee is the first to acknowl­edge it.

    “The threat mod­el is para­noid,” Lee tells Mash­able, only half-jok­ing. But it’s not just the NSA they’re wor­ried about. (After all, the spy agency already has the doc­u­ments.) Oth­er spies, how­ev­er, would love to get their hands on the intel.

    “Any type of adver­sary could be out to get the Snow­den doc­u­ments. But specif­i­cal­ly large spy agen­cies. And I actu­al­ly think that the NSA and GCHQ aren’t as much as a threat com­pared to oth­er inter­na­tion­al ones,” Lee says. Apart from the NSA, Rus­sia and Chi­na are the real con­cerns.

    “It’s not just this the­o­ret­i­cal prospect that maybe the gov­ern­ment is try­ing to read my emails or lis­tens to my phone calls,” Green­wald says. “I know for cer­tain that they are doing that.”

    “I don’t think that the threat mod­el is para­noid at all,” Poitras says, not want­i­ng to under­es­ti­mate their ene­mies. “We have to be care­ful in terms of dig­i­tal secu­ri­ty.”

    “All of the reporters who are work­ing on these sto­ries have a gigan­tic tar­get paint­ed on their backs,” says Soghoian.

    Every pre­cau­tion, in oth­er words, is essen­tial, and makes it “much safer for us to oper­ate as adver­sar­i­al jour­nal­ists,” says Lee.

    Every lock on the door is nec­es­sary, and they should all be bolt­ed. What’s more, every door should be under the con­trol of First Look itself.


    As Green­wald’s secu­ri­ty guru puts it:

    “Any type of adver­sary could be out to get the Snow­den doc­u­ments. But specif­i­cal­ly large spy agen­cies. And I actu­al­ly think that the NSA and GCHQ aren’t as much as a threat com­pared to oth­er inter­na­tion­al ones,” Lee says. Apart from the NSA, Rus­sia and Chi­na are the real con­cerns.

    So, as we can see, there’s no short­age of secu­ri­ty around the doc­u­ments, but there’s also no short­age in inter­ests by pow­er­ful agen­cies around the globe to get their hands on that mate­r­i­al.

    Still, giv­en the recent mega-hack of the US OPM, there’s also no short­age of poten­tial rea­sons to assign blame for a his­toric breach of oper­a­tional cov­er that may have noth­ing to do with the Snow­den doc­u­ments. Then again, since the ‘blue­prints’ for the NSA could come in very handy for any group that want­ed to hack the OPM, it’s also pos­si­ble that the the OPM hack was direct­ly enabled by the decryp­tion of the Snow­den doc­u­ments.

    What can be con­clud­ed from all this? It’s hard to say. But one thing is cer­tain: the game of Clue could real­ly use anoth­er makeover.

    Posted by Pterrafractyl | June 13, 2015, 6:48 pm

Post a comment