The Edward Snowden Affair (33 page)

The
Post
admits, “Documents published so far by news organizations have shed useful light on some NSA programs and raised questions that deserve debate.” But the newspaper has apprehensions that future disclosures will sacrifice national security. It provides a rap sheet of current geopolitical casualties resulting from the Snowden affair, including damage to Obama’s European reputation and U.N. free-trade talk complications as—referring to the ATPDEA contingency—Ecuadorian workers’ livelihoods hung in the balance. Wiping retrospective egg off its face, the Post announces the day the American exile applied for mass asylum, Latin American countries were already “holding Mr. Snowden at arm’s length” due to his “toxicity.” Even though the periodical acknowledges Snowden has only acted upon political and not military data, it nonetheless proceeds to evoke fear: “[ … ] Mr. Snowden is reported to have stolen many more documents, encrypted copies of which may have been given to allies such as the WikiLeaks organization.” Despite the NSA leaker’s great efforts to only dole out carefully chosen materials to select parties with a proven track record of journalistic integrity, the citation does nothing short of insist that an unfiltered, Manning-like data dump will occur. The article conveniently ignores that the
Post
’s own rendition of the PRISM scandal was published after Gellman took an editorial stand not to publish all 41 classified slides, which consequently kept the exposé from being an exclusive feature. The newspaper proceeds to highlight that it cannot substantiate whether China or Russia had obtained Snowden’s trove of classified materials, though his handing them over in exchange for asylum appears to be a growing possibility. It calls for the whistleblower to surrender himself, but admits it is unlikely because “the supposed friends of this naive hacker are likely advising him otherwise.”

Greenwald was quick to respond. He posted on Twitter, “Shouldn’t media outlets need—y’know—facts or evidence before asserting that Snowden ‘may’ have given secrets to Russia and/or China govts?”
³⁵
Greenwald’s former employer,
Salon
, stated the editorial was “journalists against journalism.”
³⁶
It does not blame Gellman for the article. The online news source conjectures that the “higher-ups” in the boardroom had “issu[ed] a jeremiad” to the Post newsroom. Salon believes the newspaper’s retraction of its previous groundbreaking report is akin to the same news outlet which broke the 1972 Watergate Scandal announcing President Nixon should “prevent Deep Throat [the whistleblower who was reporting to the
Post
] from leaking information.” It laments the brief renunciation’s underlying theme, that cultivating sources will be frowned upon for future Post writers and perhaps all journalists.
Salon
considers the missive indicative of all major news outlets eventually kowtowing to political pressure.

On August 15, Gellman reemerged to put a rather large nail in the surveillance coffin. Since June 5, it had become clear that American intelligence did indeed have the technological capability to spy on its citizens. The question remained whether it broke privacy laws. In “NSA broke privacy rules thousands of times per year, audit finds,”
³⁷
Gellman answers the inherent question in every preceding disclosure.

Gellman refuses to dance around the issue and opens with the “National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.” It includes two classified and one unclassified file as well as a page from a newsletter.

Confirming Snowden’s statement that, during audits, analysts were not held accountable for targeting violations but instead are told to “bulk up the justification,” a top secret document titled, “Targeting Rationale”
³⁸
informs the NSA employee, “While we do want to provide our FAA overseers with the information they need, we DO NOT [the NSA’s emphasis] want to give them any extraneous information.” It goes on to state, “Your rationale MUST NOT [the NSA’s emphasis] contain any additional information including: probable cause-like information (i.e.
proof
[the NSA’s emphasis] of your analytic judgment), how you came to your analytic conclusions, any RAGTIME information, classification marking, or selector information.” “Ragtime” is bulk data collected on and, per 702’s update, “around” targets. One example of target justification is a social media hop: “Selector was found on buddy list of Al-Qaeda East Africa associate.” The NSA intended to keep these instructions in-house for a long time. “Dated: 20070108” is found on the bottom, right corner of the first page. Immediately below the timestamp is “Declassify On: 39480914.” The NSA’s targeting procedure was scheduled to be made public on September 14, 3948.

Another top secret document is a compliance memo dated May 3, 2012.
³⁹
No oversight committee, including the FISC, read it because it was addressed to the SIGINT director from the head of Oversight & Compliance within Security and Intelligence. The chief of Oversight uses the occasion to file procedural grievances and appeal for more surveillance latitude. It is a comparative quarterly report of “incidences of non-compliance” from January 1 through March 31. Violations had increased by 11 percent since the last quarterly filing, and 89 percent of incidences involved raw, or full-take, intelligence. Of the 865 violations which had taken place so far in 2012, 63 percent were due to “operator error.” In specifying the nature of operator infractions, the NSA report makes the crotchety insinuation that the errors might not have occurred if the agency was permitted greater legal girth by which to conduct its spying, “Analysis identified that these incidents could be reduced if analysts had more complete and consistent information available about selectors and/or targets at the time of tasking [ … ].”

Thirty-seven percent of violations are attributed to system error. Without the slightest hint of irony, the NSA states that regulations are the cause of the greatest volume of laws being broken under this category: “[S]ystem lacks the capability to ‘push’ real-time travel data out to analysts, system/device unable to detect changes in user.” The memo obtusely reinforces this point by supplying a pie chart. It breaks human error into respective classifications to visually imply the largest single cause of violations is system limitations.

Ten percent of the FISA breaches were due to “delayed detasking” or failure to quickly stop an investigation once the agency discovered a target was domestic. Dauntingly, when four drop-down menu selectors were discovered to have targeted 913 people with U.S. green cards, the directorate did not order to have the program updated or, in Gellman’s terms, create “built-in safeguards to prevent unlawful surveillance.” Instead analysts were instructed to first research if a suspected target had American rights and privileges before proceeding with the investigation. Within the report, the various intelligence databases are listed: “Cloud/ABR,” “Dishfire,” “Fastscope,” “Marina,” “Octave,” “Pinwale,” “Sigint Navigator,” “Tracfin” (used for tracking bank transfers),
⁴⁰
“Transx,” “Tuningfork,” “UTT,” “XKeyscore,” “Nucleon,” “Anchory” and, rather disturbingly, “unknown.”

Analysts took the Targeting Rationale’s advice to heart. During the first three months of 2012, 74 percent of database query violations were due to “broad syntax.” Admittedly a few analysts were cited as not having been “familiar enough to use the tool [program] used for query.” Though “lack of due diligence” and “training and guidance” are listed as culprits, “workload issues” is also included. Of the 865 privacy violations committed during the first quarter of 2012, auditors found 83. “Automated alerts” discovered 553. Undoubtedly the wider the regulatory aperture is programmed, the fewer number of queries will be flagged as violations. In laymen’s terms, a computerized auditing program can be set up to consider “X” but not “Y” as a violation. This means the person programming the alert system determines what is and is not a violation. The violation triggers have an inverse relationship to selectors. The NSA wants as many selectors as possible in order to net data. The agency wants as few violation triggers as possible keeping it from reeling in information. “VLR,” “Spyder,” “Chalkfun” and “TransX” are part of the alert systems.

On February 16, 2012, it was discovered that the five-year legal limitation on 3,032 files had long since expired. This was due to Stellar Wind being copied over to another database. The files’ origination times had been overridden, or reset, during the transferal process. The end of the report admits that a group of cryptanalysts had been given unauthorized access to “NSA Establishment FISA data.” On average, a violation occurred every three hours from April 1, 2012, to May 31, 2013, for a yearly total of 2,776. The memo is a report for NSA outposts in and around Washington. The statistics do not include the quarterly or yearly data for the NSA stations in Denver; San Antonio; Honolulu; Oak Ridge, Tennessee; or Augusta, Georgia.

A third disclosure is an October 12, 2011, article from the NSA’s internal electronic newsletter, “SSO News.” It provides evidence that the FISC did find the NSA in violation of the Constitution, “However, in the 80-page [FISC] opinion, the judge ordered certain ‘upstream’ or ‘passive’ FAA DNI collection to cease after 30 days, unless NSA implements solutions to correct all deficiencies identified in the opinion document.” “DNI” is “digital network intelligence” and the technical term for Internet communications. The ruling was based on “[deficiencies] on statutory and constitutional grounds.” Little else is known about the secret ruling or the conditions surrounding the decision.
⁴¹
Gellman reports, much like Boundless Informant being hidden from Congress, that the invasive program being used had been put into operation without the court’s knowledge. The FISC had found PRISM and its corporate relationships to be legal. (Six days later, after the Obama administration diligently fought a Freedom of Information Act lawsuit by the Electronic Frontier Foundation, the U.S. government redacted and declassified the court’s 85-page opinion of the ruling. “Wholly domestic” communications had been retrieved in the attempt to capture, store and then filter upstream data. Because the NSA purged its upstream data repositories in April 2012, it is assumed the upstream collection took place from 2008 to 2011. Contrary to the SSO article, a footnote within the opinion states the court’s approval of phone record collection was “premised on a flawed depiction of how the NSA” would use the data.)
⁴²

Whereas the violation report is alarming in retrospect, the last disclosure is startling in its potentiality. Revised 20 days after the FISC determination, an unclassified training slide
⁴³
guides analysts through the procedure if an American is targeted. In the comments sections under the headings “Intentional,” “Inadvertent” and “Reverse” (where an analyst targets a foreign individual to gather data on an American through contact chaining), an analyst is told, “If collect (sic) on U.S. Person is needed, seek additional authority if eligible and a valid foreign intelligence requirement.” In the comments sections under the heading “Incidental,” unlike all other action headings, an analyst is not told to “Stop collection immediately!” Confirming what Greenwald had claimed in his PRISM exposé, the intelligence worker is advised, “Focus your report on the foreign end of the communication.” The slide explicitly states that the violation need not be reported because it does not violate any specified law. Likewise, the only type of information that houses legal constraints is metadata; therefore full-take data captures are not considered illicit and not likely to be destroyed.

Gellman also discusses undisclosed classified information. His report quietly establishes that Snowden was not exaggerating when he stated he had “the authorities to wiretap anyone.” One in 10 violations involved an analyst typing the wrong number into a database and inadvertently retrieving an American’s phone calls or emails. The public had been reluctantly reassured only “incidentally collected” data could be extracted for analysis, which, as Gellman notes, implies a firewall prohibiting domestic surveillance had been put in place. Still, the
Post
journalist reports, “A notable example in 2008 was the interception of a ‘large number’ of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt.” The surveillance breach did not involve metadata and therefore did not need to be reported. Nor was it included in the quarterly memo that a team of Hawaiian analysts abused their power and queried the Swedish telecommunication provider Ericsson along with the keywords “radio” and “radar.”

Gellman reminded the White House why it had grown to dislike the
The Washington Post
40 years before. The journalist had provided irrefutable proof that thousands of privacy violations had occurred. He had also shown there is no way of definitively knowing what goes unreported due to gaping holes in surveillance law and spy programs the NSA keeps hidden from oversight committees. He even exposed a handful of privacy abuses. Washington’s window for excuses was getting progressively smaller with each report.

The Washington Post
reporter would not hold the limelight long. In what could be viewed as unintentional journalistic rivalry, Greenwald took center stage three days later. However, he undoubtedly would have preferred to have done so under vastly different circumstances.

On Sunday, August 18, at a little past 8 a.m., Greenwald’s partner, David Miranda, was detained at Heathrow Airport in London. Having arrived from Berlin with Greenwald (after spending a week with Poitras)
⁴⁴
en route to Rio de Janeiro, Miranda was held under Schedule 7 of the Terrorism Act (of) 2000.
⁴⁵
He underwent an eight hour, 55 minute
⁴⁶
interrogation by London authorities.