The Snowden Operation: Inside the West's Greatest Intelligence Disaster

Introduction

Some of my most respected colleagues tell a story that goes like this: Edward Snowden had a well-paid post inside American intelligence, as a contractor for the NSA. Disillusioned by the discovery that his employers and their allies engaged in mass collection of details of private communications, he took a cache of secret documents detailing this appalling behaviour and shared them with media outlets across the world. The noble crusader was bravely risking his career and freedom in the pursuit of truth and transparency—a sacrifice that has made him a worthy candidate for man of the year awards,[1] and for canonisation as a secular saint.

This book tells a different story. My reading of the facts is that Snowden is a ‘useful idiot’.[2] His theft and publication of secret documents should be seen not as a heroic campaign but as a reckless act that has jeopardised our safety and played into our enemies’ hands.

The damage wrought by Snowden’s revelations takes five forms. It weakens America’s relations with Europe and other allies; it harms security relationships between those allies, particularly in Europe; it corrodes Western public opinion’s trust in their countries’ security and intelligence services; it undermines the West’s standing in the eyes of the rest of the world; and it has paralysed Western intelligence agencies.

All these are bad. And as it happens, they are also all Kremlin priorities: if Vladimir Putin were writing a ‘to-do’ list for his officials, it would have all these five points on it. Yet this aspect of the story has been largely unexplored.[3] One reason is that the public has a superficial and glamourised view of espionage, fed by Hollywood thrillers and spy novels. Outsiders simply don’t understand what intelligence agencies actually do. Nor do they understand the necessarily secretive and often cynical deal-making at the heart of diplomacy. That ignorance may be healthy. But when it is breached, people are shocked.

Responsible journalism has trouble dealing with secret and hence uncheckable information released by sources with a political agenda. Most of Snowden’s leaked documents consist of slides, presumably used in internal presentations. But what do they represent? Are the operations and capabilities described merely planned, long since abandoned, or actually under way? How widespread are they? Who are the targets? What do the preceding and following slides say? Who is the audience for this presentation? What objections or questions were posed? This context is crucial. Journalists usually scrutinise leaked documents for exactly these links and clues. Yet in the case of the Snowden revelations, there has been no such scrutiny.

A third element fuelling support for Snowden is genuine concern about the way in which computer processing-power and digital storage affect the privacy and anonymity that we have long taken for granted. The term ‘mass surveillance’ may be misleading, but it resonates. Official responses to the Snowden revelations have been lame. The White House blames the NSA for allowing the documents to leak; its rebuttals to the claims made have been laconic and dutiful, rather than vigorous. Allies fume, mostly silently.

The security and intelligence agencies in democratic countries are not used to dealing with non-specialist media. They prize (rightly) secrecy over setting the record straight. Explaining why a leaked secret document does not mean what it purports to mean may result in giving away another secret, perhaps still more valuable to an adversary. Moreover, the climate created by the leaks, and memories of past deception, dissembling, exaggeration and inaccuracy on issues such as Iraqi weapons programmes, makes it hard for the agencies to put forward their case. Morale has plummeted in the face of a vehement and corrosive scepticism about the veracity of anything coming from intelligence sources.

This book is not based on complacency about the status quo. It is not a whitewash of British and other allied intelligence agencies, either regarding their reaction to the Snowden revelations or their activities in previous years. I have spent much of my career in pursuit of official secrets (in dictatorships and democracies) and have had some success in finding them. I have on several occasions prompted official leak investigations, notably in NATO when I was the first journalist to disclose that the alliance had finally agreed to make contingency plans to protect its new members.[4] In my book Deception I exposed the German BND’s spying operations in Estonia, and described the disastrous British intelligence operations in the Baltics in the 1940s and 1950s. In all these cases I have judged the public interest more important than saving politicians and officials from embarrassment. My instinctive attitude is to mistrust official explanations. The plea of secrecy that intelligence and security officials invoke when confronted with hard questions makes it easy to cover up incompetence, corruption and treason.

Yet transparency and journalistic freedom do not trump all other considerations. Secrets may be so sensitive that journalists have no business exposing them (I have come across some of those too). Journalists may not realise the sensitivity of the secrets they have obtained: officialdom needs some kind of recourse (such as Britain’s D-Notice system) to advise the media about how to make disclosures less damaging. Journalists have a duty to their readers—but they are citizens too. Their safe and comfortable lives, and those of their fellows, depend on the proper functioning of the state. They should not take this for granted.

A healthy competition between officials who want to keep secrets and journalists who try to find them out is the hallmark of a democracy. My side winning this contest can involve notional or real breaches of the law, which may in turn expose journalists and their sources to the risk of prosecution. That is part of the job: a journalist who wants to invoke a public-interest defence in breaching secrecy has to be willing to plead his case before a judge and jury if necessary. If convicted, he will hope that political pressure will bring a pardon, or that history will vindicate him. We journalists do not enjoy absolute statutory immunity, nor should we. Nobody elected us. We make mistakes, and if they are bad ones—reflecting recklessness or malice—we should expect to suffer consequences. In short, both sides in this contest between truth and secrecy need to be guided by their sense of broader responsibility. Not every breach of official secrets deserves prosecution. And not every official secret deserves to be exposed.

Some of the accusations made against the Snowden camp are silly. It is not disloyal for journalists to try to expose state malfeasance. Nor is wrong for them to profit from their discoveries. Good journalists with good skills and good sources get good information, and if they are good at analysing and explaining it, they deserve (and may even get) good money.

Finally, worries about the future of privacy in an age of limitless electronic storage, powerful algorithms and extraordinary processing power are understandable. My forthcoming book Cyber-phobia[5] deals in detail with how our habits and attitudes need to evolve to match the rapid change of technology we use in our daily lives. In brief, my argument is for concern rather than panic. Society has evolved in the past in response to new technologies and the benefits and threats they bring. It will do so in the future too. We will find new ways of behaving, just as we have with cameras, cars, telephones and personal computers. We will need to change some laws and establish new institutions. It will be uncomfortable for everyone but it is a surmountable problem.

That broad topic bears on this e-book too. The intelligence agencies, like everyone else, are grappling with new capabilities, vulnerabilities and constraints. The American constitution, with its admirable prohibition of arbitrary searches and seizures, was not designed for the digital age, which allows large amounts of information to be stored, and sorted rapidly and repeatedly by many remote investigators. The Smith v Maryland Supreme Court judgment of 1979, which says that expectations of privacy do not apply to dialled telephone numbers, did not foresee the ability of the authorities to warehouse such material in colossal amounts and search it automatically.

In sufficient quantities and in the right context, meta-data (for example the time, duration and direction of a phone call) can be more revealing than its content. The latter requires a search warrant. The former does not. Similarly the American distinction between citizens (constitutionally protected) and foreigners (fair game) is impractical and outdated when data crosses and re-crosses national frontiers. The need to rely on (and to arm-twist) private internet, technology and telephone companies creates new problems and dilemmas. In particular, weakening commercial cryptography standards, or finding vulnerabilities and keeping them secret, for example, may bring immediate gains in terms of intelligence collection, but—if exposed—strategic losses in terms of stoking distrust of America as a guardian of global security standards.

Legal challenges on these issues in America are under way as I write this e-book and will doubtless reach the Supreme Court eventually. Political controversies are bubbling too. The presidential Review Group on Intelligence and Communications Technologies mulled how America and other countries should manage their security and intelligence agencies in the digital age (some of its recommendations were sensible, others in my view unworkable or dangerous). President Obama on January 17th announced some modest and largely cosmetic changes to the NSA’s remit, but has broadly endorsed its activities and approach.[6]

Ultimately, voters will have their say, in America and in other democracies too. But it does not seem that voters wish to destroy current intelligence capabilities, or to rewrite the statute book to make privacy inviolable always and everywhere, and at whatever cost, as some Snowdenistas seemingly want.

Despite sensationalist, ill-informed and sometimes misleading commentary in much of the media, public opinion in Britain and America seems broadly to agree with the proposition that releasing state secrets damages national security. In Britain, for example, 42% of those asked in a poll last year thought the security services had broadly the right powers; a further 22% thought they should have more.[7]

The NSA and associated organisations are huge. Distinguishing the communications of terrorists and other adversaries from the innocent data of innocent Americans is tricky. Things do go wrong. In the ‘LOVEINT’ scandal a small number of NSA officials were found to have abused their position to snoop on people of interest in their private lives. They were disciplined. I think they should have been fired and prosecuted. Corrupt, self-interested intelligence officers are as big a threat to our freedom, or even a bigger one, as corrupt, self-interested police or judges. Their numbers may be tiny, but that is no reason for complacency.

Leaving aside wilful individual wrongdoing, it is clear that the NSA has also over-reached. Since 2011 some 56,000 e-mails of ‘US persons’ have been improperly read, a judgment from the FISA court reveals. But it is worth noting, first, that this was a list of errors which the NSA itself logged and reported—hardly the sign of a systematic cover-up or intentional abuse. Second, as a share of total e-mail traffic, measured in many billions, the number is vanishingly small. At other points the FISA court has also complained about the scope of the NSA’s collection of meta-data, about the way in which it is accessed, and about the level of authorisation sought. Yet on reading the (mind-numbingly long) rulings from the court, it is clear that the system is broadly working. The NSA makes mistakes. It reports them. The court finds flaws in the agency’s conduct and slaps it down (in sometimes stinging language).[8] Procedures change. Politicians react. Snowdenistas may not like the system, but even before their disclosures, its checks and balances were operating broadly as intended.

If the result of the Snowden revelations is to show that intelligence agencies and their employees make mistakes, or that they operate up to the limits of their political, judicial and regulatory constraints, and sometimes clash with the lawmakers and judges who regulate them, then that is an underwhelming benefit given the damage caused. Yes, the system could be better. I strongly support the introduction of a ‘public defender’ in the FISA court (as, incidentally, does the NSA).[9] Such a person would be security cleared to see secret information, but would also have the standing to argue against the intelligence agencies’ requests for warrants. Under the current system, the agencies make their case to the judges—but with nobody to challenge them head on. (President Obama has suggested lay advocates take part in deliberating ‘novel’ cases). The appointment of FISA judges—currently by the chief justice alone—could be the result of a broader process.

The NSA regards foreign citizens’ communications as fair game—which happens to be the position under international law. Moreover as Nigel Inkster, a former British spymaster now at a London think-tank, notes:

For all that, people everywhere need better ways to rebut damaging conclusions that may be drawn from automatic analysis of electronic information. It would not be acceptable if, for example, an innocent non-American landed irrevocably on an international no-fly list, or were deprived of a bank account, just for being a pious Muslim who studies chemistry and likes aeroplanes.[11] Though such worries are widespread, especially about how such capabilities might be abused in future, examples of things actually going wrong right now are remarkably scanty. Snowden has claimed:

That is a shocking claim. But it depends heavily on the world ‘could’. He ‘could’ also have set fire to his desk. Neither form of behaviour is condoned by the NSA. Both arson and warrantless wiretaps of random Americans are punishable. With a million-plus stolen documents at their disposal, the worst case involving deliberate intrusion into individual privacy—in America or abroad—that the Snowden camp has been able to come up with so far involves six radical Muslims (one of them with American connections) whose penchant for online pornography and contact with under-age girls had come to the attention of the NSA. The agency appears to have been mulling a leak of this information, as a possible means of discrediting them and their role as propagandists for violent and extremist forms of Islam.[13]

Another slide (actually highlighting the need to stay within the law, however irksome or inconvenient it might be) implied that an unnamed ‘restaurant in Texas’ might be the subject of surveillance if drug runners were meeting there.[14] The context was not a recommendation, but a warning to NSA staff not to repeat the errors of Minaret, a warrantless wiretapping programme in the 1960s and 1970s whose targets included Martin Luther King and Senator Howard Baker.[15]

That story of the targeted Muslims (if true) raises some serious questions: who would make the decision about initiating such official smears; how would they be conducted; what level of threat or nuisance would be sufficient to trigger this tactic; and what redress would someone have if the smear turned out to be incorrect? Such hypothetical questions are more troubling than—so far—the reality.

The legal framework for counter-terrorism, government hacking, data and meta-data collection, and rules on searches and seizures when international travel is involved is a work in progress. That is not the same as a closed system in which no challenge is possible. Checks and balances in a free, law-governed society do not depend on perfection for their legitimacy. The actions of the NSA and other agencies are directed by elected leaders and subject to scrutiny by lawmakers and by judges. That oversight could be better. But it is not negligible or useless (as it is in the authoritarian countries about which the Snowden camp is so strangely silent). Outcomes vary. At the time of writing, a judge in the District of Columbia had ruled that meta-data collection was illegal, while another judge in New York, in a different case, had given an opposite ruling.

As Inkster argues, even the term ‘mass surveillance’ is a misnomer. It implies that governments systematically monitor the content of the communications of their citizens—reading e-mails, listening to phone calls—and take actions against them as a result. In fact, he says:

An American blogger, Dan Conover, puts it like this:

Even Snowden himself justifies his leaks not by alleging that we live in a world akin to Orwell’s 1984,[18] but by claiming that we are heading that way. I dispute that. But what is hard to deny is that in their attempts to forestall this hypothetical threat, he and his friends have done huge, practical damage right now.