Toggle Menu

I Almost Blew Off Edward Snowden—and the Largest National Security Leak in a Generation

The NSA leaker indisputably proved all that the US government had done to destroy the privacy of Americans and people around the world.

Glenn Greenwald

May 13, 2014

(Reuters/Bobby Yip)

This article originally appeared at TomDispatch.com. To stay on top of important articles like these, sign up to receive the latest updates from TomDispatch.com.

[This essay is a shortened and adapted version of Chapter 1 of Glenn Greenwald’s new book, No Place to Hide: Edward Snowden, the NSA, and the US Security State, and appears at TomDispatch.com with the kind permission of Metropolitan Books.]

On December 1, 2012, I received my first communication from Edward Snowden, although I had no idea at the time that it was from him.

The contact came in the form of an e-mail from someone calling himself Cincinnatus, a reference to Lucius Quinctius Cincinnatus, the Roman farmer who, in the fifth century BC, was appointed dictator of Rome to defend the city against attack. He is most remembered for what he did after vanquishing Rome’s enemies: he immediately and voluntarily gave up political power and returned to farming life. Hailed as a “model of civic virtue,” Cincinnatus has become a symbol of the use of political power in the public interest and the worth of limiting or even relinquishing individual power for the greater good.

The e-mail began: “The security of people’s communications is very important to me,” and its stated purpose was to urge me to begin using PGP encryption so that “Cincinnatus” could communicate things in which, he said, he was certain I would be interested. Invented in 1991, PGP stands for “pretty good privacy.” It has been developed into a sophisticated tool to shield e-mail and other forms of online communications from surveillance and hacking.

In this e-mail, “Cincinnatus” said he had searched everywhere for my PGP “public key,” a unique code set that allows people to receive encrypted e-mail, but could not find it. From this, he concluded that I was not using the program and told me, “That puts anyone who communicates with you at risk. I’m not arguing that every communication you are involved in be encrypted, but you should at least provide communicants with that option.”

“Cincinnatus” then referenced the sex scandal of General David Petraeus, whose career-ending extramarital affair with journalist Paula Broadwell was discovered when investigators found Google e-mails between the two. Had Petraeus encrypted his messages before handing them over to Gmail or storing them in his drafts folder, he wrote, investigators would not have been able to read them. “Encryption matters, and it is not just for spies and philanderers.”

“There are people out there you would like to hear from,” he added, “but they will never be able to contact you without knowing their messages cannot be read in transit.” Then he offered to help me install the program. He signed off: “Thank you. C.”

Using encryption software was something I had long intended to do. I had been writing for years about WikiLeaks, whistleblowers, the hacktivist collective known as Anonymous and had also communicated with people inside the US national security establishment. Most of them are concerned about the security of their communications and preventing unwanted monitoring. But the program is complicated, especially for someone who had very little skill in programming and computers, like me. So it was one of those things I had never gotten around to doing.

C.’s e-mail did not move me to action. Because I had become known for covering stories the rest of the media often ignores, I frequently hear from all sorts of people offering me a “huge story,” and it usually turns out to be nothing. And at any given moment I am usually working on more stories than I can handle. So I need something concrete to make me drop what I’m doing in order to pursue a new lead.

Three days later, I heard from C. again, asking me to confirm receipt of the first e-mail. This time I replied quickly. “I got this and am going to work on it. I don’t have a PGP code, and don’t know how to do that, but I will try to find someone who can help me.”

C. replied later that day with a clear, step-by-step guide to PGP: Encryption for Dummies, in essence. At the end of the instructions, he said these were just “the barest basics.” If I couldn’t find anyone to walk me through the system, he added, “let me know. I can facilitate contact with people who understand crypto almost anywhere in the world.”

This e-mail ended with more a pointed sign-off: “Cryptographically yours, Cincinnatus.”

Despite my intentions, I did nothing, consumed as I was at the time with other stories, and still unconvinced that C. had anything worthwhile to say.

In the face of my inaction, C. stepped up his efforts. He produced a 10-minute video entitled PGP for Journalists.

It was at that point that C., as he later told me, became frustrated. “Here am I,” he thought, “ready to risk my liberty, perhaps even my life, to hand this guy thousands of Top Secret documents from the nation’s most secretive agency—a leak that will produce dozens if not hundreds of huge journalistic scoops. And he can’t even be bothered to install an encryption program.”

That’s how close I came to blowing off one of the largest and most consequential national security leaks in US history.

“He’s Real”

The next I heard of any of this was ten weeks later. On April 18, I flew from my home in Rio de Janeiro to New York, and saw on landing at JFK Airport, that I had an e-mail from Laura Poitras, the documentary filmmaker. “Any chance you’ll be in the US this coming week?” she wrote. “I’d love to touch base about something, though best to do in person.”

I take seriously any message from Laura Poitras. I replied immediately: “Actually, just got to the US this morning… Where are you?” We arranged a meeting for the next day in the lobby at my hotel and found seats in the restaurant. At Laura’s insistence, we moved tables twice before beginning our conversation to be sure that nobody could hear us. Laura then got down to business. She had an “extremely important and sensitive matter” to discuss, she said, and security was critical.

First, though, Laura asked that I either remove the battery from my cell phone or leave it in my hotel room. “It sounds paranoid,” she said, but the government has the capability to activate cell phones and laptops remotely as eavesdropping devices. I’d heard this before from transparency activists and hackers but tended to write it off as excess caution. After discovering that the battery on my cell phone could not be removed, I took it back to my room, then returned to the restaurant.

Now Laura began to talk. She had received a series of anonymous e-mails from someone who seemed both honest and serious. He claimed to have access to some extremely secret and incriminating documents about the US government spying on its own citizens and on the rest of the world. He was determined to leak these documents to her and had specifically requested that she work with me on releasing and reporting on them.

Laura then pulled several pages out of her purse from two of the e-mails sent by the anonymous leaker, and I read them at the table from start to finish. In the second of the e-mails, the leaker got to the crux of what he viewed as his mission:

The shock of this initial period [after the first revelations] will provide the support needed to build a more equal internet, but this will not work to the advantage of the average person unless science outpaces law. By understanding the mechanisms through which our privacy is violated, we can win here. We can guarantee for all people equal protection against unreasonable search through universal laws, but only if the technical community is willing to face the threat and commit to implementing over-engineered solutions. In the end, we must enforce a principle whereby the only way the powerful may enjoy privacy is when it is the same kind shared by the ordinary: one enforced by the laws of nature, rather than the policies of man.

“He’s real,” I said when I finished reading. “I can’t explain exactly why, but I just feel intuitively that this is serious, that he’s exactly who he says he is.”

“So do I,” Laura replied. “I have very little doubt.”

I instinctively recognized the author’s political passion. I felt a kinship with our correspondent, with his worldview and with the sense of urgency that was clearly consuming him.

In one of the last passages, Laura’s correspondent wrote that he was completing the final steps necessary to provide us with the documents. He needed another four to six weeks, and we should wait to hear from him.

Three days later, Laura and I met again, and with another e-mail from the anonymous leaker, in which he explained why he was willing to risk his liberty, to subject himself to the high likelihood of a very lengthy prison term, in order to disclose these documents. Now I was even more convinced: our source was for real, but as I told my partner, David Miranda, on the flight home to Brazil, I was determined to put the whole thing out of my mind. “It may not happen. He could change his mind. He could get caught.” David is a person of powerful intuition, and he was weirdly certain. “It’s real. He’s real. It’s going to happen,” he declared. “And it’s going to be huge.”

“I Have Only One Fear”

A message from Laura told me we needed to speak urgently, but only through OTR (off-the-record) chat, an encrypted instrument for talking online securely.

Her news was startling: we might have to travel to Hong Kong immediately to meet our source. I had assumed that our anonymous source was in Maryland or northern Virginia. What was someone with access to top-secret US government documents doing in Hong Kong? What did Hong Kong have to do with any of this?

Answers would only come from the source himself. He was upset by the pace of things thus far, and it was critical that I speak to him directly, to assure him and placate his growing concerns. Within an hour, I received an email from Verax@******. Verax means “truth teller” in Latin. The subject line read, “Need to talk.”

“I’ve been working on a major project with a mutual friend of ours,” the e-mail began. “You recently had to decline short-term travel to meet with me. You need to be involved in this story,” he wrote. “Is there any way we can talk on short notice? I understand you don’t have much in the way of secure infrastructure, but I’ll work around what you have.” He suggested that we speak via OTR and provided his user name.

My computer sounded a bell-like chime, signaling that the source had signed on. Slightly nervous, I clicked on his name and typed “hello.” He answered, and I found myself speaking directly to someone who I assumed had, at that point, revealed a number of secret documents about US surveillance programs and who wanted to reveal more.

“I’m willing to do what I have to do to report this,” I said. The source—whose name, place of employment, age and all other attributes were still unknown to me—asked if I would come to Hong Kong to meet him. I did not ask why he was there; I wanted to avoid appearing to be fishing for information and I assumed his situation was delicate. Whatever else was true, I knew that this person had resolved to carry out what the US government would consider a very serious crime.

“Of course I’ll come to Hong Kong,” I said.

We spoke online that day for two hours, talking at length about his goal. I knew from the e-mails Laura had shown me that he felt compelled to tell the world about the massive spying apparatus the US government was secretly building. But what did he hope to achieve?

“I want to spark a worldwide debate about privacy, Internet freedom, and the dangers of state surveillance,” he said. “I’m not afraid of what will happen to me. I’ve accepted that my life will likely be over from my doing this. I’m at peace with that. I know it’s the right thing to do.” He then said something startling: “I want to identify myself as the person behind these disclosures. I believe I have an obligation to explain why I’m doing this and what I hope to achieve.” He told me he had written a document that he wanted to post on the Internet when he outed himself as the source, a pro-privacy, anti-surveillance manifesto for people around the world to sign, showing that there was global support for protecting privacy.

“I only have one fear in doing all of this,” he said, which is “that people will see these documents and shrug, that they’ll say, ‘We assumed this was happening and don’t care.’ The only thing I’m worried about is that I’ll do all this to my life for nothing.”

“I seriously doubt that will happen,” I assured him, but I wasn’t convinced I really believed that. I knew from my years of writing about NSA abuses that it can be hard to generate serious concern about secret state surveillance.

This felt different, but before I took off for Hong Kong, I wanted to see some documents so that I understood the types of disclosures the source was prepared to make.

I then spent a couple of days online as the source walked me through, step by step, how to install and use the programs I would need to see the documents.

I kept apologizing for my lack of proficiency, for having to take hours of his time to teach me the most basic aspects of secure communication. “No worries,” he said, “most of this makes little sense. And I have a lot of free time right now.”

Once the programs were all in place, I received a file containing roughly twenty-five documents: “Just a very small taste: the tip of the tip of the iceberg,” he tantalizingly explained.

I unzipped the file, saw the list of documents, and randomly clicked on one of them. At the top of the page in red letters, a code appeared: “TOP SECRET//COMINT/NO FORN/.”

This meant the document had been legally designated top secret, pertained to communications intelligence (COMINT), and was not for distribution to foreign nationals, including international organizations or coalition partners (NO FORN). There it was with incontrovertible clarity: a highly confidential communication from the NSA, one of the most secretive agencies in the world’s most powerful government. Nothing of this significance had ever been leaked from the NSA, not in all the six-decade history of the agency. I now had a couple dozen such items in my possession. And the person I had spent hours chatting with over the last two days had many, many more to give me.

As Laura and I arrived at JFK Airport to board a Cathay Pacific flight to Hong Kong, Laura pulled a thumb drive out of her backpack. “Guess what this is?” she asked with a look of intense seriousness.

“What?”

“The documents,” she said. “All of them.”

“README_FIRST”

For the next sixteen hours, despite my exhaustion, I did nothing but read, feverishly taking notes on document after document. One of the first I read was an order from the secret Foreign Intelligence Surveillance Act (FISA) court, which had been created by Congress in 1978, after the Church Committee discovered decades of abusive government eavesdropping. The idea behind its formation was that the government could continue to engage in electronic surveillance, but to prevent similar abuse, it had to obtain permission from the FISA court before doing so. I had never seen a FISA court order before. Almost nobody had. The court is one of the most secretive institutions in the government. All of its rulings are automatically designated top secret, and only a small handful of people are authorized to access its decisions.

The ruling I read on the plane to Hong Kong was amazing for several reasons. It ordered Verizon Business to turn over to the NSA “all call detail records” for “communications (i) between the United States and abroad; and (ii) wholly within the United States, including local telephone calls.” That meant the NSA was secretly and indiscriminately collecting the telephone records of tens of millions of Americans, at least. Virtually nobody had any idea that the Obama administration was doing any such thing. Now, with this ruling, I not only knew about it but had the secret court order as proof.

Only now did I feel that I was beginning to process the true magnitude of the leak. I had been writing for years about the threat posed by unconstrained domestic surveillance; my first book, published in 2006, warned of the lawlessness and radicalism of the NSA. But I had struggled against the great wall of secrecy shielding government spying: How do you document the actions of an agency so completely shrouded in multiple layers of official secrecy? At this moment, the wall had been breached. I had in my possession documents that the government had desperately tried to hide. I had evidence that would indisputably prove all that the government had done to destroy the privacy of Americans and people around the world.

In sixteen hours of barely interrupted reading, I managed to get through only a small fraction of the archive. But as the plane landed in Hong Kong, I knew two things for certain. First, the source was highly sophisticated and politically astute, evident in his recognition of the significance of most of the documents. He was also highly rational. The way he chose, analyzed and described the thousands of documents I now had in my possession proved that. Second, it would be very difficult to deny his status as a classic whistleblower. If disclosing proof that top-level national security officials lied outright to Congress about domestic spying programs doesn’t make one indisputably a whistleblower, then what does?

Shortly before landing, I read one final file. Although it was entitled “README_FIRST,” I saw it for the first time only at the very end of the flight. This message was an explanation from the source for why he had chosen to do what he did and what he expected to happen as a result—and it included one fact that the others did not: the source’s name.

“I understand that I will be made to suffer for my actions, and that the return of this information to the public marks my end. I will be satisfied if the federation of secret law, unequal pardon, and irresistible executive powers that rule the world that I love are revealed for even an instant. If you seek to help, join the open source community and fight to keep the spirit of the press alive and the Internet free. I have been to the darkest corners of government, and what they fear is light.

Edward Joseph Snowden, SSN: ***** CIA Alias “***** ” Agency Identification Number: ***** Former Senior Advisor | United States National Security Agency, under corporate cover Former Field Officer | United States Central Intelligence Agency, under diplomatic cover Former Lecturer | United States Defense Intelligence Agency, under corporate cover”

Excerpted and adapted from No Place to Hide: Edward Snowden, the NSA, and the US Security State by Glenn Greenwald, published by Metropolitan Books, an imprint of Henry Holt and Company, LLC.

 

Glenn GreenwaldGlenn Greenwald, a former constitutional lawyer and a Guardian columnist until October 2013, has earned numerous awards for his commentary and investigative journalism, including most recently the 2013 George Polk Award for national security reporting. In early 2014, he cofounded a new global media outlet, The Intercept. His latest book No Place to Hide: Edward Snowden, the NSA, and the US Security State (Metropolitan Books) was published in May 2014.


Latest from the nation