A Redaction Re-Visited: NSA Targeted “The Two Leading” Encryption Chips
In light of last month’s Juniper news, we examined previously published NSA documents about encryption, with particular attention to a controversial redaction, and decided that it was warranted to un-redact that passage.
On September 5, 2013, The Guardian, the New York Times and ProPublica jointly reported — based on documents provided by whistleblower Edward Snowden — that the National Security Agency had compromised some of the encryption that is most commonly used to secure internet transactions. The NYT explained that NSA “has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the emails, web searches, internet chats and phone calls of Americans and others around the world.” One 2010 memo described that “for the past decade, NSA has led an aggressive, multipronged effort to break widely used internet encryption technologies.”
In support of the reporting, all three papers published redacted portions of documents from the NSA along with its British counterpart, GCHQ. Prior to publication of the story, the NSA vehemently argued that any reporting of any kind on this program would jeopardize national security by alerting terrorists to the fact that encryption products had been successfully compromised. After the stories were published, U.S. officials aggressively attacked the newspapers for endangering national security and helping terrorists with these revelations.
All three newspapers reporting this story rejected those arguments prior to publication and decided to report the encryption-cracking successes. Then-NYT Executive Editor Jill Abramson described the decision to publish as “not a particularly anguished one” in light of the public interest in knowing about this program, and ProPublica editors published a lengthy explanation along with the story justifying their decision.
All three outlets, while reporting the anti-encryption efforts, redacted portions of the documents they published or described. One redaction in particular, found in the NYT documents, from the FY 2013 “black budget,” proved to be especially controversial among tech and security experts, as they believed that the specific identity of compromised encryption standards was being concealed by the redaction.
None of the documents in the Snowden archive identify all or even most of the encryption standards that had been targeted, and there was a concern that if an attempt were made to identify one or two of them, it could mislead the public into believing that the others were safe. There also seemed to be a concern among some editors that any attempt to identify specific encryption standards would enable terrorists to know which ones to avoid. One redaction in particular, from the NYT, was designed to strike this balance and was the one that became most controversial:
The issue of this specific redaction was raised again by security researchers last month in the wake of news of a backdoor found on Juniper systems, followed by The Intercept’s reporting that the NSA and GCHQ had targeted Juniper. In light of that news, we examined the documents referenced by those 2013 articles with particular attention to that controversial redaction, and decided that it was warranted to un-redact that passage. It reads as follows:
The reference to “the two leading encryption chips” provides some hints, but no definitive proof, as to which ones were successfully targeted. Matthew Green, a cryptography expert at Johns Hopkins, declined to speculate on which companies this might reference. But he said that “the damage has already been done. From what I’ve heard, many foreign purchasers have already begun to look at all U.S.-manufactured encryption technology with a much more skeptical eye as a result of what the NSA has done. That’s too bad, because I suspect only a minority of products have been compromised this way.”
NSA requested until 5 p.m. today to respond but then failed to do so. (Update: The NSA subsequently emailed to say: “It would be accurate to state that NSA declined to comment.”)
From a Reddit IAMA Glenn and Janine Gibson held Oct 31 2013, some clues and speculation. Link at bottom. Comment onsite has more links:
While I do not know the name redacted in that report, the “VPN and Web encryption devices” mentioned are most likely hardware SSL acceleration appliances[1] , and due to the sensitive nature of the backdoor being discussed, are probably in chips fabricated by a US-based silicon designer using a US-located silicon fabrication plant.
The reason for that is twofold; first, you don’t want a foreign power discovering your backdoor in a chip, and second, you don’t want a foreign power inserting their own backdoor.
The vendors[2] list in Wikipedia lists the following vendors of SSL appliances:
Barracuda Networks
Array Networks
CAI Networks
Cavium Networks (fabless semiconductor designer)
Cisco Systems
Citrix Systems
Cotendo
Coyote point systems
Crescendo Networks
Exinda
F5 Networks
Foundry Networks
Forum Systems
Freescale Semiconductor (fabless and fab-owning)
Hifn
IBM (fab-owning)
Interface Masters Technologies
jetNEXUS
Juniper Networks
Nortel Networks
Radware
Riverbed Technology
Strangeloop Networks
Sun Microsystems
Of those, the two names that stand out most are IBM (which is no stranger to crippling encryption upon the demands of the NSA, with fabrication plants throughout the world and the United States, but which isn’t significantly given to florid chip descriptors) and Freescale Semiconductors – it is itself a large semiconductor fabricator, focused on semiconductor fabrication, with foundries in Chandler, AZ and Oak Hill, TX.
One not mentioned in that list is Broadcom, a semiconductor manufacturer that is fabless, that is – it doesn’t own any fabrication capability, itself. It does, however, design a very large percentage of communications chips used in the industry. Not finding a Broadcom chip somewhere in a device is notable.
The redacted space is roughly twelve all-caps letters or sixteen mixed-case letters in that font. If we could have someone identify exactly which font was used, then we could experiment with chip names from SSL acceleration device manifests, in that font, and see which fit into the redacted space, possibly with the manufacturer’s name in front of the chip – for example, the Freescale SAHARA[3] appears to fit nicely – and is touted as having configurable access control to the random number generator and hashing functions on that feature sheet linked – but is just one possibility. Another is the PowerArchitecture™ from Mocana -formerly FreeScale[4] .
If I were in the position to lead a project to reverse-engineer the possible name of the chip, I would:
Find out what the top five top-selling SSL acceleration device manufacturers in the world are;
get a list of their best-selling products;
Get parts manifests for each of their popular products, possibly from an electronics tear down research organisation;
Locate and name the crypto accelerator chips;
Determine who designed and fabricated those chips.
Get the name of the font used in the report in the imgur link;
Compose the name of each of those chips in that font at that pitch;
Do a little comparing.
Edit: OP is assuming that the report is listing two, separate chips. While that is possible, it is equally as likely that one variety or species of chip is being named! i.e. Intel Pentium chips. There is also no guarantee that the redacted text lists a florid, marketing-friendly name, and may possibly be a code name internal to the US intelligence community. These and other alternatives should not be discounted.
https://www.reddit.com/r/IAmA/comments/1nisdy/were_glenn_greenwald_and_janine_gibson_of_the/ccj4rvw
i’d like to see the engineers at VW have a go at some encryption software.
Did you know you can encrypt an encrypted message several times? Not even GOD can see what’s in it.
I was told, at the time I paid little attention to it because it was just one bit of a lot of tech talk as it was the dot-com period in the late 90’s/2000 here in the Silicon Valley, that the encryption software company PGP was purchased by the government. This came from a person who supposedly worked at the place during that time. If I remember correctly he was a little disappointed because he felt the market value was worth more than it was sold for? At the time Excite was still around and the founder thought that was worth more than AT&T offered to purchase its network and it soon disappeared.
Look it up on Wikipedia. See also GPG. It’s a little more complicated … not that much more complicated.
If it’s available for your OS, Kleopatra makes it much easier then playing with a command line. Similarly for Thunderbird and it’s ‘forks’, Enigmail.
Thought for the day: Who owns your NSA/CIA/FBI/DOD/… file?
Ans: Executive privilege Obama and the New World Order Global Disorder/NSA/CIA/FBI/DOD Dysfunction, Destruction & Chaos.
Are these the 2 chips? https://www.rt.com/usa/snowden-leak-rng-randomness-019/
Great catch “No Body”. This is almost certainly the “2 chips”. Glenn the linked article No Body is pointing to is referring to Intel and Via (who made a good amount of CPU’s long ago) and having one/some of their Random Number Generator functionality (used in encryption) compromised so that it wouldn’t generate such random numbers and could be actively compromised. Having the RNG’s on the CPU would make them fast…so programmers would want to use them. These weren’t separate chips, but rather functionality integrated into the CPU’s these MFR’s made (in there to this day I believe) – not sure if that was the result of a NSA compromised encryption standard or if Intel actively made something bad. I wouldn’t be surprised if AMD’s chips didn’t also have it.
The fact that Intel pushed big companies to use this hints that they were probably actively colluding with the NSA (like Microsoft, AT&T and Verizon were shown to in the Snowden documents) to subvert the internet and our own computers into a giant spying infrastructure for the NSA.
This is a great page from a Google engineer that talks about Intel pushing him to use this functionality back in the day: https://plus.google.com/+TheodoreTso/posts/SDcoemc9V3J
The article seems to be discussing certain routines (RDRAND and Padlock) for the random number generator but not mentioning the specific chips that use it .
Regarding the article claim:
“The NSA documents failed to name any specific manufacturers…”
See my comment here: https://theintercept.com/2016/01/04/a-redaction-re-visited-nsa-targeted-the-two-leading-encryption-chips/?comments=1#comment-190391
Thought for the day.
We know NSA is selling out to politicians for more funding.
We know politicians are selling out to big business to get their elections war chests stocked so they can get re-elected.
So …which big businesses are behind it all ? Well…which big businesses have scads of money and scads of interest in crushing the competition ?
And a big call out to Microsoft ! Hey there ! You’re not just a victim of all this NSA stuff are you ? Are you one of the driving forces behind it ?
Hmmm…..
“We know NSA is selling out to politicians for more funding.”
No… They’re BLACKMAILING them.
“Members of congress are entitled to the same protection as any other U.S. citizen” ~NSA response to a congressional request, in the wake of Edward Snowden’s revelations, for information about whether the NSA had spied on them
How much ‘protection’ is the NSA offering ‘any other U.S. citizen’? The depth of NSA’s information mining could easily be just as much about Institutional Slander as catching ‘terrorists’.
It never ceases to amaze me how some of you would rather make a one hundred piece puzzle into a one hundred thousand piece puzzle. ~ JSH
It kicks the can down the road.
Over 10 years ago, I called it exactly the way I was experiencing and being subjected to it (i.e., targeted): The Military/Industrial/Edutainment/Pharmacological Complex.
This is in large part why I am so vehemently opposed to the passing (and by executive Obama sign off) of the CISA legislation. It’s all about crippling and crushing, if not killing, the American spirit and its ordinary, law abiding citizenry.
These Programs Were Never About Terrorism. They’re About Economic Spying, Social Control, and Diplomatic Manipulation. They’re About Power ~ Edward Snowden
Retroactively analyzing people, anybody you want, any time you want, that’s certainly possible with bulk acquisition of data, but that’s certainly not what democracies are built on. That’s what totalitarian states are built on. ~ William Binney
Britain should not go further down this road and risk making the same mistakes as my country did, or they will end up perpetuating the loss of life. ~ William Binney
Former U.S. National Security Agency (NSA) employee William Binney.
https://www.rt.com/uk/328093-snoopers-charter-william-binney/
Researchers uncover first-of-its-kind JavaScript based ransomware https://www.rt.com/usa/328030-ransomware-new-javascript-malware/
This looks like a good reason to subvert the encryption systems. Instead of paying ransom send the files to NSA to decrypt.
On one hand, Glenn and the Freedom of the Press foundation are raising money to name and shame police officers that commit crimes and violate the rights of the citizenry.
On the other hand, Glenn is arguing that this kind of naming and shaming of intelligence officers is harassment and extra-judicial punishment without any value.
Which hand is sincere?
Accountability for individual agents of the government is the foundation of modern civil rights.
What little forward movement we have had on this front is because people didn’t listen when they were told that what they were doing was harassment, or extra-judicial punishment, or ineffective.
Accountability for individual agents of the government is the foundation of modern civil rights.
Which hand is sincere?
What do you envision would happen if we disclosed the names of low-level and mid-level career bureaucrats?
Tell me all the terrible things that have befallen the high-ranking officials who we did name as having constructed and implemented this surveillance system.
While you’re at at it, is there a list of all the terrible things that happened to the US officials named in the WikiLeaks documents for having been part of those acts and policies?
As I said, I’ve been ambivalent from the start about whether those names should be disclosed. I see both sides. But this fantasy that if only we would disclose these names, the public would rise up in fury over surveillance policies and smite these career bureaucrats is just that: utter fantasy.
>”Tell me all the terrible things that have befallen the high-ranking officials who we did name as having constructed and implemented this surveillance system.”
Right. Well… Bush Jr.’s figurehead is channeling his inner artist in Texas, Dick is pig farming up north, Clapper is still Obama’s right hand man and Hayden likes to debate the finer points of ‘security and freedom’ with upstarts like … you.
Lets see: wars (based on lies), murder, torture, creepy ‘collect it all’ surveillance and global mayham and anarchy … What Are You Hiding Glenn (i.e. the ‘worst of the worst’?)!? Really, what?
*and a tearful President Obama wants to know “why”, why Americans are so prone to gun violence!
@Glenn Greenwald
Well, at least we know which hand is sincere. Hope is for fund raising, not actual change. Your best argument is that nothing you do matters.
I would like you to directly address public protest against the misconduct of specific police officers. Do you consider these protests effective because people have risen in the streets, or are they ineffective, extra judicial harassment, because cops still operate with impunity?
Accountability for individual agents of the government is the foundation of modern civil rights. You may not want to believe it, but accountability and law does change things. This belief is the hope of democracy.
Naming and protesting corrupt racist cops changed things. Wikileaks changed things. Snowden changed things. That everyone didn’t form a mob and lynch those in power and their paid enforcers is a compliment to our population not an insult. This is a long road we travel.
A wise person once said that what was built by humans can be changed by humans. Information is the staple of democracy, and shame is the staple of self improvement.
What you seem to miss or dismiss is that people should be named, not so that they will be strung up on a tree branch by a mob, but so they may see themselves as others do, and so that our application of the law will be shamed.
The biggest problem with your arguments is that they are simply recycled from “The War on Cops”, and you are the Sheriff’s Association.
Accountability for individual agents of the government is the foundation of modern civil rights.
Reply to 24b4jeff
“What the arrogant assholes of the NSA and GCHQ fail to appreciate is that with all the trillions of dollars out there, criminal syndicates have powerful motivation to exploit the vulnerabilities that …”
You know the Mexicans thought they had the most secure maximum security prisons. That was until one of their own defected to “el chapo’s” cartel.
Just wait until some NSA goon with knowledge of encryption backdoors defects to the Romanians. If it hasn’t happened already.
I would like to know how many anti-virus software are actually sitting on top of the operating system and reporting the user activities instead of looking for viruses. The vantage they have is ideal for snooping.
They DO.. This has already been confirmed – google it. Also Snoden documents revealed which AV’s the NSA had trouble breaking through and which AV’s ‘sold out’.. McAfee has been implicated in actually CALLING the NSA to ensure their products didn’t block NSA backdoors!
Best advice? Use OPEN SOURCE on your edge – such as Untangle. Where everyone audits the code. Untangle scans everything with a great Web Filter, and 2 blended AV engines (Bit Defender + ClamAV).. If these slugs can get past that – which I doubt – it’s just one layer among many.
Then on your endpoints use a blended solution. Pretty hard to get stuff past an endpoint that uses 3, 5, even 10 different solutions. Zemana Anti-Malware with 7 engines and Pandora would be tough to break. Add in a normal AV over that and DISABLE telemetry on the AV (OptOUT) and you are probably good. Even Norton allows you to ‘completely’ disable all of the telemetry.
If you run Win10 lock down it with the Win10 privacy tools available.
Are you suggesting it’s better to create a Middle-east-like situation with lots of AV’s instead of just one, none quite knowing what the other is up to, and that it will be safer? No thanks!
BTW, I am concerned not with the moderate virus themselves but the roles these AV’s play while supposedly looking for the moderately bad terrorist viruses, somewhat akin to the HUMINT variety.
That’s not what I am suggesting at all. You should never have more than 1 AV installed on a computer. Zemana isn’t an AV, it’s an anti-malware product and functions completely differently. (and works in concert with AV) On the gateway/edge you can have layered AV without any issues because it’s not interacting on the kernal level with your OS, it’s scanning traffic. I don’t really expect laymen to understand all of this so I am probably wasting my breath…
You see in IT it’s called ‘blended solution’ for a threat surface that has become blended itself. No single solution is going to come close to protecting you. It requires a layered approach to be effective these days – the NSA/CIA scrubs know this and this is why the exploits and tools they use – use a blended approach. AV’s are just one part of the picture. A good adblocker, updated software/drivers, keeping things you don’t use/need uninstalled to reduce the threat surface, and more. Now consider the ‘multitude’ of internet connected devices in your home which are then blended devices requiring a blended solution.
Nevertheless. Studies have been done on the privacy policies and telemetry practices of most major AV’s.
Why not check their privacy polices and telemetry practices? Also consider – MANY/MOST AV’s have ‘settings’ to restrict what data is transmitted. Norton for example you can disable sending any data to Norton. As with anything, telemetry should always be disabled/mitigated when possible.
AVC did a nice study on which AV is sending the most sensitive information.
http://www.av-comparatives.org/wp-content/uploads/2014/04/avc_datasending_2014_en.pdf
All this looks like shadow fighting, and you are not even sure who is winning. Thanks though.
Check this out:
> Controlled by shadow government: Mike Lofgren reveals how top U.S. officials are at the mercy of the “deep state”
– A corrupt network of wealthy elites has hijacked our government, ex-GOP staffer and best-selling author tells Salon
“At the same time, NSA insiders have told me that they couldn’t even operate without the cooperation of Silicon Valley, because the communication backbones that are set up and operated by Silicon Valley provide the vast majority of information that the NSA and other intelligence agencies are going to exploit — and they can’t do it themselves. They need the willing or unwilling cooperation of Silicon Valley.”
http://www.salon.com/2016/01/05/controlled_by_shadow_government_mike_lofgren_reveals_how_top_u_s_officials_are_at_the_mercy_of_the_deep_state/
More:
“Q: Silicon Valley provides a lot of money. But it also has access to an unfathomable amount of information. Which do you think is more valuable to the deep state — the cash or the info?
A: I think you can’t distinguish the two. There is a tremendous amount of money coming, in terms of lobbying, for Silicon Valley to get what it wants in terms of intellectual property and so forth.
At the same time, NSA insiders have told me that they couldn’t even operate without the cooperation of Silicon Valley, because the communication backbones that are set up and operated by Silicon Valley provide the vast majority of information that the NSA and other intelligence agencies are going to exploit — and they can’t do it themselves. They need the willing or unwilling cooperation of Silicon Valley.
Q: But when the Snowden leaks first hit, a lot of Silicon Valley elites implied they didn’t knowingly or willingly work with the government, no?
A: There was a certain amount of deception there, after the Edward Snowden revelations. They claimed, Oh, well, the NSA made us do all these things! — but not really, because NSA, CIA, and these other intelligence organizations were also involved in giving seed money or subsidies to various Silicon Valley companies to do these things.
Q: Right. Which raises the question of whether the line between the public sector and the private sector even matters anymore, at least when it comes to the deep state.
A: It is hard to distinguish them anymore. All these guys simply go through the revolving door to the point where you can hardly distinguish [government employees from private sector workers]. A good percentage of the people sitting at their desks right now in the Pentagon are private sector contractors. They are literally in the Pentagon, in the NSA building, in all these organizations. They are the ones who essentially run the show, by virtue of having the technical knowledge.
Q: Snowden himself was a contractor.
A: Yes, he was a Booz Allen contractor. How is it that a Booz Allen contractor — a junior person — had access to all this information? It certainly doesn’t say much for Gen. Keith Alexander, who was the director of NSA at the time. How can he bitch and moan about Snowden? He was responsible for having him cleared, and for letting low-level contractors have that kind of access. And yet now he is working in some boutique cybersecurity firm on Wall Street and making a ton of money.
There are literally a dozen shadow organizations now within our govt. In addition if they like to circumvent the law they simply hire a contractor which doesn’t have to appear to FISA.
The shadow govt. is very real and is part of the corporate/military/industrial complex. Do some research on Apple and REACT. REACT is powerful enough to break down the doors of journalist/editors homes without any real evidence or need to present any evidence. REACT is a thug military wing of law enforcement funded by Silicon Valley.
Piss off the corporate/shadow thugs and watch the gang stalking and harassment start. Might as well prepare yourselves, go hard on privacy, and make things VERY hard for them to gather data/intel on you and you will drive them crazy. Share this data with everyone else, and eventually we all ‘go dark’ to them. I don’t trust any of them.
I found this WIRED Opinion piece interesting.
This article and several substantive comments deserve referencing via a link to all those inquiring about why Mr. Greenwald and other journalists have not released all the Snowden Documents and additionally as a premier lesson in how excellent journalism is — and/or should be — conducted.
Thanks to rrheard (among others) for his excellent questions and to Mr. Greenwald’s timely responses/clarifications. Comment sections rarely achieve the exceptional levels to those occurring within The Intercept, especially when the articles’ authors interact to valid questions.
(Although I admire Mr. Benito M’s unequaled satire herein, oh how I would relish his interaction with Mr. Greenwald in similar fashion to rrheard’s — To Wit; two wits).
After finishing a book about a Nazi trial, what strikes me is, are the people in the “system” breaking the law and should they be named and held accountable?? We are now going after cops(finally), and then these agents that are breaking the law ; should we go after them too. Whose to be held accountable? The system itself is corrupted and holding them(the US govt), accountable is problematic at best. Congress almost without fail grants more power to these forces every time they ask, so why do they even bother to ask? They’re going to do as they please anyway. All we seem to be able to do is hope the govt doesn’t change course and use all the information gathered to purge the population. It’s happened before and with too much power comes a will to control all. I’m just wondering if that could happen here and if so how will it end. Tough times indeed!!
It is all about the random number generation that isn’t very random.
Back in 2013, people weren’t waiting to find out which chips had been compromised.
Microsoft Win 10 is supposed to be not only ‘crackable’ – on demand from ‘security’ sources – it retains an indelible blueprint of all computer actions recorded, should it needs be accessed, at Microsoft HQ.
Thought for the day: Who owns your NSA/CIA/FBI/DOD/… file?
Well isn’t that special. Not to mention the prime ability to hack into priority in development business intel and developing technologies. Of course as a little mouse subsisting on cheese in the United Empire I would have to defer to Diego Garcia on that one.
American’s would not be as worried with the NSA encrypting the internet if they believed this information would be used to apprehend spies, traitors, criminals and terrorist , instead Americans are well aware that this skill, would be used against patriots, conservatives, tea party candidates, citizens against corruption in their government and other political enemies and anyone who believes in the constitution of the United States. Not for good reasons but to destroy them politically and personally. Or to criminalize them and attempt to put them into a political prison.
I think I can guess 2 leading chips with a high confidence level ;) hint: just follow the money trail.
All tyranny needs to gain a foothold is for people of good conscience to remain silent. -Edmund Burke
Thanks Glenn, for exposing our government as the lying, conniving bums that they are. Had you or Snowden remained silent, the average American would be even more ignorant than they already were. The ball is now in their court — I have no faith that they will do anything other than acquiesce for a little more security from a phantom menace.
Except Glenn is holding onto the vast majority of NSA documents – the worst of the worst – to protect the policies, actions, and people contained in them from the rightful indignation and retribution of us unwashed masses, the true owners of this information. He is a truly arrogant and belittling man…
LOL
And all the people at the Intercept who work with the archive – not to mention all the journalists and editors at The Guardian, The Washington Post, the New York Times, and ProPublica: all with many, many, many thousands of Snowden documents – are all my co-conspirators to help the NSA hide their worst crimes? Is Snowden in on it, because it would be really weird for him to have said: how come the worst crimes of the NSA are being hidden?
Yes, I know this comment wasn’t worth responding to, but I am genuinely interested in how broken the brain can be, how it can produce thoughts completely divorced from basic logic or rational thought while still allowing the person to engage in basic functions such as turning on a computer.
@ Glenn
Well to be fair the capacity to push an on-off button or learn to manipulate a computer keyboard in such a way as to produce something that approximates grammatically correct sentence structure isn’t really the most difficult of tasks. Hell primates and crows know how to manufacture and manipulate tools. Which is not to denigrate the intellectual capacity of primates or crows.
Sad truth is you have to teach critical and/or rational thought to human beings. Otherwise they go around operating on emotional stimulus and whatever strikes them as common sense and/or their lived individual experiences. None of the latter attributes of humanity have been real big in advancing the idea of “human civilization.” Which is not to suggest appeals to emotion have not been useful in advancing the human condition.
I’ll bet it was that last sentence that really fried your bacon, eh Glenn?
I expect more form you Glenn, than I do from any establishment lackey -or any other media outlet. Are you now equating yourself to those who you mention? You’ve always portrayed yourself as fighting the good fight against corruption and evil, but does that have its limits now that you’ve become wealthy and famous from your good fortune?
@ The Unwashed Masses
I think he’s just saying he’s doing the best he can (and yes that will always be a subjective judgment call as a journalist), given the complexity and incompleteness of the documents in his possession. He is trying to balance what he and Snowden believe (although they may at times disagree) to be “newsworthy” while minimizing any negative consequences to others with legitimate interests whether they be individuals or government agencies that arguably have some legitimate functions (in a very narrow sense).
I think as a lawyer he knows how quickly he and a lot of others would be arrested under myriad laws (whether he/they could be successfully prosecuted in an American court of law is an open question) if they were to just dumb everything. But more importantly, I think he believes that vetting and selective releases over time would be a more “effective” method of journalism. As he’s indicated repeatedly, he follows/followed quite closely the WikiLeaks saga and method, and again, in conjunction with others made a judgment call about how to report these documents.
He’s always made himself available for criticism in that regard and has always taken the time to try and explain his rationale for all of those decisions whether others disagree with him or not in that regard. And if past practice is any indicator I’m sure he’ll continue to do so in the interests of transparency. Not many, if any, other journalists anywhere in the world have been as transparent on one of the world’s most controversial and important stories as Glenn has tried to be.
Personally I’ve always have been pleasantly surprised that TPTB haven’t tried to arrest, silence or kill him. Given his notoriety I think only two things have kept that from happening are 1) to do so would make him a martyr to many, and 2) TPTB have a significant amount of confidence that enough people are uninterested, that this will all blow over and that nothing will ultimately change as the groups in power (Congress, POTUS, Business groups) are in on it or otherwise compromised, don’t want it to change, won’t change it except to the extent they cloak it in new and better Orwellian double speak, and will never hold any of the principals in the NSA et al accountable because to do so is to bring down the government (of whichever or both parties). That makes considering option 1 unlikely because it is unnecessary and counterproductive to their agenda–which is keep people fearful and confused while keeping their “deep state” taxpayer funded gravy train running on time.
Holy crap you do not know what you are talking about!
@rr
Horse, trough …
No.
I’m pointing out that an effort to suppress documents in order to protect NSA’s worst crimes – which is what he accused of me doing – would require a huge number of other people in on the plot: not just dozens of journalists and editors at the media outlets I mentioned (which have access to a huge number of documents) but also many here at the Intercept (who have access to the full archive and long have).
I suppose it’s possible to still say: oh, totally, I believe that dozens and dozens of journalists and editors at multiple, diverse media outlets including the Intercept have all conspired to suppress the most incriminating documents in order to protect the NSA – including people who have spent years attacking the NSA and who risked quite a bit to do this reporting.
But that’s certainly a harder sell than pretending this plot could be carried out solely by me. That’s why I pointed out how many others besides me would have to be in on the plot.
He is NOT fighting against corruption and evil. He is fighting against corruption and evil of those with whom he disagrees.
There is a theory, in between the extremes of libertarianism and socialism, which postulates that government is necessary, but in exchange for being granted the authority to rule, should agree to act purely within the public domain. That is, all actions of government should be open and subject to scrutiny. This theory holds that the people are indeed the true owners of government information. Therefore if information is too dangerous to be placed in the hands of the people, the government should not collect it. Actions, that if known, would publicly embarrass the government, should not be undertaken.
However, this is a minority view. No government would ever agree to such a restriction on their actions and no people would ever be brave enough to assert such a right in the face of authority. Full information would make hypocrisy impossible, and without hypocrisy, no government could function.
The MSM is never wrong. So if reporters at The Guardian, The Washington Post, the New York Times, and ProPublica are all in agreement, then any alternative view, as you assert, must be the product of a broken brain. Luckily, a functional brain is a luxury and in no way required for participating in the comments section. I just ask someone else to turn on my computer.
This comment is not a criticism. Neither you nor Snowden have any obligation to publish information you may possess, although I appreciate the articles which have been published. If people want an open government, they should demand the information from the government itself. However, this will never happen as people are generally smart enough to know they can’t handle the truth.
Thank you.
just wow.
@ Benito
You really do have a gift. I hope someone is paying you to employ it someplace other than here as well. But please never stop commenting here. Not sure I’ve ever read a better or more insightful satirist. Your stuff is dope. I wouldn’t be surprised to find out you write for Colbert, it’s that good.
…or a TV which he seems to do too often….
All that is needed for evil to take hold is for good men to do nothing. ~ Anon
Rep. Justin Amash Seeks to Stop Intrusive Cybersecurity Legislation Slipped into Omnibus Bill
By JOHN HAYWARD
30 Dec 2015
http://www.breitbart.com/tech/2015/12/30/rep-justin-amash-seeks-stop-intrusive-cybersecurity-legislation-slipped-omnibus-bill/
I firmly believe that the NSA, CIA, FBI, etc are all crying about the big bad encryption scare in an attempt to convince the Muslim world that encryption is secure… otherwise whey would they be “fighting” it so strongly. Just my opinion, but I wouldn’t bet the farm that encryption is secure from government agencies.
Thank you Glenn. I remember Angela Merkel was showing off a BlackBerry phone with a dedicated encryption chip added to it that she was using. Makes one wonder what chips they were talking about – single user chips, dedicated chips for servers (like banks use when you check your account online) – or just all of them (based on what we’ve seen over the last several years “all of them” would be the most likely choice).
Using my finely honed NSA Puzzle Kwestion skills, I ciphered-it-out they were looking to enable ‘leading’ encryption chips for VPNs and Web encryption devices, Glenn. And not leading encryption chips too. How else would the NSA ‘collect it all’?
The gospel Truth files about 9/11?
Other than that, I’m sorry to say, if you don’t have any ‘blue stained dresses’ files up your sleeve, or sumpin’, … well, I’m afraid it’s going to be hard to ‘shock the conscience’ any better/more than Trump can do at a town hall meeting, Glenn.
*not sure what ‘more’ could possibly be revealed more damaging than what has already been revealed, anyways … the Second Coming?
The Second Coming
BY WILLIAM BUTLER YEATS
Source: The Collected Poems of W. B. Yeats (1989)
http://www.poetryfoundation.org/poem/172062
Sphinx
https://en.m.wikipedia.org/wiki/Sphinx
ESSAY (Brilliant, imho ;-)
In Search of “Desiderata”
The tangled story behind a most popular poem.
BY DANIEL NESTER
[Excerpt]
“Desiderata” was first registered in the US Copyright Office in 1927. In 1933, Ehrmann sent the poem out as a Christmas card, without a copyright notice. Merrill Moore, an Army psychiatrist during World War II, handed out, with Ehrmann’s permission, an estimated 1,000 copies of “Desiderata” over the years while in civilian practice in Boston.
That last detail is crucial because it’s one of the instances the US Seventh Circuit Court of Appeals cites as evidence of Ehrmann’s expressed forfeiture of copyright. A 1975 lawsuit was filed by Robert L. Bell of Crescendo Publishing against Combined Registry Company, publishers of Success Unlimited magazine, which released “Desiderata” in August 1971 without attribution to Ehrmann. In the late 1960s, Bell purchased the author’s rights to “Desiderata” from Richard Wight, Bertha Pratt Ehrmann’s nephew.
The court ruled against Bell, citing an abandonment of the copyright. The Supreme Court declined to hear Bell’s appeal. Over the years, Bell had sued and given legal notices to dozens, from Warner Brothers, who released the Les Crane single, to the company behind the ubiquitous posters featuring Larry Keenan’s melancholic photo.
Bell continued to assert that he owned the copyright to “Desiderata” until his death in 2009.
(cont.)
http://www.poetryfoundation.org/article/251264
Which Lives Matter?
I am fascinated with the huge disparity between how the police are treated and how the intelligence agencies are treated, and I also wonder if this is merely a symptom of unconscious bigotry against muslims and islam.
Glenn wrote:
I’m curious why this same logic does not apply to the police?
There is no legal accountability for the police. One bad cop is only replaced with another. Why are protests aimed at the individual actions of one low level police officer not subject to the same dismissive judgment?
I am having a very hard time understanding how a person can sincerely believe that protests aimed at naming and shaming of individual police officers are moral and effective, yet be ambivalent about the same logic applied to intelligence officers.
Maybe I misunderstand Glenn’s opinion about how to deal with police misdeeds, and Glenn thinks that protesting and naming and shaming individual officers is either “low-level harassment or extra-judicial punishment” with questionable value.
A person that thinks that police officers should never be named and shamed for bad actions because it amounts to “low-level harassment or extra-judicial punishment”–would it be fair to call that person a police apologist?
Damn right.
So why doesn’t this same logic apply to the same argument about intelligence officers?
For people that do believe the police should be named and shamed, but not the NSA, is it possible that you hold these contradictory beliefs because you unconsciously believe that the muslims and islam are a unique threat?
Fuck the nsa, they should all be stabbed with a rusty screwdriver, In the eye
Hahahaha! I like it. Although, I’d modify it to both eyes.
Get a rope.
“Transparency is the Enemy of Empires”.
Open source is no guarantee that anyone who knows what they are doing has examined the code. It turns out there are very few people out there who fundamentally understand every line of the code in these crypto systems. In fact, you should assume if something is publicly available, it’s been weakened intentionally.
The moral of the story is to only use open-sourced software encryption, to avoid this type of twisted “patriotism”.
Is Rand Paul the only mainstream candidate that promises to put a halt to this snooping on all of us?
I’m SUUUURE they’re ONLY interested in doing good…….
http://computer.howstuffworks.com/encryption1.htm
http://www.merlincryption.com/What-Is-Encryption-How-Does-It-Work_ep_171-1.html
http://www.hacker10.com/computer-security/how-does-encryption-work-encryption-for-dummies/
The articles you reference may lead people to believe that encryption is all about software, and that is unfortunately only partly true. There is a key element in any good encryption system, and that is a source of random information. One can emulate the process in software, but to do so is NOT secure. For that reason, all the PCs and Macs that are sold include a special chip (a piece of hardware not included in the circuitry of the microprocessor) that has been designed to produce “cryptographic quality” random sequences. Such chips are also used in routers and other communications devices.
If the designs of these chips have been compromised – and we now know that at least two of them have been – then all the computers in which they reside are vulnerable, regardless of what kind of software they use. That, for the NSA, is the beauty of it. Even if someone comes up with some new, open source encryption software, the vulnerability is still potentially there.
What the arrogant assholes of the NSA and GCHQ fail to appreciate is that with all the trillions of dollars out there, criminal syndicates have powerful motivation to exploit the vulnerabilities that the spies have introduced. What criminal enterprises will do once they can break in will make 911 look like a Sunday school picnic. But of course those who are supposed to be protecting us will deny their role.
Macs do not include or use TPM chips ie your ‘special’ chips. And haven’t for 7 years.
https://en.wikipedia.org/wiki/Trusted_Platform_Module#Spread
Pedinksa: My first thought … what a sweet heart with all good intent. Thank you for your feedback and your suggested reading reasources. We need more people like you in our world, not less.
Self Edit: spelling error reasources … the correct spelling “resources”. My bad. Good bye and good luck to you all. Out!
I wish TI would survey some independent computer professionals to try to get a consensus what the three leading encryption chips were at the time that document was written. (yes, I said three — the document would have said “three” or more if the third-best seller had been compromised, and obviously the identity of the working chip is of more practical use than the others!)
How would anyone know which metrics were used to determine “leading”: best-selling, most-used, highest-quality, most influential, etc?
Certainly I have no idea. Not being an expert, it seems conceivable to me that the experts might find this doesn’t make a difference in their determination. Capitalism often doesn’t give people a whole lot of choice.
I think it is safe to say that chips used in Cisco hardware are comprised. Especially since we have pictures showing NSA techs intercepting Cisco hardware sent through the mail and making changes. I also believe that is a federal crime and should be prosecuted.
Hello,
I apologize for my ignorance. Can someone please explain what encryption is and how it benefits people? If the tool is suppose to secure content, (i.e emails and chats) how is the NSA breaking it as related to this article?
Thanks In Advance.
Al.
Encryption is using a mathematical formula to transform readable text into unreadable random numbers and letters in order to maintain privacy.
If I were to encrypt this sentence it would turn into something like: jdj38djj2k2j2j2iidjjn3jd9dndjglsndbueiqndnn…
In theory, only someone with a unique key should be able to decrypt the message back into its original form.
But as these documents have shown, knowledgable attackers without keys are able to decrypt because during the original development or the mathematical formulas, developers purposefully made weak spots or “back doors” in the formulas.
This was recently shown to be the case for Juniper, a major core networking infrastructure provider with one of their products. Juniper holds the #2 market share behind Cisco.
Actually- with the exception of ECC- there has been virtually no interference with the math. It’s almost all RNG, side-channel and key exfiltration attacks. The math is solid, but the code isn’t necessarily. With all their money, the NSA never actually found a way to convince smart, educated cryptographers to hide their work from one another. At least as far as I’m aware of.
Thanks for the info.
Just to add to what Chris said. Instances that you might use encryption every day – if you go online and login to your e-mial account or buy something or go to your bank’s website to check your account those connections would be encrypted (so others could not see your credit card number or your ID / password for e-mail, banking accounts etc.). It’s a basic part of the Internet that is required for it to function and has been in place for many years (although some politicians don’t seem to grasp that).
Encryption basically gives you a “security envelope” to do things you need privacy for (whether its checking your banking account or buying something online or logging into your e-mail or having smartphone text messaging with privacy – https://whispersystems.org/#page-top).
Thanks for the info and the URL.
I would be more worried the chips have a Chinese backdoor.
In reality everyone concerned about encryption doesn’t use fixed function encryption acceleration anymore. Modern CPUs provide special instructions to accelerate encryption but it is still directed by software step by step.
There’s nothing in the comments about an important practical result of these disclosures: the impact on sales of US originated technology. I have purchased many Juniper firewalls and Cisco routers, and I won’t be doing so again. None of my employers has had commercial or other important secrets vulnerable to compromise but that isn’t the point. One wonders what risk assessment was done by the NSA and co. before deciding to compromise such devices?
Well I am clearly no techie. Much of this tech talk makes my head rattle and shake. But I have not forgotten … in August 2001, I purchased a brand new HP Pavillion. It had the latest Norton & Semantic Security installed. Within less than two months, it was infected with AT&T and Cox Cable trojans. And I quickly learned the mainstream media channels (online and off, as in tv) were being made privy to my web searches, emails and reading materials. These bastards know exactly how to make a person’s life a living hell (virtual reality nightmare!). God help you if you or one of yours ever become one of their targets. It’s evil!
ATTENTION GLENN GREENWALD & FRIENDS … GOOD NEWS FROM REP. JUSTIN AMASH!
Justin Amash (R-MI) [ @justinamash ] added 3 new photos.
December 17, 2015 at 11:30pm ·
I sent the following letter to my colleagues:
December 17, 2015
Oppose Omnibus to Stop Anti-Privacy Cyber Bill
Dear Colleague,
On Wednesday afternoon, the chairman and ranking member of the House Permanent Select Committee on Intelligence (HPSCI) distributed a myth-fact sheet about the Cybersecurity Act of 2015—legislation that was negotiated in secret by a handful of members and then tucked into the omnibus appropriations bill. Their sheet contains inaccurate and misleading information. This cyber bill is the worst anti-privacy legislation since the USA PATRIOT Act.
Here are the real myths and facts…
(cont.)
https://m.facebook.com/repjustinamash/posts/990511757654897
ATTENTION: THIS IS IMPORTANT!!!
Rep. Justin Amash Seeks to Stop Intrusive Cybersecurity Legislation Slipped into Omnibus Bill
By JOHN HAYWARD
30 Dec 2015
[Excerpt]
Also, there is no way to learn what the government is doing with our private data, because the data sharing will be immune to Freedom of Information Act requests, and the president can create new data portals at his discretion if the portal established by the Department of Homeland Security turns out to be “flawed.”
The House Freedom Caucus tried to stop this latest incarnation of the controversial Cybersecurity Information Sharing Act (CISA), complaining that the measures were shoved into the omnibus junk pile at the last minute with little opportunity for review, but the effort was unsuccessful.
After the omnibus dragged its flabby bulk off Capitol Hill and set forth to ravage middle America, Amash declared the new stealth cybersecurity legislation to be the “worst surveillance bill since the Patriot Act.”
“Many of my colleagues remain unaware that a massive surveillance bill was snuck into the omnibus,” Amash told the Daily Dot. “And if they are aware, they may have been misled into believing this bill is about cybersecurity.”
The Daily Dot notes that Amash’s proposed bill to repeal the Cybersecurity Act of 2015 will have to be introduced after Congress reconvenes on January 6.
http://www.breitbart.com/tech/2015/12/30/rep-justin-amash-seeks-stop-intrusive-cybersecurity-legislation-slipped-omnibus-bill/
Re: “There also seemed to be a concern among some editors that any attempt to identify specific encryption standards would enable terrorists to know which ones to avoid.”
Presumably, this information would also be of use to our Congress in avoiding NSA interception as well!
HELLO??? CISA legislation effectively allows/permits/legalizes what exactly?
5.0 out of 5 stars A book surveillance researchers will greatly appreciate, August 19, 2009
By Aaron K. Martin
This review is from: Wiring Up The Big Brother Machine…And Fighting It (Paperback)
[Excerpt]
AT&T later tried to prevent Klein and the EFF from pursuing a lawsuit against the company by claiming the unclassified documents Klein had collected while working there contained confidential and proprietary information: trade secrets. The judge involved in the case was not convinced. The Feds tried invoking the state secrets doctrine in an attempt to invalidate the lawsuit, but this unusual judge still refused to dismiss the case. As Klein points out, this move only brought more media attention. Ultimately, it took an act of Congress to change the law to grant retroactive immunity to AT&T and other telecommunications companies. This unprecedented manoeuvring effectively ended the lawsuit.
(cont.)
http://www.amazon.com/review/R164J20Y7CB4LU/ref=cm_cr_dp_title?ie=UTF8&ASIN=1439229961&channel=detail-glance&nodeID=283155&store=books
Comments
Initial post: Mar 19, 2010 4:29:33 PM PDT
John Burd says:
What is more interesting is that Qwest CEO Joseph Nacchio claims the NSA wanted to plug in before 9/11.
http://www.wired.com/threatlevel/2007/10/nsa-asked-for-p/
Reply to this post
In reply to an earlier post on Apr 4, 2012 8:59:29 AM PDT
Marina says:
It’s worse than mere surveillance; google gangstalking, Gestapo, EMF/RF murder. ALL Americans are in a virtual prison system. Mainstream media are owned by the banksters and their military hitmen.
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
An article by James Ball, Julian Borger and Glenn Greenwald had 4142 comments.People were interested and wanted to know more.
So far this article has attracted 36 comments.
Rather than write up some more files, this one is recycled.
How many journalists a day work on the Snowden docs?
When will a new disclosure appear?
I think when no one is watching and it doesn’t matter anymore.
Snowden has changed nothing, not his fault.
Governments all around the world have increased surveillance. What was illegal they have made legal.
Snowdens disclosures, handled as they were and are, has suited the TPTB.
Still running everything past the NSA Glenn. Shame on you.
I am over the hype you sell and the same boring go no where arguments you use to self promote your own existance.
Get off twitter and do your duty. You can’t dump you say but even the trickle drip drip you have employed has ceased to flow.
Your loyalists will see no evil, hear no evil and speak no evil.
But I see you. You run everything past the NSA.
LOL. You really are in a daze.
Sometimes the sheer stupidity circulated by the internet is actually painful.
Aside from the fact that one of Snowden’s conditions at the start (as he’s said publicly) was allowing NSA to comment on proposed publications beforehand, it’s just the most basic rule of journalism (literally) that you seek comment from someone on whom you’re reporting. If you could comprehend what you’ve read, you would know that 99% of the NSA’s requests not to publish (including for this encryption story) were rejected.
I myself am not a big fan of redaction, so I’d like to make a modest proposal. Release all the documents, but encrypt them first, using one of the two leading encryption chips. There is no possible way to break such encrypted documents, unless of course the chips have been compromised in some way. But whose fault would that be? The NSA would hardly be in a position to complain. And it would serve as an object lesson that compromising encryption standards has a way of boomeranging in unforeseen ways.
Just a suggestion.
Brilliant!
Amazing. Satire delivered with a encrypted stab in NSA’s eye. Bill Hicks must be LOL.
Interestingly if you look at that NYT link from 2013, last annotation, they alluded to two encryption chips.
I am confused, I thought GG had all the Snowden documents. The documents that the others NYT WaPo Guardian also had copies of some perhaps many but that GG had them all.
Is it that GG does not know what was redacted either? How could that be?
What about all the hours and hours of tedious document review requiring years apparently? Really?
Set me straight someone, please.
No. Of course he did. He just revealed today what they had redacted in their previous reporting on this issue.
@ Glenn Greenwald
Any chance you’d care to elaborate on the following in your response below:
How or what class of people (i.e. “countless people”), in an internal NSA document, could have their “reputations destroyed”? “Reputations” for what, working to destroy internet security for big swaths of the planet at the behest of the NSA? Or do you mean actual “covert agents” of the NSA are mentioned in those documents and to publish them would destroy their “covert status” (i.e. “reputation”)?
Or are you suggesting that there are many people mentioned in those documents who either opposed this particular program or activity of the NSA, or didn’t actually play a part in carrying it out, and thus should not have their “reputations” destroyed by having their names published?
Just asking because that statement is confusing me. I understand Snowden’s objection and your agreement with him, and agree with those two reasons by and large. Not sure I understand the statement I’m asking about.
Thank you.
@ Glenn
And as a follow-up for those of us who are basically technology illiterate in the sense of networks and their hardware and software–are we talking “tunnel” or “transit”. “IPsec and SSL”? WAN or what? HTTPS?
I mean I really don’t know what we are talking about here and it would be nice if someone could give a more technology based explanation so we can understand what exactly may be compromised?
Don’t you think, or not?
I’m talking about people targeted or held in suspicion by NSA:
People accused or suspected of terrorism or terrorism ties. People accused or suspected of other crimes. People whose private communications are summarized in these documents. People whose actual communications are included in these documents.
If we were to dump documents like that, that would follow them around on the internet for their entire lives.
The concern is particularly acute for Muslims and members of other marginalized groups. As I’ve described before, when we did our story in which we named 5 prominent Muslim-Americans targeted by surveillance, the first step was to contact the people whose identity we wanted to disclose as targets to make sure they were OK with it, and every person with very few exceptions reacted with horror and fear at the prospect that we would publish documents showing that the NSA regarded them with suspicion.
Even if people are innocent and know they are, the fact that the NSA internally discussed whether they were guilty would be a black cloud following them around for the rest of their lives. It’d be incredibly irresponsible to publish docs like that, or docs that contain their private communications.
And that’s just one category of docs that could easily harm lots of innocent people if we published them.
@ Glenn
Okay thank you for the response. That makes sense.
But why can’t those innocent names of the “targets of surveillance” be redacted out so it can be made plain exactly what “encryption chips” have been targeted or compromised? I mean that’s the thrust of the unredacted portions of these docs–not the targets of surveillance but specific encryption chips used in VPNs and Web encryption devices have been compromised by the NSA (or likely to have been compromised). So again, what does specifics about that have to do with the capacity to redact out the names of surveillance targets in those documents?
Those can be redacted, but now you’re asking us to withhold information on the ground that it could harm people, not just disclose it all. That’s what we’ve been doing, and it takes a huge amount of time to assess and to suppress.
But what about all the other types of information that could harm people? Should we publish people’s private communications even with names redacted? Why? Should we publish technical guidelines that would help other governments more effectively spy on their own citizens? If there are people who are legitimate surveillance targets – people actually plotting attacks – should we alert them to how they’re being surveilled? How about documents that might reveal the identities of sources of this information? Should we throw caution to the wind and do it ?
In terms of time, should we focus on those kinds of disclosures or the kind we’ve been doing: informing people about the types of surveillance being done so that they can meaningfully debate it, impose limits on it, demand encryption solutions for, etc? What about documents that seem banal (no real interest or value) but whose implications we can’t know? Should we just publish those with no news value and hope for the best?
Our goal from the start was to publish everything we possibly could that would inform people what they should have known all along and need to understand what’s being doing, but not allow the claim to be made that we’ve endangered innocent lives and/or have to live with causing serious harm to innocent people. It’s a lot harder than it sounds, and when you combine the quantity of the documents with their complexity and incompleteness, it’s harder even still.
These kinds of discussions – which I’ve had a zillion times over the last 2+ years – always feel so arbitrary to me. We’ve published literally thousands of pages of top secret documents, so whenever anyone suggests it should have been more or should have been faster, I’m always left wondering: how many more? how much faster? by which means? which types of docs?
@ Glenn
Okay I’m not questioning your judgment on what to release. And I’ve never been in the category, that I recall, to have ever suggested you should just “release it all” and for many very obvious reason. I specifically agree that “sources” contained within those documents or legitimate and illegitimate targets of surveillance alike should be protected. Again for obvious reasons.
I’m asking because I don’t understand this specific decision to “un-redact’ what was previously redacted.
It appears to my technologically unsavvy eyes that the import of this “unredaction” is that two of the best known encryption chips available on the market to secure the communications of everybody using them in VPNs or Web encryption devices has been compromised. Is that an inaccurate understanding of this article?
So are you suggesting that to tell us, or redact more documents of identities but that might otherwise shed light on which chips and which products are compromised, is “to help other government’s more effectively spy on their own citizens”? If so how could that be the case, because if people know which chips are compromised they might choose to stop using them.
Now it is true that to disclose which chips might or were compromised might give supposed “legitimate terrorism suspects/targets” more information than they might otherwise possess at present. But how can you have it both ways i.e. you’ve stated repeatedly that “terrorists” are well aware that the NSA has nearly limitless capabilities and that often if not the majority of times, they are well aware (and have been for decades) and quite successful at employing either low tech, no tech or otherwise employ encryption to defeat the NSA’s snooping?
But that raises the obvious question of–if the NSA is defeating the encryption technologies that billions of non-terrorists are employing in their daily lives, how is it benefitting those billions of people to be in the dark about which encryption chips or technologies are being subverted? In other words how can you legitimately defeat all the encryption technologies without putting the privacy of billions at risk all to theoretically catch a few global criminals that despite all the tools at the NSA’s disposal the NSA has been abysmally bad at stopping by employing all its tools?
I guess I’m just not getting what’s at issue here as far as disclosing best guesses on which chips or technologies have been subverted. I mean is it Cisco products? Or Intel chips or AMD or what?
What is our expectation from Glenn Greenwald exactly? That’s what I’m trying to understand.
The way I see it, Glenn is trying to disclose government wrongdoing. If The Intercept feels that it doesn’t need to disclose specific names of companies making the chips, then it doesn’t have to. I personally feel it’s the right call. I don’t see what good it does to name a company, or why the readership has a right to this information. It’s the prerogative of the journalist.
Also, the NSA and the CIA have a job to do. It’s not Glenn’s job to reveal every dirty secret. It’s his job to make the public aware of overreach and circumvention of the law. I personally don’t understand the call to have Glenn reveal everything. These organizations have legitimate secrets. If Glenn errs on the side of being cautious, I for one have no problems with it.
@ AtheistInChief
Umm because almost every single one one of those companies, or the companies you use their products to provide you internet service, makes the specific representations to its customers (i.e. me, you and everybody else from businesses to individuals) about the sanctity and privacy of the transmission of their data absent a lawful warrant requiring that it be disclosed to the government for a lawful reason. If that’s not important to you fine. But I think you are misunderstanding the implications of subverting the very common and almost universally relied upon encryption protocols at issue here.
As far as those companies “legitimate secrets” I’d agree they have patent, copyright and trade secret protections. None of that has to do with their knowledge that their products are/have been subverted by the NSA–and if Glenn’s other disclosures are accurate–as willing accomplices of the government. So no I guess we’ll have to agree to disagree about the value of naming companies who either knew or should have known, and their failure to disclose to the public and all their customers, that their data had been compromised.
Way too much is being made of this. It’s not a vitally important un-redaction.
It’s really simple: at the time these stories were published in 2013, people speculated that the redaction hid the names of the actual, specific encryption chips that had been compromised. That was never true (as you can see). If I had been choosing alone, I wouldn’t have redacted it (and said so at the time), but I never thought it was a big deal one way or the other, and still don’t.
After the Juniper revelation last month, people – tech people – re-raised it, because their interest level in crypto-targeting renewed, and said: hey, by the way, remember that redaction? I thought to myself: “Oh, yeah: that.” Now that I’m not at the Guardian, and don’t have to work with the NYT, I thought: “maybe it’s time to just publish the full document.” So I looked at it, talked to Intercept people, and we all quickly agreed we should.
We don’t think it’s a big story. We’re not presenting it as such. It was more: people asked if they could see it. We don’t see why they shouldn’t. So we published it.
This, by the way, underscores the other side of publishing docs: If you publish documents that aren’t significant, people will say: “why are you publishing this? what is so shocking about this”?, etc
@ Glenn
Thank you very much. Sincerely. I appreciate the time you spent explaining what was going on. I misunderstood the import of the piece as “The Intercept now has a good idea which two encryption chips were compromised” when really all you were trying to do is be transparent with others about what you didn’t know and what you weren’t willing to speculate on.
Again, I appreciate all your work on these issues and despite all my nitpicky questions appreciate that what you, Laura and all the rest of the Intercept staff do with regard to these documents is very sensitive, time consuming and fraught with inherently difficult judgment calls about what to disclose and why.
Again, thank you sincerely, and I wasn’t trying to be a pest or a jerk. I save that for some of your commenters. : )
Also, can the rationale for revealing involvement and misdoings of top officials, but not the involvement – and therefore misdoings – of mid-level or lower officials, be explained? The placement and context of numerous redactions in the Snowden documents published over the last few years points to the latter kind of party spared being named.
Is this an indication that the idea that “just following orders, got a family to feed and career to protect you know” has some real traction with the editors of the leaked documents? Is it fear that too many revelations of specific actors will spur serious retribution from governments? Along the same line, do the editors of the leaked documents have an interest in the intelligence agencies continuing to function roughly as they have been with roughly the same functionaries, minus the privacy transgressions?
@ JG Miller
Agreed. It would be nice to have an explicit explanation that those individuals who were just following orders, and of a lower rank or level, should be spared from exposure. I’m not sure anyone should be spared from exposure when it comes to participation in mass violations of people’s civil rights and/or violations of the US Constitution or US or international law, but I think it would be an important discussion to have so it can be debated.
I mean why should some NSA hackers of American’s and foreign national’s communications be spared from the consequences for that voluntary participation be entitled to earn a six figure salary and tax payer benefits? At what level of “responsibility” in the chain of NSA command do we say you are “high enough” or “low enough” on the food chain to escape accountability–legal or otherwise? Maybe consequences should be confined to those who make and directly implement these unlawful policies? I don’t honestly know how I feel about it yet, but I think it is an important discussion to have.
I mean “just following orders” has never struck me as much of viable justification for not holding human beings accountable for their immoral or illegal acts? It just strikes me as arbitrary and absolves people so long as they don’t question the institutional authority of whichever government or group they happen to be working for.
It’s a decision about which I’ve been ambivalent from the start, but yes, early on most people involved in the editorial process felt like the names of top officials should be disclosed, but the names of low-to-mid-ranking functionaries shouldn’t be, mostly because there’s no value in that disclosure yet possible harm (namely, they’re the ones most likely to suffer threats, recriminations, harassment and the like since the more powerful people are more protected).
As I said, I’ve been ambivalent about that from the start – I can argue it either way – but I never believed there’d be legal accountability for any NSA worker from what we publish and so it wasn’t a case where we were protecting anyone from anything other than low-level harassment or extra-judicial punishment. What value would there be in disclosing the names of low-ranking career people?
Maybe they’d think twice about working for or engaging in the mass violation of people’s civil and human rights?
I mean by nearly the same question above, what would be the value in ever putting lower level soldiers on trial for war crimes?
And while that is a slightly different question given usually war crimes are function of causing death or physical suffering, why should anyone be free to employ their education and skills to knowingly engage in mass subversion of people’s right to privacy, or the rule of law?
Again, I guess I’m not picking up the coherent logic or morality of the position to spare “low-raking career” subverters of others rights? Why, because their “intentions” were good? Or they wanted to “believe” they weren’t violating the law because their superiors told them they weren’t or ordered them not to care?
I see we’re of at least a similar page. Refreshing to see, at least. Keep on it.
Exactly to Glenn’s point – the problem is with the system and its management. More broadly, it can be generalized to overall dysfunction in government and latent tyrannical tendencies seemingly present in world leaders. To tar and feather NSA employees would be of poor taste, and would not make for very interesting readers except to mediocre minds. The narrative thus far has been led in the right direction by GG et al., in my opinion.
rrheard, Your expectations are entirely unreasonable (“It would be nice to have an explicit explanation that those individuals […] should be spared from exposure.”) You expect too much! The overwhelming majority of citizens don’t even care about the blatant disregard of laws by high-ranking officials, nor truly appreciate the scale and power of the military-industrial surveillance apparatus. Rather than criticize the methodology of an award-winning journalist and his colleagues, it might behoove you to better inform others, especially your representatives in government, which will truly have lasting value.
@ Johnny Encrypt
You know why most people in society (i.e. low ranking individuals) are perfectly at ease with violating other people’s rights, specifically the police and every low-level bureaucrat with any capacity to do so–because they are well aware of the “institutional protection” they enjoy by being employees of that particular institution.
Now I would be satisfied with all the “top-level” heads that can be exposed being exposed and being held legally, politically and morally accountable by the public whom they nominal serve. But unless they are replaced with a “system” that ensures accountability and transparency in policy formulation and implementation, then I can almost guarantee there will always be this problem of always being able to find some low-level official to be promoted to a higher level position who will engage in precisely the same behavior for the very simple reason that they’ve been conditioned to expect that they will never be held personally accountable for their actions or violations of law or peoples rights because they enjoy the immunity of a) the institution, or b) their lack of sufficient rank within the institution.
So my expectations are entirely reasonable for someone who understands government institutions quite well and the mindset of the employees who work for them–particularly government bureaucracy if not large corporate bureaucracy.
And for the record my Senator, Sen. Wyden of Oregon, has been well aware of all of this since probably day one but was too cowardly to avail himself of the Constitutional protections he is afforded by the speech and debate clause of the US Constitution to have blown the whistle himself into the public record and taken his chances defending my and everyone else’s rights.
So color me unimpressed thinking bringing this sort of information to “our representatives” will change a god damn thing in this world. Because it won’t as is evidence by all of the “non-fixes” that have been legislatively passed in this arena since Glenn started reporting Snowden’s documents.
Not one meaningful thing has changed in the US Congress legislatively as a result of these disclosures. Not one. Other than a public debate has been spawned among the more curious or “individual rights orientated” people in the world. And if you think any group of elites in the US Congress has the will to change any of it, you are likely deluding yourself and don’t really understand how the world works.
So I’ll keep my expectations precisely where they are at present–that all people be treated equally before the law, and that all knowing violations of the law by government officials, regardless of how “high” or “low” they are on the bureaucratic food chain are held individually responsible for their actions–just like every other individual on the planet who doesn’t have the good fortune of being employed by the government or a high ranking official.
I think most readers of The Intercept agree with your views on the impotence of just pursuing these issues through congress. The only thing I’d say regarding naming of mid-level employees is this: I think most people who join the NSA or the CIA or the GCHQ probably do so for patriotic reasons, just like Snowden did. The mid-level guys are being directed to break the law by their superiors. Not everybody has the ability, mental, intestinal or testicular, to stand up to every unlawful request. They’re probably thinking about their children’s college payments or their mortgages.
So from that perspective, I understand Glenn’s position. I understand your frustrations also, but find myself more sympathetic to Glenn’s position.
And overall on this issue, I think Glenn has handled these disclosures as well as could have been. This entire thing has been hanging on the balance rather precariously. There are people who disagree vehemently with Glenn, and while we don’t have to agree with those people, I’m sure we all appreciate the circus act it must be for Glenn.
@ AtheistInChief
I agree with everything you said about the difficult position Glenn is in trying to balance all the competing interests and value judgments that must be made in reporting on these documents.
I’ve never been one to demand that he disclose them en masse. I’ve also never directly questioned his judgment about what he or the Intercept chooses to disclose or not as he’s seen all of the documents and I haven’t.
The only issue I have is with this general sentiment or justification for people’s actions (or any permutation of the below say for example “I joined the Army for college money and skills and didn’t really want to kill anyone.”:
While I understand, without being a parent (as I have parents and nearly every family member and friend has children), the difficulty of being a parent and sacrifices parents make for their children.
But at some point this idea has never has made any sense to me. What does it teach children that a parent will do or say anything to ensure that their children have the best opportunities in life regardless of the cost or consequences of those decision born by others? What does it say about a person when they knowingly join the US military being just about assured they are being trained to kill another human being in “service of America’s interests”?
At base it’s an abdication of one’s morality and personal responsibility to subsume one’s decision making for expedience or comfort.
Now I actually have a lot of sympathy for parents or individuals who make decisions when their lives are materially precarious in the circumstance of: they don’t know where their family’s next meal is coming from or how their family will survive in the elements without proper shelter or clothing.
But billions of people all over the globe find a way for their children to survive without much in the way of material comforts or lifetime material opportunities without killing other human beings or engaging in activities that fundamentally and more or less directly violate others human rights or force them to bear the consequences of another’s decisions born of wanting to provide a “better” life for their children.
In fact, I’d argue it is precisely that mindset that allows the immorality of America’s capitalism and America’s militarism to go unchecked.
And here’s my personal feeling on this, and it isn’t born of self-importance or thinking I’m morally superior to most human beings because I don’t. But at some point people are going to have to take a good long hard look at themselves and their “way of life” and maybe come to the following realization before we can all live responsible ethical lives:
That’s where I’m at in life. And that’s the point I think the world is at collectively. And if we don’t all buck up and show a little more solidarity across our differences, and little moral fortitude in the face of material uncertainty and in everything we do, then we’re going to leave a lot of the world’s children in a very very bad place.
And maybe to some people the little things, like violating everybody’s civil rights en masse isn’t all that important to them. But I think that’s simply a feeling or opinion born of tribalism and/or ignorance and/or the fact those people have never been on the receiving end of having their rights violated. Most people are too busy, lazy or self-absorbed just trying to survive and make a better life for themselves and their children that they refuse to really look at the consequences of the actions. And that’s what I find unacceptable. To rely on the “future of your children” is an excuse rather than a justification for immoral or illegal indifference to the plight of others or the consequences of our decisions. IMHO. Nobody is perfect, and I’m far from it. But we are all going to have to try harder and sacrifice more if we are going to escape what I see as a very problematic global system of naked capitalism and the militarism (violence and death) I believe it necessarily spawns.
“Again, I guess I’m not picking up the coherent logic or morality of the position to spare “low-raking career” subverters of others rights?” and “At base it’s an abdication of one’s morality and personal responsibility to subsume one’s decision making for expedience or comfort. ”
I agree with the ideas quoted, in principle, but I also have mixed feelings because we live in a system that will readily single out those with no or little power and make them scapegoats without doing anything to change the overall system. Moreover, at the same time the scapegoats will be used to distract attention away from the fact that nothing has/is being actually changed for the better.
That is perhaps why some would prefer to make the ones pay who designed and implemented that system and, based on there being limited resources which must be allocated, I find it reasonable that the one doing the allocation do what he or she believes will be the most meaningful use of said scarce resources. It is a compromise and certainly not ideal but, as you are very aware, we are not living in an ideal world.
There is a reason that many of us feel that selective prosecution is unfair and that is what generally happens in situations with a hierarchy of command doing bad things. This is a focus on individual or dispositional evil, from Zimbardo’s excellent work, ‘The Lucifer Effect,’ rather than the two other forms he identifies: situational and systemic evil. The price to society is very high when we prosecute the individuals at the lower level while neglecting the instigators. I think this is how it has been in our society for generations, perhaps millennia. Look how well that’s turned out.
@ Joy
I agree with you to a point. But again, I think their are two benefits to prosecuting everyone equally–disincentive for all against breaking law, forces people to consider what they are doing even at lower levels.
I’d never look the other way when it comes to those who develop and implement policy that violates law, human rights, or the Constitution (right up to and including the President and every other cabinet member or high ranking military official as they all swear the same basic oath to defend and protect the Constitution). And I’m of course aware that they have more “protections” as a function of rank and the institution they work for. That’s why I think there needs to be a Constitutional amendment negating the idea of “sovereign immunity”. It creates a hopelessly untenable ‘moral hazard’. Same goes for limitations on corporate liability of boards of directors and officers.
And as far as prosecuting lower level people, the legal system does it every day. Not necessarily to put a low-level grunt in jail, but to get them to spill the beans on the higher ups who ordered them to violate the law. Those who cooperate are shown leniency for their crimes or immunity from prosecution.
But no one will ever convince me there is any coherent logical or moral justification for treating individuals differently before the law based on “status” or the nominal importance or difficulty of what they are tasked with doing.
“there” not “their” . . . sorry for all the typos and bad composition in the above. I was typing and posting those comments real fast off top of my head and without concern for editing.
I appreciate your response but I am not sure you actually addressed my points. Looking at the consequences of what you are advocating, seems to lead to a moral quagmire: “And as far as prosecuting lower level people, the legal system does it every day. Not necessarily to put a low-level grunt in jail, but to get them to spill the beans on the higher ups who ordered them to violate the law. Those who cooperate are shown leniency for their crimes or immunity from prosecution.”
The three obvious downsides to this are:
1. All the years of small-time drug users and dealers arrests and convictions has, AFAIK, rarely if ever resulted in bringing down the top of the drug importing and distributing chain, nor has it ended the illegal drug business. So it doesn’t work to bring the desired result. (I am not advocating the current legal stance toward these drugs but they exist and are an example that refutes your claim that arresting the small guys will inexorably lead to the top.)
2. The hundreds of thousand low-level drug busts have not deterred sufficient numbers of others from taking their places. Therefore the method you advocate and which is used in these cases has fail to attain the desired result of deterrence.
3. The ‘jailhouse snitch’ as leniency for testimony is sometimes called, has lead to a very large number of convictions of innocent people. To advocate more of this, basically coerced testimony, or to praise it as supporting a moral argument, seems to more undermine and support any moral premise.
The consequences of one’s moral position need to part of what one considers in these most private of decisions and sometimes there are no clearly better positions from an absolute perspective. I have found it is helpful to recognize that what underlies my position on any subject is: what kind of society/life I want to see. How narrowly I view the likely outcomes when analyzing/advocating any particular issue is a key component in determining my position.
I appreciate anyone who is interested in trying to reach a moral stance. I’ve been doing this my whole life and, in my experience, most people will not thank you for your questioning.
Ron Wyden, Senator for Oregon
Wyden Votes ‘No’ on Harmful Cyber Bill and Weakening Oversight of Surveillance Programs
Friday, December 18, 2015
Washington, D.C. –Sen. Ron Wyden, D-Ore., today voted against a legislative package containing a dangerous “cybersecurity” bill and provisions to undermine independent oversight of government surveillance programs.
Republican leaders inserted an extreme version of the Cybersecurity Information Sharing Act (CISA) and the flawed 2016 Intelligence Authorization Act into a broader package of spending and tax bills.
“These unacceptable surveillance provisions are a black mark on a worthy package that contains the biggest tax cut for working families in decades, an accomplishment I fought for in weeks of negotiations,” Wyden said.
“Unfortunately, this misguided cyber legislation does little to protect Americans’ security, and a great deal more to threaten our privacy than the flawed Senate version. Americans demand real solutions that will protect them from foreign hackers, not knee-jerk responses that allow companies to fork over huge amounts of their customers’ private data with only cursory review.
“Ultimately, I cannot vote for this badly flawed CISA bill. The latest version of CISA is the worst one yet – it contains substantially fewer oversight and reporting provisions than the Senate version did. That means that violations of Americans’ privacy will be more likely to go unnoticed. And the Intelligence Authorization bill strips authority from an important, independent watchdog on government surveillance, the Privacy and Civil Liberties Oversight Board. This will make it easier for intelligence agencies – particularly the CIA – to refuse to cooperate with the Board’s investigations. Reducing the amount of independent oversight and constricting the scope of the PCLOB’s authority sends the wrong message and will make our intelligence agencies less accountable.”
https://www.wyden.senate.gov/news/press-releases/wyden-votes-no-on-harmful-cyber-bill-and-weakening-oversight-of-surveillance-programs
Justin Amash (Rep-MI) @justinamash
Worst surveillance bill since #PatriotAct passes 316-113 (R:150-95/D:166-18). Sad day for liberty, privacy, and our constitutional republic.
8:58am – 18 Dec 15
Impeccable reasoning and presentation.
rrheard, Your expectations are entirely unreasonable…
Actually, they’re not, which is why Glenn chose to engage in discussion with him. Those are valid points of consideration and I benefited from the expanded discussion.
Rather than criticize the methodology of an award-winning journalist and his colleagues, it might behoove you to better inform others, …
lol. rr’s been informing others for a long, long time. And Glenn and rr have been having these kinds of discussions in comment threads under Greenwald’s articles for years. Since long before many, if not all of, the awards.
Some of us have been around since pretty close to the beginning in 2005. In all that time, though I’ve seen him get pretty disparaging at times (most of us have scars of one sort or another), I’ve never seen Greenwald look down his nose in quite the manner you managed just there. :-)
For the last several years I have lived in the academic environment of an engineering program at a public university. This is a chief kind of place where the pipeline to places like the NSA starts. I’ve seen at least ten invitations from university staff to come to room X in building Y to learn about opportunities at Fort George G. Meade. I attended one of those meetings in 2014 as a sleuth. Just today I received an extremely creepy invitation for the Cyber Student Volunteer Initiative run by the DHS.
Beginning engineering “talent” is more or less constantly massaged by entrenched government/institutional/professorial mechanisms to consider doing “interesting” work at the agencies. They appeal to students’ egos and desires to be relevant and at the head of the pack in building a career. From what I have seen in my department, there is very little to no criticism or even analysis of the social costs of the choices people make in engineering careers. There is an obligatory ethics course that undergraduates in my department take; it is mostly about teaching them to respect the property rights of corporations, not about consequences of our work (this was true even when I took it in the year of Snowden, 2013). In fact, I have not heard the word “Snowden” uttered by any professor or representative of the university in the last 2.5 years. On several occasions in class, my professors have casually alluded to previous work they did for the “defense” industry.
Thus, working for pernicious government sectors is normalized in the world I’ve been living in. It is lionized, or at the very least held out as a very attractive career choice for engineers, just one among many. Living in this world has sickened my soul, and I believe that one important way of fighting it is to stop giving the order-takers a pass.
Because the underlings, groomed as they are, also have much volition, in deciding where they will work, what kind of work they will do, and what effects they will ultimately have on society. 22-year-olds may be relative naifs, but they grow into 30- and 40- and 50-year-olds doing the same thing and much more aware of the world.
The above comment touches on the reality that secrets do need to be kept for there to be functionality of national security; the issue is that secrecy is being abused. I’m sure that Edward Snowden had these things in mind when leaking what he did given how premeditated the effort was. The government’s handling of secrecy as a whole (compartmentalization of information, abuse of NDA’s, concealing poor counter-terrorism tactics, etc.) is the biggest threat in my opinion to national security, as well to the carrying out of constitutional sanctity to the domestic population.
“There also seemed to be a concern among some editors that any attempt to identify specific encryption standards would enable terrorists to know which ones to avoid.”
I don’t understand the overarchingness of this rationale, which seems to underlie a lot of the reporting on intelligence agency treachery. The Snowden files and similar stories are primarily published in order to inform the public about government misdeeds which affect it and to allow the public to avoid the harmful consequences of those misdeeds, which is an extremely important mandate. So is the value of keeping terrorists in the dark about specific compromised tech brands, for example, more important than helping world publics and non-intelligence-agency-toadying business avoid this harm? Is the publication standard always going to be “but we didn’t help the terrorists one iota”, which is not only very difficult to know but also very limiting?
I think it is unavoidable that the terrorists be helped by this reporting, and the better argument to make is that while this may be true, the public is helped even more.
Your anguish is palpable and appropriate.
It’s got me wondering who the two leading encryption chips are? Someone care to speculate?
I will take a wild guess – YubiKey and YubiHSM.
YubiKey isn’t an encryption chip used in VPN or web encryption devices. It is simply and device that stores an encryption keys. It would hardly be of anyone’s concern since the YubiKey gives up it’s key to anything that asks for it. No, they would be talking about something like TPMs or some form of actual cryptoprocessor or other Hardware Security Module.
YubiKey is indeed an “encryption chip” and YubiHSM *is* a hardware security module. And no, it doesn’t “give up it’s key to anything that asks for it” – that would defeat its purpose. Signing, encryption and authentication operations are protected by a PIN and private key material is non-extractable. YubiKey can also be configured to OAUTH and OTP modes, which are always used in enterprise VPN and “Web encryption” solutions. Also, TPMs are not used in “VPN or Web encryption technologies”, so your reply shows a lack of knowledge in these matters.
Broadcom
So publish ALL of the NSA docs in your possession and we the people – the owners of those documents – can search and decide for ourselves…
No. That would be a massive violation of our agreement with our source, who insisted that not be done (see point 3), as well as a huge invasion of privacy and destruction of reputation of countless people described in the documents.
Do people who say this ever wonder to themselves: “if Snowden wanted all the documents published on the internet, why didn’t he just upload them himself to the internet”?
Might as well just pin that comment/response right to the top of the thread. It’d save you a lot of repeated effort. ;-}
Happy New Year Glenn.
Everyone else too.
Yes, and I’ll use your comment as an opportunity to apologize if I don’t address every last point and question in this discussion, but believe me, I have had this same discussion many, many, many times in many, many, many different places and there is literally no point or question someone could raise that I haven’t addressed multiple times before.
That’s how it should be: I always believed we had an obligation to transparency with this reporting, and people rightly want to know as much as they can about the decisions we’re making and the rationale for them. But I will have to refer people to those discussions if they have other points they want addressed.
Thank you for your time and patience in going through all of this yet again. It is educational to have the process explained again in such detail. People often do not realize how difficult a task you and the others took on and that you are not a pump and dump site like wikileaks, where I feel carelessness and lack of redaction had fatal real-world consequences. And thank you for making yourself available. How many journalists these days are actually accessible and make the time to engage with readers? 1, that I know of. You.
Hi, I messaged you back on the Juniper article but you never responded.
To reiterate: why don’t you just release what is SAFE to release from the archive – not everything indiscriminately, and not deciding for us what’s “interesting”?
There is a middle ground here. Sure, redact what endangers lives, invades privacy and so on. But why not release what remains of the archive that does not fall into that category?
Would this sit with your source agreement?
That’s a good question, and it’s what we’ve been doing over the last 2 years, especially the last year: some of our stories have released 50-100 documents at a time, and we are very actively looking at ways to do a lot more of that. There are lots of legal, technical, security and source-related considerations with all of that, but you’re right that there is a middle ground and that’s something we are very actively pursuing and developing now. That includes not only larger-scale releases but widening access to the full archive to outside groups and journalists and experts, which we’ve been doing.
That said, deciding what is “safe” in the sense you mean it is easier said than done: a lot of these documents are complicated or incomplete and it takes a lot of time and expertise to understand what they are and thus what the consequences of releasing them would be. But particularly with the elapsing of time, those considerations lessen.
Good to hear that’s underway, thanks for the response. Looking forward to delicious future releases, whenever that may be.
Thanks for the additional details. I appreciate them too.
I imagine a lot of this work to release is like working around objects knowing that several could be high explosive bombs but having no clue which ones. By that I mean it is impossible for you to know the implication of one small released fact, which on its own, seems harmless, but when taken in some other framework you are not aware of, takes on huge unforeseen significance. You can bet adversaries from other intelligence agencies pour over all of these releases because in many cases, they may hold other parts of a puzzle into which some small fact fits. I imagine there are thousands of inferences which can be drawn based on certain seemingly benign facts. I do not envy you. This is a huge responsibility.
What difference does it make what Snowden wants? Are those documents HIS to own, to control, to withhold or to divulge? Obviously no – he stole them, fair and square, just as any of your readers would steal them from you if given half the chance. There’s the position of those who say the NSA owns them and can control whether reporters should say anything, and there’s the position of those who think anyone should release whatever they want from them, subject only to their own personal sense of ethics, but what is there between these?
The problem is, it feels like the journalists holding the documents have become a permanent part of the Security Class. Instead of stealing the knowledge for the people, they have stolen a de facto security clearance that they can use for jobs and interviews… but they will always hold things back, dole them out ever so slowly as it suits their own purposes.
I’m not sure things are what they seem though. The government had a huge problem of having soooo much access, that nobody believed what they had. It seemed like the stuff of conspiracy theories (indeed it was; and conspiracy theorists knew it, and the conspiracy turned out to be real). But when no one believes what the spies can do, how can they threaten people with their awesome powers? They have to reveal them. They have to let it out, by dribs and drabs, that they have this information, set up the mechanisms to share it with various enforcers, gradually teach the public to expect the punishment. (I won’t say legal punishment, since the courts are becoming as ceremonial a tradition as the Queen of England, but they can certainly put people on the no-fly/no-gun/no-bus/no-drive/no-where-outside-the-rubber-room list) And that requires a sort of revelation that no spy agency would be expected to make voluntarily – requiring someone else to do it – and it requires a slow, measured pace that no internet dump could achieve – requiring journalistic gatekeepers. And so it seems like you and Snowden both fulfill roles in somebody’s plan. It doesn’t matter if that’s your intent, does it?
It’s not about what he “wants.” It’s about what he insisted that we agree on from the start in terms of the framework for how the documents would be reported, and to which we did agree. There are literally few things more grotesquely unethical in journalism – if there are any – than violating your agreements with your source.
Beyond that, he’s the one who risked his liberty and even life to get these documents to journalists, and whose legacy and reputation are affected by every decision we make, so it would be indefensible for me to assign zero value to how he wanted these documents handled.
That’s not to say every decision must accord with his wishes. He wanted us to make individual judgments about every document and hasn’t always agreed with every disclosure (often because he thought the disclosure was excessive: see the link I posted above).
But in terms of the overall framework for how the documents would and wouldn’t get disclosed, we agreed to that before receiving the documents and there is nothing anyone has said or could ever say to make me break my agreement with him.
I think the people in the actual Security Class would find that hilarious in the darkest way possible, but what you’re describing is called “journalism.” The stakes are higher here, but it’s how it always operates.
Journalists rely on sources to report. Every day, sources say: I’m going to tell you X, Y and Z. You’re free to report X. You can only report Y in accordance with these conditions. And you can’t report Z at all; it’s off-the-record. You’re then duty-bound not to disclose Z. There is nothing at all unusual about that.
Beyond that, journalists aren’t supposed to just puke up any information they learn. There’s a balancing test about the public interest v. harm. I learn things all the time about people that I wouldn’t publish because there’s no public interest in doing so, or the harm would outweigh the benefit.
You can re-cast that as “oh, you’re just keeping secrets just like the Security Class” but all you’re doing is describing journalism as it always has been practiced and always should be.
I have zero doubt that if we dumped all the information from the start – ZERO DOUBT – all the same people complaining now that we are releasing it in “drips and drabs” would be accusing us of endangering national security, being reckless, not being real journalists, etc. etc. I spent years writing about and defending WikiLeaks and know all too well all the things that were said about them for using the opposite approach. Snowden heard all that, too, and that’s one of the things he wanted to avoid.
Glenn, I want to thank you on behalf of readers for taking time to reply to even the most insipid of comments on your articles. The same is true for other Intercept writers as well. It is refreshing to see news authors having an engaging conversation.
Journalists don’t always have such lofty ideals — for example, I recall when TruTV’s “The Smoking Gun” provided trap URLs to a Pranknet member during a Skype session in order to out him and report him to the FBI. ( see https://en.wikipedia.org/wiki/Pranknet ) I was not happy about that — I have a soft spot for Pranknet. A journalist has some responsibility not to abuse a source’s private off the record information and set him up, I’ll agree.
But how far can a source require a journalist to constrain his future behavior? If Donald Trump offers a reporter an interview under the provision that the journalist must never again mention Trump University in any article, is a journalist honor bound to follow that? Should we see the day when every reporter covering Trump, other than by writing comment articles from their basements, has made a dozen such concessions to do so?
The stolen documents are public domain. Whether you hold back material out of your personal fear of doing harm is one thing – but if you hold back material from the public domain because Snowden doesn’t want it released yet, that’s something else, isn’t it? Isn’t it very much like agreeing to ongoing censorship of your ability to cover the news?
I think that your argument that you don’t want to be reckless is the stronger one, and it has the advantage of not making you sound like you’re in a conspiracy with Snowden. It is one thing to have received the documents because you would handle them responsibly; something else to receive them as part of a deal.
If it’s all about the cryptography then lets take a look at ARM chips, they had no random pool, Duel_EC if anything you’d think that would improve the algorithm of RSA instead turn’s out in irony that it weakens it. Lets take a look at those Windows systems we all know and love, Windows 3.1 16 bits, Windows 98 32 bits, Windows Vista 64 bit’s, whilst ignoring the fact that one OS in particular is actually an 8 bit operating system with one floating point.
The leaks where a gas, you get to see the whole she-bang of fraud up close, stallman’s –> more-cow-bell with it’s C++ enabled kernel and rubbish compiler vs ANSI C and an 8 bit compiler which equates to 7 bits with one floating point with no bugs a bit like Flex and Pascal two more rock solid programming languages. Whilst Linus the father of linux rages on about Java being a pile of horse-shit and oracle re-assures the world, they plan to make life much more secure by implementing your SQL bugs in pure silicon form. Dragonfly (BSD) Wireshark (TCPDump) oh it’s all there in the leaks, there big break through – SSLStrip!
Zero Doubt – the bird has flown the coup, when your talking operating systems at least. Seriously XKeyScore? or from a security perspective should that read X-Keys-Core? x509 RSA (Keys) x11 Window manager, active-X, Direct-X and finally Bell-labs – the round table foundation with there crypto-crunching Genie running at IBM to boot whilst Dell gives you all “Hell” with shit in your BIOS like “Computrace!” a persistent BIOS threat that you wouldn’t really notice unless you where using one of those products minus the Windows 2003 server with your Bitlocker keys backed-up into the NSA’s cloud nine from Google.
So immoral on so many counts. First, as a journalist, you honor your commitments to your sources. You don’t say “well, you stole this so its not yours and so I am going to steal it from you.” Secondly, as a responsible citizen, you have some inkling of the fact that what you do or don’t do can have actual consequences. People can be killed. National security can be harmed. Countries have spy agencies for very good reasons and normally, they engage in spying for legitimate purposes with legitimate goals. They want to keep everything secret for good reasons and also to cover up their mistakes and wrong doing. Journalists want to expose what they can responsibly while weighing the pros and cons and they pretty much have to do it without unbiased help. It is not a fun job, I don’t think.
But Glenn, if you are still wading through all of this discussion, I do have one question: Why were sources and methods revealed? Stuff like the fake wifi hotspots to try to spy on conference participants (I may not have the details exactly right, but you get the drift)? That seems like legit spy craft. There were a few other stories that came along that seemed to me to just close off a good techniques for spying. Why?
Why? – So you believe that people should break the security of things like portable handset’s by making big bucks by putting those same big bugs into your software and leaving everybody else trying to remove those very same microcode bugs for the majority of there lifetime all because some other power crazed imbecile thought radar reflectors in your chips is a good idea?
Echelon – hundreds of programmers where totally against the idea of being irradiated with cancer giving waves but madness breeds power hungry individuals who enjoy having power over everybody else.
Good techniques for spying? Dont you mean good techniques for insider trading? ARC4 broken algorithm, shouldn’t be in use, DES broken algorithm it shouldn’t be in use, SHA1 broken algorithm again should have been phased out by now right along side MD5 broken algorithm that should have been phased out long ago.
The consequence of using all that broken cryptography?!?
John the Ripper – DES encrypted passwords broken in 5.3 nano-seconds!
Is that the future you want? Where all your security is broken in nano-seconds? Whilst improvements like Leviathan – Hierocrypt – Blake – Anubis – Ice – Keccak get buried and you end up with no security at all?
That is madness and deranged!
Com-Dedected – Linux tool for tuning into your DECT phone in your house – encryption to protect you or your family including the child on the baby monitor hahahaha!
Strip-Snoop – Credit card scammers and skimmers delight.
RFID – THC The hackers choice – reprogramming your passport chips on the fly.
“Not only is unix dead but its starting to smell really bad”- Rob Pike