Donnerstag, 10. Oktober 2019

Review of Ed Snowden's "Permanent Record"

I had two expectations with reading the book:

Will Snowden address any of the many unanswered, critical questions?

Will he repeat or even make new nonsense or unsupported claims?

Regarding this, the first half of the book was, at least for me, boring. Snowden tells anecdotes about his youth, which may be true or not. You never know with him. But this is not important anyway.

Just one remark about the first half:

I did read a German copy of the book. On page 14 he says “Abgesehen von Log-ins, E-mails und finanziellen Transaktionen war die Online-Kommunikation in den ersten Jahren des neuen Jahrtausends kaum verschlüsselt”, which is nonsense. Emails was one of the biggest problems, because it was rarely encrypted. But I double checked with the English original, there “E-mails” is omitted. I can hardly blame Ed for poor translations.

The second half was more interesting. So here we go ...


Unanswered Questions

Snowden made a lot of wrong or contradictorily claims about his role in CIA / NSA, the circumstances of his escape, and how he “stranded” in Russia. In this Twitter thread[1] I repeated some related questions, which Snowden not yet answered. Let’s look at each of these questions and if and how he addressed them:


Why did you first go to Hong Kong / China, and not directly to Latin American or a democratic European country?

Indeed Snowden addressed this question, in chapter 25 “The Boy”. He said Europe and Latin America were out because the U.S. had too much influence there and/or could launch operations to catch him. Russia was out “because it was Russia” and China “because it was China”. “The process of elimination left me with Hong Kong,'' he said. He quite openly admitted that Hong Kong was close enough to China that he would be safe from the U.S., and on the other side independant and liberal enough that he could live es free as possible.

But after Hong Kong refused asylum, why then Ecuador suddenly was not out anymore, but very in, this change of mind he did neither address nor explain.


Did you visit the Russian consulate in Hong Kong, if yes how often, what did you do there?

There are 3 independent sources claiming that Snowden visited the Russian consulate in Hong Kong:

First, the Russian newspaper Kommersant reported it, citing unnamed sources.[2]

Second, a media report “A U.S. official in Hong Kong told WSJ that CCTV cameras showed Snowden entering the building that housed the Russian consulate on three occasions in June.”[3]

And third, Putin himself admitted it.[4]

Last but not least, Wikileaks admitted they advised Snowden to go to Russia[5] -- keep in mind that Wikileaks’ Sarah Harrison met Snowden in Hong Kong and accompanied him to Moscow.

Don’t get me wrong, each of these reports could be wrong, and neither Putin nor Wikileaks are reliable sources. There is no 100% proof that Snowden visited the Russian consulate (maybe someday CCTV pictures are published..), but the indications are strong -- and Snowden doesn’t lose a single word about it.


Why did you select the Russian airline Aeroflot and Moscow as first stop when leaving Hong Kong?

At least Snowden answered the question why he chose Moscow as first stop: He said there were no direct flights to Cuba or Ecuador, and he didn’t want to stop over in a country where the U.S. had enough influence to have him arrested. May be true.

But Snowden didn’t answer the question why he choose the Russian airline Aeroflot.

This is an important question, related on Snowden’s revoked passport. Other than the assertions of Snowden and his supporters, his passport was revoked while he still was in Hong Kong, not after he left. Serious newspapers realized this in the meantime, see eg the correction in this New York Times story[6].

And -- believe me, this really surprised me -- even Snowden himself admitted in his book that this was likely just a bureaucratic procedure, which just took some time:

“The State Department’s move might merely have been the result of bureaucratic proceduralism—when you’re trying to catch a fugitive, putting out an Interpol alert and canceling their passport is just standard operating procedure.”

And this is why the Airline is so important: When Snowden’s passport was revoked while he still was in Hong Kong, why was he allowed to board?

Snowden didn’t explain why he choose Aeroflot. I bet every other airline would have refused him to travel.


Where did you live in the Moscow airport's transit zone? Why did nobody see you there?

Another question Snowden didn’t address. He stayed there for about 40 days. But where exactly? All he said was that he was a frequent guest at Burger King. But did anybody see him there? I would understand that nobody from the Burger King staff recognized him, because in Russia he was by far not a well-known celebrity like in the west. But in this time a lot of curious journalists and travellers were present there, and apparently nobody saw him. That’s very implausible.

I wonder whether Sarah Harrison -- who accompanied him -- will make a credible statement someday...


Why didn't you take proof about your claimed raising concerns internally along?

We remember: Snowden claimed several times, maybe most famously while testifying (to be correct, it was a written statement, read to the Parliament by his lawyer Jesselyn Radack, but he made similar statements on other occasions[9]) before the European Parliament[7], that he raised concerns internally before going public:

"Q: Do you feel you had exhausted all avenues before taking the decision to go public?
 A: Yes. I had reported these clearly problematic programs to more than ten distinct officials, 
  none of whom took any action to address them."

Snowden didn’t address this question, but indirectly he confessed that he didn't raise concerns:

One of the things that really surprised me reading the book, was that Snowden frankly admitted he had none or very limited firsthand knowledge about the NSA programs and tools. In chapter 19 “The Tunnel”, he said he went to work to Hawaii as a Microsoft Sharepoint administrator early in 2012. And then he clearly admits that until then he didn't even know for sure whether an "American system of mass surveillance" existed at all:

“Three years later, I was determined to find out if an American system of mass surveillance existed and, if it did, how in functioned.”

In other words, no firsthand knowledge about NSA programs and tools.

And in chapter 26 "The Boy" he admits that he was in touch with NSA programs and tools only the last weeks of his career:

"My weeks at Fort Meade, and the short stint I put in at Booz back in Hawaii, were the only times I saw, firsthand, the abuses actually being committed that I’d previously read about in internal documentation."

So let's recapitulate what we know: Snowden began to work for Booz late March / early April 2013. He flew to Hong Kong May 20. And let's add the few weeks he was in Fort Maede before. So we speak at best about 3 months Snowden had firsthand experience (as "firsthand" as an "analyst-in-training" can have) with NSA tools and programs.

And now let's reiterate what Snowden testified to the European Parliament: That he raised concerns to at least 10 different officials. When should this have been? Before 2013, when his sole knowledge was from reading stolen documents? The first thing the officials would have asked him would have been: “Ed, from where do you know about the programs?”

Or while his last few months in Fort Maede and Hawaii? Is it really realistic to assume Snowden spammed officials with more than 10 complaints within 3 months?

No. It is absolutely clear now that Snowden told the European Parliament a plain lie.

Furthermore, in the book he didn’t even repeated his former claims that he tried to raise concerns internally before he went public. In chapter 21 “Whistleblowing” and chapter 26 “Hong Kong” he clearly says it would have been senseless, they would have silenced him, he had no rights, his alleged former experiences, what happened to other “whistleblowers”, and so on ...
I don’t want to discuss here whether he is wrong or right with his conclusions. At the end of the day, there is one simple fact: He did NOT raise concerns internally.


Why did you - as a self-proclaimed expert of NSA spying programs and tools - misinterpret so many of "your" documents heavily (eg PRISM, BOUNDLESSINFORMANT, XKeyScore,..)?

Regarding this question, the book is very disappointing. The totally wrong “direct access” of the initial PRISM reporting isn’t even mentioned. BOUNDLESSINFORMANT is ignored at all. And of course, Ed documents he still has no clue about XKeyScore.

And as I explained above, Snowden admitted that he had no firsthand knowledge or experiences. But this didn’t prevent him from this:

“It was an interesting problem: how to most cogently express to nontechnical people who were almost certainly inclined to be sceptical of me the fact that the US government was surveilling the world and the methods by which it was doing so.”

In other words: Totally overtaxed Sharepoint admin Ed Snowden explained the stolen documents to technically even more clueless journalists, who in turn created bombshell stories.

That explains a lot. Really.


What exactly were your positions within the NSA? How do you explain that FOIA documents clearly prove that in August 2012 you worked as a low-level Microsoft admin?

Snowden admits that he was a low-level Sharepoint admin. I think he couldn’t avoid because FOIA documents clearly proved it[8]. He kind of explained it with doctors who recommended that he moves to Hawaii. And of course he emphasizes a lot how undertaxed he was in this job.

And he brags about his earlier jobs within CIA / NSA, how important he was, but he didn’t provide a single evidence. He took along more than 1.5 million top secret documents, but not a single one proving his alleged positions. Decide by yourself how trustworthy this is. Maybe someday documents about his former positions will show up. I will believe his claims only when I see it with my own eyes. 


What happened with the documents you didn't hand over to journalists, what did these docs contain, and how many?

Snowden addressed this question in part. He didn’t answer what the content of these documents is. But he said he destroyed the documents before he headed to Moscow. You can believe this. Or not.



Nonsense / Unsupported Claims


Total Surveillance

When you recapitulate the Snowden saga, it was clearly governed by wrong and misleading media reports (I once wrote a list[10]). But Ed Snowden himself was always able to top even the weirdest reports. And of course he doesn’t disappoint here with his book. He reiterates his claims that the NSA has all data of all people of the world. Forever. Boa. All pics and intimate letters from Lindsey. Boa. But he fails to explain us which of his disclosures should prove this.

I mean, even if you think that the internet backbone taps were “collect it all” (in fact, only a fraction of lines were tapped, only what matched to specific selectors was collected, and even before 2013 significant parts of the data was encrypted): The documents clearly showed that content was deleted after 3 day, metadata after 30. How can Snowden explain “forever”? He didn’t, only a lot of insinuations. And with every insinuation you are more certain that he has no clue what he is talking about.


The Boy

Snowden wrote that he monitored a live video of a target with his little son in his arms. But he didn’t tell with which tool. Before telling us about this experience, Snowden pondered a lot about XKeyScore, but this cannot have been the tool. What else was it? Snowden doesn’t tell.

Don’t get me wrong, of course it is possible to hack a computer and silently turn on the camera. But those kinds of attacks are risky, the likelihood being detected is high. I cannot believe the NSA launches this kind of monitoring against low-level targets, neither can I believe that the tools are made available to an “analyst-in-training”, which was Snowden’s position this time. I believe him no word. 


Dirty Words

Snowden wrote how he allegedly found the classified report on the President's Surveillance Program (PSP). He said it was highly classified, only a few dozen people had access, and that he didn't belong to them. But some of them had accidently left it on a "lower-security drive", and this drive was automatically scanned for "dirty words" (in this case, so Snowden, "STLW" had matched), and he as a sysadmin was alerted to remove this highly classified file from a place where it doesn't belong.

So ok, I meant the fact that someone like Snowden was able to download about 1.5 million top secret documents undetected is certainly a clear hint that the NSA's internal security had some flaws, but really Ed? The NSA alerted people with lower clearance about documents they are not allowed to read? "Remove this highly classified file from this drive, BUT DO NOT READ IT, it is not for your eyes!!!"

Who should believe this bullshit, Ed?


Stellarwind

Snowden tells us that he had read the unclassified report on the PSP[12] before, but now finally and thanks to the "dirty word" STLW he was able to read the classified report[13]. And Ed was shocked. He said that the classified report was completely different than the unclassified, that it would "redefine" simple English words like "acquire" or "obtain". But this is simply not true. Read the report(s). They document how the U.S. government is struggling to conduct electronic surveillance legally in a completely new environment, the internet. The PSP is best described as the predecessor of the 702 programs (PRISM and Upstream) and the 215 program (telephony metadata). The PCLOB ("Privacy and Civil Liberties Oversight Board") made reports about both programs[14][15]. In short: 702 is fine, 215 not (it is ended in this form in the meantime). When you read the reports, you get an idea about how complex it is. You can have different opinions on them, but it has nothing to do with "mass surveillance", let alone "total surveillance", like Snowden wants to make you believe. And that Americans are surveilled and unprotected like random targets in the world is simply a plain lie.

And for our shocked Snowden, the core of all of this was already said in the _un_classified report:

"As explained below, the PSP expanded the NSA's authority by allowing it to conduct electronic surveillance within the United States without an order from the FISC when certain factual conditions end legal standards were met."


XKeyScore

Snowden still didn't get that XKeyScore is no "mass surveillance" program. This[16] is one of the better descriptions.
XKeyScore is a *tool*, with which analysts can search and make visible internet data. But what it is this "internet data"? It is data that the NSA collected before, and this is far away from "everything". So for example from Upstream, where the NSA sends specific selectors to American carriers and gets back related matches. Or data from joint operations with partners, like Tempora with the UK or Eikonal with Germany. In both cases, data of American and the partner's citizens are filtered out, and only what matches to specific selectors is collected. And of course XKeyScore can only present what it understands: It cannot break encryption, and maybe rare protocols are not supported.


Conclusions

What surprised me most, is that Snowden admitted what I suspected for long: That he had no firsthand knowledge about NSA programs and tools, that he "learned" everything from stolen documents, and that he "explained" his half-knowledge to even more clueless -- but anti-NSA biased -- journalists. This really explains how this terribly flawed Snowden reporting could have happened.

Otherwise nothing new in this book. In the first half Ed tells anecdotes, in the second his misconceptions.

One big question is still open: When did Snowden defect to Russia? While in Hawaii, Hong Kong or Moscow?
After reading the book, I'm a little bit more certain than I was before, that it was Hong Kong. But that's just a feeling.


Here are my references. Please note Snowden provided not a single one in his book.


















Keine Kommentare:

Kommentar veröffentlichen