Permanent Record(52)



I swear I never did that when I went about finding a name for my backup system. I swear that I just rolled the bones and came up with EPICSHELTER.

Later, once the agency adopted the system, they renamed it something like the Storage Modernization Plan or Storage Modernization Program. Within two years of the invention of EPICSHELTER, a variant had been implemented and was in standard use under yet another name.



* * *



THE MATERIAL THAT I disseminated to journalists in 2013 documented such an array of abuses by the NSA, accomplished through such a diversity of technological capabilities, that no one agent in the daily discharge of their responsibilities was ever in the position to know about all of them—not even a systems administrator. To find out about even a fraction of the malfeasance, you had to go searching. And to go searching, you had to know that it existed.

It was something as banal as a conference that first clued me in to that existence, sparking my initial suspicion about the full scope of what the NSA was perpetrating.

In the midst of my EPICSHELTER work, the PTC hosted a conference on China sponsored by the Joint Counterintelligence Training Academy (JCITA) for the Defense Intelligence Agency (DIA), an agency connected to the Department of Defense that specializes in spying on foreign militaries and foreign military–related matters. This conference featured briefings given by experts from all the intelligence components, the NSA, CIA, FBI, and military, about how the Chinese intelligence services were targeting the IC and what the IC could do to cause them trouble. Though China certainly interested me, this wasn’t the kind of work I would ordinarily have been involved in, so I didn’t pay the conference much mind until it was announced that the only technology briefer was unable to attend at the last minute. I’m not sure what the reason was for that absence—maybe flu, maybe kismet—but the course chair for the conference asked if there was anyone at the PTC who might be able to step in as a replacement, since it was too late to reschedule. One of the chiefs mentioned my name, and when I was asked if I wanted to give it a shot, I said yes. I liked my boss, and wanted to help him out. Also, I was curious, and relished the opportunity to do something that wasn’t about data deduplication for a change.

My boss was thrilled. Then he told me the catch: the briefing was the next day.

I called Lindsay and told her I wouldn’t be home. I was going to be up all night preparing the presentation, whose nominal topic was the intersection between a very old discipline, counterintelligence, and a very new discipline, cyberintelligence, coming together to try to exploit and thwart the adversary’s attempts to use the Internet to gather surveillance. I started pulling everything off the NSA network (and off the CIA network, to which I still had access), trying to read every top secret report I could find about what the Chinese were doing online. Specifically, I read up on so-called intrusion sets, which are bundles of data about particular types of attacks, tools, and targets. IC analysts used these intrusion sets to identify specific Chinese military cyberintelligence or hacking groups, in the same way that detectives might try to identify a suspect responsible for a string of burglaries by a common set of characteristics or modus operandi.

The point of my researching this widely dispersed material was to do more than merely report on how China was hacking us, however. My primary task was to provide a summary of the IC’s assessment of China’s ability to electronically track American officers and assets operating in the region.

Everyone knows (or thinks they know) about the draconian Internet measures of the Chinese government, and some people know (or think they know) the gravamen of the disclosures I gave to journalists in 2013 about my own government’s capabilities. But listen: It’s one thing to casually say, in a science-fiction dystopic type of way, that a government can theoretically see and hear everything that all of its citizens are doing. It’s a very different thing for a government to actually try to implement such a system. What a science-fiction writer can describe in a sentence might take the concerted work of thousands of technologists and millions of dollars of equipment. To read the technical details of China’s surveillance of private communications—to read a complete and accurate accounting of the mechanisms and machinery required for the constant collection, storage, and analysis of the billions of daily telephone and Internet communications of over a billion people—was utterly mind-boggling. At first I was so impressed by the system’s sheer achievement and audacity that I almost forgot to be appalled by its totalitarian controls.

After all, China’s government was an explicitly antidemocratic single-party state. NSA agents, even more than most Americans, just took it for granted that the place was an authoritarian hellhole. Chinese civil liberties weren’t my department. There wasn’t anything I could do about them. I worked, I was sure of it, for the good guys, and that made me a good guy, too.

But there were certain aspects of what I was reading that disturbed me. I was reminded of what is perhaps the fundamental rule of technological progress: if something can be done, it probably will be done, and possibly already has been. There was simply no way for America to have so much information about what the Chinese were doing without having done some of the very same things itself, and I had the sneaking sense while I was looking through all this China material that I was looking at a mirror and seeing a reflection of America. What China was doing publicly to its own citizens, America might be—could be—doing secretly to the world.

Edward Snowden's Books