Long Article on Snowden's Attempts to Raise His Concerns Inside the NSA

Lots of details that demonstrate that Snowden did try to raise his concerns internally before going public, and that the NSA lied about this.

Posted on June 8, 2016 at 6:44 AM • 49 Comments

Comments

M. WelinderJune 8, 2016 7:38 AM

Maybe it's just me, but that article strikes me as in dire need of an editor. It's near-unreadable.

parrotJune 8, 2016 7:57 AM

@M. Welinder: Not just you.

From what I understood from the article, all Snowden did was ask a question about a slide in training, plus a face to face about a trick question on a training test. Is there more to this story than that?

AlanSJune 8, 2016 8:23 AM

Also see Wheeler's: Carrie Cordero’s Counterintelligence Complaints

I wasn’t going to respond to Carrie Cordero’s Lawfare piece on my and Jason Leopold’s story on NSA’s response to Edward Snowden’s claims he raised concerns at the agency, largely because I think her stance is fairly reasonable, particularly as compared to other Snowden critics who assume his leaks were, from start to finish, an FSB plot. But a number of people have asked me to do so, so here goes.

Timmy303June 8, 2016 8:53 AM

The few additional NSA internal mentions of contact with Snowden are characterized as very lightweight. However on page 195 of their FOIA document stack an email is shown from an unknown party in the SV office with the subject "I Had Contact With Him" and sent with high importance. It is followed by twelve entirely redacted pages, all with the same DOCID. This happens again later followed by thirty-three entirely redacted pages with another DOCID.

The given information alone doesn't suggest, much less prove, anything, but these do not fit with the NSA's description of the handful of irrelevant Snowden communications that were discussed, unless the communications were discussing short irrelevant exchanges with Snowden in excruciating, garrulous detail ...

blakeJune 8, 2016 8:56 AM

It's not shooting the messenger, it's checking whether the messenger was standing in front of the wall, whether the gun is loaded, was the letter handwritten or typed, does a singing telegram count as a "messenger"?

Carlo GrazianiJune 8, 2016 9:33 AM

To me, there's something terribly odd, and implausibly inept about NSA's ability to search its e-mail cache.

(1) They must have server logs -- at the level of SMTP daemon entries -- that at least should yield metadata on everyone at NSA contacted by Snowden from his work e-mail. They may have to get those logs from Booz Allen, but I can;t imagine that should not be a problem for NSA. They can also search in-house server logs for inbound SMTP entries. That would at least give them a (very large) list of inboxes to search, and people to talk to. Yet, there's no evidence from the article that this was even tried.

(2) Don't they have access to Snowden's stored e-mail? The article mentions that he filed a response from an Agency official in a mail folder, so presumably they do. In that case, did he really not have a "Sent" folder? That folder, if it exists, would presumably trace every work e-mail he sent. I can't imagine Snowden deleting it (why would he?)

The NSA's "methodology" for this search appears to be to ask everyone who seemed relevant whether they remember being contacted by this guy. Is that how lawyers think such searches should be carried out? The agency is much more thorough when surveilling foreign and domestic intelligence targets. Do they really not have the ability to turn that capability on themselves?

TED VinsonJune 8, 2016 9:45 AM

Of _all_ the material in USSID18 / OVSC1800 training, Snowden picked out one nit about ambiguity in legal precedence and claims that he "raised concerns" about NSA programs.


That is like saying you "raised concerns" about the Declaration of Independence because you thought John Hancock's signature made him appear to be more important than the other signatories.


I was expecting Vice would have something interesting to add. The only thing that seems new is the fact that Snowden managed to fail an open-book, multiple choice test on Section 702 multiple times and then complained, anonymously, that this was due to trick questions. Often, when test questions seem like trick questions to one student out of many, it indicates that the one student does not understand the material. Did Snowden really fail to comprehend the authorities, oversight and compliance programs so badly?


Snowden abused the trust misplaced in him to steal and recklessly disclose many gigabytes of top secret files, but has offered no copies of email, memos, meeting notes or even names and dates to support his contention that he "raised concerns". Makes one say "hmmm".

Clive RobinsonJune 8, 2016 10:25 AM

@ M. Welinder,

Maybe it's just me, but that article strikes me as in dire need of an editor. It's near-unreadable.

Not quite unreadable, but when I posted a comment to the squid page I did note the last third was the part of interest.

To be a bit more accurate, the first third certainly lacks content, and apparent direction, which continues into the second third. So if you can last that long --and I nearly didn't-- then it finally gets interesting in the last third.

Carlo GrazianiJune 8, 2016 10:29 AM

Ted:

I think you are unwise to regard the product of this FOIA dump as the authoritative story on Snowden's whistleblowing efforts.

To the extent that the dump shows anything, it's (1) the NSA's incredible ineptitude at searching and sifting its own internal communications, and (2) the NSA's laziness and willingness to accept the meager results of several obviously defective searches as supporting the case it clearly wants to make.

In addition to which, you should keep in mind that, as Snowden's lawyers point out, FOIA results are manipulable, using the FOIA's own secrecy-exception and redaction rules. The same people who obviously botched -- and, IMO are still botching -- the search for Snowden's internal communications also determined which documents were too sensitive to release, and what part of the released documents should be elided.

Why the search should be so badly managed is, IMO, a very interesting question. The NSA is celebrated for its data-sifting. When they screw something up this badly, one can't help wonderting whether it's deliberate. The decision to search in certain, inefficient ways, as opposed to more comprehensive, determinative approaches (server logs etc.) might not be accidental, and might be the outcome of conversations that were never allowed to be recorded in e-mail.

In any event, attributing bad faith to Snowden -- who risked everything for a principle, and for no personal gain -- rather than to NSA officials -- who, indisputably, were concealing illegal surveillance from the public, and had every incentive to change the subject -- strikes me as a very odd take. It's a little like the claim that climate scientists have a grant-driven incentive to distort scientific results, while brave, truth-telling coal executives tell it like it is. That is, it is exactly upside-down, back-to-front wrong.

JG4June 8, 2016 10:52 AM

@Bruce

There is a typo in your post where it says:

"and that the NSA lied about this."

Let me help you correct that:

"and that the NSA lied about this too, and almost everything else."

SecretJune 8, 2016 11:16 AM

Of the content of this report, which in turn is based on the release from the NSA, so take it for whatever it is, the main point of value I can see is an argument that Snowden did try to raise concerns, but these were misunderstood (deliberately or accidentally, or even potentially are being deliberately now misrepresented in this way) by the Compliance office, and so bounced off entirely.

I have to say, given Snowden's position, the lack of protection available to him, the Government's profoundly harshs and sustained pursuit of whistleblowers and that I suspect NSA culture strives to deflect bad news or questioning of its actions, if I were in his shoes, I would be so detered from attempting to raise the issue interally I wouldn't consider it an option.

TED VinsonJune 8, 2016 11:17 AM

@Carlo Graziani

You appear to infer from the FOIA results that the search was 'inept' and 'lazy'. This disregards the fact that even the most well-organized and thorough search will not find that which does not exist. Would you concede that the paucity of results _might_ be due to the fact that there is, in fact, nothing to find?

Snowden made vague claims about raising concerns before he took off. The Government has refuted this claim. Snowden should counter with his own evidence or retract the claim. 

He certainly was in the position to bring out any records of his interactions. Not a single email? Not a memo or name of someone he approached? 

So, he risked imprisonment to purloin thousands of classified documents but neglected to preserve even a _single_ record that might serve to exonerate him or at least support the claim that he was acting on principle rather than acting out of spite? Seems unlikely and casts doubt on Snowden's story. 

SecretJune 8, 2016 11:21 AM

One other thought - speaking as a computer scientist, it is very easy to end up with very large numbers of data records all over the place and so to be unsure if they are really all being searched.

It's a bit like the mess people's hard disks often get into, when they're not looked after.

I don't think the NSA are particularly at fault in this matter. I think ANY large organization in any field would have the same problem, if you asked it to track down all communication with a given individual.

Actually - one final thought. I wonder if everyone inside the NSA has been completely forthcoming about their interactions with Snowden. I suspect NSA culture is such that people act to conceal dissent and concern; that *not* to do so invites trouble. So people act in such a way - but now this has all come out, if it turns out you were one of the people who acted in this way, wouldn't you be concerned about being made a scapegoat of? what incentive would you have to come out and tell the truth, when you would suffer so much for doing so?

AlanSJune 8, 2016 11:25 AM

"...tried to tell" given the limits of the  whistleblower protections, which were very substantial and remain so. We all know, as did Snowden, what happened to Drake. The most significant bit in the Vice article, is at the end:

Thus, while the Q&A document does provide a map of ways in which legal issues might be raised, it's also a map of resources put in place in response to Snowden, an indication that the resources available to Snowden may have been inadequate. And it's still not clear these policies apply to contractors. Congress is only now debating, in the Intelligence Authorization for next year, requiring the Intelligence Community Inspector General to report "the number of known or suspected reprisals made against covered contractor employees during the five-year period preceding the date of the report," and to evaluate "the usefulness of establishing in law a prohibition on reprisals against covered contractor employees as a means of encouraging such contractors to make protected disclosures." Even though Litt claimed to be trying to provide more protections for contractors, he had not heard of this provision when asked during our interview. Instead, he offered reasons why the government can't protect contractor whistleblowers. "We are constrained what we can do with contractors," he explained. "We don't have the ability... to modify a contractor's employment relationship with his employer."

All the discussion of the training, the lawyers and the compliance staff at NSA in the Vice article remind me of Jennifer Granick's take on NSA compliance and oversight:

Either way, if the public laws that Congress passes don’t mean what they say, then compliance is just lipstick on a pig. Chris Sprigman wrote about this here at Just Security, and he sees the culture of lawyering at the NSA, far from assuring the agency’s lawfulness, as actually aiding and abetting the essential lawlessness of the mass surveillance programs. “There is a danger here that the role of the NSA’s lawyers – and this goes for both De and DeLong – creates the appearance but not the reality of lawfulness, and, in the end, does not vindicate the law, but subverts it.”

Which is consistent with Vice account of the training being about subversion of the law and the whistleblower protections being bullshit. There are no legitimate reporting channels to raise concerns, just the appearance, because NSA's business involves illegality and skirting accountability. It's all about applying lipstick.


AlanSJune 8, 2016 11:53 AM

@Secret

I think your comments on NSA security ignore the fact that one of the key arguments here is that their training and security sucked by design for operational reasons, namely it allowed them to skirt FISA.

From Wheeler's follow up post linked to above:

NSA has made some necessary changes (such as not permitting individual techs to have unaudited access to raw data anymore, which appears to have been used, at times, as a workaround for data access limits under FISA), even while ratcheting up the insider threat program that will, as Cordero suggested, chill certain useful activities. One might ask why the IC moved so quickly to insider threat programs rather than just implementing sound technical controls.

Clive RobinsonJune 8, 2016 11:55 AM

@ TED Vinson,

Of _all_ the material in USSID18 / OVSC1800 training, Snowden picked out one nit about ambiguity in legal precedence and claims that he "raised concerns" about NSA programs.

Err no, "you claim" based on a very limited release of heavily redacted obviously incompleate information from the NSA.

Thus your claim is not supported, plain and simple.

I strongly suspect that there is quite a lot of evidence contrary to that the NSA have so far released or currently alowed to be released, and that Ed Snowden his legal team or others he trusts have. And that the NSA are trying to "smoke out" what is actually in his or other hands, it's a very old and badly bearded ploy that does not work in a cheap poker game.

I would remind you that the NSA have done similar to this in the early days, thus it would appear they are trying the same again. However it did not work for them the first time, so they might be trying to confirm Einstein's definition of insanity[1].

If Ed Snowden has anything like the intelligence he has so far displayed, he would have made it deliberatly difficult for the NSA. One such way is small desk side meetings and vague wordy emails then follow up with non electronic letters etc, of which he has copies etc and possibly another vague Email thanking the person (as an acknowledgment that a hand deliverd letter etc had been passed on). Such behaviour is a nightmare for people on the receiving end, especially in a large burecratic organisation, because they tend to ignore what they see as "low priority" only later to feel the alligator's teeth snap shut later.

As others have noted the NSA has made a fairly obvious hash of this which many will see or be easily persuaded to see as "general incompetance". Once this starts "The Myth of the NSA" starts to crumble to dust, which no doubt several scheaming politico's will be able to play them with when it comes to appropriations time. The fact that the NSA was caught out spying on US Politico's over Israel does not help engender the NSA to the politico's.

Thus this game is very far from over, it's realy not got past the first couple of bids where the players are testing each other, and so far the IC has not done very well.

[1] https://www.quora.com/Did-Einstein-really-define-insanity-as-doing-the-same-thing-over-and-over-again-and-expecting-different-results

AlanSJune 8, 2016 12:47 PM

@Clive

Good point about records. Records are not merely a record. They are constructed by persons for social purposes in specific contexts.

TED VinsonJune 8, 2016 1:25 PM

@Clive Robinson
"Thus your claim is not supported, plain and simple."

From the Vice article: 

Referring to a slide from the training program that seemed to indicate federal statutes and presidential Executive Orders (EOs) carry equal legal weight, Snowden wrote, "this does not seem correct, as it seems to imply Executive Orders have the same precedence as law. My understanding is that EOs may be superseded by federal statute, but EOs may not override statute."

[The message itself is on pages 47-48 of the FOIA dump (Doc ID 4272127) and is not redacted, go look for yourself.]

This is not an allegation of wrongdoing, a question regarding the legality of any program or activity or even an 'I quit' in protest. If Snowden raised an actual complaint, he should give us some indication of what, how and to whom. 


The Gov has pretty clearly refuted Snowden's claim that he tried to work within legal channels before heading to Hong Kong with his stash. If Snowden has contradictory evidence of raising concerns, what is the use in keeping it secret? He could certainly say something like: "I raised my concerns with X in the Inspector General's office on this date" to lend credence to his story. An email thread or other document would be even more convincing.

"I would remind you that the NSA have done similar to this in the early days, thus it would appear they are trying the same again." When and to whom? Citation please.

As you assert, Snowden _could_have_ been weaving an intricate trap over years to catch The Man in a contradiction. 

Or, his claim could be specious; here is his chance to prove otherwise. 

However, I'm anticipating that we will never see evidence to support his claims. Believe what you will, but I'd like to see some facts from him.

Clive RobinsonJune 8, 2016 2:10 PM

@ TED Vinson,

If Snowden raised an actual complaint, he should give us some indication of what, how and to whom.

Why?

In simple jurisprudence, a defendent unlike the prosecution is in no way required to disclose their case before trial.

As you may not be aware US Espionage law from the First World War has certain limitations as to what a defendent can do, as it's aranged more on military than civil court rules. Which might be the attraction for the likes of Obama.

It's more formal title is,

    An Act to punish acts of interference with the foreign relations, and the foreign commerce of the United States, to punish espionage, and better to enforce the criminal laws of the United States, and for other purposes.

It originaly started off as being under the War Departments perview but has over the years come more under the civil code thus the Dept of Justice.

It caries tarrifs of "30 years, death or both" and has no jurisdictional limit. Hence the rather gruesome and outrageously barbaric sugestions from those who realy should no better in this day and age, lest others call down the same on their heads for their many indiscretions under the acts scope.

Thus it's most certainly not in Ed Snowden's interest to show any of his cards beforehand.

Thus your argument is again not realy supported in fact, or common sense, which brings into question your reasons for pressing it.

Bumble BeeJune 8, 2016 3:20 PM

"Rajesh De," NSA's general counsel. He's (East) Indian of course, in charge of IT, an ethnicity he shares with that new CEO of Microsoft, and all too many of those H1Bs which are supposedly hired in the IT and computer programming field after no qualified US citizens can be found.

I remember when I graduated with a CS degree about three years after they came out with the Java programming language, and at that time if you didn't have five years' Java experience, you weren't qualified, unless of course you were from India or China.

Those of you who keep up on the financial news are of course familiar with the "BRICS" (Brazil, Russia, India, China, and sometimes South Africa) who have declared financial war on the GS/UBS/Fed/Swiss/London/European/Bilderberg banking cartel, whence our currency wars, rampant inflation, and fake government statistics and lies about the same.

So with Snowden's taking refuge in Russia, and Assange in the BRICS-allied Ecuadorean embassy ... there is more to this than meets the eye.

TED VinsonJune 8, 2016 3:56 PM

@Clive Robinson

You seem to be focused Snowden's tactics as a defendant. In that sense he IS best served by keeping silent and presenting at trial whatever exculpatory evidence he may have. The more likely outcome is that Snowden will never face trial and will spend the remainder of his life in exile.

My contention regards the public debate. Snowden publicly asserted that he expressed concerns internally before departing for Hong Kong. He provided no evidence or concrete details to support the assertion. That is, of course, his decision to make. However, members of the Media and the public at large should avoid treating such unsubstantiated claims as fact.

The reason for pointing this out is to foster healthy discussion. The blade of skepticism should cut both ways...

Ross SniderJune 8, 2016 4:05 PM

The takeaway is that the government came to the conclusion it wanted to, without doing the work necessary to have confidence in its conclusion. What it provided the public with was a very stilted misinterpreted reading of the evidence.

I understand the National Security reasons for misinforming the public. But I expect that with continued misdirection and misinformation, if it hasn't already happened, the government will lose credibility with large portions of the civilian population.

Others seemed to have trouble reading the article and felt it needed an editor. I thought it was fine. There's plenty of poorly written journalism. This wasn't a standout.

William ConnolleyJune 8, 2016 5:55 PM

> and that the NSA lied about this

That seems very strong, and not justified by the article. I confess I haven't read through all 800 pages of the PDFs, but there was nothing significant in the first 10-20 pages. To save us all trawling through the 800 pages, perhaps you could post some pointers to the bits you consider justify you claim of lies?

Nick PJune 8, 2016 6:58 PM

@ William

Barely anything. I regret reading it. It's the kind of thing that suggests government ineptitude plus cover your ass behavior more than anything. Just makes them look stupid. I mean, that has value in and of itself maybe but we have options that aren't 800 pages for such things. :) Not worth your time really.

June 8, 2016 7:22 PM

TED Vinson is back, as we knew he would be, to roll out the skeptical™ fixation on trivial minutia. Let's sniff the police-state dogma he farts out today!

Our resident apparatchik harps on some inner psychic need he has for Snowden to exonerate himself. Snowden had no expectation of exonerating himself. He expected to go to prison in his police state. Snowden now has no need to exonerate himself. As a refugee and esteemed human rights defender, he is unaffected by legally void charges of political crimes leveled by the torture state from which he fled. Snowden doesn't have to prove anything to anyone. It's NSA that stands accused, not Snowden, for derogations of the right to privacy, to freedom of association, to life, and to freedom from torture. Question is, What do you police-state parasites have to say for yourselves? Jack shit. No one gives a crap if Snowden raised concerns or not. Raising concerns was clearly the stupidest thing he could do, since the NSA perfidy we saw in the case of Tom Drake jeopardized his human right to denunciation. The point is, NSA (like their spokesmodel skep) lies like a rug.

Next skep impugns Snowden's grasp of NSA red tape, willfully obtuse as always to the point that NSA administrivia fails to comply with the supreme law of the land (inter alia Article 19) and is void, and of no account outside the US hermit kingdom. Having called the man who made fools of his agency stupid, skep next contradicts himself and calls Snowden reckless and spiteful instead.

But then they don't pick apparatchiks for their brains - OCD and not too bright, that's the ticket! After having failed and failed to make it about Snowden and not about US state crimes, the Stasi's 3th-string cannon fodder is still getting sent over the top, and still getting mowed down. You're still a laughingstock and a disgrace.

Meher BabaJune 8, 2016 9:41 PM

Whats apparent is how disingenous, moronic, and yes, inept, the NSA
and associated organisations are. They are really not as perfect as they'd like us to believe they are. A bit like the long reach of the SS in world war two - it was a helpful public image but far from accurate.
3 years later they cough this up, thinking we'll go for it

if Edward Snowden was able to effect change, or influence things internally, he would have attempted this of course. Like any normal person he would have preferred to keep his great salary, his good lifestyle, girlfriend, and, er, physical freedom. He obviously would have made every effort to do things through more straight forward channels first

Note he also said right at the start, he made every effort to make it transparent to NSA what documents he had collected,for when they did their assessment afterward. so they could work out that he wasn't deliberating putting people at risk or sabotaging or selling secrets. He said he left a trail of bread crumbs that would support his public statements - indicating he was selective about what he took. He then said he was amazed at their incomptence, their incapacity to actually follow that bread trail. 'I knew they've find it hard, I didn't expect sheer incomptence'

what these liars are unable to do is face the basic facts. They lie under oath, they break the law, they erode rights. But instead of this being news, they twist and turn and try to make Edward Snowden the problem, try to make his personality the problem, try to make it anything at all other than what the only real issue is - their own behaviour.
What is claimed is part of their legal behaviour is actually eroding the private rights of human beings that belong to everyone and cannot be taken away by any law.
It's just made up, fictious rulings that no one had a chance to challenge, that make it quote legal unquote for them to do some of this stuff.
For the naysayers, tattoo the following on your arm so you don't forget:
There is no evidence, nor evidence that is every likely to be found that:
1. Encryption helps terrorists
2. Snowdens information sharing harmed any lives or helped any terrorists
3. we the people don't have a right to know everything he disclosed

Meher BabaJune 8, 2016 9:44 PM

oh and watch out for the robot responses - we've said the key word Snowden! Everyone, don't get into lengthy arguments with bots! ignore them. Rolf Harris or whatever his name was..

John SmithJune 8, 2016 9:59 PM

My take is that Snowden would have had to exercise great care in how he raised his concerns, to avoid immediate repercussions. He knew how rough it got for Thomas Drake and Bill Binney.

So he was careful to present himself and his concerns as innocuous, e.g. just a student worried about "trick questions" in a test. It worked. NSA's internal counterintelligence slept through it all.

MarkJune 8, 2016 11:21 PM

Perhaps I'm missing the point entirely, but isn't whether or not Snowden attempted to take his concerns up the chain at the NSA an entirely moot point?

Let's just pretend that he reached the highest echelons of the NSA.

What would have happened if he had? What would have changed?

You'd have to be deluded to think that anything would have happened, that anything would have changed. All of the changes that have happened because of Snowden are because we know now a lot (a bit?) about what the Yanks are doing. Change happened because it was made public. Let's not kid ourselves about that.

It would have been hushed up inside the NSA. I have no doubt that they have some very skilled lawyers, and I have no doubt that they knew exactly what they were doing. America is an amusingly litigious country, after all.

Look at what happens to whistleblowers in the USA. Thomas Drake, Chelsea Manning. They've had their lives ruined by an over-zealous, corrupt American government for doing us all a public service. The Obama administration has launched eight prosecutions under the 1917 Espionage Act – more than under all previous US presidencies combined. (Last sentence directly copied from http://www.theguardian.com/media/2015/mar/05/us-government-still-hunting-wikileaks-obama-targets-whistleblowers.)

"Drake was fired, arrested at dawn by gun-wielding FBI agents, stripped of his security clearance, charged with crimes that could have sent him to prison for the rest of his life, and all but ruined financially and professionally. The only job he could find afterwards was working in an Apple store in suburban Washington, where he remains today. Adding insult to injury, his warnings about the dangers of the NSA’s surveillance programme were largely ignored." (http://www.theguardian.com/us-news/2016/may/22/how-pentagon-punished-nsa-whistleblowers.)

So let's just pretend that Snowden dug his heals in and followed the rules over and over again, all the way to the top. What would have happened to him? Well, we would never have known; no doubt he would have been "silenced" based on the American government's record with whistleblowers.

For me as a non-American, it boils down to the fact that because of Snowden, we now know what governments are truly up to behind our backs with our tax dollars. If he had succeeded in raising his concerns at the NSA, I have no doubt that nothing would have changed. Because he didn't succeed, or was ignored, we now know. I'm able to conduct myself online with what I know, and I've updated our threat model at the company for which I work.

Anyway, back to whether or not Snowden attempted to raise any problems.

You'd have to be crazy to believe anything that the NSA says. Alexander has already admitted to lying in a congressional hearing. Does anybody seriously think that what's been released by the NSA is really what happened?

It's a self-assessment. I've filled it along side such sentences as, "Yes, our product does that", "No, we'd never sell or give your data to anyone else", and "When I'm elected, I'll do xyz". If the NSA is really serious about this, they'll have someone hired to do this independently. (And, of course, I'd never trust a god damn thing that came from anyone hired by the US government anyway.)

Christ, I love a good, coffee-driven rant. That feels better.

MeherBabaJune 8, 2016 11:55 PM

just saw this. supporting a vital resource Snowden would be in favour of
It would be nice to see Bruce and others offer more support for Proton Mail, theres virtually no mention of it here.

In the very very discouraging 2 pages Bruce offered in Data and Goliath to support people actually help themselves (out of an entire boook of doom and gloom) , Bruce made no mention of Proton Mail
(not that any of the other advice was any good, Tor got two sentences and no url, it wasn't even described by its proper name etc. I mean, EFF is hardly about to change it's website but Bruce didn't feel it was worth putting in ANY web addresses!
those two pages of practical help were totally piss weak)
Anyway:

ProtonMail Backend Code Release

At ProtonMail, our internal security team has always worked closely with our user community to ensure the security of our secure email service. ProtonMail’s strong security is partially due to the dozens of security contributors who have audited our security either through penetration tests, or review of our open source code. Less well known is the fact that we also routinely provide access to our back-end code and API specifications to security auditors from around the world who request access.

While we have been providing access to backend code for years, today we would like to make this officially part of ProtonMail’s security contributor programme. If you are a security expert, you can request Github access to ProtonMail’s backend code and API specs by emailing security@protonmail.ch. We welcome all efforts to make ProtonMail as secure as possible and we hope that this will encourage more security experts to participate as ProtonMail security contributors. If you find a flaw, it is also possible to get a reward through our bug bounty program.

takeawayJune 9, 2016 12:00 AM

Ummm, err, eh...

Due to a technical flaw in an operating system, some timestamps in email headers were unavoidably altered. Another artifact from this technical flaw is that the organizational designators for records from that system have been unavoidably altered to show the current organizations for the individuals in the To/From/CC lines of the header for the overall email, instead of the organizational designators correct at the time the email was sent

Unavoidably altered metadata? Oh, yeah! That sounds about right.

tyrJune 9, 2016 2:59 AM


@takeaway

And which operating system was it with that lovely
set of flaws ??
You can get a second opinion from a few here but it
sounds like they need to pull the plug and toss the
junk into the dumpster. Otherwise you get to hear
the incompetence tag a lot.

ianfJune 9, 2016 5:06 AM


RE: latest spin doctor salvos at Ed Snowden

@ (I don't know what ISO character that be, so I'll just call you "Schmoopy Frog") ළ • June 8, 2016 7:22 PM,
@ Meher Baba • June 8, 2016 9:41 PM and 9:44 PM,
@ John Smith • June 8, 2016 9:59 PM, and
@ Mark • June 8, 2016 11:21 PM

… THANKS for taking the words out of my mouth^H^H^H^H^H mind's keyboard buffer, so I won't have to retype them. Snowden's current predicament, of having found asylum in a place that in many ways is just as, if differently, oppressive as that he exposed, exemplifies one of the greatest perversions of our time.

Xxxxxx, I love a good, coffee-driven rant. That feels better.

    Thou shall not invoke imaginary celestial figures, or they may suddenly reveal themselves. Remember that the next time you spike the coffee, you liquor-fueled imbiber!

K15June 9, 2016 5:13 AM

Does anyone know if Citizen Lab sends an autoreply acknowledgment of received emails?

C U AnonJune 9, 2016 5:56 AM

K15 : "Does anyone know..."

Try a polite Email enquiry to,

    lucinda.li at utoronto.ca

123June 9, 2016 6:45 AM

1. I do not trust VICE news (red flag warning for me personally) and I honestly have long since forgotten why. I don't really CARE what you think about my reasons! Note I didn't say I didn't LIKE them, I said I do not TRUST them. If it was New York Times, I could say I both do not like them and do not trust them. er both.. whatever.

2. if your agency or YOU do not follow the rule of law - I want you in Fort Leavenworth, further I would move all energy to de-activate such agencies and de-fund them right now! Using state secrets to hide your own crimes--I am done with it, don't call me unless you want a damn fight--cause I HAVE an OATH!

3. less than 7000 pages out of GIGS has been released. (hat tip Cryptome)

This whole snowden thing doesn't matter in the bigger picture of the absence of people who will obey their oath and the rule of law--and that is why everything is failing today in the USA. Further it shows that technology has now been abused to steal everything, and if you want to protect yourself you really got a constant security vs productitivity battle limited by your own knowledge and financial resources. The way forward with spies exploiting everything forever going forward, is NOT TO GENERATE data for these traitorous pricks in the first place.

4. borderless borders has lead to American Deaths, Therefore it is both TREASON and an ongoing attempt at INVASION! As bad as the NSA is exploiting their tech to be the worlds banksters and physics labs is, the BORDER being over run with an INVASION is WORSE treason right now because you have PHYSICAL people who MEAN HARM here now.

5. Every time I hear ISIS in the USA I think how the USA CREATED ISIS and how those people who have allowed this CRIME, will need to hang for their TREASON. (after a trial of course)

But you can Shine my opinion. Until you need my help. Don't ask me to fire up that -60 and launch jets when it's only to EXPAND the BORDER of ISRAEL!

I would have the DUAL ISRAEL/US citizens on the INTELLIGENCE COMMITEE, and other SENSITIVE places, including Senators, OUT in less than 24 hours!

THESE ARE TRAITORS NOT LEADERS.

65535June 9, 2016 7:07 AM

@ Timmy303

“…on page 195 of their FOIA document stack an email is shown from an unknown party in the SV office with the subject "I Had Contact With Him" and sent with high importance. It is followed by twelve entirely redacted pages, all with the same DOCID. This happens again later followed by thirty-three entirely redacted pages with another DOCID.”

That is what I found also – too many ‘redactions’ to get a firm handle on how high up Snowden went, given he was an unprotected contractor who could be fired in about eight seconds. Thus, I find the NSA to be telling the “least untruthful” story.

https://assets.documentcloud.org/documents/2852366/Leopold-FOIA-NSA-Emails-About-Snowden-Concerns.pdf

I previewed the entire pdf document of about 800 pages and found about 60 percent redactions of the body of emails. The first 400 pages were heavily redacted.

On page 516, I found an “executive summary” that mostly talks about how to “frame the question” which I guess does an end run by using the EO 12333 selector over other legal selectors to spy on the internet backbone and Google’s Level 3 inter-site unsecured communication lines [and other major email providers unsecured inter-site communication lines].

The last 100 pages of the pdf document contain unremarkable banter about Freedom Of Information Act items and various unclassified various press emails.

In short, due to the heavy redactions it is hard to tell who is truthful. I will note I was unsuccessful searching or at converting the pdf document into an OCR searchable document – which was unhelpful due to the huge size of the document.

@ Clive Robinson

‘...no, "you claim" based on a very limited release of heavily redacted obviously incompleate information from the NSA… your claim is not supported, plain and simple.

‘I strongly suspect that there is quite a lot of evidence contrary to that the NSA have so far released or currently alowed to be released, and that Ed Snowden his legal team or others he trusts have. And that the NSA are trying to "smoke out" what is actually in his or other hands, it's a very old and badly bearded ploy that does not work…’

I agree.

It’s clear that the NSA had plenty of time to muddy the waters on this topic, so to speak. The NSA certainly doesn’t want any interference from Congress.

And, your point about the totality of the documents and conversations are correct. The NSA could easily make a few emails disappear and spin the narrative of the whistle blower safe guards – what miniscule “whistle blower” safe guards contractor Snowden had.

@ Alan S

Yes, you comments about emptywheel’s coverage of the story are on target. I had been following them with great wonder. Emptywheel seems to give a fairly balanced view of the topic.

The part about the NSA changing “metadata” on the emails was interesting – if not very damaging to the NSA.

https://www.emptywheel.net/2016/06/04/nsa-kills-people-on-metadata-but-cant-preserve-its-own-personnel-metadata-for-a-simple-foia/

[and]

https://www.emptywheel.net/2016/06/08/nsas-curious-goal-post-moving-on-snowdens-complaints/


SkepticalJune 9, 2016 9:37 AM


@Clive: And that the NSA are trying to "smoke out" what is actually in his or others hands...

Yeah - that's it. In order to smoke out the burning question of whether Snowden might have copies of his actual emails, the NSA decided to make a claim that Snowden would be able to easily refute with such copies. Brilliant.

More likely, Snowden counted on the NSA not releasing any of his emails when he made his exaggerated claim. And it appears he came very close to winning that wager. Perhaps someone advised him that the NSA couldn't release his emails.

Then again, perhaps he actually does remember that episode as being much more than it appeared on paper. He's in the thick of stealing information and talking to journalists at that point; to the paranoid facts are freighted with a heavy meaning well beyond what they can actually bear. If he misinterpreted that episode to such an extent, who knows how he remembers other things.

I'm not sure what the news article is intended to show, other than Snowden functioning in an IT help capacity (nothing wrong with that at all, but somewhat at odds with his self-portrayal, though the exchange may not show his typical duties), and a lot of email traffic that highlights a very cautious approach to responding to Snowden that walked the line of being too risk-averse.

I don't see anything in the article showing that Snowden made anything approaching actual complaints or concerns about NSA collection or analytical activities. Did I see something about him being an analyst trainee in 2013?

JG4June 9, 2016 12:32 PM

This follows Clive's hypothesis of a long game in which Snowden has played very shrewdly. Suppose that Snowden pursued the questions further than has been described by either side. And that his first gambit was to get them on the record as saying that indeed law trumps executive order. Suppose that Snowden knows that much of the illegal activity pretends the opposite. He has set a trap. Time may tell if the trap was sprung by his further inquiries and the responses to them, neither of which have come to light. It is clear that they are lying and that it is part of the culture. I've probably said before that with the right safeguards, the spying would be a good idea. I've probably said before that Snowden proved we are light-years from the right safeguards. Would you trust a perjurer? I'd like to see them drawn and quartered after a fair and speedy trial.

ianfJune 9, 2016 1:15 PM


@ JG4 “… Clive's hypothesis of a long game in which Snowden has played very shrewdly. Suppose that he pursued the questions further than has been described by either side. And that his first gambit was to… ” (Cc: Clive R.)

Enough, now. While there can be no doubt that ES had some kind of a "game plan" (=a scenario for how to do the deed AND exfiltrate himself to safety), wild speculations like that serve no purpose whatsoever.

Enough—the guy is in a place that's hardly of his own choice, and in which he may well die of old age – or, if pardoned off by some future POTUS, won't be able to go back to his native country anyway, because (who knows?) future Yankee generations may not give a toss about his once fighting also for their rights, all pro-publico-bono[*], and only ever have heard of him that he was THE traitor. So leave it be.

[^*] just as—by analogy—I couldn't care less that some mythical "Jesus" supposedly died on the cross ALSO FOR MY SINS. ?WHAT SINS?

Olly olly oxen freeJune 9, 2016 2:25 PM

In a clever ruse, Skeptical takes off his beltway-suckup mask and enters stage left. But he forgot he's still wearing the red rubber Bozo nose. His fixations are unchanged. Any universal-jurisdiction court or tribunal now has evidence implicating NSA officials in targeting combatants and protected persons for murder and torture. Any treaty party now has forensic-quality evidence of duplicitous proceedings to suspend treaties and impose countermeasures. They can pin it all on specific upper-echelon NSA bureaucrats and their flunkies. NSA is proven complicit in the gravest crimes of concern to the international community, but skep thinks no one will notice if he just yammers Snowden Snowden Snowden Snowden Snowden Snowden.

Snowden lives with his smokin-hot girlfriend in a country with better human rights protections than yours, world-class high culture, and the only Champagne appellation outside France (Szampan, it's excellent, not that you could ever try it, you're in the Chairborne Division.) He's living the dream and laughing at you chumps shaking your fingers. Anybody good at NSA is plotting to follow his lead. He'll come back, if he wants, when you go to war with Russia and get crushed.

Give it up, Skep. This is not like where you work, there are smart people here.

Tracy ReedJune 9, 2016 7:27 PM

This is a terrible article and while I suspect he did try to tell them this article nowhere near proves it. One email query asking whether executive order takes precedence over legislation does not constitute warning the NSA about their illegal programs.

The title makes it sound like an NSA "gotcha" but it is far from that. There's basically no point in reading this. It says nothing of any interest to someone interested in the question of whether or not Snowden tried to go through channels to tell them he had a problem with what they were doing.

Douglas CoulterJune 9, 2016 8:52 PM

I greatly enjoyed the lot of you tearing up TED and Skeptical - great humor. They are so bad at "influencing the conversation" I almost have to believe that like some DDOS attacks, they serve merely to distract from the real attack. While I'm sure on consideration that most of the people I admire here (too many to mention easily and I fear I might leave some out - you know who you are) would easily realize this in hindsight...I just thought I'd leave this here.

Or does pretending to be fooled and drug into pointless refutation of flawed arguments count as a different type of winning? How many plies are present here?

Secret Password: [Enter]June 9, 2016 10:29 PM

Word, M. Coulter. skep's reputational suicide mission is to draw flak and go down in flames in a spectacular diversion, distracting us from the naughty bits Guccifer unzipped for Russian intelligence, i.e. the Saudi terrorist hush money paid to the Clinton Foundation so CIA can keep the domestic Gladio strategia della tensione carnage coming: https://imgur.com/oWwzlD0

Also, that way we won't notice that spying on USG is like taking candy from a anencephalic Zika baby.

Dirk PraetJune 10, 2016 5:28 AM

@ Skeptical

I don't see anything in the article showing that Snowden made anything approaching actual complaints or concerns about NSA collection or analytical activities. Did I see something about him being an analyst trainee in 2013?

Neither do I. It is however worth noting that Snowden on Twitter has said that the documents do not reflect the entire timeline of his "complaints" and that the FOIA does not include any pre-213 email discussions, IRC, Jabber or Lync transcripts. Neither does it include colleague testimony. Which leads him to believe the documents are intentionally deceptive.

So obviously someone is lying. Whom you to chose to believe ultimately comes down to a matter of trust. Snowden deniers like @He-who-cannot-be-named will claim he has been lying about everything all along, whereas others will point out that the NSA and the US IC in general don't exactly have an impeccable track record for coming clean and telling the truth either.

I'm not sure whether or not Snowden actually has a copy of said emails/chat transcripts, but even if he did there would probably be little point in publishing them as there would be no way to unequivocally prove their veracity. If I were him, I'd probably also hold on to them if ever it would come to a trial.

One of the more interesting takeaways from the article however is that the NSA seems to have changed or clarified the channels through which people can raise concerns. This was obviously not entirely clear even within the organisation, and which seems to corroborate Snowden's allegations that the procedures in place at the time for all practical purposes were inadequate.

@ Tracy Reed

The title makes it sound like an NSA "gotcha" but it is far from that.

I concur. The title reeks of sensationalism.

Clive RobinsonJune 10, 2016 6:27 AM

For those making comment about the quality of the reporting, some sailent information that I have dug out might be of interest...

Rupert "the bear faced lier" Murdoch of News International informy owns a substantial chunk of Vice, (atleast 1/20th easily tracable so possibly quite a bit more untraceabley). His son James "lame brain" Murdoch who had to be hurried out of the UK some years ago to prevent further questioning about illegal surveillance blatently carried out under his watch, is a Vice Boardmember. Which is kind of funny when you hear their Murdoch ranting and invective against the BBC and other media outlets, especialy those acuratly reporting on the Murdoch peccadilloes and more agrevious morals and failings.

Some of those who happen to have fallen foul of the Murdoch morals and failings are themselved Vice Journalists. Just a short while ago it would appear "lame brain" followed through on "the bear faced liers" future directions visions that only TV journalism is going to bring in the bread. Thus Vice has had to make adjustments to the whim of what some call "the running dog of capitalism" and "one time model of a James Bond villain" as he now "dribbles and widdles his pants". And thus Vice look totaly inept as they have sacked the entire editorial teams in their London Office working on non-video "logo marketing" plays, as well as two foreign corespondents.

So I would expect the Vice website to quickly become "paywall clickbate" with a liberal sprinkling of photographs of Z-list celebs and those bits more normally hidden by even minimal swimware, as is Murdoch Seniors prediliction.

If their are any Ex-Vice editorial team who are reading this you have my commiserations and wish you well for the future.

LukeJune 10, 2016 6:11 PM

@ Bumble Bee says, "So with Snowden's taking refuge in Russia, and Assange in the BRICS-allied Ecuadorean embassy ... there is more to this than meets the eye."

There is definitely more that hasn't meets the eye.

The current war on govt black ops appears to be a coalition made up of various sorts. Namely the black ops have gotten to be powerful enough to cross into the civilian side of things and the powers that be in this sector, due to the advant of Internet (of sorts). Lawful interception when applied to internet is not only an intrusion into civil liberty but also dark secrets of the workings of society. This is akin to releasing the Panama Papers on the Xi family associates, which is debatably another turf of wars among the elites.

What Mr. Snowden brought about isn't just the documents, but an inspiration that more may/will follow. This is an ideology war, a battle for the moral high ground, of quasi-"journalism" versus patriotism, of fascism vs. corporatism.

As the Chinese said, may we all live in interesting times.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.