What I came to feel is that a regime that is described as a national security agency has stopped representing the public interest and has instead begun to protect and promote state security interests.
—EDWARD SNOWDEN, Moscow, 2014
SOON AFTER Snowden failed to get an SES job at the NSA in September 2012, he intensified his rogue activities. As we’ve seen, part of Snowden’s job as a system administrator under contract to Dell was transferring files held at Fort Meade to backup computers in Hawaii. He “was moving copies of that data there for them,” said Deputy Director Ledgett, “which was perfect cover for stealing the [NSA] data” through the fall and winter of 2012. The security measures at the Hawaii base presented no obstacles to him because, as a system administrator, he had privileges that allowed him to copy documents that had not been encrypted. Indeed, it was part of the process of building the backup system. The flaw he had pointed to in Japan, in which system administrators working solo could safely steal files, also existed in Hawaii, as we know. This time, however, instead of bringing it to the attention of the NSA, he used it to steal files.
Snowden could be confident that his thefts of documents would go undetected. Real-time auditing of the movement of documents, which was done at NSA headquarters in Fort Meade and most of the NSA’s regional facilities, had not yet been installed at the Hawaii base, because a lack of bandwidth prevented the safe upgrading of the software. This auditing software was scheduled to be installed after the backup system was completed in 2013. The Kunia base was one of the last NSA bases that did not monitor suspicious transfers of files on a real-time basis. Snowden was aware of this deficiency; he later pointed out in his interview in Wired that the NSA base where he worked did not have an “audit” mechanism. This security gap allowed Snowden, using his system administrator’s credentials, to copy classified data to a thumb drive without anyone’s being able to trace the copied data back to him. According to the NSA’s subsequent damage assessment, he stole many thousands of pages while working for Dell in 2012 before he contacted journalists. Ledgett subsequently reported that the NSA analysis of the fifty-eight thousand documents that were given by Snowden to journalists in June 2013 showed that most of them were taken while he was still working at Dell.
This theft was made even more serious by the interconnection of NSA computers with those of other intelligence agencies. Prior to the 9/11 attacks in 2001, “stovepiping” had protected NSA data on its computers from networks used by other intelligence services. After the 9/11 Commission concluded that part of the reason U.S. intelligence agencies were unable to “connect the dots” in advance of the attack was related to this practice, the NSA stripped away a large part of its stovepiping. As a result, the NSANet, which Snowden had access to at Dell in 2012, became a shared network with “common access points,” as the former NSA director Michael Hayden described them to me, which made them the equivalent of “reading rooms” in a library. They served as a means for NSA workers to exchange ideas about the problems they were encountering on various projects for the intelligence community. In maintaining them, system administrators, or “system admins,” like Snowden, acted as the “librarians.” If a system administrator copied data from this network, no one knew.
For Snowden, the NSANet, which included CIA and Defense Department documents, provided a rich hunting ground in the fall and winter of 2012. Many of the documents he took off the NSANet revealed operations not only of the NSA but also of the CIA and the Pentagon. By taking them, he had come to a Rubicon from which there would be no return. He later explained in an e-mail to Vanity Fair from Moscow, “I crossed that line.”
As far as is known, Snowden was not sharing documents with any other party prior to May 2013. He was not even yet in contact with Poitras, Greenwald, or any other journalists. Presumably, Snowden was collecting them on drives—despite the risks that possessing such a collection of secrets might entail—for some future use.
Why would Snowden jeopardize his career and, if caught, his freedom by undertaking this illicit enterprise? He might by now have had strong ideological objections to the NSA’s global surveillance. As he said later in Moscow, “We’re subverting our security standards for the sake of surveillance.” Ordinarily, though, even ideologically opposed employees don’t steal state secrets and risk imprisonment. If they are disgruntled, they seek employment elsewhere. Certainly, Snowden, with his three years’ experience working for Dell, would have little problem finding a job as an IT worker in the booming civilian sector of computer technology. Instead, he sought to widen his access to NSA documents. This behavior suggests that he might have had another agenda. One possible clue to it is the first document he took: the NSA exam. The answers to the questions in it represented to him a form of tactical power. Those answers could empower him to obtain a more important job in the NSA itself that would allow him to burrow deeper into the executive structure of the agency. Holding such a job would unlock the door to documents containing the NSA’s sources stored in areas not available to Dell contractors like himself.
His later actions demonstrated that he equated the possession of such secrets with personal power. For example, after he arrived in Moscow in 2013, he bragged to James Risen of the Times that he had access to secrets that gave him great leverage over the NSA. He told him specifically his access to “full lists” of the NSA’s agents and operations in adversary countries could, if revealed, close down the NSA’s capabilities to gather information in them.
Such a fascination with the power of government-held secrets has always been a core concern of radical Libertarians. In his 1956 book, The Torment of Secrecy: The Background and Consequences of American Security Policies, the sociologist Edward Shils brilliantly dissects the fascination with secrecy among individuals who fear that government agencies will use covert machinations against them. In Shils’s concept, this counterculture is “tormented” by the government’s possession of knowledge unavailable to them. Members of this culture tend to believe that the agencies that hold these secrets, such as the FBI, the CIA, and the NSA, can control their lives; they also believe that obtaining such secrets will give individuals power over government.
Snowden himself was concerned with a coming “dark future,” which he later described as follows: “[The elites] know everything about us and we know nothing about them—because they are secret, they are privileged, and they are a separate class…the elite class, the political class, the resource class—we don’t know where they live, we don’t know what they do, we don’t know who their friends are. They have the ability to know all that about us. This is the direction of the future but I think there are changing possibilities in this.”
To change the “dark future,” someone would have to know the secrets of the “elites.” Snowden saw himself as one of the few individuals in a position to seize state secrets from those elites. He had a SCI (sensitive compartmented information) clearance, a pass into an NSA regional base, and the privileges of a system administrator. This position allowed him to steal state secrets and whatever power that went with them. And if he moved to a position that gave him greater access, he would, in this view, amass even greater power.
Whatever his actual agenda in 2012, we know that he tested possible reactions to a leak exposing NSA surveillance in the United States. He asked fellow workers at the NSA base in 2012, according to his own account, “What do you think the public would do if this [secret data] was on the front page?” He asked this question at a time when a large number of State Department and U.S. Army classified documents had been posted on Julian Assange’s WikiLeaks website. These WikiLeaks revelations made, as Snowden knew they would, front-page headlines. His “question” was only rhetorical. No covert NSA document had ever been published in the press as of 2012. One reason why NSA documents remained secrets, as all intelligence workers at Dell were told when they signed their oath to protect NSA secrets, was that the unauthorized release of communications intelligence documents would violate U.S. espionage laws. Even so, there was no shortage of activists overseas, such as Assange, who would be willing to publish NSA documents revealing its global surveillance activities. Cyberpunks, as these activists called themselves, tended to be hostile to the NSA because they believed (correctly) that it monitored their activities on the Internet. This anti-NSA view was well represented at the Chaos Computer Club convention in Berlin in 2012. In addressing these cyberpunks, Assange and his followers at WikiLeaks declared that the main enemy in cyberspace was the NSA. The NSA documents Snowden had taken were far more explosive than anything Assange had posted to date because they contained NSA intelligence source material.
In the late fall of 2012, Snowden further tested his newly found powers. Using an alias, he reached out to some of the leading hacktivists. It opened a door for him to the darker side of cyberspace.