CHAPTER 6

| I Spy |

The Government’s Secrets

On January 8, 2013, I’m on my way to meet the contact who will be part of the process that gets my computer analyzed by a confidential source inside the government. I refer to my direct contact as “Number One.” He’s suggested a rendezvous at a McDonald’s in Northern Virginia. When I enter with my laptop tucked under one arm, I scan the patrons and correctly guess which one is my guy. I slip into his booth and we shake hands across the table. No need for formal introductions. After a little small talk, he addresses the issue at hand. He’s a matter-of-fact kind of guy.

“I’ll tell you one thing. People would be shocked to know what this administration is doing in terms of spying on the American public.” That’s uncannily close to what Jeff had said to me just a few weeks before. And the two men don’t know each other. But both are connected to government three-letter agencies.

Number One explains his arrangements to have my computer analyzed. What I’ll receive is a verbal report. Because of who’s helping me, I won’t get an official written report. I understand the terms.

The next day, I’m working at my desk at CBS News when my mobile phone rings. It’s Number One.

“I thought I’d give you an update,” he says. “Our friend started looking at the product. He’s not finished yet but it’s proving very . . . interesting.”

He stops.

“Did he find something?” I ask, filling the silence.

“Yes. It’s positive.”

Positive. For what? Positive that nothing is wrong? Positive for some sort of spyware?

“Really?” I say.

“Yeah,” Number One continues. “I wouldn’t have believed it. It’s pretty shocking. We’re all kind of in a state of shock right now. I don’t want to say too much on the phone. In fact, I’d advise you to start using a burner phone. Do you know what that is?”

I do. The kind of phone that drug dealers and terrorists use so they can’t easily be followed. He says I should use burner phones and switch them out frequently. At least every month. And don’t use them from my house.

“I’ll be able to give you more information tomorrow,” he says.

We meet at the same place. We settle into a McDonald’s booth and look around. For what, I don’t know, but we look. Number One hands me my laptop and a piece of paper containing some typed notes. For both of us, our worldview has changed just a little.

“First just let me say again I’m shocked. Flabbergasted. All of us are. This is outrageous. Worse than anything Nixon ever did. I wouldn’t have believed something like this could happen in the United States of America,” says Number One.

He’s impassioned. My attention level escalates. Just two days ago, I’d been fully prepared to be told there was nothing suspicious in my computer. Or maybe that all the evidence was gone. I might be told that the idea of the computer being tapped was the stuff of science fiction or an Orwellian novel. I never thought I’d hear what I was hearing.

Referring to the typed notes, Number One tells me that my computer was infiltrated by a sophisticated entity that used commercial, nonattributable spyware that’s proprietary to a government agency: either the CIA, FBI, the Defense Intelligence Agency, or the National Security Agency (NSA). This particular intrusion came in silently attached to an otherwise innocuous email that I received and opened in February 2012. The intrusion was “redone” in July through a BGAN satellite terminal. I don’t even know what a BGAN satellite terminal is, but I later look it up online and find this ad:

BGAN Portable Satellite Internet & Phone. Connect a Laptop, Smartphone or Any Wireless Device to a satellite terminal for High-Speed Internet and phone from anywhere on the planet. Terminals are small enough to be carried inside of a laptop case, yet deliver broadband up to 492 Kbps. . . . BGAN is the hands down winner for carry portability, and ease of setup by anyone.

Number One continues.

The intrusion was “refreshed” another time using Wi-Fi at a Ritz Carlton hotel. The uninvited programs were running constantly on my laptop. They included a keystroke program that monitored everything I typed, visited online, and viewed on my screen. They accessed all of my email including my CBS work account. They obtained the passwords to my financial accounts and other applications, some of which are noted on the typewritten paper that I’m staring at. I’m told that I should assume my smartphones are also afflicted.

Continuing on, the intruders discovered my Skype account handle, stole the password, activated the audio, and made heavy use of it, presumably as a listening tool. As I understand it, the intrusion stopped abruptly about the time that I noted my computers quit turning on at night. Did the intruders know by reading my emails and listening to me on the phone in early December that I was on to them? Did they remotely attempt to stop the programs at that time and cover their tracks, resulting in the end of the overnight computer activity?

Number One goes on to say that this was probably not a court-sanctioned action. He says the government’s legal taps are usually of much shorter duration and they don’t end abruptly as this one did. I’m also told flatly that my surveillance doesn’t match up with a PATRIOT Act order. An insider checked for me. I have many questions, but Number One can’t answer them. He’s just the messenger.

There’s one more finding. And it’s more disturbing than everything else.

“Did you put any classified documents on your computer?” asks Number One.

“No,” I say. “Why?”

“Three classified documents were on your computer. But here’s the thing. They were buried deep in your operating system. In a place that, unless you’re some kind of computer whiz specialist, you wouldn’t even know exists.”

“Well, I certainly didn’t put anything there.”

“Just making an educated guess, I’d say whoever got in your computer planted them.”

That’s worth pausing to let the chill run all the way up the back of my neck to the part of my brain that thinks, Why? To frame me? A source? My heart accelerates. I’m thinking it, but it’s Number One who finally breaks the silence to say it.

“They probably planted them to be able to accuse you of having classified documents if they ever needed to do that at some point.”

So a government-related entity has infiltrated my computer, email, and likely my smartphones, and that included illegally planting classified documents in a possible attempt to lay the groundwork to eventually entrap or frame me . . . or someone who talks to me? As it begins to sink in, I think of the whistleblowers and sources who have spoken to me over the past two years, often confidentially. By having well-placed sources help me discover this infiltration, did I just dodge a bullet? Did I get them before they got me?

Number One has firsthand experience in covert government surveillance. “Reporters used to be off-limits,” he opines. “Even when we had a court order on a bad guy, if a reporter even lived anywhere in the vicinity, we stayed away. You just didn’t go near journalists. It was sacrosanct. Obviously, that’s changed.”

I tell him about the extra fiber optics line on the back of my house.

“It’s possible somebody was using that,” he tells me. “But taps aren’t usually done at people’s homes anymore. It’s all done through Verizon. They cooperate. There’s no need to come to your house; we can get everything we want through the phone company.”

This is months before Edward Snowden would reveal exactly that, building on revelations by New York Times reporter Risen and others who had written as far back as 2005 of phone companies assisting the government with surveillance.

I gather my laptop and notes, get a Coke to go, and know that the next step I need to take is notifying my supervisor at CBS News. The implications far surpass my own computer and personal life. The infiltration includes the CBS email system and the news division’s proprietary software used in writing scripts and organizing the daily news broadcasts. The intruders could have accessed the entire CBS corporate system. This is huge. I can’t reveal to CBS who’s helping me or exactly how I know what I know, but they’re aware that I have well-placed sources.

| NOTIFYING CBS

I walk straight into the CBS News Washington bureau and look for my bureau chief, Chris Isham. Isham is a longtime investigative reporter with plenty of knowledge about the way the government operates. He’ll understand more than most the implications of what I’m about to tell him. He invites me into his office and closes the door. He sits on a short couch, and I plop into an adjacent chair with my notes and fill him in.

“I can’t be the only one they’re doing this to,” I conclude.

“I know,” he agrees. “You can’t be.”

But Isham doesn’t want to sound the corporation’s alarm bells yet. He explains that since my sources have to be protected, even from CBS, we will reach out to a trusted, private analysis firm and see if they can duplicate the findings of an intrusion on the CBS computer. If so, he says, we can then go to CBS News chairman Jeff Fager and CBS News president David Rhodes with the information.

But there’s a challenge with this plan: I notice that that typewritten note from Number One says my computer is now “clean.” Does that mean everything has been wiped from it?

I communicate with Number One to ask the question. The next day, he returns with an answer. The inside government analyst did wipe the computer.

“Why did he do that?” I ask Number One. I’m forever grateful for the help he’s given. Without it I probably wouldn’t even know today that I’d been the subject of a criminal intrusion. But why did he wipe the evidence?

“I don’t know. I’m not sure in the beginning we really expected to find anything. And I guess we never talked about what the procedure would be if we did,” says Number One.

It’s true. In fact, I’m pretty sure none of us in the group actually expected any real evidence to be discovered. We never played out the scenario.

“Maybe he thought he was doing me a favor,” I suggest. “Maybe he thought he was helping me by cleaning up my computer and getting it running smoothly again.”

Cleaned up. Running smoothly, say the notes on the typewritten paper. Duplicating the evidence now will take a miracle.

| THE MCALLEN CASE

The MCALLEN Case begins on February 2, 2013.

We’re expecting snow on a chilly Saturday in Northern Virginia. The doorbell rings and I greet the very businesslike Jerry Patel,* the private computer forensics analyst hired by Isham at CBS. Patel is doing CBS a favor by coming here. I haven’t shared many details with him and I can tell at the outset he doesn’t really expect to find anything significant. He thinks he’s here to put my mind at ease. To assure me that the strange goings-on with my computers aren’t the work of any intruder. Maybe just ordinary malware, a nagging virus, or a glitch.

I begin with niceties but none are necessary. Patel patiently tolerates the introduction before asking to be directed to the star of the show: my computers. I lead him upstairs into my bedroom and adjacent office. At night, this entire area becomes my workspace. My husband knows that when I’m on an important story, this is the business space until one or two in the morning. Forget about lights out.

Patel sits on the couch in my bedroom and unlocks a briefcase full of gear like a high-tech handyman. He tells me he’s given this job a code name: The MCALLEN Case. I give a brief summary of what’s been going on. Then he opens up the CBS News laptop and begins deconstructing the files. He transforms the user-friendly format of my Toshiba Windows into a baffling screen full of lines punctuated by brackets, forward slashes, and question marks. He looks in places that most of us have no idea exist in our computers. I’m practically breathing down his neck as I watch his fingers dance along the keyboard and his eyes scan one line after another. As the hours pass and my mind gets accustomed to looking at the gibberish, it almost begins to make sense to me.

Other than a few “nonstandard” observations, the process is frankly pretty mundane. That is, until the date of December 9, 2012, surfaces. That was the time frame when I noticed that my computers had stopped freelancing on me.

“It looks like what we’re seeing here is a log-in attempt at 4:20, approximately 4:20 and three seconds in the morning on December 9, 2012.”

His voice has escalated from the soft monotone to somewhat expressive for the first time on the visit. I wasn’t the one who attempted to log in at 4:20 in the morning. Patel spots another suspect message on December 12, 2012.

“What’s unusual is audit policy changes.”

He tells me that someone with administrative privileges, not me, has taken action in my computer. His voice becomes excited.

“Someone changed the audit policy at 8:48 in the morning . . . your computer rebooted at one o’clock in the morning. . . . So we’ll go backwards. Here we go. December 11 we’re back at the time in question. 4:05 [a.m.] . . . all right.”

I don’t know how to interpret what he’s saying but I’m following along as he points to the lines on the screen.

“But you see . . .” he says, pointing to 4:05 a.m.

“There’s nothing there . . .” I observe.

“Oh boy.”

“What does that mean?”

“Ohhh boy. Look at the difference. December 10, 5:00:50 seconds. December 11th. Someone removed 24 hours.”

He exhales, makes a whoosh noise, and summarizes.

“We have evidence that shows 24 hours, 23 hours of log messages have been removed. That’s suspicious behavior.”

Now he’s breathing heavily. It alarms me because it alarms him and he’s not easily alarmed. His voice becomes more formal and he launches into what sounds like a speech for posterity.

“In my professional opinion, someone has accessed this box. I’m going to be honest with you. I was hoping you weren’t infected. But . . . I see evidence that shows a deliberate and skilled attempt to clean the log files of activity.

“Approximately 23 hours . . . 22 hours, 55 minutes of log messages have been removed. That is extremely nonstandard, especially considering the act of clearing a log is a log message in and of itself. So I am now going to concur with . . . I’m starting to concur with your suspicions.”

His findings are lining up with what my earlier analysis found.

“Well, I suppose this visit wasn’t for nothing then,” he says. Deeper offsite analysis will be required.

It’s dusk and the clouds are heavy with impending snow. Patel has been here six hours now and needs to head back to town to meet friends for dinner. Before he leaves, he wants to take a quick look at my personal Apple iMac desktop computer. Since his time is short, I ask him to go straight to December 9 on the iMac, too. If the intruders removed evidence of their presence from my laptop around that time, they might have tried to cover their tracks on the iMac desktop as well. Within a few minutes, it’s confirmed.

“Oh shit!” The high-tech handyman is now fully animated. “Pardon my French but . . .”

“That’s gone, too?” I say, looking over his shoulder.

“That’s now a pattern. . . . We have a gap,” Patel reports in the official posterity voice. “A second gap from December 8, 2012, 10:12:11 p.m. to December 9, 2012, 3:18:39 p.m. That’s not normal. Someone did that to your computer. Two separate instances showing the same MO. That shows knowledge of the event logging and it shows skill. Somebody’s deleting days of messages. . . . That shows skill.”

He then searches through what he says is a key file.

“It should be bigger than that. It should be huge. Somebody deleted the file on December 11. It’s not supposed to be like that. It’s supposed to have lots of data in it and it doesn’t.”

“So what does that mean?” I ask.

“Someone was covering their tracks.” Long exhale.

“So they would’ve done that remotely? ’Cause no one’s been in the house.”

“Yeah. We’re examining the last log. And we have a deletion wtemp log that actually begins Saturday, December 11. Suggests the log was deleted on that day.”

He proposes conducting further analysis at his office. But he tells me at the outset that he doesn’t think he’ll be able to attribute the intrusion to the guilty party. He can already see that from his cursory analysis. They’re too sophisticated, he tells me. Too skilled. This is far beyond the abilities of even the best nongovernment hackers. They’ll have covered their tracks.

It’s snowing now. And dark. Patel remarks that sometimes his computer forensics job is a little dull. But the MCALLEN Case is not. He rushes off to meet his friends, leaving me and my compromised computers. I look out the window and watch his headlights track down my long driveway and down the road until they disappear. What now? As someone who’s usually constantly online, I don’t much feel like working on my computers tonight.

Two days later, Patel sends an email to Isham and copies me. I hear his voice in my mind as I read his words. “It is my professional opinion that a coordinated action (or series of actions) have taken place. I don’t wish to go into details because the integrity of email is now in question. . . . It bothers me that I was not able to leave Sharyl with an increased sense of security Saturday evening, but hopefully we can all work together to remedy this ASAP.”

It’s February 4, 2013. Three and a half months before revelations about the Obama administration’s seizure of AP phone records and those of the FOX News reporter. Almost exactly four months before the news that the NSA is secretly collecting Verizon phone records, as revealed by Edward Snowden.

| THE DISRUPTIONS CONTINUE

When you challenge powerful institutions in the twenty-first century, you conduct your business with the notion ever present in the back of your mind that somebody’s listening. Tapping your phone. Reading your computer files. Trying to learn what your sources are telling you. Finding a way to stop you. These thoughts float through your mind, escalating in direct proportion to the strength of the story and the power held by whomever it challenges. You think of it, but you don’t really believe it’s actually happening. You certainly don’t think someone will turn up one day and hand you proof.

In fairness, I’ve begun telling my sensitive sources that our communications aren’t secure. Funny thing is, none of them is surprised. They tell me they already assumed they were under government surveillance. But we do start crafting more secure ways to exchange information. For example, as I make contact with important confidential sources about the Benghazi attacks, I set up meetings on the phone but then later change the time and place in a way that can’t be monitored. Of course, the intruders now know that I know. And I know that they know that I know. And so on. It’s the loop of the paranoid wrapped in suspicion codified by truth.

CBS has remained strangely unfazed by the official news from Patel confirming what I’d told them: that an intruder has been in my computers and in the company’s news and corporate system. I’d thought that the moment they got the corroboration, it would set off processes and inquiries. That corporate forensics experts would descend upon me and my house, looking to secure my personal and professional information, to protect my sources and look for the origin. That my colleagues would be officially notified so that they, too, could make their sources aware and a damage assessment could be made.

But none of these things happens.

CBS does ask Patel to conduct further investigation, but there seems to be no particular urgency, and he comes to the Washington bureau to pick up my laptop. We’ve kept it off the CBS system since the day Number One first gave me the news. I sign the chain-of-custody document and hand over the computer. I wonder if the intruders have already penetrated my newly issued CBS News laptop. When I earlier recounted to Number One how I heard the castle lock sound one night and assumed the intruder had been locked out of the CBS system, he practically chuckled, like a patient elder speaking to an ingénue.

“You may have heard that sound but I hate to disappoint you—we can cut through that firewall like butter. It’s not an impediment.”

Patel and his company are working for CBS. They’re clearly tasked with protecting the network’s security, not mine. But they do sit down with me and Isham and have a serious conversation to say that I should find ways to better protect my computer privacy. Aware of the persistent interruptions in my FiOS service, they tell me that I should have my Verizon FiOS box replaced again, and relocated inside the house.

“Insist on it,” one of the experts tells me. “Don’t take no for an answer. Don’t let them leave the house until they replace it and move it.”

Add to the glitches a new one: our Internet has begun disconnecting anytime a landline is in use. My kid’s on her iPad, the phone rings, I answer it, and blop, she’s bumped offline. I’m doing business on my Apple desktop, I pick up the phone to make a call, and blop, my Internet connection drops. You don’t realize how often you use the phone and the Internet at the same time until you can’t. So in early February 2013, a Verizon technician visits our home and two supervisors show up, too. A three-fer. The tech sits upstairs and works on my Apple desktop beside the router. The male supervisor comes, takes a look around, and leaves. The female supervisor chats up me and my husband downstairs in the kitchen. We mull over the familiar disturbances and I direct them to replace the whole outdoor box and move it inside. They tell me it’s not necessary. I keep thinking of Patel saying, “Don’t take no for an answer.” So I tell the Verizon pair that I have a security expert who insists this step be taken. But they’re formidable. It’s not necessary, they say. They know their business. As adamant as I am about moving the box, they’re just as adamant about not doing so. If I’m concerned about security, they say, there are lots of private consultants whom I can hire to help me. The tech gives me a name and number for one of them. He says there are many folks in Northern Virginia who need those special types of services. When the Verizon pair departs, our Internet is working, but the other same old problems persist.

I’ve been an Apple user since my first personal computer purchase circa 1989. My Macintosh, my Quadra, my Color Classic, my Performa, my iMac. As far as I know, I’ve never had viruses or major malfunctions with my Apples. I replace them not because they break but because they eventually run out of memory or I want the next generation. But now, my Apple iMac desktop begins a new behavior I’ve never before observed: it winds itself into a fever. The fan starts churning and the pitch gets higher and becomes so loud, it sounds as if it’s going to explode. We shut it down and restart it but it happens again. On the third day of this, my daughter runs from the computer down to the kitchen.

“It’s burning up!” she tells me.

I rush to the iMac to find it frozen, whining in its pre-explosion-sounding state, and it won’t let me shut it down. This time there’s a pungent smell of burning electronics. I reach underneath the desk and unplug it: that’s all she wrote. The iMac is deceased. R.I.P., faithful Apple, you were so young.

My husband and I are weighing whether and how to file a criminal complaint over the intrusion. A crime has been committed. Someone has, in essence, illegally entered my property and violated the privacy of my entire family. They’ve stolen my property by rifling through my work and removing data. They’ve placed classified materials on my computer for motives that can’t be considered anything but nefarious. But when the culprit is believed to be connected to the government, to whom, exactly, does one go to complain? Can you really turn to the Justice Department’s FBI when the Justice Department might be part of the plot? I consult some trusted advisors and decide to file a complaint with the Department of Justice inspector general.

Every federal agency has its own inspector general designed to serve as an independent watchdog. The way I figure it, the best-case scenario is that the IG is honest and conducts a real investigation. Worst-case scenario: nothing comes of it, but at least the inquiry puts operative insiders on official alert: your actions are known and being probed. The idea is to try to create an environment that makes their deception and cover-up that much more difficult. So on April 3, 2013, I file the complaint. It’s six weeks before the government snooping scandals would be revealed.

In a way, I’m at the center of the ultimate story. As disturbing as it is, I also find it intriguing. A widening circle of sources and contacts is interested, too. Some of them want to help me. They clue me into the many possibilities that exist. There are a thousand ways to spy on a private citizen. When we meet, before they speak to me, they put away their smartphones and tell me to lose mine, too. They don’t want to talk in my house. I lose count of how many of them tell me that the government—or anyone with skill—can remotely turn on my smartphones and listen to me. Not just when I’m using the phone, but even when I think it’s powered down. As long as the battery’s in it, they can activate the microphone to hear what I’m doing and to whom I’m speaking. And when they’re doing this, the phone doesn’t appear to be on at all. Other sources tell me that sophisticated intruders have the capability to suck information out of my smartphones and computers, or for that matter put stuff in them, without even physically connecting to them. The devices simply have to be in proximity to the perpetrator’s smartphone or device. Just innocently put one on a table next to another and Floop! it’s compromised. How many times have I set my BlackBerry or iPhone near a colleague’s, a stranger’s, or a business associate’s? And pretty much all of my self-appointed advisors tell me to use burner phones, which I am. They suggest I should have an acquaintance who’s not closely connected to me purchase the device and buy the minutes. Switch it out a lot. One intelligence source advises me to remove the phone battery before I cross the threshold into my driveway. Don’t put the battery in or use the phone while in my house.

Two acquaintances with knowledge of government surveillance and spy methods insist on sweeping my house and vehicle for bugs and signs of intrusions. They don’t know each other and each uses different methods. They’re not official, professional sweeps, just what can be done with devices like simple signal detectors and a FLIR thermal imaging device. They feel that the government has overstepped its bounds by spying on me, and helping me makes them feel like they’re doing something about it. I appreciate their consideration, but I don’t think they’ll find anything.

“What’s the point?” I ask.

“You never know, you might be surprised at what turns up. And it’s no trouble to look,” says one.

Between the two of them, they check the walls, the telephones. Lamps, bookshelves. They climb into the attic, where the Verizon man once lurked. They disassemble my electric power strips, examine the alarm system, and sweep the inside and outside of my car. Nothing.

The truth is, I’ve given up on the idea of privacy for the moment. Those who possess the skills to do what they’ve already done can pretty easily penetrate most any computer or device, most anytime, most anyplace. One source explains to me that Microsoft works on coding with the government so that anti-malware programs view the government’s spyware as something friendly that belongs in the Microsoft environment. I belong here, the intruder tells the virus scanner. Move along, nothing to see, you amateurs. I can switch out phones, put a Band-Aid over the camera in my computer, and run debugging programs all day long. For those who have the toys and technology, defeating my defenses is child’s play.

On May 6, 2013, I make contact with an excellent source who has crucial information: the name of the person responsible for my computer intrusions. He provides me the name and I recognize it. I’m not surprised. It strikes me as desperate and cowardly that those responsible would resort to these tactics. That’s all I can say about that for now.

The inspector general’s office checks in and gives me a bit of information. It’s the same thing Number One told me in January: there’s no PATRIOT Act order on me. The IG official also says the FBI denies having anything to do with my situation. Naturally, I’m dubious. I wonder who at the FBI was asked, what words they used in their denial, and was any of this put in writing. I suggest to the IG official that he might not be getting the whole story. He wants to know if my sources will speak with his office. I approach Number One.

“Frankly, I’m not comfortable,” he tells me. “The IG works for the people who did this to you.”

Inspectors general are supposed to be independent watchdogs of their agencies, and the Justice Department IG has a good reputation. But there can be an element of political influence even in some of the best IG offices. Number One’s been around the block. He doesn’t trust the IG. He says I shouldn’t, either.

It’s with great interest that I retrospectively view an interesting publication on WikiLeaks to which a contact directs my attention. On February 27, 2012, WikiLeaks began publishing five million emails purported to be from the Texas-headquartered “global intelligence” company Stratfor. One document of particular interest is dated September 2010 and is titled, “Obama Leak Investigations.”

“Brennan is behind the witch hunts of investigative journalists learning information from inside the beltway sources,” it says. “There is a specific tasker from the [White House] to go after anyone printing materials negative to the Obama agenda (oh my). Even the FBI is shocked.”

All of this tees up the global news that’s about to break revealing the Obama administration’s surveillance of reporters—and the general public.

| OBAMA’S “WAR ON LEAKS”

Four months after Number One first identified my computer intrusions, I’m watching the news. It’s May 13, 2013, and there’s a breaking story that sets off a pang of familiarity. I instinctively feel that it’s related to my own situation. It’s not so much that the details are the same—they’re not. But there’s something about the story line: a U.S. government entity secretly, audaciously, reaching into the private communications of news reporters.

The news is that the Justice Department had seized the records of twenty phone lines used by employees of the news organization Associated Press. AP says the records are from personal home and cell phone numbers belonging to editors and reporters, office numbers of various AP bureaus, and AP phones used in the press quarters in the House of Representatives, where members of the media have office space. It’s unheard-of. Why did the government take this drastic measure? To try to catch and prosecute the government source who provided information for a 2012 AP story about a foiled underwear bomb plot. The Justice Department had issued the subpoenas to telephone companies but granted itself an exception to its own normal practice in deciding not to provide advance notice of its intentions to AP. Advance notice would have given AP the chance to challenge the move in court. Only now, months after the fact, is the Justice Department disclosing its controversial subpoenas to the news outlet’s managers. Incensed AP officials publicly attack the action as a “massive and unprecedented intrusion by the Department of Justice into the news-gathering activities of the Associated Press.”

It’s perhaps the first time the Obama administration feels the sting of meaningful criticism from such a wide-ranging group of news media. They’re calling it Obama’s War on Leaks. On May 14, 2013, a coalition of more than fifty news organizations, including ABC, CNN, NPR, the New York Times, the Washington Post, and the Reporters Committee for Freedom of the Press writes a strongly worded letter of objection to Holder. It reads in part:

The nation’s news media were stunned to learn yesterday of the Department of Justice’s broad subpoena of telephone records belonging to The Associated Press. In the thirty years since the Department issued guidelines governing its subpoena practice as it relates to phone records from journalists, none of us can remember an instance where such an overreaching dragnet for newsgathering materials was deployed by the Department, particularly without notice to the affected reporters or an opportunity to seek judicial review. The scope of this action calls into question the very integrity of Department of Justice policies toward the press and its ability to balance, on its own, its police powers against the First Amendment rights of the news media and the public’s interest in reporting on all manner of government conduct, including matters touching on national security which lie at the heart of this case.

The Justice Department responds to the growing privacy concerns by the media with a statement saying that it “takes seriously the First Amendment right to freedom of the press” and that Holder “understands the concerns that have been raised by the media and has initiated a reevaluation of existing Department policies and procedures.”

How does this story fit into my circumstances? It’s a puzzle I’m trying to sort out but a lot of the pieces are missing.

The AP story turns out to be the first in a rapid-fire succession of strange-but-true revelations about the government’s aggressive actions against news reporters. Less than a week later, on Sunday, May 19, 2013, comes word that the Obama administration has targeted another national news journalist: FOX News reporter James Rosen. Again, it’s supposedly part of a government leak investigation, this one into a State Department contractor who was later indicted. Attorney General Holder himself had approved the search warrant for Rosen’s Gmail account.

It’s so Orwellian for the government to aim its investigative resources and prosecutorial tools at reporters who are doing their legal job. Is this all part of a broad, secretive program to target the Obama administration’s reportorial enemies? Am I on the list, too?

It’s becoming clear that the administration is going after journalists and sources whom it views as the most harmful to its own self-interests. I think about when I was covering Fast and Furious and how the story reached all the way into the White House, prompting the president to declare executive privilege to keep from releasing documents to Congress. The government surely wanted to know what I knew and who was talking to me. Perhaps they felt they could justify monitoring me as another in this series of “leak investigations.” My Fast and Furious coverage bled over into the Benghazi period. The Obama administration was just as frantic over my reporting on that topic. Just as desperate to learn who was talking to me and what I was learning from them.

With the discovery about the intrusions on AP and FOX reporters, a new public sentiment seems to be building: ordinary people are frightened by and outraged over the perceived assault on journalists and their sources.

Just days into news of these controversies, I’m doing a round of radio interviews centered on my current Benghazi reporting. I’m on the air with Philadelphia radio talk show host Chris Stigall of WPHT 1210 AM when he segues to the subject of the government intrusions on reporters. I haven’t publicly discussed my own situation, which predates the public revelations about AP and FOX. But Stigall pops an unexpected question:

“Do you know if your phone was tapped or your emails watched or seized while you were having conversations with unnamed sources on Benghazi, Sharyl?”

Does he know? I hadn’t given any thought as to what I might say about my own computers. I answer the question on the spot without opening the door too wide.

“I’m not ready to fully speak publicly about some things that have affected me because I’m trying to be methodical and careful about what I say. But there has been an issue in my house, and there’s been an issue with my computers that’s gone on for quite a long time that we’re looking into.”

Stigall seems as surprised by my answer as I was by the question. For several minutes, he continues to press for more information and I give limited responses. I bring the interview to a close by saying, “There’s definitely been an intrusion into my computer system. I really can’t say more than that right now.”

I wouldn’t have predicted the avalanche of interest that this brief radio interview would generate. Within minutes, word of my computer intrusions is being circulated on Internet blogs and is being tweeted about on Twitter. I know nothing of the chatter until I get a call from the CBS News press office. Inquiries are pouring in. It’s not long before friends and family email to tell me that bloggers are speculating that the White House is bugging me. Or that I’ve mistaken a common computer virus or automatic Windows updates for something nefarious. Or that I’m being hacked by an old boyfriend. It’s funny to hear some work so hard to discredit so much with so few facts.

I haven’t named the Justice Department as a culprit or suspect. But considering the AP and FOX News incidents, it’s only natural that someone else in the media would ask the Justice Department to comment on the Attkisson case.

In response, the agency issues this statement: “To our knowledge, the Justice Department has never ‘compromised’ Ms. Attkisson’s computers, or otherwise sought any information from or concerning any telephone, computer, or other media device she may own or use.”

As someone who’s now an old hand at the way the administration parses words, my brain automatically shifts into read-between-the-lines mode.

To our knowledge . . . says the Justice Department’s quasi-denial. Okay, that’s a qualifier. Leaves open a little room. And who is “our” referring to in “To our knowledge”? Does it mean the guy who wrote the statement and another who pressed the SEND button? The whole press office? The entire Justice Department? Did officials there really, in the blink of an eye, conduct an investigation and question 113,543 Justice Department employees? That’s impressive! I’m still waiting for answers to Freedom of Information Act requests I filed with them years ago, but they’re able to provide this semi-definitive statement within minutes of the question being posed.

Oddly enough, most of my colleagues have been avoiding the whole topic of my computer intrusions. It seems they don’t want to think about it or talk about it or know about it. As if it’s somehow contagious. I haven’t offered up much information, but several of them are aware that the CBS analyst has confirmed my intrusion. Yet the natural curiosity you might expect from fellow journalists, the outcry, seems strangely absent. If the shoe were on the other foot, I’d be outraged that anyone had illegally entered the CBS computer system. If I were them I’d want to find out as much as possible to see if the same thing might be happening to me, potentially compromising my story information and sources. I’d wonder if the infiltrators had peered in my home computer, too, and if they’d rifled through my private files.

The new revelations about AP and FOX seem to trigger the first spark of interest from some colleagues.

“Is this what’s happening to you?” one of them dares to ask. Another ventures a little deeper.

“How does it make you feel to know the administration is going after you like that?”

I think for a moment.

“Effective.”

They don’t want to linger on the topic. They broach it, ask a question, make a joke, and move on. Like a butterfly lighting for a moment and then, thinking better of it, fluttering off.

| SNOWDEN AND CLAPPER: HARD TRUTHS

It’s hard to imagine there are more shoes to drop. But the next one is a bona fide rubber-soled size 14 extra wide. So large and damaging, it stands to undermine the credibility of the nation’s entire intelligence infrastructure.

On Wednesday, June 5, 2013, the Washington Post and the Guardian begin exposés that vault an unknown National Security Agency (NSA) contract employee named Edward Snowden into cult status as an American Patriot, Public Enemy #1, or both, depending on your viewpoint. Snowden’s information reveals a shocking government effort to watch over, or spy on, its own citizens—depending on your viewpoint.

Snowden reveals how the NSA has obtained direct access to the systems of all the trusted Internet giants that Americans commonly use, such as Google, Apple, and Facebook, as part of a program called Prism. Through Prism, government officials can collect the search histories, emails, file transfers, and live chats of ordinary, law-abiding citizens. The depth and breadth of the surveillance is mindboggling. The implied privacy violations and government overreach confound normal alliances. Some Democrats strongly question the initiatives. Many Republicans defend it.

Drip, drip becomes gush, gush, gush as a rolling wave of Snowden revelations washes up one sensitive and embarrassing government secret after another. Like the government’s controversial April 2013 order from the clandestine Foreign Intelligence Surveillance Act (FISA) court. The order compelled Verizon to provide the NSA, on an ongoing basis, all of its call detail records, or “telephony metadata.” Not only for calls that go abroad, but also for ones that take place wholly within the United States, including local telephone calls. The initiative is supposedly to protect us from foreign terrorist threats. But casting the net so widely—even applying to next-door neighbors calling one another here in the U.S.A.—arouses shock and outrage. The authority was first granted in 2001 under the PATRIOT Act. As Congress debated renewal of the act in 2011, two Democrats, Senator Ron Wyden of Oregon and Mark Udall of Colorado, foreshadowed the controversy to come. Both members of the Intelligence Committee, which oversees the intelligence community, the senators were privy to the surreptitious ways in which the government was granting itself and expanding authority, and pushing the bounds of the definition of “metadata”—which refers to impersonal data about data—to include more information, and compiling it in such a way that it can reveal personal details that were intended to be protected.

“I want to deliver a warning,” Wyden stated during the 2011 congressional debate over renewal of the PATRIOT Act. “When the American people find out how their government has secretly interpreted the PATRIOT Act, they will be stunned and they will be angry.”

Wyden’s words sound much like those of my sources the previous fall.

The average American would be shocked at the extent to which this administration is spying on its own private citizens.

Patel continues his examination of my computers but it seems to stall and languish. Weeks. Months. CBS managers are conspicuously silent on the issue of a possible connection between what’s happened to me and what we’re learning about the government’s overreach through the cases of AP, FOX, and Snowden. As if it hasn’t occurred to them. As if they’re not even a little outraged—or at least curious. In fact, they seem extremely uncomfortable with the fact that I’ve discovered unauthorized trespassers in my computers. I can’t explain it, but I’m now getting a vibe from CBS as if I’m the one who’s done something wrong for learning that my computers were infiltrated.

The strange vibe persists when I seek out an update on Patel’s computer forensics work. I find myself suddenly cut out of the loop. The computer firm had been communicating directly with me. But now, they won’t readily respond to phone calls and emails. It’s as if they’ve been instructed to slice me out of the communications channel. As I continue to press to find out what has become of the investigation, I eventually learn secondhand that Patel provided CBS a near-final draft report on May 9, but CBS hasn’t provided me with a copy or even told me that the report has been sent. I can’t explain why, other than intuition, but I get the eerie feeling that CBS wants to downplay what’s happened—maybe even try to advance a narrative that there was no computer intrusion. Why am I not in the loop on the findings of incidents that happened to me in my home?

To me, the pieces are starting to fit together. My case and that of AP and FOX are enough to suggest that the government had a coordinated effort at least by 2012, and probably beginning earlier, to target the leakers and reporters who were perceived as making the administration’s life difficult. Snowden’s revelations tie it all together.

If CBS is blind to the connection, it’s nonetheless occurred to some members of Congress and their staff. A number of them in the House and Senate approach me and ask if they can help me in the effort to hold the perpetrators in my case accountable. For the moment, I’m looking for answers in a way that keeps the conversation out of the spotlight.

CBS finally agrees to provide me a copy of Patel’s draft report. I’ve had further conversations that lead me to conclude my company may try to spin my computer intrusions as something dubious and indefinite. I’m given additional pause for thought when I learn that some CBS managers are quietly implying to selected colleagues, who are happy to spread it around, that the computer intrusions might be a figment of my “paranoid” imagination. I can’t figure out why they would say such a thing when their own analyst had long ago confirmed the intrusions verbally and in writing, in no uncertain terms. Why would some in my own company now attempt to discredit the computer issue and their own forensic expert? Weren’t they as alarmed as I was to learn that unauthorized parties were in the CBS system?

As if enough weren’t going on, this all was happening against the backdrop of my trying to separate myself from CBS contractually for reasons discussed elsewhere in this book—an effort that would end with my agreeing to remain on staff for about another year. But the discussions caused a great deal of stress and tension between me and some of my bosses.

Even more disturbing, word came to me that a CBS manager had convened a private meeting with a colleague asking him to turn over the name(s) of the inside confidential source(s) who had first helped me identify the computer intrusions back in January. The colleague didn’t have that information.

Weird.

Although I’ve pretty much been frozen out of the investigation into my own computer intrusions at this point, I don’t give up until I finally reach Patel personally on the phone and ask him what’s going on. He says he’s preparing his final report. I tell him that I’m getting the feeling that some at CBS might try to bury the computer intrusion.

“That’s impossible,” he tells me. “They can’t deny it happened. The facts are clear.”

While preparing his final report for CBS on June 10, 2013, Patel makes an additional breakthrough and sends a direct message that will make it impossible for anyone to legitimately soft-pedal my computer intrusions. He writes an email to CBS managers marked “URGENT” and states that his analysis using a special investigative tool has revealed definitive evidence of one or more invaders attempting to remotely run commands on my computer. Additionally, he explicitly makes clear there’s proof that the entity deliberately removed evidence of its handiwork, tried to cover up its tracks during that mid-December time frame in which I had noticed the frenetic nights of computer activity had slipped into quiet slumber. The infiltrator ran commands that nobody should have run. It collected my passwords and contacts with a special program. It securely erased entries and histories of certain commands. Other clues left behind: the cyber-spies changed the internal clock of my work laptop not once, not twice, but 1,358 times, possibly in an attempt to disrupt any temporal analysis we might try to do. If this had been a legal tap, they wouldn’t have needed to tamper with the evidence.

Everything Patel has found serves to confirm my January source and analysis. Patel tells me that only a few entities possess these highly specialized skills. One of them is the U.S. government. I already know this from Number One. But now CBS knows it, too. And it will all be in his final report to the network.

On June 15, 2013, Isham telephones me after work and asks me to meet him the next morning in his Washington office. When I arrive, I enter his office to discover not only Isham but also CBS News president David Rhodes from New York. Isham closes the door and I sit. Rhodes and Isham take turns telling me Patel has completed his final forensics report more than four months after he began investigating. They say the report confirms the computer intrusions in some detail. I’ve been living with the knowledge for five months, but getting CBS management officially on the same page is a positive step. Their mood is markedly different than in the past few weeks. They’re smiling and appear happy. They tell me this is all good news in the sense that they now have solid, documentary evidence from their own independent expert. They say they’re “a thousand percent” behind me in all matters of support and in pursuing the perpetrator(s). I don’t know what seems to have turned them around, but they say that they also think we should begin covering this as the news story that it is. They hand me a piece of paper containing a brief statement that’s been prepared for public release as soon as our meeting ends:

A cyber security firm hired by CBS News has determined through forensic analysis that Sharyl Attkisson’s computer was accessed by an unauthorized, external, unknown party on multiple occasions late in 2012. Evidence suggests this party performed all access remotely using Attkisson’s accounts. While no malicious code was found, forensic analysis revealed an intruder had executed commands that appeared to involve search and exfiltration of data. This party also used sophisticated methods to remove all possible indications of unauthorized activity, and alter system times to cause further confusion. CBS News is taking steps to identify the responsible party and their method of access.

The next morning, CBS This Morning briefly interviews me about the case. It’s generating a great deal of interest and requests for interviews from other news media. The only non-CBS entity that the company wishes me to speak with is Bill O’Reilly from The O’Reilly Factor on FOX News. I fly to New York and appear on his evening program.

Meanwhile, during this very same time period, Senator Wyden stokes the embers of another controversy that would keep the Obama administration set back on its heels. He accuses Director of National Intelligence James Clapper of not giving a “straight answer” to the Senate Intelligence Committee three months before.

“Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Wyden had asked Clapper at the March 12, 2013, hearing.

“No, sir,” Clapper replies, quickly shaking his head and pressing the fingers of his right hand against his forehead, almost shielding his eyes from making direct contact as he looks down, up, down, up, down, all inside of about two seconds.

“It does not?” Wyden repeats, eyebrows raised.

“Not wittingly.” Clapper continues shaking his head and begins stroking his forehead with the four fingers. “There are cases where they could inadvertently, perhaps, collect—but not wittingly.” Clapper looks up and down fifteen times, by my count, in the span of that brief answer.

Call it a mistake, a misunderstanding, or a lie—depending on your viewpoint—but Clapper’s testimony was wrong. The whole world now knows what Senator Wyden, with his access to classified information knew, when he posed the question: NSA programs collect data belonging to hundreds of millions of Americans from U.S. phone call records, online communications, and Internet companies.

Now Wyden wants public hearings “to address the recent disclosures” and says “the American people have the right to expect straight answers from the intelligence leadership to the questions asked by their representatives.”

You might think everyone would agree that giving bad information to Congress, under oath, is improper.

But this is Washington.

Clapper’s defenders say that Wyden “sandbagged” him. That by asking a loaded question at a public hearing, Wyden forced Clapper to either tell the truth, thus divulging top-secret information, or tell a lie.

The sandbag argument doesn’t stand up, factually. Wyden says he sent the question to Clapper’s office a day in advance of the hearing so that he’d be prepared for it. In any event, Clapper should have been able to produce a better and honest answer. In 2006, then–attorney general Alberto Gonzales apparently did when asked a similar question at a Senate Judiciary Committee hearing. Rather than mislead or divulge secrets, Gonzales found a third option. He told Congress: “The programs and activities you ask about, to the extent that they exist, would be highly classified.”

As damage control for Clapper’s misstep, the Obama administration mounts an outreach effort on Capitol Hill. Clapper is now sent to defend the very programs he swore didn’t exist. Senators get three classified briefings in a week’s time. NSA director Keith Alexander joins Clapper’s PR campaign to exalt the controversial intelligence-gathering methods. They explain, behind closed congressional doors, that they’ve thwarted dozens of attack plots and saved the lives of countless Americans. (This is a claim that would later be roundly debunked by an independent committee investigating the policy.) America should be grateful, not critical. Perhaps in those private briefings, the senators urge Clapper to clear the air with a formal, public apology. Whatever the genesis, he writes a letter on June 21, 2013, to Senate Intelligence Committee chairman Democrat Dianne Feinstein admitting that his March testimony was “clearly erroneous.” He indicates that he had misunderstood Wyden’s question. That seems to differ with his earlier June 9 interview with NBC News, in which he’d said that he’d given “the least untruthful” answer that he could give.

Wyden isn’t moved by the apology. A week later, on June 28, 2013, he leads a group of twenty-six senators in asking Clapper to publicly provide information on the “duration and scope” of the intelligence collecting as well as examples of how it’s provided unique intelligence “if such examples exist.” Twenty-one Democrats, four Republicans, and an Independent sign the letter.

During this time, I hear and read a lot of opinions from colleagues, viewers, friends, and strangers about the government’s secret collection of data. Many of them say they don’t mind if the government collects their information.

“They’re welcome to look at anything I have,” says one acquaintance. “I’m not breaking any laws.”

Part of that sentiment may come from the fact that we long ago began trusting nearly every aspect of our private lives to credit card companies, banks, electronic mail, and Internet connections. Despite the dire warnings we hear every day about identity theft and other serious threats, such problems account for a relatively small proportion of the number of transactions we conduct. Every day, without giving it a second thought, we expose ourselves to dozens of opportunities for our personal information to be compromised, but for the most part we suffer few serious consequences. Also, many Americans have come to accept the idea that for the government to help keep us safe in a post-9/11 reality, it must be able to use diverse tools and methods, even if that means sacrificing some measure of our privacy and liberty. On top of that, the social media culture has dramatically faded privacy boundaries. We post everything from the embarrassingly inappropriate to the intensely private. Some view privacy as having become an old-fashioned, overrated notion.

By implication, the people who are happy to trust their personal communications to the government are conferring trust upon whoever and whatever the government may become in the future. What’s more, they fully trust each and every person who may gain access to the information. These people don’t foresee a time when there may be facets of the government that aren’t benevolent. They don’t envision the possibility of dishonest players in the mix. To them, the motivations of the government and all those who are in it will always and forevermore be good: their government would never break the law, violate ethics, or exploit private information for inappropriate use.

I’m not quite there.

History and experience lead me to be more circumspect. There are thousands of examples over the decades, but one need look no further than Fast and Furious to find government misconduct, bad actors, and false information all wrapped up in one. Or consider the 2013 IRS scandal in which the government got caught targeting nonprofit groups for political reasons after insisting it would never do such a thing.

Even if we could assume 100 percent altruistic motives on the part of the government now and forevermore, there are still serious questions to consider. Wyden is getting at the heart of them with his inquiries. I’ll illustrate them with an analogy.

What if your local police were to claim that they can prevent crime in the community if they mount twenty-four-hour surveillance cameras on every public street corner? You might say okay. What if they say they can prevent more crime if they monitor every resident’s emails and phone calls? That’s a little tougher. You might have some questions. How much crime would be prevented? Where’s the proof? Have the police tried less intrusive methods? What independent body will monitor for abuse? Okay, now let’s ratchet it up another notch. What if the police decide, in secret, that they can theoretically prevent one murder a year if they mount hidden surveillance cameras inside every room inside every family’s private home? Shouldn’t anyone who’s innocent of breaking the law be willing to sacrifice his family’s privacy to save a human life?

(Why the pregnant pause?)

Apply the analogy to today’s ethical and privacy questions.

How many terrorist acts would have to be thwarted to justify what level of intrusion in our privacy or on our civil liberties? The calculus is entirely theoretical since there are no accurate predictive models. Nobody can say for sure how many supposedly prevented plots would have been carried out or how many lives would have been lost but for the privacy invasion. Is bulk collection of data solely to credit in examples of foiled terrorist acts? Were less broad, less intrusive methods tried and proven ineffective before each more intrusive effort was launched? If so, are the more intrusive methods providing measurably better results? What independent controls and audits are in place to guarantee protection of private information from abuse by those with political or criminal motivations? Can the public trust the government officials who want to use the secret techniques to provide accurate and honest assessments of these questions—even when the same officials have provided false information in the past? Should the public be excluded from policy debates about these issues?

A real-world example provides additional reasons to question the merit of mass data collection.

On March 4, 2011, U.S. officials were alerted to Tamerlan Tsarnaev, the future Boston Marathon bomber. The tip didn’t come from NSA collection of metadata, the tracing of cell phone calls, or the tracking of Internet activity: it came from Russia, which sent a notice to the U.S. Embassy in Moscow requesting the FBI look into Tsarnaev, who was living in America. The FBI later said it did all it could to investigate and even interviewed Tsarnaev but found nothing suspicious. Six months later, in September 2011, Russia sent another alert about Tsarnaev, this time to the CIA. But like the FBI, the CIA also found nothing of concern. Off the official radar, Tsarnaev went on to murder three people and injure an estimated 264 in the April 15, 2013, bombing attack at the Boston Marathon. He was killed in a shootout with the police. His brother is awaiting trial.

In the end, U.S. officials pretty much blamed the Russians in public news reports. They said the Russians should have provided more explicit detail about why they’d been so suspicious of Tsarnaev back in 2011. It’s an embarrassing admission: our best U.S. intelligence officials were handed a future terrorist but couldn’t detect the threat because, they say, Russia should have helped us more?

Is it reasonable to believe this same U.S. intelligence structure has the skill, then, to cull through hundreds of millions of phone call records for subtle leads and then connect the dots to terrorist plots? Or is the government simply expanding its own bureaucracy: building an unwieldy, expensive database ripe for misuse that will require an increasing army of manpower to maintain, store, and guard it?

Answers aren’t easy. Like a lot of people, I place great value on the intelligence community’s role in protecting the public. Many skilled and devoted agents and officers often do a tremendous job. But I believe it’s possible to give the public a role in the discussion in a way that doesn’t divulge crucial secrets to the enemy.

As a footnote to the Tsarnaev story, I can’t help but think about how the government found no cause to monitor this future terrorist at the very same time it aggressively targeted leakers as well as American journalists who had committed no crimes.

| THE TURNAROUND

Now mired in the bad press about Clapper, AP, FOX, and Snowden, the Obama administration is working overtime to try to turn it all around—not the government’s behavior, mind you, just the public’s perception of it. That translates into tightening the noose around government secrets and those who hold them.

One of my sources is called into a group meeting at a government agency.

“If you speak to reporters, we’ll fuck you up, put you in a box,” they’re told.

The message: don’t view the current whistleblower environment as an opportunity to join in on revealing the federal government’s possible misdeeds. Federal supervisors circulate internal emails reminding the line staff and field guys, in so many words, that this administration has prosecuted more leakers than all previous administrations combined.

If there’s one thing I’ve learned through years of dealing with federal whistleblowers, it’s that they’re terrified of losing their jobs and eventual retirements. I guess most people would be. But federal workers have pretty sweet retirement deals and the threat of that evaporating usually convinces them to keep their mouths shut about suspected ethical and even criminal violations by their bosses and agencies. It’s effective. (“We’ll fuck you up,” is pretty effective, too.)

On June 21, 2013, the Justice Department unseals a criminal complaint charging Snowden under the Espionage Act.

The Big Chill is on.

Many sources, including congressmen, become more wary of communicating the ordinary way. One evening, I’m talking with a member of Congress on my regular mobile phone about a somewhat sensitive news matter. He’s avoiding giving straight answers. I keep pressing. Finally, sounding exasperated, he blurts out, “Sharyl, your phone’s bugged!” I can’t argue the point. We decide to meet in person and work out alternate ways to communicate. It’s the new reality in a society where journalists and politicians suspect their government is listening in.

Beyond its move to privately contain and even threaten some federal employees, the Obama administration must also try to recapture the hearts and minds of the public and the press. How? One strategy is to convince the public to view Snowden as the villain. This might not fly if too many people decide he’s a hero. But if enough people buy the argument that he put American lives at risk, it just might turn things around for the Obama White House.

Thus begins Operation Where’s Waldo. Only it’s Where’s Snowden. Attention is diverted from the questions that Senator Wyden and Snowden have raised. It turns away from Obama’s War on Leaks. It’s redirected from the targeting of journalists. Instead, we’re consumed by the imponderable question of Snowden’s whereabouts. What country is he in? What plane is he boarding next? Is it the 2:30 p.m. nonstop to Moscow? Or the 4:45 p.m. to Cuba? Who will grant him asylum?

Where’s Snowden dominates the White House briefings and the news headlines.

Before long, the quest branches out into a full-blown news media obsession with all things Snowden. Everything except the editorial content of what he revealed. How many documents did he get? How did he get access? Who passed his background checks? Did he graduate from high school? And what about rumors of a questionable discharge from the army? Looking into Snowden’s background is certainly a legitimate and reasonable area of inquiry. But it seems as though disproportionate media attention is being devoted to dissecting his character rather than also looking into the merits of the issues he raised.

“How much did Snowden steal?” screams a July 18, 2013, subheading on a news wire service. Unidentified sources are quoted in the article as saying Snowden took “tens of thousands” of documents. Nowhere does the article represent Snowden’s side of the story or that of those who view him as a whistleblower.

If Snowden leaks, it’s a crime. But if the administration leaks to implicate Snowden, it’s a virtue? In other words, government leaks are okay as long as the leaks flow in the right direction.

Snowden’s story isn’t black-and-white. He may have indeed violated national security rules and hurt the country. At the same time, he may have believed himself a patriot and also done an important service in exposing potentially improper and overreaching behavior by the U.S. government. The scenarios aren’t mutually exclusive. Surely Snowden doesn’t see himself as a traitor. To date, there’s no evidence that he peddled information to enemies of the United States or anyone else. There’s no evidence that he stole the information for personal financial gain. Quite the opposite: he gave it to the public, free of charge, at great personal peril, as if he has incredible conviction and belief in the importance of what he’s revealing.

“Even if you’re not doing anything wrong you’re being watched and recorded,” Snowden said in an interview with the Guardian. “The public needs to decide whether these programs or policies are right or wrong.” Snowden has given up a comfortable life in Hawaii and a six-figure salary. “I’m willing to sacrifice all of that because I can’t in good conscience allow the U.S. government to destroy privacy, Internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.”

Many in Congress assist the administration’s diversionary plan. They don’t treat Snowden’s revelations as deserving of scrutiny. Instead, it’s how did a guy like Snowden get his hands on all those secrets? Senator Feinstein announces a proposed legislative fix to prevent contractors like Snowden from handling highly classified technical data.

Meantime, no sanctions are proposed against Clapper for his misleading testimony. And nobody seems to think it’s odd that he’s trusted to spearhead efforts to address concerns over the very programs about which he misled Congress. The AP reports that Clapper’s new plans include “a sweeping system of electronic monitoring that would tap into government, financial and other databases to scan the behavior of many of the 5 million federal employees with secret clearances, current and former officials.” Nobody seems to notice that, if anything, the administration is ramping up, not tamping down, its controversial War on Leaks.

Allowing Clapper and other government officials to be in charge of solving their own surveillance controversies is like inviting the fox to guard the henhouse. Except the fox is also getting the keys to the henhouse and the recipe for chicken fricassee.

In a fictitious world, one can imagine a meeting in which any member of Congress calling for Clapper’s head gets a closed-door visit from Clapper or his team. They slide a file bearing the name of the member of Congress or someone close to him across the desk, J. Edgar Hoover–style. The file contains materials surreptitiously gathered under the auspices of a government leak investigation or surveillance program. The member of Congress opens the file. Perhaps his eyes flicker. Maybe his face becomes white. The materials are very . . . personal. The imaginary Clapper rubs his forehead with his four fingers. No words are spoken because none are necessary. The file is closed and Clapper drags it back across the desk, never to be spoken of again. Unless necessary. Suddenly the member of Congress is no longer out for Clapper’s head.

Or here’s another fictitious premise. CIA director Petraeus deviates from the Obama administration’s official line on Benghazi. Somewhere in a private room, a small group of government operatives culls through data to find out who Petraeus has been emailing and calling. Any skeletons in that closet? A review of his file reveals some unseemly contacts with his former biographer. That information could come in very handy.

Now, I remind you that those are wholly fanciful scenarios. The stuff of imagination. The government would never misuse its authority or information, right? Still, the fact that these notions can be conjured up, even if chimerical, illustrates why it’s so important to have public discussion and oversight.

| OTHER REPORTERS WEIGH IN

In late June 2013, I’m flying back from the Investigative Reporters and Editors conference in San Antonio, Texas, and am seated next to another journalist: Len Downie. Downie is former executive editor of the Washington Post and had spoken at the conference on the very topic at hand.

“The Obama administration’s War on Leaks is by far the most aggressive that I’ve seen since the Nixon administration, and I go back that far,” Downie told the audience of investigative journalists.

As we strike up a chat shoulder to shoulder on the plane, I bring up the subject of Snowden. I ask Downie if it doesn’t seem as though more attention should be focused on the content of Snowden’s claims instead of where he’s hiding or whether he graduated from high school. Downie agrees.

Four months later, Downie would publish a definitive report for the Committee to Protect Journalists. It establishes the Obama administration as the news media’s top choice for Least Transparent American Presidency in Modern Times. When you think of all the transparency promises, it’s stunning to read the actual experiences of national news reporters, not those working at conservative outlets but journalists from the New York Times and the Washington Post.

David Sanger, chief Washington correspondent of the Times, says, “This is the most closed, control freak administration I’ve ever covered.”

Times public editor Margaret Sullivan: “It’s turning out to be the administration of unprecedented secrecy and unprecedented attacks on a free press.”

Financial Times correspondent Richard McGregor: “Covering this White House is pretty miserable in terms of getting anything of substance to report on in what should be a much more open system.”

ABC News White House correspondent Ann Compton: “He’s the least transparent of the seven presidents I’ve covered in terms of how he does his daily business.”

Josh Gerstein of Politico: “If the story is basically one that they don’t want to come out, they won’t even give you the basic facts.”

Washington correspondent Josh Meyer: “There is across-the-board hostility to the media. . . . They don’t return repeated phone calls and e-mails. They feel entitled to and expect supportive media coverage.”

Post managing editor Kevin Merida describes what he sees as the White House’s hypersensitivity, saying that officials often call reporters and editors to complain about something on Twitter or a headline on a website.

I have a slightly different interpretation of the administration’s sensitivities. It’s not that they’re really so sensitive. They’re simply executing a well-thought-out strategy to harass reporters and editors at the slightest air of negativity so as to impact the next news decisions. To provide so much unpleasant static and interference that we may subconsciously alter the way we report stories. To consume so much of our time explaining and justifying what we’ve reported, that we begin to self-censor in the future. They accuse us of “piling on,” when all we’re doing is accurately covering their actions and the outcome of their decisions. But what human being doesn’t instinctively learn to avoid negative, unpleasant feedback?

Let’s not use that phrase in our story. Yes, it’s accurate, but the White House will go nuts over it. Maybe if we soften it a little, we can avoid some headaches. We don’t want to appear to be—piling on.

What we don’t seem to realize is that our never-ending pursuit to avoid the static is a fool’s errand. Their relentless objections are not because they want accurate reporting; their goal is to spin and stop negative reporting. When we allow them to wrap us up in their game, it furthers their propaganda goals. We risk inadvertently giving them inappropriate influence over our reporting, of becoming their tool rather than their watchdog.

On July 8, 2014, the Society of Professional Journalists directs a letter to President Obama objecting to what it calls the “politically driven suppression of news and information about federal agencies.” The esteemed group of journalists uses strongly worded phrases to make its point.

“We consider these restrictions a form of censorship.”

“The problem is getting worse throughout the nation.”

“It has not always been this way.”

I’m all too familiar with the pre-story stonewall. The post-story harassment. The ignored requests for interviews and public information. But the Obama administration has aggressively employed the additional PR strategy: controversializing potentially damaging stories, reporters, and opponents to undermine them. It can be a highly effective tactic—unless the public learns to recognize it. Just how does one take a fact-based, solid story with sourced opinions and turn it into a controversy to therefore be questioned by an unsuspecting public? By putting into motion a well-oiled machine that launches post-story complaint calls and emails; comments to other reporters (often not for attribution); bloggers who circulate manufactured outrage and counterspin; and personal attacks against the journalist. Pretty soon, the administration has controversialized an entire line of reporting. Not because it is controversial, but because their machine has made it appear to be. They can point to blogs and articles that say so. Even Wikipedia says so, so it must be true!

Journalist Michael Hastings once discussed this phenomenon. Hastings had authored the award-winning Rolling Stone profile of General Stanley McChrystal that led to McChrystal’s resignation. He spoke of the “insidious response . . . when you piss off the powerful. They come after your career; they try to come after your credibility. They do cocktail party whisper campaigns. They try to make you ‘controversial.’ Sadly, the Powers That Be are often aided by other journalists.”

| THE CBS CONNECTION

The Justice Department inspector general is looking into my computer intrusions and asks to see the CBS-commissioned report from Patel. The head of the IG forensics unit suggests that if we hand over my computers, his experts can conduct an independent analysis and possibly find more information, perhaps even the proof as to who’s responsible. The IG has its own technical staff and lab that are separate and apart from the FBI’s analysts. But CBS declines. One CBS official points out, as had Number One, that the IG works for the same agency that we believe is responsible.

“Do you really trust the IG?” the CBS official asks me. “Why should CBS trust our computers to the same agency that could be implicated?”

I explain my rationale. Worst-case scenario: the IG comes up with nothing more than we already know. Best-case scenario: he finds more. Who better than the government’s own technicians to dig into a government intrusion? But the bigger hurdle to the concept of handing over the CBS computer is that news organizations vehemently protect their independence and resist attempts by law enforcement to obtain company property. Granted, this situation is a bit different: the law enforcement body isn’t reaching into the news organization uninvited. Instead, a crime has been committed and the IG is asking for the computer and report to act in my interests. Nonetheless, policy is policy, there are legal implications, and CBS decides that the IG can’t have the CBS laptop computer or Patel’s report.

If no law enforcement or investigative body can have access to my CBS computer, then in some respects I’m the victim of a crime that can’t be thoroughly investigated. At least not in the ordinary way. I can’t expect the FBI to investigate impartially if some of its people are involved in the crime. In fact, I can’t expect anyone to investigate if CBS won’t let them analyze the computer. And the main concern of CBS News is the integrity of its professional network systems rather than my individual circumstances. The corporation hasn’t demonstrated any interest in getting to the bottom of the crime committed against me and my family, and potentially my sources. The news division hasn’t expressed even a modicum of concern for my potentially compromised and chilled sources or its own compromised newsroom operations.

It didn’t make sense that the moment I reported the intrusion, no alarm bells were sounded at the highest levels of the CBS corporation. I imagined there would be technology security experts who would ask a lot of questions, visit my house, and devise ways to make me feel more secure and to ensure that all of CBS’s sources and materials are protected. I thought they’d want to examine my supposedly compromised smartphones. But nobody did.

In fact, CBS has specialists tasked with doing this very sort of work, but I only learn of them when a colleague asks me what work the “special team” is doing on my case.

“What special team?” I ask.

“The guys headed up by Joel Molinoff,” says my colleague. “Haven’t they been working on your case?”

“Never heard of them.”

My colleague is surprised. He goes on to explain that Molinoff is CBS’s chief information security officer. He’s held seminars with 60 Minutes staff on cybersecurity issues such as protecting their information abroad. He’s a wealth of information and a great resource on computer security. But in all these months, he’s yet to reach out to me.

“He’s a former NSA guy,” adds my colleague. “I’ll find his extension and send it to you.”

A former NSA guy?

I do a quick Internet search. It turns out that Molinoff came to CBS after having just served in Obama’s White House as the assistant director of the President’s Intelligence Advisory Board. Prior to that, says his bio, he was an executive at the NSA.

Why wouldn’t a guy with that kind of background be keenly interested and involved in investigating my computer intrusions?

Not long after I learn that there’s a former NSA guy at the helm of CBS information security, he sends a company-wide memo that seems to refer to my situation without mentioning me. The memo on June 7, 2013, explains what should be done if someone suspects a security breach of their CBS computers. Once the incident is reported, says the memo, there will be a response team that will take steps to resolve the issue.

Since the memo is clear that the victim has a duty to report, and since Molinoff has never acknowledged my incident nor has he contacted me, I send him an email asking whether he’s briefed up on my computer intrusions. I offer to answer any questions he may have. He doesn’t reply. A week later, I follow up. This time, I get a perfunctory response from Molinoff saying that he and his team are aware of the situation and take any breach “very, very seriously.” He asks no questions and to this day no CBS security officials have attempted to ask me the details of what happened.

| SPY CLASS 101

As the story of the government’s overreach expands and word gets around about the investigation into my computers, sources step forward to privately offer me moral support, information, and assistance. They fill my head with stories about the government’s secret capabilities and how they could be misused by those with malicious motives.

For example, one of them tells me about a covert skill the U.S. government is actively perfecting: the ability to remotely control vehicles. There are several ways to do it. The former U.S. national coordinator for security, infrastructure protection, and counterterrorism Richard Clarke discussed the technology in a June 2013 interview with the Huffington Post. He said that intelligence agencies know how to remotely seize control of a car through a “car cyber attack.”

“It’s relatively easy to hack your way into the control system of a car, and to do such things as cause acceleration when the driver doesn’t want acceleration, to throw on the brakes when the driver doesn’t want the brakes on, to launch an air bag,” Clarke tells the online blog. “You can do some really highly destructive things now, through hacking a car, and it’s not that hard.”

In this particular interview, Clarke is responding to questions about the fatal single-car crash of reporter Michael Hastings as he was said to be researching a story related to the scandal that forced the resignation of CIA director Petraeus in 2012. Shortly before Hastings’s death, he reportedly said he thought the FBI was investigating him, which the FBI denied. Officials who investigated the car crash say no foul play was suspected and Clarke doesn’t dispute that. But Clarke says, hypothetically, “If there were a cyber attack on the car—and I’m not saying there was—I think whoever did it would probably get away with it.”

Clarke’s assessment of the available technology is based in part on a 2011 report by university computer scientists. It states that computer hackers can gain remote unauthorized access to vehicles much like a computer, controlling the engine and other basic functions. Apparently, the car hacking can be accomplished using cellular connections and Bluetooth wireless technology. Hackers can take control, track, and even listen in without having any direct physical access to the vehicle, according to one of the lead researchers, Stefan Savage of the University of California, San Diego.

My source tells me something about a related technology he says the government is developing. Covert operators can substitute the stock electronic control units in vehicles for special replacements: one to control the car’s transmission and another that controls the engine. A remote controller can then slow, stop, or speed up the car and make it impossible for the driver to do much about it. The government developers, working in secret with black budgets that don’t appear on any ledger, are having a little trouble keeping the demo units from overheating. They’re expediting the troubleshooting and sparing no expense. Money is no object. There’s an endless source of tax dollars for this project.

The source shows up at my house one wintry evening and wants to check out my car for anything suspicious. He says that I’ve upset so many people at high levels that anything is possible, even the idea that somebody has tampered with my vehicle. I appreciate the thought but tell him it’s unnecessary. He insists and my husband says to go ahead and let him look. It concerns me that somebody with links to covert agencies actually thinks that a government operative might be capable of sabotaging my car. The source and my husband spend forty-five minutes shivering in the garage, flashlight in hand, rooting around under the hood and in the front seat of my car, and find nothing.

As a matter of protecting my own interests, I’ve begun working with a small group of people who aren’t connected to CBS. This includes an attorney, another independent computer forensics expert, and several sources.

In July 2013, I’m preparing to leave the country on vacation. It’ll feel good to get away from everything. But before I go, an acquaintance contacts an intermediary and asks me to call. It’s been more than a year since we last spoke.

“Can we meet me at your house—tonight?” Terry* asks. He doesn’t want to say much on the phone.

“Sure,” I reply.

“Can you meet me in the driveway? And . . .” He hesitates. “Can you leave your phone inside the house?” Terry is a very polite guy. By the tone of the brief conversation, I already know he’s going to talk to me about my computer incidents.

I finish my tae kwon do workout and get home just in time for the driveway rendezvous. I sit on the brick stoop in front of my house and wait, still damp with martial arts sweat. It’s humid and warm and starting to get dark. Terry pulls into the driveway, hops out, and joins me on the stoop. He’s carrying a Baggie and a folder.

“I know what’s been happening to you,” he says with genuine concern. “If there’s anything I can do to help, I want to.”

Terry, like so many in this region, has connections to the three-letter agencies. He tells me in quiet tones that he’s angry at the thought of the government conducting covert surveillance on law-abiding private citizens and journalists.

“I’ve spent my whole career developing and using techniques that are meant to be used on terrorists and bad guys. Not people like you.”

He opens the Baggie and shows me an array of bugging devices of different sizes and shapes. He pulls them out one at a time and explains how each one could be disguised to fit into a different host. I don’t think anyone is using bugs in my house. But I remind myself that not long ago, I didn’t think anybody would break into my computers. In any event, Terry is giving me a crash course: Spy Class 101.

He looks around. Up the driveway. Both sides and across the street. “Let’s take a walk.”

Terry tells me of a conversation he’d had with my husband back in 2011. He’d noticed a white utility truck parked up the street by a pond.

“I didn’t like that. I didn’t like it at all,” he tells me now, shaking his head. “I talked to your husband about it at the time. He’d already noticed the truck, too.

“I didn’t like it because I recognized the type of truck and the type of antennae it had. And if you look”—he points up the street—“there’s a direct line of sight from where it was parked to your house.” My husband, who once worked in law enforcement intelligence, had on several occasions in the past couple of years mentioned the presence of nondescript utility trucks parked in our neighborhood—trucks that were working on no known utility projects. Neighbors noticed, too. Ours is a small community filled with people who pay attention to such things. Some of them worked for the three-letter agencies.

For more than an hour, Terry tells me fantastical stories of incredible covert capabilities the government has. I think about James Bond getting briefings on secret gadgets from Q Division. Terry says there’s a way to shoot an arrow from a distance into the outside of a building and have it penetrate through the outer wall, just far enough to stop short of the drywall, where it plants a listening device. Or the government may find out you’re attending a professional conference and plant spyware on every CD to be given out at the event, in hopes that you’ll take one and insert it into your computer. Or they find out when you’re taking your car in to be serviced and arrange to install transmitters in your taillights.

“That’s sort of like the antennae. Then an audio receptor can be placed inside your car. That way they know where you are and when you’re coming home.”

Terry tells me about the government’s secretive departments of Flaps & Seals. They specialize in—well—flaps and seals. For example, they intercept something you’ve ordered in the mail, and open the “flaps” and break the “seals” to outfit the product with a bug or malware. Then they reseal the flaps and seals so expertly that you can’t tell anyone has been in the package. When it arrives at your house, you install the software or attach the device to your computer and voilà! You’ve bugged yourself. Simple and clever.

Terry tells me that the government’s technical surveillance tools are limitless. Wide domestic use of drones has opened a whole new world of possibilities. A small drone with a camera can easily hover quietly above my house for forty-five minutes while it uploads data or downloads software.

“And then there are lightbulbs,” Terry says. “Your audio can be monitored through lightbulbs. Lamps. Clock radios. Outdoor lights.”

The lightbulbs have ears?

“How can a lightbulb emit a signal?” I ask. “If it’s transmitting, can that be detected?”

“It doesn’t use a transmitter,” Terry explains. “It operates off the electrical current in your house. It’s called electric current technology.”

That blows my mind.

“The names of the people who are executing surveillance on you won’t be found in a criminal database,” Terry tells me. “More likely they’re in Scattered Castles.”

He explains that Scattered Castles is a database used across all components of the intelligence community that verifies personnel security access to Sensitive Compartmented Information and other caveated programs.

This is all fascinating but a little academic. And in a way, some of it sounds so 1990s. From what I’ve learned, it seems the government and its operatives don’t need to go to these extraordinary lengths to track and monitor people. We’re all so wired through the Internet and our smartphones: that’s all they really need. No reason to plant a bug or follow people around on foot. That’s expensive, time-consuming, and potentially traceable. Accessing communications through the major telecommunications companies or Internet providers and search engines—that’s free, easy, and undetectable. Piece of cake.

It’s dark now. Terry darts a glance up and down my neighborhood streets for the tenth time and redirects our walk back to the stoop. “I’ll do anything I can to help.”

| JUSTICE DEPARTMENT ON THE HOT SEAT

Senator Tom Coburn, a Republican from Oklahoma, is hopping mad over the government’s antics in targeting news reporters. In July 2013, he poses a lengthy list of questions to Attorney General Holder at the Justice Department. Some of them have to do with my case. The questions are carefully crafted to cover a number of scenarios.

1. During your tenure as attorney general, has any employee, contractor or other representative of your Department secretly, without notice to the subject, obtained information regarding the communication of any journalist, including Ms. Attkisson?

2. During your tenure as attorney general, has any employee, contractor or other representative of your Department obtained access to any computer used by a journalist or news organization, including Ms. Attkisson and CBS News, without the knowledge of the journalist or organization?

3. During your tenure as attorney general, has any employee, contractor or other representative of your Department attempted to remove, exfiltrate or otherwise transfer data to or from any computer used by a journalist or news organization, including Ms. Attkisson and CBS News, without the knowledge of the journalist or organization?

Though the letter should have been promptly addressed, five months would pass before the Justice Department would provide a response. And in the response, which follows, none of the relevant questions were answered:

“Your letter asks whether the Department is responsible for incidents in 2012 in which the computer of Sharyl Attkisson, a CBS reporter, was allegedly hacked by an unauthorized party. The Department is not. It also does not appear that CBS or Ms. Attkisson followed up with the Federal Bureau of Investigation for assistance with these incidents,” writes the Justice Department to Coburn.

Instead of answering the questions at hand, the administration had posed an entirely different question and chosen to answer that one. Senator Coburn’s letter hadn’t referred to “hacks,” it didn’t narrow its questions to 2012, didn’t ask whether the Justice Department was “responsible,” and didn’t isolate its questions to the Justice Department alone. I conclude there’s a reason they stuck to posing and denying a very narrow set of circumstances, using such specific language, rather than simply answering the questions Coburn asked.

I find irony in the fact that, in its brief response, the Justice Department implies I should have approached the FBI for “assistance.” Especially since I now have learned that, months ago, the FBI opened a computer intrusion case with me listed as the “victim” but, oddly enough, never bothered to reach out to me. How often does the FBI start a case without notifying, or trying to collect basic information from, the supposed victim? It doesn’t seem as if they’re trying very hard to help me get to the bottom of it.

I see Coburn on Capitol Hill and he tells me that my case may be the worst, most outrageous violation of public trust he’s ever seen in all his years in office.

“And it’s not because it’s you,” he adds. He wants me to know that he’s judged the gravity of the situation based not on how I might have been personally or even professionally affected. It’s about the broad implications for government, the press, and society.

“I know,” I say.

On February 18, 2014, Coburn issues a follow-up letter to the Justice Department pointing out that none of his questions from the previous July had been answered in its December response.

“The [Justice] Department’s restatement of my questions reflected neither the intent of the original questions, or the spirit of the inquiry at hand,” Coburn wrote. He then asked Holder to re-review the original questions and provide numbered responses.

Five months later, more than a year after the original congressional query was posed, the Justice Department had still provided no further response.

| AUDACITY

In September 2013, Ambassador Thomas Pickering agrees to do a sit-down interview with me about his work heading up the State Department Accountability Review Board’s (ARB) controversial Benghazi report. The ARB is under fire for possible conflicts of interest and for its decision not to interview relevant officials, including then–secretary of state Hillary Clinton.

The White House is already panicky over my reporting on the ARB controversies, some of which are raised in a Republican congressional report in advance of a hearing. On September 18, 2013, White House officials deploy the usual tactics. Direct contact with CBS officials. Multipronged approach.

On this occasion, the White House dispatches separate emails to different CBS officials an hour apart. Each email is signed by a different White House official, as if each one had written the email himself. But the text is nearly identical. Clearly they’ve held their regular spin meeting (on the taxpayer’s dime), coordinated their pushback plan, and distributed the wording each spinner would use in his email to various CBS officials and probably others in the media.

First, an email from White House spokesman Carney to Bureau Chief Isham. Carney begins by referring to a prior email he’d already apparently sent to CBS managers complaining about my Benghazi reporting earlier in the week:

Hey Chris—not sure if you saw my email marveling at Sharyl A’s exclusive preview of a Darrell Issa press release. It got me wondering whether she, or CBS, might be interested in giving equal weight to a Benghazi story based on some hard facts. Since CBS has been relentless in promoting the idea that there’s a scandal and cover-up, I think overlooking the exonerating material after months of heavy coverage of political accusations does a disservice to everybody.

An hour later, White House spinmeister Eric Shultz tries our White House correspondent Major Garrett with this similarly worded email:

Hello sir . . . Yes, I am actually pitching you a Benghazi story and I think this is fairly important. Usually this stuff gets lost in between Hill and WH beats—want to be sure this doesn’t this time. CBS has been relentless on this so I want to make sure you guys don’t overlooking [sic] the exonerating material.

Carney continues to Isham:

And Schultz to Garrett:

Both emails include identical spin referring to “Republican conspiracy theories” and quotes that dispel the theories. The material isn’t exculpatory at all in terms of anything that I’ve reported, but the White House must be sending versions of these emails to media representatives all over Washington and New York in hopes that media surrogates and bloggers will adopt the spin and treat it as if it’s factually setting the record straight.

That very night, with Schultz, Carney, and company freshly steaming over my Benghazi reporting, I’m home doing final research and crafting questions for the next day’s interview with Pickering. Suddenly data in my computer file begins wiping at hyperspeed before my very eyes. Deleted line by line in a split second: it’s gone, gone, gone.

I press the mouse pad and keyboard to try to stop it, but I have no control. The only time I’ve seen anything like this is in those movies where the protagonist desperately tries to copy crucial files faster than the antagonist can remotely wipe them.

I press down on the mouse pad of my MacBook Air and it pauses. I let up and the warp-speed deletions resume. Interesting. I have to either sit here stuck with my thumb on the mouse pad or lift it and watch my work disappear. The whole file would be erased in a matter of seconds. My iPhone is sitting on the bed next to me and I grab it with my right hand while using the thumb of my left hand to keep the mouse pad depressed and the action paused. Hit the video camera function, record, and lift my thumb off the mouse pad long enough to capture a few seconds of the action on video. Don’t want to let it erase too much. While still holding down the mouse pad with my thumb, I use my index finger to try to work the cursor up to the file button, hoping to save and close the file. But the drop-down menu is disabled. Eventually, I find that all I have the ability to do is close out the file. As soon as it shuts, another file that’s still open begins slow deletions as if the backspace button is being held down. But I’m not touching the keys. I close that file, too, and disconnect the computer from my FiOS Wi-Fi, which stops the weird behavior.

The next day, I show the video recording of the deletions to two experienced computer experts who are familiar with my case. They both agree that it shows someone remotely accessing my computer. Somebody who apparently wanted me to know it.

“I wouldn’t have believed it if I didn’t see it with my own eyes,” says one of the technicians. “They’re fucking with you. There’s no other purpose. They want you to know they’re still there.”

“I’ve never seen anything like it,” says the other. “I’d have to agree they’re trying to send you a message. They’re saying, ‘We’re still watching. See what we can do to you.’”

It takes audacity. To be so bold after all the public scandals, long after they know I discovered their presence in my private and work computers. It reminds me of an impetuous child sticking out his tongue while standing behind his mother’s skirt. It’s the mission of cowards. Of people who have little confidence in their own abilities and believe their only hope at maintaining control is to intimidate and steal and suppress information. What power that they have isn’t earned; it’s what they’re able to grab for a short time while they have access to all the toys. We only have ourselves to blame. They wouldn’t be able to do this unless we—the public, Congress, and the news media—allowed it. But we do and they know they can act with impunity.

| THE YEAR OF MASS SURVEILLANCE EXPOSED

In October 2013, one of my sources who currently works in the government says that his federal bosses have pulled his phone records to see if he’s talking out of school. Not because he’s leaked classified information or done anything wrong. Quite the contrary: he knows of others in his agency who have committed ethical and possibly legal violations. So they’re snooping into his phone records. How does he know? They told him so. They want him to know. That way, maybe he’ll keep his mouth shut. After reviewing his calls, including some to an official on Capitol Hill, they approach him and say, “You’re talking to them?”

My name and number aren’t in the records that they checked. The source and I have figured out an alternate way to communicate. But the government monitoring of its employees, citizens, and news media—to protect its own political interests, not to protect us from terrorists—is becoming a fact of life. If nobody stands up to stop it, we’ll all have to just get used to being watched by our government.

As 2013, the year of mass-surveillance-secrets-exposed, draws to a close, we’re not finished learning about the government’s reach into our private lives. In an article in the Washington Post on December 4, Snowden’s documents reveal the NSA is collecting nearly five billion records a day on cell phone locations around the world, “enabling the agency to track the movements of individuals—and map their relationships—in ways that would have been previously unimaginable.” According to an NSA official quoted in the article, the agency is “tapping into the cables that connect mobile networks globally.” Even when you’re not using your phone, it’s broadcasting its location. “The government is tracking people from afar into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes and other traditionally protected spaces,” reports the Post. Other highlights include the fact that this particular NSA database is more than twice the size of the text content of the Library of Congress print collection, and that there’s so much material the NSA has had trouble ingesting, processing, and storing it.

Though this is as big as any Snowden revelation so far, the reaction from most of the public, the press, and Congress seems a bit bored. These complex surveillance systems have been difficult to explain, digest, and comprehend. If you ask most ordinary Americans, they might be able to tell you the government has gotten caught invading the public’s privacy, but they probably couldn’t tell you much more than that. Some of us in the media haven’t done an adequate job explaining all of this in a clear and accurate fashion.

Also, there have been so many staggering revelations in a short period of time, people have become desensitized. We’ve suffered through all the stages: outrage, denial, rejection. I wonder if the public has reached a complacent sort of acceptance.

| THE JUSTICE DEPARTMENT IG

When the two agents from the Department of Justice Inspector General’s office pull into my driveway, on January 15, 2014, I try to size them up. White guys, nice looking, early forties, impeccable dark suits, colorful ties. No rumpled collars here. One of them, Digital Forensics and Technology Investigations Unit Director Keith Bonanno, comes from a buttoned-down bureaucratic background. The other, Special Agent Harry Lidsky, looks more like a cop or spook.

They’re here to pick up my personal Apple iMac desktop computer for a forensics analysis. It’s been one year since Number One first confirmed the intrusion on my CBS laptop. The IG can’t have my work laptop since that belongs to CBS. But the iMac is all mine and there may be evidence on it, too. I’ve decided to let them examine it.

I’m taking a chance entrusting my computer to a team that’s connected to the agency that may hold responsibility for my intrusions. But it’s okay. My personal forensics team is conducting its own analysis. I continue to believe that the worst-case scenario is the IG finds nothing. Best case? Maybe they turn up something we don’t yet have.

Bonanno drags in a rolling briefcase and the two men step into my living room. I have a little help to size them up: my husband, who’s the most accurate profiler I know, and a friend who’s taken an interest in the case.

Bonanno and Lidsky also want to look at my Verizon box where the mysterious, dangling cable was found and removed before it disappeared a little more than a year ago. The three of us take the two of them outside to the Verizon box and Bonanno takes pictures while they ask what the cable looked like and how it came to disappear. I explain that after the Verizon man removed it, I asked him to leave it, but it was gone when I later went back to retrieve it.

“I have photographs of it,” I tell the agents.

We go inside and I show them the pictures of the cable. They say they’ve never seen anything like that.

We make small talk. Before the IG, Bonanno says he worked at the Department of Transportation. Lidsky’s former DEA and CIA. When he mentions the CIA, my friend says, “There are a lot of us ex-agency around . . .” alluding to his own status as a one-time CIA officer.

“What did you do there—if you can tell me?” asks Lidsky.

“Intelligence,” answers my friend.

So they’ve got one and we’ve got one, I think, referring to the CIA backgrounds.

After conducting a brief interview, Bonanno and Lidsky have me sign a piece of paper authorizing them to take my iMac. Then, they pack up their gear and my computer, and head out.

| LESSONS LEARNED

On November 20, 2013, I re-interview Fast and Furious whistleblower John Dodson. Pretty soon it’ll be three years since he first came forward and exposed the government’s gunwalking secrets on the CBS Evening News. He’s written a new book about the whole experience (The Unarmed Truth, published by a division of CBS partner Simon & Schuster). There are still many unanswered questions. During our interview, Dodson reflects on his own situation and how it applies to the scandals that have happened since.

He sees Benghazi, the IRS targeting of conservative groups, and the government spying stories as variations on the same theme.

“It’s so reminiscent of everything that happened in Fast and Furious,” Dodson tells me. “It’s the same thing repeating itself over and over again. You know I refer to it as the self-licking ice-cream cone of the federal government. It’s there to simply enjoy itself while the rest of us have to pay for it.”

ATF originally tries to block the book’s publication, saying it will hurt morale and damage ATF’s working relationships with the DEA and the FBI. When the American Civil Liberties Union and Senator Grassley stand up for Dodson’s right to publish, ATF relents and clears the book for publication.

I contact ATF for comment on the Dodson book, and spokeswoman Ginger Colbrun, who succeeded the Fast and Furious era’s Scot Thomasson, reacts frostily. It’s the Tuesday before Thanksgiving.

“How are you?” I’m attempting to start off with a moment of small talk. “Do you have to work the holiday?” I ask, referring to the holiday the day after tomorrow.

“I answered the phone, didn’t I?” Colbrun snaps back. Not a very professional response from a publicly paid PR official working on behalf of the public. Okay, this isn’t going to be friendly. Maybe not even courteous. She’s following in Thomasson’s footsteps.

Colbrun says the agency has no interest in doing an interview about Dodson. Her tone indicates ATF still views Dodson as the enemy rather than a whistleblower who helped halt a misguided and harmful policy. No matter what mea culpa government officials have made for the benefit of the public or Congress, their basic attitudes haven’t changed. In a less political world, Dodson might be rewarded for his honesty. Instead, he’s odd man out. Colbrun conveys no sense of gratitude to or pride in Dodson. No sense of embarrassment over the government lies told to me, Congress, and the public along the way. No sense of regret for lives lost. They’re just mad at Dodson for telling the truth. Mad at me for reporting it.

Interestingly, the Justice Department has barred Dodson from accepting payment for his book, claiming it would violate ethics rules. Dodson states, “I do find it hard to reconcile how the very same agencies who thought of, approved, and employed the strategies used in Fast and Furious only to later attempt to cover it up by lying to Congress and the American people, ignoring the rule of law, withholding documents, and smearing whistleblowers, now asserts themselves to be the sole authorities who preside over this or any other ‘ethical inquiry.’ The conflict is obvious.”

Today, Dodson wants to stand as an example to others who see wrongdoing: you can step forward and expose it.

“[My story] shows that they can’t totally take away your empowerment. You can make a difference,” Dodson tells me in an interview. “And there’s a lot of people out there that were in my position, that know things that are going on in the NSA, in the State Department, in the CIA or IRS. . . . It is their greatest fear, as a government, that we ever realize how much of that power we actually have. And what they have is, you know, given to them by us.”

All I know is that, so far, the main impact of the exposure of the government’s dirty little surveillance secrets is that the government has doubled down on leakers and whistleblowers. A chilling effect has been administered with surgical precision on anyone who might have thought about stepping forward.

It’s July 2014 and one member of my team, Don Allison of KoreLogic, has been working on my computer puzzles for more than a year. I’ve come to understand why he came so highly recommended. The work has been difficult and tedious. But there’s no great hurry. Patience must be exercised. His task has been to unmask some of the most sophisticated computer intrusion efforts in existence. And he’s gathering clues and intel. Revealing new information, even now, about the surveillance of both my work and personal computers by an outside presence.

Regarding my work laptop, Don tells me that his analysis shows CBS had the means and opportunity through corporate software to perform its own inside, complete remote acquisition and forensic analysis of the laptop as well as other platforms on their network as soon as I first informed them of the intrusion. If they did so, they didn’t tell me about it. Don can see that one party looking through my laptop showed particular interest in my Benghazi reporting work, opening and reading a key file.

Don is also able to provide the best forensics detail yet of my personal desktop iMac. It reveals a sophisticated set of intrusions that were at least as invasive as the ones into my work laptop. The interlopers were able to co-opt my iMac and operate it remotely, as if they were sitting in front of it. They used a program to control parameters that allow for complete remote graphical access as one of the authorized users of the system.

The unauthorized presence had complete control.

It had access to emails, personal files, Internet browsing, passwords, execution of programs, financial records, and photographs of not just me but of my family members as well.

The illegal infiltration included the ability to capture passwords and account information for my extended computing footprint as well, such as my external accounts with Hotmail, Facebook, Twitter, online banking credentials, and CBS corporate systems.

The invaders were able to access anything connected to my computer systems and they used their technology and expertise to comb through the photo records on my BlackBerry, specifically snooping through materials I had photographed regarding my Fast and Furious research.

While a great deal of data has been expertly wiped in an attempt to cover-up the deed, Don is able to find remnants of what was once there. There’s crucial evidence of a government computer connection to my computer. A sort of backdoor link that leads to an ISP address for a government computer that can’t be accessed by the general public on the Web. It’s an undeniable link to the U.S. government. Don says the importance of this link can’t be overstated.

“Let me put it this way,” he tells me. “This ISP address is better evidence of the government being in your computer than the government had when it accused China of hacking into computers in the U.S.”

“The greatest fear that I have regarding the outcome for America of these disclosures is that nothing will change.”

—Edward Snowden to the Guardian, June 2013