Another NSA contractor ponders whether to go public

130614174418-t-ts-how-hide-nsa-00000000-620x348By Simon Davies

With the first anniversary of Edward Snowden’s public debut little more than a month away, another NSA contractor is considering releasing new information on global intelligence arrangements between the US and European spy agencies.

The coder – who for the moment we’ll identify only as the gender-neutral  “XY” – first contacted the Privacy Surgeon shortly after we had published information passed to us last year by former NSA contractor Wayne Madsen. Those disclosures – relating to the direct involvement by Germany and other EU countries in the NSA surveillance web – triggered one of the most disturbing chapters in recent UK newspaper history.

nsa_inside-1As regular readers of the Privacy Surgeon will recall, Britain’s Observer newspaper caved under a Twitter storm and pulped its front page lead on that story. One week later, the disclosure – and the secret interception arrangements revealed by Madsen and the Privacy Surgeon – were confirmed by the German publication Der Spiegel. Neither the Observer nor the Guardian newspaper group ever adequately explained the extraordinary censorship that had taken place.

XY – like many stakeholders in the security field – felt angered by the Observer episode, but that was not the key reason for contacting us. XY’s concern was that the disclosures by Snowden had been “under-managed”, resulting in a risky personalisation of the issues and a consequent division of public opinion. XY also expressed concern that no technical strategy had been devised to capitalise at a practical level on the Snowden disclosures.

Moreover, as the story had in effect been jointly “owned” by the Anglo-American press, almost all political and public attention has taken place within the US. Notable exceptions such as Brazil aside, no measurable reform has occurred in any other country.

If XY does make the decision to release information, we shouldn’t expect it to be in any way similar to the Snowden methodology. XY appears to have no intention of linking a personality to further disclosures. Unlike the strategy of the past year, aimed principally at building a dramatic public arena, XY wants to feed directly into a robust tactical framework which would include technical circumvention and citizen empowerment. In the absence of such a strategy, XY is unlikely to proceed. With the benefit of hindsight, perhaps XY has adopted the right approach.

XY’s concern was that the disclosures by Snowden had been “mis-managed”, resulting in a dangerous personalisation of the issues raised and a consequent divide in public opinion.

I have briefly mentioned this interaction on a couple of technical and civil society mailing lists, but the reason for expanding the topic here is that I now need constructive input about how – or even whether – the disclosures should proceed.

(For any SIGINT authorities who happen to be reading this post, I should confirm that unlike the situation with Greenwald et al, I have not been afforded the luxury of scrutinising the actual documents. I’ve only been given a high-level narrative of the material, which includes exhaustive content on the operational relationship between the NSA and Britain’s spy agency, GCHQ. This material appears to add something to the Snowden archive, but not substantially so.)

It is a matter of record that GCHQ – the world’s second-biggest communications intelligence agency and the NSA’s primary partner – has for decades been engaged in deep mass-surveillance. However the agency has, unlike the NSA, refused to pay as much as lip service to matters of legality or rights.

This is one reason why the Privacy Surgeon earlier this year lodged a formal appeal to the Attorney General of England and Wales, Dominic Grieve, to request a police investigation of breach of criminal law over the interception by the agency of the webcam traffic of millions of Yahoo users. That request has been ignored.

I should note, for the record, that this is the same Attorney General who, as shadow A-G in opposition, had worked closely with me and other privacy advocates until 2010 to highlight the illegality of the Labour government’s programmes. At the time I was secretary of the All-Party Parliamentary Group on Privacy, chaired by Edward Garnier QC, who went on after the 2010 general election to become the Solicitor General (in effect the Deputy Attorney General). Like Grieve, Garnier did nothing to highlight unlawful interception once he had been appointed.

Hard lesson: don’t count on your political friends to do the right thing when they achieve power. Mine and civil society’s formerly close – and now aborted – relationship on privacy matters with the current Deputy Prime Minister Nick Clegg further illustrates this point.

Dealing with XY has been an interesting experience – to put it mildly. The key parallel with Snowden is that both have an absolute distrust of electronic communications. There are no emails, no phone conversations, no “easy” means of contacting each other. Planning for face to face meetings in Geneva, Brussels and London was arduous. But then, anyone meeting Snowden over the past eleven months will understand those dynamics. As XY so eloquently pointed out, we have moved very quickly in the world of interception from the impossible to the plausible to the probable.

So, on behalf of this potential whistleblower, I ask readers to help resolve the following questions:

How can we envision a global strategy that empowers citizens? Knowing what we now know about the sheer scale and breadth of the spy agencies penetration into comms systems, how do we imagine a different world which shifts the default from intrusion to privacy – and how do we inspire populations to adopt such a strategy?

How do we reform the institutional bonds between spy agencies and corporations? What can be done to further increase the sensitivity of ICT companies to infiltration by those agencies? And what legal or economic measures can be taken to ensure that privacy is entrenched and that systematic accountability is adopted?

None of this is to deny the genuine reforms that has been achieved since Snowden. Metadata is now generally viewed as an over-hyped and illusory resource. International diplomacy has undergone a reality check. By degrees, the general population has learned why privacy is important – even if people have no idea how to take remedial action.

If we can focus on strategy and solutions, more people like XY will be prepared to break ranks and come forward. Until we do, they are likely to see disclosure as a dangerous process that will achieve relatively little.