The Tech - Online EditionMIT's oldest and largest
newspaper & the first
newspaper published
on the web
Boston Weather: 51.0°F | Light Rain Fog/Mist and Breezy
Article Tools

As Washington Post staff listened to the fantastical stories being woven by Edward Snowden, our leaker du jour, I can’t help but wonder why they didn’t greet his tales with a healthy dose of skepticism. Surely the memory of Bradley Manning, the private who cried wolf, couldn’t have been distant in their minds. For all the grand claims of U.S. malfeasance that Manning made, when his stolen database of secret diplomatic cables was finally out for all to see, there was very little that appeared out of the ordinary. Now the confused youth sits in a maximum security prison, discredited among all but a few small groups that still misguidedly regard him as a cause célèbre.

Maybe WashPo was caught up in the scandal-mania that has characterized President Obama’s second term. Maybe journalistic competition pressured them to attempt an out-crazying of Glenn Greenwald, The Guardian’s resident paranoiac. Whatever the circumstances, they’re regretting their decision to rush Snowden’s claims to the newsstand and are already backtracking on key points.

Snowden’s boasts strain credulity — he asserts that he could wiretap anyone, from federal judges to the president himself, that the NSA can “quite literally can watch your ideas form as you type,” and that several tech giants, including Google, Microsoft, and Facebook have knowingly given the NSA direct access to their servers where, seemingly at a whim, even low level NSA agents and contractors can read through a citizen’s email or listen in on their chats.

Of the two NSA programs that Snowden has outed to back up his allegations, one can be taken at face value. The NSA is most certainly in the business of collecting telephone metadata, i.e. what numbers called what numbers when and for how long (though not the names of the callers or the content of what was said). But the NSA’s collection of metadata is neither illegal, unexpected, or (depending on your point of view) objectionable. It is authorized by FISA court orders, and those court orders stem from straightforward interpretations of long-standing legal precedent a la Smith v. Maryland (1979). In layman’s terms, the police need a warrant to listen in on your phone calls. They don’t need a warrant to observe you walking into a telephone booth.

The other NSA program, PRISM, has been greatly exaggerated, and after the hyperbole is stripped away, it is not nearly enough to support Snowden’s contentions. Snowden claims it is a massive NSA dragnet that captures and reads all of the email, chat, and other services provided by America’s largest web companies. But his story does not check out.

The first red flag is the program’s price tag, a measly $20 million dollars per year. $20 million dollars is what Google pays for maybe two or three weeks of electricity. It’s orders of magnitude below any rational estimate of what it would cost to trawl the internet communications of a nation.

The second red flag is the flat, unequivocal denials from the web companies listed by Snowden. One could presume they were lying to protect their bottom line, but what then would be the motive for DropBox, who, according to Snowden’s powerpoint slides, is not currently participating but merely being approached by the NSA to join? Surely their bottom line would be improved by coming forward and telling their customers that they bravely fought, like David versus Goliath, against an oppressive surveillance state. Did WashPo assume everyone was lying to them when they contacted Google et al. for their responses to the story? Or were they so rushed in getting things to print that they didn’t even take a couple hours to get the companies’ reactions on the record?

If the web companies are not “knowingly participating,” as WashPo wrote (and later quietly deleted), then the “PRISM-as-a-massive-surveillance-tool” theory has a third red flag: significant technical challenges. A great deal of the communications supposedly intercepted by PRISM are encrypted. In basic terms: Google generates a set of ciphers, one for me, and another for the person I am sending my email to. My computer encrypts my message with my cipher, Google receives it, decrypts it, and then re-encrypts it with the cipher that the email’s recipient uses before sending it back out again. When I send an email through Gmail, only me, Google, and the person I’m emailing get to see the unencrypted content. Anyone snooping in that didn’t have access to Google’s servers after the decryption had taken place would get a bunch of gobbledy gook. The only way the NSA could get around this would be either by finding a way to intercept the traffic and then break the encryption (an impossible task that will become even more impossible once Google switches to 2048-bit RSA keys in a few months time), or by planting powerful moles in the U.S’s major web companies (very unlikely, especially when there is no mention of such a mole network in Snowden’s leaked documents).

The final nail in the coffin for Snowden’s case is the NSA fact sheet that was released in response to the leaks and how well it comports with what we know about the program. Unlike Snowden’s, the NSA’s story fits. PRISM is an internal database. The extent of its information collecting abilities (if they exist) is to automatically refresh the information obtained through legal FISA court orders targeted against specific non-citizens, and only if those court orders allow ongoing surveillance. It primarily serves as a hub through which U.S. authorities and foreign intelligence partners can access information collected through the normal and appropriate FISA channels. In other words, PRISM is not a new and highly intrusive surveillance program, but merely a centralized repository of information obtained through congressionally and judicially approved channels, with all of the appropriate oversight, restraint, and safeguards.

Despite these red flags, some would have us believe Snowden’s story over the NSA’s, simply because they want to trust a whistleblower more than the government. “What reason would he have for lying?” they ask. The answer is simple: narcissism. His cringe-worthy interview with Glenn Greenwald tells it all. He wants to be the heroic martyr, the reluctant hero who would have lived his life in peace and quiet were it not for all the monsters he had a moral duty to slay.

As a 20-something former consultant who did work he found morally objectionable and later wrote about it, I empathize with Snowden. I applaud the notion that moral obligations come before obligations to an employer. But there is a difference between a Daniel Ellsberg and a Don Quixote. When history remembers Edward Snowden, it won’t be as a shining white knight — just as a poor little fellow who imagined he was one.