Snowden Disclosures Finally Hit 12 on a Scale of 1 to 10

A few days ago, NBC News quoted a former intelligence official about the fallout from Edward Snowden’s NSA leaks. “The damage, on a scale of 1 to 10, is a 12,” he said.

At the time, I thought it was an odd thing to say. Obviously Snowden’s leaks have been damaging to the NSA, and just as obviously they’ve caused the NSA enormous PR problems. Still, we’ve known for years that they were collecting telephone metadata. We’ve known they were subpoenaing email and online documents from tech providers like Google and Microsoft. We’ve known they were monitoring switching equipment and fiber optic cables. We certainly know a lot more details about this stuff than we used to, but the basic outline of NSA’s capabilities hasn’t really come as much of a surprise.

So what was this former intelligence official talking about? I suspect it was this:

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

….Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones.

….By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by exploiting security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.

….[In 2010, a] briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.

But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document warned.

That’s a 12 on a scale of 1 to 10. The Snowden documents don’t make clear precisely what NSA’s capabilities are, or exactly what kind of encryption it can break. Nor is it clear how many of its new capabilities are truly due to mathematical breakthroughs of some kind, and how many are more prosaic hacking exploits that have given them more encryption keys than in the past.

Nonetheless, this is truly information that plenty of bad guys probably didn’t know, and probably didn’t have much of an inkling about. It’s likely that many or most of them figured that ordinary commercial crypto provided sufficient protection, which in turn meant that it wasn’t worth the trouble to implement strong crypto, which is a bit of a pain in the ass. (Recall, for example, Glenn Greenwald’s admission that he “almost lost one of the biggest leaks in national-security history” because Snowden initially insisted on communicating with strong crypto and Greenwald didn’t want to be bothered to install it.)

But now that’s all changed. Now every bad guy in the world knows for a fact that commercial crypto won’t help them, and the ones with even modest smarts will switch to strong crypto techniques that remain unbreakable. It’s still a pain in the ass, but it’s not that big a pain in the ass.

For what it’s worth, this is about the point where I get off the Snowden train. It’s true that some of these disclosures are of clear public interest. In particular, I’m thinking about the details of NSA efforts to infiltrate and corrupt the standards setting groups that produce commercial crypto schemes.

But the rest of it is a lot more dubious. It’s not clear to me how disclosing NSA’s decryption breakthroughs benefits the public debate much, unlike previous disclosures that have raised serious questions about the scope and legality of NSA’s surveillance of U.S. persons. Conversely, it’s really easy to see how disclosing them harms U.S. efforts to keep up our surveillance on genuine bad guys. Unlike previous rounds of disclosures, I’m a lot less certain that this one should have seen the light of day.


Headshot of Editor in Chief of Mother Jones, Clara Jeffery

It sure feels that way to me, and here at Mother Jones, we’ve been thinking a lot about what journalism needs to do differently, and how we can have the biggest impact.

We kept coming back to one word: corruption. Democracy and the rule of law being undermined by those with wealth and power for their own gain. So we're launching an ambitious Mother Jones Corruption Project to do deep, time-intensive reporting on systemic corruption, and asking the MoJo community to help crowdfund it.

We aim to hire, build a team, and give them the time and space needed to understand how we got here and how we might get out. We want to dig into the forces and decisions that have allowed massive conflicts of interest, influence peddling, and win-at-all-costs politics to flourish.

It's unlike anything we've done, and we have seed funding to get started, but we're looking to raise $500,000 from readers by July when we'll be making key budgeting decisions—and the more resources we have by then, the deeper we can dig. If our plan sounds good to you, please help kickstart it with a tax-deductible donation today.

Thanks for reading—whether or not you can pitch in today, or ever, I'm glad you're with us.

Signed by Clara Jeffery

Clara Jeffery, Editor-in-Chief

payment methods

We Recommend