Deibert - Black code: inside the battle for cyberspace

Copyright 2013 by Ronald J. Deibert
Trade paperback edition published 2013.

Signal is an imprint of McClelland & Stewart, a division of Random House of Canada Limited, a Penguin Random House Company.

All rights reserved. The use of any part of this publication reproduced, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, or stored in a retrieval system, without the prior written consent of the publisher or, in case of photocopying or other reprographic copying, a licence from the Canadian Copyright Licensing Agency is an infringement of the copyright law.

Library and Archives Canada Cataloguing in Publication is available upon request.

ISBN 978-0-7710-2535-8
eBook ISBN: 978-0-7710-2534-1

Library of Congress Control number: 2013938866

McClelland & Stewart,
a division of Random House of Canada Limited
A Penguin Random House Company
One Toronto Street
Suite 300
Toronto, Ontario
M5C 2V6

www.randomhouse.ca

v3.1

For Joan

Who are we? Where do we stand in relation to each other, and more importantly, to the state? These are timeless questions worthy of constant re-examination, never more so than today in our world of Big Data, social networks, and global communications. According to the U.S. National Security Agency ( NSA ), we are what we communicate. What rights as citizens do we have to these communications being private? Again, according to the NSA , none.

In May 2013, as the hardcover version of Black Code was being prepared for publication, thousands of miles away in Hawaii, a private contractor for the National Security Agency named Edward Snowden was busy making preparations for his escape from home and what was to become the most extensive single set of leaks to ever hit the U.S. intelligence community.

There are many interesting details about Edward Snowden and his access to top-secret programs. The twenty-six-year-old network systems administrator worked for only three months at Booz Allen Hamilton, one of the many private companies that orbit Top Secret America, the Cyber Security Military Industrial Complex. A systems administrator, or sysadmin, is the type of person you might call to fiddle with the cables under your desk when your Internet connection is not working. And yet, notwithstanding his short period of employment and junior status, Snowden claimed to have the ability to wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email. U.S. officials disputed this as wildly distorted, but documents Snowden later revealed to the The Guardian, specifically a PowerPoint presentation that gives an overview of a classified Internet monitoring program called XKeyscore, support it. That the NSA can monitor anyones Internet activity, and seemingly everything they do online in real-time, is shocking in and of itself; that a twenty-six-year-old sysadmin working only three months for an outside private contractor could do so is heart-stopping.

Much has been made about Snowdens motivation. His choice to flee first to Hong Kong, and then to Russia, where he spent weeks in an airport transit lounge before being granted a temporary one-year asylum in that country, left many to suspect he is a mole for a U.S. adversary. Some have suggested that he took the position with Booz Allen Hamilton simply to get access to classified materials and then leak them to reporters and WikiLeaks, and was perhaps even encouraged by WikiLeaks to do so. Many believe he is a traitor, not a whistleblower that he has done enormous harm to the U.S government while aiding adversaries like China, Russia, and even al-Qaeda.

As intriguing as it may be to speculate about Snowdens motivation, about Snowden the man, such speculation distracts from the details of the leaks themselves. The Snowden Files have blown wide open intricate details about programs that operate deep in the shadows of the classified world, hidden from not only most citizens, but from lawmakers too. At the time of writing, it is believed that Snowden has released only a small fraction of the material that he acquired before fleeing Hawaii: more is likely to come in the weeks and months ahead. What has already been published is remarkable enough for what it reveals about the extent of eavesdropping on our digital lives and the collusion of some of our most familiar and trusted Internet brands with secretive and largely unaccountable security forces.

Among the revelations:

The U.S. government ordered Verizon, a top-tier global telecommunications company, to provide it with access to the metadata for all of the communications made through its service, including metadata for domestic communications, a violation of the NSA S mandate and possibly the U.S. Constitution. What is metadata? Metadata is the electronic wrapper that accompanies every digital communication. For example, my mobile phone, even when Im not using it, emits an electronic pulse every few seconds to the nearest wifi router or cellphone tower that includes a digital biometric tag: the model of the phone, its operating system, the geolocation of the phone (and by extension all of my movements). Meanwhile, when the phone is in use metadata includes the number Im calling, the length and time of the call, or the IP addresses of websites I visit. All of this metadata moves through the filters and chokepoints of the Internet, and sits indefinitely, there to be mined, on the servers of the companies that own and operate the infrastructure, such as telecommunications and Internet service providers like Verizon.

Microsoft, the worlds largest software maker, helped the NSA and FBI collect data on users of its products and services and to access the encrypted chats and conference calls made over Skype, a service that Microsoft purchased in 2011. Microsoft also opened up its cloud computing services and email products to U.S. security agencies.

Through a program codenamed PRISM , the U.S. government required Google, Microsoft, Yahoo!, Facebook, Apple, and several other companies to facilitate direct access to customer data managed by the companies and compelled the companies to remain silent about these arrangements under penalty of law.

The NSA and GCHQ worked systematically to defeat encryption by having tech companies insert secret back doors and by covertly influencing international organizations to adopt weak encryption protocols.

One of the more remarkable issues to emerge from these revelations is the ineffectiveness of oversight mechanisms, and sometimes their outright perversion. For example, the very court set up to be a check against precisely this type of surveillance, the U.S. Foreign Intelligence Service Court ( FISC ), has not only allowed it, it has created a body of law that condones the mass collection of U.S. citizens communications. The FISC operates in secret, its deliberations and decisions shielded from public scrutiny. It has overseen thousands of requests for approval of sweeping collection programs during President Obamas administration, and it has denied only one.