Edward Snowden recently released his memoirs. In some parts of the Internet, this has rekindled an ancient debate: namely, was it all worth it? Did Snowden’s leaks make us better off, or did Snowden just embarass us and set back U.S. security by decades? Most of the arguments are so familiar that they’re boring at this point. But no matter how many times I read them, I still feel that there’s something important missing.
It’s no coincidence that this is a cryptography blog, which means that I’m not concerned with the same things as the general public. That is, I’m not terribly interested in debating the value of whistleblower laws (for some of that, see this excellent Twitter thread by Jake Williams). Instead, when it comes to Snowden’s leaks, I think the question we should be asking ourselves is very different. Namely:
What did the Snowden leaks tell us about modern surveillance capabilities? And what did we learn about our ability to defend against them?
And while the leaks themselves have receded into the past a bit — and the world has continued to get more complicated — the technical concerns that Snowden alerted us to are only getting more salient.
Life before June 2013
It’s difficult to believe that the Snowden revelations began over six years ago. It’s also easy to forget how much things have changed in the intervening years.
Six years ago, vast portions of our communication were done in plaintext. It’s hard to believe how bad things were, but back in 2013, Google was one of the only major tech companies who had deployed HTTPS in its services by default, and even there they had some major exceptions. Web clients were even worse. These graphs (source and source) don’t cover the whole time period, but they give some of the flavor:
Outside of HTTPS, the story was even worse. In 2013 the vast majority of text messages were sent via unencrypted SMS/MMS or poorly-encrypted IM services, which were a privacy nightmare. Future developments like the inclusion of default end-to-end encryption in WhatsApp were years away. Probably the sole (and surprising) exception to was Apple, which had been ahead of the curve in deploying end-to-end encryption. This was largely counterbalanced by the tire fire that was Android back in those days.
But even these raw facts don’t tell the full story.
What’s harder to present in a chart is how different attitudes were towards surveillance back before Snowden. The idea that governments would conduct large-scale interception of our communications traffic was a point of view that relatively few “normal people” spent time thinking about — it was mostly confined to security mailing lists and X-Files scripts. Sure, everyone understood that government surveillance was a thing, in the abstract. But actually talking about this was bound to make you look a little silly, even in paranoid circles.
That these concerns have been granted respectability is one of the most important things Snowden did for us.
So what did Snowden’s leaks really tell us?
The brilliant thing about the Snowden leaks was that he didn’t tell us much of anything. He showed us. Most of the revelations came in the form of a Powerpoint slide deck, the misery of which somehow made it all more real. And despite all the revelation fatigue, the things he showed us were remarkable. I’m going to hit a few of the highlights from my perspective. Many are cryptography-related, just because that’s what this blog is about. Others tell a more basic story about how vulnerable our networks are.
“Collect it all”
Prior to Snowden, even surveillance-skeptics would probably concede that, yes, the NSA collects data on specific targets. But even the most paranoid observers were shocked by the sheer scale of what the NSA was actually doing out there.
The Snowden revelations detailed several programs that were so astonishing in the breadth and scale of the data being collected, the only real limits on them were caused by technical limitations in the NSA’s hardware. Most of us are familiar with the famous examples, like nationwide phone metadata collection. But it’s the bizarre, obscure leaks that really drive this home. For example:
“Optic Nerve”. From 2008-2010 the NSA and GCHQ collected millions of still images from every Yahoo! Messenger webchat stream, and used them to build a massive database for facial recognition. The collection of data had no particular rhyme or reason — i.e., it didn’t target specific users who might be a national security threat. It was just… everything. Don’t believe me? Here’s how we know how indiscriminate this was: the program didn’t even necessarily target faces. It got… other things:
MYSTIC/SOMALGET. In addition to collecting massive quantities of Internet metadata, the NSA recorded the full audio every cellular call made in the Bahamas. (Note: this is not simply calls to the Bahamas, which might be sort of a thing. They abused a law enforcement access feature in order to record all the mobile calls made within the country.) Needless to say, the Bahamian government was not party to this secret.
MUSCULAR. In case anyone thought the NSA avoided attacks on American providers, a series of leaks in 2014 documented that the NSA had tapped the internal leased lines used to connect Google and Yahoo datacenters. This gave the agencies access to vast and likely indiscriminate access to torrents of data on U.S. and European users, information was likely above and beyond the data that these companies already shared with the U.S. under existing programs like PRISM. This leak is probably most famous for this slide:
Yahoo!, post-Snowden. And in case you believe that this all ended after Snowden’s leaks, we’ve learned even more disturbing things since. For example, in 2015, Yahoo got caught installing what has been described as a “rootkit” that scanned every single email in its database for specific selectors, at the request of the U.S. government. This was so egregious that the company didn’t even tell it’s CISO, who left the next week. In fact, we know a lot more about Yahoo’s collaboration during this time period, thanks to Snowden.
These examples are not necessarily the worst things we learned from the Snowden leaks. I chose them only to illustrate how completely indiscriminate the agency’s surveillance really was. And not because the NSA was especially evil, but just because it was easy to do. If you had any illusions that this data was being carefully filtered to exclude capturing data belonging to U.S. citizens, or U.S. companies, the Snowden leaks should have set you straight.
SIGINT Enabling
The Snowden leaks also helped shatter a second illusion: the idea that the NSA was on the side of the angels when it comes to making the Internet more secure. I’ve written about this plenty on this blog (with sometimes exciting results), but maybe this needs to be said again.
One of the most important lessons we learned from the Snowden leaks was that the NSA very much prioritizes its surveillance mission, to the point where it is willing to actively insert vulnerabilities into encryption products and standards used on U.S. networks. And this kind of thing wasn’t just an occasional crime of opportunity — the agency spent $250 million per year on a program called the SIGINT Enabling Project. Its goal was, basically, to bypass our commercial encryption at any cost.
This kind of sabotage is, needless to say, something that not even the most paranoid security researchers would have predicted from our own intelligence agencies. Agencies that, ostensibly have a mission to protect U.S. networks.
The Snowden reporting not only revealed the existence of these overall programs, but they uncovered a lot of unpleasant specifics, leading to a great deal of follow-up investigation.
For example, the Snowden leaks contained specific allegations of a vulnerability in a NIST standard called Dual EC. The possibility of such a vulnerability had previously been noted by U.S. security researchers Dan Shumow and Niels Ferguson a few years earlier. But despite making a reasonable case for re-designing this algorithm, those researchers (and others) were basically brushed off by the “serious” people at NIST.
The Snowden documents changed all that. The leaks were a devastating embarassment to the U.S. cryptographic establishment, and led to some actual changes. Not only does it appear that the NSA deliberately backdoored Dual EC, it seems that they did so (and used NIST) in order to deploy the backdoor into U.S. security products. Later investigations would show that Dual EC was present in software by RSA Security (allegedly because of a secret contract with the NSA) and in firewalls made by Juniper Networks.
(Just to make everything a bit more horrifying, Juniper’s Dual EC backdoor would later be hijacked and turned against the United States by unknown hackers — illustrating exactly how reckless this all was.)
And finally, there are the mysteries. Snowden slides indicate that the NSA has been decrypting SSL/TLS and IPsec connections at vast scale. Even beyond the SIGINT Enabling-type sabotage, this raises huge questions about what the hell is actually going on here. There are theories. These may or may not be correct, but at least now people are thinking about them. At very least, it’s clear that something is very, very wrong.
Have things improved?
This is the $250 million question.
Some of the top-level indicators are surprisingly healthy. HTTPS adoption has taken off like a rocket, driven in part by Google’s willingness to use it as a signal for search rankings — and the rise of free Certificate Authorities like LetsEncrypt. It’s possible that these things would have happened eventually without Snowden, but it’s less likely.
End-to-end encrypted messaging has also taken off, largely due to adoption by WhatsApp and a host of relatively new apps. It’s reached the point where law enforcement agencies have begun to freak out, as the slide below illustrates.
Does Snowden deserve credit for this? Maybe not directly, but it’s almost certain that concerns over the surveillance he revealed did play a role. (It’s worth noting that this adoption is not evenly distributed across the globe.)
It’s also worth pointing out that at least in the open source community the quality of our encryption software has improved enormously, largely due to the fact that major companies made well-funded efforts to harden their systems, in part as a result of serious flaws like Heartbleed — and in part as a response to the company’s own concerns about surveillance.
It might very well be that the NSA has lost a significant portion of its capability since Snowden.
The future isn’t American
I’ve said this before, as have many others: even if you support the NSA’s mission, and believe that the U.S. is doing everything right, it doesn’t matter. Unfortunately, the future of surveillance has very little to do with what happens in Ft. Meade, Maryland. In fact, the world that Snowden brought to our attention isn’t necessarily a world that Americans have much say in.
As an example: today the U.S. government is in the midst of forcing a standoff with China over the global deployment of Huawei’s 5G wireless networks around the world. This is a complicated issue, and financial interest probably plays a big role. But global security also matters here. This conflict is perhaps the clearest acknowledgement we’re likely to see that our own government knows how much control of communications networks really matters, and our inability to secure communications on these networks could really hurt us. This means that we, here in the West, had better get our stuff together — or else we should be prepared to get a taste of our own medicine.
If nothing else, we owe Snowden for helping us to understand how high the stakes might be.
A Few Thoughts on Cryptographic Engineering 
Conversely the NSA did not even get a slap on the wrist from either Congress or the supine courts. Before Snowden, they had to consider what might happen if they were exposed, but now they *know* they can get away with anything, and all restraints are gone. When combined with Obama giving them bipartisan cover for George W. Bush’ abuses, including the use of torture, I would say we are in a far worse place than before as far as legislation is concerned.
That was the most enraging pat of all this… the lack of consequences faced by those violating the law. “Justice” is not applied evenly. The abusers got away with their crimes, and the whistleblower has been exiled.
Who “violated the law?” The folks at the NSA were doing what they were asked to do by congress. Even when provided with information about the programs and with some members raising these very concerns congress chose to reauthorize those programs.
I know there’s a real rush to condemn the NSA but that misses the point. Do you think the other intelligence agencies aren’t doing creepy stuff? The problem is a congress that gave the intelligence community a blank check in 2001 and has yet to ever re-examine what they did in the panic after 9/11.
In the end, they (the governments) all feel like they are at war with everyone else and we, the everyday users, got caught in the middle. It’s like we’re all walking in any street in Kandahar, Mosul, Moscow, Washington or wherever. We’re all suspects unless we prove otherwise and they are all relentless in their efforts. The bona-fide assumption that rules the Web was the very same idea that everyone uses to abuse the data and the users. Big tech firms just got caught and, as much as they seem to be supra states, they should play like so because they have to be picky about which fights can they pick.
> This means that we, here in the West, had better get our stuff together — or else we should be prepared to get a taste of our own medicine.
Shotgun meets foot
— AABill, Australia
Please don’t consider WhatsApp encrypted. It cannot be proven that their implementation of OpenWhisper wasn’t tampered with. And chances are against users.
A reporter for Asia Times says Huwei is being demonized for putting together entangled networking, which should be completely secure, not for USA stated reasons of backdoring
Reporter is wrong. If you think NSA is bad for what these leaks showed, then you would/should be more worried about the Chinese products.
Excellent post.
Do not forget about Blackberry. They have claimed for years that their BBM messenger was e2e encrypted / or enc/dec was federated to an remote endpoints.
Just finished the book, so your article is timely and helps emphasize the technical problems of maintaining privacy. Thanks
Thanks for great post, 6 years make a big difference..:(
Actually, Snowden and many of the press reports told a lot that was exaggerated, and/or without the proper context. Taking the effort of carefully reading the reports and the documents themselves often provides a more nuanced picture.
The OPTIC NERVE program for example did had a specific reason: according to The Guardian it was “used for experiments in automated facial recognition, to monitor GCHQ’s existing targets, and to discover new targets of interest” – which already sounds more reasonable than building a massive database just because they can. The Guardian also cites a GCHQ document that says: “This is allowed for research purposes but at the point where the results are shown to analysts for operational use, the proportionality and legality questions must be more carefully considered.”
Regarding the MYSTIC program: NSA did record the audio of all cell phone calls in the Bahamas (although in a 30-day rolling buffer), but as The Intercept also reports, the Bahamas were used as a “test bed for system deployments, capabilities, and improvements” to the program, as the country’s small population provided a manageable sample to try out the system’s features.
That doesn’t make it less controversial, but apparently it served a higher goal which was not mentioned by The Intercept: later it came out that the country for which the MYSTIC system was actually meant was Afghanistan, where it “was the single most important source of force protection and warning for our people” – according to DNI James Clapper in 2015 after MYSTIC had to be shut down as a result of the revelations.
These collection programs and capabilities certainly bear legal and privacy risks, but that also depends on how they are actually implemented and for which goals. Those goals, which can be read in a document called “NSA’s Strategic Mission List”, got hardly any attention, but are important when it comes to a judgement about the proportionality of the means.
Any organisation that lets something like LOVEINT run rampant is one that needs to be dismantled. What a creepy violation of rights
I was not really surprised by these revelations as I recall. Snowden merely provided proof of something that was essentially already known to those paying attention. A number of other whistleblowers such as e.g. William Binney (also an ex NSA employee directly involved in the agency’s spying operations) and Russell Tice had revealed the scale and lawlessness of NSA snooping several years before Snowden appeared on the scene. The main difference was that one had to take them by their word, and their credibility could be easily challenged by their former employer. The mainstream media simply ignored them altogether. Snowden confirmed everything they had said with hard evidence, which certainly resulted in a number of memorable and downright comical moments, such as Mr. Clapper lying to Congress under oath and suffering zero consequences as a result (a valuable reminder that there is indeed a “deep state”). Other than that, Snowden’s revelations have changed absolutely nothing. All that happened was that some of the legally dubious stuff was legalized retroactively, which of course was also valuable information in a way. It showed that a number of constitutional rights people thought they had exist only on paper, but not in reality.