Former NSA Whistleblower Sheds Light on the Science of Surveillance [Q&A]
A National Security Agency whistleblower named Thomas Drake was indicted several years ago for providing information to the press on waste, fraud and bureaucratic dysfunction in the agency’s counterterrorism programs. The U.S. Department of Justice indicted Drake, an NSA senior executive, under the Espionage Act of 1917 for retaining allegedly classified information. Eventually, the felony charges against Drake were dropped, and he pled guilty to a misdemeanor, exceeding authorized use of a computer. Still, the DOJ’s strategy in that case may provide some clues as to what’s in store for Edward Snowden, a government contractor who exposed himself last weekend as the source for a widespread domestic communications story first reported by The Guardian. Drake spoke with Scientific American to shed some light on whistleblower prosecutions and the science behind surveillance. An edited transcript of the conversation follows:
Director of National Intelligence James Clapper has said it's not realistic nor would he want to listen to everyone's communications, so what can be done with all these phone records that the NSA is collecting?
The distinction here is metadata versus content. It’s like when you get physical snail mail, it has a certain shape, weight and type of envelope, and an address and a return address and a stamp and usually a date and routing numbers. And it’s going to a particular mailbox at a particular address—that’s all metadata. The content is what it’s inside the envelope. In a digital space the metadata is always associated with content. The content would be the actual phone call—the conversation. The fact is the metadata is far more valuable to them because it gives them an index of everything. If they want to, the data is available and the capability exists to store it, then later they can access the content as well with a warrant. You can learn a tremendous amount about people by looking at the metadata…phone records include location information. At that level you can track them as well and know who they speak with, the time of day and all of that. By definition a phone number is always associated with somebody or some business—believe me, subscribers all have names. Think of the White Pages; the White Pages equal metadata. If I store that, that gives the government a phenomenal power in secret to track all kinds of information about a person without going to content.
With all that data, it would take tremendous resources to scour that information even before we get to content. So how do you know what to look for?
Patterns. Signatures. Profiling. That’s where it gets pernicious in secret; that’s when they may decide to look at content as well. But metadata even without content already tells you a lot of information. Metadata gives meaning to content. What does NSA need with a 100 million phone records? We are losing the foundation of innocence until proven guilt. The assumption of innocence no longer exists in a surveillance state…we are all foreigners now. To me that’s crossing over into a form of governance that is a clear violation of the Fourth Amendment. We are eroding a foundational part of this country. The important distinction is the law that exists right now allows the government with some [limitations—] at least on paper—to collect all meta-data without any particularized suspicion on someone without getting a warrant for someone. To get content you would need a warrant. The technology is such that the distinction between metadata and content is largely losing its distinction simply because all digital content by definition has metadata associated with it. You can strip off the metadata to do the analysis...but then when you want to, because you already have the data, even if you didn’t have probable cause to do it,you can get into the content.
Based on your experience, talk to me about Snowden’s decision to turn himself in. Would it have been possible for Snowden to hide out?
He exposed himself, which is one of the unique things here. Once you are flagged though, even if he hadn’t turned himself in…the system is so vast in terms of your digital footprint it wouldn’t have taken long to find him…Could he totally go off the grid and disappear? The system itself would have been alerted. He would have had less time to hide out if he had not gone overseas even if he had not exposed himself. He clearly made a preemptive decision…if he went overseas as a U.S. citizen they can’t grab you off the street the next day though he has indicated in interviews he is concerned about rendition. Leaving creating another barrier. It buys him time to make other arrangements in terms of seeking asylum.
Could cyber hackers have obtained the information that these programs existed through data-mining efforts?
Probably not. Those systems are extraordinarily well-protected. It’s very difficult to hack in, especially to the top secret ones. That’s why you have never seen a Foreign Intelligence Surveillance Act court order in public. This is the first one to my knowledge. The classification system is so high it has special protections. It takes someone with access and knowledge to make that fateful decision that it’s in the best interests of the public to have access to that type of information and free it.
From your experience, how do you think the NSA will come after Snowden?
With everything they’ve got.
So do you think they will use the same playbook they used with you—charging Snowden under the Espionage Act?
Yes. It will probably be very similar, there’s no question. I was never actually charged with leaking or disclosing. I was actually charged for retention of unauthorized documents.
What could someone like Snowden do—for a career—after this kind of security breach?
He will have to have an attorney shield him and protect him as best as he can. The government always has a choice in the matter; they can open a case and never prosecute. I suspect they will throw everything they had after him. He will have a heck of a time as I did…I found part-time work but I made far less than before; you are blacklisted. Your clearance is no longer valid so you can’t work in government and people think you can’t be trusted. It will probably be a whole different line of work for him at least in the near or mid-term as it certainly was for me. For a long time I had no income. He knew that there would serious consequences when he made the fateful decision to turn this information over to the press.
If I may ask, what do you do now?
I work full-time at an Apple retail store.
In an environment where Wikileaks is currently in the headlines, and now this, do you think this will change the way Americans approach security questions?
Just since my criminal case ended with one year of probation and community service, this is the most media attention I’ve had by far. I can’t even get to all my emails right now; it’s extraordinarily overwhelming. That tells me that for now this story has legs and people are discussing what are civil liberties versus surveillance and questioning how far they can erode our liberties for the sake of surveillance. The question is do Americans care enough and it looks like we’re having that debate now and I hope that it sustains itself, that’s certainly my wish.
Follow Scientific American on Twitter @SciAm and @SciamBlogs. Visit ScientificAmerican.com for the latest in science, health and technology news.
© 2013 ScientificAmerican.com. All rights reserved.
