One year ago, Russia granted Edward Snowden temporary asylum after a 39-day stay for the NSA whistleblower in the transit zone at Moscow’s Sheremetyevo Airport. Snowden had become stranded there while trying to flee to Latin America, where several countries had offered permanent asylum after the U.S. government filed charges against him for making off with thousands of classified documents about its surveillance programs.
Since then, the Snowden story has unfolded in dramatic ways for a nonstop 12 months — as the world reacted to the vast amount of information that his files contained — sparking revelation after revelation about some of the nation's most cherished secrets. It has also sparked a fierce policy debate over how to make intelligence organizations more accountable.
In the last six months alone, reports based on Snowden’s files have included important new details about how the NSA collects large amounts of American data under the guise of foreign surveillance. It has been shown that the NSA and Britain’s GCHQ targeted Muslim community leaders and online activists — possibly crossing the line between surveillance and censorship.
For many anti-secrecy activists and civil rights campaigners, the avalanche of stories over the past year has seemed to prove many of the things they had previously only suspected, when it came to surveillance actions and the way intelligence gathering was being used.
Footage on a computer screen showing Edward Snowden's one-year asylum permit at Sheremetyevo airport in Moscow on August 1, 2013.STRINGER/AFP/Getty Images
"The primary significance, in my view at least, of the Snowden disclosures is that it ... presented to the American public documents that were actually written by the government proving, in fact, that what we [the ACLU] had been saying was true," said Kade Crockford, who directs the Technology for Liberty Project at the American Civil Liberties Union of Massachusetts and edits its Privacy Matters blog.
Yet while the headlines have been dominated by Snowden’s leaks, much of his own life over the past 12 months has remained in the shadows. Earlier this month, his lawyers said they had filed for an extension of his asylum in Russia beyond the July 31 expiration. According to a recent interview in The Guardian, which along with The Washington Post first reported on the Snowden leaks, it appears he spends his time in Russia working on digital privacy tools, reading Dostoevsky and giving talks about surveillance via videoconference.
His life seems relatively sedate compared with the still fast-moving story. In the first half-year of his leaks, the public learned about the NSA’s monitoring of citizens’ phone calls and email, and routine spying on allied foreign governments and companies. Later details emerged about GCHQ’s bulk collection of Yahoo webcam chats, the NSA’s mass storage of phone conversations and metadata in target countries, NSA facial recognition databases that pull images from cable taps and border crossings, and even automated NSA programs that have the ability to infect millions of systems worldwide with spying software — something the agency itself called “industrial-scale exploitation.”
These foreign collection programs raise legitimate privacy concerns for billions of people outside the U.S., but many experts say they also create a back door for domestic surveillance.
"Our communications travel all over the world. Sometimes even communications that are internal to the United States travel outside of the U.S. before reaching their destination domestically,” explained Crockford. “It's very difficult, in the 21st century, to draw bright lines between what is domestic and what is foreign.”
The Washington Post recently conducted a four-month investigation of data on foreign targets that the NSA collected as it traveled through U.S. networks. Of thousands of account holders mentioned in the files, 9 out of 10 were not the NSA’s intended targets. On top of that, “nearly half” of the files mentioned U.S. persons.
The NSA’s minimization rules usually require it to discard data when it accidentally “targets” a U.S. person without first obtaining a warrant from the Foreign Intelligence Surveillance Court (FISC). But as Barton Gellman pointed out in a follow-up to the Post’s investigation, the NSA is free to store and search data it incidentally collects from U.S. persons while targeting foreign entities or collecting supposedly foreign data en masse.
In June, the Washington Post published details of how the NSA can also collect domestic communications “about” its targets — for example, a domestic email from one U.S. citizen to another that contains the phone number of a foreign diplomat whom the NSA is targeting. The Post also published a FISC order authorizing the NSA to collect communications “concerning” almost every country, as well as several international bodies and foreign political parties. The only exceptions are the NSA’s four closest partners — Canada, the U.K., Australia and New Zealand.
“If it stumbles upon your entire inbox … because you've been communicating with someone outside the country or because your email was 'incidentally collected' through some other surveillance program … there are very few restrictions on the government's access and use of that information,” said Crockford.
In March, The New York Times revealed a classified 2002 FISC ruling that allows the NSA, the FBI and the CIA to freely share raw data. The NSA also shares specific intelligence much more broadly. One agency slide published in Glenn Greenwald’s book about the Snowden leaks, “No Place to Hide,” lists the departments of Agriculture, Justice, Treasury, Commerce, Energy, State and Homeland Security among the NSA’s “customers.”
The NSA and the Drug Enforcement Agency (DEA) have what one NSA memo called “a vibrant two-way information sharing relationship.” In May, The Intercept reported that the NSA used the DEA’s access to telecom facilities in the Bahamas to set up a system that monitors and stores every phone conversation in the country for 30 days.
“The rules governing the sharing of this sensitive information should be strict, especially when it comes to Americans' communications, but instead those privacy rules have been watered down in secret,” explained Patrick Toomey, staff attorney at the ACLU’s National Security Project. “Once our data is in the NSA's hands, it can end up in any number of government databases, and potentially even on the desk of an FBI agent conducting an ordinary criminal investigation."
Ahmed Ghappour, a professor of law at the University of California’s Hastings College of the Law who has represented clients in terrorism and hacking-related cases, sees that getting worse. “NSA surveillance is the bread and butter of national security investigations,” he said. “As our threat priorities shift from terrorism to cybersecurity, I have no doubt that warrantless surveillance will become more pervasive in cases related to information security.”
One of Ghappour’s former clients, Issa Doreh, was convicted last year of wiring money to the Somali armed group Al Shabab as part of an investigation based largely on information from the NSA’s phone records program.
Still, for many experts the most disturbing revelations of the past six months have involved specific NSA and GCHQ targets. In February, The Intercept revealed that the NSA works with the CIA and the military to target drone strikes based on telephone metadata rather than human intelligence. Former NSA Director Michael Hayden seemed to confirm that report during a debate with David Cole at Johns Hopkins University when he famously said, “We kill people based on metadata.” Critics argue that the practice is unreliable and puts innocent people at risk.