Looking back in anger: One year of Snowden’s leaks

One year ago, Russia granted Edward Snowden temporary asylum after a 39-day stay for the NSA whistleblower in the transit zone at Moscow’s Sheremetyevo Airport. Snowden had become stranded there while trying to flee to Latin America, where several countries had offered permanent asylum after the U.S. government filed charges against him for making off with thousands of classified documents about its surveillance programs.

Since then, the Snowden story has unfolded in dramatic ways for a nonstop 12 months — as the world reacted to the vast amount of information that his files contained — sparking revelation after revelation about some of the nation's most cherished secrets. It has also sparked a fierce policy debate over how to make intelligence organizations more accountable.

In the last six months alone, reports based on Snowden’s files have included important new details about how the NSA collects large amounts of American data under the guise of foreign surveillance. It has been shown that the NSA and Britain’s GCHQ targeted Muslim community leaders and online activists — possibly crossing the line between surveillance and censorship.

For many anti-secrecy activists and civil rights campaigners, the avalanche of stories over the past year has seemed to prove many of the things they had previously only suspected, when it came to surveillance actions and the way intelligence gathering was being used.

These foreign collection programs raise legitimate privacy concerns for billions of people outside the U.S., but many experts say they also create a back door for domestic surveillance.

"Our communications travel all over the world. Sometimes even communications that are internal to the United States travel outside of the U.S. before reaching their destination domestically,” explained Crockford. “It's very difficult, in the 21st century, to draw bright lines between what is domestic and what is foreign.”

The Washington Post recently conducted a four-month investigation of data on foreign targets that the NSA collected as it traveled through U.S. networks. Of thousands of account holders mentioned in the files, 9 out of 10 were not the NSA’s intended targets. On top of that, “nearly half” of the files mentioned U.S. persons.

The NSA’s minimization rules usually require it to discard data when it accidentally “targets” a U.S. person without first obtaining a warrant from the Foreign Intelligence Surveillance Court (FISC). But as Barton Gellman pointed out in a follow-up to the Post’s investigation, the NSA is free to store and search data it incidentally collects from U.S. persons while targeting foreign entities or collecting supposedly foreign data en masse.

In June, the Washington Post published details of how the NSA can also collect domestic communications “about” its targets — for example, a domestic email from one U.S. citizen to another that contains the phone number of a foreign diplomat whom the NSA is targeting. The Post also published a FISC order authorizing the NSA to collect communications “concerning” almost every country, as well as several international bodies and foreign political parties. The only exceptions are the NSA’s four closest partners — Canada, the U.K., Australia and New Zealand.

“If it stumbles upon your entire inbox … because you've been communicating with someone outside the country or because your email was 'incidentally collected' through some other surveillance program … there are very few restrictions on the government's access and use of that information,” said Crockford.

In March, The New York Times revealed a classified 2002 FISC ruling that allows the NSA, the FBI and the CIA to freely share raw data. The NSA also shares specific intelligence much more broadly. One agency slide published in Glenn Greenwald’s book about the Snowden leaks, “No Place to Hide,” lists the departments of Agriculture, Justice, Treasury, Commerce, Energy, State and Homeland Security among the NSA’s “customers.”

The NSA and the Drug Enforcement Agency (DEA) have what one NSA memo called “a vibrant two-way information sharing relationship.” In May, The Intercept reported that the NSA used the DEA’s access to telecom facilities in the Bahamas to set up a system that monitors and stores every phone conversation in the country for 30 days.

“The rules governing the sharing of this sensitive information should be strict, especially when it comes to Americans' communications, but instead those privacy rules have been watered down in secret,” explained Patrick Toomey, staff attorney at the ACLU’s National Security Project. “Once our data is in the NSA's hands, it can end up in any number of government databases, and potentially even on the desk of an FBI agent conducting an ordinary criminal investigation."

Ahmed Ghappour, a professor of law at the University of California’s Hastings College of the Law who has represented clients in terrorism and hacking-related cases, sees that getting worse. “NSA surveillance is the bread and butter of national security investigations,” he said. “As our threat priorities shift from terrorism to cybersecurity, I have no doubt that warrantless surveillance will become more pervasive in cases related to information security.”

One of Ghappour’s former clients, Issa Doreh, was convicted last year of wiring money to the Somali armed group Al Shabab as part of an investigation based largely on information from the NSA’s phone records program.

Still, for many experts the most disturbing revelations of the past six months have involved specific NSA and GCHQ targets. In February, The Intercept revealed that the NSA works with the CIA and the military to target drone strikes based on telephone metadata rather than human intelligence. Former NSA Director Michael Hayden seemed to confirm that report during a debate with David Cole at Johns Hopkins University when he famously said, “We kill people based on metadata.” Critics argue that the practice is unreliable and puts innocent people at risk.

In July, The Intercept also found that the NSA has been monitoring the email accounts of five prominent Muslim American community leaders, lawyers and academics — despite the fact that authorities have not charged any of them. This came on the heels of revelations that the NSA had targeted WikiLeaks and its supporters, and that GCHQ had actively disrupted Internet Relay Chat (IRC) forums used by the hacktivist group Anonymous.

According to Gabriella Coleman, an anthropologist at McGill University whose research focuses on hacktivist communities, GCHQ’s attack on IRC forums crosses a line from violations of privacy to censorship.

“Internet Relay Chat servers are not primarily used for committing illegal activities, at all,” she said. “They're public, they're open, and shutting them down entirely is shutting down free speech.”

Indeed, several reports over the past few months have explored GCHQ’s attempts at disruption, disinformation and propaganda. They include tools that can alter the results of online polls, talk of “pushing stories” on social media and presentations about online psy-ops.

In his recent Guardian interview from Moscow, Snowden took on GCHQ, which has less legal oversight and collects data less discriminately than the NSA. “They enjoy authorities that they really shouldn’t be entitled to,” he said. “And the problem with that is, when you have an unrestrained intelligence agency that’s not being well overseen, that’s not accountable to the public, they’re going to go further than they need to.”

But after more than a year’s worth of bold headlines about mass surveillance, the U.S. Senate is still debating measures to control the NSA. It could be a long time before any concrete legal reforms emerge from Snowden’s leaks.