Permanent Record

by Edward Snowden

During that seven-year stint, however, I participated in the most significant change in the history of American espionage—the change from the targeted surveillance of individuals to the mass surveillance of entire populations. I helped make it technologically feasible for a single government to collect all the world’s digital communications, store them for ages, and search through them at will.

You will understand, then, when I say that the Internet of today is unrecognizable. It’s worth noting that this change has been a conscious choice, the result of a systematic effort on the part of a privileged few. The early rush to turn commerce into e-commerce quickly led to a bubble, and then, just after the turn of the millennium, to a collapse. After that, companies realized that people who went online were far less interested in spending than in sharing, and that the human connection the Internet made possible could be monetized. If most of what people wanted to do online was to be able to tell their family, friends, and strangers what they were up to, and to be told what their family, friends, and strangers were up to in return, then all companies had to do was figure out how to put themselves in the middle of those social exchanges and turn them into profit.

The freedom of a country can only be measured by its respect for the rights of its citizens, and it’s my conviction that these rights are in fact limitations of state power that define exactly where and when

a government may not infringe into that domain of personal or individual freedoms that during the American Revolution was called “liberty” and during the Internet Revolution is called “privacy.”

I know this process intimately enough, because the creation of irreality has always been the Intelligence Community’s darkest art. The same agencies that, over the span of my career alone, had manipulated intelligence to create a pretext for war—and used illegal policies and a shadow judiciary to permit kidnapping as “extraordinary rendition,” torture as “enhanced interrogation,” and mass surveillance as “bulk collection”—didn’t hesitate for a moment to call me a Chinese double agent, a Russian triple agent, and worse: “a millennial.”

Definitions of irreality. the state of being insubstantial or imaginary; not existing objectively or in fact.

That was the year that the US Department of Defense split its internal system of interconnected computers in half, creating one network for the use of the defense establishment, called MILNET, and another network for the public, called the Internet.

And, as we’ve all been reminded—every time our social media feeds alert us to a post that tags us in a compromising light—to digitize something is to record it, in a format that will last forever.

My generation was the last in America and perhaps even in world history for which this is true—the last undigitized generation, whose childhoods aren’t up on the cloud but are mostly trapped in analog formats like handwritten diaries and Polaroids and VHS cassettes, tangible and imperfect artifacts that degrade with age and can be lost irretrievably.

As the millennium approached, the online world would become increasingly centralized and consolidated, with both governments and businesses accelerating their attempts to intervene in what had always been a fundamentally peer-to-peer relationship. But for one brief and beautiful stretch of time—a stretch that, fortunately for me, coincided almost exactly with my adolescence—the Internet was mostly made of, by, and for the people.

In the 1990s, the Internet had yet to fall victim to the greatest iniquity in digital history: the move by both government and businesses to link, as intimately as possible, users’ online personas to their offline legal identity. Kids used to be able to go online and say the dumbest things one day without having to be held accountable for them the next. This might not strike you as the healthiest environment in which to grow up, and yet it is precisely the only environment in which you can grow up—by which I mean that the early Internet’s dissociative opportunities actually encouraged me and those of my generation to change our most deeply held opinions, instead of just digging in and defending them when challenged. This ability to reinvent ourselves meant that we never had to close our minds by picking sides, or close ranks out of fear of doing irreparable harm to our reputations. Mistakes that were swiftly punished but swiftly rectified allowed both the community and the “offender” to move on. To me, and to many, this felt like freedom.

Big facts!

That, ultimately, is the critical flaw or design defect intentionally integrated into every system, in both politics and computing: the people who create the rules have no incentive to act against themselves.

The two decades since 9/11 have been a litany of American destruction by way of American self-destruction, with the promulgation of secret policies, secret laws, secret courts, and secret wars, whose traumatizing impact—whose very existence—the US government has repeatedly classified, denied, disclaimed, and distorted.

John Perry Barlow’s “A Declaration of the Independence of Cyberspace,”

I was reminded of what is perhaps the fundamental rule of technological progress: if something can be done, it probably will be done, and possibly already has been.

Notably, the PSP allowed the NSA to do this without having to obtain a special warrant from a Foreign Intelligence Surveillance Court, a secret federal court established in 1978 to oversee IC requests for surveillance warrants after the agencies were caught domestically spying on the anti–Vietnam War and civil rights movements.

THE TERM “MASS surveillance” is more clear to me, and I think to most people, than the government’s preferred “bulk collection,” which to my mind threatens to give a falsely fuzzy impression of the agency’s work. “Bulk collection” makes it sound like a particularly busy post office or sanitation department, as opposed to a historic effort to achieve total access to—and clandestinely take possession of—the records of all digital communications in existence.

The NSA calls this “metadata.” The term’s prefix, “meta,” which traditionally is translated as “above” or “beyond,” is here used in the sense of “about”: metadata is data about data.

In an authoritarian state, rights derive from the state and are granted to the people. In a free state, rights derive from the people and are granted to the state. In the former, people are subjects, who are only allowed to own property, pursue an education, work, pray, and speak because their government permits them to. In the latter, people are citizens, who agree to be governed in a covenant of consent that must be periodically renewed and is constitutionally revocable. It’s this clash, between the authoritarian and the liberal democratic, that I believe to be the major ideological conflict of my time—not some concocted, prejudiced notion of an East-West divide, or of a resurrected crusade against Christendom or Islam.

Ultimately, saying that you don’t care about privacy because you have nothing to hide is no different from saying you don’t care about freedom of speech because you have nothing to say.

PRISM enabled the NSA to routinely collect data from Microsoft, Yahoo!, Google, Facebook, Paltalk, YouTube, Skype, AOL, and Apple, including email, photos, video and audio chats, Web-browsing content, search engine queries, and all other data stored on their clouds, transforming the companies into witting coconspirators.

The Foreign Intelligence Surveillance Court (FISC), which oversees intelligence surveillance within the United States, is a specialized body that meets in secret and hears only from the government. It was designed to grant individual warrants for foreign intelligence collection, and has always been especially accommodating to the NSA, approving well over 99 percent of the agency’s requests—a rate more suggestive of a ministerial rubber stamp than a deliberative judicial process. After 9/11, the court expanded its role from authorizing the surveillance of specific individuals to ruling on the legality and constitutionality of broad programmatic surveillance, without any adversarial scrutiny. A body that previously had been tasked with approving the surveillance of Foreign Terrorist #1 or Foreign Spy #2 was now being used to legitimize the whole combined infrastructure of PRISM and upstream collection. Judicial review of that infrastructure was reduced, in the words of the ACLU to a secret court upholding secret programs by secretly reinterpreting federal law.

I took along a cheap laptop running TAILS, which is a Linux-based “amnesiac” operating system—meaning it forgets everything when you turn it off, and starts fresh when you boot it up again, with no logs or memory traces of anything ever done on it. TAILS allowed me to easily “spoof,” or disguise, the laptop’s MAC: whenever it connected to a network it left behind the record of some other machine, in no way associable with mine. Usefully enough, TAILS also had built-in support for connecting to the anonymizing Tor network.

Deletion is a dream for the surveillant and a nightmare for the surveilled, but encryption is, or should be, a reality for all.

The best means we have for keeping our keys safe is called “zero knowledge,” a method that ensures that any data you try to store externally—say, for instance, on a company’s cloud platform—is encrypted by an algorithm running on your device before it is uploaded, and the key is never shared. In the zero knowledge scheme, the keys are in the users’ hands—and only in the users’ hands. No company, no agency, no enemy can touch them.

The program that enabled this access was called XKEYSCORE, which is perhaps best understood as a search engine that lets an analyst search through all the records of your life. Imagine a kind of Google that instead of showing pages from the public Internet returns results from your private email, your private chats, your private files, everything.

It’s easier for an institution to tarnish a reputation than to substantively engage with principled dissent—for the IC, it’s just a matter of consulting the files, amplifying the available evidence, and, where no evidence exists, simply fabricating it.

In theory, this means that government whistleblowers should be protected against extradition almost everywhere. In practice, of course, this is rarely the case, especially when the government that perceives itself wronged is America’s—which claims to foster democracy abroad yet secretly maintains fleets of privately contracted aircraft dedicated to that form of unlawful extradition known as rendition, or, as everyone else calls it, kidnapping.

This is the result of two decades of unchecked innovation—the final product of a political and professional class that dreams itself your master. No matter the place, no matter the time, and no matter what you do, your life has now become an open book.

Every nation has its own legal code but the same computer code.

Any elected government that relies on surveillance to maintain control of a citizenry that regards surveillance as anathema to democracy has effectively ceased to be a democracy.

The GDPR treats the citizens of the European Union, whom it calls “natural persons,” as also being “data subjects”—that is, people who generate personally identifiable data. In the US, data is usually regarded as the property of whoever collects it. But the EU posits data as the property of the person it represents, which allows it to treat our data subjecthood as deserving of civil liberties protections.

We can’t let the godlike surveillance we’re under be used to “calculate” our citizenship scores, or to “predict” our criminal activity; to tell us what kind of education we can have, or what kind of job we can have, or whether we can have an education or a job at all; to discriminate against us based on our financial, legal, and medical histories, not to mention our ethnicity or race, which are constructs that data often assumes or imposes.