Permanent Record

by Edward Snowden

When I say old here, I mean young by the standards of anyone who doesn’t live on a budget the size of the NSA’s. They were Dell PCs from as recently as 2009 or 2010, large gray rectangles of comforting weight, which could store and process data on their own without being connected to the cloud.

I was carrying one of the big old hulks back to my desk when I passed one of the IT directors, who stopped me and asked me what I needed it for—he’d been a major proponent of getting rid of them. “Stealing secrets,” I answered, and we laughed.

I will mention, however, what storage technology I used for the copied files. Forget thumbdrives; they’re too bulky for the relatively small amount they store. I went, instead, for SD cards—the acronym stands for Secure Digital. Actually, I went for the mini- and micro-SD cards.

I knew that the materials were just as secure now as they had ever been at the office. Actually, they were more secure, thanks to multiple levels and methods of encryption. That’s the incomparable beauty of the cryptological art. A little bit of math can accomplish what all the guns and barbed wire can’t: a little bit of math can keep a secret.

The governments of both Australia and the UK were proposing legislation for the mandatory recording of telephony and Internet metadata. This was the first time that notionally democratic governments publicly avowed the ambition to establish a sort of surveillance time machine, which would enable them to technologically rewind the events of any person’s life for a period going back months and even years. These attempts definitively marked, to my mind at least, the so-called Western world’s transformation from the creator and defender of the free Internet to its opponent and prospective destroyer.

For years, I was able to fool myself that we were all, ultimately, on the same side of history: we were all trying to protect the Internet, to keep it free for speech and free of fear. But my ability to sustain that delusion was gone. Now the government, my employer, was definitively the adversary.

began my presentation by discussing the illusory nature of deletion, whose objective of total erasure could never be accomplished. The crowd understood this instantly. I went on to explain that, at best, the data they wanted no one to see couldn’t be unwritten so much as overwritten: scribbled over, in a sense, with random or pseudo-random data until the original was rendered unreadable. But, I cautioned, even this approach had its drawbacks. There was always a chance that their operating system had silently hidden away a copy of the file they were hoping to delete in some temporary storage nook they weren’t privy to.

Breaking a 128-bit key would take 264 times longer than a day, or fifty million billion years. By that time, I might even be pardoned.

For this reason, encryption is the single best hope for fighting surveillance of any kind. If all of our data, including our communications, were enciphered in this fashion, from end to end (from the sender end to the recipient end), then no government—no entity conceivable under our current knowledge of physics, for that matter—would be able to understand them.

The best means we have for keeping our keys safe is called “zero knowledge,” a method that ensures that any data you try to store externally—say, for instance, on a company’s cloud platform—is encrypted by an algorithm running on your device before it is uploaded, and the key is never shared. In the zero knowledge scheme, the keys are in the users’ hands—and only in the users’ hands. No company, no agency, no enemy can touch them.

But there’s always a danger in letting even the most qualified person rise too far, too fast, before they’ve had enough time to get cynical and abandon their idealism.

It was, simply put, the closest thing to science fiction I’ve ever seen in science fact: an interface that allows you to type in pretty much anyone’s address, telephone number, or IP address, and then basically go through the recent history of their online activity. In some cases you could even play back recordings of their online sessions, so that the screen you’d be looking at was their screen, whatever was on their desktop.

One thing you come to understand very quickly while using XKEYSCORE is that nearly everyone in the world who’s online has at least two things in common: they have all watched porn at one time or another, and they all store photos and videos of their family. This was true for virtually everyone of every gender, ethnicity, race, and age—from the meanest terrorist to the nicest senior citizen, who might be the meanest terrorist’s grandparent, or parent, or cousin.

The grounds for suspicion were often poorly documented, if they were documented at all, and the connections could be incredibly tenuous—“believed to be potentially associated with” and then the name of some international organization that could be anything from a telecommunications standards body to UNICEF to something you might actually agree is menacing.

In my wardrives back and forth from Kunia—a twenty-minute ride that could become a two-hour Wi-Fi scavenger hunt—I’d been researching various countries, trying to find a location for my meeting with the journalists. It felt like I was picking out my prison, or rather my grave. All of the Five Eyes countries were obviously off-limits. In fact, all of Europe was out, because its countries couldn’t be counted upon to uphold international law against the extradition of those charged with political crimes in the face of what was sure to be significant American pressure.

The moment she was out the door, I started crying, for the first time in years. I felt guilty about everything except what my government would accuse me of, and especially guilty about my tears, because I knew that my pain would be nothing compared to the pain I’d cause to the woman I loved, or to the hurt and confusion I’d cause my family.

In theory, this means that government whistleblowers should be protected against extradition almost everywhere. In practice, of course, this is rarely the case, especially when the government that perceives itself wronged is America’s—which claims to foster democracy abroad yet secretly maintains fleets of privately contracted aircraft dedicated to that form of unlawful extradition known as rendition, or, as everyone else calls it, kidnapping.

It’s true that Assange can be self-interested and vain, moody, and even bullying—after a sharp disagreement just a month after our first, text-based conversation, I never communicated with him again—but he also sincerely conceives of himself as a fighter in a historic battle for the public’s right to know, a battle he will do anything to

I knew I had to cut him off. If you don’t cut off a foreign intelligence officer right away, it might not matter whether you ultimately reject their offer, because they can destroy your reputation simply by leaking a recording of you considering

How could we have known that our own lives were about to erupt? That Volcano Ed was going to destroy everything? But I remember the guide at Kilauea saying that volcanoes are only destructive in the short term. In the long term, they move the world. They create islands, cool the planet, and enrich the soil. Their lava flows uncontrolled and then cools and hardens. The ash they shoot into the air sprinkles down as minerals, which fertilize the earth and make new life grow.

All you wanted to do was to read—to take part in that most intensely intimate human act, the joining of minds through language. But that was more than enough. Your natural

This is the result of two decades of unchecked innovation—the final product of a political and professional class that dreams itself your master. No matter the place, no matter the time, and no matter what you do, your life has now become an open book.

A change in the law is infinitely more difficult to achieve than a change in a technological standard, and as long as legal innovation lags behind technological innovation institutions will seek to abuse that disparity in the furtherance of their interests. It falls to independent, open-source hardware and software developers to close that gap by providing the vital civil liberties protections that the law may be unable, or unwilling, to guarantee.

Like all UN declarations, this aspirational document was never enforceable, but it had been intended to inculcate a new basis for transnational civil liberties in a world that had just survived nuclear atrocities and attempted genocides and was facing an unprecedented surfeit of refugees and the stateless.

Today, no matter who you are, or where you are, bodily, physically, you are also elsewhere, abroad—multiple selves wandering along the signal paths, with no country to call your own, and yet beholden to the laws of every country through which you pass.

We can’t let the godlike surveillance we’re under be used to “calculate” our citizenship scores, or to “predict” our criminal activity; to tell us what kind of education we can have, or what kind of job we can have, or whether we can have an education or a job at all; to discriminate against us based on our financial, legal, and medical histories, not to mention our ethnicity or race, which are constructs that data often assumes or imposes. And as for our most intimate data, our genetic information: if we allow it to be used to identify us, then it will be used to victimize us, even to modify us—to remake the very essence of our humanity in the image of the technology that seeks its control.