Edward Snowden's Permanent Record
You may listen to the podcast version of this essay here.
Dear privacy seekers,
This episode is a review and analysis of Edward Snowden’s book Permanent Record, which was published in September of 2019. I also extract some of the privacy lessons that it teaches us. Permanent Record is an autobiography primarily, but also inevitably a collection of his thoughts on politics, the intelligence community, and privacy. Suffice it to say that if you’re interested at all in privacy and surveillance, then this is an obvious essential read. While it’s not fantastic, and one wonders what is held back by legal concerns and by the fact that Snowden is dependent on his Russian asylum at present, it is a full first statement from one of the most important people so far this century: someone who has seen the belly of the beast and lived to tell the tale.
Let’s establish something before proceeding. In general conversation about Snowden’s revelations, the main topic is usually: is Snowden a hero or a villain? My answer is always this: who cares? We’re not talking about him, we’re talking about what he revealed. What we should be talking about is an American government and its allies who were and are performing illegal and, more importantly, evil acts. We should be talking about the fact that these government people are still not in jail or suffering the consequences for their deeply anti-American spying on their own people. Let’s talk about those things. Putting the focus on the whistleblower is what they want you to do: to change the conversation away from abuses of power. I refuse to do that, and so should you. And while this particular book is about Snowden the man, let’s not forget that the conversation is about what information he brought us.
Next, if you’re not familiar with the Snowden leaks, Permanent Record is not the best source. Snowden assumes you have picked up most of this information elsewhere. As a primer for the leaks I would recommend Glenn Greenwald’s book No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. You can also look up the original media pieces that were published in The Guardian and elsewhere beginning in June 2013. People forget that Snowden never actually released anything himself. He worked with journalists who themselves processed the documents and chose which ones to publish. For a decent summary of the Snowden leaks you can also give his Wikipedia a quick read, or check out the Wikipedia article titled “Global surveillance disclosures (2013–present)” and then click on the various additional links on the tab to the right. I will have another episode in the upcoming months explaining the details of the Snowden leaks. I think we are due for a reminder.
Permanent Record begins with a long story of Snowden’s childhood and personal development up to the point where he blew the whistle. Since he was only 29 when he did this, and since he lived a fairly normal life, the backstory is a bit dull and is certainly not why most people have picked up the book. What kept my interest going during these times are some good insights about Snowden’s view of the world. He talks in these early chapters about his time on early Internet forums where he received an excellent self-directed and bottom-up—in other words, non-coercive—education in addition to cultivating a strong sense of the importance of freedom, anonymity, and free speech. He notes that, “To this day, I consider the 1990s online to have been the most pleasant and successful anarchy I’ve ever experienced.” Those who lived through these times might find themselves reminiscing like Snowden about an Internet that was extraordinarily different, philosophically as well as practically, than the one we have today. Today we have to resort to tools like the Tor Browser and back alley forums with burner email log-ins to get something resembling this experience. Matrix and Telegram channels are also bringing a bit of this back. Still, it’s not quite the same.
Snowden also speaks of the hacker mindset he developed: not just with computers, but with life. He avoided formal schooling as much as he could and ultimately passed a GED as a replacement for missing a huge chunk of high school. He is quite proud of this fact, as he should be. Naturally, he skipped university as well. Such stories are a reminder that alternative paths exist and are crucial to recognise. Formal schooling—I don’t use the term “education”—is a highly overrated part of modern existence. It is here where conformity is most strongly beaten into you. School for most people is also one of the only times and places in life where people can experience violence firsthand—a sobering fact—where you will face surveillance with direct and immediate consequences, and where you will be put into an environment that was designed to simulate prison. By skipping most of these travesties Snowden became immunized to peer pressure and developed some thoughts for himself. Imagine that. This ability to think outside of the collective helped him to make the correct moral decision when no one else that he worked with seemed to care, and against the backdrop of enormous jail time and worse.
Still, Snowden is human. He became very patriotic following the September 11 attacks and joined the US army, but serious injuries during boot camp led him to receive a medical discharge. He instead decided to become part of the intelligence community, which was a natural fit given that he knew more about computers and the Internet than most humans at this point in time. He became involved with the CIA and then joined various private contractors which assist the CIA and the NSA. It was during this time that he started to learn about the mass surveillance that was going on and planned the final few years of his career to get into positions where he could confirm his suspicions and then gather the data to expose it authoritatively.
One of his insights during this time is that “the work of American Intelligence is done as frequently by private employees as it is by government servants.” There are a few things to draw from this fact. It means at a base level that huge sums of money are given to private corporations who have contracts with the government. Snowden discusses a job fair for one such position where they actually encouraged him to take a larger salary precisely because it meant a larger budget for this private company. This is what Dwight D. Eisenhower labeled the Military Industrial Complex in his farewell address. Though we should also note that Eisenhower did little to stem this complex, so he hardly deserves respect for perceived self-awareness. The Military Industrial Complex is a big reason why we have endless wars and why American citizens are increasingly seen as domestic enemies. The Military Industrial Complex needs enemies if it is to expand its influence and to profit. This is not a left-wing or a right-wing issue. It’s simply a recognition of the nature of power and inertia. Companies that have contracts with the military—in other words, from the largess of the taxpayer—want business to increase. Of course they do. In fact it is illegal for corporations to act against the interest of the company. When business outside the country dwindles, business inside the country seems a viable option. So when Snowden speaks in his book about companies such as Dell receiving massive contracts to provide the hardware or the software for the NSA and others, it’s pretty obvious that such companies are not going to be the ones to blow the whistle on mass surveillance. To the contrary, and as Glenn Greenwald emphasises in his book, Microsoft was happy to help the NSA set up back doors in its online services. It is also curious to note, especially as we talk about the danger of third parties in privacy, that so many contractors technically have all this information about people. Indeed, Snowden chose to work at the private company Booz Allen Hamilton because according to him it was the among the few places where he could get his final bits of top-level information.
Snowden is an observer, but also a commentator on the state of things. During the period where his conscience was pricked he begin to read the US Constitution and especially its most important section, the “Bill of Rights.” He says that “I was surprised to be reminded that fully 50 percent of the Bill of Rights were intended to make the job of law enforcement harder.” Suffice it to say this was not a popular sentiment within the self-anointed intelligence community. He notes that copies of the Constitution distributed by libertarian think tanks collected dust in piles. And of this phenomenon Snowden has some trenchant words:
This, to my thinking, actually represented the great nexus of the Intelligence Community and the tech industry: both are entrenched and unelected powers that pride themselves on maintaining absolute secrecy about their developments. Both believe that they have the solutions for everything, which they never hesitate to unilaterally impose. Above all, they both believe that these solutions are inherently apolitical, because they’re based on data, whose prerogatives are regarded as preferable to the chaotic whims of the common citizen.
These are important observations that intelligence community people above all should ruminate on. What is the goal of the spy agencies that we allow to exist? To answer that question we first need to cut through propagandistic Orwellian language: “intelligence community” is one of the biggest euphemisms of all. Call a spade a spade: these people perform spying. They direct it outside country borders and consider it acceptable. They perform mass surveillance on their own people and also call it acceptable. Indeed, if you have noticed anything about public figures from these agencies, such as Michael Hayden—former director of the CIA and the NSA—and Keith Alexander, is that they view themselves as savior figures, making the difficult decisions behind the scenes that are necessary for the nation to survive. They are never wrong, and are only constrained by the limiting middle class morality of those pesky voters, who certainly don’t know what’s in their own best interest. Never mind that these people hold unelected positions, that the founding documents and more important the originating principles of America are about freedom, anti-coercion, and privacy (remember the 4th of the Bill of Rights which guarantees a base level of privacy from government). Never mind that the things these agencies do are against the very laws that the government itself has created. Never mind that this paternalistic worldview is insulting and illogical—I’ll manage my own self-defense, thanks. But Snowden’s words are spot on: the spy authorities and the Big Tech juggernauts are animated by their own view of the world. Looking ever upward in the direction of some perverse guiding moonlight, they have little time for the peons in the shadows behind them. The moment that spying is turned back on its own citizens is a pivotal moment for a society, signally the beginning of the end of its freedom. Thomas Jefferson said it best: “When the government fears the people, there is liberty. When the people fear the government, there is tyranny.”
Speaking of American hegemony, Snowden explains why American spy agencies were in a prime position to be doing what they are doing. He writes:
The Internet is fundamentally American, but I had to leave America to fully understand what that meant. The World Wide Web might have been invented in Geneva, at the CERN research laboratory in 1989, but the ways by which the Web is accessed are as American as baseball, which gives the American Intelligence Community the home field advantage. The cables and satellites, the servers and towers—so much of the infrastructure of the Internet is under US control that over 90 percent of the world's Internet traffic passes through technologies developed, owned, and/or operated by the American government and American businesses, most of which are physically located on American territory.
Reread that last line. American companies, from Google and network juggernaut Cisco to myriad protocols and the sheer amount of cables stretching the Internet to the far reaches of the world, are American-led. Even if you’re an American, there are problems with this scenario. American companies are beholden to American laws. When Yahoo and Google and Microsoft were approached by the NSA to install back doors into their systems, they had the blessing of the dubious FISA court and ultimately the approval of the President and the expanding executive powers of the Bush and Obama eras that skipped Congress altogether. In other words, these companies had to comply with these demands. It is for this reason that in the post-Snowden era you have seen jurisdictional changes for online companies. A lot of privacy services tout the location of their headquarters and servers in privacy-respecting jurisdictions such as Iceland and Switzerland. Such measures are by no means a fail safe. We saw Protonmail in 2022 comply with a Swiss court order to track a user’s IP address when he logged in—but this order had to come from the Swiss government, at least. Presumably if someone asks Express VPN, which is based in the British Virgin Islands—though recently it was acquired by Kape Technologies based in London, which complicates things—to cough up some customer data from that particular jurisdiction, it wouldn’t have to comply. It’s still good practice to consider what country your service or server is based in. I have frequently recommended Orange Website for hosting—based in Iceland—for example. From a broader geopolitical lens other countries are trying to avoid this particularly American imprint on the Internet. China has its so-called PEACE cable, which connects Europe, the Middle East, and Africa with China through its own cabling. Of course if you think that the American government spies, wait until you get a taste of the Chinese government. But Snowden’s observations on American hegemony of the Internet are an important reminder that the ethereal-seeming world of the Internet resides on a physical device at some point, and passes through physical cables at some point. Encryption and jurisdictional caution—keeping in mind that some jurisdictions such as Australia want to outlaw encryption—are the best allies you have as a privacy seeker.
The latter half of Permanent Record gets more into the specifics of what Snowden observed and how he acted. We’ll talk about these programs more in-depth in a future episode. Snowden briefly covers FOXACID, an NSA program that sought to have familiar websites embedded with malware that would consequently track many of the user’s actions. He talks about PRISM and upstream data collection, which boldly wiretapped entire Internet service providers, big tech companies, and Internet infrastructure. He discusses XKEYSCORE, which is a search engine that allows an operative to hone in on a particular person and even supposedly watch them live. Here’s how he describes the power of XKEYSCORE:
It was, simply put, the closest thing to science fiction I’ve ever seen in science fact: an interface that allows you to type in pretty much anyone’s address, telephone number, or IP address, and then basically go through the recent history of their online activity. In some cases you could even play back recordings of their online sessions, so that the screen you’d be looking at was their screen, whatever was on their desktop. You could read their emails, their browser history, their search history, their social media postings, everything. You could set up notifications that would pop up when some person or some device you were interested in became active on the Internet for the day. And you could look through the packets of Internet data to see a person’s search queries appear letter by letter, since so many sites transmitted each character as it was typed. It was like watching an autocomplete, as letters and words flashed across the screen. But the intelligence behind that typing wasn’t artificial but human: this was a humancomplete.
That’s a bold statement and a complex program that requires some unpacking in a future episode. Still, the audacity of these spy agencies seems to know no bounds. Everything is fair in pursuit of their goal to collection everything.
Snowden talks about the agencies’ interest in metadata as being just as useful and in some cases more useful than the contents of the data. He argues that “it’s best to regard metadata not as some benign abstraction, but as the very essence of content.” In other words, the details about who you are calling, for how long, and a pattern of behavior over time is just as useful as what you are saying on that phone call. Metadata is much easier to collect and sift through. It is for this reason, for example, that I don’t consider WhatsApp to be a good option for private messaging since it collects and sends a lot of this metadata back to Facebook, even if the contents of the messages are protected by encryption. Here’s what WhatsApp’s own website says:
The information we share with the other Meta Companies includes your account registration information (such as your phone number), transaction data (for example, if you use Facebook Pay or Shops in WhatsApp), service-related information, information on how you interact with businesses when using our Services, mobile device information, your IP address, and ... other information identified in the Privacy Policy section entitled ‘Information We Collect’ or obtained upon notice to you or based on your consent.
The power of metadata such as this is not to be underestimated, as Snowden affirms, and we should be looking for services that do not log metadata.
So in conclusion, what other advice did I take away from Permanent Record. Snowden talks about his trust in Tor, despite his knowledge of the NSA trying to hack it, interestingly. Tor he says is “a creation of the state that ended up becoming one of the few effective shields against the state’s surveillance. Tor is free and open-source software that, if used carefully, allows its users to browse online with the closest thing to perfect anonymity that can be practically achieved at scale.” Snowden also speaks of using the amnesic operating system Tails, which funnels all of your computer’s Internet traffic through Tor—not just what is in your browser—and has the added benefit of hiding your device’s MAC address, which is an identifier that is exposed regularly and not widely appreciated as a privacy flaw in day-to-day computing. A lot of people in the privacy community trust Tor and Tails, and I tend to be one of them. Snowden also shares the value of simple strategies such as using MicroSD cards, which can store a lot of data and can be hidden anywhere. Michael Bazzell has long been an advocate of buying a hollowed-out coin such as an American nickel, and putting the MicroSD card in it. You can then do what you with with that coin. Snowden speaks cogently about the illusion of deletion: “deletion has never existed technologically in the way that we conceive of it. Deletion is just a ruse, a figment, a public fiction, a not-quite-noble lie that computing tells you to reassure you and give you comfort.” Far better, if one needs something scrubbed, to format that disk repeatedly and write something else over the top of it. Or destroy that disk entirely. Finally, Snowden speaks of minor things he does while living in Russia—and that he’s willing to admit—to hide his identity: he changes his appearance regularly, changes the way he walks to defy gait analysis, and never looks toward traffic for risk of being captured on dashboard cameras, which are apparently prevalent in Russia. I’m not recommending the latter option, by the way.
I found the most interesting exploration of Snowden’s thinking to occur as he contemplated his escape plan. In particular, his selection of a country that would not extradite him was intriguing. He met the journalists in Hong Kong, rightly thinking that the US would not dare to do anything brash in a city that was already claimed by the competing power of China. And yet it had a tradition of free press, etc., enough that he would not be seen as some kind of foreign agent. From Hong Kong he decided to go to Ecuador, which at the time had a tradition of harboring such people. So he even plotted his flight to go from Hong Kong to Moscow to Havana (Cuba) to Caracas (Venezuela) to Quito (Ecuador). All these places are unfriendly to the US government, and are not at risk of having aeroplanes grounded as the US government is wont to do. Regardless, as the story goes, Snowden had his passport canceled en route to Russia, and thus has been stuck in Russia ever since. I wonder if he ever considered getting a second passport? Perhaps that is not okay if you’re a government employee or contractor.
So those are a few notes on privacy extracted from Snowden’s Permanent Record. If you buy the book, by the way, the US government gets the profit. They won a lawsuit that allowed them to do so. I hope that next time Snowden writes a book it is about hardcore privacy strategies with some deeper insights from the belly of the beast. Alas, he has already risked so much and is in daily jeopardy of assassination, I would imagine. It would be unreasonable for me to ask him to do more.
Yours in peace and privacy,
Gabriel Custodiet