Being arguably the most prolific whistleblower in the history of the US intelligence community, Edward Snowden is obviously not a happy-go-lucky chipper person. But I did not expect him to be quite as jaded as he appeared in his recently published memoir, Permanent Record. And although his pessimism undermined the strength of some his narratives in my eyes, it did not stand in the way of making some critical and powerful observations about our world today.

Born in a family of federal servants, Snowden grew up expecting to serve the government. His grandfather served as a rear admiral in the US Coast Guard, his father worked for the NSA, and his mother worked for a federal district court. Due to the sensitive nature of their jobs, his parents never talked about what they did at work in the family. While this may be unusual for the average person, it did not appear strange for Snowden, because almost every family was like this where he lived. This was Fort Meade, the small town around the NSA headquarters where all their workers and their families lived, where Snowden spent his childhood.

As a child, Snowden fully basked in the unique benefits of being in such a family. It was the early days of the Internet, and due to his father’s job at the NSA, he was able to get his hands on the cutting edge personal computers at the time. He immediately became addicted, and the now-adult Snowden reminisces at length about the “good old days” of the early Internet. The small, like-minded communities of the early web was definitely very different from the massive beast that it has become today. As a mere kid, he was able to have deep technical conversations with experts of the field, as equals, because age did not matter, only passion for the topic did. He was spending so much time on the Internet that his school work suffered. Coupled with some health issues, it resulted in his lackluster academic performance, and deviation from the standard track of college after high school. This period was nonetheless formative for Snowden, as it instilled in him the idealistic notion of what technology should be, and laid the foundations for him to become a technical, self-taught hacker.

Like many Americans, his life was drastically changed after 9/11. Driven by the nationalistic feelings to serve and defend his country, he enlisted in the army at the age of 20, defying objections from his family. This plan was quickly derailed however, when he was seriously injured during a training exercise, and had to drop out of the military. Still filled with patriotic fervor, he sought other ways to serve the country, and realized that perhaps contributing with his brains was a better route for him. Thus he began the process of getting his Top Secret¹ clearance, and eventually started his work in the intelligence community (referred to as the IC).

Snowden’s career in the IC spanned across both the CIA and the NSA, as an official government employee and later as an external contractor. As someone without a proper university education, Snowden admitted that normally he would not have been able to work at these organizations. However, the post-9/11 world was no stranger to rule-breaking, and the CIA at the time was desperate for any young, effective hacker to join them and help modernize the organization’s digital surveillance capabilities.

He spent a total of 7 years in the IC, from his initial employment at the CIA, to the time of his whistleblower disclosure to journalists as an NSA contractor. He traveled the world during this time, having been stationed in Geneva with the CIA, then Japan as an NSA contractor, and eventually on a secret military base in Hawaii. He covers many interesting details about his experience in the IC in these years, including how the CIA and NSA do employee training (called “indoc”, for literally, indoctrination). But more important than these tidbits of his work, in this section of the book, he answered a key question that I’ve always had on my mind: how did a low level contractor have access to so much sensitive data, and was able to download it all without raising any flags?

First, the contractor part. This is apparently the norm in the IC, more than half of all NSA workers are contractors. In fact, the desired track for people in this space was to start as government employees, then switch to private contracting when the necessary clearance and experience have been acquired. It was good for everyone: the people would essentially do the same job, but for higher pay, and the organization (be it NSA or CIA) could get around congressional hiring limits, since contractors do not count as official employees.

Then there is the level of position question. Yes, he did not hold any important positions in any IC organization, not director of this, head of that, or anything close. However, he did have nearly unlimited access as IT, “the computer guy sees everything”, as he wrote. But even normal IT administrators wouldn’t have quite the same access as he did. He was special, in a sense, because through his work, he had become a data systems specialist of sorts. He built a widely implemented backup system for the NSA in the early years, which led him to be consulted and relied on for many subsequent projects around the flow and handling of data. He was later tasked with integrating the foundational data pipelines between several organizations within the IC (e.g. NSA and CIA), which controlled the flow of all data across systems, and handled file de-duplication to conserve bandwidth/storage. This was what gave him his unlimited access to unencrypted, ultra-sensitive files.

But having access is one thing, how did he managed to download millions of documents without anyone else noticing? The answer is that he didn’t, some people did notice, but he had built a very good cover. He started an internal news aggregator service at the NSA, called Heartbeat, as a way for NSA employees to quickly get “the pulse” of what’s happening at the agency. As part of this service, he had to download and process all the data across the IC, exactly like how a normal news aggregator has to crawl all the news websites. When a few people noticed the abnormal amount of traffic flowing to Snowden’s systems, he pointed to Heartbeat as the reason, and nobody questioned further.

The period Snowden spent working in the IC saw the gradual disillusioning of the once patriotic young man. After he caught the initial scent that the IC may be engaged in illegal domestic mass surveillance, he set out to learn more about them, and started to collect any information he could get his hands on about these programs. As he uncovered more and more about the nature and extent of these systems, he became increasingly jaded towards the government, and even towards technology in general to some extent. At one point, on a tangent, he described his first sighting of a smart fridge, where his first and only reaction was that its purpose was to mine our data, with no consideration to the possible real utility to the end user. This type of one-sided thinking covers pretty much the entire book, and it is my primary criticism of Snowden. The overly pessimistic view of Snowden created a glaring hole in the narrative: where is the other side of the story?

Partly I think this is due to his position within the IC. Despite his limitless level of access, he was still only able to access the data. The context around the data, along with the higher level executive and administrative decisions, were not exposed to him at all. How many attacks were stopped because of PRISM²? How many lives were saved by XKeyscore³? The answers may not change the ultimate conclusion on whether these mass surveillance programs should exist or not, but at least the questions should be asked and considered. Yet in his memoir, there is nearly no mention of the real or potential benefits of surveillance.

In any society, security and freedom are always at odds with each other, and the tradeoffs between them need to be considered on a continuous basis. It is a disservice, in my opinion, to present such a biased argument, as it can further alienate the people on the other side. Let’s face it, those who are already against mass surveillance programs and stand to defend privacy (myself included) are not the ones who benefit the most from a book like this. Rather it’s the people who disagree with these ideas that need to read about the details of these secret government programs the most. And the framing of the issues in this memoir is not nearly as conducive for convincing the other side as I had hoped to see.

In a way I suppose that it was inevitable for Snowden to hold such biased opinions: someone who can see a more balanced viewpoint may not have chosen to become a whistleblower. But still, I think that the book could’ve been more effective at helping his cause (which I share) if it was presented in a more balanced manner, with some credence given to the pro-IC camp.

Apparently Snowden had thought about going public with some of the mass surveillance information he uncovered around 2008, but decided against it at the time because he was hopeful that Obama would’ve helped improve the situation. This dream was shattered after the 2008 election, when he realized that not only did Obama not put an end to the mass surveillance programs, they got progressively worse under his presidency. And so, around 2012, he finally decided once and for all to commit to become a whistleblower, and began the work required to do so successfully.

He attributed his decision to go with the whistleblowing route on roughly three things. One, recognizing that these bulk collection surveillance programs at the NSA are clearly illegal, unconstitutional even. Two, coming to the conclusion that raising these issues up the proper chain-of-command was not going to be effective. He observed that most of the people around him, including many of his superiors, were either complacent (some were even abusing the surveillance data for personal gain), or clueless about what was happening (after all, not everyone knew what he knew). Three, realizing that the built-in checks and balances of the system (i.e. the three branches of government supervising each other) have failed. A critical moment, he recalled, was seeing James Clapper, the Director of National Intelligence, lie outright to Congress under oath, about how the NSA does not collect information on millions of Americans.

It was undoubtedly a difficult decision to make, but an even more difficult one to carry out. From what I can see based on his account in the book (which I know is not exactly objective), he planned everything meticulously and managed the disclosure as well as anyone could’ve done, given the circumstances⁴. He researched extensively how past whistleblowers and spies were caught by the FBI, to avoid their mistakes. The massive amounts of document data were smuggled out of the NSA base in Hawaii over many days, on multiple SD cards hidden inside the blocks of his Rubik’s Cube. No one was suspicious because he was already known as the “Rubik’s Cube guy” around the facility, including by the security guards. He used multiple layers of encryption, with multiple different encryption algorithms, to minimize the chance that anyone can decrypt his files should he be discovered. He told nobody about his plans, including his family and his girlfriend at the time (now his wife), Lindsay, because if they knew and did not report him, they’d be considered as accomplices.

When it came to the actual disclosure, he chose the method carefully. Since he had too much information to simply release indiscriminately, Snowden had a few rules for choosing what to disclose. First, he wanted to reveal only the information that the public should know, that would benefit the public. Second, he did not want to do it himself, because he had no journalistic experience, and was himself biased in what he should or should not release. Third, he wanted to do it in a way that is the most impactful, after all, it will be pointless if the story gets no traction and is lost. And lastly, he wanted to avoid any unnecessary negative consequences to any legal intelligence work, such as releasing information that would expose undercover agents in enemy territories.

WikiLeaks was considered and ruled out, because of philosophical differences in modus operandi. WikiLeaks is very much in the “release everything we have because we can” camp, which Snowden did not want (WikiLeaks did assist him later in finding asylum, but they were not involved in the actual disclosure). In the end, several respected journalists (the trio of Glenn Greenwald, Laura Poitras, and Ewen MacAskill) who had covered similar government surveillance related stories before were chosen. The meeting place of Hong Kong was also selected based on his research. It was far enough outside of US’ direct influence (due to the closeness to China), and not an enemy state (e.g. Russia) that could allow the government to smear his intentions.

Shortly after meeting with the chosen journalists in person at the Hong Kong Mira Hotel, the disclosures in the media began. I remember, like many others, watching things unfold back in 2013, shocked at the revelations, and not knowing what new information the following weeks would bring. He actually came out to the public voluntarily, before his identity as the source of the disclosures was known, which was quite a brave thing to do. The documentary Citizenfour chronicles this period from Snowden’s perspective, which paints a very vivid picture, and I would recommend watching as a supplement to this memoir. What was not covered in that documentary though, was how he ended up in Russia, which he explained in detail in the book.

Snowden had specifically tried to stay away from Russia, for fear that the US government would use that to demonize him as a spy. In a sense, he was forced there. His first choices for asylum were many of the western developed nations, such as Germany and France, along with some South American countries, like Ecuador. But pressure from the US government caused most of these countries to reject his asylum request. Even Hong Kong was feeling the heat, and essentially gave him an ultimatum to leave. This was when WikiLeaks reached out, specifically Sarah Harrison, and helped arrange his departure from Hong Kong. The final destination was intended to be Ecuador, through Russia and Cuba.

Having to even pass through Russia was a concern for Snowden. To ensure that no information can fall into the hands of the Russians (so as to remove all leverage that the Russians could gain from him), prior to leaving Hong Kong, he had transferred all the data he had to the journalists, and erased his own decryption keys to the data. He essentially landed in Moscow with nothing but a few empty laptops.

In the end his journey in Russia would be more than just passing through. The US State Department had canceled his passport while he was in the air, which resulted in him being trapped at Moscow’s Sheremetyevo Airport as soon as he landed. Over the next few weeks, Snowden and his helpers gradually came to to the realization that there was simply no safe passage for him to any asylum-granting country. The US went as far as forcefully grounding the Bolivian president’s private plane after suspecting that Snowden may be onboard. And so, fully out of options, Snowden had to accept his fate and applied for asylum in Russia. The Russians found out very quickly that he had brought nothing of value with him, but granted him temporary asylum anyway. Snowden remained in Russia ever since.

The book ends with a section of his then-girlfriend Lindsay’s writing, describing her experience from the other side. Since Snowden did not tell her anything, she found out along with everybody else, on the news. She was absolutely shocked, and went through quite a dark period of her life, as anyone in her position would. She was extensively interviewed by the FBI, and after they realized that she really did not know anything, they stopped pestering her. This was a very interesting perspective, and I’m glad that he had included it. I was a bit disappointed however that he did not spend more time on his thoughts and reflections over the entire multi-year experience. There was a bit of it in the end, but overall the book is mostly a detailed account of the events in his life, with his thought process at each point in time.

The discoveries and observations that Snowden had made over his life are spread out across his memoir, some of which were mentioned above. I did not talk much about the actual content of his disclosures here, because they were already covered at length by the mainstream media back in 2013. Instead, I want to discuss some of the important points from the book that have not been mentioned as much, including some that come from my own reflections after reading the book.

The government should be kept relatively inefficient. This is a high level observation that Snowden makes from his experience. He realized while working at the NSA that the entire first half of the Bill of Rights is dedicated to creating obstacles for the government in the performance of its duties. Mass surveillance programs are fundamentally designed to achieve the opposite of that. They exist to massively simplify the government’s job, which is a key part of what that makes them unconstitutional. For the public good, governments, because of the immense power they hold, should be kept at operating at “just barely efficiently enough” levels.

Metadata’s ambiguous protection status under the Fourth Amendment. Metadata is data about data. Take a phone call for example, the content of the call itself is the data, which is clearly protected under the Fourth Amendment of the Constitution. But everything else about the call - the phone numbers involved, the time and duration of the call, the mobile network that the call took place on, the location of the callers - is considered metadata, and does not fall under the same level of protection. Unfortunately, it is precisely metadata that the IC is most interested in, because with enough of it, important intelligence (e.g. who you are meeting, how frequently, in what context) can be inferred from it, including information that cannot even come from having the data itself. That the most dangerous information, the metadata, is the least protected under the law, is a massive gap in our legal system, and without addressing it properly, mass surveillance programs cannot be effective kept in check.

The insanely anti-whistleblower Espionage Act of 1917. Snowden did so much research into past whistleblowers as part of his journey to become one, that I’d reckon he could pass as a historian specializing in it. Even though his opinion on this matter is obviously biased, the point that he brings up about the unfairness of the Espionage Act of 1917 is worth considering. When he set out to become a whistleblower, he was prepared to suffer the consequences. He still believes this, and claims that he is happy to come back to the US and stand for trial over what he did. The problem is that he would not get a fair trial. The Espionage Act of 1917 makes almost all contextual information inadmissible in court for cases related to revealing classified secrets. Information such as whether the disclosure showed illegal activity on the part of the government, or whether the disclosure brought about great public benefit, all must be ignored. The trial in these cases shall only be decided on the simple question of: did any government classified information get released without permission. All whistleblowers would obviously lose under such a law, almost by definition.

Time flies, and I had forgotten what the world was like before 2013. Almost without a question, the impact of Snowden’s actions had been considerable. In 2013, less than 30% of the Internet’s traffic was encrypted with HTTPS. Today that number is over 80%. In 2013, almost no messaging platform employed end-to-end encryption to protect their users’ privacy (except Apple’s iMessage). Since then, WhatsApp and many others had added end-to-end as the default configuration. In 2013, there was no easy way for whistleblowers to securely contact journalists (Snowden had to send detailed guides on how to do this, and the steps were so convoluted that Glenn Greenwald initially did not even bother to respond). Now we have SecureDrop, where anyone can easily communicate with more than a dozen news organizations securely. Not all of these changes are directly attributable to Snowden of course, but without a doubt, seeing what he disclosed in 2013 helped accelerate many of these initiatives.

Privacy in the connected digital world of today is a rather special issue in my opinion, because it isn’t something that you can simply kick down the road, so to speak. Just like how from a data collector’s perspective, you cannot retroactively get data that you haven’t been collecting, from an individual’s perspective, once your data is out there, there is no taking it back. If we do not pay attention to our data and privacy today, we cannot easily decide to care about it in the future, as the collectors already have all of our past data. What Snowden did is certainly controversial, but the one undeniably good thing that came out of it was raising government mass surveillance and privacy as a key issue in the mainstream media. Despite my criticisms around some of his biased framing, Permanent Record serves as a great document on how a young, 29 year old man decided to take on a grave personal risk for the greater good of the public.