Yesterday, it was revealed that Ed Snowden was the whistleblower, who exposed some details of NSA surveillance capabilities, often going far beyond what people expected. If you haven't yet, you should watch his video interview with Glenn Greenwald where he goes into more detail: Here's a bit that caught my attention:

"I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email.

The wording here is a little unclear, since "wiretap" generally means capturing voice conversations, but saying that he would need a personal email address from the President to wiretap him suggests he's talking specifically about access their emails. Either way, given that we keep being told that the NSA is only supposed to cover non-US persons, the fact that a 29-year-old computer guy working for the NSA claims he could get access to anyone's email just by having their email address suggests, certainly, that there isn't much (if any) oversight, and the NSA is clearly not careful about the data it's scooping up.

Later in the interview, he explains why the people who say "I don't care, because I've got nothing to hide" are complete and total idiots:

"Because even if you're not doing anything wrong, you're being watched and recorded. And the storage capability of these systems increases every year consistently by orders of magnitude to where it's getting to the point where you don't have to have done anything wrong, you simply have to eventually fall under suspicion from somebody, even by a wrong call. And then they can use the system to go back in time and scrutinize every decision you've ever made. Every friend you've ever discussed something with. And attack you on that basis, to derive suspicion from an innocent life, and paint anyone in the context of a wrongdoer."

There's a lot more in the interview, which is absolutely worth watching. No one ever got to hear Bradley Manning speak before he got whisked away. Ed Snowden appears to have put a lot more thought and planning into what he was doing than Manning, and here we actually get to hear his thoughts.

Well, here's a bit of surprise. Rather than waiting for the massive manhunt that was surely underway to track him down to find him, the guy behind last week's incredible whistleblowing concerning the NSA's massive surveillance capabilities has outed himself as Edward Snowden, a 29-year-old who used to work for the CIA, and has been working as a contractor for the NSA for a while:

The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell.

The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. "I have no intention of hiding who I am because I know I have done nothing wrong," he said.

The Guardian piece explains what he did and why ("My sole motive is to inform the public as to that which is done in their name and that which is done against them"). It also notes that he feels that his case is one of pure whistleblowing, distinguished from, say, Bradley Manning, in that he carefully chose which documents to reveal for the sole purpose of exposing a surveillance system that he (correctly) blew the whistle on a surveillance infrastructure that appears to go well beyond what the public believed was appropriate or within the bounds of the 4th Amendment.

The companion interview is probably even more interesting than the initial Guardian article.

Q: Why did you decide to become a whistleblower?

A: "The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards.

"I don't want to live in a society that does these sort of things … I do not want to live in a world where everything I do and say is recorded. That is not something I am willing to support or live under."

Snowden left Hawaii, recently, where he lived to travel to Hong Kong, where he's been hiding out in a hotel. He appears to be fully aware that a lot of people are going to find him and that "nothing good" is about to happen to him, but he felt that he couldn't stay silent.

Q: What do the leaked documents reveal?

A: "That the NSA routinely lies in response to congressional inquiries about the scope of surveillance in America. I believe that when [senator Ron] Wyden and [senator Mark] Udall asked about the scale of this, they [the NSA] said it did not have the tools to provide an answer. We do have the tools and I have maps showing where people have been scrutinised most. We collect more digital communications from America than we do from the Russians."

There is some additional scary stuff about the culture within the intelligence community concerning how they feel about due process and the Constitution. It's been widely reported that a foreign affairs analyst overheard some intelligence officials in an airport lounge discussing how the leaker and the reporters involved in these leaks should be "disappeared" -- and Snowden responded to that by nothing that he's not surprised, because this is how things work:

"Someone responding to the story said 'real spies do not speak like that'. Well, I am a spy and that is how they talk. Whenever we had a debate in the office on how to handle crimes, they do not defend due process – they defend decisive action. They say it is better to kick someone out of a plane than let these people have a day in court. It is an authoritarian mindset in general."

And, like Bradley Manning -- who Snowden calls "a classic whistleblower... inspired by the public good," -- Snowden appears to believe strongly that his actions are not to hurt the US, but to help it.

"I think the sense of outrage that has been expressed is justified. It has given me hope that, no matter what happens to me, the outcome will be positive for America. I do not expect to see home again, though that is what I want."

There's plenty more in both the article and the interview that's worth reading. I'm sure there will be much more on this, but this truly does seem like a classic whistleblower case, though I doubt that's how Snowden will be portrayed by many in power.

A key part of the legal fight concerning Bradley Manning over the past few weeks was whether or not he'd be able to present his own motives as part of his defense -- showing that he believed that he was engaged in act of whistleblowing that would be good for the US. His legal team argued that this intent would push back on the Espionage Act claims, since the intent was never to help Al Qaeda or any other enemy, but rather to help the US. However, the court has mostly -- but not entirely -- barred Manning from using this defense, meaning that he will have a much more difficult time arguing that his acts were a form of whistleblowing.

Basically, Manning's legal team won't be able to raise his motives for most of the charges, though they will be able to raise motives during any sentencing. They will be able to raise motives, narrowly focused, on the question of whether or not he was "aiding the enemy" and to show that he was not "dealing with the enemy." That's at least a small step in the right direction. However, there are multiple other charges where he cannot raise his motive -- including charges around whether or not he had "good faith" in releasing the documents and that he "wrongfully and wantonly caused to be published on the internet intelligence belonging to the United States government." Basically, the judge is saying that those charges require an objective standard, rather than Manning's specific viewpoint.

The other issue that Manning's team appears to have lost on was their desire to show the lack of harm from all of the leaks. The court ruled that this really doesn't matter in the trial, because it's all after the fact, and Manning did not know beforehand the results and whether or not it resulted in harm. Of course, part of Manning's defense is that he chose documents that would not cause harm on purpose -- but the judge apparently disagreed.

All in all, this definitely increases the likelihood that Manning will lose in court.

You may remember the ridiculous Thomas Drake case, in which the US government went after a former NSA employee under the Espionage Act, threatening him with decades in jail. However, as the details showed, Drake was really being targeted not for leaking information, but as a vindictive response for talking to Congressional staffers about what he saw as abuse and waste by the NSA. Jane Meyer, in the New Yorker, wrote a wonderfully detailed account of the case last year. It highlighted how the charges seemed pretty trumped up, claiming that having a certain document on his home computer was illegal, even though the clear target of the investigation was whether he had leaked info to the press.

Drake's story intertwines with that of a Congressional staffer named Diane Roark, who plays a role in his story. A snippet from that New Yorker piece:

Not long after Binney quit the N.S.A., he says, he confided his concerns about the secret surveillance program to Diane Roark, a staff member on the House Permanent Select Committee on Intelligence, which oversees the agency. Roark, who has flowing gray hair and large, wide-set eyes, looks like a waifish poet. But in her intelligence-committee job, which she held for seventeen years, she modeled herself on Machiavelli’s maxim that it is better to be feared than loved. Within the N.S.A.’s upper ranks she was widely resented. A former top N.S.A. official says of her, “In meetings, she would just say, ‘You’re lying.’ ”

Roark agrees that she distrusted the N.S.A.’s managers. “I asked very tough questions, because they were trying to hide stuff,” she says. “For instance, I wasn’t supposed to know about the warrantless surveillance. They were all determined that no one else was going to tell them what to do.”

While Roark was not charged in the same process that resulted in charges against Drake, there was a search conducted, and computers taken. She's now sued the US government, seeking the return (many years later) of the computers seized, as well as findings that the feds actions were unconstitutional.

Plaintiff asks that the Court find unconstitutional the following Government actions and claims:

the Government's activities and assertions... that infringe on citizen speech and communications under the First Amendment to the Constitution and on property rights under the Fourth, Fifth and Sixth Amendments.

the manner in which the Government investigated, managed and prolonged her case. Plaintiff contends that the actions taken against her constitute retaliation for her whistleblower activities and execution of her Congressional oversight responsibilities that revealed inefficenicy, contract fraud, the persistent waste of billions of dollars on a single ill-conceived program that was never built, plus illegal and unconstitutional operations.

To be honest, these kinds of lawsuits rarely get very far, but it should be interesting to watch either way...

We've discussed how the government often seems much more focused on silencing leaks of information, rather than recognizing that those leaks are often highlighting serious misconduct. The latest example involves the Food and Drug Administration (FDA), who apparently started trying to find the source of a leak, but in the end started collecting thousands of emails to try to stifle all sorts of criticism of the FDA, as revealed by the NY Times over the weekend.

What began as a narrow investigation into the possible leaking of confidential agency information by five scientists quickly grew in mid-2010 into a much broader campaign to counter outside critics of the agency’s medical review process, according to the cache of more than 80,000 pages of computer documents generated by the surveillance effort.

Moving to quell what one memorandum called the “collaboration” of the F.D.A.’s opponents, the surveillance operation identified 21 agency employees, Congressional officials, outside medical researchers and journalists thought to be working together to put out negative and “defamatory” information about the agency.

The details show that the FDA installed key logger software on the computers of their own scientists, tracked the personal emails they wrote to others, and tracked documents they copied to key drives. Now, you can make a reasonable argument that since these were work laptops, the FDA has every right to track the usage, but it seems pretty clear that the FDA went really far here, and it wasn't just about stopping leaks, but about trying to stifle criticism and whistleblowing.

In fact, much of the evidence suggests that this absolutely was an attempt to blow the whistle on faulty review procedures by the FDA, that resulted in the approval of medical imaging devices that weren't actually safe. And, apparently, the complaints by the whistleblowers were convincing enough that there's now a Congressional investigation into "a substantial and specific danger to public safety" from this activity.

If the FDA were functioning as it was supposed to, it would have seen these complaints as a reason to investigate its own activities. Instead, in the supposed attempt to "stop leaks," the FDA used this info to try to squelch the attempt to have its own practices investigated.

The American Enterprise Institute (AEI) recently held an event about cybersecurity and cybersecurity legislation. The keynote speech was from NSA boss General Keith Alexander. He of course talked about why he supports cybersecurity legislation, such as CISPA and other proposals that will make it easier for the NSA access private content from service providers -- much of which, reports claim, they're already capturing and storing. Alexander has claimed that the NSA doesn't have "the ability" to spy on American emails and such, and reiterates that claim during the Q&A in this session, insisting that the Utah data center doesn't hold data on Americans' emails (and makes a joke about just how many emails that would be to read). That's nice for him to say, but so many people with knowledge of the situation claim the opposite.

In fact, in a story that has received almost no attention, the EFF was able to get three whistleblowers to speak out on the NSA's massive spying infrastructure:

In a motion filed today, the three former intelligence analysts confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the "secret room" at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.

So it's interesting to pay attention to what Alexander has to say in pushing for cybersecurity legislation. You can watch the full video below, if you'd like: Much of what he talks about online involves basic malware and hack attacks. These are definitely issues -- but are they issues that we need the military (which the NSA is a part of) to step in on? His "quote" line is that these attacks represent the "greatest transfer of wealth in history." That is a pretty broad statement, and there's almost no evidence to support it. He points to studies from Symantec and McAfee on the "costs" of dealing with security issues -- but remember, those are two of the biggest sellers of security software, and have every incentive in the world to inflate the so-called "costs." Also, seriously? The "greatest transfer of wealth in history"? Has he paid absolutely no attention to what's happened on Wall Street and the financial world over the past decade? Does anyone honestly believe that the amount of money "transferred" due to hack attacks is greater than the amount of money transferred due to dodgy financial deals and the mortgage/CDO mess? That doesn't pass the laugh test.

He does insist that worse attacks are coming, but provides no basis for that (or, again, why the NSA needs your info). In fact, according to a much more believable study, the real risks are not outside threats and hackers, but internal security screwups and disgruntled inside employees. None of that requires NSA help. At all.

But it sure makes for a convenient bogeyman to get new laws that take away privacy rights.

Alexander, recognizing the civil liberties audience he was talking to, admits that the NSA neither needs nor wants most personal info, such as emails, and repeatedly states that they need to protect civil liberties (though, in the section quoted below, you can also interpret his words to actually mean they don't care about civil liberties -- but that's almost certainly a misstatement on his part):

One of the things that we have to have then [in cybersecurity legislation], is if the critical infrastructure community is being attacked by something, we need them to tell us... at network speed. It doesn't require the government to read their mail -- or your mail -- to do that. It requires them -- the internet service provider or that company -- to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it.

It's like a missile, coming in to the United States.... there are two things you can do. We can take the "snail mail" approach and say "I saw a missile going overhead, looks like it's headed your way" and put a letter in the mail and say, "how'd that turn out?" Now, cyber is at the speed of light. I'm just saying that perhaps we ought to go a little faster. We probably don't want to use snail mail. Maybe we could do this in real time. And come up with a construct that you and the American people know that we're not looking at civil liberties and privacy, but we're actually trying to figure out when the nation is under attack and what we need to do about it.

Nice thing about cyber is that everything you do in cyber, you can audit. With 100% reliability. Seems to be there's a great approach there.

Now all that's interesting, because if that's true, then why is he supporting legislation that would override any privacy rules that protect such info? If he really only needs limited information sharing, then why isn't he in favor of more limited legislation that includes specific privacy protections for that kind of information? He goes back to insisting they don't care about this info later on in the talk, but never explains why he doesn't support legislation that continues to protect the privacy of such things:

The key thing in information sharing that gets, I think, misunderstood, is that when we talk about information sharing, we're not talking about taking our personal emails and giving those to the government.

So make that explicit. Rather than supporting cybersecurity legislation that wipes out all privacy protections why not highlight what kind of information sharing is blocked right now and why it's blocked? Is it because of ECPA regulations? Something else? What's the specific problem? Talking about bogeymen hackers and malicious actors makes for a good Hollywood script, but there's little evidence to support the idea that it's a real threat here -- and in response, Alexander is asking us all to basically wipe out all such privacy protections... because he insists that the NSA doesn't want that kind of info. And, oh yeah, this comes at the same time that three separate whistleblowers -- former NSA employees -- claim that the NSA is getting exactly that info already.

So, this speech is difficult to square up with that reality. If he really believes what he's saying, then why not (1) clearly identify the current regulatory hurdles to information sharing, (2) support legislation that merely amends those regulations and is limited to just those regulations and (3) support much broader privacy protections for the personal info that he insists isn't needed? It seems like a pretty straightforward question... though one I doubt we'll get an answer to. Ever. At least not before cybersecurity legislation gets passed.

Early last week, we wrote about the oddity of how the White House didn't seem to much mind "leaks" that made the President look good in terms of being "tough" on our enemies, such as in the NY Times story confirming that the US was behind the Stuxnet malware, and that the President himself was very familiar with the program. This came at the same time as the White House continuing to vindictively prosecute people responsible for even very minor leaks, such as the Thomas Drake affair, in which some whistleblowing about out-of-control spending at the NSA tuned into a malicious prosecution.

Soon after that story came out, the issue of "good leaks" and "bad leaks" became a huge political football, as it gave the President's opponents an angle to attack him for leaking classified info. The President himself had to shoot back and insist that there were no such leaks happening from the White House -- which is clearly not true. Some of the information could have only come from administration officials.

And, of course, it wasn't just limited to Stuxnet, but other "leaks" of classified info, such as stories around the unmanned drone strike program, which lots of people have reported on, but which is still "classified." Of course, we've now seen grandstanding on both sides of the aisle decrying these leaks -- but not the actions that were exposed by them!

Instead, they all seem to be upset about the leaks themselves, rather than the fact that these questionable activities were secret in the first place. As John Cook recently wrote, these kinds of "leaks" are important because they let us know what our government is doing in our name. That's why these aren't leaks, so much as whistleblowing. And that's an important distinction. That's doubly true as we see to what ridiculous lengths the very same administration goes to in order to attack anyone who reveals information that makes it look bad.

One person's leak is another person's whistleblowing. To treat them all as "leaks" that must be punished (often severely) creates a significant chilling effect on reporting on key issues -- and (worse) gives the government a bubble in which it gets to abuse its power. Rather than condemning all these "leaks," we should be trying to (a) celebrate those who blew the whistle and (b) understand the details behind why such things were secret in the first place.

Pre-trial hearings for Bradley Manning, the guy accused of leaking State Department cables (and other info) to Wikileaks, are kicking off this week, with many assuming that he's clearly guilty and will spend the rest of his life in jail. Of course, reports suggest that many thousands (and perhaps hundreds of thousands) of people had access to the exact same documents, and we're still waiting for any proof of any harm from the leaks. That said, the most interesting question about the Manning trial comes from Gautham Nagesh, who asks if Manning would even have been prosecuted if he'd leaked the exact same info to the NY Times, rather than Wikileaks (even though the eventual publishing of the documents went through the NYTimes and others).

And that brings up an interesting point. Is this really a trial of Manning... or a trial-by-proxy of Wikileaks itself?

That said, I'm not convinced it would have made a huge difference, but the overall attention level might have been different. If we went back a decade, perhaps it would have been an issue. However, starting under the Bush (the younger) administration and certainly ramping up under the Obama administration, the federal government has been pretty aggressive in going after whistleblowers -- even when they are going to the press (including some specific cases involving the NY Times).

Where I think it might have made a bigger difference is in how the case finally works out. There seems to be this presumption that Wikileaks is obviously "evil" and therefore anyone working with them must be trouble by association. The concern if the leaks had merely been to the NY Times perhaps wouldn't have been nearly as strong.

We've noted the unfortunate trend of the Obama administration vindictively going after any whistleblowers (despite one of Obama's first moves in office being to encourage whistleblowing). To date, the Obama administration has been involved in six prosecutions of whistleblowers using the Espionage Act... twice as many such uses of all other Presidents combined. But, here's the thing. We just wrote about the NYTimes reporting that the US was behind Stuxnet, and that President Obama himself was deeply engaged in the project.

As people have noted, that level of "leak" seems to go way beyond what many of those charged under the Espionage Act did (including other leaks to the NY Times). And yet, as Gawker discovered, unlike with some of those other stories, the White House did not try to prevent the publication of this info, and almost certainly gave its tacit approval to the publication.

So, what's the difference? Well, the prosecutions against whistleblowers, and the attempts to stifle the reports based on them, all seem to focus on cases where the White House looks bad -- domestic spying, torture, etc. The Stuxnet story was a success story. Even though the malware eventually leaked out into the world and was exposed, the "damage" was already done. This leak actually lets the White House claim credit and look good.

A year and a half ago, we wrote about Daniel Ellsberg (the guy who leaked The Pentagon Papers to the NY Times a few decades back) talking about his personal theory as to why Obama was so vindictive against leaks, despite an outward persona (and specific statements) that totally contradicted the position. His belief was that Obama was so vindictive about whistleblowing, because all of those whistleblowing cases revealed things that were embarrassing to the President. The fact that the White House doesn't seem to have a problem with this particular leak of classified info -- one that more or less makes them look good -- certainly adds significant weight to that theory.

Back in January, we noted the somewhat ironic fact that a US Senator had put a "secret hold" on a bill to protect government whistleblowers. We wondered if someone would blow the whistle and out that Senator. Thankfully, the folks from On the Media stepped up, and set up a project to find out who put that secret hold on the bill. Last we had checked in, they had narrowed it down to three possible Senators: Jon Kyl, Jeff Sessions and James Risch. Since then, Risch said he didn't put the hold on, leaving just Kyl and Sessions refusing to speak. Now that it's been narrowed down to just two, On the Media has decided to end the project, but is happy about the results. The campaign served to raise two key issues:

The Government Accountability Project has let us know that this project has had the two-pronged effect in the Senate of making Senators more hesitant to use the secret hold, and bringing new attention to the Whistleblower Protection Enhancement Act, which is expected to be reintroduced in the Senate shortly.

This is good news. While there actually are some serious problems with the Whistleblower Protection Enhancement Act as it was written last time around, that's still no excuse for anyone to put a "secret" hold on it. If Senators are going to block a bill, they should be willing to at least come out and admit that it was them, let alone explain their reasons for doing so.