THIS ARTICLE WAS ORIGINALLY PRINTED ON MAR 30, 2014 AND IS BEING RE-PRINTED FOR “CHALLENGES OF INTELLIGENCE COLLECTION WEEK.”
Regardless of how you feel about Edward Snowden’s domestic surveillance program revelations, it’s time to get real about the cost we are paying for Snowden’s leaks about America’s signals intelligence programs. In a conversation a few months ago with a very senior former US intelligence official, I was struck by their apocalyptic assessment of the damage Snowden’s leaks had caused America’s intelligence capabilities. While he naturally considered the domestic concerns overblown, he was even more upset at Snowden undoing of decades of groundbreaking American work securing our own communications and spying on foreign governments.
Success in signals intelligence relies almost entirely on the opponent not knowing where and how he is being spied upon. As soon as your methods are discovered, your opponent can evade your espionage or, even worse, spoof you with false intelligence. Be detailing the methods that the US uses to spy on other countries, Snowden’s revelations immediately and directly limited the NSA’s capabilities. We are just now beginning to see the fruit of that.
The Crimean crisis has revealed tremendous gaps in American SIGINT and comms against the very country in which Snowden happened to take asylum. Just over a year after Snowden’s releases, it is no coincidence. Now, I don’t mean to give Snowden all the credit – the Russians have maintained aggressive measures against American SIGINT since at least the mid 2000s. But it is not clear that, before the Snowden revelations, they were certain how effective their countermeasures were. By laying bare the sorts of measures the NSA has honed to break open world communications, Snowden has given the Russian military and IC exactly what it needs to craft communications in the American blindspot. Thus, the American intelligence community was blindsided by the Crimean invasion – while they observed the Russian military buildup, the lack of an increase in comms traffic lulled them into a false sense of optimism. Thanks to Snowden, the Russians could be confident that their countermeasures would be effective.
There is another piece of this puzzle that has been troubling me; Over the past year, there have been a number of alarming communications security breeches that have embarrassed US, EU, and Ukrainian officials in ways very convenient for the ongoing Russian information war. Now, I can’t speak to the sources of the EU and Ukrainian leaks (I wouldn’t want to deprive some poor GRU operative his due!), but I was very alarmed by the US breech. Senior (and even not-so-senior) US officials working in the Former Soviet Union are subject to very strict regulations around communications. Now, it’s possible of course that Victoria Nuland and Amb. Pyatt made some error. But this isn’t the first rodeo for either of them: Nuland is the former ambassador to NATO, and Amb. Pyatt is a career FSO with decades of experience working in sensitive areas, including at the IAEA. We know that Nuland was surprised by the leak, calling it “pretty impressive tradecraft.”
There are two likely scenarios of how these communication leaks happened; both of them alarming. The first possibility is that the conversation was had in the clear on an embassy line. Intercepting embassy communications still involves a level of tradecraft above merely intercepting something over Ukraine’s telecoms network, and embassy comms being intercepted indicates a dire but not surprising familiarity with our diplomatic communications system. Nonetheless, such a breech would indicate that our diplomats had not necessarily followed protocol. The more alarming possibility is that the secure line itself was compromised. Prior to Snowden, such a breach was nigh unthinkable. But, prior to his time at the NSA, Snowden worked for the CIA…securing their communications from foreign postings. Now, I’m not suggesting that Snowden is sitting in Lubyanka Square hacking American comms. But it should scare the hell out of us that someone so intimately involved in securing American communications in addition to building American SIGINT capacities now relies on the generosity of his Russian hosts for his breakfast, lunch, and dinner.
It is possible that Snowden could compromise American intelligence in ways he is not even aware; was Snowden really clever enough to completely prevent the Russians from peeking into his document archive? Is he really smart enough to detect whether some of the security problems he might work on for his Russian clients might not actually be FSB tricks to get him to divulge how an American cryptographer might approach security? What frightens me is not the possibility that Snowden is maliciously working against the US. But the Russian intelligence community has access to people who are smarter than he is, are better hackers than him, and are world-class manipulators. Snowden’s naïveté has already harmed the US, but his hubris is positioned to do even more damage, and damage that we will not know the extent of until it is too late.
I realize that this line of analysis has a certain Ian Fleming-ish feel to it; a US cryptanalyst absconds to Russia, and a year later, American SIGINT begins to experience unusual failures and breeches. But that is the reality we are living in, and we need to wake up to it. The damage Snowden has done to America’s information security and intelligence capabilities is not hypothetical and hypothesized. It is real, it is urgent, it is extensive, and it is just starting.
Jon is a 2013 Healy Scholar, a MPhil in International Relations candidate at University of Oxford, and a Research Assistant at Georgetown University.