Was Snowden Really a Spy?

News broke yesterday that Edward Snowden, the NSA leaker, has been indicted under the Espionage Act. Though this is unsurprising, it has provoked some outrage. To some, Snowden is a whistle-blower doing God's work—an insider and true believer who became disenchanted by what he learned of the NSA's abuses and excesses, and felt the only choice was to make them public. Such conduct seems unworthy of criminal prosecution.

As a civil libertarian who's highly skeptical of government power, I am glad that the documents we have were leaked, and look forward to more. But I'm not sure Snowden is really wearing a white hat.

It seems increasingly plausible, in fact, that Snowden wasn't an insider who became disenchanted, but rather an outsider who purposefully infiltrated the NSA with the specific intent to make its secrets public. For example, the Los Angeles Times reports that Snowden has long been critical of the NSA:

A self-taught computer whiz who wanted to travel the world, Snowden seemed a perfect fit for a secretive organization that spies on communications from foreign terrorism suspects.

But in hundreds of online postings dating back a decade, Snowden also denounced "pervasive government secrecy" and criticized America's "unquestioning obedience towards spooky types."

At least online, Snowden seemed sardonic, affably geeky and supremely self-assured. In 2006, someone posted to Ars Technica, a website popular with technophiles, about an odd clicking in an Xbox video game console. A response came from "TheTrueHOOHA," Snowden's pen name: "NSA's new surveillance program. That's the sound of freedom, citizen!"

It is strange that a person who made these comments would be granted a top-secret security clearance and allowed access to the country's most secret double-secrets, unless it was all just a clever cover story (which I doubt). On the other hand, it makes me feel a bit safer that the NSA's all-seeing surveillance wasn't all-seeing enough to know they had given an obvious mole super-user access to their servers.

But it also provides a possible answer to another nagging question: why was a lowly nerd like Snowden given access to these super-secret documents? One possibility is that he actually wasn't given access to these documents, but took it. In other words, he used his admin privileges to probe the NSA's databases and went looking where he shouldn't have, all with the specific intent of exposing anything he found and considered objectionable.

Obviously, this is rank speculation on my part. ("Rank Speculation" would be a great sub-title for this blog, after all.) But if it's true that Snowden was on a mission to divulge, and that he went looking for documents he wasn't supposed to look at, it's harder to be outraged at the decision to prosecute him—even if you think (as I do) that his actions ultimately further the public interest.

UPDATE (6/24/2013):

According to the South China Morning Post, Snowden now admits that he took the Booz Hamilton job with the specific intent to gather and divulge the NSA's secrets:

"My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked," he told the Post on June 12. "That is why I accepted that position about three months ago."

The missing check: the plaintiff's bar

The Guardian and the Washington Post broke blockbuster stories this week about the NSA using cooperative (some would say pliant) corporations to gather and mine electronic data such as phone records, emails, VOIP, etc.

Over at the Volokh Conspiracy, "national security conservative" Stewart Baker does his best to defend the NSA:

In short, there’s less difference between this “collection first” program and the usual law enforcement data search than first meets the eye.  In the standard law enforcement search, the government establishes the relevance of its inquiry and is then allowed to collect the data.  In the new collection-first model, the government collects the data and then must establish the relevance of each inquiry before it’s allowed to conduct a search.

If you trust the government to follow the rules, both models end up in much the same place.  I realize that some folks simply will not trust the government to follow those rules, but it’s hard to imagine a system with more checks and restrictions and doublechecks than one that includes all three branches and both parties looking over NSA’s shoulder.

In theory, you could add the check of exposing the system to the light of day, but that means wrecking much of its intelligence value. Or you could simply prohibit the collection-first model (and lose the ability to spot terrorism patterns by matching disparate bits of data). I doubt that those “solutions” are worth the price.

As usual, Mr. Baker is laughably incorrect. It's nice that he pays at least lip service to the idea of transparency before swatting it aside. But he hasn't thought it through. One of the major problems with the current legal apparatus is that judges on the FISA court are making secret interpretations of the law. Thus, people like Congressman James F. Sensenbrenner, who largely drafted the Patriot Act, can be "extremely disturbed" at the way it is being secretly used by law enforcement. This can happen because secret rulings provide no check on government power. If the FISA court judges deny a warrant or a request, the government will just tweak it and come back. Eventually the government will get what it wants because the FISA court judges, like everyone else, care more than anything about just being left alone.

And then, of course, there is the fact that the intelligence courts just kind of have to take the government's word on a lot of stuff. For example, there's a case from the FISA appeals court that rejects a brave service provider's Fourth Amendment challenge on behalf of its customers to a government directive to spy on them. Here's part of the reasoning:

The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. 

In re Directives [redacted text] pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F.3d 1004, 1015 (2008). (You know you're in trouble when there's redacted information in the case title.) Well, at least now we know where to stuff those "government assurances."

The redacted nature of the opinion-making also leads to this:

A Parting Shot. The petitioner fires a parting shot. It presented for the first time at oral argument a specific privacy concern that could possibly arise under the directives. This parting shot may have been waived by the failure to urge it either before the FISC or in the petitioner's pre-argument filings in this court. We need not probe that point, however, because the petitioner is firing blanks: no issue falling within this description has arisen to date. Were such an issue to arise, there are safeguards in place that may meet the reasonableness standard. We do, however, direct the government promptly to notify the petitioner if this issue arises under the directives.[10]

Id.

I have never read a more Kafkaesque passage in the Federal Reporter. What was the "specific privacy concern" that the service provider raised at oral argument? Apparently even the argument is top secret, because the opinion doesn't say. (It's presumably explained in footnote 10, which is redacted.)

But let's leave aside transparency, because Mr. Baker completely ignores another obvious "check" that is missing against the NSA surveillance program: civil liability. In 2008, Congress passed a law (the FISA Act Amendments of 2008) providing blanket (and retroactive!) immunity for any one or any company who is sued "for providing assistance to an element of the intelligence community." 50 U.S.C. § 1885a(a). Such cases are to be "promptly dismissed." As a result, there isn't even a threat that Google, or Verizon, or any of the other companies that have been providing assistance to the NSA could be sued. If they are, they can just file a one page motion to dismiss and it will be immediately granted.

These companies are in the business of making money. The threat of huge class-action lawsuits can certainly provide a real check on their actions. But Congress removed that threat in 2008. Now the information companies have literally nothing to lose by cooperating with the government because they cannot be sued for doing so. On the other hand, the government can obviously drive up legal costs and threaten them with civil contempt if they don't cooperate. So it's no surprise that the government has now what it assured the FISA court it didn't have in 2008: a database of incidentally collected information from non-targeted United States persons.