Excerpts from Dark Mirror


Soundcloud — listen to selections from the Preface, narrated by Barton Gellman

The Atlantic, June 2020

I wiped off the television makeup, unclipped my lapel microphone, and emerged into a pleasant pre-summer Sunday outside the CBS News studio in the Georgetown neighborhood of Washington, D.C. In the back of a cab I pulled out my iPad. The display powered on, then dissolved into static and guttered out. Huh? A few seconds passed and the screen lit up again. White text began to scroll across an all-black background. The text moved too fast for me to take it all in, but I caught a few fragments.

# root:xnu …

# dumping kernel …

# patching file system …

Wait, what? It looked like a Unix terminal window. The word root and the hashtag symbol meant that somehow the device had been placed in super-user mode. Someone had taken control of my iPad, blasting through Apple’s security restrictions and acquiring the power to rewrite anything that the operating system could touch. I dropped the tablet on the seat next to me as if it were contagious.

Washington Post Magazine, May 17, 2020

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He wanted to show other whistleblowers that there could be a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong Internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts …, I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims — they’d have me committed — and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. …

Alarm gave way to vertigo. I forced myself to reread the passage slowly. Snowden planned to seek the protection of a foreign government. He would canvass diplomatic posts on an island under Chinese sovereign control. He might not have very good choices. The cryptographic signature’s purpose, its only purpose, was to help him through the gates. With it he could prove that he was my source.

I had agreed to protect Snowden’s identity in order to report a story to the public. He wanted me to help him disclose it, in private, as a credential to present to foreign governments. That was something altogether different. If we published the signature file, The Post would be a knowing instrument of his flight from American law. I might wish him luck. I did. But it was not my role to help.

British GQ, June 6, 2020

The most revealing cover names are compact expressions of culture akin to street art. The culture owes a great deal to gamers, coders and other digital natives in the outside world. Some of its products, like the sequence from Blinddate to Nightstand, evoke the “brotopia” of Emily Chang’s eponymous book about Silicon Valley. Some, like Boundlessinformant, which is a live-updated map of surveillance intake around the world, are so tone-deaf as to verge on self-parody. (The map itself, despite some breathless commentary, is nothing sinister.) In public remarks and testimony, NSA officials often speak of their “compliance culture”, humble and obedient to post-Watergate laws. There is truth in that, but when the agency’s hackers roam abroad, where far fewer restraints apply, they strike an outlaw pose. There is a whole branch of the acquisitions directorate, S31177, devoted to Transgression. A mysterious Badass compartment is mentioned but left unexplained. Pitiedfool, a suite of technical attacks on the Windows operating system, evokes the ferocity of Mr T’s warning to enemies (“I pity the fool!”) in the film Rocky III. Blackbelt, Felonycrowbar, Zombiearmy and Devilhound share the macho vibe. Another whole class of cover names, including Epicfail and Erroneousingenuity, jeer opsec errors by surveillance targets who imagine that they are covering their tracks.

The insider folkways signal membership in a tribe. The tribe likes science fiction and fantasy, comic book heroes, Star Trek, Star Wars, Harry Potter, fast food, whiskey, math jokes, programmer jokes, ethnic jokes, jokes about nontechnical people and caustic captions on photographs. NSA nerds use “dork” and “bork” as verbs. As in: dork the operating system to exploit a device, but don’t bork it completely or the device will shut down. They illustrate reports with photos of animals in awkward predicaments; one of them likens a surveillance target to a horse with its head stuck in a tree. They condescend about “leet” (or “l33t”) adversaries, wannabe elite hackers who think they can swim with the NSA’s sharks. They boast of dining on rivals who “are honing their skillz”, another term of derision. The themes and memes of NSA network operations are telltales of a coder class that lives its life on-screen, inattentive to the social cues of people who interact “IRL” – in real life.

WIRED, May 24, 2020

Contact chaining on a scale as grand as a whole nation’s phone records was a prodigious computational task, even for Mainway. It called for mapping dots and clusters of calls as dense as a star field, each linked to others by webs of intricate lines. Mainway’s analytic engine traced hidden paths across the map, looking for relationships that human analysts could not detect. Mainway had to produce that map on demand, under pressure of time, whenever its operators asked for a new contact chain. No one could predict the name or telephone number of the next [Boston bomber]. From a data scientist’s point of view, the logical remedy was clear. If anyone could become an intelligence target, Mainway should try to get a head start on everyone….

As I parsed the documents and interviewed sources in the fall of 2013, the implications finally sank in. The NSA had built a live, ever-updating social graph of the US.

Our phone records were not in cold storage. They did not sit untouched. They were arranged in a one-hop contact chain of each to all. All kinds of secrets—social, medical, political, professional—were precomputed, 24/7. [NSA Deputy Director Rick] Ledgett told me he saw no cause for concern because “the links are unassembled until you launch a query.” I saw a database that was preconfigured to map anyone’s life at the touch of a button.