The press breathed a sigh of relief April 14 when The Washington Post and Guardian newspapers were awarded the Pulitzer Prize’s public service award. The honor vindicated the work of journalists, who at their own risk, sought to inform the public of imposing national security policies.
Videos by Rare
Eleven months have passed since the first government surveillance story was released by the Guardian on June 5, 2013. In that time, dozens if not hundreds of other stories have been published; a minimal amount considering the total 1.7 million classified documents that former National Security Agency contractor Edward Snowden leaked to a handful of journalists last spring.
The flood of news was overwhelming and also sporadic, with stories sometimes coming out months apart. In effect, the details about how the breach managed to occur are still a fuzzy concept.
How the leaks were spilled
Barton Gellman had been a special projects reporter at the Washington Post for 21 years before Snowden began indirectly contacting him last spring and officially unveiled his identity on May 16. The 30-year-old asked Gellman for a guarantee that within the next 72 hours the Post would publish 41 PowerPoint slides describing PRISM, a program used to gather information from major tech companies, according to Gellman’s account of their relationship.
“A story of this magnitude was going to need a lot of lawyering, and was going to need a lot of careful thought about how to balance the risks of disclosure with the necessity of bringing this sort of big policy decisions before the public,” explained Gellman at a Behind the Headlines: NSA Surveillance and Ongoing Revelations panel discussion in Washington, D.C. April 23.
Post reporters at the discussion confirmed consulting with government officials before deciding what to publish and when to do so. Snowden turned to then-Guardian civil liberties reporter Glenn Greenwald, who willingly broke the story hours before the Post went forward with publishing slides they viewed relevant.
How your security was compromised
The Post’s coverage concentrated heavily on PRISM, a clandestine program that gave front-door access to Americans’ Google and Yahoo accounts.
Gellman and an independent researcher with expertise in privacy and security, Ashkan Soltani, analyzed one specific slide that would blow open their investigation. Gellman and Soltani spent five to six weeks studying the document — referred to casually as MUSCULAR and professionally as the Google Cloud Exploitation sketch. Through productive talks with sources, including intelligence officials and network engineers, they were able to feasibly explain the slide’s message.
“As you come across that cartoon, you’re gonna say there’s gotta be a story here,” said Gellman. “There’s a little smiley face and it’s an encryption. The encryption is ‘added and removed here.’ The reason why the engineers we talked to erupted into profanity… is because of the smiley face… the declaration of victory. It was the spiking the football in the face of the company engineers, ‘we beat you, we found a way around your security.'”
The profound findings brought the Oct. 30 story about NSA’s ability to infiltrate links to Yahoo and Google centers worldwide.
The giant fortress-like facilities are located around the world are filled with computer servers that store information about users from other countries. By sticking its hand into insecure servers overseas, the government is not breaking its laws.
“If you were here in D.C. and you were connecting to a Google data center say in North Carolina… your communication will stay in the U.S.,” said Soltani. “Because of the way Google architects their network, such that your data is replicated to all of their locations in the world in the event of say, a power outage on the west coast, they’re able to collect the same data that will be illegal or not available to them domestically, they’re able to collect and access that same data overseas.”
American companies betrayed
Although email companies including Yahoo and Google have been given $52 billion for willingly providing the agency with user data, they reacted in anger at the news of being breached, recalled Washington Post national technology reporter Craig Timberg, a member of the panel.
“The industry gradually realized they had been had. They really felt betrayed; they had built these systems that were supposed to resist hackers,” said Timberg.
By the end of 2013, Timberg said companies were thanking them for bringing to air the issue and had taken steps to further protect their customers’ information.
“We may never know if they’re sufficient. It’s clear that the defenses are a lot stronger now than when all this began.”