Snowden says data can't leak if he doesn't want it to
The NSA leaker made the claim in an e-mail to former Sen. Gordon Humphrey yesterday. Is it believable?
Yesterday I wrote about NSA leaker Edward Snowden's threat, made via Guardian reporter Glenn Greenwald, to release information damaging to the US government if he's killed, and concerns about what exactly that information might be.
Today Mr. Snowden remains at a Moscow airport. He applied for temporary asylum in the country yesterday. His Russian lawyer, Anatoly Kucherena, said today that Snowden has no plans to try to leave the country soon and has not ruled out applying for Russian citizenship. As he seeks help in avoiding arrest and capture, it's hard not to wonder if Snowden will trade information he has in exchange for help.
After I wrote my story yesterday, Mr. Greenwald published a series of e-mails involving former New Hampshire Sen. Gordon Humphrey, Snowden, and himself, in which Snowden was insistent that it's impossible for information in his possession to be obtained by enemies of the US.
"Provided you have not leaked information that would put in harm's way any intelligence agent, I believe you have done the right thing in exposing what I regard as massive violation of the United States Constitution," Senator Humphrey wrote to Snowden. Snowden responded, thanking Humphrey and complaining he's been misrepresented by the press:
"The media has distorted my actions and intentions to distract from the substance of Constitutional violations and instead focus on personalities. It seems they believe every modern narrative requires a bad guy. Perhaps it does. Perhaps, in such times, loving one's country means being hated by its government," he wrote. "Though reporters and officials may never believe it, I have not provided any information that would harm our people – agent or not – and I have no intention to do so."
"Further, no intelligence service – not even our own – has the capacity to compromise the secrets I continue to protect. While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China).
You may rest easy knowing I cannot be coerced into revealing that information, even under torture."
I think his good intentions, as he sees them, are fair to assume. But his certainty that it is impossible to compromise what he knows seems questionable. Presumably he has digital files that are encrypted in some fashion. But if the files are accessible at all, there has to be a key.
Or even imagine a Escherian progression of unbreakable locks containing the key to the next unbreakable lock in the progression, which in turn contains the next key. Layers of difficulty are just that – problems to be overcome. Assertions of insurmountably seem specious as long as a key or set of keys exists and someone hasn't destroyed the first one in the sequence.
And if Snowden's claims are to be believed, a key to whatever data he has does exist. Greenwald says Snowden's NSA files have been set up for release in the event Snowden is killed by the US. Greenwald hasn't said what the mechanism would be and what precisely would be released beyond, "if something does happen to [Snowden] all the information will be revealed and it could be [the US government's] worst nightmare."
That implies that there is some process, known to some people or persons, that allows for access. And while state of the art encryption can foil technical efforts to break it, it's hard to see how gaining access to the knowledge of others is impossible. Spy agencies use trickery, bribery, coercion, and sometimes worse to pry out others' secrets. Yet Snowden was insistent in his letter to Senator Humphrey.
I originally took the torture comment to be a bit of naive bravado (people will say or do almost anything to stop the unspeakable horror of torture) though Greenwald implies today that what Snowden meant was that he doesn't know how to get at the files himself. But then, who does?
If the answer is "no one," then it's hard to square with his claim of a release being made in the event of his death. If the answer is "someone" or "some group of people," then his confidence that secrets can't be compromised seems misplaced. (I asked a number of people who know more about encryption than I about this; the answer always circled back to "the key is the vulnerability." Perhaps there's something we're all missing?)