What Edward Snowden didn't disclose

May 4, 2014, at 9:59 AM

If it seems like Edward Snowden and the reporters who have access to his archive have given away the farm, think again.

The Office of National Director Intelligence has released, because of a FOIA request, its latest controlled access program classification marking guide. If you're not a complete geek, if you have a life and a job, then this document ought to be of no significance to you whatsoever. But the digraphs, trigraphs, dashes, and slashes that formalize the level classification of a piece of information can tell us quite a bit about the large acres of black redactions beneath them. That's because, in the American classification system, function follows form.

At the NSA, Snowden a computer infrastructure analyst, was cleared to access the category communications intelligence, known as "SI," for special intelligence. He also had a "Talent Keyhole" ticket, giving him access to information about the global architecture of overhead imagery, surveillance and reconnaissance programs. (Generally, when you're awarded an SI clearance, you get the TK one at the same time.)

He therefore had a window into the sources and methods of targets of signals intelligence, a very large, multi-billion dollar enterprise. Because the U.S. intelligence community folded computer network operations into SIGINT a decade ago, the "SI" compartment now encompasses the cyber realm. This makes sense, because most germane, intelligence-bearing communications are digital. His documents reveal how the NSA has built a worldwide network of passive and active implants that steal information from target computers or networks, and then send the data back, through special covert channels, to the NSA, for further analysis or exploitation. This feeds the SIGINT beast; new "selectors," or email addresses and telephone numbers and product identifiers are identified, and then further tasked as necessary. This integration was cover-named TURBULENCE. It combines passive sensors (code named TURBINE) with active tasking and control mechanisms (TURMOIL) and has tranformed the way the NSA collects intelligence over the past decade. His documents have also sketched out the growth in the use of bulk data collection from fiber optic nodes, where entire streams of the internet are diverted and key-word searched for tasked selectors.

But there's quite a lot that Snowden did not have access to.

We know this, based on the testimony of NSA officials, and because we have not seen any documents with other, more exotic markings released into the wild. The absence of evidence is not...yes, yes, I know, but if you look at the universe of intelligence activities and product out there and you compare it to the subject matters that Snowden is concerned about and that reporters have written about, there's quite a lot that remains in the shadows. I have also asked several folks with access to the Snowden archives whether my hypothesis about the documents that are as of yet unpublished is correct, and in the elliptical way they communicate these things, I am told that, yes, I am correct. If you assume the intelligence compromise happened the moment Snowden walked out of NSS Kunia with the documents, then it was, at best, a partial compromise of one of several major prongs of the intelligence apparatus.

This is an observation, not a judgment. It was something I had wondered, so I decided to check it out.

For one thing, Snowden did not have access to any specific ECIs (Exceptionally Controlled Information compartments) that protect specific sources of information, including the identities of companies that partner with the NSA. The larger ones can be inferred, but the details of their cooperation, along with the details of hundreds of other relationships, are ECI-controlled.

Snowden did not have (so far as we know) a GAMMA SCI clearance, which protects exceptionally sensitive SIGINT sources. Since the sources he did reveal seem pretty sensitive, it's worth knowing that there is an entire category of SIGINT sources and methods that is even more sensitive, or potentially controversial.

Snowden does not seem to have access to the PRODUCT of SIGINT operations. That is, his documents show how the NSA collects stuff. But in order to read the stuff the NSA collects, you need a separate set of internal clearances. For the FISA material, a RAGTIME clearance is required. Without it, you can learn all about how and why the NSA collects metadata and then analyzes it, but you yourself cannot access the raw data that's collected.

For the first time, the CAPCO confirms the existence of the U.S. Navy's ENDSEAL program. ENDSEAL, the manual says, is an SCI classification that is related to "SI" but segregated from it. This gives us a clue to what the ENDSEAL program is. It is, I am reasonably certain, the group of sensors, underground electronic nets, laser systems, stations and satellite technologies that allow the Navy to collect classic SIGINT and electronic intelligence on submarines, ship movements, adversary counter-measures, and a host of other phenomenon. ENDSEAL is further down into subcompartments — ECRU and NONBOOK.

None of the Snowden documents are marked KDK, for KLONDIKE, the overall compartment for "geoint," or imagery products from all sources. There are three main subcompartments. I assume that they correspond to the types of geoint produced — from satellites, from drones, from manned airplanes. Or maybe they correspond to product levels of differing sensitivities. All that remains classified.

None of them reveal much of anything about HUMINT sources and operations, governed by the HUMINT Control System and two sub-systems, one for "operations" and the other for "product."

(U) Definition: HCS is a sensitive compartmented information (SCI) control system that comprises two compartments, Operations and Product, and is intended to provide enhanced protection to exceptionally fragile clandestine HUMINT sources, methods, and activities based on assessed value, critical nature, and vulnerability of the information. IC clandestine HUMINT collector organizations may elect to use HCS to protect their most sensitive HUMINT information upon the approval of the Director of the National Clandestine Service in accordance with National HUMINT policy.

Nothing about reconnaissance technologies, or actual bulk surveillance technologies, or sensors that collect foreign instrumentation signatures intelligence (FISINT), sensors that collect measurement and signatures intelligence (MASINT), or the web of compartmented NRO programs that allow the U.S. to monitor WMD proliferation around the world.

I don't mean to pretend to know how much (or little) damage the Snowden disclosures have done. But I do have more of an idea about the scope of programs he was not in a position to disclose.






Subscribe to the Week