Secrets, Surveillance and Snowden

After receiving top-secret documents from the NSA whistleblower, reporter Barton Gellman broke the news that the National Security Agency was spying on Americans. Here’s how it happened.
Edward Snowden in 2019. (Photos by KK Ottesen)

The inbox logged a message as I slept. Many hours passed before I checked. Probably should have kept away, but habit tugged. We had taken the channel dark last night. Not because we knew it was blown, but because we could not know. These email accounts were anonymous, encrypted, isolated from our everyday Internet lives. Best I could tell, there was no way to lock them down tighter. That thought had reassured me once.

It was the second half of May 2013. Nearly four months had passed since Laura Poitras, an independent filmmaker, had reached out to me for advice about a confidential source. Verax, as I came to know him later, had brought her an enigmatic tip about U.S. government surveillance. Poitras and I teamed up to see what would come of it. The previous night, months of suspense had come to an end. Verax delivered. The evidence was here. His story was real, the risks no longer conjecture. The FBI and the National Security Agency’s “Q Group,” which oversees internal security, were bound to devote sizable resources to this leak. For the first time in my career, I did not think it was out of the question that U.S. authorities would try to seize my notes and files. Without doubt we were about to become interesting to foreign intelligence services.

Poitras and I resolved to meet again in two days. Anything that came up sooner would have to wait. That plan did not last the night. I logged on the next morning, expecting nothing. According to the time stamp, Poitras had fired off a note less than four hours after we parted. She could not have slept much. I hadn’t either, but the fog cleared when I saw her subject line. It was our private signal for “urgent.” The message, once decrypted, was succinct.

I really need to show you something.

You are going to want to see it.

Odd. Very. Something to look at? After what we saw last night? Verax had sent a top-secret, compartmented presentation from the NSA, updated the previous month. Poitras and I stood over a small laptop screen past midnight, struggling with the jargon. The main points came through readily enough. Under the cover name PRISM, the NSA was siphoning data from tens of thousands of Yahoo, Google, Microsoft and Facebook accounts, among others. Forty-one slides and 8,000 words of speaker’s notes laid out the legal rationale and operating details. If authentic — and it sure looked that way — this briefing offered something very rare: an authoritative account, in near real time, of intelligence operations on U.S. soil that spilled far beyond the bounds acknowledged in public.

When we quit for the night, Poitras said she understood maybe 10 percent of it. I could not claim more than half. No shame in that. Journalists were not supposed to know all the answers. We were supposed to know how to find them, to test the evidence and look for more. Building a story might take time, but we had the cornerstone.

So I thought. But something had startled Poitras, startled her enough to break email discipline. There was no use guessing. I found nothing to read between the lines. The news, I supposed, could be good or bad, but any surprise was unsettling at this stage. Surprise meant I did not know where we stood. For weeks, I had been mapping contingencies, thinking through likely paths and roadblocks in the next stage of reporting. I had to find additional sources, make contact without endangering them, authenticate the document and look for context. There were all kinds of ways I could screw this up: exposing Verax, falling for a fake, misreading the text, disclosing something that caused inadvertent harm. If I had misdrawn my mental map, I might not see trouble coming.

There was no more time to plan. Verax had rung the starting bell. We had the document in hand and no fixed story date. The interlude could be precarious. Verax declined to say where he was, but we knew he had stopped showing up for work. When his employer began to look for him, the risks to his freedom and safety would become acute. Authorities would discover what he took, and they might try to preempt the story. For sure our window for unhindered work would close.

We were trying to slip the gaze of a surveillance giant while peering through its gates. We could not hope to succeed for long, but we bought time every way we could. The urgent email from Poitras that morning had six miles to travel as the crow flies, from Tribeca to Upper Manhattan. She dispatched it through anonymous relays around the world, adding thousands of miles of detours to mask her whereabouts. When I logged on, I did the same. We had bought cheap laptops with cash and used privacy tools to spoof their hardware and network addresses. Poitras, Verax and I encrypted every word. We used no telephones at all. Every contact left a trail — there was no helping that — but we filled it with false footprints.

Before I could make my way downtown, a second email appeared. Same mundane-looking subject line, signaling “urgent.” As the body of her encrypted message crossed the Internet, the ciphertext looked like this:

– – – – – BEGIN PGP MESSAGE – – – – –

h Q I O A 7 R n V I V e b w v e E A g A 7 O B O 1 q t n Q 1 m d D T Z w U 4 e I 1 Z b f F 5 7 d L N I b 0 U x e u n q K 8 q 9 Z

o o 9 a 0 i H G j V r e q o 0 Y K i p / l p X 7 r o h H m A / T 0 3 8 j j g n s F 9 E 6 h N a h g 1 Z W c B R a b f O x G U x u

8 G z x k 5 H 9 m + k 0 d H C q g 6 E V w A o I W u n k g h c 6 j G 2 p / s e N F N C R 3 6 v j g C y 2 B u F 4 7 J c 0 o K g c

[ … ]

– – – – – END PGP MESSAGE – – – – –

I plugged in a thumb drive. On it was my private key, a small digital file required to decrypt her message. Unscrambled, the new note from Poitras had only eight words.

You need to prepare yourself for this. Jesus.

What in the hell was going on? I canceled a flight to Washington and hustled to the subway, trotting down the staircase double time. As I boarded a downtown 1 train, I pulled the battery from my phone. A smartphone is an excellent tracking device. It works well as a remote-controlled microphone, too, for someone who knows how to switch it on.

Documentary filmmaker Laura Poitras in Washington in 2017. (Photo by Bill O’Leary/The Washington Post)

The first time I met Laura Poitras, three days before Christmas 2010, she turned up unannounced at my office, just off Washington Square. Karen Greenberg, a mutual friend who ran a lively policy salon at the New York University School of Law, kept telling us we should meet.

I did not think to ask Poitras how she had made her way to me without a call from security or the fussy receptionist upstairs. That night she let me know I had missed some kind of a scene. “I feel a little bad I had to freak out Karen’s staff to get to you,” she wrote.

Unsurprising, if her press clippings were to be believed. At age 46, she was an Oscar-nominated, Peabody-winning force of nature, prone to shouldering a camera through war zones without a crew. Politics on the radical side. “Intense” and “relentless,” the profile writers said. Grew up near Boston, trained as a chef, then turned to film. Her breakthrough film, “My Country, My Country,” traced the failed attempt to install democracy under U.S. occupation in Iraq. PBS had just broadcast her latest, “The Oath,” an alternating narrative of Osama bin Laden’s former bodyguard, now a cabdriver in Yemen, and his brother-in-law, a prisoner at the U.S. military detention center at Guantánamo Bay.

Blowback from the Iraq film brought her to me. For four years, since the documentary’s debut in 2006, she had been pulled aside for interrogation and search every time she crossed a U.S. border. Typically, Customs and Border Protection officers held her for hours, stating no reason. They paged through her notebooks, copied video footage from her memory cards and sometimes “detained” (that was the legal euphemism) her electronic devices. At New York’s John F. Kennedy Airport that summer, she later recounted, they had “confiscated my laptop, video camera, footage and cellphone” and held them for 41 days.

I found all that appalling, beginning with the U.S. government’s pretense that computers and smartphones were “containers” no different from a purse or a duffel bag. Seizing, copying and keeping hundreds of thousands of personal and professional files, by this baroque logic, was no greater intrusion than searching a suitcase for undeclared bottles of scotch. Long precedent held that the Fourth Amendment’s requirement of probable cause did not apply to searches at the border. The government made a broader claim, far more hostile to common sense and the foundational right of a citizen to be left alone. There was no such thing, the government argued, as an “unreasonable” border search because customs agents could be as arbitrary as they liked about search and seizure. They did not need any reason at all.

Poitras had heard that my old newsroom colleagues saw me as an eccentric on privacy, the guy who encrypted his notes and set up spooky online accounts. To me the need for precautions was apparent. Journalists, same as everyone else, had accepted the gifts of the Internet without considering their price. Mobile phones, Web browsing, email and messaging left long trails of data about whom we talked to, when we spoke, where we met and what we talked about. Changing laws and technology gave the government more access to that data trove with less oversight. Large private employers deployed comparable tools at company scale, enabling them to look over the shoulders of employees at will. Journalists pledged not to reveal our confidential sources, but we were allowing adversaries to pluck them from our digital exhaust. It had been years since I kept my notes where anyone else, even bosses I trusted, could read them. “The cloud,” as the security analyst Graham Cluley put it, was just another word for “somebody else’s computer.” When you left information there, you gave up control.

Poitras wanted to know how to defend herself. Ordinarily, I would start a conversation like that by asking what she wanted to protect and who she thought was after it. Poitras already knew she had a world-class adversary. That was not good news, but even the U.S. government had to budget time, money and scarce technical resources. Until now, Poitras had been a cheap target, traveling with naked data. She could make herself much more expensive with file encryption. Meanwhile, about that laptop they copied? Had she changed the passwords on her email and online accounts? She had.

That night I sent her what purported to be “a quick note for further reading.” In fact, all self-restraint failed. My thousand-word email was thick with links and recipes for an alphabet soup of software tools: GPG, TrueCrypt, OTR, SOCKS proxies, Tor. It is not hard to see, in retrospect, why my colleagues seldom asked for this kind of advice.

With tools like these, anyone could read and write and meet on the Internet without censorship or fear, cloaked in the elegant mathematics of cryptography. Anyone could, and hardly anyone did. I took a certain nerdy pleasure in the effort, and I had strong incentives as a journalist covering secret diplomacy, intelligence and war. I started using GPG, the gold standard of email and file encryption, in 2006 — not long after Time magazine overrode a reporter’s objections and handed his notes to prosecutors in the criminal case against Vice President Dick Cheney’s chief of staff.

Our collaboration on the NSA story began two years later, on Jan. 31, 2013, when Poitras wrote to say she was passing through New York.

“Do you have time to grab a coffee in the next few days?” she asked. “I could use some advice.” The invitation was not as casual as it looked. An encrypted note followed, asking me to leave my mobile phone behind. Two days later, at Joe, the pocket-size espresso bar I picked out, she made a face at the tightly spaced tables and said we had better try elsewhere. We switched venues twice more before she found one private enough. She had my attention.

Poitras made small talk until our server brought food and drink. By habit, I pulled out a Moleskine notebook. She shook her head, and I put it away. A nameless informant had come to her, she said, describing himself as a member of the U.S. intelligence community. The NSA, by the anonymous correspondent’s account, had built a surveillance machine of such breadth and power that it placed American democracy at risk. He could supply proof, but not yet.

Not a promising start. I kept a poker face, I think, but few subjects in my experience matched the allure of an intelligence plot to delusional tipsters. After writing about warrantless domestic surveillance in my last book, I had been swarmed with letters in spidery script and voice mails that kept going until they filled my queue.

I thought about cautioning Poitras, then caught myself. It was a bad habit. Journalists, like police officers and trial lawyers, liked to think we had special instincts for truth. Bulls--- detectors. I was not immune to the fantasy, but science offered scant support. In controlled experiments, professional investigators did no better than a coin toss at picking out truth and lies.

I shut up and took another bite of burger, leaving the floor to Poitras. As our conversation went on, I liked what I heard. The source had not shown Poitras all his cards, and Poitras kept some from me, but he spoke fluently in the languages of signals intelligence and communications networks. I thought I heard a weakness for high rhetoric, but Poitras said the source wrote with precision about matters of fact. His willingness to say “I don’t know” encouraged us both. Another small measure of credence came when he lapsed from plain English into shoptalk without appearing to notice. That was the way of many closed tribes and not easy to fake.

Poitras hoped I might recognize some of the jargon. Had I heard of BOUNDLESSINFORMANT? I had not, but I loved its pitch-perfect tone of earnest overreach, ambitious with a touch of sinister. How about SSO? I was pretty sure that stood for Special Source Operations, something to do with NSA access to equipment under friendly corporate control. What did her source mean by DNR? CNO? No idea. All I came up with were “do not resuscitate” and “chief of naval operations,” which were comically inapt. (Correct answers, gleaned later: “dialed number recognition” and “computer network operations.”) NSANet? Yes, I knew that one. It was the agency’s secure global intranet, connecting 30,000 employees to shared intelligence community resources such as a top-secret reference site modeled on Wikipedia.

Was her source the whistleblower he claimed to be? A fabricator who used public records to feign inside knowledge? A real intelligence analyst peddling fake intrigue? A half-informed official who misread something benign? I told Poitras I thought I could narrow the possibilities. In research for “Angler,” my book on Cheney, I had left out small details I learned about the NSA. They were too technical for my purposes, or I did not understand them in context, or they had no connection to events I wrote about. If the source knew what I knew, that might mean something. If he filled in the gaps, or made persuasive corrections, so much the better.

Poitras asked what I thought of combining forces if the story panned out. Print and film had complementary strengths, she said. Neither of us committed in that first meeting, but I was intrigued. As time went on, Poitras passed questions and replies among us. Every exchange chipped away at our doubts. By spring, the two of us were partners. Everything would depend on the written evidence, I wrote to her in early May, but I had reached a turning point.

If this guy was not for real, I wrote, “I will be very surprised.”

When I reached Poitras’s downtown hotel, several hours after receiving her urgent message, the room was a shambles. Equipment, clothing and papers covered the bed and most of the floor. She had not slept or changed, and I could not read her face. Shock, no doubt, but something else too. Elation? Alarm? Disbelief? If she said anything at the door, I do not remember it. What I do recall is a shake of her head and a sweep of her hand. Come in. See for yourself. I can’t explain.

Verax had sent us another package, larger than the first. Much, much larger. Three digital vaults, each with a separate pass phrase, nested one inside another like matryoshka dolls. The outer vault was labeled “Pandora.” Inside it was another, labeled “Verax.” And inside that, one more: “Journodrop.” I typed the final pass phrase and a status window popped open, text flying up and off the screen too fast to read as the encrypted archive unpacked. The operation took a long time. When it stopped, there were 8 gigabytes of new files. I had done the math for a story once: One gigabyte could hold tens of thousands of pages, more if fancy graphics were kept to a minimum.

I clicked experimentally on a folder called “fisa,” short for the Foreign Intelligence Surveillance Act. Inside it were two more folders. I clicked the top one and found 11 more folders inside. I began to drill down, opening the first folder listed at each new level. There were six of them at the next, 14 after that, and then 21 — folders inside folders inside folders. A quick scan of file names showed Word memos, plain-text files, PowerPoint decks, Adobe portable document files, Excel spreadsheets, and photographs.

I had no words. Nothing in my playbook prepared me to cope with this volume. How would I vet it, protect it from theft, write stories across so wide a span? I knew how to chase down facts with old-school investigative methods. I drew on open literature and background interviews for context. I circled hard targets from the outside in, interviewing sources on the periphery before approaching the big shots at the center. Afterward, I started around the circle again. Those methods worked, but they did not scale. I could not authenticate classified documents in batches, dozens or hundreds at a time. And there was no way I would put the archive online to crowdsource the analysis, an effective tool in some cases but not when there were unknown risks to public safety.

The size of the archive itself, on the other hand, helped validate it. Over the years, I had seen forgeries, some of them fairly convincing, from hoaxers or people with something to gain. But who could possibly fabricate so many? What benefit could justify the prodigious labor involved? In theory, a few doctored papers could be hidden among real ones. I would have to watch for that. Even so, I was increasingly confident in Verax.

This was the Hollywood version of a “leak”: an unknown source emerging from nowhere, bearing a stupendous scoop. In the real life of a newsroom, this happened so seldom that it was tantamount to myth. Typically, I got my best stories in small pieces from people I had cultivated for years or discovered through a common web of trust, each contributing part of a whole that none would tell me directly.

Some people, when unboxing a complicated gift, have the sense to look for a user guide. My first pass through Pandora skipped right past it. That was no fault of Verax, who left a pair of text files in the top directory, with names in emphatic capital letters: “README_FIRST” and “README_SECOND.” Eventually, I took notice.

The second file gave a high-level tour of the subjects covered and the organization of folders. The first, a 1,041-word introduction and manifesto, began like a conversation in progress: “It will be retroactively changed to damage my credibility, I had a good record and was well liked.” It was a tense and jumbled opening, with little of the polish I had come to expect from Verax. Years later he told me he composed both cover notes in haste as he reached the brink of departure from his home in Hawaii. He had not yet boarded the flight that would leave his whole world behind, but it was too late to change his mind. He had committed himself with one final breach of NSA defenses, the one he saved for last. Auditing systems were sure to flag it, and soon. Behind the grandiloquence of his note was a young man, alone, under extraordinary stress.

I led a comfortable and privileged life, a life engineered by the power structure to be difficult to give up. As I advanced and learned the dangerous truth behind the U.S. policies that seek to develop secret, irresistable [sic] powers and concentrate them in the hands of an unaccountable few, human weakness haunted me. As I worked in secret to resist them, selfish fear questioned if the stone thrown by a single man could justify the loss of everything he loves. I have come to my answer.

My sole motive is to inform the public as to that which is done in their name and that which is done against them. The U.S. government, in conspiracy with client states, chiefest among them the Five Eyes — the United Kingdom, Canada, Australia, and New Zealand — have inflicted upon the world a system of secret, pervasive surveillance from which there is no refuge. They protect their domestic systems from the oversight of citizenry through classification and lies, and shield themselves from outrage in the event of leaks by overemphasizing limited protections they choose to grant the governed. I tell you from experience that these protections can be stripped away in an instant.

He closed with a breathtaking act of trust, placing himself entirely in our hands. The timing was his own, as always, but he gave me what I needed when I needed it. “Verax” left the room. His alter ego stepped out from behind the curtain.

Edward Joseph Snowden, SSN: ⬛⬛⬛-⬛⬛-⬛⬛⬛⬛

CIA Alias “Dave M. Churchyard”

Agency Identification Number: 2339176

Former Senior Advisor | United States National Security Agency, under corporate cover

Former Field Officer | United States Central Intelligence Agency, under diplomatic cover

Former Lecturer | United States Defense Intelligence Agency, under corporate cover

He had a name now. There were so many questions left. What kind of man could assume such risks? Who would take decisions of this consequence upon himself? How could he, how could anyone, walk off undetected with the patrimony of a global surveillance establishment?

The PRISM slides arrived the day after I called The Washington Post to ask for an urgent meeting about a story that I did not want to discuss on the telephone. Pandora came the day after that. The following morning, May 22, I caught a plane to Washington to meet with Kevin Baine, the newspaper’s outside counsel, and managing editor Kevin Merida. On May 23, I returned to see executive editor Marty Baron. I had heard a lot about him, but we had not met.

It was time to show the goods. I booted one of my throwaway laptops with a thumb drive. From a second encrypted thumb drive, I opened the PRISM slide deck to its cover page.

The style fit a briefing subculture I had come to know at the Pentagon. All the archetypes were here: cheesy graphics and emblems crammed against starbursts, charts, tables, arrows and acronyms. The company logos grabbed Baron’s attention first, as familiar as any leading American brands. I pointed to a round official seal just below them on the left. That belonged to Special Source Operations, PRISM’s parent organization in the NSA. See that eagle with talons closed on what look like strands of twine around the globe? Those are fiber optic cables. The Internet. The eagle has the Internet in its claws. International telephone networks, too.

Not very subtle, someone said. No kidding. At the State Department or the Pentagon, most people who wrote memos had probably heard of the “front-page rule”: Before you write it down, imagine the news headline. They might not take the maxim to heart, but they knew in some abstract way that secret documents sometimes leaked. An American eagle as predator, the whole world its prey, was the sigil of an agency that could not even conceive of a public readership.

I gave Baron the overview I wished I had had when I first read these slides. Take a look farther down the cover page, I said, where “S35333” appears in smaller type. S stands for the Signals Intelligence Directorate, S3 for Data Acquisition, and each digit after that identifies a subordinate function. S353, the eagle people at Special Source Operations, pulled in monumental flows of information from the main trunk lines and switches that carry voice and data around the world. The owners of that infrastructure, mostly big corporations, were the “special sources.” Conveniently for U.S. intelligence, an outsized share of global communications traversed the United States. A call or email from Barcelona to Bogotá might well pass through Miami.

PRISM, or S35333, was another kind of access for the eagle folk. Here the special sources were the American-based Internet giants: Google, Facebook, Yahoo, Microsoft, AOL, Skype, YouTube and Apple. Also a service called Paltalk, which I had not heard of but which presumably hosted accounts of attractive targets. The great thing about those companies, from an intelligence collector’s point of view, was that they did much more than push data through pipes. Unlike AT&T and other common carriers, they stored the content their users sent and received. The NSA did not have to chase down all those emails, videos, photographs and documents as they raced across fiber optic cables at the speed of light. Collection could wait until the data arrived somewhere and held still. (Or, as often happened when faced with alternatives, the NSA could choose to do both.) Exabytes of user information — each equal to 1 billion gigabytes — were assembled on big U.S. company data servers. Years of records might be stored in a single account. Eric Schmidt, then chief executive officer of Google, famously said in 2010 that the world created as much information every two days as it had from “the dawn of civilization through 2003.” Some people questioned his numbers, but the general point was hard to dispute. The volume of data produced by humankind was expanding at a pace that beggared analogy. Google held a big chunk of that. The company and its peers in the PRISM collection system dominated the global marketplace for search, messaging, video, email and cloud storage.

The NSA, in concert with the FBI, dipped into this treasure trove under a secret interpretation of the legal authority that Congress granted in 2007 and 2008. Until then, the government could not search a Skype or AOL account without a warrant from the Foreign Intelligence Surveillance Court. Each warrant required probable cause to believe that a specific account belonged to an agent of a foreign power. The court nearly always granted those warrants, but it did perform an individual review. After Congress passed the Protect America Act and the FISA Amendments Act, Justice Department lawyers secretly persuaded the court that it could authorize surveillance of an unlimited number of accounts with a single order.

In the new arrangement, a judge no longer needed to hear a valid foreign intelligence purpose for surveillance of each proposed target. Neither the court nor the intelligence committees in Congress even knew who the targets were. Once a year, in a classified proceeding, the court approved two documents. The first one laid out rules meant to govern the NSA’s choice of accounts to monitor. The second one specified procedures for “minimizing,” or limiting access to, some of the information the NSA collected about U.S. citizens, green-card holders and companies. The attorney general and the director of national intelligence certified that the NSA would follow these rules. The court would not know when the agency broke a rule unless the Justice Department, as required by still another rule, disclosed the violation to a judge.

Collection was not deliberately aimed at Americans. The targets had to qualify as foreign. More precisely, and not as strictly, the NSA needed grounds to believe that a target was more likely foreign than not. Acquisition of foreign intelligence also had to be “a significant purpose” of the spying but not the sole or primary purpose. For various reasons, some avoidable and some not, a lot of Americans were swept in under those terms.

I clicked to slides 15 and 40, the latter updated only six weeks before. I showed Baron and his team that PRISM had more than 45,000 “selectors,” or individual collection targets, at the end of 2012. By April 5, 2013, there were 117,675 accounts under active surveillance. The numbers were growing exponentially, more than doubling at Facebook and more than tripling at Skype from year to year.

Could there be that many terrorists, spies and foreign government targets with Hotmail or Yahoo accounts? What definition of “terrorist,” the top target category, would result in numbers like that? The subtitle of this slide deck called PRISM the source “used most in NSA reporting.” Reporting, in this context, meant alerts and briefings sent to intelligence customers around the U.S. government. Put another way, this briefing told us that Fort Meade in Maryland shared more information obtained from American Internet companies than from any other source.

Snowden in Moscow in 2015. (Lotta Hardelin/Agence France-Presse/Getty Images)

Two days after Marty Baron agreed to publish the PRISM story, a message from Snowden nearly drove us off the rails. I had sent him an upbeat status report. The Post was pressing ahead at full speed. Snowden wrote back. The document he had sent to Poitras and me spoke for itself, as far as he was concerned. What else could we possibly need?

“You may have time constraints I do not understand,” I wrote. “I want to make sure that you understand mine. I have seldom heard of a story of this magnitude that went from soup to nuts in three days, or four or five. ... If you can shed any light on how timing affects you, it’s possible I can help address it in another way.”

Late on Saturday night, May 25, he replied with new urgency. “Alright, let’s talk about time pressure first,” he said. “Until you publish, I am at the highest level of personal risk, because rightly or wrongly, adversaries may feel this can be stopped early.” He had left a cover story about medical treatment, but “at this point I’m certain we’re out of time. That means unless I’m better than I think I am, on Monday, NSA will become aware precisely where I am, and they’re not going to be thinking ‘what a brave and principled whistlerblower [sic],’ it’s going to be ‘how do we splat the spy?’ ”

Those were not the words that knocked the wind out of me. The gut punch came when Snowden explained his motive for including a cryptographic signature for The Post to publish alongside the story and the PRISM slides.

“Why does your source care about the signature?” one of the Post editors had asked.

I had let that question slip in the crush of other work. Snowden had first mentioned the signature nine days earlier, on May 16. Its purpose, he said, was to certify that the PRISM document “has not been edited or changed.” That sounded promising. Did he mean, I wrote back, that someone at the NSA had signed the presentation with a U.S. government credential? That would be outstanding news. Little doubt about authenticity would remain. Snowden offered half a reply, then pirouetted away. “It creates a ‘chain of custody.’ This matters for the historical record,” he wrote. “I can’t yet explain the rest.”

After meeting with the Post editors, I remembered that I could do an elementary check of the signature on my own. The result was disappointing. I was slow to grasp what it implied.

gpg --verify PRISM.pptx.sig PRISM.pptx

gpg: Signature made Mon May 20 14:31:57 2013 EDT

using RSA key ID ⬛⬛⬛⬛⬛⬛⬛⬛

gpg: Good signature from “Verax”

Now I knew that Snowden, using his Verax alter ego, had signed the PowerPoint file himself. If I published the signature, all it would prove to a tech-savvy few was that a pseudonymous source had vouched for his own leak. What good would that do anyone?

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He wanted to show other whistleblowers that there could be a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong Internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts …, I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims — they’d have me committed — and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. …

Alarm gave way to vertigo. I forced myself to reread the passage slowly. Snowden planned to seek the protection of a foreign government. He would canvass diplomatic posts on an island under Chinese sovereign control. He might not have very good choices. The signature’s purpose, its only purpose, was to help him through the gates. With it he could prove that he was my source.

I had agreed to protect Snowden’s identity in order to report a story to the public. He wanted me to help him disclose it, in private, as a credential to present to foreign governments. That was something altogether different. If we published the signature file, The Post would be a knowing instrument of his flight from American law. I might wish him luck. I did. But it was not my role to help.

We hated the replies we sent to Snowden on May 26. We had lawyered up and it showed. “You were clear with me and I want to be equally clear with you,” I wrote. “There are a number of unwarranted assumptions in your email. My intentions and objectives are purely journalistic, and I will not tie them or time them to any other goal.”

Snowden responded with bafflement and alarm. “The response in the last few days from you and BRASSBANNER has me extremely concerned about what appears to be a sudden change of heart,” he told Poitras. “You’ve both gone from supportive to inexplicably terrifying. … I can’t even know if my true name and the source document have already been turned over [to U.S. authorities] at this point. Jesus. I don’t know what they said to you, but I did not go to these lengths to hurt my country or my people.”

To me, the same day, he wrote that he was “working hard to do what is right in an extremely difficult situation.” He was not trying to call the editorial shots. “I confide in you as the lead journalist working on a story of public interest, not to tie you to my raft.” He closed with a plea: “Please confirm your intention to include the cryptographic signature with the source document. You now know [failure to do so] will directly jeopardize my safety.”

It was excruciating. Snowden had taken a leap, counting on us for a parachute we had not agreed to supply. “What a nightmare,” Poitras wrote to me. We would certainly not turn him in, as he seemed to fear. Nor would we share our copy of the PRISM file with U.S. authorities. (I never do that. Governments and big companies often place invisible markers on sensitive documents in order to trace their provenance if they leak.) That was all the reassurance I could offer.

For a young man in free fall, Snowden responded with remarkable grace. He noted dryly that “your communications appear to be rather more reviewed than they were previously.” He could no longer treat The Post story as exclusive. “I regret that we weren’t able to keep this project unilateral for longer than we had, but so it is. Best of luck to you in your reporting — may you know the truth.”

Barton Gellman is a staff writer at The Atlantic. This article is adapted from his book “Dark Mirror: Edward Snowden and the American Surveillance State,” published by Penguin Random House.

Designed by Twila Waddy and Christian Font. Photo editing by Dudley M. Brooks.

We noticed you’re blocking ads!

Keep supporting great journalism by turning off your ad blocker. Or purchase a subscription for unlimited access to real news you can count on.
Unblock ads
Questions about why you are seeing this? Contact us