To grow up is to realize the extent to which your existence has been governed by systems of rules, vague guidelines, and increasingly unsupportable norms that have been imposed on you without your consent and are subject to change at a moment’s notice.
I realized that any opposition to this system would be difficult, not least because getting its rules changed to serve the interests of the majority would involve persuading the rule makers to put themselves at a purposeful disadvantage. That, ultimately, is the critical flaw or design defect intentionally integrated into every system, in both politics and computing: the people who create the rules have no incentive to act against themselves.
Humans are hardwired to recognize patterns. All the choices we make are informed by a cache of assumptions, both empirical and logical, unconsciously derived and consciously developed. We use these assumptions to assess the potential consequences of each choice, and we describe the ability to do all of this, quickly and accurately, as intelligence. But even the smartest among us rely on assumptions that we’ve never put to the test—and because we do, the choices we make are often flawed. Anyone who knows better, or thinks more quickly and more accurately than we do, can take advantage of those flaws to create consequences that we never expected. It’s this egalitarian nature of hacking—which doesn’t care who you are, just how you reason—that makes it such a reliable method of dealing with the type of authority figures so convinced of their system’s righteousness that it never occurred to them to test it.
After having spent roughly half that period as an employee of the American Intelligence Community and roughly the other half in exile, I know better than most how often the agencies get things wrong. I know, too, how the collection and analysis of intelligence can inform the production of disinformation and propaganda, for use as frequently against America’s allies as its enemies—and sometimes against its own citizens. Yet even given that knowledge, I still struggle to accept the sheer magnitude and speed of the change, from an America that sought to define itself by a calculated and performative respect for dissent to a security state whose militarized police demand obedience, drawing their guns and issuing the order for total submission now heard in every city: “Stop resisting.”
I embraced the truth constructed for the good of the state, which in my passion I confused with the good of the country.
once I returned from the Army and rededicated myself to computing, I gradually came to regret my martial fantasies. The more I developed my abilities, the more I matured and realized that the technology of communications had a chance of succeeding where the technology of violence had failed. Democracy could never be imposed at the point of a gun, but perhaps it could be sown by the spread of silicon and fiber.
Every agency has a head count, a legislative limit that dictates the number of people it can hire to do a certain type of work. But contractors, because they’re not directly employed by the federal government, aren’t included in that number. The agencies can hire as many of them as they can pay for, and they can pay for as many of them as they want—all they have to do is testify to a few select congressional subcommittees that the terrorists are coming for our children, or the Russians are in our emails, or the Chinese are in our power grid. Congress never says no to this type of begging, which is actually a kind of threat, and reliably capitulates to the IC’s demands.
IC directors ask Congress for money to rent contract workers from private companies, congresspeople approve that money, and then those IC directors and congresspeople are rewarded, after they retire from office, by being given high-paying positions and consultancies with the very companies they’ve just enriched. From the vantage of the corporate boardroom, contracting functions as governmentally assisted corruption. It’s America’s most legal and convenient method of transferring public money to the private purse.
I couldn’t help but think while I sat through this Indoc that the presenters were preaching to the choir. You don’t need to tell a bunch of computer whizzes that they possess superior knowledge and skills that uniquely qualify them to act independently and make decisions on behalf of their fellow citizens without any oversight or review. Nothing inspires arrogance like a lifetime spent controlling machines that are incapable of criticism.
I came to work for the CIA when it was at the nadir of its morale. Following the intelligence failures of 9/11, Congress and the executive had set out on an aggressive reorganization campaign. It included stripping the position of director of Central Intelligence of its dual role as both head of the CIA and head of the entire American IC—a dual role that the position had held since the founding of the agency in the aftermath of World War II. When George Tenet was forced out in 2004, the CIA’s half-century supremacy over all of the other agencies went with him. The CIA’s rank and file considered Tenet’s departure and the directorship’s demotion as merely the most public symbols of the agency’s betrayal by the political class it had been created to serve. The general sense of having been manipulated by the Bush administration and then blamed for its worst excesses gave rise to a culture of victimization and retrenchment. This was only exacerbated by the appointment of Porter Goss, an undistinguished former CIA officer turned Republican congressman from Florida, as the agency’s new director—the first to serve in the reduced position. The installation of a politician was taken as a chastisement and as an attempt to weaponize the CIA by putting it under partisan supervision.
Before the advent of the Internet, if an agency wanted to gain access to a target’s computer it had to recruit an asset who had physical access to it. This was obviously a dangerous proposition: the asset might be caught in the act of downloading the secrets, or of implanting the exploitative hardware and software that would radio the secrets to their handlers. The global spread of digital technology simplified this process enormously. This new world of “digital network intelligence” or “computer network operations” meant that physical access was almost never required, which reduced the level of human risk
a CO would search the name of a person from a country like Iran or China in the agency’s databases and come up empty-handed. For casual searches of prospective targets like these, No Results was actually a fairly common outcome: the CIA’s databases were mostly filled with people already of interest to the agency, or citizens of friendly countries whose records were more easily available. When faced with No Results, a CO would have to do the same thing you do when you want to look someone up: they’d turn to the public Internet. This was risky.
It may be hard to believe, but the agency at the time had no good answer for what a case officer should do in this situation
someone back in McLean would go online from a specific computer terminal and use what was called a “nonattributable research system.” This was set up to proxy—that is, fake the origin of—a query before sending it to Google. If anyone tried to look into who had run that particular search, all they would find would be an anodyne business located somewhere in America—one of the myriad fake executive-headhunter or personnel-services companies the CIA used as cover.
To create just one of these covers, the agency had to invent the purpose and name of a company, secure a credible physical address somewhere in America, register a credible URL, put up a credible website, and then rent servers in the company’s name. Furthermore, the agency had to create an encrypted connection from those servers that allowed it to communicate with the CIA network without anyone noticing the connection. Here’s the kicker: After all of that effort and money was expended just to let us anonymously Google a name, whatever front business was being used as a proxy would immediately be burned—by which I mean its connection to the CIA would be revealed to our adversaries—the moment some analyst decided to take a break from their research to log in to their personal Facebook account on that same computer. Since few of the people at headquarters were undercover, that Facebook account would often openly declare, “I work at the CIA,” or just as tellingly, “I work at the State Department, but in McLean.”