security

Snowden, MI5 and me: how the leak of the century came to be published


The phone call came at an unfortunate moment.

It was late May 2013, early evening, during a leaving drink for a colleague in a busy bar in London. At the time, I was defence and security editor, which made me the point person for contact with the UK’s intelligence agencies.

And one of them wanted to speak to me. Urgently.

The familiar voice was not as calm as usual. And this time, he was asking me the questions. And what he wanted to know came as a surprise.

The Guardian, he said, might have come into possession of some sensitive documents. Documents, he suggested, we shouldn’t have. And could we please give them back.

It came as news to me, but as I relayed this conversation up the chain of command, the panic in the official’s voice became understandable.

The Guardian hadn’t just been leaked some documents – but tens of thousands of them. They weren’t just sensitive. They were a few levels above “top secret”.

They had come from Edward Snowden.

Edward Snowden in 2019.
Edward Snowden in 2019. Photograph: Laurence Topham/The Guardian

In the days that followed, a small group of reporters and IT experts assembled in a special projects room at our offices.

Before we set to work, we had been advised that we would almost certainly be breaking the Official Secrets Act. We could be prosecuted. Prison was mentioned.

“Anyone who felt uncomfortable with the risks should leave now,” was the gist of it.

Nobody did. Snowden had provided us with important clues: the names of secret NSA and GCHQ programmes that harvested massive amounts of personal data.

Readers Also Like:  China Denies Banning iPhones, but Cites Unspecified Security ... - The New York Times

But we couldn’t pull at these threads until the documents themselves had been stored on a “safe” computer.

Many layers of encrypted security had been created, and we needed an uncrackable passphrase.

Someone chose a line from a Shelley poem. Only at the Guardian, you might think.

And only at the Guardian would this then turn into an argument about whether the name of a key 19th century Romantic poet had been misspelled, making logging into the files an even more perilous and contentious exercise.

We didn’t know how long we would have with the data, so the days were long and weekends cancelled.

Nobody else was allowed in the room, which became fetid.

With no windows to open, the blinds permanently drawn to stop anyone looking in, and personal hygiene clearly dropping down the list of priorities, the room occasionally looked and smelled like a landfill site.

One of my key contributions was to vacuum the floor when it all got too much, though the pizza boxes and empty cans of diet Coke weren’t gone for long.

Notes we didn’t need went into one of two shredders.

During a mid-afternoon panic when we thought the police might be on their way, one of the machines blew up from overfeeding. It sparked and smoked, its metal teeth gummed up, and then it popped like a toaster. Which would have made an interesting sight for any detectives bursting into the room.

Before we published each of our stories, I’d ring GCHQ. Clarissa (not her real name) probably dreaded my call. We wanted to give them a chance to comment on or clarify details, but they didn’t, and perhaps felt they couldn’t.

Readers Also Like:  There's a new Linux distro available for ethical hackers - TechRadar

These calls were invariably followed by someone from the D-notice secretariat committee – which oversees a voluntary code designed to prevent disclosure of information with national security implications – ringing me to advise us against publishing certain things. In some cases, everything.

We had conversations, though some were certainly more pointed and strained than others.

At the time, the Guardian was in a very lonely place.

In the UK, we were accused by cabinet ministers of undermining national security and aiding terrorists. The police and Crown Prosecution Service were urged to intervene.

We were gleefully derided by our rivals in the press for doing the work of criminals. In the rush to condemn us, they didn’t pause to see the big picture.

One episode is trivial, but it is illustrative.

A few months after the leak, MI5 held a briefing at its riverside headquarters in London to talk about Snowden, and the damage it believed he had done.

In fairness to the agency, it could have cut the Guardian out, but it didn’t.

As I waited in reception with some other journalists, a well-known BBC correspondent came out of the lift.

He saw me, came over and politely suggested I source a tin hat as a matter of urgency and prepare myself for the mother of all dressing downs from MI5 chiefs. He wasn’t wrong.

Upstairs in the director general’s office, I sat at one end of a long sofa, and was alarmed to see all my colleagues pressing themselves up against the other.

The Guardian, it seemed, needed to be kept at a safe distance.

Readers Also Like:  Security Principles: Addressing underlying causes of risk in complex ... - Federal Trade Commission News

A turning point

Ten years on, though, it seems indisputable that Snowden’s revelations about mass surveillance techniques and data gathering were an inflection point.

It took months for attitudes to change, but they did.

Old assumptions about the robustness of the laws, regulations and scrutinising bodies that oversee intelligence work were looked at anew – and found to be in desperate need of change.

They had been drawn up in an age that could not have conceived of the powerful tools created by government agencies, and now private companies.

An echo from the past, perhaps, as we now grapple with artificial intelligence. Who gets to keep what information and for how long is an ongoing, global debate.

It started with Snowden.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.