October 10, 2015
Book Excerpt: How I Met Edward Snowden
Posted on May 13, 2014
By Glenn Greenwald, TomDispatch
This piece first appeared at TomDispatch. Read Tom Engelhardt’s introduction here.
[This essay is a shortened and adapted version of Chapter 1 of Glenn Greenwald’s new book, No Place to Hide: Edward Snowden, the NSA, and the U.S. Security State, and appears at TomDispatch.com with the kind permission of Metropolitan Books.]
On December 1, 2012, I received my first communication from Edward Snowden, although I had no idea at the time that it was from him.
The contact came in the form of an email from someone calling himself Cincinnatus, a reference to Lucius Quinctius Cincinnatus, the Roman farmer who, in the fifth century BC, was appointed dictator of Rome to defend the city against attack. He is most remembered for what he did after vanquishing Rome’s enemies: he immediately and voluntarily gave up political power and returned to farming life. Hailed as a “model of civic virtue,” Cincinnatus has become a symbol of the use of political power in the public interest and the worth of limiting or even relinquishing individual power for the greater good.
Square, Site wide
The email began: “The security of people’s communications is very important to me,” and its stated purpose was to urge me to begin using PGP encryption so that “Cincinnatus” could communicate things in which, he said, he was certain I would be interested. Invented in 1991, PGP stands for “pretty good privacy.” It has been developed into a sophisticated tool to shield email and other forms of online communications from surveillance and hacking.
In this email, “Cincinnatus” said he had searched everywhere for my PGP “public key,” a unique code set that allows people to receive encrypted email, but could not find it. From this, he concluded that I was not using the program and told me, “That puts anyone who communicates with you at risk. I’m not arguing that every communication you are involved in be encrypted, but you should at least provide communicants with that option.”
“Cincinnatus” then referenced the sex scandal of General David Petraeus, whose career-ending extramarital affair with journalist Paula Broadwell was discovered when investigators found Google emails between the two. Had Petraeus encrypted his messages before handing them over to Gmail or storing them in his drafts folder, he wrote, investigators would not have been able to read them. “Encryption matters, and it is not just for spies and philanderers.”
“There are people out there you would like to hear from,” he added, “but they will never be able to contact you without knowing their messages cannot be read in transit.” Then he offered to help me install the program. He signed off: “Thank you. C.”
Using encryption software was something I had long intended to do. I had been writing for years about WikiLeaks, whistleblowers, the hacktivist collective known as Anonymous, and had also communicated with people inside the U.S. national security establishment. Most of them are concerned about the security of their communications and preventing unwanted monitoring. But the program is complicated, especially for someone who had very little skill in programming and computers, like me. So it was one of those things I had never gotten around to doing.
C.’s email did not move me to action. Because I had become known for covering stories the rest of the media often ignores, I frequently hear from all sorts of people offering me a “huge story,” and it usually turns out to be nothing. And at any given moment I am usually working on more stories than I can handle. So I need something concrete to make me drop what I’m doing in order to pursue a new lead.
Three days later, I heard from C. again, asking me to confirm receipt of the first email. This time I replied quickly. “I got this and am going to work on it. I don’t have a PGP code, and don’t know how to do that, but I will try to find someone who can help me.”
C. replied later that day with a clear, step-by-step guide to PGP: Encryption for Dummies, in essence. At the end of the instructions, he said these were just “the barest basics.” If I couldn’t find anyone to walk me through the system, he added, “let me know. I can facilitate contact with people who understand crypto almost anywhere in the world.”
This email ended with more a pointed sign-off: “Cryptographically yours, Cincinnatus.”
Despite my intentions, I did nothing, consumed as I was at the time with other stories, and still unconvinced that C. had anything worthwhile to say.
In the face of my inaction, C. stepped up his efforts. He produced a 10-minute video entitled PGP for Journalists.
It was at that point that C., as he later told me, became frustrated. “Here am I,” he thought, “ready to risk my liberty, perhaps even my life, to hand this guy thousands of Top Secret documents from the nation’s most secretive agency—a leak that will produce dozens if not hundreds of huge journalistic scoops. And he can’t even be bothered to install an encryption program.”
That’s how close I came to blowing off one of the largest and most consequential national security leaks in U.S. history.
The next I heard of any of this was 10 weeks later. On April 18th, I flew from my home in Rio de Janeiro to New York, and saw on landing at JFK Airport, that I had an email from Laura Poitras, the documentary filmmaker. “Any chance you’ll be in the U.S. this coming week?” she wrote. “I’d love to touch base about something, though best to do in person.”
I take seriously any message from Laura Poitras. I replied immediately: “Actually, just got to the U.S. this morning… Where are you?” We arranged a meeting for the next day in the lobby at my hotel and found seats in the restaurant. At Laura’s insistence, we moved tables twice before beginning our conversation to be sure that nobody could hear us. Laura then got down to business. She had an “extremely important and sensitive matter” to discuss, she said, and security was critical.
First, though, Laura asked that I either remove the battery from my cell phone or leave it in my hotel room. “It sounds paranoid,” she said, but the government has the capability to activate cell phones and laptops remotely as eavesdropping devices. I’d heard this before from transparency activists and hackers but tended to write it off as excess caution. After discovering that the battery on my cell phone could not be removed, I took it back to my room, then returned to the restaurant.
New and Improved Comments