Permanent Record (15 page)

As was evident from the condition of the Comfort Inn, the school had been cutting some corners. Some of my classmates had begun to suspect that the administration was actually, believe it or not, violating federal labor laws. As a work-obsessed recluse, I initially wasn’t bothered by this, nor was anyone around my age. For us, this was the sort of low-level exploitation we’d experienced so often that we already mistook it for normal. But unpaid overtime, denied leave, and refusals to honor family benefits made a difference to the older classmates. The Colonel had alimony payments, and Spo had a family: every dollar counted, every minute mattered.

These grievances came to a head when the decrepit stairs at the Comfort Inn finally collapsed. Luckily no one was injured, but everyone was spooked, and my classmates started grumbling that if the building had been bankrolled by any entity other than the CIA, it would’ve been condemned for fire-code violations years ago. The discontent spread, and soon enough what was basically a school for saboteurs was close to unionizing. Management, in re
sponse, dug in its heels and decided to wait us out, since everybody involved eventually had to either graduate or be fired.

A few of my classmates approached me. They knew that I was well liked by the instructors, since my skills put me near the top of my class. They were also aware, because I’d worked at headquarters, that I knew my way around the bureaucracy. Plus I could write pretty well—at least by tech standards. They wanted me to act as a sort of class representative, or class martyr, by formally bringing their complaints to the head of the school.

I’d like to say that I was motivated to take on this cause solely by my aggrieved sense of justice. But while that certainly did factor into the decision, I can’t deny that for a young man who was suddenly excelling at nearly everything he attempted, challenging the school’s crooked administration just sounded like fun. Within an hour I was compiling policies to cite from the internal network, and before the day was done my email was sent.

The next morning the head of the school had me come into his office. He admitted the school had gone off the rails, but said the problems weren’t anything he could solve. “You’re only here for twelve more weeks—do me a favor and just tell your classmates to suck it up. Assignments are coming up soon, and then you’ll have better things to worry about. All you’ll remember from your time here is who had the best performance review.”

What he said had been worded in such a way that it might’ve been a threat, and it might’ve been a bribe. Either way, it bothered me. By the time I left his office the fun was over, and it was justice I was after.

I walked back into a class that had expected to lose. I remember Spo noticing my frown and saying, “Don’t feel bad, man. At least you tried.”

He’d been at the agency longer than any of my other classmates; he knew how it worked, and how ludicrous it was to trust management to fix something that management itself had broken. I was a bureaucratic innocent by comparison, disturbed by the loss and by the ease with which Spo and the others accepted it. I
hated the feeling that the mere fiction of process was enough to dispel a genuine demand for results. It wasn’t that my classmates didn’t care enough to fight, it was that they couldn’t afford to: the system was designed so that the perceived cost of escalation exceeded the expected benefit of resolution. At age twenty-four, though, I thought as little of the costs as I did of the benefits; I just cared about the system. I wasn’t finished.

I rewrote and re-sent the email—not to the head of the school now, but to his boss, the director of Field Service Group. Though he was higher up the totem pole than the head of the school, the D/FSG was pretty much equivalent in rank and seniority to a few of the personnel I’d dealt with at headquarters. Then I copied the email to
his
boss, who definitely was not.

A few days later, we were in a class on something like false subtraction as a form of field-expedient encryption, when a front-office secretary came in and declared that the old regime had fallen. Unpaid overtime would no longer be required, and, effective in two weeks, we were all being moved to a much nicer hotel. I remember the giddy pride with which she announced, “A Hampton Inn!”

I had only a day or so to revel in my glory before class was interrupted again. This time, the head of the school was at the door, summoning me back to his office. Spo immediately leaped from his seat, enveloped me in a hug, mimed wiping away a tear, and declared that he’d never forget me. The head of the school rolled his eyes.

There, waiting in the school head’s office was the director of the Field Service Group—the school head’s boss, the boss of nearly everyone on the TISO career track, the boss whose boss I’d emailed. He was exceptionally cordial, and didn’t project any of the school head’s clenched-jaw irritation. This unnerved me.

I tried to keep a calm exterior, but inside I was sweating. The head of the school began our chat by reiterating how the issues the class had brought to light were in the process of being resolved. His superior cut him off. “But why we’re here is not to talk
about that. Why we’re here is to talk about insubordination and the chain of command.”

If he’d slapped me, I would’ve been less shocked.

I had no idea what the director meant by insubordination, but before I had the opportunity to ask, he continued. The CIA was quite different from the other civilian agencies, he said, even if, on paper, the regulations insisted it wasn’t. And in an agency that did such important work, there was nothing more important than the chain of command.

Raising a forefinger, automatically but politely, I pointed out that before I emailed above my station, I’d
tried
the chain of command and been failed by it. Which was precisely the last thing I should have been explaining to the chain of command itself, personified just across a desk from me.

The head of the school just stared at his shoes and occasionally glanced out the window.

“Listen,” his boss said. “Ed, I’m not here to file a ‘hurt feelings report.’ Relax. I recognize that you’re a talented guy, and we’ve gone around and talked to all of your instructors and they say you’re talented and sharp. Even volunteered for the war zone. That’s something we appreciate. We want you here, but we need to know that we can count on you. You’ve got to understand that there’s a system here. Sometimes we’ve all got to put up with things we don’t like, because the mission comes first, and we can’t complete that mission if every guy on the team is second-guessing.” He took a pause, swallowed, and said, “Nowhere is this more true than in the desert. A lot of things happen out in the desert, and I’m not sure that we’re at a stage yet where I’m comfortable you’ll know how to handle them.”

This was their gotcha, their retaliation. And though it was entirely self-defeating, the head of the school was now smiling at the parking lot. No one besides me—and I mean no one—had put down SRD, or any other active combat situation for that matter, as their first or second or even third choice on their dream sheets. Everyone else had prioritized all the stops on the European cham
pagne circuit, all the neat sweet vacation-station burgs with windmills and bicycles, where you rarely hear explosions.

Almost perversely, they now gave me one of these assignments. They gave me Geneva. They punished me by giving me what I’d never asked for, but what everybody else had wanted.

As if he were reading my mind, the director said, “This isn’t a punishment, Ed. It’s an opportunity—really. Someone with your level of expertise would be wasted in the war zone. You need a bigger station, that pilots the newest projects, to really keep you busy and stretch your skills.”

Everybody in class who’d been congratulating me would later turn jealous and think that I’d been bought off with a luxury position to avoid further complaints. My reaction, in the moment, was the opposite: I thought that the head of the school must have had an informant in the class, who’d told him exactly the type of station I’d hoped to avoid.

The director got up with a smile, which signaled that the meeting was over. “All right, I think we’ve got a plan. Before I leave, I just want to make sure we’re clear here: I’m not going to have another Ed Snowden moment, am I?”

Mary Shelley’s
Frankenstein,
written in 1818, is largely set in Geneva, the bustling, neat, clean, clockwork-organized Swiss city where I now made my home. Like many Americans, I’d grown up watching the various movie versions and TV cartoons, but I’d never actually read the book. In the days before I left the States, however, I’d been searching for what to read about Geneva, and in nearly all the lists I found online,
Frankenstein
stood out from among the tourist guides and histories. In fact, I think the only PDFs I downloaded for the flight over were
Frankenstein
and the Geneva Conventions, and I only finished the former. I did my reading at night over the long, lonely months I spent by myself before Lindsay moved over to join me, stretched out on a bare mattress in the living room of the comically fancy, comically vast, but still almost entirely unfurnished apartment that the embassy was paying for on the Quai du Seujet, in the Saint-Jean Falaises district, with the Rhône out one window and the Jura Mountains out the other.

Suffice it to say, the book wasn’t what I expected.
Frankenstein
is an epistolary novel that reads like a thread of overwritten emails, alternating scenes of madness and gory murder with a cautionary
account of the way technological innovation tends to outpace all moral, ethical, and legal restraints. The result is the creation of an uncontrollable monster.

In the Intelligence Community, the “Frankenstein effect” is widely cited, though the more popular military term for it is “blowback”: situations in which policy decisions intended to advance American interests end up harming them irreparably. Prominent examples of the “Frankenstein effect” cited by after-the-fact civilian, governmental, military, and even IC assessments have included America’s funding and training of the mujahideen to fight the Soviets, which resulted in the radicalization of Osama bin Laden and the founding of al-Qaeda, as well as the de-Baathification of the Saddam Hussein–era Iraqi military, which resulted in the rise of the Islamic state. Without a doubt, however, the major instance of the Frankenstein effect over the course of my brief career can be found in the US government’s clandestine drive to restructure the world’s communications. In Geneva, in the same landscape where Mary Shelley’s creature ran amok, America was busy creating a network that would eventually take on a life and mission of its own and wreak havoc on the lives of its creators—mine very much included.

The CIA station in the American embassy in Geneva was one of the prime European laboratories of this decades-long experiment. This city, the refined Old World capital of family banking and an immemorial tradition of financial secrecy, also lay at the intersection of EU and international fiber-optic networks, and happened to fall just within the shadow of key communications satellites circling overhead.

The CIA is the primary American intelligence agency dedicated to HUMINT (human intelligence), or covert intelligence gathering by means of interpersonal contact—person to person, face-to-face, unmediated by a screen. The COs (case officers) who specialized in this were terminal cynics, charming liars who smoked, drank, and harbored deep resentment toward the rise of SIGINT (signals
intelligence), or covert intelligence gathering by means of intercepted communications, which with each passing year reduced their privilege and prestige. But though the COs had a general distrust of digital technology reminiscent of Frank’s back at headquarters, they certainly understood how useful it could be, which produced a productive camaraderie and a healthy rivalry. Even the most cunning and charismatic CO will, over the course of their career, come across at least a few zealous idealists whose loyalties they can’t purchase with envelopes stuffed with cash. That was typically the moment when they’d turn to technical field officers like myself—with questions, compliments, and party invitations.

To serve as a technical field officer among these people was to be as much a cultural ambassador as an expert adviser, introducing the case officers to the folkways and customs of a new territory no less foreign to most Americans than Switzerland’s twenty-six cantons and four official languages. On Monday, a CO might ask my advice on how to set up a covert online communications channel with a potential turncoat they were afraid to spook. On Tuesday, another CO might introduce me to someone they’d say was a “specialist” in from Washington—though this was in fact the same CO from the day before, now testing out a disguise that I’m still embarrassed to say I didn’t suspect in the least, though I suppose that was the point. On Wednesday, I might be asked how best to destroy-after-transmitting (the technological version of burn-after-reading) a disc of customer records that a CO had managed to purchase from a crooked Swisscom employee. On Thursday, I might have to write up and transmit security violation reports on COs, documenting minor infractions like forgetting to lock the door to a vault when they’d gone to the bathroom—a duty I’d perform with considerable compassion, since I once had had to write up myself for exactly the same mistake. Come Friday, the chief of operations might call me into his office and ask me if, “hypothetically speaking,” headquarters could send over an infected thumb drive that could be used by “someone” to hack the comput
ers used by delegates to the United Nations, whose main building was just up the street—did I think there was much of a chance of this “someone” being caught?

I didn’t and they weren’t.

In sum, during my time in the field, the field was rapidly changing. The agency was increasingly adamant that COs enter the new millennium, and technical field officers like myself were tasked with helping them do that in addition to all of our other duties. We put them online, and they put up with us.

Geneva was regarded as ground zero for this transition because it contained the world’s richest environment of sophisticated targets, from the global headquarters of the United Nations to the home offices of numerous specialized UN agencies and international nongovernmental organizations. There was the International Atomic Energy Agency, which promotes nuclear technology and safety standards worldwide, including those that relate to nuclear weaponry; the International Telecommunication Union, which—through its influence over technical standards for everything from the radio spectrum to satellite orbits—determines what can be communicated and how; and the World Trade Organization, which—through its regulation of the trade of goods, services, and intellectual property among participating nations—determines what can be sold and how. Finally, there was Geneva’s role as the capital of private finance, which allowed great fortunes to be stashed and spent without much public scrutiny regardless of whether those fortunes were ill-gotten or well earned.

The notoriously slow and meticulous methods of traditional spycraft certainly had their successes in manipulating these systems for America’s benefit, but ultimately too few to satisfy the ever-increasing appetite of the American policy makers who read the IC’s reports, especially as the Swiss banking sector—along with the rest of the world—went digital. With the world’s deepest secrets now stored on computers, which were more often than not connected to the open Internet, it was only logical that America’s
intelligence agencies would want to use those very same connections to steal them.

Before the advent of the Internet, if an agency wanted to gain access to a target’s computer it had to recruit an asset who had physical access to it. This was obviously a dangerous proposition: the asset might be caught in the act of downloading the secrets, or of implanting the exploitative hardware and software that would radio the secrets to their handlers. The global spread of digital technology simplified this process enormously. This new world of “digital network intelligence” or “computer network operations” meant that physical access was almost never required, which reduced the level of human risk and permanently realigned the HUMINT/SIGINT balance. An agent now could just send the target a message, such as an email, with attachments or links that unleashed malware that would allow the agency to surveil not just the target’s computer but its entire network. Given this innovation, the CIA’s HUMINT would be dedicated to the identification of targets of interest, and SIGINT would take care of the rest. Instead of a CO cultivating a target into an asset—through cash-on-the-barrel bribery, or coercion and blackmail if the bribery failed—a few clever computer hacks would provide a similar benefit. What’s more, with this method the target would remain unwitting, in what would inevitably be a cleaner process.

That, at least, was the hope. But as intelligence increasingly became “cyberintelligence” (a term used to distinguish it from the old phone-and-fax forms of off-line SIGINT), old concerns also had to be updated to the new medium of the Internet. For example: how to research a target while remaining anonymous online.

This issue would typically emerge when a CO would search the name of a person from a country like Iran or China in the agency’s databases and come up empty-handed. For casual searches of prospective targets like these, No Results was actually a fairly common outcome: the CIA’s databases were mostly filled with people already of interest to the agency, or citizens of friendly countries
whose records were more easily available. When faced with No Results, a CO would have to do the same thing you do when you want to look someone up: they’d turn to the public Internet. This was risky.

Normally when you go online, your request for any website travels from your computer more or less directly to the server that hosts your final destination—the website you’re trying to visit. At every stop along the way, however, your request cheerfully announces exactly where on the Internet it came from, and exactly where on the Internet it’s going, thanks to identifiers called source and destination headers, which you can think of as the address information on a postcard. Because of these headers, your Internet browsing can easily be identified as yours by, among others, webmasters, network administrators, and foreign intelligence services.

It may be hard to believe, but the agency at the time had no good answer for what a case officer should do in this situation, beyond weakly recommending that they ask CIA headquarters to take over the search on their behalf. Formally, the way this ridiculous procedure was supposed to work was that someone back in McLean would go online from a specific computer terminal and use what was called a “nonattributable research system.” This was set up to proxy—that is, fake the origin of—a query before sending it to Google. If anyone tried to look into who had run that particular search, all they would find would be an anodyne business located somewhere in America—one of the myriad fake executive-headhunter or personnel-services companies the CIA used as cover.

I can’t say that anyone ever definitively explained to me why the agency liked to use “job search” businesses as a front; presumably they were the only companies that might plausibly look up a nuclear engineer in Pakistan one day and a retired Polish general the next. I can say with absolute certainty, however, that the process was ineffective, onerous, and expensive. To create just one of these covers, the agency had to invent the purpose and name of a
company, secure a credible physical address somewhere in America, register a credible URL, put up a credible website, and then rent servers in the company’s name. Furthermore, the agency had to create an encrypted connection from those servers that allowed it to communicate with the CIA network without anyone noticing the connection. Here’s the kicker: After all of that effort and money was expended just to let us anonymously Google a name, whatever front business was being used as a proxy would immediately be burned—by which I mean its connection to the CIA would be revealed to our adversaries—the moment some analyst decided to take a break from their research to log in to their personal Facebook account on that same computer. Since few of the people at headquarters were undercover, that Facebook account would often openly declare, “I work at the CIA,” or just as tellingly, “I work at the State Department, but in McLean.”

Go ahead and laugh. Back then, it happened all the time.

During my stint in Geneva, whenever a CO would ask me if there was a safer, faster, and all-around more efficient way to do this, I introduced them to Tor.

The Tor Project was a creation of the state that ended up becoming one of the few effective shields against the state’s surveillance. Tor is free and open-source software that, if used carefully, allows its users to browse online with the closest thing to perfect anonymity that can be practically achieved at scale. Its protocols were developed by the US Naval Research Laboratory throughout the mid-1990s, and in 2003 it was released to the public—to the worldwide civilian population on whom its functionality depends. This is because Tor operates on a cooperative community model, relying on tech-savvy volunteers all over the globe who run their own Tor servers out of their basements, attics, and garages. By routing its users’ Internet traffic through these servers, Tor does the same job of protecting the origin of that traffic as the CIA’s “non-attributable research” system, with the primary difference being that Tor does it better, or at least more efficiently. I was al
ready convinced of this, but convincing the gruff COs was another matter altogether.

With the Tor protocol, your traffic is distributed and bounced around through randomly generated pathways from Tor server to Tor server, with the purpose being to replace your identity as the source of a communication with that of the last Tor server in the constantly shifting chain. Virtually none of the Tor servers, which are called “layers,” know the identity of, or any identifying information about, the origin of the traffic. And in a true stroke of genius, the one Tor server that
does
know the origin—the very first server in the chain—
does not
know where that traffic is headed. Put more simply: the first Tor server that connects you to the Tor network, called a gateway, knows you’re the one sending a request, but because it isn’t allowed to read that request, it has no idea whether you’re looking for pet memes or information about a protest, and the final Tor server that your request passes through, called an exit, knows exactly what’s being asked for, but has no idea who’s asking for it.