WASHINGTON — Intelligence officials refer to Edward J. Snowden’s job as a National Security Agency contractor as “systems administrator” — a bland name for the specialists who keep the computers humming. But his last job before leaking classified documents about N.S.A. surveillance, he told the news organization The Guardian, was actually “infrastructure analyst.”
It is a title that officials have carefully avoided mentioning, perhaps for fear of inviting questions about the agency’s aggressive tactics: an infrastructure analyst at the N.S.A., like a burglar casing an apartment building, looks for new ways to break into Internet and telephone traffic around the world.
That assignment helps explain how Mr. Snowden got hold of documents laying bare the top-secret capabilities of the nation’s largest intelligence agency, setting off a far-reaching political and diplomatic crisis for the Obama administration.
Even as some members of Congress have challenged the N.S.A.’s collection of logs of nearly every phone call Americans make, European officials furiously protested on Sunday after Mr. Snowden’s disclosure that the N.S.A. has bugged European Union offices in Washington and Brussels and, with its British counterpart, has tapped the Continent’s major fiber-optic communications cables.
On Sunday evening, The Guardian posted an article saying documents leaked by Mr. Snowden show 38 embassies and missions on a list of United States electronic surveillance targets. Some of those offices belong to allies like France, Italy, Japan and Mexico, The Guardian said.
Mr. Snowden, who planned his leaks for at least a year, has said he took the infrastructure analyst position with Booz Allen Hamilton in Hawaii in March, evidently taking a pay cut, to gain access to a fresh supply of documents.
“My position with Booz Allen Hamilton granted me access to lists of machines all over the world the N.S.A. hacked,” he told The South China Morning Post before leaving Hong Kong a week ago for Moscow, where he has been in limbo in the transit area of Sheremetyevo airport. “That is why I accepted that position about three months ago.”
A close reading of Mr. Snowden’s documents shows the extent to which the eavesdropping agency now has two new roles: It is a data cruncher, with an appetite to sweep up, and hold for years, a staggering variety of information. And it is an intelligence force armed with cyberweapons, assigned not just to monitor foreign computers but also, if necessary, to attack.
After the 2001 terrorist attacks, the documents suggest, the N.S.A. decided it was too risky to wait for leads on specific suspects before going after relevant phone and Internet records. So it followed the example of the hoarder who justifies stacks of paper because someday, somehow, a single page could prove vitally important.
The agency began amassing databases of “metadata” — logs of all telephone calls collected from the major carriers and similar data on e-mail traffic. The e-mail program was halted in 2011, though it appears possible that the same data is now gathered in some other way.
The documents show that America’s phone and Internet companies grew leery of N.S.A. demands as the years passed after 9/11, fearing that customers might be angry to find out their records were shared with the government. More and more, the companies’ lawyers insisted on legal orders to compel them to comply.
So the N.S.A. came up with a solution: store the data itself. That is evidently what gave birth to a vast data storage center that the N.S.A. is building in Utah, exploiting the declining cost of storage and the advance of sophisticated search software.
Those huge databases were once called “bit buckets” in the industry — collections of electronic bits waiting to be sifted. “They park stuff in storage in the hopes that they will eventually have time to get to it,” said James Lewis, a cyberexpert at the Center for Strategic and International Studies, “or that they’ll find something that they need to go back and look for in the masses of data.” But, he added, “most of it sits and is never looked at by anyone.”
Indeed, an obscure passage in one of the Snowden documents — rules for collecting Internet data that the Obama administration wrote in secret in 2009 and that the Foreign Intelligence Surveillance Court approved — suggested that the government was concerned about its ability to process all the data it was collecting. So it got the court to approve an exception allowing the government to hold on to that information if it could not keep up. The rules said that “the communications that may be retained” for up to five years “include electronic communications acquired because of the limitation on the N.S.A.’s ability to filter communications.”
As one private expert who sometimes advises the N.S.A. on this technology put it: “This means that if you can’t desalinate all the seawater at once, you get to hold on to the ocean until you figure it out.”
Collecting that ocean requires the brazen efforts of tens of thousands of technicians like Mr. Snowden. On Thursday, President Obama played down Mr. Snowden’s importance, perhaps concerned that the manhunt was itself damaging the image and diplomatic relations of the United States. “No, I’m not going to be scrambling jets to get a 29-year-old hacker,” the president said during a stop in Senegal.
Mr. Obama presumably meant the term to be dismissive, suggesting that Mr. Snowden (who turned 30 on June 21) was a young computer delinquent. But as an N.S.A. infrastructure analyst, Mr. Snowden was, in a sense, part of the United States’ biggest and most skilled team of hackers.
The N.S.A., Mr. Snowden’s documents show, has worked with its British counterpart, Government Communications Headquarters, to tap into hundreds of fiber-optic cables that cross the Atlantic or go on into Europe, with the N.S.A. helping sort the data. The disclosure revived old concerns that the British might be helping the N.S.A. evade American privacy protections, an accusation that American officials flatly deny.
And a secret presidential directive on cyberactivities unveiled by Mr. Snowden — discussing the primary new task of the N.S.A. and its military counterpart, Cyber Command — makes clear that when the agency’s technicians probe for vulnerabilities to collect intelligence, they also study foreign communications and computer systems to identify potential targets for a future cyberwar.
Infrastructure analysts like Mr. Snowden, in other words, are not just looking for electronic back doors into Chinese computers or Iranian mobile networks to steal secrets. They have a new double purpose: building a target list in case American leaders in a future conflict want to wipe out the computers’ hard drives or shut down the phone system.
Mr. Snowden’s collection of pilfered N.S.A. documents has cast an awkward light on officials’ past assurances to Congress and the public about their concern about Americans’ privacy.
It was only in March that James R. Clapper Jr., the director of national intelligence, told a Senate committee that the N.S.A. did not collect data on millions of Americans. Mr. Snowden’s records forced Mr. Clapper to backtrack, admitting his statement was false.
Last week, two senators challenged even the accuracy of a fact sheet prepared by the N.S.A. to counter Mr. Snowden’s claims about the phone data and Internet collection programs. Agency officials did not defend themselves; the fact sheet simply disappeared, without explanation, from the agency’s Web site.
Newly disclosed slides from an N.S.A. PowerPoint presentation on the agency’s Prism database of Internet data, posted on Saturday by The Washington Post, reveal that the F.B.I. plays a role as middleman between the N.S.A. and Internet companies like Google and Yahoo. The arrangement provides the N.S.A. with a defense, however nominal, against claims that it spies on United States soil.
Even in the unaccustomed spotlight after the N.S.A. revelations, intelligence officials have concealed more than they have revealed in careful comments, fearful of alerting potential eavesdropping targets to agency methods. They invariably discuss the N.S.A.’s role in preventing terrorist attacks, an agency priority that the public can easily grasp.
In fact, as Mr. Snowden’s documents have shown, the omnivorous agency’s operations range far beyond terrorism, targeting foreigners of any conceivable interest. British eavesdroppers working with the N.S.A. penetrated London meetings of the Group of 20 industrialized nations, partly by luring delegates to fake Internet cafes, and the N.S.A. hacked into computers at Chinese universities.
At Fort Meade, on the N.S.A.’s heavily guarded campus off the Baltimore-Washington Parkway in Maryland, such disclosures are seen as devastating tip-offs to targets. The disclosure in Mr. Snowden’s documents that Skype is cooperating with orders to turn over data to the N.S.A., for example, undermined a widespread myth that the agency could not intercept the voice-over-Internet service. Warned, in effect, by Mr. Snowden, foreign officials, drug cartel leaders and terrorists may become far more careful about how, and how much, they communicate.
“We’re seeing indications that several terrorist groups are changing their communications behavior based on these disclosures,” one intelligence official said last week, speaking on the condition of anonymity. “We’re going to miss tidbits that could be useful in stopping the next plot.”
Mr. Snowden’s breach is an unplanned test of the N.S.A.’s decades-old conviction that it can operate effectively only under absolute secrecy. The agency is conducting a damage assessment — a routine step after major leaks — but the assessment itself is likely to remain classified.
The N.S.A.’s assessment of Mr. Snowden’s case will likely also consider what has become, for intelligence officials, a chilling consideration: there are thousands of people of his generation and computer skills at the agency, hired in recent years to keep up with the communications boom.
The officials fear that some of them, like young computer aficionados outside the agency, might share Mr. Snowden’s professed libertarian streak and skepticism of the government’s secret power. Intelligence bosses are keeping a closer eye on them now, hoping that there is not another self-appointed whistle-blower in their midst.
June 30, 2013
By SCOTT SHANE and DAVID E. SANGER
© 2013 The New York Times Company