Editor's Note: This article was originally published in 2013 and was updated in January 2014. It has been updated again.
Edward Snowden didn't just change the debate. As of Monday, he changed the law.
The USA Patriot Act expired at midnight after US Senator Rand Paul, drawing on the classified information Snowden leaked in 2013 about NSA surveillance programs, blocked the Senate from voting on an extension.
Ever since Congress passed the controversial law in October 2011, proponents have argued its provisions give law enforcement and government agencies the power they need to keep the United States safe from terrorist attacks like 9/11. Critics have said those powers are far too broad. They've stripped away civil liberties and privacy and made it too easy for the government and law enforcement to spy on US citizens without accountability.
Snowden showed the world just how far those powers had been stretched. For two years, his revelations have shaped public and political debate about surveillance, national security, and privacy. Now the Senate will debate a pared-down bill called the USA Freedom Act, which ends some of the NSA's most controversial programs, including bulk collection of US phone records.
Here's what Snowden has taught us (so far):
1) Can you hear me now?
The Guardian reported on June 6, 2013 that, according to documents leaked by Edward Snowden, the Obama administration enabled the National Security Agency to collect caller information from Verizon through a “business records” provision of the Patriot Act, established under President George W. Bush. The government ordered Verizon to hand over call information on a daily basis, including the time, location and duration of calls. The Bush administration began collecting such information in October 2001 from AT&T, Verizon and BellSouth, which USA Today reported in 2006.
While US officials sought to reassure the public that such surveillance was legal and part of an ongoing program vital to national security, many Americans called the domestic spying an unnecessary invasion of privacy and lamented that it was even legal in the first place. A national debate quickly erupted.(Mario Tama/Getty Images)
2) Yes we scan
Snowden also leaked a secret 41-slide PowerPoint presentation apparently used to train US intelligence personnel. The slides detail the NSA’s involvement in a then-clandestine program called PRISM.
PRISM is the NSA effort to collect massive amounts of data from internet companies such as email content, search histories and file transfers tied to potential terrorism or espionage suspects. The PowerPoint presentation confirmed that the NSA is able to directly access the servers of "major US service providers,” describing collaboration with tech companies like YouTube, Skype, Google and Apple. Google, Apple, and others in the tech industry, however, denied awareness of the program.
PRISM began in 2007 with Microsoft and expanded to include Apple in 2012. To be subject to PRISM surveillance, there need only be “reasonable suspicion” that one of the suspects is outside the United States. Unlike the Verizon court-ordered collaboration, the government can access live information, photos, video chats and data from social networks directly through the companies’ servers without required consent or individual court orders. One slide puts the cost of the program at $20 million per year.
Domestically, PRISM was criticized for its ability to collect data on US citizens unintentionally. Also, the revelations coincided with a meeting between Chinese President Xi Jinping and Obama, adding tension to an already heated dialogue over cyber-espionage between the two countries. The summit in California was focused on US accusations of Chinese cyberattacks; but the US had little credibility in the wake of the Snowden leaks. China was adamant that it too was the victim of US attacks. EU countries were also brought into the mix, and European citizens now worry they have been spied upon through the PRISM program.
3) Boundless Informant
Boundless Informant is a tool that allows the NSA to compile and track the “metadata” it collects around the world. In the month of March alone, nearly 3 billion pieces of information were collected from US networks and 97 billion pieces worldwide, the Guardian reported on June 8.
A “global heat map” sorts the intelligence sources by country, type, and volume, allowing quick analysis of which countries are most targeted, as well as when the information was gathered. The program is reviewed periodically, according to the documents, with operators able to make recommendations for future improvement.
Boundless Informant proved that despite assurances to Congress to the contrary, the NSA does keep track of the surveillance it performs on US citizens. James Clapper, director of national intelligence, defended the government’s use of the PRISM program and condemned “reckless disclosures" of its details by media. It was the first time Clapper named the program publicly. The intelligence director now faces criticism that he misled Congress when he earlier said the NSA did not have the tools to assess the extent of information gathered on US citizens. Clapper remains adamant that any information gathered on US citizens is "unwitting,” rather than the result of targeted surveillance.
4) The United States is hacking China
Snowden, speaking with The South China Morning Post, gave his first press interview with an outlet other than the Guardian after revealing himself as the source of the leaks on June 12. He said he would stay in Hong Kong until he is "asked to leave,” and said that he took up his previous role as a consultant with Booz Allen Hamilton with the intent of disseminating state secrets. (Snowden would later fly to Moscow and initiate asylum applications with more than 20 countries, many of them denied.) Snowden also told the South China Morning Post that the NSA has been hacking mainland Chinese and Hong Kong computers since 2009. He claimed the NSA hacked networks at the Chinese University of Hong Kong, home to the Hong Kong Internet Exchange and Hong Kong’s main terminal for all internet traffic.
Snowden's statements hardened the standoff between China and the United States over hacking. Hong Kong Secretary for Security Lai Tung-kwok announced that the Hong Kong Internet Exchange has been monitored but appears unaffected, while Chinese University announced that it has not found evidence of hacking on its servers.
The domestic debate in the United States began to reach a fever pitch. A Gallup Poll conducted between June 10 and June 11 placed support among Americans for Snowden’s actions at 44 percent, while 42 percent said his actions were wrong. Still, the poll found that 57 percent of respondents did not support the NSA’s surveillance programs as outlined in the leaked documents, while 37 percent approved.
5) Britain targets G20 members
Another PowerPoint presentation leaked on June 16 outlines how the Government Communications Headquarters (GCHQ), Britain’s equivalent to the NSA, used real-time surveying of delegates' phone communications at the G20 Summit in 2009. The intent of the surveillance was to gain diplomatic advantage at the meetings, which came in the wake of the 2008 financial crisis. British officials could obtain real-time readings of calls made by targeted persons and read their emails without notice.
There is specific mention in the slides of targeting “the Turkish finance minister and possibly 15 others in his party,” according to the Guardian. The slides suggest “senior level” members of government in Gordon Brown’s administration, Britain's prime minister at the time, were aware of the intelligence gathering and that the information “was passed to British ministers.” The presentation also alludes to such covert techniques being neither unprecedented nor unique.
The revelations incited ire from Russia, Turkey and South Africa, all of which had diplomats directly targeted at various times during the summit. While there is consensus that many countries engage in similar acts of espionage, the publicity was nonetheless damaging to the UK government’s reputation. The news added to mounting concern in the international community about links between UK's GCHQ and the NSA’s PRISM program.
6) NSA procedures
On June 20, the Guardian revealed two more documents obtained by Snowden (viewable here and here). Signed by Attorney General Eric Holder in 2009, the documents shed light on procedures sanctioned by the Foreign Intelligence Surveillance Court. According to the documents, the NSA can keep (and make use of) information inadvertently gathered on US citizens for a period of up to five years — without a warrant — but only if the information is deemed to be relevant in preventing national security threats or to aid further investigations. The information can be sent to allied governments or foreign organizations, so long as the person’s identity is anonymous.
While the documents outline the circumstances the NSA must destroy data collected from US citizens, as well as the rigorous steps analysts are supposed to take to make sure a target is outside the United States, they also reveal several ways the NSA can continue to use data collected on US citizens. The revelations appear to contradict statements by Obama and others that the NSA cannot access data on US citizens without a warrant.
Patrick McFarland, inspector general for the US Office of Personnel Management, meanwhile, announced an ongoing probe into whether a proper background check was conducted before Snowden was given a Top Secret/Sensitive Compartmented Information-level clearance.
The investigation focused on the operations of US Investigations Services (USIS), a Virginia-based information and security company employed by the government to conduct background checks. US government officials came under fire during a Senate subcommittee hearing investigating why the NSA hired Snowden despite discrepancies on his resume. Booz Allen Hamilton noted potential issues but failed to act and USIS, which screened Snowden for his government security clearance before his work with Booz Allen Hamilton, was similarly unsuccessful in acting on any suspicous elements.
7) Friends who hack together stay together
The Guardian revealed slides on June 21 created by the UK spy agency GCHQ with titles like “Mastering the Internet” and “Global Telecoms Exploitation.” The slides outline Tempora, an 18-month-old program the GCHQ uses to store metadata for up to 30 days and content data for up to three days, allowing the agency to sift through reams of information legally.
The documents show the extent to which the GCHQ has been able to tap 200 fiber-optic cables laid beneath the Atlantic Ocean, potentially accessing over “21 petabytes of communications data a day.”
The slides indicate that private companies are required to give GCHQ discreet access to tap the cables. The United Kingdom shared that information with the NSA beginning in 2011, giving the US spy agency unlimited access to GCHQ data. The slides show that “850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.”
Officials and private citizens raised concerns on both sides of the Atlantic that there is insufficient oversight and limited restrictions on the UK’s fiber-optic surveillance system. The close-knit relationship between the US and UK intelligence agencies, as well as the NSA’s unfiltered access to Britain’s world-leading cyber-surveillance stores, came under heightened scrutiny. Some diplomats worried that the revelations could negatively impact EU-US trade discussions, and that China-US cybersecurity talks, already on a tentative footing, could suffer as well.
8) NSA targets China's largest research hub and major telecommunications provider
Speaking to The South China Morning Post, Snowden said on June 23 that the NSA has hacked into computer networks at Tsinghua University an unknown number of times. Snowden said on a single day in January 63 computers and servers were hacked. Snowden argued that the internal and external IP addresses he disclosed could only come from hacking or physical access to the computers.
The facility at Tsinghua University is one of six backbone networks that comprise the China Education and Research Network (CERNET), through which internet data for millions of Chinese can be accessed. The system was the first of its kind and is now the largest national research hub in the world. It is owned by the Ministry of Education and maintained by the university and other colleges.
The South China Morning Post also published the allegation from Snowden that US agents hacked the Hong Kong headquarters of Pacnet, a privately-owned company that provides the majority of fiber-optic cables in the Asia Pacific and has stations across the region. Most Pacnet cables bring internet connections to and from the United States, where some of the world’s largest cloud computing and internet search engines are based.
Following Snowden’s latest revelations, China’s Ministry of Foreign Affairs created a new office for handling “diplomatic activities involving cyber security.” Chinese diplomats said China has been the victim of US hacking many times before, and that the issue would be discussed as part of a US-China “strategic and security dialogue.” Despite concerns that the issue could derail any progress diffusing tension over cybersecurity issues, talks between the two countries were set to continue.
9) Fail-safe switch
Glenn Greenwald, the Guardian journalist who received Snowden’s first leak, told The Daily Beast that the rest of Snowden’s files have been disseminated around the world. If something unforeseen befalls Snowden, Greenwald reported, more information will inevitably be leaked.
Greenwald said that though the still-secret documents are encrypted, Snowden has made arrangements for the passwords to reach those with the files if he is unable to access them himself.
Greenwald also said Snowden gave him many more documents than those so far released and believes Snowden has even more on top of that. The documents are said to be stored on four laptops in Snowden’s possession. Greenwald said he does not wish to publish any details of the NSA’s surveillance systems that could foster or enable security breaches, nor does Snowden.
The fact that Snowden made multiple copies of the classified intelligence he carries created renewed angst among US officials. New questions were raised as to whether the US intelligence community can adequately stem the current leak and prevent future breaches from occurring.
10) NSA surveils Europe
German news magazine Der Spiegel revealed on June 29 it had seen part of a 2010 document, obtained by Snowden, showing that the NSA spied on European citizens and EU officials.
The document reportedly specifies Europeans as a “location target,” with Germans singled out as a major focus of US eavesdropping. The document also mentions telecommunications hacking — first reported by EU officials five years ago — of the EU Council of Ministers and the European Council at the Justus Lipsius Building in Brussels. Calls from an NSA-occupied building at the NATO headquarters outside of Brussells, according to the document, were traced to the Lipsius Building.
Europeans erupted in anger over the new allegations. German Justice Minister Sabine Leutheusser-Schnarrenberger said: "If the media reports are accurate, then this recalls the methods used by enemies during the Cold War."
Grievences with the US surveillance program were particularly evident in Germany where, after a frank conversation between German Chancellor Angela Merkel and Obama during his visit to Berlin earlier in the month, cybersecurity was a hot topic.
11) Dozens of embassies hacked
On July 1, The Guardian revealed a 2007 document that named 38 embassies and missions that were “targets” of US surveillance, including the EU embassy in Washington and its mission in New York.
It was unclear, according to The Guardian, whether those on the list were targets of the NSA only, or if agencies like the CIA and FBI were also watching them. The document described bugging fax machines with listening devices and listed the names of programs like “Wabash,” an operation directed at the French embassy in Washington.
The list of countries targeted was not limited to EU members or the traditional enemies of the United States, but instead includes the likes of India and Mexico, as well as Greece and Turkey. Gaining insider knowledge of diplomatic relations between the targeted states and the United States was the primary goal of the targeted surveillance, The Guardian reported.
The intelligence leak may have jeopardized the largest attempted free trade agreement in the world, with negotiations between the EU and United States set to begin on July 8 in Washington, DC on a new free trade pact. French President Francois Hollande made public his anger over the covert operations, saying that any future negotiations will be contingent on the United States ceasing all unauthorized surveillance of EU buildings and personnel. US officials have tried to smooth over the dispute, but the success of the trade agreement may still hang in the balance.
12) Dilma's dilemma
In July, The Guardian reported that Brazil is second only to the United States when it comes to the amount of communications subject to NSA surveillance. The NSA had been intensively spying on millions of Brazilians, including allegedly eavesdropping on Rousseff’s own emails and phone calls.
At September's G20 summit in Russia, Brazilian President Dilma Rousseff held a one-on-one meeting with Obama in which he personally undertook to investigate the issue and report back to her. But before he got a chance to do so, more NSA disclosures revealed that the agency had also targeted Petrobras, Brazil’s state oil company, in what Rousseff said amounted to industrial espionage.
As a result, Rousseff called off her Oct. 23 visit to the White House, demanding answers and a commitment from Washington to stop snooping in her country. It was set to be the first state visit by a Brazilian president in about two decades, and the only one scheduled this year at the White House. Although the Obama administration claimed the postponement was a joint decision made by the two presidents, some media described it as the sternest rebuke yet from a friendly nation over NSA leaks.
Brazil also said it would take steps to break away from the American-run internet. These steps include forcing internet companies like Google and Facebook to build servers inside Brazil's borders so that they're subject to Brazilian privacy laws; building more internet exchange points to route Brazilian traffic around potential spyware; launching a state-run email service to act as an alternative to Gmail, Yahoo! Mail and others; and laying a new underwater cable to Europe so that Brazil can connect with countries there directly.
13) Your address book is the NSA's address book
As reported Oct. 14 by the Washington Post, the latest Snowden leaks reveal that the NSA has secretly been collecting millions of email and chat contact lists around the world. The program reportedly takes in as many as 500,000 contacts from email inboxes and chat rooms every day. The Post described an average day's gleaning as follows: "444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers."
The newly unveiled program expands on the NSA’s reach even beyond the already expansive PRISM and Xkeyscore programs, which gave the government the ability to access nearly all digital communications.
A spokesman with the organization responsible for the NSA, the Office of the Director of National Intelligence, said, "we are not interested in personal information about ordinary Americans." And in June, Obama said the NSA's efforts to access digital communications did not apply to people living in the United States. But this latest revelation suggests otherwise.
14) No exceptions: US allies tangled up and blue
A new round of revelations, courtesy of Snowden, leaked on Oct. 28 focused on the scope of the United States spying on its own allies, including Germany, France and Spain.
According to media, the NSA had tapped the phones of some 35 world leaders including close ally German Chancellor Angela Merkel, who branded the snooping unacceptable between friends. Spanish media reports that the NSA monitored 60 million phone calls in Spain in one month, according to the BBC.
As a result, tensions are rising between the US and various allies. Merkel personally called Obama on Oct. 23, demanding an explanation, the Guardian reported. Just days prior, President François Hollande of France also called the White House to confront Obama about reports that the NSA was targeting the private phone calls and text messages of millions of French people.
The BBC says there's less of an uproar in Spain than in other European countries, though the Spanish newspaper El Mundo is pressing the government to charge the NSA with spying, which has already prompted more of a response from the Spanish authorities, calling the eavesdropping "inappropriate and unacceptable."
15) The future of spying is the Quantum computer
The Washington Post reported on Jan. 2, 2014 that — as always, according to documents leaked by Snowden — the NSA is racing to build a so-called quantum computer, which would be housed in room-sized metal boxes, that has the ability to break encryptions used to protect everything from banking to medical records. The new quantum computer is part of a $79.7 million program suggestively called "Penetrating Hard Targets."
Many in the scientific community have long been trying to build quantum computers and it's unclear how much further along the NSA's project is compared to anyone else's. "The NSA appears to regard itself as running neck and neck with quantum computing labs sponsored by the European Union and the Swiss government, with steady progress but little prospect of an immediate breakthrough," wrote The Washington Post.
It's simple really. The NSA collects and stores the data. So at any point it can turn to that data to extract information about travel plans, contacts, financical transactions and so much more — all on people who are under no suspicion of illegal activity.
If successful, the NSA would be able to break all known forms of public encryption, including those used to protect state secrets around the world. Perhaps most significantly, a quantum computer would be able to break through RSA encryption, which scrambles communications for anyone except the intended user. To break it, someone would have to factor the product of two large numbers. For any computer that exists today, that process would take an unreasonable amount of time — years and years. A quantum computer would theoretically be able to factor such numbers exponentially faster.
16) "Dishfire" LOL
The Guardian reported on Jan. 14 that the NSA collects 200 million text messages a day from around the world. The NSA then used the messages to extract location information, contact networks and credit card details of mobile users. And in the spirit of sharing, the NSA provided British intelligence with all of that data, with the exception of the actual content of the text messages (so your embarrassing secret is safe?). Like everything the NSA does, the program has a cool name — Dishfire.
It's simple really. Since the NSA collects and stores all this information, at any point it can extract your past travel plans, financial transactions and contacts — no matter if you are under suspicion for illegal activity or not. Sound illegal? Unethical? These revelations came two days before President Barack Obama gave a major speech (which was so full of jargon you'd need a quantum computer to decipher it) outlining proposed policy changes in reaction to Snowden's whistleblowing and the subsequent NSA scandals.
17) SIM City, NSA
In movies, spies and drug kingpins are always opening up their cell phones and breaking their SIM cards into little pieces. The Snowden leak teaches us that we should probably all be doing that, all the time.
The Intercept reported in February 2015 that Snowden provided it documents that showed the NSA and the GCHQ had hacked into the network of Gemalto, a Dutch company that manufactures two billion SIM cards per year and supplies AT&T, Verizon, T-Mobile and many other wireless providers. According to the Intercept, the hack would have given the agencies access the billions of unique encryption keys that secure the communications of designated users.
Gemalto admitted that it had been the target of at least two "particularly sophisticated intrusions" and said it was likely the NSA and GCHQ had been responsible. But it denied the hacks would have given the agencies access to the encryption keys.
It depends whether Gemalto, which prides itself on being the "world leader in digital security" is right about the hack's penetration. The Intercept says it's not, and if the Intercept is right, the NSA and QCHQ can use those encryption keys to by-pass wireless providers and monitor the voice and data transmissions of every user with a Gemalto-made SIM card.
Sign up for The Top of the World, delivered to your inbox every weekday morning.