«

The painful choices that await all whistleblowers

By Simon Davies

Last year I was contacted – via an intricately circuitous route – by a contractor (a coder) working for the US National Security Agency (NSA). It was the third occasion over the past few years that this person had reached out to me.

Longer-term readers of this site may recall that in 2014 – almost a year after the disclosures by NSA contractor Edward Snowden – I published an article here that discussed the conundrum facing another NSA operative who had contacted me and who was considering going public with additional information about global intelligence arrangements between the US and the UK. This was the same person.

I know there has been a long silence from me on this matter since then. However, nearly four years on, the option for disclosure appears to be back on the table. Just for the record, there is no available data at this point and no indication of where it might reside. What I do know is that they relate to a number of documents that blatantly outline options for circumventing legal protections. For anyone concerned with disclosure of information in the public interest, this is an immensely frustrating situation.

What I do know is that they relate to a number of documents that blatantly outline options for circumventing legal protections. For anyone concerned with disclosure of information in the public interest, this is an immensely frustrating situation.

However, this most recent discussion did provide an interesting insight into how desperate the spy agencies have become in trying to contain the risk of further leaks. This activity explains in part why there have been so few whistleblowers since Snowden. More on that shortly.

The coder – who I identified back then only as the gender-neutral “XY” – first contacted the Privacy Surgeon shortly after we had published information passed to us the previous year by former NSA contractor and long-time colleague Wayne Madsen. Those disclosures – relating to complicity by Germany and other EU countries in the NSA surveillance web – triggered one of the most disturbing chapters in recent UK newspaper history. The chronology of this matter is outlined here and here, but in short, the disclosures on these pages resulted in the pulping of a major Sunday newspaper in circumstances that could only be interpreted as a disgrace to independent publishing and a victory for extreme censorship.

XY – like many players in the security field – felt angered by the Madsen episode, but that was not the key reason for contacting us. XY’s concern was that the disclosures by Snowden had been “over-managed”, resulting in a risky personalisation of the issues and a consequent division of public opinion. XY also expressed concern that no technical strategy had been devised to capitalise at a practical level on the Snowden disclosures.

Moreover, as the story had in effect been jointly “owned” by one elite branch of the Anglo-American press, almost all political and public attention has taken place within the US. Notable exceptions such as Brazil aside, no measurable reform has occurred in any other country.

XY explained that, as an alternative approach, he wanted to feed directly into an independent, robust tactical framework which would include widely-deployed technical circumvention and citizen empowerment.

At that time I mentioned this interaction on a couple of technical and civil society mailing lists. The question I asked was precisely “how” this disclosure might be supported. I was disturbed y the reaction of some of my colleagues, which went along the lines of “Just get on with it: Publish and be damned!”

That’s a simple formula to proclaim, but one that’s not so easy in practice. Imagine for a moment that you are working for a spy agency and you discover information that establishes wide-scale illegality by your organisation. You are then torn between your (legally binding) duty to the government and your (morally binding) duty to the public. Edward Snowden was one of the more recent victims of this conundrum, and he – famously – decided that duty to the public was more important. He paid the price, as had many whistleblowers before him.

XY explained that, as an alternative approach, he wanted to feed directly into an independent, robust tactical framework which would include widely-deployed technical circumvention and citizen empowerment.

There are often horrific consequences that face any whistleblower. Their choices must be made against a backdrop of proven criminality, intimidation, blackmail, fraud and deception conducted by some government agencies.

Many of my friends and colleagues from the security services have suffered such horrors. When NSA technical director Bill Binney went public about corruption in the agency, he was arrested at gunpoint and faced charges that relied on documents fraudulently mocked-up by the US Department of Justice. Annie Machon from the British intelligence agency MI5 was chased and intimidated for years by the agencies. And rather than dealing directly with evidence of the assassination plots and illegality that were made public by the MI6 operative David Shayler, the government chose to imprison him. Chelsea Manning, Tom Drake, David Kelly… the list goes on and on.

I had not heard from XY since 2014 and assumed the matter was concluded. Not so, apparently. XY explained that he feared for his family and that the “culture of paranoia” in the agencies was at such a level that no whistleblower was safe. XY talked of a three hundred percent increase in motivational meetings in the agencies, “loyalty campaigns”, an escalation of internal intelligence gathering, the creation of confidential tip-off hotlines and an end-to-end security net over all internal data (we can apparently thank more than thirty consulting groups and $100M of public money for this latter initiative – even though it appears to have largely failed).

It’s quite feasible that – at any one moment – for every Snowden or Binney – there are dozens of other people wanting to come forward. They need support and assurance. It doesn’t help their confidence that there is little evidence that progress is being made and all the evidence in the world that dissidents are crushed.

It’s quite feasible that – at any one moment – for every Snowden or Binney – there are dozens of other people wanting to come forward. 

This situation is far more acute in the UK than elsewhere. It is a matter of record that GCHQ – the world’s second-biggest communications intelligence agency and the NSA’s primary partner – has for decades been engaged in deep mass-surveillance. However the agency, unlike the NSA, has refused to pay as much as lip service to matters of legality or rights, even after Snowden.

This is one reason why the Privacy Surgeon lodged a formal appeal to the then Attorney General of England and Wales, Dominic Grieve, to request a police investigation of breach of criminal law over the interception by the agency of the webcam traffic of millions of Yahoo users. Four years on, that request has still been completely ignored.

Where does all this leave XY? Why not use the whistleblower protection routes that have emerged since Snowden? These include the Courage Foundation and secure systems established by Wikileaks and others. XY’s response was that there was intense scrutiny of those channels. That’s not the same as saying they are “insecure”, but they offer – in the view of XY – a medium that doesn’t easily apply in this circumstance.

Lessons learned? We must protect and support these brave people. We need to merge personal and technical support. And we must continue to fight the regressive forces that seek to undermine transparency and rights.