Permanent Record

“Citizenfour,” a handle that some journalists took to mean that I considered
myself the fourth dissident-employee in the NSA’s recent history, after Binney
and his fellow TRAILBLAZER whistleblowers J. Kirk Wiebe and Ed Loomis—
though the triumvirate I actually had in mind consisted of Thomas Drake, who
disclosed the existence of TRAILBLAZER to journalists, and Daniel Ellsberg
and Anthony Russo, whose disclosure of 
The Pentagon Papers
helped expose
the deceptions of the Vietnam War and bring it to an end. The final name I chose
for my correspondence was “Verax,” Latin for “speaker of truth,” in the hopes of
proposing an alternative to the model of a hacker called “Mendax” (“speaker of
lies”)—the pseudonym of the young man who’d grow up to become WikiLeaks’
Julian Assange.
You can’t really appreciate how hard it is to stay anonymous online until
you’ve tried to operate as if your life depended on it. Most of the
communications systems set up in the IC have a single basic aim: the observer of
a communication must not be able to discern the identities of those involved, or
in any way attribute them to an agency. This is why the IC calls these exchanges
“non-attributable.” The pre-Internet spycraft of anonymity is famous, mostly
from TV and the movies: a safe-house address coded in bathroom-stall graffiti,
for instance, or scrambled into the abbreviations of a classified ad. Or think of
the Cold War’s “dead drops,” the chalk marks on mailboxes signaling that a
secret package was waiting inside a particular hollowed-out tree in a public park.
The modern version might be fake profiles trading fake chats on a dating site, or,
more commonly, just a superficially innocuous app that leaves superficially
innocuous messages on a superficially innocuous Amazon server secretly
controlled by the CIA. What I wanted, however, was something even better than
that—something that required none of that exposure, and none of that budget.
I decided to use somebody else’s Internet connection. I wish that were simply
a matter of going to a McDonald’s or Starbucks and signing on to their Wi-Fi.
But those places have CCTV, and receipts, and other people—memories with
legs. Moreover, every wireless device, from a phone to a laptop, has a globally
unique identifier called a MAC (Machine Address Code), which it leaves on
record with every access point it connects to—a forensic marker of its user’s
movements.
So I didn’t go to McDonald’s or Starbucks—I went driving. Specifically, I
went war-driving, which is when you convert your car into a roving Wi-Fi
sensor. For this you need a laptop, a high-powered antenna, and a magnetic GPS
sensor, which can be slapped atop the roof. Power is provided by the car or by a

portable battery, or else by the laptop itself. Everything you need can fit into a
backpack.
I took along a cheap laptop running TAILS, which is a Linux-based
“amnesiac” operating system—meaning it forgets everything when you turn it
off, and starts fresh when you boot it up again, with no logs or memory traces of
anything ever done on it. TAILS allowed me to easily “spoof,” or disguise, the
laptop’s MAC: whenever it connected to a network it left behind the record of
some other machine, in no way associable with mine. Usefully enough, TAILS
also had built-in support for connecting to the anonymizing Tor network.
At nights and on weekends, I drove around what seemed like the entire island
of Oahu, letting my antenna pick up the pulses of each Wi-Fi network. My GPS
sensor tagged each access point with the location at which it was noticed, thanks
to a mapping program I used called Kismet. What resulted was a map of the
invisible networks we pass by every day without even noticing, a scandalously
high percentage of which had either no security at all or security I could trivially
bypass. Some of the networks required more sophisticated hacking. I’d briefly
jam a network, causing its legitimate users to be booted off-line; in their attempt
to reconnect, they’d automatically rebroadcast their “authentication packets,”
which I could intercept and effectively decipher into passwords that would let
me log on just like any other “authorized” user.
With this network map in hand, I’d drive around Oahu like a madman, trying
to check my email to see which of the journalists had replied to me. Having
made contact with Laura Poitras, I’d spend much of the evening writing to her—
sitting behind the wheel of my car at the beach, filching the Wi-Fi from a nearby
resort. Some of the journalists I’d chosen needed convincing to use encrypted
email, which back in 2012 was a pain. In some cases, I had to show them how,
so I’d upload tutorials—sitting in my idling car in a parking lot, availing myself
of the network of a library. Or of a school. Or of a gas station. Or of a bank—
which had horrifyingly poor protections. The point was to not create any
patterns.
Atop the parking garage of a mall, secure in the knowledge that the moment I
closed the lid of my laptop, my secret was safe, I’d draft manifestos explaining
why I’d gone public, but then delete them. And then I’d try writing emails to
Lindsay, only to delete them, too. I just couldn’t find the words.

23
Read, Write, Execute
Read, Write, Execute: in computing, these are called permissions. Functionally
speaking, they determine the extent of your authority within a computer or
computer network, defining what exactly you can and cannot do. The right to

Download 1,81 Mb.

Do'stlaringiz bilan baham: