Opinion: Snowden's leaked PowerPoints provide flawed view of American spy agencies(Read article summary)
Classified PowerPoint slides from the US intelligence community have been spilling across the Web. Some have led to thoughtful debates on privacy. But many offer only a misleading view of real policies, practices, and intentions within the spy agencies.
But thanks to the document dump courtesy of Edward Snowden, the Web is now flush with slides from intelligence presentations dating back nearly a decade. Some of those have been examined in context with other sources, analyzed by experts, and used alongside historical information to provide a well-researched picture of activities within US spy agencies.
But unfortunately that hasn't been the case for the vast majority of classified slides that have been spilling across the Internet for the past 18 months. That's especially the case when considering the most recent leaks that were written about in Der Spiegel on Dec. 28.
Some leaked documents have been used by Der Spiegel in an attempt to identify organizational intents on creating an all-powerful and massive surveillance state. In this case, some of the leading voices in the global privacy debate have cherry-picked documents to assert that specific agencies are fearful of and angry about encryption. That's simply not the case, at least not for the entirety of the collective intelligence agencies.
One crucial thing to remember when looking at PowerPoint slides — no matter who prepared them — is that they are hardly ever bastions of human knowledge. In the tech world, PowerPoints are more often used to keep audience attention or display cute cat pictures.
Rarely are they used to convey complex material. In fact, the vast majority of government PowerPoints are made by people in management positions in an attempt to convey material to higher headquarters.
While this may seem apparent, what is often lost in the discussion is the amount of bureaucratic tinkering and massaging that happens in the typical PowerPoint life cycle. They are created in a rush, often filled with mistakes or technical overstatements. Sometimes they are skewed, and created to impress bosses and win more funding for projects.
The flaws within PowerPoint slides is something I recently wrote on with Thomas Rid, a professor of security studies at King's College London, in the journal article "OMG Cyber!" based on my experiences as a cyber operator in the Air Force and in the intelligence community.
And the job of creating PowerPoint presentations often falls to the newest members of a team, freeing up the highly trained people to focus on more complex work. I know this because it's exactly what I used to ask new analysts to do.
What's also missing when a PowerPoint slide shows up in the wild is the additional context and discussion that accompanied the presentation. PowerPoints are meant as talking aids, not as sole source documents. I can remember many meetings in which slides were fiercely debated. We would dismiss or ignore or altogether reject many slides and presentations due to inaccuracies. Still, they were left on the internal network since we never delete documents or e-mails in case they were ever needed; no matter how wrong or pointless they were.
Still, leaked documents have been portrayed as representing accepted polices and practices. This just isn't the case.
I have seen first-hand on multiple occasions groups present projects only to be told to stop what they are doing and work on other missions. I have also seen, on multiple occasions, groups present entirely competing views and objectives on securing and breaking systems.
This kind of mindset is often championed in the hacker community. The idea is to dedicate resources to breaking a system while also trying to secure it. This is not always the case — surely an intelligence agency is going to attempt to counter adversary information systems. It's what they do. If they didn't, they would be worthless and undeserving of taxpayer funding.
That said, much of the public debate that has arisen around the Snowden leaks is incredibly important. As someone who has worked in intelligence before and after Snowden, I can never condone the leaks of classified documents. However, as someone who actively and openly advocates for more privacy, encryption, and public security methods, I would be lying to say I have not seen silver linings in some of the debate.
The call for more universal encryption and a more technically informed public is a huge win for everyone. And whether or not those of us who have worked in intelligence like it or not, there is information to be gathered from leaked documents when they are put into context, analyzed by subject matter experts, and used in conjunction with other sources of information.
However, when this information is used as the sole source of discussion to claim various types of encryption standards are useless because a PowerPoint document referenced intent to break it or apparent metrics supporting these claims – the result is dangerous.
Journalists or activists who recommend against using privacy methods such as virtual private networks or accessible encrypted Web communications are taking aim at some of the most useful sources of encryption and privacy that exists today. The privacy community sometimes falls into the same pitfalls that network defenders do – when there's a hint of a vulnerability, the entire thing is thrown out.
Instead, good practices and methods should be viewed as just that – a good practice and not a silver bullet. Pretending that certain methods that one intelligence agency may be able to defeat — according to sometimes shoddy information — are no longer valid to anyone is irresponsible. That method may have been one of the few that people were able or willing to use and could have protected the privacy of individuals against groups far worse than American spy agencies.
A critical look is largely and sadly missing from the debates being generated on leaked documents – especially PowerPoints.
Robert M. Lee is a PhD candidate at Kings College London. He is also a US Air Force Cyber Warfare Operations Officer and has served in the Intelligence Community. He may be found on Twitter @RobertMLee. The views and opinions in this piece do not represent or constitute opinions by the US government, Department of Defense, Intelligence Community, United States Air Force, or anyone or any organization other than the author’s views. They are his alone. This piece should also not be thought to validate or confirm any leaked information. It is intended as a critical look at sole sourcing documents for use in debates.