It missed an opportunity to secure a longerterm strategic goal of Winning Public support. That is important to the Intelligence Community and their activities. Did you want to say more . You are a technology expert. You were brought on to help decode some of the slides. Some of them are cryptic to say the least. Some were amateurish. It will be interesting to see some of the slides. Those thought bubbles, are they really part of an nsa slide . I want to pull up one slide. Muscular. We should have that ready. It is the drying of the cloud. There is a smiley face in the middle. I want to say one quick thing. I have seen a lot of government powerpoint. Most of them are not classified. One of the things that convinced me that these might be authentic is the crowded, weird graphic design. [laughter] here we go. Decodingalk us through some of the slides . This one in particular. How does a slide like this lead to a story on october 30, 2013 infiltrates links to yahoo , google data sites. Readjust going to quickly the first few graphs. The nsa has secretly broken into the main communication links that connect yahoo and Google Data Centers. This is according to documents obtained by edward snowden. By tapping those links, the agency has positioned itself to collect that will any of them belonging to americans. Two engineers with close ties to google exploded with profanity when they saw the drying. I hope you publish this, one of them said. Talk about how you got from this , to the story. It was an incredibly fun adventure. On one hand, it has been very difficult. The nsa internally was extremely cryptic. There were code words for code words. There were secret program names. They are sealed under multiple levels of security. They go to Great Lengths to classify or high their operations. It is noter hand, obvious, but somewhat apparent. These are network engineers. They are tapping into technology that we all use. If you know Network Architecture or cell phone architecture and some of these underlying technologies, they focus on the same issues. They draw them out. The other thing that is interesting is working on a number of the stories, i got the sense that i know these guys. Brass, upper the management guys. These are the ready geeks rdd eddit geeks. They hang out online forms. They make inside jokes and funny drawings. Tastelessrandom, computer jokes. This is one of the first documents that we reviewed. We thought there was something there. We were not sure. Again, from a Network Engineering perspective, this is essentially how the cloud works. This is a cloud system for many of the major cloud providers. Theres a point at which the data from a user and the cloud provider is encrypted. Here is internal traffic it is behind the door. They handle it. That is not encrypted. The assumption is that it is private. There is no reason to encrypt it. We called her head around and we tried a bunch of theories. We look at architecture diagrams and documentation. Both in terms of what was in the slides and what is publicly available. It clicked. We tried a bunch of theories and it made sense. Cablesre tapping the between data centers in the cloud. That was interesting and surprising. You would have to think from a Hacker Network perspective. They are giving a set of constraints. Legal and technical constraints. They are given a mission to collect data on target they find interesting. Of theploited a property cloud architecture, which is if you are here in d. C. , and you are connecting to a Google Data Center in North Carolina or mountain view, your communication will stay in the u. S. Stop because of the way google architects their networks , your data is replicated to all those locations in the world stop in the event of a power outage on the west coast, they will collect the same data that would be illegal or not available to them domestically, they will connect and access that data overseas. They are essentially finding ways to explore the architecture of the cloud. It is insecure and it is on the backend. It is redundant and immediately replicated. That became the fun angle. The thing that was most surprising to me in all of this was not the geek terms, but the definitions for words you and i use everyday. Words like collectives. Under these mechanisms, the data has not been collected. It is recorded and saved to a desk. It is collected when it is in process by human rights system that analyzes it. Again, based on the Legal Definition and these vulnerabilities. They are able to perform these tasks that would otherwise seem illegal to us. I just want to say couple words. Found this isi right around the time that i us to hire him to figure this stuff out. Many of you are not involved in this world. If you come across that cartoon, you have to say, theres a story here. There is a little smiley face and it says encryption. It is added and removed here. Theres definitely something going on. The reason why the engineers , theed into profanity family newspaper version of the conversation, is because of the smiley face. That was the declaration of victory. It was the football in the face of the company cost engineers. We found a way around her security. We talk it was either five or six weeks, to figure what that cartoon and. It was an illustration taken from a document called google cloud exploitation. We had illustration, but not the document stop there were lots of times when there be a powerpoint that was taken from some other thing and it will clearly answer all the questions. But we do not have that other thing. You are trying to put together. Say that they to are removing encryption. Are they ceiling stealing certificates from the companies . Have they figured out a way to break encryption . Are they spoofing them, pretending to be google when you connect to them. We discarded a bunch of theories. We were not going to get the answer within the corners of that one document or even any combination of documents. We had to get out into the world butreport not only on this, all sources. It was not until the interviewed people who are intimately familiar with the architecture of the systems and run it through our computers that we figure out what was happening. This is a real moment for the Tech Industry. This,sponse of a had to can you talk a little about the evolution of the Tech Industry response to all of these stories . In the beginning, they said they did not know what we were talking about. It has been a real roller coaster. In this isole different. I did some surveillance for and. Wasain responsibility keeping an eye on google and facebook. Recipient of some phone calls after the first story ran. That was the story that made it clear that the government had access to private data. The companys format. Companieshile the were mad. It took a while to figure out what the disc this juncture was. Theyndustry realized that had been havd. It is clear that a lot of it was happening through core procedures that were super to us, but not to them. I can remember the story that they were talking about. The google and that google and yahoo datalinks. Industry in the tech did not know that Intelligence Services have wired into their brains. They were really mad at us. Eventually they were really mad at the u. S. Government because they felt as though their place in the world had been jeopardized stop you use google email service. You imagine that it is private. It hurt them economically from an industry point of view. Conduit toeen as a the u. S. Intelligence services. There was a visceral quality. They felt betrayed on a personal level. They had built the systems that were supposed to resist hackers and yet you had these uber it was breaking into a. In ways that were imaginative. They are good at this. By the time we got to the end of the year, the companies were thinking us. We are glad that we know this. They put in new encryption measures. We may never know if they are sufficient, but it is clear that the defenses are stronger on the corporate level now. Lets think about how extraordinary this is. He is talking about some of the biggest American Companies there are. They are spending a lot of money and engineering talent in a deliberate effort to thwart the efforts of their own government to spy on them. You can say that their philosophy is nobody can spy on our users. Us, but this is a big moment. They are not trying to stop the government from doing any kind of targeted surveillance. Even if what they are doing is perfectly effective by increasing their internal links, the government can still go to them and get information about any individual target. Will still be able to spy on anyone, but it cannot spy on everyone. Differencese big between the prism story and the datalinks between googling yahoo with prism, the companys new they did not know the codename prism, but they were aware that the National Security people were aware of the program. They had a court order to comply. This has been debated on the hill. An amendment in act. With this story, they were completely taken by surprise. They felt betrayed. This was not the result of public debate. Fisa was no fire the over whether nsa should gain access to the links between these data centers. That was taking place outside of the domestic surveillance law that we have under president ial authority exclusively. That deserves a lot more exploration. One of theying big benefits of the snowden disclosures over the last year is a heightened awareness of the nature of government surveillance. Result of, and as a advances in technology, we have seen a fundamental shift in approach moving from individualized protections a different sense to vast collection with limits on use at the backend. Time, because of the ,lobal nature of the network the communications of people like you and me are mixed in with the communications of terrorists and legitimate target. As the former director of the nsa said, today there is no home game were away game. Theres just one game. That raises questions of whether those backend protections sufficiently protect our privacy. The companies have much to lose in terms of reputation. That is a key point. Thing that the disclosures helped motivate is investment in security on the backend and frontend. Security experts have been warning about the ability to collect data that is not corrected for years. There is a personal vendetta to get yahoo to encrypt their email communications for a number of years. Did, priorstory we to the other story, about how the nsa was collecting address books awful public internet havections, one Company Statistics on the number of collections. It was like 500,000 a day. Moreompany had 10 times accurate books collected than the other. They wanted to comment on the record. Why are we being targeted out . You guysus answer is, do not provide security tools. You do not build security into your product. This closures have made a very clear. That has become salient. Response,n give us a their statement was, we will begin to encrypt our yahoo mail starting with this year. In one line . A the front row here, he led Large Campaign of activism in technology to get yahoo to scramble its connections from their computers to yours. For years. This was to protect against ordinary hackers. When you do not encrypt, your credit card data, your email, it goes in clear text over the web and anybody can read it. Years, yahoo said no. On the day that the story ran, yahoo announced that it would encrypt all connections. That is correct. A question clearly that we hear the most and that we got through messages ahead of this event was, how did you and the , how did you weigh National Security concerns with the Public Service of uncovering these government Surveillance Programs . What is the post be right to post stories about classified government material stop the new the times was asked about pulitzer the guardian received. He said, i have complicated views. I am a little nervous by the fact that they really did benefit from what i think is [inaudible]. A question submitted to the coast, can you please explain why this important work of journalism does not negatively impact National Security . What is your response . There are a lot of pieces to that. I think anyone who wants to ask that should ask it again. But politely. We will try to get different pieces at different times. A lot of people have a visceral reaction, it is classified as stop that at the end of the discussion. Do not put in the paper. You have to understand what that would mean. There are is now more classified information, classified by the u. S. Government, then the entire contents of the library of congress and all other open libraries in the world stop there is more classified data than unclassified data in the world. I have a classified laundry manual. I am not making this up. Even the strongest defenders of National Security discipline i have never met anyone who would not say that there is massive overclassification stop that is one thing. The second is that having covered diplomacy and military affairs and Intelligence Matters for a long time, i can tell you that it is only a little bit exaggerated to say that almost everything i want to know, every story, could be classified somewhere. I have seen documents that have my story published. I have not making that up. Allblem is bureaucracy wants control of information. When you are working in the secret world, you have this mechanism. Almost everything that has to do with our relations with the world or military threats were Intelligence Matters, even policy, that is not testified in congress are in a press release or news conference, is classified. We said we could not cover some of the biggest expenditures that the country makes, the hardest decisions, the ones that involve the greatest risk and allow us to hold accountable our leaders for the way that they use their power. You have to cut out theyre a big blank spot. Theres never been anything like it. Stories, thousands of stories in the time i have worked at the Washington Post, that touched on Something Like that stop we cannot let the stamp itself be the decider. We have to try to way, what are the stakes . Their stories we have killed over the years. There is an archive we did not consider publishing. That was my first conversation with the director of national intelligence. Just so you know, everything between these pages will not be considered. It is specific and operational. It reveals targets and specific techniques. The publication of this would end it. It would no longer be useful at all. We want to read about the stories that describe a Public Policy decisions. Like the ones we have talked about before. Is it ok . Do we as a society think that is a good idea to allow u. S. Intelligence services to collect overseas were no statutory laws apply . Theres no fisa court to oversee it. Them to break into data centers . Americansot targeting for specific pieces of legislation, they are not targeting us, but incidentally, there collecting substantially all of they are passing through their collection systems all of the content of our internet. What we were trying to explain before is that google, yahoo , some of the other companies, they have these giant facilities all over the world. They have biometric locks and guards. They look like giant factories filled with computer servers. Theres one in ireland and hong kong and singapore. They are across the north american continent. If you sit on the cable that synchronizes the data centers, it is the same thing as if you reached into the data center. It is ok with us to say that the nsa will collect that will from all of our communications in the service of its foreign intelligence mission. That is a big Public Policy question that needs to be debated. That is what we are looking to do. Just to touch on Public Policy. Theres also this disconnect between definition. Tot the public would believe be implied music collect, and with the government means when they say collect are two different things. We did a story on collection of entire countries phone calls. It was recording of the entire countrys own calls. One of the core attribute of that story was that it is not collecting until it is actually processed. Conversation. Our it is not surveillance. You listen to it. Is the public realizes the , i think a lot of people would push back and say no, that is not what we thought we were approving. We saw this with a number of comments from senators and policymakers. A lot of the comments were that we did not realize. It was about definitions are technical capabilities. People were not aware of it. That is the value in reporting it. The store you are referring to was published last month. It is called nsa Surveillance Program reaches into the past. That was last month. Why are we still seeing stories today . The reason why i ask is that there is the impression, the question, of how documents were received. The one big dump. Is snowden still involved . Is he still releasing information . Many people are wondering if he is calling the shots on some of the releases. I should be the one to address that will stop snowden gave me the document last spring. He has not handed over any documents to anyone since approximately that time the word. He did not even carry them with him when he left hong kong. It has been a long transit. ,e does not try to direct suggest, hints at what should be therebout and when was a general agreement that i made with him. He did not require an agreement, because it is what i would have done anyway. I must look through the material and way carefully. I must not dump high volumes of it out there. I have to consider with the balance must be. Post, we aregton not sitting in our armchairs making up thoughts of what would harmful to security. We are usually pretty good at anticipating what the government will be worried about. We consult with the government on every story and every fact. This might look innocuous to you, but it is not. They will tell us why. They tell us things that we do not know. It will hel