Click here to read the actual law here if interested

When I was trained as a Classification Advisory Officer with the NSA, I learned that the most important factor in terms of releasing or redacting information were the exceptions. For example, with the Freedom of Information Act, all information is releasable to US persons upon request barring 9 mostly boring exceptions that don't apply to the Epstein Transparency Law because it has its own set.

Let's look at the allowed exceptions….

"(A) contain personally identifiable information of victims or victims’ personal and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy;"

Makes sense. Don't victimize the victims.

"(B) depict or contain child sexual abuse materials (CSAM) as defined under 18 U.S.C. 2256 and prohibited under 18 U.S.C. 2252–2252A;"

Pretty self-evident here.

"(C) would jeopardize an active federal investigation or ongoing prosecution, provided that such withholding is narrowly tailored and temporary;"

Might bear weight if they hadn't specifically issued a statement that there were going to be no more investigations:

https://www.justice.gov/opa/media/1407001/dl

"(D) depict or contain images of death, physical abuse, or injury of any person; or" [continued in (E)]

Also clear and appreciated. I don't want to see that crap either.

"(E) contain information specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy and are in fact properly classified pursuant to such Executive order."

Ok, let's break that one down a little further… Exception E requires a standing Executive Order, that it be national defense/fp related, and be properly classified. Basically it has to be "properly classified" which refers to any controlled documents including "for official use only" (now referred to as "Controlled Unclassified Information") or legit classified stuff. You can easily identify a document that was ever in a controlled status by the required "portion marks" on every paragraph and section:

A typical document with portion marking at the beginning of the page and each paragraph

Fun fact: after I left the NSA it was a LONG TIME before I finally stopped reflexively starting every paragraph with portion marks.

Now that you understand the rules…

Let's play a redaction game!

Challenge #1

Here's a redacted document where you see Jeffrey Epstein (of course) receiving emails from someone who's name is redacted:

DOJ redactions that are illegal if they don't meet one or more exemptions

Which exemptions apply?

1. ❌ No, this clearly wasn't a victim
2. ❌ Not an image
3. ❌ Not pursuant to an investigation (by their own admission)
4. ❌ Not an image
5. ❌ No portion marks, so NOT classified or controlled

Oops. That's an illegal redaction DOJ. Strike one.

Challenge #2

Here's an image. What do you see?

A 2019 text exchange between Jeffrey Epstein and Steve Bannon

Which exemptions apply?

1. ❌ No, this clearly wasn't a victim
2. ❌ No child visible
3. ❌ Not pursuant to an investigation (by their own admission)
4. ❌ Not related to death, physical abuse, or injury
5. ❌ No portion marks, so NOT classified or controlled

Oops. That's an illegal redaction DOJ. Strike two.

Challenge #3

Let's look at another redacted page… or in this case hundreds of pages all look exactly the same:

119 pages identically blocked out. See for yourself: EFTA00005586

1. ❌ 119 pages of victim names on every line and no other content? Fat chance
2. ❌ 119 pages of Grand Jury documents of only of full page photos of smut? No way
3. ❌ Not pursuant to an investigation (by their own admission)
4. ❌ Same as 2, no chance
5. ❌ No portion marks, so NOT classified or controlled

In case there was a question of whether they really could simply be classified documents and warrant full page redaction, first; US Classified/Foreign Party documents marked "Grand Jury-NY"? Please. Secondly, here's what a full page redaction actually looks like:

Courtesy https://nsarchive.gwu.edu/briefing-book/foia/2019-04-18/redactions-declassified-file

Do you see it? Yup! The portion marks are covered here, but the classification and other control markings are still visible. You will NEVER see a page without any kind of control or portion marks… let alone hundreds in a row. This definitely doesn't count as "in fact properly classified…" per the 5th exception.

Oops. That's an illegal redaction DOJ. Strike three.

Now YOU try!

Go check out any redacted Epstein documents and look for the black bars. Do they cover things that clearly fall into one or more exemptions? I'll be honest, I tried, and I haven't been able to find a single proper redaction yet. Maybe you'll have more luck…

Double-pointer!

Here's the best part: "(2) All redactions must be accompanied by a written justification published in the Federal Register and submitted to Congress." Has that happened? I very seriously doubt it and, if I'm right, that's compounded disregard for the law.

Permanent Record: Edward Snowden
(See online!)

I wish I could share what it was like being an NSA employee when the Snowden story broke, but I won’t compromise any rules or laws and have to submit everything I write to the NSA for pre-pub review. What I have written is working through the process and, if you’re interested, please click here to sign up for updates.

For now, I want to talk about is Edward Snowden’s book, Permanent Record. Summed up:

Snowden’s releases showed the NSA and intelligence community engaged in proven illegal and perversion of their charter and authorizations that, after public exposure, led to a national review from Congress and the Whitehouse.

I never expected to learn much new about the leaks nor did I, but that wasn’t what I was looking for. What I wanted was to resolve a decade-old incongruity.

On one hand, I knew that Snowden never reported issues to NSA oversight, the DoD, Congress, or any other official channel that would have kept him out of jail. And, to hear the NSA tell it, he was an unhinged narcissist who leaked for pride reasons more than any real sense of civic duty (that’s the gist anyway). Together, it gives a very clear image of a leaker – someone who simply thought they knew better than everyone else and didn’t care who got hurt so long as they got their 15 minutes of fame.

On the other hand – in every interview, every soundbite, every public post – I can’t recall a single thing Snowden has said that I disagreed with. I find him to be extremely well-spoken and a consistent champion of non-techs who are assaulted constantly with government and business overreach. Most importantly, time proved him right – the NSA was illegally collecting information on average Americans.

Ultimately, saying that you don’t care about privacy because you have nothing to hide is no different from saying you don’t care about freedom of speech because you have nothing to say. --Edward Snowden, Permanent Record, pg 162

So which was it? Was Snowden a hero? A whistleblower? A pride-filled leaker? After reading his version of the story, here are my impressions:

Early life and career

The first 50 pages or so cover his childhood which I skimmed, but did learn that Snowden’s background was similar in many ways to my own. Not in terms of family drama (of which he had more than most deserve), but in terms of hobbies, love of computers, and falling asleep with our heads on the keyboard after late nights of computing. He’s also a fan of Japanese animations and took language classes as a result (and we both noticed a weirdly high rate of art and design majors in our classes).

Snowden, the man, the legend, the myth

Early in his computing life, he had a neat accomplishment where he caught a national laboratory using poor web server security, though I feel like making minor changes to a web address doesn’t really count as “hacking". Eventually he started his career in the Intelligence Community (IC); something he referred to as being a “spy" despite working jobs that, like mine, were far less world-changing and far more like attacking water with a spoon to keep the Titanic afloat.

I honestly was put off by the way he presented himself as something akin to the Forrest Gump of the IC – always somehow part of the elite and responsible for most major and notable events during his career. I suppose it’s possible (I wasn’t there), but it seemed consistently overstated. What wasn’t overstated was… pretty much everything else. For example:

• How the government/corporations have perversely conditioned most people to beg for privacy, hat in hand, rather than justifying their worsening violations of our innate rights.
• How disgusting it was watching DNI Clapper lie to Congress and how Congress was derelict in their duty when they didn’t call him out on it.
• That, even if Snowden didn’t report issues through proper channels, those “proper channels" aren’t how anything gets resolved – it’s where issues go to die.
• That the NSA has a bad habit of hiring people only to have them sitting around doing nothing of value – sometimes for months – even years – at a time.
• The way they use federal contractors (at great cost to both budget and national security risk) to bypass hiring limitations.
• The deep vanity of some upper managers who think org chart height equals “rank" and complain about “breaking the chain of command" if you escalate issues past them (even if you properly went to them first).
• And finally (and most importantly), the hostility to whistleblowers – something I experienced first-hand when my clearance was revoked on a custom blend of information that was skewed, desperate, and invented.

It’s easier for an institution to tarnish a reputation than to substantively engage with principled dissent – for the IC, it’s just a matter of consulting the files, amplifying the available evidence, and, where no evidence exists, simply fabricating it. --Edward Snowden, Permanent Record, pg 295

About Leaking

Following Snowdengate, the NSA responded poorly with one exception: they created a presentation for the workforce outlining rebuttals to Snowden’s claims. Among those were:

1. He was clinically narcissistic and did what he did for personal pride, not national pride.
2. He never reported the issues to the NSA and never gave them a chance to handle it.
3. He flew to our two greatest adversaries with the data which is not something an innocent person does.
4. He exfiltrated data far beyond the scope of the programs in dispute – stuff that seemed intended to harm US interests and the NSA more than help the public.

On the first one, I definitely got a sense of narcissism when he talked about himself, but hardly to the degree the NSA proposed. The vast majority of the book is simply a tale of his exposure to the dysfunction (and illegal activity) of the IC mixed with the immense pressure and emotional damage of his decision to leak. Most importantly, even if he’s narcissistic, that doesn’t make him wrong.

What does make him wrong was bypassing any of the reporting and oversight offices. I can say with near 100% certainty, that nothing at all would have come of it if he had, but if you want to avoid jail and earn the label of “whistleblower", that’s the process.

But even in the best possible case, the whistleblower process of today is not where you go to get attention and change, it’s where issues go to die silently and unnoticed. For actual impact, Snowden wasn’t wrong that he’d have to come in like a meteor. Sure, he’d burn up on entry, but he’d light up the IC on the way down.

One might argue that his accomplishment in bringing this program public and the advances in freedom and accountability that followed make a strong case for a pardon and retroactive whistleblower status, but I had two key reasons I couldn’t agree.

The first is his choice to fly to China-controlled territory and Russia. However, the book outlines very plausible reasons why Hong Kong was the best choice at first. As for Russia, that was supposed to be a pit stop, but his notoriety made getting through Russia without incident impossible (as we clearly saw). I also think that his claim of destroyed the encryption key for the data after giving it to journalists is plausible as well. So, for now, I consider those points generally resolved.

My one remaining hesitation is this: to my knowledge, Snowden left with data far beyond the scope of the problematic programs at hand. It’s suspicious and it’s strange (if true)… but… I’ve faced the NSA exaggerating and fabricating information several times in my career – the most recent resulting in revocation of my security clearance and subsequent job loss.

Maybe the agency was honest in their summary of the data he leaked and maybe it was overblown. Until we have strong leaders in Congress or the Whitehouse to dig into this issue and get a real answer, there’s really no way to know for sure.

Final Impressions

It was pretty wild reading about someone who’s IC journey matched mine in so many ways.

I worked in the same building he had █████. I walked the long tunnel under the pineapples in Hawaii. I’d been forced to read nearly 1000 pages of pre-access documents when I was a system admin. And I saw how clearly apathetic the agency was if you actually read or learned anything before getting that access.

I’ve felt the frustration of working for an agency that should do better and be better than it was. I’ve faced retaliation and security investigation for speaking out. While it may be nothing close to the harassment that his poor girlfriend (now wife, hooray!) faced after Snowden ended up on the news, I’ve had my life put on hold for months and held in purgatory while expenses, fear, and depression wrestled for dominance. And, like Snowden, I am determined not to let all of that stop me from exposing the abuse and dysfunction of the NSA.

We swore and oath to the constitution – one that states that “We the people…" should be sure in our right “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures". That means calling the NSA out when they go too far.

Despite that, I noticed that Snowden never calls for the NSA to be torn down or disbanded. He never argues they don’t serve an important function. He simply believes (as do I) that, whatever the NSA does, it should be legal and limited in scope as much as practically possible. That means they shouldn’t possess massive and permanent databases of information on non-threats. They shouldn’t be able to hide the details of these programs from their overseers. And, most important of all, they should protect and streamline the vital oversight function of whistleblowing, not retaliate and penalize those that try.

Whistleblowers can be elected by circumstance at any working level of an institution. But digital technology has brought us to an age in which, for the first time in recorded history, the most effective will come up from the bottom, from the ranks traditionally least incentivized to maintain the status quo. --Edward Snowden, Permanent Record, pg 184

Enemy of the State : Will Smith
(See online!)

Will Smith, who has done nothing wrong, accidentally winds up in possession of proof of crimes by a powerful person in the government. To recover the evidence, the "big bad" deems Smith a national threat and the NSA hunts him with advanced surveillance such as public cameras, debit card access logs, and tracking devices.

This movie speaks to the power of vast data and monitoring systems and how a very small handful of people can target and destroy anyone using these systems. While these threats are mostly theoretical at this point, it's important to make sure that government capabilities are limited and accountability strict.

(Image is in the Public Domain)

But will anything be done this time? That's the question.

Y.R. Tap - The reject Cryptokid

The NSA has been working on their public image and trying to market itself as a cool place to work partially with their "Cryptokids" campaign. Their goal is to teach kids about what the NSA does in a fun, kid-friendly way.

But that's not what I'm posting about.

I ran across this interesting comic about the unpopular little-know cryptokid, Y.R. Tap, the NSA domestic spying fly. The fly shows the Cryptokids what can happen when civil liberties are violated.

NSA

(Image used under: Creative Commons 3.0 [SRC])

Verizon, who I was pretty certain hadn't handed over any customer records according to them, is now saying that it's ok for them to do it, it's free speech.

Essentially, the argument is that turning over truthful information to the government is free speech, and the EFF and ACLU can't do anything about it. In fact, Verizon basically argues that the entire lawsuit is a giant SLAPP (Strategic Lawsuit Against Public Participation) suit, and that the case is an attempt to deter the company from exercising its First Amendment right to turn over customer calling information to government security services.