How Edward Snowden Sabotaged the War on Terrorism

Edward Snowden said the U.S. National Security Agency could have headed off the global ransomware attack that has crippled hospitals, train stations and other infrastructure around the world. Marcos Brindicci/Reuters

The following is excerpted from Edward Jay Epstein's book, How America Lost Its Secrets: Snowden, the Man and the Theft, to be published this week by Knopf.

The slaughter of civilians by terrorists using guns, bombs and even trucks shows no sign of abating, with deadly attacks in Baghdad, Berlin and Istanbul serving up bloody headlines over the holidays. With ISIS losing its traditional war on the battlefield, it is bringing more mayhem to our cities, which offer a nearly infinite number of soft targets. Police can't protect them all—their only hope is to sniff out plots before they end in carnage. But these perpetrators are coordinating their assaults using end-to-end encryption on the internet and their mobile devices, which makes it almost impossible for government intelligence services to track them.

Related: Why President Obama won't pardon Snowden

The situation was very different three years ago, before Edward Snowden intentionally sabotaged several of America's best weapons against attacks. The first system he exposed was what the National Security Agency (NSA) called the "215" program because it had been authorized by Section 215 of the Patriot Act. This program compiled the billing records of every phone call made in the United States, including the number called and the duration of the call, but not the name of the caller. This anonymous data was archived into a huge database, and when any foreigner on the FBI's terrorist watch list called any number in the U.S., the FBI could trace that person's entire chain of telephone contacts to try to determine if he or she was connected to a known cell.

There was, however, a major flaw in this program: After Osama bin Laden was tracked down at his Pakistan compound and killed in 2011, militant organizations realized how vulnerable overseas calls were, and they moved most of their communication to the internet. In this case, then, Snowden's revelations did only limited damage.

He did vastly more harm by revealing the reach of the PRISM program, which was extraordinarily effective because militant organizations in Iraq, Syria, Afghanistan and Pakistan believed the encryption and other safeguards used by internet giants such as Apple, Google, Twitter and WhatsApp protected their communications. They evidently did not know the NSA could intercept data before it was encrypted. Despite metaphors such as the cloud and cyberspace, all data on the internet initially travels through fiber cables, almost all of which run through the United States and the Bahamas. That includes tweets, social media postings, Skype conversations and even Xbox messages.

According to the documents Snowden made public on June 6, 2013, PRISM was, as U.S. intelligence put it, "the number one source of raw intelligence used for NSA analytic reports." General Michael Hayden, who was the NSA director during the three years following the 9/11 attack, wrote that these surveillance powers, among other things, "uncovered illicit financing networks, detected suspect travel, discovered ties to aviation schools, linked transportation employees to associates of terrorists, drew connections to the illicit purchases of arms, tied U.S. persons to [9/11 mastermind] Khalid Sheikh Mohammed, and discovered a suspect terrorist on the no-fly list who was already in the United States."

Both NSA and FBI officials have testified that PRISM helped thwart at least 45 terrorist attacks between 2007 and 2013, including a plot to put high explosives on the subways under New York City's Grand Central Station and the Times Square subway station at rush hour. British intelligence supplied the NSA with its initial lead: the email address of the suspect Najibullah Zazi, who was living in Colorado. The PRISM surveillance program traced it to an internet protocol address on the watch list associated with an Al-Qaeda bomb maker in Pakistan. Zazi, evidently unaware that emails sent via Yahoo! could be intercepted before they were encrypted, continued sending emails to Pakistan as he prepared to assemble the bombs in early September 2009. Emails recovered through the PRISM program led to the arrest of Zazi and his confederates.

The third NSA program Snowden blew up was called XKeyscore. Using data from PRISM, the NSA created the equivalent of digital fingerprints for suspected foreign terrorists. The "fingerprint" for each suspect was based on his or her search pattern on the internet. Once a suspect was "fingerprinted," any attempt to evade surveillance by using a different computer and another user name would be detected by the XKeyscore algorithms. After Snowden exposed this program, suspects were able to evade surveillance by changing their search patterns when they changed their aliases.

Snowden also aided potential terrorists by offering specific tips about the secret sources and methods used by both the NSA and its British counterpart, the Government Communications Headquarters. He revealed in a public interview, for example, that the GCHQ had deployed the first "full-take" internet interceptor that "snarfs everything." He then offered up advice on how to circumvent it: "You should never route through or peer with the U.K. under any circumstances. Their fibers are radioactive, and even the Queen's selfies to the pool boy get logged." He also warned internet users to not trust the encryption of any U.S.-based internet company, because of their secret relationships with the NSA. He also warned that the NSA was paying close attention to "jihadi forums," and urged people to stay away from them to avoid being automatically "targeted" by the NSA.

RAF Menwith Hill base, which provides communications and intelligence support services to the United Kingdom and the U.S. is pictured near Harrogate, northern England. Nigel Roddis/Reuters

In addition, Snowden suggested an alternative to those who wanted to evade government surveillance. He recommended that they use end-to-end encryption, which results in messages being encrypted before they are sent over the internet. Almost all militant groups have taken Snowden's advice. After the Snowden breach, ISIS even provided a tutorial on its websites about using end-to-end encryption.

After the Paris ISIS attacks, French investigators were stymied, said François Molins, the former head prosecutor of Paris. They had their phones, but not much useful unencrypted information. "We can't penetrate into certain conversations," he explained, and as a result "we're dealing with this gigantic black hole, a dark zone where there are just so many dangerous things going on."