In an interview with the New York Times published yesterday, document-leaking NSA contractor Edward Snowden made a bold claim in response to allegations that other nations may have got hold of his classified haul:
“There’s a zero percent chance the Russians or Chinese have received any documents.”
Many security and surveillance experts publicly questioned that claim. Google security engineer Justin Schuh tweeted that the remark showed “Snowden is divorced from reality,” saying in a discussion thread with a fellow security industry insider:
@headhntr If you don’t assume any reasonably capable foreign intel has had all of it for months, then you’re indulging a fantasy.— Justin Schuh (@justinschuh) October 18, 2013
That sentiment was shared by many others, including Jeffrey Carr, CEO of security company Taia Global and adjunct professor at George Washington University. He was dismissive of Snowden’s belief that he knows the capabilities of China’s security services thanks to his work at the NSA:
Snowden’s a classic case of Western arrogance towards the East combined with the illusion that SIGINT is all-powerful and all-knowing.— Jeffrey Carr (@jeffreycarr) October 18, 2013
The Electronic Frontier Foundation’s Jillian York also questioned Snowden’s trust in his knowledge of what China’s spies can and can’t do.
Snowden told the Times that although he took the documents to Hong Kong in June, when he fled to Russia in July he didn’t take copies with him. That leaves the journalists he has worked with to disseminate the documents as the only people in possession of them.
What has been released from those files so far suggests that properly implemented cryptography remains unbreakable even for national intelligence agencies (see “NSA Leak Leaves Crypto-Math Intact But Highlights Know Workarounds”). Yet we have also been reminded that agencies such as the NSA can be powerful because implementing security controls in a way that can foil a well-resourced nation-state is extremely difficult.
Even if Snowden did know everything about the capabilities of the NSA or its equivalents in other countries, his curent location in Russia would hardly put him in a position to know for sure that everyone who has access to his files has adequately protected them. That list now includes people at the Guardian, New York Times, Washington Post, and Pro Publica amongst various others.
Perhaps the best reason of all to be skeptical about Snowden’s claim that what he leaked is unknown to other nations is the ease with which he harvested the documents. Snowden was able to poke around inisde the NSA’s systems to collect the files, despite being a relatively low-ranking employee with an external contractor. It’s plausible other countries could have taken the same route.