New revelations from the Snowden archive surface

A decade after Snowden exposed NSA’s mass surveillance in cooperation with the British GCHQ, only about 1% of the documents have been published – but three major facts can finally be revealed thanks to a doctoral thesis in applied cryptography by Jacob Appelbaum

He risked his neck. When Edward Snowden chose to expose the US National Security Agency (NSA)’s mass surveillance, Leviathan, and that of its British counterpart, GCHQ, 10 years ago, he put his life on the line. And he has always declared he has never regretted it.

But years after his act of extraordinary courage, the Snowden archive remains largely unpublished. He trusted in journalists to decide what to publish. In an article published in June 2023, by Guardian Pulitzer Prize winner Ewen MacAskill – who flew to Hong Kong with Glenn Greenwald and Laura Poitras to meet Edward Snowden – McAskill confirmed most of the archive has not been made public. “In the end, we published only about 1% of the document,” he wrote.

What does the remaining 99% of the Snowden archive contain? A decade on, it remains shrouded in secrecy.

A doctoral thesis by American investigative journalist and post-doctoral researcher Jacob Appelbaum has now revealed unpublished information from the Snowden archive. These revelations go back a decade, but remain of indisputable public interest:

  • The NSA listed Cavium, an American semiconductor company marketing Central Processing Units (CPUs) – the main processor in a computer which runs the operating system and applications – as a successful example of a “SIGINT-enabled” CPU supplier. Cavium, now owned by Marvell, said it does not implement back doors for any government.
  • The NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: “You talk, we listen.” The NSA and/or GCHQ has also compromised Key European LI [lawful interception] systems.
  • Among example targets of its mass surveillance program, PRISM, the NSA listed the Tibetan government in exile.

From Der Spiegel to post-doctoral research

These revelations have surfaced for the first time thanks to a doctoral thesis authored by Appelbaum towards earning a degree in applied cryptography from the Eindhoven University of Technology in the Netherlands.

Communication in a world of pervasive surveillance is a public document and has been downloaded over 18,000 times since March 2022 when it was first published.

Appelbaum’s work, supervised by professors Tanja Lange and Daniel J Bernstein, is among the top 10 most popular PhD theses at the Eindhoven University.

When we asked whether the US authorities had contacted the Eindhoven University of Technology to object to the publication of some of the revelations from the Snowden files, a university spokesperson replied that they had not.

In 2013, Jacob Appelbaum published a remarkable scoop for Der Spiegel, revealing the NSA had spied on Angela Merkel’s mobile phone. This scoop won him the highest journalistic award in Germany, the Nannen Prize (later known as the Stern Award).

Nevertheless, his work on the NSA revelations, and his advocacy for Julian Assange and WikiLeaks, as well as other high-profile whistleblowers, has put him in a precarious condition. As a result of this, he has resettled in Berlin, where he has spent the past decade.

In June 2020, when the United States issued a second superseding indictment against Julian Assange, it was clear Appelbaum’s concerns were not a matter of paranoia; the indictment criminalises political speeches given by Assange as well as by former WikiLeaks journalist Sarah Harrison and by Jacob Appelbaum himself, identified under the codename, WLA-3.

Public speeches made by Appelbaum taking a humorous and provocative tone and with titles like “Sysadmins of the World, Unite!” were interpreted as an attempt to recruit sources and as incitement to steal classified documents. To this day, however, there are no publicly known charges against Appelbaum or Harrison.

We asked Jacob Appelbaum, currently a post-doctoral researcher at the Eindhoven University of Technology, why he chose to publish those revelations in a technically written thesis rather than a mass-circulation newspaper.

He replied: “As an academic, I see that the details included are in the public interest, and highly relevant for the topic covered in my thesis, as it covers the topic of large-scale adversaries engaging in targeted and mass surveillance.”

NSA backdoored Cavium CPUs

One of the most important unpublished revelations from the Snowden archive regards American semiconductor supplier Cavium. According to Appelbaum, the Snowden files list Cavium “as a successful SIGINT enabled CPUs vendor”.

“The NSA’s successful cryptographic enabling is by definition the introduction of intentional security vulnerabilities that they are then able to exploit, and they do exploit them often in an automated fashion to spy,” he said. “One such method is sabotaging a secure random generator.”

A random number generator that is unpredictable to everyone “is an essential requirement for meaningful cryptographic security. In most cases, the NSA sabotage happens in a way where the owners, developers, and users are unaware of the sabotage as a core goal”.

The purpose of this sabotage is to allow the NSA to breach the security offered by a given company, device and/or other services.

At no point does Appelbaum write or even suggest that Cavium was complicit in these sabotage activities or was aware of them.

The Snowden documents date back to 2013. In 2018, Cavium was acquired by US company Marvell Technology, one of the two firms which, according to financial services giant JP Morgan, will dominate the custom-designed semiconductors market driven by artificial intelligence.

We contacted Marvell to ask a series of questions, including whether Cavium’s CPUs have basically remained the same in the past decade, and whether it’s certain Cavium CPUs, which, according to the 2013 Snowden files, were “backdoored”, are no longer marketed and in use.

We also asked Marvell whether the company conducted any internal investigations after we informed them about Appelbaum’s revelation. One of the co-founders of Cavium, Raghib Hussain, is currently one of the presidents of Marvell.

Marvell has not provided answers to our specific questions. Its vice-president for corporate marketing, Stacey Keegan, said it did not implement “backdoors” for any government.

Keegan’s statement in full

“Marvell places the highest priority on the security of its products,” she said. “Marvell does not implement ‘backdoors’ for any government. Marvell supports a wide variety of protocols and standards including IPsec, SSL, TLS 1.x, DTLS and ECC Suite B.

“Marvell also supports a wide variety of standard algorithms including several variants of AES, 3DES, SHA-2, SHA-3, RSA 2048, RSA 4096, RSA 8192, ECC p256/p384/p521, Kasumi, ZUC and SNOW 3G.

“All Marvell implementations are based on published security algorithm standards,” Keegan continued. “Marvell’s market leading NITROX family delivers unprecedented performance for security in the enterprise and virtualised cloud datacentres.

“The NITROX product line is the industry leading security processor family designed into cloud datacentre servers and networking equipment, enterprise and service provider equipment including servers, Application Delivery Controllers, UTM Gateways WAN Optimization Appliances, routers, and switches.”

Appelbaum said that as the new owner of Cavium, Marvell “should conduct a serious and transparent technical security investigation into the matter and make the result available to the public”.

He said that he wrote to the company, including to their security response email address, and set this forth in extreme detail, but has never heard back from them.

You talk, we listen

The two other important and yet-unpublished revelations from the Snowden files concern the compromise of foreign government infrastructure by the NSA.

Appelbaum writes in his thesis that the Snowden archive includes largely unpublished internal NSA documents and presentations that discuss targeting and exploiting not only deployed, live interception infrastructure.

The documents also discuss targeting and exploiting suppliers of the hardware and software used to build the infrastructure.

“Primarily these documents remain unpublished because the journalists who hold them fear they will be considered disloyal or even that they will be legally punished,” he said.  

Appelbaum added that “targeting lawful interception equipment is a known goal of the NSA”.

“Unpublished NSA documents specifically list their compromise of the Russian SORM LI infrastructure as an NSA success story of compromising civilian telecommunications infrastructure to spy on targets within reach of the Russian SORM system,” he said.

Though Appelbaum did not publish the NSA slides on SORM in his thesis, he reported that they show two Russian officers wearing jackets bearing the slogan, “You talk, we listen.”

He said it is not unreasonable to assume that parts, if not the entire American lawful interception system, known as CALEA, have been compromised.

In his doctoral thesis, he says key European lawful interception systems “have been compromised by NSA and/or GCHQ”. Appelbaum said the Snowden archive contained “many named target systems, companies, and other countries” that had been impacted.

According to Appelbaum, “compromise” means different things: sometimes it is a matter of technical hacking, others it is a matter of “wilful complicity from inside the company by order of some executives after being approached by the NSA”.

“Woe to those who do not comply immediately,” he added.

NSA spied on the Tibetan government in exile

Some of the most important revelations published from the Snowden archive concerned PRISM, a mass surveillance program which allowed the NSA to access emails, calls, chats, file transfers, web search histories.

The NSA slides claimed that this collection was conducted from the servers of internet giants like Google, Apple, Facebook, Microsoft, AOL, Skype, PalTalk and YouTube, but when the existence of this program was exposed by Glenn Greenwald and Ewen MacAskill in The Guardian and by Laura Poitras and Barton Gellmann in The Washington Post, the internet giants denied any knowledge of the program and denied that they had granted direct access to their servers.

Though PRISM was one of the very first revelations from the Snowden archive, Appelbaum reveals that “the PRISM slide deck was not published in full” and “several pages of the PRISM slide list targets and related surveillance data, and a majority of them appear to be a matter of political surveillance rather than defense against terrorism”.

He said one such example of PRISM’s targets being a matter of political surveillance rather than anti-terrorism “shows a suggestion for targeting the Tibetan Government in Exile through their primary domain name”.

In 1950, the People’s Republic of China took control of Tibet and were met with considerable resistance from the Tibetan people. In 1959, the Fourteenth Dalai Lama left Tibet to seek political asylum in India, and there was a major exodus of Tibetans into the country. The Dalai Lama set up the Tibetan Government in Exile in India and exiled Tibetans have accused China of cruelty and repression for decades.

Appelbaum reveals that the main domain of the Tibetan Government in Exile (tibet.net) “is named as an unconventional example that analysts should be aware of as also falling under the purview of PRISM”. He explains that the email domain was “hosted by Google Mail, a PRISM partner, at the time of the slide deck creation and it is currently hosted by Google Mail as of early 2022”. At the time of this writing, it still is.

According to him, tibet.net exemplifies the political reality of accepting aid from the US. The system administrators wanted to be protected from Chinese hacking and surveillance. To fight Chinese surveillance, the technical team opted to host with Google for email and Cloudfare for web hosting. The reason Google appealed to the technical team behind tibet.net was the excellent reputation of Google’s security team at that time.

“What was unknown at the time of this decision was that Google would, willing or unwillingly, give up the data to the US government in secret,” said Appelbaum. “Thus in seeking to prevent surveillance by the Chinese government some of the time when the Chinese government successfully hack their servers, they unknowingly accepted aid that ensured their data will be under surveillance all of the time.”

As a result, to fight the well-known devil of Chinese surveillance, the Tibetan Government in Exile put itself in the hands of the NSA.

Will the 99% of the Snowden archive ever be published?

How many important revelations like these do the unpublished documents still contain? It is impossible to say so long as the archive remains unpublished. It is also unclear how many copies of the full archive remain available and who has access to them.

Appelbaum says: “There was a discussion among many of the journalists who worked on the archive about opening access to the Snowden archive for academics to discuss, study, and of course to publish. This is a reasonable idea and it should happen, as it is clearly in the public interest.”

He said it was a terrible day when The Guardian allowed GCHQ to destroy the copy of the archive in the UK. However, according to Ewen MacAskill for The Atlantic, “A copy of the Snowden documents remains locked in an office at The Times, as far as I know.”

According to Jacob Appelbaum, The Intercept – the media outlet co-founded by Glenn Greenwald and Laura Poitras to publish the Snowden files – is no longer in possession of the documents. “I was informed that they destroyed their copy of the archive,” Appelbaum told us.

In 2013, the author of this article worked with Glenn Greenwald on the Snowden files regarding Italy, publishing all the documents that Greenwald shared with us in her newspaper at the time, the Italian newsmagazine l'Espresso.

After that journalistic work, we were contacted again to work on additional files, but unfortunately after some preliminary contacts, we never heard from The Intercept again. All of our attempts to work on the files came to nothing, though we never learned what the problem was.

We asked The Intercept whether the publication is still in possession of the Snowden file. A spokesperson replied: “The Intercept does not discuss confidential news-gathering materials.”

Appelbaum is highly critical of those who destroyed the Snowden files. “Even if the privacy violating intercepts are excluded from publication, there is an entire parallel history in that archive,” he said.

Read more on Privacy and data protection