Fort Meade, We Have a Problem …

Orig­i­nal­ly pub­lished on TPM Long­form, Sep­tem­ber 30, 2013.

This past July, the high­est pro­file hack­er con­fer­ence in Amer­i­ca — known as DEFCON — made a show of pub­licly dis­invit­ing all fed­er­al employ­ees from attend­ing. It was a shock, and a rever­sal: Last sum­mer not only were the Feds in the audi­ence, they were on the stage: Nation­al Secu­ri­ty Agency chief Gen­er­al Kei­th Alexan­der was the keynote speak­er; he had come, he said, to “solic­it” sup­port for cyber­se­cu­ri­ty. “You have the tal­ent,” he said, and called for more shar­ing between pri­vate com­pa­nies and the gov­ern­ment. (He also denied that the NSA keeps a file on every U.S. cit­i­zen.)

Only a few found out­side of a para­noid fringe found Alexan­der’s remarks ter­ri­bly con­tro­ver­sial at the time. That has now changed.

Gen. Alexan­der’s appeal came from a deep under­stand­ing that the NSA can­not get very far with­out tech­no­log­i­cal­ly savvy, inno­v­a­tive peo­ple design­ing secure sys­tems, break­ing encryp­tion, and cre­at­ing offen­sive cyber­weapons. Some call them hack­ers: peo­ple who are obsessed with prob­lem solv­ing, and who love to take apart tech­nol­o­gy to see how it works and, if they’re real­ly good, how it can work bet­ter. The world of hack­ers — or coders, to use a soft­er term — can be dif­fi­cult for out­siders to under­stand — an obses­sion with cryp­tog­ra­phy, Lin­ux and home­made bespoke soft­ware, and a pref­er­ence for clev­er­ness over user-friend­ly design does­n’t exact­ly endear them to main­stream Amer­i­ca. There’s anoth­er prob­lem hack­ers have with the gov­ern­ment — they tend to believe there is a right and a wrong way to do things, a mix of mind­set and ide­ol­o­gy, that does­n’t fit well into Wash­ing­ton’s or the Intel­li­gence Com­mu­ni­ty’s very grey, some­times dark, world.

But when it comes to the poten­tial for Cyber­War, Wash­ing­ton is utter­ly reliant on hack­ers to defend against oth­er hack­ers. There’s just one prob­lem: if they ever had a dal­liance with their main­stream secu­ri­ty han­dlers, hack­ers are now firm­ly falling out of love with Wash­ing­ton.

Patriotic Hackery

In the explo­sion of com­put­er secu­ri­ty con­cerns after the 9/11 ter­ror­ist attacks, well-remu­ner­at­ed jobs drew large num­bers of secu­ri­ty researchers — espe­cial­ly hack­ers — in response to a grow­ing anx­i­ety in Wash­ing­ton about the poten­tial for a cyber attack. Jobs were plen­ti­ful, and the com­put­er secu­ri­ty (often short­ened to Infos­ec) com­mu­ni­ty began to grow sym­bi­ot­i­cal­ly with the feds. With­in a week of the World Trade Cen­ter crum­bling, the FBI was issu­ing warn­ings against “vig­i­lante hack­ing,” when a group of hack­ers announced their inten­tion to attack coun­tries they thought sup­port­ed ter­ror­ism. Dur­ing the run-up to the Iraq War, the FBI issued a pub­lic warn­ing about “patri­ot­ic hack­ing” in an attempt to fore­stall cyber­at­tacks on Iraqi com­put­ers. By 2012, the Depart­ment of Home­land Secu­ri­ty was open­ly adver­tis­ing for “patri­ot­ic hack­ers” will­ing to work on secur­ing vul­ner­a­ble com­put­ers. In 2010, DEFCON 18 even had two pan­els called “Meet the Feds,” where offi­cials from the Depart­ment of Home­land Secu­ri­ty, the Air Force, Trea­sury, FBI, NASA, and Nation­al Secu­ri­ty Coun­cil spoke about com­put­er secu­ri­ty top­ics. (One ques­tion, poignant in hind­sight of this sum­mer’s infor­ma­tion rev­e­la­tions, was “How do we con­duct robust con­tin­u­ous mon­i­tor­ing across a large mul­ti-orga­ni­za­tion­al enter­prise yet stay with­in the con­sti­tu­tion­al require­ments for pri­va­cy, civ­il rights and civ­il lib­er­ties?”)

Cyber­war was good busi­ness. Hack­ers raked in lucra­tive con­tracts while the feds built vast sur­veil­lance sys­tems and fright­en­ing cyber­weapons. But there was always a ten­sion between the Hack­er world and their poten­tial employ­ers, an acri­mo­ny that came to light this sum­mer when Edward Snow­den, until June a hack­er work­ing on con­tract for the U.S. gov­ern­ment in Hawaii, leaked high­ly clas­si­fied NSA doc­u­ments and meth­ods. Snow­den’s elec­tri­fy­ing inter­view in June quick­ly went viral. “I don’t want to live in a world where every­thing that I say, every­thing I do, every­one I talk to, every expres­sion of cre­ativ­i­ty or love or friend­ship is record­ed,” he said.

Snow­den was express­ing a fear, broad­ly felt by many in the tech com­mu­ni­ty, that the very sys­tems they had helped to cre­ate over the last four decades were being turned toward some­thing evil. And though he’d been vet­ted, and though the gov­ern­ment trust­ed him to uphold a stan­dard of secre­cy, he felt his moral duty was not to his employ­ers, but to his con­science. In the process he revi­tal­ized a long-run­ning debate with­in the com­put­er secu­ri­ty indus­try: is it ever eth­i­cal to work for the Intel­li­gence Com­mu­ni­ty? And he raised aware­ness, on the nation­al secu­ri­ty side, of anoth­er prob­lem: can you ever trust that a hack­er, by his or her very nature, won’t go rogue if he or she does­n’t agree with a choice the gov­ern­ment has made?

When you think the way you code, in a bina­ry of good and bad, encoun­ter­ing the real world can be an unpleas­ant expe­ri­ence.

For the Intel­li­gence Com­mu­ni­ty, Snow­den was a scary exam­ple of some­one who once believed in the gov­ern­men­t’s posi­tion but had turned, sud­den­ly it seemed, res­olute­ly against it. Tech­nol­o­gy web­site Ars Tech­ni­ca dug up enthu­si­as­tic old posts Snow­den had left on their dis­cus­sion forums, dat­ing back to 2001. As recent­ly as 2009, he mused that peo­ple who leak nation­al secu­ri­ty secrets “should be shot in the balls.” Then he began to shift, not­ing in those same forums how many cor­po­ra­tions were enabling gov­ern­ment spy­ing. “It real­ly con­cerns me how lit­tle this sort of cor­po­rate behav­ior both­ers those out­side of tech­nol­o­gy cir­cles,” he wrote.

Snow­den’s very pub­lic demon­stra­tion that the gov­ern­ment can­not con­trol the activ­i­ties — let alone mind­set — of the hack­ers it employ­ees has gained him plau­dits, not recrim­i­na­tions, in the broad­er coder com­mu­ni­ty. “A lot of peo­ple at these [hack­er] con­fer­ences make tools that find their way to the Intel­li­gence Com­mu­ni­ty,” Chris Soghoian, prin­ci­ple tech­nol­o­gist at the Speech, Pri­va­cy, and Tech­nol­o­gy Project at the ACLU says. “And the last two months have­made a lot of them unhap­py.”

I grew up with the under­stand­ing that the world I lived in was one where peo­ple enjoyed a sort of free­dom to com­mu­ni­cate with each oth­er in pri­va­cy with­out it being mon­i­tored,” Snow­den told Guardian colum­nist Glenn Green­wald. Snow­den’s expo­sure of the con­stant, per­va­sive pres­ence of gov­ern­ment is start­ing to revive old anti-gov­ern­ment antag­o­nisms.

As Snow­den’s leaks con­tin­ued over the sum­mer, his sup­port in the tech com­mu­ni­ty grew along with broad antipa­thy to the NSA and the Intel­li­gence Com­mu­ni­ty and a grow­ing skep­ti­cism about work­ing for the gov­ern­ment at all. “I think many peo­ple feel betrayed by and dis­trust­ful of the NSA,” Mox­ie Mar­lin­spike, a com­put­er secu­ri­ty researcher and cofounder of Whis­per Sys­tems, an encryp­tion ser­vice for Android mobile phones.

This shift in atti­tude — com­ing right when com­put­er secu­ri­ty chal­lenges, and the bud­gets to man­age them, are peak­ing — could pose a seri­ous chal­lenge for the gov­ern­ment. “I haven’t seen this lev­el or sort of ani­mos­i­ty since the 90s,” Jeff Moss, founder of DEFCON, recent­ly told Reuters. Clear­ly the post- 9/11 hon­ey­moon between hack­ers and the Intel­li­gence Com­mu­ni­ty had come to an end.

A cultural challenge for the Intelligence Community

The InfoS­ec com­mu­ni­ty is rife with peo­ple who espouse a tech­nol­o­gy-enabled, anti-author­i­ty civ­il lib­er­tar­i­an­ism, a world­view at best con­stant­ly at odds with work­ing for the gov­ern­ment. Often short­hand­ed as tech­no­lib­er­tar­i­an­ism, it is best under­stood as a direct descen­dent of 1960s coun­ter­cul­ture. Julian Assange, founder of Wik­ileaks, explained this in a 2006 essay, in which he argued that gov­ern­ment itself is, by def­i­n­i­tion, a con­spir­a­cy, and the only way to dis­rupt the con­spir­a­cy is by reduc­ing its capac­i­ty to con­spire through leaks and strong cryp­tog­ra­phy. Basi­cal­ly, if the gov­ern­ment can­not keep secrets, but the peo­ple can, then a bal­ance can be found per­ma­nent­ly weight­ed on the side of indi­vid­ual lib­er­ty.

The ten­sion between com­put­er secu­ri­ty researchers and the gov­ern­ment using their inven­tions for sur­veil­lance dom­i­nat­ed DEFCON this year. Alex Sta­mos, the CTO of Artemis Inter­net Inc ., an inter­net secu­ri­ty com­pa­ny, gave a heart­felt talk on the ethics of their indus­try. “Who is get­ting your bugs,” he asked the assem­bled hack­ers. “What are they doing with them? Whose goals are being accom­plished?”

Sta­mos’ con­cern was that the hack­er ethos, to the extent one even exists, inspires many of the atten­dees to vig­or­ous­ly research secu­ri­ty sys­tems to see how they work. He not­ed that the seem­ing­ly para­noid fringe of the Infos­ec com­mu­ni­ty, which com­plained bit­ter­ly of gov­ern­ment sur­veil­lance, was proven cor­rect. “Think about your moral lim­its before you reach them” he urged every­one.

Those moral lim­its aren’t always clear, how­ev­er. The peo­ple devel­op­ing this tech­nol­o­gy, who see it as an instru­ment of social change (even rev­o­lu­tion) are also acute­ly aware it can be used just as eas­i­ly by the gov­ern­ment for oppres­sion.

Many of the pri­va­cy inno­va­tions in use on the inter­net today — sym­bol­ized by a small lock at the bot­tom of most web browsers — came from an ear­ly group of pro­gram­mers called Cypher­punks. Eric Hugh­es, a math­e­mati­cian and one of the cofounders of the Cypher­punk ide­ol­o­gy, wrote the move­men­t’s influ­en­tial 1993 essay, “A Cypher­punk’s Man­i­festo.” Pri­va­cy, accord­ing to cypher­punks, is not just secre­cy — it is “the pow­er to selec­tive­ly reveal one­self to the world.”

In the cypher­punk uni­verse, the NSA embod­ies every­thing they stand against: it is closed, pro­pri­etary, and has com­put­ers so expen­sive that only a gov­ern­ment could pos­si­bly build them. For a tech­no­lib­er­tar­i­an it is a per­fect dystopia, not only big gov­ern­ment, but anti-pri­va­cy. It is a sim­pli­fied utopi­an vision of the world: it is how hack­ers in prison can com­pare them­selves to Jews per­se­cut­ed by Nazis, or treat the inter­net as if it does­n’t require a phys­i­cal real­i­ty — routers, fiber pipelines, com­put­ers, microchips, and mon­i­tors — to make real.

When you think the way you code, in a bina­ry of good and bad, encoun­ter­ing the real world can be an unpleas­ant expe­ri­ence. And now the com­mu­ni­ty is grap­pling with the messy com­plex­i­ty that the tools they build, like all tools, are being used for good and evil and many things in between. “Plen­ty of peo­ple in the hack­er com­mu­ni­ty, includ­ing myself, prob­a­bly have a lot less respect for peo­ple work­ing to assist the NSA at this point,” Mar­lin­spike says.

In part the prob­lem comes from what the gov­ern­ment needs in terms of secre­cy. Coders believe in a world that might embrace the option of pri­va­cy — as Eric Hugh­es explained it “selec­tive reveal­ing one­self” but lit­er­al­ly eschews secre­cy (to cyber­phunks that’s “some­thing one does­n’t want any­body to know”). While the Intel­li­gence Com­mu­ni­ty is obsessed with secrets and lim­it­ing access to infor­ma­tion, the InfoS­ec com­mu­ni­ty, those cyber­phunk kids, are obsessed with trans­paren­cy. It is a ten­sion that makes their rela­tion­ship fraught at best, dan­ger­ous at worst.

There is, at its heart, a con­tra­dic­tion in the cypher­punk ide­ol­o­gy: the world can­not simul­ta­ne­ous­ly pro­tect every­one’s pri­va­cy and also be total­ly trans­par­ent of agen­da and moti­va­tion.

There is, at its heart, a con­tra­dic­tion in the cypher­punk ide­ol­o­gy: the world can­not simul­ta­ne­ous­ly pro­tect every­one’s pri­va­cy and also be total­ly trans­par­ent of agen­da and moti­va­tion. But the square is part­ly cir­cled when you real­ize that ‘pri­va­cy’ is the realm of the indi­vid­ual while ‘secre­cy’ is the domain of large insti­tu­tions — gov­ern­ments and large cor­po­ra­tions. Unsur­pris­ing­ly for a lib­er­tar­i­an ethos, it is at heart a debate and cal­cu­lus about pow­er. But in reach­ing out to these tech­no­lib­er­tar­i­an coders for help, the gov­ern­ment is in effect ask­ing them to betray their own ethos.

In the 1990s, Hugh­es thought cryp­tog­ra­phy, and the pri­va­cy it affords, would ush­er in a new age of pro­gres­sive change. But some­where along the way, pro­gres­sive change became dis­rup­tive change. Some of that came from the work of Julian Assange. Like Snow­den, Julian Assange has led the charge against the gov­ern­men­t’s efforts to both mon­i­tor Amer­i­cans and be cloaked in secre­cy — and use hack­ers to do their dirty work for them. Assange coau­thored a book in 2010, Cypher­punks: Free­dom and the Future of the Inter­net. In it he argued that pri­va­cy tech­nol­o­gy, like strong cryp­tog­ra­phy, is how the inter­net as a whole can both pro­tect indi­vid­u­als from the state and, ulti­mate­ly, dis­rupt the state itself. The inter­net, which Assange calls “our great­est tool of eman­ci­pa­tion,” has been “trans­formed into the most dan­ger­ous facil­i­ta­tor of total­i­tar­i­an­ism we have ever seen.” Issu­ing a “call to cryp­to­graph­ic arms,” Assange then sets out cryp­tog­ra­phy as the only pos­si­ble bul­wark against tyran­ny.

These days the new para­noid style of cypher­punks is spread­ing through the Infos­ec com­mu­ni­ty. Though sup­port for Assange him­self has ebbed and flowed, his hyper-indi­vid­u­al­is­tic, anti-author­i­ty, utopi­an con­cept of gov­ern­ment and lib­er­ty is dis­plac­ing the more tra­di­tion­al utopi­an ideals of the ear­ly hack­er move­ment. And that intel­lec­tu­al foun­da­tion, accord­ing to Gabriel­la Cole­man, the Wolfe Chair in Sci­en­tif­ic and Tech­no­log­i­cal Lit­er­a­cy at McGill Uni­ver­si­ty, is “a cul­ture com­mit­ted to free­ing infor­ma­tion, insist­ing on pri­va­cy, and fight­ing cen­sor­ship.”

For a time, the ris­ing star of this new cul­ture was Aaron Swartz, a com­put­er researcher who helped invent the RSS for­mat at the age of 14, then helped cre­ate Cre­ative Com­mons (an open copy­right scheme bet­ter suit­ed to the Inter­net than tra­di­tion­al copy­right) and lat­er Red­dit. He was a hack­er in the most clas­si­cal sense of the term: tech­no­log­i­cal­ly savvy, incred­i­bly smart and utter­ly devot­ed to mak­ing sys­tems work bet­ter through tech­nol­o­gy.

The hack­ers who helped build the World Wide Web, like Tim Bern­ers-Lee, also saw him as the future of the inter­net. As Noam Schieber put it, “What these adults saw in Swartz was some­one who could real­ize the mes­sian­ic poten­tial of the Inter­net, some­one who could build the tools that would lib­er­ate infor­ma­tion and keep it free from the cor­po­ra­tions and bureau­crats who would wall it off.” He was open-source, pro-pri­va­cy, and opposed to cor­po­rate or gov­ern­ment own­er­ship of cyber­space.

While on a fel­low­ship at MIT, Swartz had access to the entire JSTOR aca­d­e­m­ic cat­a­logue, the dig­i­tal library of vir­tu­al­ly all aca­d­e­m­ic arti­cles in the human­i­ties which is nor­mal­ly accessed for steep fees paid by uni­ver­si­ties. He did­n’t believe it should be closed — did­n’t believe that intel­lec­tu­al prop­er­ty should be con­trolled in that way — so he down­loaded every doc­u­ment and made them avail­able to any­one on the inter­net, call­ing it his “Open Access Guer­ril­la Man­i­festo.” The feds prompt­ly arrest­ed him. The sub­se­quent inves­ti­ga­tion, indict­ment and relent­less (some thought vin­dic­tive) pros­e­cu­tion led to Swartz’s sui­cide by hang­ing in Jan­u­ary of 2013. In the months since, his death has become a ral­ly­ing cry in the com­mu­ni­ty.

Short­ly after Swartz’s sui­cide, Wik­ileaks revealed he had been a “source” for the orga­ni­za­tion and in com­mu­ni­ca­tion with Julian Assange. In fact, if it weren’t already clear: Assange is at the cen­ter of many of the most impor­tant inci­dents of geek cul­ture butting up against laws and gov­ern­ment inter­ests in recent years.

Julian Assange is an impor­tant cul­tur­al cat­a­lyst,” Gabriel­la Cole­man told me in July. Assange helped the hack­er com­mu­ni­ty real­ize its poten­tial for polit­i­cal activism, pre­vail­ing upon their nat­ur­al ten­den­cy for sus­pi­cion of the gov­ern­ment, and nat­ur­al cyn­i­cism that the gov­ern­ment is actu­al­ly work­ing with the gen­er­al pub­lic’s best inter­est at heart. Cole­man explained that pri­or to the rise of Wik­ileaks many hack­ers thought they could lever­age their secu­ri­ty and open­ness ideals to influ­ence some pub­lic opin­ion, but their vision was nev­er very large. Assange showed that the right kind of hack, the right kind of leak, could spark mas­sive trans­for­ma­tive change. Assange instant­ly became a per­fect anti-hero to the gov­ern­ment patri­ot­ic hack­er types — brash, uncon­trol­lable, imper­fect, and espe­cial­ly attrac­tive to young peo­ple who might be recruit­ed for gov­ern­ment work.

It was through con­ver­sa­tions with Assange, accord­ing to gov­ern­ment pros­e­cu­tors at her court mar­tial that Chelsea — for­mer­ly Bradley — Man­ning began her jour­ney to become the coun­try’s biggest nation­al secu­ri­ty leak­er in his­to­ry. The two began chat­ting as ear­ly as Novem­ber of 2009, and over the next six months their dis­cus­sions ranged from the pol­i­tics of the war to how Man­ning could cov­er her tracks.

Man­ning was already a mal­con­tent — she had already thrown chairs at her fel­low sol­diers — but it seems clear Assange played a role in focus­ing that inchoate dis­con­tent and anger into tak­ing direct action through leak­ing. Then, just days after Edward Snow­den revealed him­self as the source of the leaks reveal­ing NSA spy­ing activ­i­ties around the globe, Assange again popped up, say­ing he “had been in indi­rect com­mu­ni­ca­tion” with Snow­den. Always, it seems, Assange is there encour­ag­ing dis­sat­is­fied young peo­ple to buck author­i­ty and leak sen­si­tive files, and, ulti­mate­ly, to upend gov­ern­ments glob­al­ly.

Tech has a troubled, complicated political history

It’s pecu­liar, in many ways, that hack­ers ever came around to help Wash­ing­ton. For decades, Sil­i­con Val­ley and the hack­er cul­ture behind it has been dogged by the charge that its ide­al­ism, a sort-of tech­no-utopi­anism, is all just bare­ly-dis­guised and gen­er­al­ized hos­til­i­ty to gov­ern­ment. In hack­er­dom the web was a vir­tu­al wild west where gov­ern­ments could­n’t con­trol behav­ior and fierce indi­vid­u­al­ism ruled. Cypher­punks took lib­er­tar­i­an indi­vid­u­al­ism to an extreme, lim­it­ing their com­mu­ni­ties only to them­selves and their con­nec­tions to the out­side world to their com­put­ers.

Pauli­na Bor­sook, a staff writer for Wired, saw that iso­la­tion as deeply trou­bling. Describ­ing a cul­ture of “tremen­dous self-insu­la­tion,” Bor­sook, wor­ried as far back as 1996 about how they were going to affect the coun­try. “What will result if the peo­ple who want to shape pub­lic pol­i­cy,” she wrote of the seem­ing­ly lim­it­less need to bring hack­ers into gov­ern­ment “know noth­ing about his­to­ry or polit­i­cal sci­ence or, most impor­tant­ly, how to inter­act with oth­er humans?”

Yet that lib­er­tar­i­an­ism has its roots back to the 1960s coun­ter­cul­ture move­ment that found a nat­ur­al home in the bud­ding high tech­nol­o­gy scene of the San Fran­cis­co area. As the coun­ter­cul­tur­al­ists reached for new forms of human con­scious­ness, they increas­ing­ly used tech­nol­o­gy to enable it. A mas­sive com­mu­ni­ty grew up around the Whole Earth Cat­a­log, a Nation­al Book Award win­ning coun­ter­cul­ture pub­li­ca­tion that com­bined (in their words) “the rugged indi­vid­u­al­ism and back-to-the-land move­ments of the Six­ties coun­ter­cul­ture” and “the nascent glob­al com­mu­ni­ty made pos­si­ble by the Inter­net.”

The Cat­a­log was an ear­ly pres­ence online, too, as the Whole Earth ‘Lec­tron­ic Link, or WELL. Along the way Stew­art Brand, the founder and edi­tor of the Whole Earth Cat­a­log, received a $1.3 mil­lion advance in 1983 for the Whole Earth Soft­ware Cat­a­log, which his pub­lish­ers hoped would encour­age a com­mu­ni­ty around soft­ware sim­i­lar to the one he had enabled in the 1960s.

Brand was no stranger to using com­put­ers to advance his social ideas — he wrote about hack­ers for Rolling Stone in 1972, where he described them as a “mobile new-found elite” build­ing the com­put­ers — and com­put­er games — of tomor­row. Yet the hack­ers Brand pro­filed most­ly worked on the ear­ly incar­na­tion of the inter­net called ARPANET net­work, named after the Pen­ta­gon research branch that invent­ed it. So he saw, ear­ly and up-close, the reluc­tance many con­trac­tors felt at hav­ing their exper­tise put to use by the gov­ern­ment.

The resis­tance may have some­thing to do with reluc­tances about equip­ping a future Big Broth­er and his Cen­tral Com­put­er,” Brand wrote. “The fas­ci­na­tion resides in the thor­ough right­ness of com­put­ers as com­mu­ni­ca­tions instru­ments, which implies some rev­o­lu­tions.”

Forty-one years ago, when the inter­net was lit­tle more than an excit­ing sci­ence exper­i­ment fund­ed by the Pen­ta­gon and dra­mat­i­cal­ly expand­ed upon in research uni­ver­si­ties, the fun­da­men­tal ten­sion between researchers utopi­an goals and fears of gov­ern­ment exploita­tion defined much of the com­mu­ni­ty.

The U.S. Army fund­ed the devel­op­ment of the first rec­og­niz­able mod­ern com­put­er, called ENIAC [Elec­tron­ic Numer­i­cal Inte­gra­tor And Com­put­er], in 1946. ENIAC cal­cu­lat­ed artillery tables for a vari­ety of weapons (Los Alam­os first used it to cal­cu­late the yield of the first hydro­gen bomb). But in design­ing a flex­i­ble machine — a thou­sand times faster than the most advanced mechan­i­cal com­pu­ta­tion­al device at the time — they had cre­at­ed some­thing with much more promise than sim­ple cal­cu­la­tions: though labo­ri­ous­ly slow, it could be pro­grammed to do aston­ish­ing­ly com­plex tasks. The mil­i­tary-fund­ed ENIAC in many ways birthed the mod­ern com­put­ing era.

In 1962, the Advanced Research Projects Agency, now known as DARPA, want­ed to con­nect the com­put­ers used at the Pen­ta­gon, Strate­gic Air Com­mand in Oma­ha, and the North Amer­i­can Aero­space Defense Com­mand (NORAD), in Col­orado. A year lat­er, ARPA invent­ed pack­et switch­ing (a method for trans­mit­ting infor­ma­tion over a net­work), which is still the foun­da­tion of the inter­net. In 1968, ARPA fund­ed the build­ing of the first net­work. By 1972, the TCP/IP pro­to­col dra­mat­i­cal­ly improved the reli­a­bil­i­ty of ARPANet, allow­ing new net­works to link up. The inter­net was born.

What this means for the cur­rent ten­sion between many com­put­er secu­ri­ty pro­fes­sion­als and the U.S. gov­ern­ment is pro­found. The inter­net was invent­ed and fund­ed by the mil­i­tary. At the same time, from its ear­li­est the days the inter­net was nev­er exclu­sive­ly mil­i­ta­rized. “I think it’s an over-gen­er­al­iza­tion,” Mar­lin­spike, the secu­ri­ty researcher, says, to sug­gest “that the secu­ri­ty com­mu­ni­ty has tra­di­tion­al­ly had a good rela­tion­ship with the Intel­li­gence Com­mu­ni­ty as a whole. Many of the secu­ri­ty com­mu­ni­ty’s incep­tion sto­ries also begin with being at odds with enti­ties like the NSA.”

Indeed, the two sides — researchers and the mil­i­tary — have oscil­lat­ed between trust and mis­trust, coop­er­a­tion and con­fronta­tion, for decades — a fact made worse by the 21st cen­tu­ry explo­sion of gov­ern­ment con­tract­ing.

The Inherent Weakness of a Contracted Intelligence Community

The rapid rise of cyber­war­fare offices in most mil­i­tary com­mands and intel­li­gence offices — along with the cre­ation of the mil­i­tary’s Cyber Com­mand in 2009 ‑cre­at­ed enor­mous pres­sure to fill jobs with skilled IT and secu­ri­ty work­ers. But despite years of effort to reverse the trend, the Intel­li­gence Com­mu­ni­ty is still heav­i­ly con­tract­ed out. This is truer now for cyber­war­fare pro­grams than for the more tra­di­tion­al ana­lyt­ic offices, where the need for rapid expan­sion has out­stripped the gov­ern­men­t’s abil­i­ty to hire inter­nal­ly for posi­tions. That means the gov­ern­ment, and the NSA in par­tic­u­lar, has had to dip again and again into this pool of poten­tial work­ers — the hack­er com­mu­ni­ty writ large — who are them­selves con­flict­ed, at best, about the goals of the work for which they have signed on. Snow­den made a hefty six-fig­ure salary while liv­ing in Hawaii and work­ing for Booz Allen Hamil­ton on con­tract at the NSA. He’s hard­ly alone.

Gov­ern­ment hir­ing is too slow — and often pays far too lit­tle — to attract many com­pe­tent secu­ri­ty researchers. Yet tech­ni­cal skills are in incred­i­bly high demand right now. And because recruit­ing and train­ing takes so much time, con­trac­tors must fill the gap.

Snow­den’s top secret clear­ance was processed by a con­trac­tor, USIS — which is now fac­ing a grand jury inves­ti­ga­tion over whether it took short­cuts in its inves­ti­ga­tions.
Snow­den is the most high pro­file, but all such new recruits present a chal­lenge to gov­ern­ment offi­cials: find­ing out who among the con­tract­ed recruits either does­n’t get, or active­ly rejects, the insti­tu­tion­al code of con­duct around secre­cy. Mem­bers of Anony­mous, the hack­ing col­lec­tive respon­si­ble for denial of ser­vice attacks against cor­po­ra­tions, claim to have “infil­trat­ed” the U.S. Army. Whether that is real­ly true or not, the risk posed by such infil­tra­tion is only going to increase.

For the Intel­li­gence Com­mu­ni­ty, Snow­den was a scary exam­ple of some­one who once believed in the gov­ern­men­t’s posi­tion but had turned, sud­den­ly it seemed, against it.

If con­trac­tors real­ly are sub­ject­ed to rushed back­ground inves­ti­ga­tions, yet are paid vast­ly more than their fed­er­al coun­ter­parts, it would cre­ate a per­verse incen­tive to hire skilled, but not nec­es­sar­i­ly trust­wor­thy, work­ers. The gov­ern­ment cer­tain­ly thinks that what hap­pened with Snow­den. In a Con­gres­sion­al hear­ing in June, Patrick McFar­land, inspec­tor gen­er­al for the U.S. Office of Per­son­nel Man­age­ment, said that he believes Snow­den was improp­er­ly vet­tedby USIS.

Peo­ple with top secret clear­ances are sup­posed to under­go a “Peri­od­ic Rein­ves­ti­ga­tion” every five years. Often it is as sim­ple as re-fil­ing a com­mon appli­ca­tion form, though it can some­times require a poly­graph.

Accord­ing to a report in McClatchy, more than 73,000 peo­ple under­go poly­graphs each year. It is a deeply con­tro­ver­sial and inva­sive process — nor­mal­ly, peo­ple who have already been cleared face sub­stan­tial­ly less scruti­ny for their clear­ance renew­al. But poly­graphs are always painful — dig­ging into shame­ful, deeply per­son­al inci­dents to gauge a per­son­’s vul­ner­a­bil­i­ty to coer­cion, temp­ta­tion, or bribery. Nev­er­the­less, it is a cor­ner­stone of the coun­ter­in­tel­li­gence process — much of the threat assess­ment for employ­ees han­dling sen­si­tive mate­r­i­al takes place dur­ing those screen­ings.

Notably, every­one at the NSA and CIA under­goes poly­graphs, includ­ing Edward Snow­den. Inves­ti­ga­tors are unsure how the process could be reformed to catch the next poten­tial leak­er — or the next poten­tial per­son to find him­self dis­grun­tled enough with the mate­r­i­al he comes across, or the high­ly del­i­cate infor­ma­tion, that he takes it upon him­self to employ the weapon of expo­sure rather than abide by the rules to which he has agreed to abide.

Fund­ing cuts, caused by seques­tra­tion, are forc­ing the sus­pen­sion of all kinds of renew­al inves­ti­ga­tion for high­ly cleared con­trac­tors. It’s unclear how any over­sight or account­abil­i­ty can take place if the peri­od­ic rein­ves­ti­ga­tions are sus­pend­ed — espe­cial­ly when the biggest clear­ance con­trac­tor, USIS, is itself being inves­ti­gat­ed for shod­dy inves­ti­ga­tions.

Out­side of peri­od­ic reviews, there is a grow­ing para­noia with­in intel­li­gence agen­cies — pre­cise­ly the effect Assange hoped for in his man­i­festo about leak­ing. The so-called “Insid­er Threat Pro­gram” is the most vis­i­ble. The ITP, as it’s called, requires mil­lions of fed­er­al employ­ees and con­trac­tors watch for “high-risk per­sons or behav­iors” among their peers. Every employ­ee faces a steep penal­ty, includ­ing pos­si­bly crim­i­nal charges, for fail­ing to report any risky behav­iors. The NSA in par­tic­u­lar has insti­tut­ed the “Two-Per­son Rule,” which requires two peo­ple always be present when top secret infor­ma­tion is accessed. What that risk entails — a polit­i­cal ide­ol­o­gy, men­tal insta­bil­i­ty, dis­con­tent — is wor­ry­ing­ly vague. In the pub­lic descrip­tion of the ITP, every­one and no one is a risk.

NSA Chief Gen­er­al Alexan­der has said the new rule “makes our job more dif­fi­cult,” because it will slow down the ana­lyt­ic process. But speed is not the great­est down­side to such para­noia.

While few see the Infos­ec com­mu­ni­ty utter­ly reject­ing the gov­ern­ment, the gov­ern­ment has­n’t begun to grap­ple with the cul­tur­al chal­lenges posed by a gen­er­a­tion grow­ing up deeply dis­trust­ful of its own poli­cies, sur­round­ed by peers who are active­ly try­ing to sub­vert it, yet still depen­dent on the unique skills they’ve devel­oped. It is a chal­lenge unlike any oth­er social force they’ve faced since World War II.

The col­lab­o­ra­tion between hack­ers and the gov­ern­ment con­tin­ues, shak­i­ly. Hack­ers get the main­stream legit­i­ma­cy of gov­ern­ment work, while the gov­ern­ment gets to tap their exper­tise. Done right, it is a sym­bio­sis that can pro­tect the coun­try while fund­ing incred­i­ble inno­va­tion. But the prob­lem is, even done right there is an inher­ent ten­sion as to whether those work­ers believe in their work or if they will, like Snow­den, become a law unto them­selves, more faith­ful to the ethos of their rogue cod­ing cul­ture than that of the gov­ern­ment that has employed them. They might also be seen as a check on gov­ern­ment wrong­do­ing. But with every hack­er a law unto him or her­self, the unpre­dictabil­i­ty and inse­cu­ri­ty is a prob­lem for the secu­ri­ty sys­tems of the gov­ern­ment and banks. Left unchecked, the cul­tur­al clash­es between hack­ers and the gov­ern­ment could leave every­one vul­ner­a­ble.