He risked his neck. When Edward Snowden chose to expose the U.S. National Security Agency (NSA)’s mass surveillance Leviathan, and that of its British counterpart, GCHQ, 10 years ago, he put his life on the line. And he has always declared he has never regretted it.
But years after his act of extraordinary courage, the Snowden archive remains largely unpublished. He trusted in journalists to decide what to publish. In an article published in June 2023, by Guardian Pulitzer prize winner Ewen MacAskill – who flew to Hong Kong with Glenn Greenwald and Laura Poitras to meet Edward Snowden – McAskill confirmed that most of the archive has not been made public. “In the end, we published only about 1 percent of the document,” he wrote.
What does the 99 percent of the Snowden archive contain? A decade on, it remains shrouded in secrecy.
A doctoral thesis by American investigative journalist and post-doctoral researcher Jacob Appelbaum has now revealed unpublished information from the Snowden archive. These revelations go back to a decade but they remain of indisputable public interest:
- the NSA listed Cavium, an American semiconductor company marketing Central Processing Units (CPUs) – the main processor in a computer which runs the operating system and applications – as a successful example of a “SIGINT enabled” CPU vendor. Cavium, now owned by Marvell said it does not implement back doors for any government.
- the NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: “you talk, we listen”. The NSA and/or GCHQ has also compromised “Key European LI [lawful interception] systems.
- among example targets of its mass surveillance program, PRISM, the NSA listed the Tibetan government in exile.
From Der Spiegel to post-doctoral research
These revelations have surfaced for the first time thanks to a doctoral thesis authored by Appelbaum towards earning a degree in applied cryptography from the Eindhoven University of Technology in the Netherlands.
Titled “Communication in a world of pervasive surveillance”, it is a public document and has been downloaded over 18,000 times since March 2022 when it was first published.
Appelbaum’s work, supervised by professors Tanja Lange and Daniel J. Bernstein, is among the top ten most popular Ph.D. theses at the Eindhoven University.
When we asked whether the U.S. authorities had contacted the Eindhoven University of Technology to object to the publication of some of the revelations from the Snowden files, a university spokesperson replied that they had not.
In 2013, Jacob Appelbaum published a remarkable scoop for Der Spiegel, revealing that the NSA had spied on Angela Merkel’s mobile phone. This scoop won him the highest journalistic award in Germany, the Nannen prize (later known as the Stern Award).
Nevertheless, his work on the NSA revelations and his advocacy for Julian Assange and WikiLeaks and for high-profile whistleblowers has put him in a precarious condition. As a result of this he has resettled in Berlin, where he has spent the last decade.
In June 2020, when the United States issued a second superseding indictment against Julian Assange, it was clear that Appelbaum’s concerns were not a matter of paranoia; the indictment criminalizes political speeches given by Assange as well as by former WikiLeaks journalist Sarah Harrison and by Jacob Appelbaum himself, identified under the codename “WLA-3”.
Public speeches made by Appelbaum taking a humorous and provocative tone and with titles like “Sysadmins of the World, Unite!” were interpreted as an attempt to recruit sources and as incitement to steal classified documents. To this day, however, there are no publicly-known charges against Appelbaum or Harrison.
We asked Jacob Appelbaum, currently a post-doctoral researcher at the Eindhoven University of Technology, why he chose to publish those revelations in a technically written thesis rather than a mass-circulation newspaper.
“As an academic”, he replied, “I see that the details included are in the public interest, and highly relevant for the topic covered in my thesis, as it covers the topic of large-scale adversaries engaging in targeted and mass surveillance”.
NSA backdoored Cavium CPUs
One of the most important unpublished revelations from the Snowden archive regards American semiconductor vendor Cavium. According to Appelbaum, the Snowden files list Cavium “as a successful SIGINT enabled CPUs vendor”.
“The NSA’s successful cryptographic enabling is by definition the introduction of intentional security vulnerabilities that they are then able to exploit, and they do exploit them often in an automated fashion to spy,” he said.
“One such method”, he added, “is sabotaging a secure random generator”.
A random number generator that is unpredictable to everyone “is an essential requirement for meaningful cryptographic security. In most cases, the NSA sabotage happens in a way where the owners, developers, and users are unaware of the sabotage as a core goal”.
The purpose of this sabotage is to allow the NSA to breach the security offered by a given company, device and/or other services.
At no point does Appelbaum write or even suggest that Cavium was complicit in these sabotage activities or was aware of them.
The Snowden documents date back to 2013. In 2018, Cavium was acquired by the U.S. company Marvell Technology, one of the two firms which, according to financial services giant J.P. Morgan, will dominate the custom-designed semiconductors market driven by Artificial Intelligence.
We contacted Marvell to ask a series of questions, including whether Cavium’s CPUs have basically remained the same in the last decade, and whether it is certain that Cavium CPUs, which according to the 2013 Snowden files were “backdoored”, are no longer marketed and in use.
We also asked Marvell whether the company conducted any internal investigations after we informed them about Appelbaum’s revelation. One of the co-founders of Cavium, Raghib Hussain, is currently one of the presidents of Marvell.
Marvell has not provided answers to our specific questions. Its vice president for Corporate Marketing, Stacey Keegan, said that it did not implement “backdoors” for any government.
Her statement reads in full:
“Marvell places the highest priority on the security of its products. Marvell does not implement “backdoors” for any government. Marvell supports a wide variety of protocols and standards including IPsec, SSL, TLS 1.x, DTLS and ECC Suite B.
“Marvell also supports a wide variety of standard algorithms including several variants of AES, 3DES, SHA-2, SHA-3, RSA 2048, RSA 4096, RSA 8192, ECC p256/p384/p521, Kasumi, ZUC and SNOW 3G.
“All Marvell implementations are based on published security algorithm standards [.] Marvell’s market leading NITROX family delivers unprecedented performance for security in the enterprise and virtualized cloud data centers.
“The NITROX product line is the industry leading security processor family designed into cloud data center servers and networking equipment, enterprise and service provider equipment including servers, Application Delivery Controllers, UTM Gateways WAN Optimization Appliances, routers, and switches”.
Appelbaum said that as the new owner of Cavium, Marvell “should conduct a serious and transparent technical security investigation into the matter and make the result available to the public”.
He said that he wrote to the company, including to their security response email address, and set this forth in extreme detail, but has never heard back from them.
You talk, we listen
The two other important and yet unpublished revelations from the Snowden files concern the compromise of foreign government infrastructure by the NSA.
Appelbaum writes in his thesis that the Snowden archive includes largely unpublished internal NSA documents and presentations that discuss targeting and exploiting not only deployed, live interception infrastructure.
The documents also discuss targeting and exploiting the vendors of the hardware and software used to build the infrastructure.
“Primarily these documents remain unpublished because the journalists who hold them fear they will be considered disloyal or even that they will be legally punished,” he writes.
Appelbaum adds that “Targeting lawful interception (LI) equipment is a known goal of the NSA”.
“Unpublished NSA documents specifically list their compromise of the Russian SORM LI infrastructure as an NSA success story of compromising civilian telecommunications infrastructure to spy on targets within reach of the Russian SORM system,” he says.
Though Appelbaum did not publish the NSA slides on SORM in his thesis, he reports that they show two Russian officers wearing jackets bearing the slogan: “you talk, we listen”.
He says that it is not unreasonable to assume that parts, if not the entire American lawful interception system, known as CALEA, have been compromised.
In his doctoral thesis he says that key European lawful interception systems “have been compromised by NSA and/or GCHQ”. Appelbaum said that the Snowden archive contained “many named target systems, companies, and other countries” that had been impacted.
According to Appelbaum, “compromise” means different things: sometimes it is a matter of technical hacking, others it is a matter of “willful complicity from inside the company by order of some executives after being approached by the NSA.”
“Woe to those who do not comply immediately,” he says.
NSA spied on the Tibetan government in exile
Some of the most important revelations published from the Snowden archive concerned PRISM, a mass surveillance program which allowed the NSA to access emails, calls, chats, file transfers, web search histories.
The NSA slides claimed that this collection was conducted from the servers of internet giants like Google, Apple, Facebook, Microsoft, AOL, Skype, PalTalk and YouTube, but when the existence of this program was exposed by Glenn Greenwald and Ewen MacAskill in The Guardian and by Laura Poitras and Barton Gellmann in the Washington Post, the internet giants denied any knowledge of the program and denied that they had granted direct access to their servers.
Though PRISM was one of the very first revelations from the Snowden archive, Appelbaum reveals that “The PRISM slide deck was not published in full” and “several pages of the PRISM slide list targets and related surveillance data, and a majority of them appear to be a matter of political surveillance rather than defense against terrorism”.
He explains that one such example of PRISM’s targets being a matter of political surveillance rather than anti-terrorism “shows a suggestion for targeting the Tibetan Government in Exile through their primary domain name”.
In 1950 the People’s Republic of China took control of Tibet and met with considerable resistance from the Tibetan people. In 1959, the Fourteenth Dalai Lama left Tibet to seek political asylum in India, and there was a major exodus of Tibetans into India. The Dalai Lama set up the Tibetan Government in Exile in India and exiled Tibetans have accused China of cruelty and repression for decades.
Appelbaum reveals that the main domain of the Tibetan Government in Exile (tibet.net) “is named as an unconventional example that analysts should be aware of as also falling under the purview of PRISM”. He explains that the email domain was “hosted by Google Mail, a PRISM partner, at the time of the slide deck creation and it is currently hosted by Google Mail as of early 2022”. At the time of this writing, it still is.
According to him, tibet.net exemplifies the political reality of accepting aid from the United States. The system administrators wanted to be protected from Chinese hacking and surveillance. To fight Chinese surveillance, the technical team opted to host with Google for email and Cloudfare for web hosting. The reason Google appealed to the technical team behind tibet.net was the excellent reputation of Google’s security team at that time.
“What was unknown at the time of this decision”, Appelbaum explains, “was that Google would, willing or unwillingly, give up the data to the US government in secret. Thus in seeking to prevent surveillance by the Chinese government some of the time when the Chinese government successfully hack their servers, they unknowingly accepted aid that ensured their data will be under surveillance all of the time”.
As a result, to fight the well-known devil of Chinese surveillance, the Tibetan Government in Exile put itself in the hands of the NSA.