Book Review: "No Place to Hide"

Cybersecurity Canon Book Review: “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State” by Glenn Greenwald (Published May 13, 2014)

Book Reviewed by: Haider Pasha, CSO Emerging Markets, July 31, 2019

Bottom Line: I recommend this book for the Cybersecurity Canon Hall of Fame.

You know his name, you know what he did and you know the awareness his actions created around data privacy. What you probably don’t know is the sheer volume, detail and collaboration governments around the world, including the United States, are capable of when it comes to collecting your digital footprint. Edward Snowden was not a bystander who happened to stumble upon this information. He was a valued, senior security analyst who was frequently contracted to lead critical projects around the world for the NSA, CIA and other US government agencies. 

He was vocal about the access to private information he felt was too easily available to the agencies and struggled with the moral implications of individual privacy. This ultimately led to him becoming a whistleblower in 2013. In “No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State,” Glenn Greenwald, the author and then well-established journalist with The Guardian, describes the sequence of events from when Snowden first contacted him to share the documents and describes the precautions he had to take to ensure the details were revealed to the world responsibly. Reporting almost one major leak per day, Glenn and his team went on to win both the George Polk Award and the Pulitzer Prize for those reports. 

“No Place to Hide” begins like a spy novel, from the start of first contact: the paranoia around communicating using only PGP encryption, air-gapped machines, travel to Hong Kong where extradition is difficult, Snowden’s code-name of “Cincinnatus”, an ancient Roman general who relinquished his power upon Rome’s victory, etc. Upon Greenwald’s initial meetings with Snowden in Hong Kong, the author describes him as someone with a precise knowhow of the systems he had access to and as a stoic man who clearly understood the ramifications of his actions. 

The second chapter begins to reveal the massive repositories that have been holding data for years (post 9/11), and discusses how the US government could continue to engage electronic surveillance but needed FISA court authorizations. The documents Snowden shared revealed that companies like Facebook, Google, Yahoo and Skype were providing the NSA access to customer information under a mass domestic spying program called PRISM. Voice service providers like Verizon would send telephone records of all domestic customers upon the court order, which was backed by Section 215 of the Patriot Act. The author does a great job of explaining the laws surrounding these actions. The reports also revealed that monitoring phone calls, IP addresses, and even tapping submarine cables were common practices. 

According to the author, the NSA Chief at the time, General Keith Alexander, wanted to collect, monitor and store all forms of human communication. This resulted in some 1.7 billion emails and phone calls stored every day in the U.S., with 20 trillion transactions between U.S. citizens, covering 75% of all US citizen traffic at the time. As they collected directly from the largest ISPs in the country, government employees with access to PRISM could access vendor networks without requiring any contact with those vendors’ employees. Silicon Valley companies like Yahoo "bristled" at first but eventually became compliant under the FISA court requirements. By the time Skype was acquired by Microsoft, it held accounts for about 650 million people. This included buddy lists, contacts, chats, etc. According to the book, any encryption service used was circumnavigated by the NSA. The PRISM program was shared with agencies like the FBI and CIA and international signals intelligence alliances such as the Five Eyes (Australia, New Zealand, Canada, US and UK). 

As "No Place to Hide" goes on to describe some of the projects the NSA built, it becomes increasingly clear that even as far back as 2007, the US government had already collected one of the largest intelligence networks on citizens and non-citizens residing in the country, mostly under the pretext of the Patriot Act. That the government had access to monitor phone calls and our digital footprint was not surprising to me, but that they did this in collaboration with some of the largest Silicon Valley companies and strategic government allies was unexpected, and frankly, shocking. 

Snowden, having warned his bosses of the implications of this program (to no avail), wanted to spark a world-wide debate around privacy and felt an obligation to reveal the truth. His pro-privacy and anti-surveillance manifesto felt genuine as the author described the reasons why Snowden chose to be a whistleblower while fully understanding the repercussions of his actions. Snowden stated that the true measurement of a person's worth isn't what they say they believe in, but what they do in defense of their beliefs. The author describes how, during meetings with Snowden in Hong Kong, Snowden expressed that he didn't want to be a person who felt afraid for acting on his own principles. 

The final chapters of "No Place to Hide" focus on the right to privacy and the internet freedoms we lose when under a constant surveillance system. The right to be forgotten is critical, as I do believe our behavior will change when we know we are being watched. Using Human Intelligence (HUMINT), governments can leverage psychology, sociology and specific processes to influence our online emotional behavior. What’s important to understand is that investigative journalism is one of the few ways a lot of these leaks can be revealed and must continue to be supported. The author closes off by discussing the mass media’s reactions to his revelation and how complacent and deferential a position it took with respect to the government. This was an interesting point of view. 

So where do we go from here? How do I control my digital shadow and who has access to it? What level of personal data am I willing to give up? These are questions of visibility, control and compliance that we struggle with every day, especially when we consider storing our data in the cloud (cookies, browser histories, uploads, etc.). Looking to the future with respect to privacy, however, I believe there are only two types of people: those who care and those who don’t. 

I think about the repercussions that Snowden had to deal with: losing his long-term girlfriend, a large paycheck, his family and Hawaii residence. Much like General Cincinnatus, Snowden’s civic duty, according to the author, seems to outweigh everything. Once the author and his team began publishing one article per day, the equivalent of shock and awe of journalism, Snowden became the most wanted man sought after by the most powerful government. Snowden’s strong moral reasoning made me introspective about my own life and how often I take digital privacy for granted. In our daily lives, the internet is no longer a tool, it is the world where our mind and personality develop.

I first saw Edward Snowden over video conference when I was presenting on a panel discussion around the unintended consequences of digitization at a popular cybersecurity event in Turkey. Snowden was the keynote guest and was speaking to us from his home in Russia, describing his life there and answering pre-selected questions from the audience. My first impression of his calm and patient nature was that it might all be an act, that he was “performing” for the public as he spoke to us about our privacy rights and freedom of the press. As he went on, however, I became convinced I was wrong. 

"No Place to Hide" further confirms a view of a man who risked everything, from his loved ones to the comfortable lifestyle he had, all in the belief that privacy should be a basic human right. It challenges me to question my own rights as a digital citizen and made me think about the freedoms the Internet age gave us more than two decades ago. It questions the laws that are in place that allow governments to collect, analyze and share our data, and it will make you ponder what else is possible with the types of information that will be collected in the future.

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!