"I'm not sure he's thought this through, though. I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it's important to keep all of them in mind when designing a security system."
Schneier's topic sentence for that paragraph could serve as my one-sentence evaluation of Snowden's deeds so far--he hasn't thought things through sufficiently. A longer commentary on Snowden
is an Australian's words voicing some of my misgivings about Snowden's plan for revealing secrets and his aims and his methods.
I wish Snowden a long and healthy life (but I would like him back here in the United States to stand trial). I hope that the most sensitive secrets that he is in a position to disclose stay undisclosed, but I wouldn't bet that that will happen, whether Snowden is alive or dead. There are "multiple adversaries," for sure, and it's not clear that they all have the same incentives in this situation.
The fact that there isn't a guarantee that the U.S won't kill Snowden or put him in a hole forever and ignore his rights as a citizen is a testament to the degradation of the rule of law in the U.S.
When Ellsberg was arrested for leaking the Pentagon papers (to no less than 17 different newspapers), he was released on recognizance and allowed to speak to the media. His charges were eventually dropped because the FBI had used an illegal wiretap on him. Today, the FBI would get a rubber-stamped wiretap, and he would be thrown in a hole forever like Bradley Manning. Ellsberg wrote an editorial in the Washington Post saying that fleeing the country was the right choice.
Naomi Wolf has argued that the first step to an authoritarian state is to conjure a terrifying internal and external enemy, such as "terrorists". Cameron Stewart seems to have bought into this idea of an eternal enemy in stating, "[US citizens] are willing to pay that price to maintain security in the era of terrorism."
An era implies a distinct period of history with a particular feature or characteristic: it has a beginning and an end. As Bruce Fein (of the American Freedom Agenda) noted, "there will be no defined end"... to terrorism, in part due to the expansion of the definition of terrorism itself.
Looking from high above, spying is an act of distrust. Distrust divides. I believe humanity should seek to unify its nations; we have much untapped potential, and spying will only delay us from reaching the stars.
People seem to forget that at present time humanity has no backup.
I'm sure a summation of "he hasn't thought things through" is a bit unfair. I'm sure he thought long and hard about everything he did and I think we should be glad that he took the steps he did. Let's face it, there's no way of really protecting yourself if you openly take the action he's taken. You're a target for somebody, somewhere.
I don't quite understand why you would want him back in the states for trial. It has been said that these matters are above the DOJ and therefore held in a secret court. Is that really fair? Do you honestly believe that the US would allow for a fair and open trial?(lets say something as televised as Trayvon Martin case)
To answer the several questions in this thread by answering this particular question of yours, yes, I think Edward Snowden will receive a fair trial according to the law if he stands trial in the United States, which I hope he does. (Federal trials and the trials in many states are NOT televised, as a default, but they are public except in very extraordinary circumstances. I have walked into trials in various places just because I can, as a member of the general public.)
In general, as I have said in other recent comments here on Hacker News, I can be appalled by several of the recent allegations about NSA activity without applauding Snowden's actions. I took my wife and my two younger children along with a home-made protest sign ("We support the Bill of Rights") to the lightly attended Restore the Fourth protest in Minneapolis. I did that openly and in full view of law enforcement authorities and news cameras because freedom is precious to me, and I don't think my freedom should be abused on any rationale, even the rationale of fighting terrorist networks. That said, I find that whenever I get out of the Hacker News hivemind, and deal with any of my friends from around the world who have actually lived and worked in multiple countries, and especially those friends who have children of their whose futures the friends are working for, there is remarkably little regard of Snowden as a hero or a freedom-fighter. It's not clear that he really has the technical chops to make a "dead man's switch" work as he intends against all possible attack surfaces, and it's not clear that all of his allegations about United States government activities are factually true, and it's especially clear already that Snowden's recent statements, with the ghost-writing help of Wikileaks, represent a badly unbalanced view of which countries in the world are the greatest enemies of human freedom, which is a cause I cherish all over the world.
> In general, as I have said in other recent comments here on Hacker News, I can be appalled by several of the recent allegations about NSA activity without applauding Snowden's actions.
I think this needs some further explanation. Without explanation it seems hypocritical to me, since you would not know about those NSA activites without Snowden.
> That said, I find that whenever I get out of the Hacker News hivemind, and deal with any of my friends from around the world who have actually lived and worked in multiple countries, and especially those friends who have children of their whose futures the friends are working for, there is remarkably little regard of Snowden as a hero or a freedom-fighter.
It's obvious that you do not have friends from Germany. Having suffered through multiple surveillance states in the past, Germans are very much aware of the dangers that are caused by massive surveillance. New technologies enable surveillance in an amount that has never been seen in history before. If your friends do not seem to care, they just haven't realised that there is a sword dangling right above their heads.
Why do you think that every single constitution of "free countries" (and also the human rights) have passages about the confidelity of spoken words, the confidelity of messages and so on. This is no coincidence. So many people paid with their lives for it. It is the only way of making sure that a democracy stays a democracy. You cannot organize an opposition, if the current rulers know all your moves, all your communications and all your contacts. This has been proven in history again and again, yet this is vital for a healthy democracy. Yet people seem to forget, because they "have nothing to hide" or their "life is not affected". But guess what, once you are affected, it is already too late and nothing can be done anymore. I would not want my children to live in a fascist surveillance state and I am very grateful for Snowden actions. Please talk to your friends and try to raise awareness. It's their children or their children's children who will have to pay the price. I know it's a little abstract, that's exactly why people fall for it again and again.
It's pretty unfair to criticize some speculation of how the system might work.
It might release the documents to selected people who may be required to use their judgement on what to release. It may require cooperation from several individuals to decrypt. It may be enough of a bluff for someone to think twice
Maybe a script could be set to release a random subset of the documents and delete another random subset, i.e.
if snowden_has_not_logged_in_for_7_days():
for doc in documents:
if random.choice([True, False]):
release(doc)
else:
permanently_delete(doc)
Then all parties have something to lose (either undesired leak of some document, or losing the chance to learn the contents of a document) if Snowden dies.
The comments on the source point out the same mechanism that aims to keep the US from killing him could also been seen as incentivizing the US protecting him from people who want everything released right away.
"But Snowden’s case is actually a kind of reverse dead man’s switch, says John Prados, senior research fellow for the National Security Archive and author of several books on secret wars of the CIA. [...] “In the dead man switch, my positive control is necessary in order to prevent the eventuality [of an explosion],” Prados said. “In Snowden’s information strategy, he distributed sets of the information in such a fashion that if he is taken, then other people will move to release information. In other words, his positive control of the system is not required to make the eventuality happen. In fact, it’s his negative control that applies."
I'm really surprised it was implemented like that, I think using an actual, digital "dead man's switch" would have made more sense. Why not have 100 servers around the world running jobs to email out documents to 100 journalists at all times if an env variable isn't reset every few weeks? Then if he disappears or is killed, a few weeks later the jobs complete and email out the information?
The problem with a positive control system is that he's being watched, intensively. So how do you reset that env variable without someone seeing you do it and thus discovering the server? Once they know the servers, they just need to take them out and the deadman's switch is neutralized.
If he had a way to do one-way broadcasts, like over the radio, where any snoopers could not discover the receivers then it would make more sense to do a positive control system. But there really isn't a mechanism for that on the internet. Even if he posted to usenet, given enough time, a sufficiently motivated nation-state adversary could probably trace through enough usenet servers to figure out what clients were looking for those reset messages.
The server might be watching something else. Maybe he has an account on, say, Slashdot, and the server watches his account login date - if that account doesn't log in for a week, the switch gets tripped. Perhaps there's a series of such websites, and any of the requisite accounts will do? The actual server with the deadman switch doesn't need to be accessed frequently, or perhaps at all.
I think the point is that if the variable isn't being changed, the emails go out.
Maybe a packed Tor client + desktop application that does every action it needs to do for the user, if the master hasn't changed the server variable or if it's not accessible for [insert random number] days, weeks or years.
Right - so why not figure out how to spoof the Snowden-switch-update via MITM attacks thus preventing the release regardless of what happens to Snowden the human.
My take on how this works, in summary:
he distributed something totally unrelated to some people, quite a few of them, not even friends probably, with the instructions to do some non-specified action with that thing if something bad happens to him.
Those non-specified actions on those non-specified things, once done together by a minimum number of different actors, act as the famous dead man switch, which is therefore impossible to intercept via MITM attacks and impossible to beat,even by torture, because every actor could only know his/her specific action.
For what we know he could even have "outsourced" the whole setup to someone who then fleed/changed identity, this way not even him may be able to tell what actually has to happen in order to trigger the release of the documents.
Actually multiple persons in my idea were added just for the sake of redundancy, namely to avoid that the disappearance of someone involved would stop the process as a whole. The system in my opinion will then always work if the minimum number of actors is present.
You pretty much nailed how it's done, good show for off the cuff. Encrypt file with large symmetric key. Slice into n pieces, where n is like 5-10 or more. Distribute a few copies of each slice to reliable people unlikely to directly conspire. Distribute encrypted file widely. Give instructions on how to gather as a group based on some basic trigger. The chance of the gathered group missing every copy of one of the slices is pretty low as long as nobody gets a master list of key holders.
He could use something like Twitter for his reset messages. I don't think there's any way someone could find a PC somewhere listening to Twitter among all the others... Or he could post comments on HN :-)
As someone commented on Schneier's site, US would have an incentive to keep Snowden protected because if any enemy of US would kill Snowden, then the information would become public, and I guess US wouldn't want that. Personally, I haven't invested a lot of thought into this, just wanted to point out an interesting angle. :)
They are not disincentivized from killing him. They merely are not being incentivized by a guarantee that the USA will have lots of sensitive documents released.
It should also be noted that an active dead man's switch opens the possibility that surveillance of Snowden will establish the mechanism of the switch, allowing the CIA to take over the switch and then do away with Snowden with impunity. By contrast the passive distributed key storage he likely has provides no active traffic that current surveillance can trace.
Perhaps the assumption is that the people to whom Snowden distributed the information wouldn't release the information (at least immediately) if Snowden were killed by an enemy of the USA. Of course, that's assuming a lot, including the fact that it would even be clear who killed him and why.
He could also distribute encrypted versions to a bunch of confederates, and have the dead man switch send them the encryption key (but not release it to the public). That way he both has to be dead and the confederates have to be satisfied that the documents ought to be released before they are published.
Let's say he has N friends who have agreed to help. He doesn't want to allow any single individual to have the power to act alone and release information. And, he doesn't want to require all N of them to act together. What if one dies, is arrested, etc.? Could he encrypt the documents with, say, all combinations of three friends' own public keys such that a quorum of three friends would have to cooperate in the release? He would end up publishing N choose 3 bundles.
He doesn't have to make separate encrypted copies - all he needs to do is encrypt it with one master key, and split the master key between his confederates with a secret sharing scheme[0].
Just curious here -- how would a dead man's switch be created?
I'm thinking something like a python script which is scanning for particular words and phrases on google news, like "Snowden killed", or "Snowden captured"? That seems like something I could build easily -- would a kill switch indeed be something as simple as that?
How about a script that watches for such phrases (perhaps using Google Alerts), which sets off a timer for the release of the key. Then Snowden could disable it if there's a false positive.
The only problem is, that complicates the system with a critical point of failure.
> Why not have 100 servers around the world running jobs to email out documents to 100 journalists at all times if an env variable isn't reset every few weeks?
Because if your adversary is monitoring all the telecoms networks and/or is reasonably capable of backdooring your laptop, you can assume that they'll be able to impersonate you to your digital lockers (and/or know where they are, because you are in regular contact with them).
I must be missing something. This is exactly how a dead man's switch works. On a train, if the driver stops actively hitting the switch ("negative control"), the train assumes he's dead and stops.
A positive dead man switch is too sensitive to rubber hose cryptanalysis (also known in Russia as thermorectal cryptanalysis, mediated by a soldering iron).
" ‘Snowden won’t disclose more docs, I have thousands’ – Greenwald"
"Edward Snowden is unlikely to make new revelations since “he doesn’t want to end up in a cage like Bradley Manning”, said The Guardian journalist Glenn Greenwald, adding that he himself decides what to publish from the thousands of leaked documents.
> I would be more worried that someone would kill me in order to get the documents released
The unstated assumption is that these documents would be particularly interesting to foreign governments. That's probably wrong.
What we've seen so far is merely evidence of actions that were long assumed to be taking place anyway. Other governments likely have their own evidence already.
These documents are important to the public, but they're of minimal value to an enemy. His intent was never malicious, so it's extremely unlikely that he's carrying the names of agents or other sensitive information of that sort.
>These documents are important to the public, but they're of minimal value to an enemy.
I think at least some other nations would like to know what the documents contain, not because of the data itself, but because it could clue them into what kind of capabilities our intelligence departments have. It's one thing to know that the NSA is spying on its own citizens, but it's an entirely different thing to know that they can intercept and decipher X and Y forms of communications but may not yet be able or feel the need to monitor form Z.
Imagine if Snowden had deployed a bunch of redundant crawlers of various news sites likely to cover him and quote him directly when he speaks. Their activity would be nearly undetectable in the traffic of the NYTimes, CNN, etc. He could come up with a bunch of seemingly innocent control phrases which he would use in soundbite quotes during press conferences, etc. He would say a phrase, the media would quote him, and the crawlers would identify this "control transmission" from Snowden and take action. Some phrases would be dead man's switches in that one of them would have to be observed every couple of weeks or documents would be released via mechanisms difficult to trace back to the server (Tor?). Other phrases would trigger incremental leaks to allow proof that he is still powerful and in control. "Tomorrow, I'm going to release a _mightily spectacular revelation_!"
Maybe there should be two levels of dead man's switching -- incremental leaks if a phrase isn't reported in, say, two weeks and a major release if no phrase reported in three months. This way, he figuratively would have multiple units of currency with which to bargain. Let's say he was thrown in jail. If he only could threaten to release a single, big bundle of secrets via a dead man's switch, all his bargaining power would disappear should a government call his bluff and keep in jail until after the switch fired. However, if he could threaten incremental releases and show that, when given full freedom, the releases stop, he would have power for quite some time.
How would one acquire the use of, say, 50 servers in various datacenters owned by various providers without leaving traces or implicit fingerprints (multi-year prepayment being the big one I am thinking of)?
The Daniel Suarez book "Daemon" and it's sequel use this idea as a fundamental part of the plot. Intelligent distributed systems reacting to public news. It's a neat book.
Also, getting servers isn't very difficult. Buy prepaid credit cards or Bitcoin via cash, leave cards/BTC on account for various VM providers.
Schneier has an excellent point there. Right now Snowden is in the eyes and minds of a lot of somewhat concerned and maybe even angry people. If he'd encounter and unexpected sudden end to his life, he'd become the modern equivalent to a martyr. From the standpoint of his adversaries this would probably be much less than desirable as it would turn up the heat even more than it is already, documents or no documents. In fact, he'd probably have much less facetime on the news if they'd just let him be in the first place. Almost makes me wonder what else is going on that's not in the news so much right now?
> "Almost makes me wonder what else is going on that's not in the news so much right now?"
Given that the other big story in the media is somehow a slightly-more-than-pedestrian summer heatwave in the US and UK, it seems rather unlikely anyone needs a story as big as Snowden to bury something else.
Actually before Snowden, the other big government story was the fact that the IRS was specifically targeting tea party groups, and there was circumstantial evidence leading to the possibility that Obama was involved. If true, that could be big. Impeach the president big. This country doesn't have tolerance for abuse of executive power to advantage your party in elections.
If anyone needs it, I'll be off in the corner selling tin foil hats. ;-)
Of course, the actual findings of the investigation into that targeting showed that other watchwords like "progressive" meant that "liberal" groups were as or more likely to get targeted for extra scrutiny.
It must be pretty uncomfortable to be in the position where your death may cause trouble that may play out as a big advantage to some entities out there.
I think this dead man's switch is deterrent against being taken into custody. If the US tries to incarcerate him, then the switch will trip and more secret documents will be leaked. Though maybe the US doesn't care.
I wonder how badly the US wants him at this point?
The US government is not monolithic. It's not difficult to imagine that factions or individuals within the intelligence community could act in certain circumstances without official sanction.
One reason could be to scare future whistleblowers "Leak government information - you're dead to us. Literally."
Of course doing it now would be incredibly stupid of the US government, as everyone will point to them, but then again they've already done some incredibly stupid things, so who knows.
If the USA really wanted to go down this scary path, then wouldn't Bradley Manning have been executed by now? His leak most likely was much more damaging to the US than Snowden, and he is on trial via a military tribunal which has a much greater conviction rate than a civilian court. Manning isn't even on trial for any charges that carry the death penalty.
Bradley Manning's treatment to date is essentially torture. The message that the US is trying to send is 'If you cross us, we'll torture you until the end of your days.'
Death is an easy out. Become a martyr? Not so bad. Live for the rest of your life, naked, in solitary confinement? I'd rather be dead than lose my grip on sanity in those kinds of conditions.
> I think this dead man's switch is deterrent against being taken into custody.
Quite the contrary, taking him into custody is always in the best interest of the US. Snowden could be targeted with the intention of purposefully triggering the release of the documents, so the US would need to protect him.
However if he remains alive then the threat continues as well, at least until he expresses desire to not release the documents. So since he's alive then the US will want to keep control of him until the threat is neutralized.
Either way the US needs to take control of the situation, unless they can ensure the "dead man's switch" doesn't get triggered after Snowden dies.
You are assuming a dead mans switch that is not set up (whether technical or depending on people) to get triggered if he is taken into US custody.
Given his previous statement that he "can't be" tortured to give up the information he has, I am assuming he does not himself have direct control of the dead mans switch, but have left information to other parties on when to release, so it might be entirely out of both his hands and the US governments hands whether or not their actions will trigger "the switch".
It seems to have worked well so far. There haven't been any actions taken against him that might cause additional damage to the U.S. either through released documents or bad PR.
I fully agree with the 1st comment on the post itself:
vladimir • July 18, 2013 8:57 AM
If he has a switch like this. That is not only protect him from being killed by US authorities but motivate the same authorities to protect him from all other threats.
This should provide enough incentive for the same spy agencies to make sure nothing happens to him.
Eh, scandals come and go on a weekly basis. People are inured to it at this point, thanks to the 24-hour news cycle. Personally, I think the circus is about making other Snowdens scared of following suit, rather than chasing Snowden himself. Regardless of whether he gets a fair trial and judgement, he is already being punished - kept on the run and looking over his shoulder. He's not imprisoned, but he's also free like we are.
I'm very curious as to how this works at a basic level. Perhaps a 'positive-control' system in which he has to send a signal to some clandestine web service every 24 hours to prevent the keys from being released? Does he have an Arduino board strapped to his chest detecting his pulse? Or has he simply entrusted some mechanism to somebody else, who can determine whether the keys should be released depending on the nuances of the situation in which he is harmed/killed?
I guess you could just use the wikipedia API. Just try changing "is" to "was" in the first sentence and see what happens.
Complicated technical measures expose the data to risk of decryption prior to possible activation (by the NSA or someone else). Just printing the keys and giving to trusted people would be far less risky.
Or an arrangement with one or two friendly newspapers that a specific control phrase be inserted in to any editorial covering his death.
Then all Snowden would need is one or two cloaked servers somewhere that crawl each newspaper's site daily and trip the switch if they find an article containing the phrase.
Yeah, there are a lot of ways it could fail. You could probably build a pretty reasonable signal by looking at a lot of trends on Google News, Twitter, Wikipedia, etc. If you were building this in far enough in advance you could also test it by looking for high probability events besides your own death or demise.
What I like about it is that you could build a fairly hermetic system that, once you set it up, is never directly touched by you and just accesses public, high-volume websites. If you can set it up without leaving any fingerprints, that seems like a big plus.
This play is straight out of the wikileaks playbook that they used almost verbatim when the us was making a lot of noise about assange. It appeared to be effective, in that US intelligence took the threat seriously and were concerned about the ramifications of what might be included. One element of that was the belief that those docs included some kind of "kill shot" class leak that would pretty much sink Bank of America.
There were certainly elements of truth to all of these things - there was a document cache, it was encrypted, people did have split keys, it probably did include elements of what was revealed as the robosigning scandal.
But from hearing discussion about it the subject, I think that US Intelligence now more or less holds the opinion that it was a bluff. Nothing of significant harm was included in the unreleased documents, though I think that's informed speculation and not some kind of confirmed fact.
All of a sudden after Snowden was getting helped by wikileaks and he was under a lot of pressure, the revelation of a similar encrypted cache of documents distributed widely was given to a lot of news agencies, and has regularly come up at opportune times in friendly media outlets.
I haven't been told this by anyone, but I'm pretty sure the intelligence community isn't buying it. Reports by greenwald were somewhat inconsistent with idea that there is a large cache of even more damning documents left. He's been travelling internationally, was staying in hong kong where many services operate openly, and presumably under pressure from a variety of security services and states as he tries to escape moscow and secure a safe place to live. It is hard to keep secret keys and documents secure under the best of conditions, and those are about the worst conditions possible.
The only reasonable thing to assume here is that it's all burned - everything snowden walked away with is or will be in the hands of foreign states and anything particularly damning will likely end up in the press sooner or later.
So if you believe that, that there is no way to unring this bell, the last thing you're going to do is spend any time being concerned about a dead man's crypto cache.
If you're willing to do enough horse trading to close the entire european airspace to a single individual, you're pissed and you're gonna do whatever it is you want to do. That's not going to include killing him, simply because the cost is high and the benefit is low. But they are clearly going to exert an inhuman amount of resources into making him regret being born.
And that's absolutely unrelated to Mr. Snowden. That's all for the effect it will have on anyone having similar thoughts. I think he's awesome and did Americans and the world a great favor, and that's he's really brave. And yet after seeing this go down if I was ever in a position to consider doing something like this there is no fucking way I'd ever think I could handle this kind of heat. Not a chance, no question.
The fact of the matter is that both Wikileaks and Snowden overestimate just how much damage their documents can do.
Look at the facts on the ground. The United States government is well-documented for atrocities ranging from torture to extrajudicial killing to political assassinations to mass surveillance, not to mention providing support to private American corporations involved in similarly disgusting behavior.
Has this impacted the power of the United States? Not really. France, Portugal, Spain, and Italy -- countries with tremendous "pride of place" and a sometimes sneering disdain for the US -- denied airspace to a foreign head of state on the mere suspicion that Edward Snowden was on board. The US is still, by at least an order of magnitude, the most powerful country in the world.
The only challenge to US hegemony is the declining relevance of the US economy relative to other world economies like China, India, Russia, Brazil, and others. In the end, only money and guns talk. There is no "kill shot" leak as long as Bank of America has the right friends in Washington.
I completely agree with you. I am very appreciative of being able to read these documents, but it clearly will cause little or no harm to the us or the intelligence community.
About the only thing that was in the manning cache that probably significantly bruised US operating power was the diplomatic cables. And that was just because the publicity and bluntness undoubtedly lead to some personal grudges that closed some doors for entirely human and entirely undiplomatic reasons.
The only people that didn't know everyone was listening to everyone were members of the public who didn't want to know. Now that they know they just don't care.
Economic power surely is the only killer. Mass espionage programs are probably quite beneficial economically, or at least if you're willing to share state and private intelligence like a large number of countries are. I would be very surprised if the US doesn't adopt that practice more and more over time. It's essentially already begun - if you run large networks data sharing is quid pro quo for heads up on state intrusion activity and reports of data exfiltration. We just don't steal secrets and give them out for favors yet.
Countries do occasionally commit suicide though. While a popular revolution in the US feels inconceivable at any point within our lives, the primary factor behind them is usually way too many pissed off poor people and radical imbalance in wealth and little room for economic advancement. As US economics begin to resemble japan's more and more you might have the potential for a forceful rejection of policy being so captured by wealth and neo-liberal philosophy. Hard to imagine though. Globalization seems to have ended that whole concern.
This is always something that amuses me about many conspiracy theories, in that the 'big, awful conspiracy' is usually just workaday stuff compared to what's actually known, documented, and admitted.
If it's not a bluff, then it would behoove anyone with an insurance file to give the decryption keys for at least some of it to the intelligence agency that they are protecting themselves from to prove that it is not a bluff. If that wasn't done, I would naturally assume a bluff.
The way these things work is no one person actually has the whole key - portions of it are distributed to various people you trust but may otherwise be unlikely to conspire. They might not even know who has the other parts. The idea is it takes an extreme event to bring them together to decide to combine the key. That way no one is in danger of being intimidated etc. into revealing the key by a hostile party.
I'm sure nobody doubts there is an encrypted file with unreleased documents and that the key has been split and distributed. The only question is, exactly what is it that is in that cache and how damaging would it be to be released publicly.
The element of the unknown in terms of what precisely stays unreleased is the primary nexus point in US policy here. Even if they believe nothing of considerable value is left, anyone the gambles there and loses no longer has a career in the us government. Providing any specific damaging proof to them alone is only helpful to them - it allows them to confirm how accurate they've been at estimating the leak, and they can preemptively act to diffuse the impact or provide disinformation. And they get a good read on what the higher end of the stuff he has is.
I'm 90% sure this is what the leak of the Brussels/EU tap and intrusion documents were about. They were released soon after the cache was first mentioned, and at a time he was being effectively held captive in an airport as every sympathetic country was suddenly being offered huge incentives to turn their backs.
It certainly served as proof some highly damaging documents still had been held back. It may not have softened US rhetoric much, but it may have been effective in convincing the us to stop applying as much pressure on potential sources of asylum.
The biggest problem is that the NSA really isn't super worried about what the public finds out as much as they are institutionally built to be worried about what other foreign services learn. They have to assume that somebody has or will get the whole cache privately - either covertly or as a trade for passage etc. And while they aren't happy about it becoming public either, it isn't the end of the world. After all, the same year they got caught illegally wiretapping everyone they got the telecoms blanket immunity and were at that very moment developing PRISM. The NSA leaks have been huge, yet there are no serious calls for congressional hearings, the executive isn't disowning it, there is zero risk the public is about to stage a revolution and most significantly - they haven't even said they're going to stop doing any of it.
While Alexander will probably be losing his job, the publicity may even end up as a net positive for surveillance USA. Now that its out in the open and not resulted in any apparent systemic meltdown in sigint - it only makes it easier to start the next even more expansive program. After all, whoever they go to will know that Schmidt and Zuckerberg ended up just fine, and people barely even remember that verizon gave away cdr for every customer call without question. I bet there hasn't even been a blip in verizon subscriber numbers.
They really have carte-blanche now, and tons of people in the community were expecting that these leaks would have a great deal more blowback.
My guess is that Snowden has quite an elaborate contingency system in place and has not actually revealed how it all works. Schneier seems to be speculating based on a Wired article, based on nontechnical explanations by Greenwald, based on (probably limited) information provided by Snowden.
Snowden noted Russia and China have an "open door" policy. Although they might like the raw data, I don't think that either would want to Snowden expire under their protection. That would make them look quite unappealing to anyone considering being a "walk in" informant in the future.
So for the time being, Snowden is the proverbial goose that laid the golden eggs and for everyone involved is worth much more alive. But once he's in a small South American country, things might change.
This also assumes that this is information that Snowden wouldn't release anyway and that someone cares about. True or not, the perception by those who believe that he jeopardized national security is almost certainly that he's likely to leak whatever he can.
If he really things this is what's going to keep him safe, he's over playing his hand.
Furthermore, I think he's deluding himself if he thinks he's actually going to be targeted for assassination by the US. I'm no Obama fan, but it's a little far fetched. Shoved in jail, maybe. Killed to silence him? Nah.. that's a strategy ironically more likely to be employed by the countries he's seeking asylum status from.
The US has a substantially worse history of assassinations over the last century than any of the countries he's seeking asylum from except Russia (assuming you count the Soviet period). Even more so if considering assassinations on foreign soil.
From the comments (yeah, I know, WTF and I doing reading comments on the internet???):
Also, considering the fact that the NSA appears to broadcast such critical data to just about anyone with a clearance, it can be assured that they don't care at all about foreign governments learning about them. They are primarily concerned about their real enemy, US citizens, and tangentially concerned about the non-US public (Manning's revelation that the US would no longer be able to support its oppressive allies lead to the Arab spring).
"I'm not sure he's thought this through, though. I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. "
This may not be automated -- he may have simply given copies/keys & instructions to several trusted friends, who will watch the news for info about his death.
They would then make the decision to release or not release, either independently or in concert, depending on how he set it up.
Maybe his 'dead man's switch' is just his lawyers. Doesn't solve the problems, but it sounds a lot more likely than some of the ideas being discussed here.
"The thought of paying someone I was forced to fire because he (or she) is incompetent burns me up inside."
It was your decision to hire him, and it was your mistake that you are remedying by firing him. Incompetence is subjective. If your interview process makes it clear that your employees must live in constant fear of termination if they aren't ramping up fast enough for you, on your product with your technical debt and your team's shitty architecture choices ("fire fast" and "with little notice", you wrote), you'll find that your candidate pool vanishes.
but everyone knows that facebook "counsels out" for "poor cultural fit" if you don't meet expectations after six months, which is a far cry from "fire fast" with "little notice". They also pay well.
"I'm not sure he's thought this through, though. I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it's important to keep all of them in mind when designing a security system."
Schneier's topic sentence for that paragraph could serve as my one-sentence evaluation of Snowden's deeds so far--he hasn't thought things through sufficiently. A longer commentary on Snowden
http://www.theaustralian.com.au/news/features/some-secrets-b...
is an Australian's words voicing some of my misgivings about Snowden's plan for revealing secrets and his aims and his methods.
I wish Snowden a long and healthy life (but I would like him back here in the United States to stand trial). I hope that the most sensitive secrets that he is in a position to disclose stay undisclosed, but I wouldn't bet that that will happen, whether Snowden is alive or dead. There are "multiple adversaries," for sure, and it's not clear that they all have the same incentives in this situation.