Reporters win award
for Snowden revelations
as spy agency blasted
Glenn Greenwald, at the center of reporting on the spying scandal revealed by Edward Snowden, was one of four reporters honored Friday with a Polk Award.
In an interesting (if twisted) irony, the reporters who blew the lid off the government spying scandal received one of journalism’s top awards the same day their target – the secretive NSA – was blasted over the internet’s biggest security flaw ever.
Criticism directed at the National Security Agency ricocheted around cyberspace after an anonymously sourced Bloomberg story said the agency “exploited” the Heartbleed security bug for years.
Meanwhile, Glenn Greenwald and Laura Poitras – the journalists who first obtained documents from Edward Snowden revealing the NSA’s massive spying operations – visited the US for the first time since their blockbuster reporting to receive the prestigious Polk Award in a ceremony on Friday.
UPDATE: The Pulitzer prize for Public Service journalism was awarded April 14 to The Guardian US and The Washington Post for their reporting on the revelations contained in the Snowden documents.
The allegations of NSA complicity in the Heartbleed encryption debacle, repeated hundreds of times around the web, were based on the story NSA Said to Exploit Heartbleed Bug for Intelligence for Years published by Bloomberg News on April 11.
The anonymously sourced story in Bloomberg News that cast suspicion on the NSA in the internet’s biggest security flaw ever.
Michael Riley wrote: “The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.”
The two sources were never identified in the story.
While the suspicion may have been well founded in the long since revealed efforts by the spy agency to break encryption codes of major internet companies, a deeper reading of the Heartbleed flaw in the widely used Secure Sockets Layer encryption (SSL) makes it unlikely.
The reasons are explained in the authoritative report Has the NSA Been Using the Heartbleed Bug as an Internet Peephole? published the previous day by Wired magazine.
Kim Zetter explains that the bug in SSL is hugely inefficient, allowing the download of only a tiny slice (64kb) of data at a time, and it is random – snagging only what is currently in memory on the server.
This is unlikely to serve well even the enormous NSA, which Bloomberg says has “more than 1,000 experts devoted to ferreting out such flaws using sophisticated analysis techniques.”
While the agency could be faulted if it was aware of the two-year-old flaw and did nothing to alert the public, it is vigorously denying it is culpable.
Meanwhile, The New York Times on Saturday reported on the Greenwald and Poitras appearance in Journalists Who Broke News on N.S.A. Surveillance Return to the U.S.
“Glenn Greenwald, the journalist, lawyer and civil liberties crusader, and Alan Rusbridger, the editor of The Guardian newspaper, finally shook hands after months of working remotely on articles based on material from the former National Security Agency contractor Edward J. Snowden,” wrote Ravi Somaiya And Noam Cohen.
“The two were in New York for the prestigious Polk Award presented to Mr. Greenwald and his colleagues, Laura Poitras and Ewen MacAskill, and the Washington Post reporter Barton Gellman, for national security reporting.”
The award is well deserved, and precedes by only a few days announcement of journalism’s top prize, the Pulitzers.
While the NSA might not have had a role in the huge Heartbleed fiasco, it is tinged with suspicion thanks to the reporting of Greenwald, Poitras and others.
What we do know thanks to them is bad enough. Anyone can be forgiven for jumping to the conclusion that if the agency did know about the web’s biggest security breach ever it would exploit it rather then remedy it.
FEEDBACK: Contact site admin directly