The best means we have for keeping our keys safe is called “zero knowledge,” a method that ensures that any data you try to store externally—say, for instance, on a company’s cloud platform—is encrypted by an algorithm running on your device before it is uploaded, and the key is never shared. In the zero knowledge scheme, the keys are in the users’ hands—and only in the users’ hands. No company, no agency, no enemy can touch them.

My key to the NSA’s secrets went beyond zero knowledge: it was a zero-knowledge key consisting of multiple zero-knowledge keys.

Imagine it like this: Let’s say that at the conclusion of my CryptoParty lecture, I stood by the exit as each of the twenty audience members shuffled out. Now, imagine that as each of them passed through the door and into the Honolulu night, I whispered a word into their ear—a single word that no one else could hear, and that they were only allowed to repeat if they were all together, once again, in the same room. Only by bringing back all twenty of these folks and having them repeat their words in the same order in which I’d originally distributed them could anyone reassemble the complete twenty-word incantation. If just one person forgot their word, or if the order of recitation was in any way different from the order of distribution, no spell would be cast, no magic would happen.

My keys to the drive containing the disclosures resembled this arrangement, with a twist: while I distributed most of the pieces of the incantation, I retained one for myself. Pieces of my magic spell were hidden everywhere, but if I destroyed just the single lone piece that I kept on my person, I would destroy all access to the NSA’s secrets forever.

It’s only in hindsight that I’m able to appreciate just how high my star had risen. I’d gone from being the student who couldn’t speak in class to being the teacher of the language of a new age, from the child of modest, middle-class Beltway parents to the man living the island life and making so much money that it had lost its meaning. In just the seven short years of my career, I’d climbed from maintaining local servers to crafting and implementing globally deployed systems—from graveyard-shift security guard to key master of the puzzle palace.

But there’s always a danger in letting even the most qualified person rise too far, too fast, before they’ve had enough time to get cynical and abandon their idealism. I occupied one of the most unexpectedly omniscient positions in the Intelligence Community—toward the bottom rung of the managerial ladder, but high atop heaven in terms of access. And while this gave me the phenomenal, and frankly undeserved, ability to observe the IC in its grim fullness, it also left me more curious than ever about the one fact I was still finding elusive: the absolute limit of who the agency could turn its gaze against. It was a limit set less in policy or law than in the ruthless, unyielding capabilities of what I now knew to be a world-spanning machine. Was there anyone this machine could not surveil? Was there anywhere this machine could not go?

The only way to discover the answer was to descend, abandoning my panoptic perch for the narrow vision of an operational role. The NSA employees with the freest access to the rawest forms of intelligence were those who sat in the operator’s chair and typed into their computers the names of the individuals who’d fallen under suspicion, foreigners and US citizens alike. For one reason or another, or for no reason at all, these individuals had become targets of the agency’s closest scrutiny, with the NSA interested in finding out everything about them and their communications. My ultimate destination, I knew, was the exact point of this interface—the exact point where the state cast its eye on the human and the human remained unaware.

The program that enabled this access was called XKEYSCORE, which is perhaps best understood as a search engine that lets an analyst search through all the records of your life. Imagine a kind of Google that instead of showing pages from the public Internet returns results from your private email, your private chats, your private files, everything. Though I’d read enough about the program to understand how it worked, I hadn’t yet used it, and I realized I ought to know more about it. By pursuing XKEYSCORE, I was looking for a personal confirmation of the depths of the NSA’s surveillance intrusions—the kind of confirmation you don’t get from documents but only from direct experience.

One of the few offices in Hawaii with truly unfettered access to XKEYSCORE was the National Threat Operations Center. NTOC worked out of the sparkling but soulless new open-plan office the NSA had formally named the Rochefort Building, after Joseph Rochefort, a legendary World War II–era Naval cryptanalyst who broke Japanese codes. Most employees had taken to calling it the Roach Fort, or simply “the Roach.” At the time I applied for a job there, parts of the Roach were still under construction, and I was immediately reminded of my first cleared job, with CASL: it was my fate to begin and end my IC career in unfinished buildings.

In addition to housing almost all of the agency’s Hawaii-based translators and analysts, the Roach also accommodated the local branch of the Tailored Access Operations (TAO) division. This was the NSA unit responsible for remotely hacking into the computers of people whom analysts had selected as targets—the agency’s equivalent of the old burglary teams that once snuck into enemies’ homes to plant bugs and find compromising material. NTOC’s main job, by contrast, was to monitor and frustrate the activity of the TAO’s foreign equivalents. As luck would have it, NTOC had a position open through a contractor job at Booz Allen Hamilton, a job they euphemistically described as “infrastructure analyst.” The role involved using the complete spectrum of the NSA’s mass surveillance tools, including XKEYSCORE, to monitor activity on the “infrastructure” of interest, the Internet.

Though I’d be making slightly more money at Booz, around $120,000 a year, I considered it a demotion—the first of many as I began my final descent, jettisoning my accesses, my clearances, and my agency privileges. I was an engineer who was becoming an analyst who would ultimately become an exile, a target of the very technologies I’d once controlled. From that perspective, this particular fall in prestige seemed pretty minor. From that perspective, everything seemed pretty minor, as the arc of my life bent back toward earth, accelerating toward the point of impact that would end my career, my relationship, my freedom, and possibly my life.

I’D DECIDED TO bring my archives out of the country and pass them to the journalists I’d contacted, but before I could even begin to contemplate the logistics of that act I had to go shake some hands. I had to fly east to DC and spend a few weeks meeting and greeting my new bosses and colleagues, who had high hopes for how they might apply my keen understanding of online anonymization to unmask their more clever targets. This was what brought me back home to the Beltway for the very last time, and back to the site of my first encounter with an institution that had lost controclass="underline" Fort Meade. This time I was arriving as an insider.