This meant that I wasn’t much interested in the briefing materials—like, for example, what has become perhaps the best-known file I disclosed. It was a slide deck from a 2011 PowerPoint presentation that explained the NSA’s new surveillance approach: “Sniff It All, Know It All, Collect It All, Process It All, Exploit It All, Partner It All.” This was just marketing jargon intended to impress America’s allies: Australia, Canada, New Zealand, and the UK, the primary countries with which the United States shares intelligence. Together with the United States, these countries are known as the Five Eyes.

“Sniff It All” meant finding a data source; “Know It All” meant finding out what that data was; “Collect It All” meant capturing that data; “Process It All” meant analyzing that data for usable intelligence; “Exploit It All” meant using that intelligence to further the agency’s aims; and “Partner It All” meant sharing the new data source with allies. But this document gave me no insight into how the approach was realized technologically.

Much more revealing was a top secret legal demand I found for a private company to turn over its customers’ private information to the federal government. The order made it clear that the NSA had secretly interpreted part of the Patriot Act to mean it could collect all of the metadata coming through American telecoms such as Verizon and AT&T on “an ongoing daily basis.” This included, of course, records of telephone communications between American citizens. That was unconstitutional.

I also found evidence of the NSA using other laws to justify its two most prominent internet surveillance methods: the PRISM program and upstream collection. PRISM enabled the NSA to routinely collect data from Microsoft, Yahoo!, Google, Facebook, and more, including email, photos, video and audio chats, Web-browsing content, search engine queries, and all other data stored on their clouds. Upstream collection, meanwhile, enabled direct collection of data from internet infrastructure—the switches and routers that shunt internet traffic worldwide. Together, PRISM and upstream collection ensured that the world’s information, both stored and in transit, was surveillable.

The next stage of my investigation was to figure out how this collection was actually accomplished. As I came to realize, the tools behind upstream collection are the most invasive elements of the NSA’s mass surveillance system.

Imagine sitting at a computer, about to visit a website. You open a Web browser, type in a URL, and hit enter. The URL is, in effect, a request, and this request goes out in search of its destination server. Before your request gets to that server, though, it will have to pass through one of the NSA’s most powerful weapons.

Specifically, your request passes through a few black servers. These servers contain two critical tools. One handles making copies of the data coming through. The second is in charge of “active collection.”

If the NSA finds any suspicious metadata—a particular email address, credit card, or phone number, or just certain keywords such as protest—then your request is diverted to the NSA’s servers. There, algorithms decide which of the agency’s digital weapons—malware programs—to use against you. Then the malware is delivered to you along with whatever website you requested. The end result: You get all the content you want, along with all the surveillance you don’t. It all happens in less than 686 milliseconds. Completely unbeknownst to you. Now the NSA can access not just your metadata, but your data as well. Your entire digital life belongs to them.

The NSA’s surveillance programs, its domestic surveillance programs in particular, flouted the Constitution’s Fourth Amendment—the one that protects us from unreasonable search and seizure—completely. The agency was essentially making a claim that the amendment’s protections didn’t apply to modern-day lives. The agency’s internal policies neither regarded your data as your legally protected personal property nor regarded their collection of that data as a “search” or “seizure.” Instead, the NSA maintained that because you had already “shared” your phone records with a “third party”—your telephone service provider—you had forfeited any constitutional privacy interest you may once have had. And it insisted that “search” and “seizure” occurred only when its analysts, not its algorithms, actively queried what had already been automatically collected.

This extremist interpretation of the Fourth Amendment—effectively, that the very act of using modern technologies means surrendering your privacy rights—would have been rejected by Congress and the courts if constitutional oversight mechanisms had been functioning properly. But when it came to protecting the privacy of American citizens in the digital age, each of the three branches of US government failed in its own way, causing the entire system to halt and catch fire. The executive branch was the primary cause of this constitutional breach. The president’s office had secretly authorized mass surveillance in the wake of 9/11.

It was time to face the fact that the IC believed themselves above the law, and given how broken the process was, they were right. The IC had come to understand the rules of our system better than the people who had created it, and they used that knowledge to their advantage.

They’d hacked the Constitution.

America was born from an act of treason. The Declaration of Independence was an outrageous violation of the laws of England and yet the fullest expression of what the Founders called the “Laws of Nature,” which included the right to rebel on point of principle. America’s first whistleblower protection law was enacted on July 30, 1778. This law declared it “the duty of all persons in the service of the United States, as well as all other inhabitants thereof, to give the earliest information to Congress or any other proper authority of any misconduct, frauds, or misdemeanors committed by any officers or persons in the service of these states, which may come to their knowledge.”

The law gave me hope—and it still does. Even at the darkest hour of the Revolution, with the very existence of the country at stake, Congress didn’t just welcome an act of principled dissent, it enshrined such acts as duties. By the latter half of 2012, I was resolved to perform this duty myself. In my case, going up “the chain of command,” which the IC prefers to call “the proper channels,” wasn’t an option. My superiors were not only aware of what the agency was doing, they were actively directing it—they were complicit.

Coming from a Coast Guard family, I’ve always been fascinated by how much of the English language vocabulary of disclosure has a nautical undercurrent. Organizations, like ships, sprang leaks. When steam replaced wind for propulsion, whistles were blown at sea to signal intentions and emergencies: one whistle to pass by port, two whistles to pass by starboard, five for a warning.

Ultimately, every language, including English, demonstrates its culture’s relationship to power by how it chooses to define the act of disclosure. When an institution decries “a leak,” it is implying that the “leaker” damaged or sabotaged something.

Today, leaking and whistleblowing are often treated as interchangeable. But to my mind, the term leaking should be used differently than it commonly is. It should be used to describe acts of disclosure done not out of public interest but out of self-interest. To be more precise, I understand a leak as the selective release of protected information in order to sway popular opinion or affect the course of decision making. The US government has forgiven “unauthorized” leaks when they’ve resulted in unexpected benefits and forgotten “authorized” leaks when they’ve caused harm.