In case you haven’t seen yet, Edward Snowden gave a talk at one of the biggest tech-consumer shows, the SXSW. Folks like Googles Eric Schmidt tend to be present there and give keynotes (which he did). I just wanted to highlight some of the most interesting points they talked in their video-chat conversation. Edward Snowden talked with Chris Soghoian from the ACLU and Ben Wizner. I include their comments as well because they are quite noteworthy:
General Remarks on the IT-Industry
- The NSA the sort of global mass surveillance that is occurring in all of these countries. Not just the US it is important to remember that this is a global issue. They are setting fire to the future of the internet. The people who are in room now, you guys are all the firefighters and we need you to help us fix this.
- So loo the irony that we are using Google Hangouts to talk to Ed Snowden has not been lost on me or uh our team here. …You have to choose between a service that is easy to use and reliable and polished or a tool that is highly secure and impossible for the average person to use. I think that reflects the fact that the services that are used by large companies with the resources to put 100 developers on the user interface those are the ones that are not optimized for security and the tools that are designed with security as the first goal are typically made by independent developers and activists and hobbyists and they are typically tools made by geeks for geeks.
- We should understand that most regular people are not going to go out and download an obscure encryption app. Most people are going to use the tools that they already have. That means that they are going to be using Facebook or Google or Skype. A lot of our work goes into pressuring those companies to protect their users. In January of 2010 Google turned on SSL. The lock icon on your web browser. They turn it on by default for Gmail and it previously had been available. It was available through an obscure setting. The 13 of 13 – 13 of 13th configuration options. Of course no one had turned it on. When Google turned that option on suddenly they made passive bulk surveillance of their users communications far more difficult for intelligence agencies.
Remarks on the NSA-Scandal: Did the leaks actually harm national security for the USA?
- Last week, Ed, General Keith Alexander who heads the NSA testified that he believes that the disclosures of the last eight months have weakened the country’s cyber defenses.
- Snowden: …there have been two officials in America who have harmed our internet security and actually our national security so much of our country’s economic success is based on our intellectual property. Now those two officials are Michael Hayden and Keith Alexander, two directors of the National Security Agency in the post 9/11 era who made a very specific change. That is they elevated offensive operations that is attacking over the defense of our communications… This is a problem for one primary reason – that is America has more to lose than everyone else when an Attack: when you are the one country in the world that has sort of a vault that is more full than anyone else’s it doesn’t make sense because if you attack it all day you never defended and it makes even less sense when the standards for vaults worldwide to have a backdoor.
- Chris: What is clear is that this government isn’t really doing anything to keep us secure and safe. This is a government that has prioritized for offense rather than defense. You know, if there were 100% increase in murders in Baltimore next year the chief of police of Baltimore would be fired. If there were a 100% increase in phishing attacks successful phishing attacks where people’s credit card numbers get stolen, no one gets fired. As a country we have basically been left to ourselves. Every individual person is left to fend for themselves online and our government has been hoarding information about information security vulnerabilities. In some cases there was a disclosure in the New York Times a report in the New York Times last fall revealing the NSA has been partnering with US technology companies to intentionally weaken the security of the software that we all use and rely on.
Does the NSA mass surveillance what its officials promise to congress? Does it work?
- Snowden: But two independent White House investigations found that it is has not helped us at all, have not helped us. Beyond that, we got to think about what are we doing with those resources, what are we getting out of that? As I said in our European Parliament testimony, we’ve actually have tremendous intelligence failures because we’re monitoring the internet; we’re monitoring, you know, everybody’s communications instead of suspects’ communications. That lack of focus have caused us to miss news we should have had. Tamerlan Tsarnaev, the Boston Bombers. the Russians have warned us about it. But we didn’t a very poor job investigating, we didn’t have the resources, and we had people working on other things. If we followed the traditional model, we might have caught that. Umar Farouk Abdulmutallab the underwear bomber, same thing. His father walked into a US Embassy, he went to CIA officer and said my son is dangerous. Don’t let him go to your country. Get him help. We didn’t follow up, we didn’t actually investigate this guy. We didn’t get a dedicated team to figure what was going on because we spent all of this money, we spent all of this time hacking into Google and Facebook to look at their data center.
Why is mass surveillance dangerous?
- Chris: In an NSA building somewhere probably in Maryland there is a record of everyone who has ever called an abortion clinic, everyone who has called an Alcoholics Anonymous hotline, anyone who has ever called a gay bookstore. And they tell us don’t worry we aren’t looking at it or we aren’t looking at it in that way. We aren’t doing those kinds of searches but I think many Americans would have good reason to not want that information to exist. I think regardless of which side of the political spectrum you are you probably don’t want the government to know that you are calling an abortion clinic or calling a church or calling a gun store and you may think quite recently, that is none of the government’s business. … Even if you trust this administration that we have right now you know the person who sits in the oval office changes every few years.
Is there any way we can make oversight more accountable?
- Snowden: We have an oversight model that could work. The problem is we overseers aren’t interested in oversight. … We can’t have officials like James Clapper who can lie to everyone in the country. Who can lie to the Congress and face no not even – not even a criticism. Not even a strong worded letter, the same thing with courts. … At the same time a secret court shouldn’t be interpreting the constitution when only NSA’s lawyers are making the case on how it should be viewed.
- Chris: There are going to be people in this audience and people listening at home who are going to think what Ed did was wrong. But let me be clear about one really important thing; his disclosures have improved internet security. And the security improvements we have gotten haven’t just protected us from bulk government surveillance. They have protected us from hackers at Starbucks who are monitoring our wifi connections. They have protected us from stalkers and identity thieves and common criminals. … And it really took you know, unfortunately the largest and most profound whistle blower in history to get us to the point where these companies are finally prioritizing the security of their users’ communications between them and the companies, but we all have Ed to thank for us.
Why is it less bad if big corporations get access to our information instead of the government?
- Snowden: Right now, my thinking, I think the majority’s thinking is that the government has the ability to deprive you of rights. Governments around the world whether it is the United States government, whether it is the Yemeni government whether it is Zair any country they have police powers, they have military powers, they have intelligence powers they can literally kill you, they can jail you, they can surveil you. Companies can surveil you to sell you products, to sell you information to other companies. That can be bad, but you have legal records. First off, it is typically a voluntary contract. Secondly, you have got court challenges you could use. If you challenge the government about these things and the ACLU itself has actually challenged some of these cases, but government throws it out on state secrecy and says you can’t even asked about this. The courts aren’t allowed to tell us whether it is legal or not because we are just going to do it anyway.
- Chris: We should remember that the web browser you are most likely using, the most popular browser right now is Chrome, most popular mobile operating system is now Android, many of the tools that we are using whether web browsers or operating systems or apps are made by advertising companies. It is not a coincidence that Chrome is probably a less privacy preserving browser. It is tweaked to allow data collection by third parties. The Android operating system is designed to facilitate disclosure of data to third parties. Even if you are okay with the data the companies are collecting you should also note that the tools that we use to browse the web and the tools that ultimately permit our data to be shared or prevent it from being shared are made by advertising companies.…But advertising companies are not going to give us tools that are privacy preserving by default.
Do you think the US surveillance might encourage other countries to do the same?
- Snowden: Yes. This is actually one of the primary dangers not just of sort of the NSA’s activities but of not addressing and resolving the issues. It is important to remember that American’s benefit profoundly from this. Because again as we discussed we got the most to lose from being hacked. At the same time every citizen in every country has something to lose. We all are at risk of unfair, unjustified, unwarranted interference in our private lives. Throughout history we have seen governments sort of repeat the trend where it increased and they get to a point where they have crossed the line. We don’t’ resolve these issues if we allow the NSA to continue unrestrained. Every other government the international community will accept this as a sign, as the green light to do the same. And that is not what we want.
Isn’t it just a matter of time before NSA can decrypt even the best encryption?
- Snowden: Let’s put it this way – the United States government has assembled a massive investigation team into me personally, into my work with journalists and they still have no idea you know what – what documents were provided to the journalists, what they have, what they don’t have. Because of encryption works. … We have both public and private acknowledgements that they know at this point the Russian government, the Chinese government any other government has possession of any of this information. And that would be easy for them to find out. If suddenly the Chinese government knew everything the NSA is doing we would notice the changes. We would notice the changes, we would see official communicating and our assets will tell us hey somewhere they have a warehouse they put you know, a thousand of their most skilled researchers in there. That has never happened and it is never going to happen.
- Chris: But hacking technologies don’t scale. If you are a target of the NSA it is going to be game over no matter what. But encryption makes bulk surveillance too expensive. Really the goal here isn’t to blind the NSA. The goal isn’t to stop the government from going after legitimate surveillance targets. The goal here is to make it so that they cannot spy on innocent people because they can’t. Right now so many of our communications our telephone calls, our text messages, our emails, our instant message are just there for the taking. And if we start using encrypted communication services suddenly it becomes too expensive for the NSA to spy on everyone. Suddenly they will need to actually have a good reason to dedicate those resources to either try and break the encryption or to try and hack into your device. So encryption technology even if imperfect has the potential to raise the cost of surveillance to the point that it no longer becomes economically feasible for the government to to spy on everyone.
Snowden: I took an oath to support and defend the constitution and I saw that the constituted was violated on a massive scale. The interpretation of the 4th amendment has been changed. The interpretation of the constitution has been changed in secret from „no unreasonable search and seizure“ to hey, „any seizure is fine, just don’t search it“. That is something that the public ought to know about.