A Secure Life in the Press!
Home > Personal Security > Edward Snowden Speaks Live at SXSW 2014

Edward Snowden Speaks Live at SXSW 2014

Edward Snowden Speaks Live at SXSW 2014 in Austin, TexasEdward Snowden speaks out to a standing room only crowd at South By Southwest 2014 in Austin, Texas courtesy of ACLU (we’ve embedded the full presentation at the end of this article for your viewing pleasure). Our own Sadie Cornelius was fortunate enough to grab a front row seat to what could amount to be one of the most important broadcasts of the year, if not longer (she wrote up her own account of Snowden’s SXSW talk on our sister site We Rock Your Web). The session consisted of an approximately 40-minute interview of Snowden hosted by Ben Wizner, Edward’s legal counsel and the director of the ACLU Speech, Privacy & Technology Project, and Chris Soghoian, the Principal Technologist and a Senior Policy Analyst on the same ACLU project. You may remember Chris from the attention he drew in 2006 when he created a website that generated fake airline boarding passes.

As Ben introduces Edward, who is using a green screen backdrop of the preamble of the United States Constitution (zoomed in on the words “We The People”), he points out that the talk was not without its roadblocks. A member of Congress from the state of Kansas wrote the organizers of SXSW asking them to rescind the invitation to Mr. Snowden with the following words: “The ACLU would surely concede that freedom of expression for Mr. Snowden has declined since he departed American soil.” To which Ben responded “Now no one disputes that freedom of expression is stronger here than there. But if there is one person for whom that is not true, it’s Ed Snowden.

And with that, the talk began. Listeners were able to tweet in questions via the hashtag #AskSnowden, some of which were answered by Snowden during a 20-minute Q&A at the end.

What are the key takeaways from Edward Snowden’s talk at SXSW?

Snowden pointed out the importance of end to end encryption, the problem of information that is stored indefinitely, the lack of privacy and information integrity regulations and standards, how large companies are not naturally inclined towards promoting security, and that essentially the ball is in our court, that consumers are the drivers of change.

The Importance of End-to-End Encryption

What is end-to-end encryption? Simply put, data that is encrypted (“I love you” gets encrypted to “gobbledygook”) by the sender, and then decrypted by the receiver. The receiver has a key necessary to decrypt the data. Anyone intercepting the message during transmission would only see “gobbledygook” and not the real message (“I love you”). Snowden points out that the math behind current day encryption technologies is solid, and that even the NSA is unable to crack them. However, given the unsecure, unregulated environment we live in, it’s not difficult for malicious users (hackers, foreign governments, the NSA, etc.) to steal the key, which will give them access to the confidential information without the need to break it.

An example of a consumer end-to-end encryption product is PGP, or Pretty Good Privacy. It was created in 1991 by Phil Zimmerman and is available for free on most platforms. It’s most common use is to encrypt e-mail messages.

The NSA Should Use a Targeted, Not a Bulk Collection Approach

Edward points out that end-to-end encryption could solve a lot of our privacy and security problems. If widely adopted the standard would effectively prevent governments from being able to conduct mass surveillance programs, which Snowden points out are ineffective anyways. The NSA could itself to be more successful tracking terrorists with a targeted approach that doesn’t rely on the bulk collection of data. Apparently the Russians had information on the Boston bomber, a tragedy which might have been prevented had intelligence analysts been utilizing a more focused approach. The current strategy, which Snowden has exposed, involves massive collections of data from everyone, including unsuspecting people and governments, that is stored for an indefinite amount of time.

Information Needs to “Die Out” After Its Use Period Ends

While you may be happy with the current administration, every four years a new one steps in, and they will have access to that same information. Analytics can be conducted on that data years later, which means you could potentially be held liable for a communication you conducted unknowingly years ago and that is unrelated to current events. In the wrong hands, this powerful unregulated access to data could cause real problems. Snowden emphasizes that after a piece of information gathered for a specific cause has been utilized, or a certain amount of time lapses, it needs to be erased. In other words, data collected for purpose should only be used for that purpose, and then deleted, so it cannot be misused for another purpose down the road.

The Government NEeds to Be Held Accountable

Snowden points out the importance of an oversight committee or watchdog that holds the government accountable for its use or misuse of people’s information. Misuse of your personal information by the government is a lot more costly than misuse by a private company, because you have legal discourse against the latter, whereas an unregulated government can simply stick you in jail. Consumers worldwide rely on products created by American companies. These consumers will feel a lot more at ease, and be more apt to purchase American products, if there is a regulatory body that is overseeing and ensuring the use of their personal data.

Companies Need To Integrate Security and Privacy WIth Their Services

In the capitalist era that we live in, after the government, large private companies carry the most power. Once standards, regulations, and some sort of effective oversight structure is in place, these companies need to increase their security protocols and adhere to established data retention standards. For example, consumers rely on Google, Apple, and other technology companies for a lot of services (web browsing, email, iPhones, games, etc.). The problem is, these are mostly advertising companies to begin with, and the more information they have on you, the consumer, the more value their marketing efforts carry. It’s for this reason, and lack of regulations, that most of the services and products we use today, especially the ones that are provided for free, are lacking when it comes to privacy and security. That’s not only a problem for us as a consumer, but for our country as far as it’s cyber defenses go. Chris Soghoian points out that “as a country we have public officials testifying in Washington saying that cyber security is now the greatest threat this country faces. Greater than terrorism. We have had both the director of the FBI and the director of National Intelligence say this in testimony to Congress.”

What Can You do Today?

The good news is that Snowden’s revelations have prompted change. Change only occurs when driven by consumer demand, which is why it’s important that you, as a consumer, educate yourself as much as possible on these issues to ensure that your rights, and those of your children, are better protected in the future. And, vote with your wallet by supporting companies that are being proactive when it comes to the security and privacy of your personal information.

From a technical perspective, Edward Snowden advises that you focus on hardware and network encryption. He mentions using services that use an encrypted protocol (such as SSL – you can tell if a website is using this if the address begins with https). This is especially applicable to websites that gather and store your personal information via a login (first and last name, e-mail address, phone number, street address, etc.), and absolutely essential for e-commerce sites that use your credit card or bank account to conduct a transaction.

There are also browser plug-ins you can use to increase the security of your session. Snowden mentions NoScript, Ghostery, and TOR. “NoScript to block Active X attempts in the browser, Ghostery to block ads and tracking cookies. But there is also TOR, T O R is a mixed routing network which is very important because it is encrypted from the user through the ISP to the end of sort of a cloud a network of routers that you go through. Because of this your ISP, your communications provider, can no longer spy on you be default.” By doing this you’ll be taking a giant step towards preventing your private information being harvested in any kind of mass surveillance or bulk collection attempts.

Edward Snowden at SXSW [Full ViDeo Presentation]

For those that missed it, here’s the full video presentation of Edward Snowden’s South by Southwest 2014 talk by ACLU Videos:

Share Your Thoughts!

Yes Snowden raises some valid, important points. But did he go about raising awareness the right way by potentially putting national security and lives at risk? Was there another way these points could have been brought into the public eye? Please share your comments, feedback, and thoughts on Edward Snowden, privacy, the NSA, data privacy, and anything that comes to mind below!

Like This Article? Sign up for Free Monthly Security Tips & Reviews!

Thank you, your sign-up request was successful! Please check your e-mail inbox.
Given email address is already subscribed, thank you!
Please provide a valid email address.
Please complete the CAPTCHA.
Oops. Something went wrong. Please try again later.

About Alex Schenker

Alex has in-depth experience with security systems, security software, identity protection and privacy legislation. He loves tennis, hiking, and surfing.
Previous:
Next:
  • Greg Leimone

    Harv/Alex:

    You both raise some very valid points and have a strong understanding of the many complexities of this highly controversial subject. If I may, let me share some thoughts from the perspective of a former law enforcement officer and current private investigator and security consultant:

    End to End Encryption: While I can understand the concern of this raising more eyebrows than someone moving about blindly in the digital age, I do not believe that it should be as concerning as one might think. First, there are roughly 314 million people in the US and law enforcement do not have the time to carefully scrutinize everyone (children excluded). Those who are attempting to protect their privacy would surely fall aft of those who are either on a hot list or connected to those on the list. Additionally, privacy is such a hot topic these days that it has become far more understandable that people want to protect it. A good analogy is that not so many years ago you were only caught on camera at a bank, large corporations, government buildings and retail. Fast forward to today and we are on camera everywhere we go. While some may feel it is obtrusive, the vast majority go through their daily routine without acknowledging 80% of the cameras above them. The same applies here in that the government realizes that we are concerned about our privacy and therefore a subject who attempts to protect theirs blends in more and tends to stand out less. Anyone not attempting to protect their privacy in some form or fashion is simply being blind to the realities of this world.

    Targeted Approach: Without question Snowden is right on the money here, and this is done for the most part even if it may seem otherwise. You have to remember that in the mainstream crazy media world we live in, that everything gets blown out of proportion. Any variation of a story indicating the NSA listening to ALL of our phone calls is simply incorrect and impossible. Not to mention a terrible waste of time, energy, money and completely inefficient. So, there is some targeting occurring and the government starts with subject A who may be an identifiable threat. They move to the person they speak to, subject B, C and so on. Now, having said that…I am a strong advocate of further narrowing of that scope such that our government is more efficient at that effort and less likely to hear something that is useless to them but private to me. On the data side, there is a clear need for controls and a system of checks and balances to ensure they are doing their job efficiently and also within the rights extended to us by the Constitution. My opinion (like that of Alex’s) is that a private company with strong security protocols and high morals be the “keeper” of the data. They compile and accumulate the data which is to be made available. However, they require law enforcement to provide ample probable cause, court orders, subpoena’s, etc. to be able to query the data. Only that data which is outlined within that order is released, much like the scope within a search warrant. It specifically spells out the area to be searched and the items with which are being searched for. Understandably, there needs to be some depth to it, so the following example is offered (Joe has been identified as potentially collaborating to commit a terrorist act in LA. The court order allows the government access to his phone calls, which they determine he is talking to Bob. While the order only allows him access to Joe’s records, it should also allow access to Bob’s and one more level away. Or some variation therein.) This would allow them to adequately investigate the validity of it without going back and forth to a judge constantly.

    Info Die-Out: This is a tough one for me, and I tend to fall more on the side of the conservative former police officer. You just don’t know what data today will be valuable in saving lives in 10 years or even 3 months for that matter. Take 9/11 for example, while we definitely did not stop it (resisting my opinion here), there were clear links between the attacks on that fateful day and terrorist activities many years prior. Now, had we not had that data from all those years before, without question would we not only have not stopped it, but it would be unlikely we would have even had the opportunity to. Again, you have to get to the root cause of the issue here….it’s not about the age of the data but the control of it. Fix that, and it doesn’t matter how long it is kept in my opinion.

    I could go on with more, but you are probably tired of reading my rant at this point. I will summarize though by saying that surely I am a cop in my heart, even if not still one by profession. However, I am a far more liberal one that most in the profession. That said, you learn really quickly the challenges that our intelligence and law enforcement agencies face in an era where everyone is a Monday Morning Quarterback. We used to complain about officer involved shootings because we had split seconds to make a decision and everyone else had years to analyze what we should have done differently. That level of scrutiny, while important to ensure the job is done right, also leads many to believe that it could have been performed differently despite the difference in information available amongst the various parties in this example. Knowledge is power! Take it away from our government, military and law enforcement and you have cut them off at the knees. I don’t believe in them abusing it, and surely there will be those who will. But, we have to think about saving lives first and offending someone or violating their privacy second. It may sound harsh and over simplified but at the end of the day I would rather them listen to my conversation or see what I bought for my AR15 than watch my family die in an attack because the US was a “sleeping giant” (as we were called on 9/11).

    • http://www.coverstorymedia.com/ Alex Schenker

      Greg, thanks so much for taking the time to share your thoughts! Your insight given your level of experience in the field is invaluable to our readers and has taken this conversation to another level.

      Info Die-Out (are we coining this phrase, I just made it up, ha!): I hadn’t thought of this in that way, that totally makes sense. I’m beginning to see the value (and possibly necessity) of ageless information. The sacrifice we make of course, is the need to trust those holding the key to the info. But like many things in life, trust, even if established through a system of checks and balances, is sometimes necessary to achieve a greater good.

      By the way, your ending gave me chills. Well said.

  • Harv Griffin

    If I recall Plato’s Cycle of Governments correctly, Representative Democracy evolves into a Dictatorship. What disturbs me most about this whole area of debate, is that here in the United States, the tools are now in place for a “Seven Days in May” type of military take over. The Tea Party crowd would go for it! Just need the right charismatic four-star general. (Too bad Petraeus left all those emails. [Insert ASecureLife bit on how texting is safer than email for naughty antics, because the information is automatically deleted.] We teach our generals to withstand torture, but give them no training in how to withstand blowjobs.

    To use an analogy, in Iran, from what I can gather by researching online, this theoretical theocracy actually run by thugs, uses state-of-the-art data mining and surveillance techniques to watch the people, crush any dissent, and maintain power. Anyone even suspected of being a protestor is killed, and their family billed for the cost of the bullets, burial and inconvenience. In the name of Islam, naturally.

    But the banner of “Freedom” can also be used, here in the United States, to achieve something very similar. The Feds only need to mention the magic word “terrorist” and all due process is sidelined. You or I can be “renditioned” or questioned and detained without limit should we be “red flagged” by a computer or “red flagged” by a zealous ambitious agent out to rise in the ranks. In the name of Freedom, naturally; the Feds are “protecting us.”

    So, while I applaud Snowden for revealing how our minds are being data mined; clearly, he is also a criminal who has compromised the security of the United States. It’s like announcing to the world of car speeders: “Speed traps are set up here, here, here, and here, so slow down before entering those areas.” I can see both sides.

    Concerning the Key Take-Aways from your article:

    Personally, my issue with end-to-end encryption is that, yes, it would make my own data more secure, but at the cost of raising a big red flag for the government to question me: “Why is this person encrypting his data? What is he hiding? We should take a hard look at him!”

    On the Information-needs-to-die-out argument, again I can see both sides. In my own computer life, my problem is that my data is dying before I want it to! But if the Internet is seen as a Hoarder’s Paradise where meaning is buried under an avalanche of dullness; I can understand the impulse to ERASE! Snapchat’s popularity on phones may be related to the fact that by default it deletes whatever has just been sent.

    The government needs to be held accountable? My fear is that we have moved beyond this. I don’t see a way to do that. A “regulatory body” set up to accomplish it would be staffed by people, susceptible to pay-offs and corruption or threats to look the other way. The stakes are too high for the government.

    • http://www.coverstorymedia.com/ Alex Schenker

      Thanks so much for your awesome commentary Harv! I thoroughly enjoyed reading your thoughts, you raise some excellent points and I feel you provide well balanced input on the issue.

      The first paragraph made me laugh pretty hard! Generally speaking, I’m with you, I can see both sides, and while Snowden raises some very valid and important points I’m not sure his method of leaking sensitive information was the best/safest/smartest way to raise awareness.

      In regards to the end-to-end encryption, yes, if not adopted widely I can see it creating red flags by the minority that use it. But I think the idea is that if adopted widely, it would make it a lot more expensive for an agency to harvest information, which would force them to use a more targeted approach, which then subsequently would reduce the amount of passive information harvested from innocent individuals unrelated to the target search.

      As for information needing to die out, I have the same problem – wasting time hoarding useless information I should probably be deleting. I think the concern here is when an administration captures information on an individual for project A, and that information doesn’t die out at the end of project A. Then if administration B comes into power with project B, but they decide that same individual’s information from project A is also applicable to project B, they will probably use it, even if that undermines that individual’s rights.

      Lastly, for government accountability, you are probably right. The watchdog would most likely need to be a private third party.

      Thanks for stopping by and good luck with your publishing efforts!

      Cheers,
      Alex