Edward Snowden speaks out to a standing room only crowd at South By Southwest 2014 in Austin, Texas courtesy of ACLU (we've embedded the full presentation at the end of this article for your viewing pleasure). The session consisted of an approximately 40-minute interview of Snowden hosted by Ben Wizner, Edward's legal counsel and the director of the ACLU Speech, Privacy & Technology Project, and Chris Soghoian, the Principal Technologist and a Senior Policy Analyst on the same ACLU project. You may remember Chris from the attention he drew in 2006 when he created a website that generated fake airline boarding passes.
Edward Snowden Speaks Live at SXSW 2014
As Ben introduces Edward, who is using a green screen backdrop of the preamble of the United States Constitution (zoomed in on the words "We The People"), he points out that the talk was not without its roadblocks. A member of Congress from the state of Kansas wrote the organizers of SXSW asking them to rescind the invitation to Mr. Snowden with the following words: "The ACLU would surely concede that freedom of expression for Mr. Snowden has declined since he departed American soil." To which Ben responded "Now no one disputes that freedom of expression is stronger here than there. But if there is one person for whom that is not true, it's Ed Snowden."
And with that, the talk began. Listeners were able to tweet in questions via the hashtag #AskSnowden, some of which were answered by Snowden during a 20-minute Q&A at the end.
What are the key takeaways from Edward Snowden's talk at SXSW?
Snowden pointed out the importance of end to end encryption, the problem of information that is stored indefinitely, the lack of privacy and information integrity regulations and standards, how large companies are not naturally inclined towards promoting security, and that essentially the ball is in our court, that consumers are the drivers of change.
The importance of end-to-end encryption
What is end-to-end encryption? Simply put, data that is encrypted ("I love you" gets encrypted to "gobbledygook") by the sender, and then decrypted by the receiver. The receiver has a key necessary to decrypt the data. Anyone intercepting the message during transmission would only see "gobbledygook" and not the real message ("I love you"). Snowden points out that the math behind current day encryption technologies is solid, and that even the NSA is unable to crack them. However, given the unsecure, unregulated environment we live in, it's not difficult for malicious users (hackers, foreign governments, the NSA, etc.) to steal the key, which will give them access to the confidential information without the need to break it.
An example of a consumer end-to-end encryption product is PGP, or Pretty Good Privacy. It was created in 1991 by Phil Zimmerman and is available for free on most platforms. It's most common use is to encrypt e-mail messages.
The NSA should use a targeted, not a bulk collection approach
Edward points out that end-to-end encryption could solve a lot of our privacy and security problems. If widely adopted the standard would effectively prevent governments from being able to conduct mass surveillance programs, which Snowden points out are ineffective anyways. The NSA could itself to be more successful tracking terrorists with a targeted approach that doesn't rely on the bulk collection of data. Apparently the Russians had information on the Boston bomber, a tragedy which might have been prevented had intelligence analysts been utilizing a more focused approach. The current strategy, which Snowden has exposed, involves massive collections of data from everyone, including unsuspecting people and governments, that is stored for an indefinite amount of time.
Information needs to "die out" after its use period ends
While you may be happy with the current administration, every four years a new one steps in, and they will have access to that same information. Analytics can be conducted on that data years later, which means you could potentially be held liable for a communication you conducted unknowingly years ago and that is unrelated to current events. In the wrong hands, this powerful unregulated access to data could cause real problems. Snowden emphasizes that after a piece of information gathered for a specific cause has been utilized, or a certain amount of time lapses, it needs to be erased. In other words, data collected for purpose should only be used for that purpose, and then deleted, so it cannot be misused for another purpose down the road.
The government needs to be held accountable
Snowden points out the importance of an oversight committee or watchdog that holds the government accountable for its use or misuse of people's information. Misuse of your personal information by the government is a lot more costly than misuse by a private company, because you have legal discourse against the latter, whereas an unregulated government can simply stick you in jail. Consumers worldwide rely on products created by American companies. These consumers will feel a lot more at ease, and be more apt to purchase American products, if there is a regulatory body that is overseeing and ensuring the use of their personal data.
Companies need to integrate security and privacy with their services
In the capitalist era that we live in, after the government, large private companies carry the most power. Once standards, regulations, and some sort of effective oversight structure is in place, these companies need to increase their security protocols and adhere to established data retention standards. For example, consumers rely on Google, Apple, and other technology companies for a lot of services (web browsing, email, iPhones, games, etc.). The problem is, these are mostly advertising companies to begin with, and the more information they have on you, the consumer, the more value their marketing efforts carry. It's for this reason, and lack of regulations, that most of the services and products we use today, especially the ones that are provided for free, are lacking when it comes to privacy and security. That's not only a problem for us as a consumer, but for our country as far as it's cyber defenses go. Chris Soghoian points out that "as a country we have public officials testifying in Washington saying that cyber security is now the greatest threat this country faces. Greater than terrorism. We have had both the director of the FBI and the director of National Intelligence say this in testimony to Congress."
What can you do today?
The good news is that Snowden's revelations have prompted change. Change only occurs when driven by consumer demand, which is why it's important that you, as a consumer, educate yourself as much as possible on these issues to ensure that your rights, and those of your children, are better protected in the future. And, vote with your wallet by supporting companies that are being proactive when it comes to the security and privacy of your personal information.
From a technical perspective, Edward Snowden advises that you focus on hardware and network encryption. He mentions using services that use an encrypted protocol (such as SSL - you can tell if a website is using this if the address begins with https). This is especially applicable to websites that gather and store your personal information via a login (first and last name, e-mail address, phone number, street address, etc.), and absolutely essential for e-commerce sites that use your credit card or bank account to conduct a transaction.
There are also browser plug-ins you can use to increase the security of your session. Snowden mentions NoScript, Ghostery, and TOR. "NoScript to block Active X attempts in the browser, Ghostery to block ads and tracking cookies. But there is also TOR, T O R is a mixed routing network which is very important because it is encrypted from the user through the ISP to the end of sort of a cloud a network of routers that you go through. Because of this your ISP, your communications provider, can no longer spy on you be default." By doing this you'll be taking a giant step towards preventing your private information being harvested in any kind of mass surveillance or bulk collection attempts.
Edward Snowden at SXSW [full video presentation]
For those that missed it, here's the full video presentation of Edward Snowden's South by Southwest 2014 talk by ACLU Videos.
Share your thoughts!
Yes Snowden raises some valid, important points. But did he go about raising awareness the right way by potentially putting national security and lives at risk? Was there another way these points could have been brought into the public eye? Please share your comments, feedback, and thoughts on Edward Snowden, privacy, the NSA, data privacy, and anything that comes to mind below!