Snowden Urges SXSW Crowd to Thwart NSA With Technology

Edward Snowden Urges SXSW Crowd to Thwart NSA With Technology

• BY KIM ZETTER
• With lawmakers slow to pass legislation curbing NSA surveillance, it’s up to the technology community to step in and devise solutions that will better protect online communications from snoops, said Edward Snowden, speaking today from Moscow at the South by Southwest conference in Austin.
  “[T]he people who are in the room at Austin right now, they’re the folks who can really fix things, who can enforce our rights for technical standards even when Congress hasn’t yet gotten to the point of creating legislation that protect our rights in the same manner…,” he said. “There’s a policy response that needs to occur, but there’s also a technical response that needs to occur. And it’s the makers, the thinkers, the developing community that can really craft those solutions to make sure we’re safe.”
  The massive surveillance being done by the NSA and other governments has created “an adversarial internet,” he said, “a sort of a global free-fire zone for governments, that’s nothing that we ever asked [for]; it’s not what we wanted. It’s something we need to protect against….
  “[T]hey’re setting fire to the future of the internet. And the people who are in this room now, you guys are all the firefighters. And we need you to help us fix this.”
  One solution he highlighted, that would make it more difficult for the U.S. and other governments to conduct passive surveillance, is the implementation of end-to-end encryption that would protect communications from user to user, rather than as it’s currently done by Google and other services, which only encrypt the communication from user to service, leaving it vulnerable to collection from the service provider.
  “End-to-end encryption … makes mass surveillance impossible at the network level,” he says, and provides a more constitutionally protected model of surveillance, because it forces the government to target the endpoints — the individual users — through hacking, rather than conduct mass collection.
  Snowden, speaking through a Google Hangout session, masking his whereabouts through seven online proxies, appeared onscreen sitting in front of a backdrop of the Constitution’s First Amendment — likely a sly reference to a Kansas lawmaker’s attempt to bar Snowden’s free speech by asking the conference organizers last week to cancel his talk.
  Snowden’s talk was broadcast online to more than 40,000 viewers as well as to a packed house and overflow rooms in Austin.
  The interview was conducted by Ben Wizner, one of Snowden’s attorneys and director of the ACLU Speech, Privacy & Technology Project, and Wizner’s colleague Chris Soghoian, principal technologist and a senior policy analyst for the same project.
  Soghoian elaborated on the issue of technical security to protect digital civil liberties.
  “Many of the communication tools that we all rely on are not as secure as they could be…,” he said. “Security is often an afterthought, if it’s a thought at all. And really what that’s done is enable global passive surveillance by the U.S. [and] other governments, too….
  “So I really think, for this audience, one of the things that we should be thinking about and hopefully taking home, is the fact that we need to lock things down. We need to make services secure out of the box, and that’s going to require a re-think by developers. It’s going to require that developers start to think about security early on, rather than later on down the road.”
  Snowden also addressed a recent statement by NSA Director Gen. Keith Alexander saying that he believed Snowden’s disclosures had weakened the country’s cyber defenses.
  “It’s very interesting to see officials like Keith Alexander talking about damage that’s been done to the defense of our communications,” Snowden said. “Because more than anything there have been two officials in America who have harmed our internet security and actually our national security … those two officials are [former NSA and CIA Director] Michael Hayden and Keith Alexander… they elevated offensive operations — that is, attacking — over the defense of our communications.”
  Snowden was referring to information that the NSA has been working on a program to undermine encryption and place backdoors in commercial systems as well collect software vulnerabilities to use for offensive operations.
  Soghoian said the government had put surveillance and offensive operations over defending systems and, as a result, had put everyone at risk and created a tension between what the government does to create an advantage over adversaries and what it needs to do to defend networks in the U.S.
  “The government has really been prioritizing its efforts on information collection…,” he said. “A system that is secure is difficult to surveil, and a system that is designed to be surveilled is a target waiting to be attacked. And our networks have been designed with surveillance in mind. We need to prioritize cybersecurity, and that’s going to mean making surveillance more difficult, and of course the NSA and their partners in the intelligence world are not crazy about us going down that path.”
  During the talk, Wizner asked Snowden if he was happy with the global dialogue his disclosures have brought and whether he would do it again, knowing now all of the consequences he would face and the reaction the documents he leaked would produce.
  Snowden said he would, primarily because the public needed to know that the government had secretly changed its interpretation of the Constitution from prohibiting unreasonable search and seizures to allowing mass seizures of data as long as they didn’t search the data.
  Soghoian added that without Snowden’s disclosures — including the disclosure that the NSA was tapping private data lines between Google’s data centers where unencrypted data traversed — companies like Yahoo and others would not have been shamed into turning on encryption by default for users and Google would not have moved to immediately encrypt communications between its data centers.
  “Without Ed’s disclosure, many of the tech companies would not have improved their security either at all or at the rate that they did…,” Soghoian said. “Now there are going to be people in this audience and there are going to be people listening at home who think what Ed did was wrong. But let me clear about one really important thing. His disclosures have improved internet security.
  “These companies should have been encrypting their communications before and they weren’t and it really took unfortunately the largest and most profound whistleblower in history to get us to the point where these companies are finally prioritizing the security of their users’ communications … We all have Ed to thank for this.”
  
  Kim Zetter is a senior reporter at Wired covering cybercrime, privacy, security and civil liberties.
  Read more by Kim Zetter
  Follow @KimZetter and @ThreatLevel on Twitter
  .http://www.wired.com/threatlevel/2014/03/edward-snowdens-tech-call-arms/