aNewDomain.net — Key comments from the Edward Snowden SXSW appearance at an ACLU-sponsored Google Hangout are below.
Snowden, now living in political asylum in Moscow, joined the ACLU’s Chris Soghoian and Ben Wizner for a live Google Hangout before a big audience at SXSW 2o14. The folks at the Inside Live Blog published a full transcript and video clips of the event here.
Ben Wizner opened the hangout with the following introduction:
Okay. I think we’ll get started. There wasn’t a lot of applause when we came on stage. I guess you are here to see somebody else. My name is Ben Wizner. I’m joined by my colleague Chris Soghoian from the ACLU. And maybe we can bring up on screen the main attraction.”
To this, Edward Snowden replies with a simple, “Hello.”
It is immediately apparent that the sound and video quality coming from Edward Snowden out of Moscow will be less than ideal. The ACLU’s Wizner points out that the video’s — he describes it as “a bit choppy” — slow performance might have something to do with the fact that the Edward Snowden video stream is coming “through seven proxies.”
Wizner welcomes the SXSW attendees and Google Hangout participants joining the event, which he describes as “an event that one member of Congress from the great state of Kansas hoped would not occur.” The senator, he says, wrote SXSW 2014 organizers in an effort to get them to “rescind the invitation to Mr. Snowden.” The senator, Wizner says, stated that “the ACLU would surely concede that freedom of expression for Mr. Snowden has declined since he departed American soil.”
Now no one disputes that freedom of expression is stronger here than there but if there is one person for whom that is not true, it’s Ed Snowden. If he were here in the United States he would be in a solitary cell subject to special administrative measures that would prevent him from communicating to the public and participate in the historic debate that he helped launch. We are really delighted to be here.”
After a lengthy introduction in which Wizner recalls Edward Snowden’s “courageous revelations” about the NSA PRISM e-surveillance project last June via such journalists as Glen Greenwald, Wizner ponders “why the hell the NSA is systematically undermining common encryption standards that we all use? Why is the NSA targeting telecommunications companies, Internet companies, hacking them to try to steal their customer data … basically manufacturing vulnerabilities to poke holes in the communication systems that we all rely on?”
Edward Snowden replies:
… I will say (SXSW) and the technology community — people who are in the room in Austin — they are the folks that really fix things who can enforce our rights for technical standards. Even when Congress hadn’t yet gotten to the point of creating legislation to protect our rights in the same manner. When we think about what is happening at the NSA for the past decade … the result has been an adversarial Internet. Sort of global free fire zone for governments that is nothing that we ever asked for. It is not what we want. It is something that we need to protect against. We think about the policies that have been advanced the sort of erosion of (Constitutional) protections … the proactive seizure of communications. There is a policy response that needs to occur. There is also a technical response that needs to occur. It is the development community that can really craft the solutions and make sure we are safe.”
The NSA (uses) the sort of global mass surveillance that is occurring in all of these countries. Not just the U.S. it is important to remember that this is a global issue. They are setting fire to the future of the Internet. The people who are in this room now you guys are all the firefighters and we need you to help us fix this.”
Wizner asks Edward Snowden to comment on written testimony that Snowden submitted to the European Parliament last week. He quotes from Snowden’s own testimony, pointing out that Snowden said “the weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards.” He asks Snowden what changes he has in mind — and wonders in what ways the tech community as a whole can make such mass surveillance “more expensive and less practical” for the government to easily do it.
The primary challenge that mass surveillance faces from any agency and any government in the world is not just how do you collect the communications as they cross the wires and find their way through the network, but how do you interpret them? How do you understand? How do you … analyze them? And at least the easiest to (static …) basis by encryption. There are two methods of encryption that are generally used. One is deeply problematic. One of those is … sort of what we are using with like Google-type services … right now … where I encrypt a video chat and I send it to Google. Google decrypts it and re-encrypts it to you guys.
“… End to end encryption where it is from my computer directly to your computer makes mass surveillance impossible at the network level without a (key) … and (that method is) very expensive. By doing end to end encryption, you force … global passive adversaries to go for the end points … the computers (at the origination or end points) … And the result of that is a constitutional, more-careful overseeing sort of intelligence-gathering model.
“… This way, if they want to gather somebody’s communications they have to target (one suspect’s communications) specifically. They can’t just target everybody all the time and then, when they want to read your stuff, they go back in a time machine and say: What did they say you know in 2006? They can’t pitch exploits in every computer in the world without getting caught. That is the value of end to end encryption and that is what we need to be thinking about. We need to know how can we enforce those protections in a simple, cheap, effective way that is invisible to users …”
Wizner points out that there’s a big problem with end-to-end encryption, and that’s the fact that many if not most Internet users get email served to them by companies who also serve them targeted, paid-for ads. Such companies need to know their users. But then what?
Chris Soghoian, also with the ACLU, explains to the audience that tech companies are already making it harder. He says that, in the last eight months, “the big Silicon Valley technology companies have really improved their security in a way that was surprising to many of us who have been urging them for years to do so.”
Soghoian points out to Snowden that:
It took Yahoo – Yahoo was kicking and screaming the whole way but they finally turned on SSL encryption in January of this year after Bart Gellman and Ashkan Sholtani shamed them on the front page of The Washington Post. The companies have locked things down but only in a certain way. They have secured the connection between your computer and Google’s server or Yahoo’s server or Facebook’s server, which means that governments now have to go through Google or Facebook or Microsoft to get your data. Instead of getting it with AT&T’s help or Verizon’s help or Comcast’s or any party that watches the data as it goes over the network … (but) I think it is going to be difficult for these companies to offer truly end to end encrypted service simply because it conflicts with their business model.”
As for Google, ironically the host for the controversial Google Hangout, Chris Soghoian says:
Google wants to sit between you and everyone you interact with and provide some kind of added value. Whether that added value is advertising or some kind of information mining. Improved experience telling you when there are restaurants nearby where you can meet your friends. They want to be in that connection with you and that makes it difficult to secure those connections.”
The irony of using a Google Hangout to rag on Google is not lost on anyone. And the ACLU isn’t getting advertising support from Google, he adds.
Is there really progress being made? Can we call it progress at all? Edward Snowden told the SXSW crowd: “There is.”
Snowden is optimistic, he says, adding:
I think we are actually seeing a lot of progress being made here. Whisper systems … of the world are focusing on new user experience, new UIs and basically ways for us to interact with cryptographic tools. This is the way it should be … we want secure services that aren’t opt-in (services). It has to pass the Greenwald test.
“Any journalist in the world gets an email from somebody saying, ‘Hey, I have something the public might want to know about.’ (The journalist needs) to be able to open it. They need to be able to access that information. They need (open) communications whether they are a journalist or an activist. This is something that people need to be able to access.”
The way we interact right now is not good. If you have to go to the command line, people aren’t going to use it. If you have to go three menus deep people aren’t going to use it. It has to be out there. It has to happen automatically. It has to happen seamlessly.”
Here are some other excerpts from the Edward Snowden SXSW appearance at the ACLU-sponsored Google Hangout …
On what message Snowden would give large tech companies such as Google, Microsoft or Facebook, Snowden responded that they should take care not to save key files on web-facing servers for indefinite periods. He said:
One of the things I would say to a large company is not that you can’t collect any data, it is that you should only collect the data and hold it for as long as necessary for the operation of the business. Recently … (security personnel) hacked and actually stole my passport and my registration forms and posted them to the Internet.
“Now I submitted those forms back in 2010? Why were those still on a web-facing server? Was it still necessary for business? … Whether you are Google or Facebook you can do these things in a responsible way where you can still get the value out of these that you need to run your business.”
On NSA official Keith Alexander’s recent testimony that Edward Snowden’s revelations about the NSA PRISM project and other top-secret surveillance initiative have, since they hit the media in June 2011, weakened US defense, Snowden said:
It is very interesting to see officials like Keith Alexander talking about damage that has been done to the defense of our communications. Because more than anything there have been two officials in America who have harmed our Internet security .. and actually our national security. So much of our country’s economic success is based on our intellectual property. It is based on our ability to create and share and communicate and compete.
“Now those two officials are Michael Hayden and Keith Alexander, two directors of the National Security Agency in the post 9/11 era who made a very specific change. That is they elevated offensive operations — that is, attacking … our communications. They began (loosening) the protections of our communications. This is a problem for one primary reason. America has more to lose than everyone else (in an attack) if you are the one country in the world that has a vault (of information) that is more full than anyone else’s …
“It makes even less sense when the standards for vaults worldwide (have) to have a backdoor anyone can walk into. When (Keith Alexander) says (revelations like the ones around NSA PRISM) have weakened national security, no. These are improving our national security. These are improving our national security. These are improving the communications not just (For Americans) but (for) everyone in the world. Because we rely on the same standards. We rely on the ability to trust our communications. Without that we don’t have anything. Our economy cannot succeed.”
On whether mass surveillance systems like NSA PRISM do what US officials claim, which is keep the United Stated safer from terrorism and digital terrorism, Edward Snowden says:
They are not. That is actually something I’m a little bit sympathetic to and we got to turn back the clock a little bit and remember that they thought (it) was a great idea but no one had done it before, at least publicly. So they went, ‘Hey! We can spy on the world all at once. It will be great. We’ll know everything.’ “
But the reality is, when they did it, they found out that it didn’t work. But it was … so successful in collecting data. So great … that no one wanted to say no. The reality is now we have reached point where a majority of people’s telephone communication are being recorded — we’ve got all these metadata that are being stored — for years and years …
“… (And) two independent White House investigations found that it is has not helped us at all. Beyond that, we got to think about what are we doing with those resources, what are we getting out of that? As I said in (the recent) European Parliament testimony, we have actually have tremendous intelligence failures because we’re monitoring the Internet.
“… We’re monitoring, you know, everybody’s communications instead of suspects’ communications. That lack of focus have caused us to miss news we should have had. Tamerlan Tsarnaev, the Boston Bombers .. The Russians have warned us about it. But we did a very poor job investigating, we didn’t have the resources and we had people working on other things.”
If we followed the traditional model, we might have caught that. Umar Farouk Abdulmutallab the underwear bomber? Same thing. His father walked into a US Embassy. He went to CIA officer and said my son is dangerous. Don’t let him go to your country. Get him help. We didn’t follow up, we didn’t actually investigate this guy. We didn’t get a dedicated team to figure what was going on because we spent all of this money, we spent all of this time hacking into Google and Facebook to look at their data center. What did we get out of that? We got nothing. And there are two White House investigations that confirm that.”
The ACLU, at the end of the last Snowden comment, now opens it up for questions. The first comes from Web pioneer Sir Tim Berners-Lee who, Wizner says, asked for the privilege to ask the first question. Also, Berners-Lee “wanted to thank you. He believes that your actions have been profoundly in the public interest.”
The question from Berners-Lee, as read by Wizner, is this: “If you could design from scratch an accountability system for governance over national security agencies, what would you do? It is clear that intelligence agencies are going to be using the Internet to collect information from all of us. Is there any way we can make oversight more accountable and improved?
To the Tim Berners-Lee question on how to oversee the overseer, Edward Snowden responded:
You know, that is a very interesting question. It is also a very difficult question. Oversight models. These are things that are very complex. They have a lot of moving parts. And when you add in secrecy (and) you add in public oversight, it gets complex.
“.. We have got a good starting point. That is what you have to remember. We have an oversight model that could work. The problem is we overseers aren’t interested in oversight … we’ve got seven intelligence communities, House intelligence communities that are accountable to the NSA instead of holding them accountable.
“… When we have James Clapper, the director of National Intelligence, in front of them and he tells a lie that they all know is a lie … they … have the questions a day in advance … and no one says anything. Allowing all Americans to believe this is an incredible dangerous thing.
“… How do we fix our oversight model? How do we structure the oversight model that works? The key fact is accountability. We can’t have officials like James Clapper who can lie to everyone in the country. Who can lie to the Congress and face, no, not even .. not even a criticism. Not even a strongly worded letter… (And the same thing (applies to) the courts.
“… In the United States we have open courts that are supposed to decide and settle constitutional issues to interpret and apply the law. We also have the FISA court which is a secret rubber stamp court. But (it is) only supposed to approve warrant applications. These happen in secret because you don’t at want people to know that, hey, the government wants to (monitor) you. At the same time a secret court shouldn’t be interpreting the constitution when only NSA’s lawyers are making the case on how it should be viewed. Those are the two primary factors that I think need to change.
“… The other thing is we need public advocates. We need public representatives. We need public oversight. Some way for trusted public figures sort of civil rights champions to advocate for us and protect the structure and make sure it is been fairly applied. We need a watch dog that watches Congress. Something that can tell us hey these guys didn’t tell you that he just lied to you. Because otherwise how do we know? If we are not informed we can’t consent to these policies. And I think that is danger.”
Ben Wizner, takes a stab at answering Tim Berners-Lee’s question now, with a stroke to his guest of honor:
For what it’s worth my answer to Sir Tim is Ed Snowden. Before these disclosures all three branches of our government had gone to sleep on oversight. The courts had thrown cases out as he said, Congress allowed itself to be lied to. The executive branch did no reviews. Since Ed Snowden and since all of us have been read into these programs we are actually seeing reinvigorated oversight. It is the oversight that the constitution had in mind, but sometimes it needs a dusting off. And Ed has been the broom.”
Adds Chris Soghoian:
I just wanted to also note that without Ed’s disclosures many of the tech companies would not have improved their security either at all or at the rate that they did. The PRISM story although there was a lack of clarity initially on what it really said, put the names of billion dollar American companies on the front page of the newspaper and associated them with bulk surveillance. You saw the companies doing everything in their power publicly to distance themselves and also show that they were taking security seriously. You saw companies like Google and Microsoft and Facebook rushing to encrypt their data center to data center encryption. Connections rather. You saw companies like Yahoo finally turning on SSL encryption, Apple fixed a bug in its address book app that allowed Google users’ address books to be transmitted over networks in unencrypted form. Without Ed’s disclosures there wouldn’t have been as much pressure for these tech companies to encrypt their information.”
When people accuse Snowden of wrongdoing in his revealing of secret NSA and FBI e-surveillance programs, such as NSA PRISM, they might not realize that “his disclosures have improved Internet security,” he says, adding:
And the security improvements we have gotten haven’t just protected us from bulk government surveillance. They have protected us from hackers at Starbucks who are monitoring our wifi connections. They have protected us from stalkers and identity thieves and common criminals. These companies should have beene encrypting their information before and they weren’t.”
A Twitter user asks Snowden whether a corporation, such as Microsoft or Google, having all-access to communications is “less bad” than the US government having it.
To this, Edward Snowden responds:
… This is something that has actually been debated. We see people’s opinions – people’s sort of responses to this are evolving, which is good. This is why we need to have these conversations because we don’t know.
“… Right now, my thinking … is … I think the majority’s thinking is that the government has the ability to deprive you of rights. Governments around the world — whether it is the United States government, whether it is the Yemeni government or whether it is Zaire any country — they have police powers, they have military powers, they have intelligence powers they can literally kill you, they can jail you, they can surveil you.
“… Companies can surveil you to sell you products, to sell you information to other companies. That can be bad, but you have legal records. First off, it is typically a voluntary contract. Secondly, you have got court challenges you could use. (But) … if you challenge the government about these things — and the ACLU itself has actually challenged some of these cases — the government throws it out on state secrecy and says you can’t even asked about this. The courts aren’t allowed to tell us whether it is legal or not because we are just going to do it anyway. That’s the difference and it is something we need to watch out for.”
A woman from Spain asks, via the Internet, whether Snowden believes U.S. surveillance systems will empower or encourage other foreign powers to adapt similar systems.
Snowden responds with an emphatic, “Yes,” continuing:
This is actually one of the primary dangers … It is important to remember that American’s benefit profoundly from this. Because again as we discussed we got the most to lose from being hacked. At the same time every citizen in every country has something to lose.
“We all are at risk of unfair, unjustified, unwarranted interference in our private lives. Throughout history we have seen governments sort of repeat the trend where it increased and they get to a point where they have crossed the line. We don’t’ resolve these issues if we allow the NSA to continue unrestrained. Every other government the international community will accept this as a sign, as the green light to do the same. And that is not what we want.”
To another question about how tech companies and consumers can safeguard their data from government watchdogs, Edward Snowden repeats the encryption mantra he has delivered to the SXSW crowd via the ACLU sponsored Google Hangout over the last hour. He says:
The bottom line I have repeated this again and again is that encryption does work. We need to think of encryption not as this sort of arcane black art … (but) as sort of a basic protection it is a defense against the dark arts for the digital realm. This is something we all need to be not only implementing but actively researching and improving on an academic level.
“The grad students of today and tomorrow need to keep today’s threat on online to inform tomorrows. We need all those brilliant Belgian cryptographers to go, All right, we know that these encryption algorithms we are using today work — typically it is the random number generators that are attacked as opposed to the encryption algorithms themselves. So how can we make them (stronger)? How can we test them? (Surveillance problems are) not going to go away tomorrow, but it is the steps we take today (that matter). The moral commitment. The philosophical commitment, the commercial commitment to protect and enforce our liberties through technical standards to allow us to reclaim the open and trusted.”
A woman on Twitter asks Edward Snowden what he suggests the typical computer user should do to get a more secure digital experience?
At this point, the ACLU’s Wizner interrupts and advises Snowden that, “It’s okay if the answer is no.”
There are basic steps … for me there are a couple of key technologies. There is full disk encryption to protect your actual physical computer and devices in case they are seized. Then there are network encryption (standards such as) SSL … you can install a couple of browser plug ins.
“(There is) … NoScript to block Active X attempts in the browser … and Ghostery to block ads and tracking cookies. But there is also TOR … a mixed routing network … that … is very important because it is encrypted from the user through the ISP to the end of sort of a cloud a network of routers that you go through.
“Because of this, your ISP, your communications provider can no longer spy on you by default the way they do now, today, when you go to any website.
“By using TOR you shift their focus to either attacking the TOR cloud itself which is incredible difficult, or to try to monitor the exits from TOR and the entrances to TOR and then try to figure out what fits. And it is very difficult.
“Those basic steps will encrypt your hardware and you encrypt your network communications you are far, far more hardened than the average user – it becomes very difficult for any sort of a mass surveillance. You will still be vulnerable to targeted surveillance. If there is a warrant against you if the NSA is after you they are still going to get you. But (with the current) mass surveillance that is un-targeted and collect-it-all approach you will be much safer.”
Another online question for Snowden ponders whether it isn’t “just a matter of time” for the U.S. government to learn how to break any kind of encryption users and tech companies move up to?
Let’s put it this way. The United States government has assembled a massive investigation team (onto) me personally, into my work with journalists. And the (US government) still (has) no idea … (about) what documents were provided to the journalists, what they have (and) what they don’t have. Because … encryption works.
“Now the only way to get around that is to have a computer that is so massive and so powerful you can work the entire universe into … this decryption machine and … they still might not be able to do it. Or (the US government could conceivably) break into the computer and try to steal … keys and bypass the encryption. That happens today and that happens every day. That is the way around it.
“Now, there are still ways to protect and encrypt data that no one can break. That is by making sure the keys are never exposed. If the key itself can’t be observed the key can’t be stolen. The encryption can’t be (broken).
“And any cryptographer — any mathematician in the world — will tell you that the math is sound … That is going to continue to be the case I think until our understanding of mathematics and physics changes fundamentally.”
Another person online asks Snowden if he thinks it was worth it and risk his liberty and possibly imprisonment in order to reveal information about the NSA PRISM project and other secret programs? Snowden replies that it was, saying:
What I wanted to do was inform the public so (it) could make a decision and provide (its) consent for what we should be doing.
“And the results of these revelations, the results of all the incredible, responsible and careful reporting — and the government never said any single one of these stories have risked a human life — (is) … that the public has benefited, the government has benefited, and every society in the world has benefited.
“We are in a secure place. We have more secure communications. And we are going to have a better sort of civic interaction as a result of understanding what’s being done in our name and what’s being done against us.
“And so when it comes to will I do this again, the answer is: absolutely yes. Regardless of what happens to me, this is something we had the right to know.
“I took an oath to support and defend the Constitution and I saw that the Constitution was violated on a massive scale. The interpretation of the Fourth Amendment has been changed … the interpretation of the Constitution has been changed in secret from no unreasonable search and seizure to, Hey, any seizure is fine, just don’t search it. That is something that the public ought to know about.”
The folks at the Inside Live Blog published a full transcript and video clips on the event. To read the entire Edward Snowden SXSW comments, targeted at the tech community, click here.