Quantcast

«

»

Sep 24 2013

Taking stock of the Snowden revelations

Ever since the Edward Snowden NSA revelations exploded on the scene on June 6, we have been treated to one blockbuster story after another about how the US and UK governments in particular have been spying on practically the entire world and brazenly lying on a grand scale. As far as I know, even though a host of media outlets (The Guardian, Washington Post, Der Spiegel, TV Globo, New York Times, ProPublica) are co-operating in the publication of the 300 and more stories so far, only Snowden, Glenn Greenwald, and Laura Poitras are in possession of the entire dossier and they are being very deliberate in what they release and how.

Chris Elliott, The Guardian‘s ‘reader’s editor’ (a kind of ombudsman), takes stock of where things stand at the moment. He says that while some critics have faulted the newspaper for publishing the materials at all, others fault them for not releasing enough or too slowly. He says that Greenwald and Poitras are being very deliberate about sticking to the guidelines that Snowden gave them as a condition for handing over the materials. As Greenwald himself says:

“We have been extremely careful and cautious the whole time, probably careful to a fault. We have been determined not to unilaterally destroy programmes or put people in danger. Snowden was adamant that we engage in this very careful process. If we didn’t it could render the debate ineffective. If anything, people have been concerned that we have been too much of a gatekeeper.

Elliott says that although some material has been redacted, it is much less than people think and often not for the reasons speculated about.

I put this to James Ball, a member of the reporting team. He said: “We’ve withheld much less than people think we have. Many appear to have the impression we have the details of which chipsets, manufacturers, software products or encryption standards have been compromised, or how. We don’t: as we said in the story, such details are held incredibly tightly, at a security level Snowden did not possess.

“The small number of redactions of the published documents don’t relate to specific manufacturers, standards, or protocols, but some were made to address specific concerns of the NSA in the interest of responsible journalism.

Bell goes on to say that the slowness is because of the need to flesh out and corroborate the sometimes tantalizing clues presented in things like PowerPoint slides.

What Snowden wanted to do was generate a debate on the limits of government encroachment on people’s privacy and he has undoubtedly achieved that.

Greenwald is also convinced that a fire has been lit. He said: “I honestly think it has been so much better than I anticipated even. I have been writing about surveillance and the NSA for a long time, I started writing about this [in] 2005 when I began writing about politics.

“Surveillance doesn’t always resonate with the public, it’s too remote and too abstract. Even in the earliest discussions with Snowden he said, ‘I have no fears other than I am going to unravel my life to talk about this [surveillance] and people won’t care all that much.’

“Obviously it has been completely the opposite. There has been a sustained anger not just in the USA but around the world. There is a proper debate about the value of privacy and internet freedom and the dangers of state secrecy. This is exactly the issue I would wish to promote as a journalist, it is beyond my wildest dreams.”

As a result of the revelations, people are becoming more aware of the need to take steps to prevent the NSA from having this kind of broad access to people’s private information. The US has been revealed to be an untrustworthy custodian of the internet and some companies are now warning customers to avoid using encryption software that relies on mathematical techniques developed by the NSA.

A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA).

RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product.

The abrupt warning is the latest fallout from the huge intelligence disclosures by the whistleblower Edward Snowden about the extent of surveillance and the debasement of encryption by the NSA.

The president of Brazil, a nation where the revelations have generated much anger, is expected to bring the issue up at the United Nations General Assembly this month. [UPDATE: Boy, did she ever: "Brazil's president, Dilma Rousseff, launched a blistering attack on US espionage at the UN general assembly, accusing the NSA of violating international law by its indiscriminate collection of personal information of Brazilian citizens and economic espionage targeted on the country's strategic industries."]

Furthermore there has been an increased interest in how encryption works and finding new ways to make your communications more secure. Of course, what the government does is mainly cheat, by getting the manufacturers of hardware and software to give them backdoor access so that they do not have to do all the stuff that requires real cleverness, like finding ways to break codes. This is why these revelations are so useful. Companies are now under greater scrutiny to not give this kind of secret access to the government while promising confidentiality to their customers.

Snowden and the journalists who are publishing these stories have done us all a great service.

2 comments

  1. 1
  2. 2
    Marcus Ranum

    RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product.

    This is presumably the licensed BSAFE implementation of the RSA key exchange, which was used widely for implementing SSL. Indeed, since RSA had a block of patents covering public key, many organizations licensed the RSA version because they were concerned about patent lawsuits. Neat, huh? The government went to where there was a single rent-charging gatekeeper then corrupted the gatekeeper. Your tax dollars at work.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite="" class=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>