In his keynote talk at the 30th Chaos Communications Congress (30C3) conference last month to an audience that consisted to a large extent of computer professionals and systems administrators, Glenn Greenwald talked about how the US government’s spying apparatus can, must, and will be foiled.
He said that it is important to be clear about the form the answer takes to the question of whether the spying apparatus of the governments of the US and UK and the others in the so-called “Five Eyes” club will be countered.
Typically, when people think the answer to that question is yes, the thing that they cite most commonly is probably the least significant, which is that there’s going to be some kind of debate, and our representatives in democratic government are going to respond to our debate, and they’re going to impose limits with legislative reform.
None of that is likely to happen. The US government and its allies are not going to voluntarily restrict their own surveillance powers in any meaningful way. In fact, the tactic of the US government that we see over and over, that we’ve seen historically, is to do the very opposite, which is that when they get caught doing something that brings them disrepute and causes scandal and concern, they’re very adept at pretending to reform themselves through symbolic gestures, while at the same time, doing very little other than placating citizen anger and often increasing their own powers that created the scandal in the first place.
He pointed to all the so-called reforms of the past, including the latest one advocated by the advisory panel convened by president Obama, as examples of this kind of subterfuge. He says that the future lies elsewhere.
It’s much more possible that other countries around the world who are truly indignant about the breaches of their privacy security will band together and create alternatives, either in terms of infrastructure, or legal regimes that will prevent the United States from exercising hegemony over the Internet or make the cost of doing so far too high. I think, even more promising is the fact that large private corporations, Internet companies and others will start finally paying a price for their collaboration with this spying regime.
We’ve seen that already, when they’ve been dragged into the light, and finally now are forced to account for what it is that they’re doing, and to realize that their economic interests are imperiled by the spying system, exercising their unparalleled power to demand that it be reined in. I think that all of those things are very possible as serious constraints on the surveillance state.
But I ultimately think that where the greatest hope lies is with the people in this room and the skills that all of you possess. The privacy technologies that have already been developed: the Tor Browser, PGP, OTR, and a variety of other products are making real inroads in preventing the US government and its allies from invading the sanctity of our communications.
None of them is perfect. None of them is invulnerable, but they all pose a serious obstacle to the US government’s ability to continue to destroy our privacy. And ultimately, the battle over Internet freedom, the question of whether or not the Internet will really be this tool of liberation and democratization and whether it’ll become the worst tool of human oppression in all of human history will be fought out, I think, primarily, on the technological battlefield.
The NSA and the US government certainly knows that. That’s why Keith Alexander gets dressed up in his little costumes, his dad jeans and his edgy black shirt and goes to hacker conferences.
We have seen that the NSA and GCHQ, while undoubtedly having the means to buy the most sophisticated equipment and hire large numbers of highly skilled people, cannot really defeat good encryption methods. For example, even though they seized David Miranda’s computer and thumb drives, the material was so heavily encrypted that they have not yet been able to access it even though you can be sure they have thrown everything at it because their ignorance of the extent of how much Edward Snowden took makes them vulnerable to being blindsided. In fact, as Greenwald repeatedly points out in interviews, he and his colleagues have proven themselves to be more secure in their handling of sensitive information than the US and UK governments.
Much of the success of the governments has been due to cheating rather than cleverness, by getting the NIST to weaken encryption standards, by colluding with internet companies to install backdoor access points to people’s communications systems, and exploiting weakness in transmission lines.
These weaknesses can be overcome if the big telecommunications companies make a concerted effort to do so and this is where the action is going to be in the coming years, with private companies in the US and UK being torn between their willingness to be agents of the governments in exchange for favors while dreading the wrath of their customers.
But it also requires all of us to start encrypting our computers and communications. One thing that I hope will happen is the increased availability, usability, and ubiquity of highly advanced, yet easy-to-use, encryption systems.
I personally feel embarrassed that for all my yelling about government spying, I do not encrypt my computer or communications. The reason is frankly ignorance of how to do it and what are the best and most convenient ways to do so. I know this weighs heavily on my mind because a few nights ago I dreamed that my laptop was stolen and in my dream I said to myself, “Damn! I wish I had encrypted the hard drive.”
Any suggestions from the savvy readers of this blog? If people can point me to a good tutorial on this topic, that would be greatly appreciated.