Glenn Greenwald gave the keynote address via Skype at the 30th Chaos Communications Congress (30C3) on December 27, 2013 in Hamburg. It is a great speech. His talk begins around the 5:00 minute mark and ends at the 46:00 minute mark followed by a Q&A. (Here is a transcript of just the talk.) It is well worth watching and/or reading the whole thing (including the Q&A).
In response to a question, he says that there is a whole lot more information to come, which must be giving the US and UK governments the heebie-jeebies.
I want to excerpt just his final words where he gives the reasons for this massive spying operation, a conclusion with which I totally agree.
And that is, and I say this without the slightest bit of hyperbole or melodrama, it’s not metaphorical and it’s not figurative, it is literally true, that the goal of the NSA, and its Five Eyes partners in the English-speaking world: Canada, New Zealand, Australia and especially the UK, is to eliminate privacy globally. To ensure that there can be no human communications that occur electronically, that evades their surveillance network.
They want to make sure that all forms of human communication, by telephone or by Internet, and all online activities, are collected, monitored, stored, and analyzed by that agency, and by their allies. That means that to describe that is to describe a ubiquitous surveillance state. You don’t need hyperbole to make that point, and you don’t need to believe me when I say that that’s their goal. Document after document within the archive that Edward Snowden provided us declare that to be their goal. They are obsessed with searching out any small little crevice on the planet where some form of communication might take place without their being able to invade it.
One of the stories that we’re working on now (I used to get in trouble when I was at The Guardian for previewing my stories, I’m not at The Guardian anymore so I’m going to do it anyway), is: the NSA and the GCHQ are being driven crazy by the idea that you can go on an airplane and use certain cellphone devices or Internet services and be away from their prying eyes for a few hours at a time. They are obsessed with finding ways to invade the systems of online, onboard Internet services and mobile phone services. The very idea that human beings can communicate, even for a few moments, without them being able to collect, and store, analyze, and monitor what it is that we’re saying, is simply intolerable. That is their institutional mandate.
And when I get asked questions, when I do interviews in different countries, well, “Why would they want to spy on this official?” Or, “Why would they want to spy on Sweden?” Or, “Why would they want to target this company here?” The premise of that question is really flawed. The premise of the question is that the NSA and the GCHQ need a specific reason to target somebody for surveillance. That is not how they think. They target every form of communication that they can possibly get their hands on. And if you think about what individual privacy does for us, as human beings, let alone what it does for us on a political level, that it really is the thing that lets us explore boundaries and engage in creativity, and use the mechanisms of dissent without fear. When you think about the world in which privacy is allowed to be eliminated, you’re really talking about eliminating everything that makes it valuable to be a free individual.
The surveillance state, by its necessity, by its very existence, breeds conformity, because when human beings know that they’re always susceptible to being watched, even if they’re not always being watched, the choices that they make are far more constrained, are far more limited, cling far more closely to orthodoxy, than when they can act in the private realm, and that’s precisely why the NSA and GCHQ, and the world’s most powerful [inaudible] throughout history now, always as their first goal, have the elimination of privacy at the top of their list, because it’s what ensures that human beings can no longer resist the decrees that they’re issuing.
Big Brother is here and we need to fight back.
He says that the way to do that is for as many of us as possible to start encrypting our electronic communications, using state-of-the art software.
Alternatively if everybody included phrases like ‘I love Al-Qaeda’ or ‘Let’s blow up the Queen*’ we’d drive the bastards mad.
___________
*Of course I mean an inflatable one!!
Alternatively if everybody included phrases like ‘I love Al-Qaeda’ or ‘Let’s blow up the Queen*’ we’d drive the bastards mad.
That’s easy for them to filter out. What you really need to do (I am not sure I want to do this!) is start emailing to people from jihadi websites and getting replies. If everyone got a jihadi pen-pal that would fuck them up like crazy.
Mano writes:
state-of-the art software.
That doesn’t and won’t work. They compromise it as it’s being written, like they did with SSL. Some of us (there was a paper by Carl Ellison and me at the rump session of Crypto 91 where we described this…) figured out a long time ago that the key do dealing with this stuff is diversity. Sure, that cuts down on interoperability but basically the answer is to let 10,000 encrypted blacknets bloom. People should build blacknets just for fun then use them to play rotisserie baseball -- let the NSA invest time cracking in and discover nothing useful. The state of the art software -- from Apple, Microsoft, Oracle, yadda yadda yadda -- it’s all backdoored.
And by “backdoored” I don’t mean anything unsubtle. It’s just got a few programming oversights in it. Oversights that weaken it juuuuust enough.
SSL was originally a bidirectional authentication system that used public keys that you exchanged with the server. Then mysteriously, the bidirectional part got left out. Most of us assumed that it was just that RSA was rent-collecting (they only cared to spin off their certificate issuing company and make a ton of dough) but it appears to have been more complicated than that. There has been great silence about Verisign during this entire process. I don’t wonder why.
I really don’t understand the whole “Troll the NSA” kind of thing. Seriously, their system already is going to have hundreds, thousands, probably millions of false alarms and such already simply by its design. Trying to intentionally sabotage it, putting any effort into such a scheme, is pointless only because it would be like pissing into an ocean of piss.
Marcus Ranum wrote:
What is that, client certificates? That’s still in SSL/TLS, but it’s not used often. It’s probably more trouble than it’s worth to explain to people that they need to obtain and carry around a certificate before they can log into a site. The only place I’ve seen use it is startssl.com.
snailmail looks better and better. altho they’ve probably figured out how to scan the letter from outside the envelope.
doublereed, you never stood on a high sea-cliff? 😀