Edward Snowden was interviewed live yesterday at the SXSW festival in Austin, Texas before a crowd of over three thousand. The moderator was his ACLU attorney Ben Wizner and Chris Soghoian who is the principal technologist for the ACLU was also part of the panel. The event lasted an hour. You can read a live blog of the session or watch it below.
I watched the interview as it was live streamed. Snowden’s appearance was via seven proxies to foil the NSA tracking system from locating him and the end result was that the video feed kept freezing up although the sound was mostly intact.
Much of the discussion involved what to do about privacy and security. In response to a question from Wizner as to how he was so confident the data he took is still secure, Snowden replied that “The Unites States government has assembled a massive investigation team into me personally, into my work with the journalists, and they still have no idea what documents were provided to the journalists what they have, what they don’t have, because encryption works. ” Snowden said that currently available encryption systems at the highest level are powerful enough that they cannot be broken even by the NSA.
But as Soghoian pointed out, that kind of encryption is outside the range of skills of ordinary people and they are not going to go to the trouble of installing PGP or using Tor to secure their data. A new phrase the ‘Greenwald test’ has entered the lexicon and was used repeatedly during the interview and refers to the fact that Snowden had a hard time initially getting his chosen conduit for release (Glenn Greenwald) to learn and use the encryption technology at the level necessary to keep their conversations secure. Snowden said that we need to create a level of security that is powerful enough to foil those seeking to spy on us and yet easy enough to use that at least journalists are able to use it.
(In his own later livestreamed appearance at SXSW before another packed audience, Greenwald joked that he had seen the entire Snowden interview “Including the part where he very generously held me up as the face of journalistic ineptitude, when it comes to technological challenges.” Julian Assange also spoke at the festival and promised the release of more information soon though he did not give any details.)
Snowden and Soghoian said that we will have to depend upon the companies that create browsers, social media platforms, and other internet software to incorporate high-enough quality security measures into their systems as the default option so that it is pretty much invisible to the end user. If they do that, then the sweeping up of everyone’s data that leads to all manner of abuses can be stopped. People may not be able to evade targeted snooping by the government unless they choose to go even further on their own but that kind of targeting, if backed by judicial search warrants, is part of regular law enforcement and few are suggesting that governments be denied even that capability. Properly supervised and monitored and constitutional searches are not the real problem. As Snowden said, the Fourth Amendment prohibits “unreasonable searches and seizures” and the security agencies are currently seizing everyone’s personal data even if they are not searching all of it. He further said that the built-in security systems should be such that it is becomes too costly for the government to conduct mass surveillance.
As Soghoian said, it is thanks to Snowden that the big companies are tightening up their security systems at all, largely due to the avalanche of negative publicity that the releases have generated that seemed to show their collusion with the government. For example, in another SXSW talk, Google CEO Eric Schmidt said that “the [Snowden] material alerted his company to the fact the U.S. government was intercepting data from Google’s servers” and that as a result “the company has since enhanced its encryption and is “pretty sure” the government can’t access the data.” Still, he said that “the company must comply with court orders for information.”
The crowd seemed overwhelmingly favorable to Snowden and seemed to respond positively when, according to this NPR report, he “told the assembled technologists in Austin that they should start building end-to-end encryption into all their products. He called it the defense against the dark arts of mass surveillance.” Soghoian said that the systems people who implement security at these companies are really ticked off that the government, using the National Institute of Standards and Technology (NIST), deliberately weakened the encryption standards in order to give the NSA and GCHQ easier access.
One thing that is becoming increasingly clear is that a key sector of the tech world, those who are systems administrators and in similar positions who are the most knowledgeable about security, are largely supportive of what Snowden did. This was also apparent in the way that attendees at the earlier 30C3 conference in Germany reacted to the fascinating talk by Jacob Appelbaum titled To Protect and Infect: The Militarization of the Internet and to the session that Appelbaum moderated in which Julian Assange spoke and at which Sarah Harrison also made an appearance. Assange called on audience to infiltrate the system and expose information from within. The large audience consisting of systems administrators responded enthusiastically to their call to join in combating government spying.
I was glad to see Harrison get a massive ovation when she appeared on stage at 30C3. She is a little-known journalist who works for WikiLeaks and has played a huge role, being the person who flew with Snowden to Russia and helped negotiate his stay there and thus saved him from a life in prison. For her efforts, she cannot now return to her native UK because she will be arrested. In her talk, she said something that I was unaware of, that due to the public outcry, MasterCard and PayPal had retracted their earlier bans on sending money to WikiLeaks.
All this support for Snowden and WikiLeaks must worry the NSA because they too desperately need the tech savvy young people to do their work. If such people cannot be trusted to swear unswerving loyalty to the interests of the national security state, then the NSA is destined to suffer from one serious exposure after another because the number of Snowden emulators will be endless.