With an image of the U.S. Constitution as his background, NSA whistleblower Edward Snowden beamed in through a choppy Google Hangouts video feed to call on the technologists at the 2014 South by Southwest Interactive Festival in Austin, Texas, to help “fix” the problem of mass government surveillance through easy-to-use encryption technology.
“I would say South by Southwest and the technology community – the people who are in Austin right now – they’re the folks who can really fix things, who can enforce our rights through technical standards even when Congress hasn’t yet gotten to the point of creating legislation to protect our rights in the same manner,” said Snowden in his opening remarks.
He added that, in addition to a “policy response” to mass surveillance activities, “there’s also a technical response. And it’s the makers, it’s the thinkers, it’s the development community that can really crack those solutions to make sure we’re safe.”
“You guys who are in the room now are all the firefighters,” he said. “And we need you to help fix this.”
“The bottom line … is that encryption does work.”
The hour-long event was hosted by Ben Wizner, director of the ACLU Speech, Privacy & Technology Project and Snowden’s attorney. ACLU Principal Technologist Chris Soghoian was also on stage to offer his own explanations for what the problems are with mass surveillance, and what needs to be done to fix them.
Soghoian said the lack of consideration for security and other encryption by developers is what has allowed widespread government surveillance to occur.
“We need to make services secure out of the box,” said Soghoian. “And that’s going to require a re-think by developers – it’s going to require that developers think about security early on, rather than later on down the road.”
Soghoian went on to add that, since the disclosures by Snowden, major technology companies have greatly improved their security offerings. Within the past eight months, for example, both Google and Yahoo have increased their use of SSL encryption by default for users. Despite these improvements, said Soghoian, the additional security still allows these companies to collect user data, which in turn allows the government to obtain user data from the companies – something that is not likely to change thanks to their advertising-based business models that rely on users’ information.
“The irony that we’re using Google Hangouts to talk to Snowden has not been lost on me or our team here,” Soghoian said to applause. He also indicated that the video feed had been routed through “several” proxy servers for security purposes (Wizner earlier indicated the exact number was seven, a possible allusion to this meme), which led to the poor quality of the video stream.
“This in fact I think reflects the state of play for many services,” said Soghoian. “You have to choose between a service that’s easy to use, reliable, and polished, or a tool that is highly secure and impossible for the average person to use.”
Snowden said he thinks we’re seeing “a lot of progress” in terms of more accessible products with encryption at the forefront, but agreed that we far more work needs to be done. By enabling more people to use encrypted communications, he said, it will simply become too expensive for the NSA and other government agencies to conduct mass surveillance at current levels.
“The bottom line … is that encryption does work,” said Snowden, shooting down rumors that the NSA had cracked popular encryption standards. Still, he said, more advancement needs to be made to improve the encryption standards we have available.
At the end of the event, Snowden said that he believes his disclosures have allowed the public to engage in a meaningful debate about privacy protections, and said he does not regret leaking classified information to the press.
“When it comes to the question, would I do this again? The answer is yes,” said Snowden. “Regardless of what happens to me, this is something we have the right to know.”