Edward Snowden has mobilized the Tech and UX communities to improve and to rescue the Internet. This is a watershed event. It’s an irresistible and catalyzing challenge that I believe WILL produce results. This week, Snowden threw down a gauntlet: Save the Internet by designing easy-to-use end-to-end encryption.
I believe this challenge will not go unheeded. I expect thousands of motivated user experience professionals and cryptographers to partner in creating the next generation of communications tools for the Internet and for mobile devices. These tools will not only be more secure; they will also be easy to use. Today, if you want to keep from being surveilled, you have to become a techno-weenie. That’s not right, according to Snowden. We should all have the right to be protected against unlawful seizure and search.
Edward Snowden is, of course, the most famous whistle blower in history. He leaked documents from the NSA to Laura Poitras and Glenn Greenwald, documents which have proved that the U.S. “domestic” security agency has been collecting, seizing, storing, and analyzing all the email and phone traffic that takes place on the Internet. Snowden spoke at an ACLU-sponsored event at the South by Southwest SXSW Interactive conference in Austin, Texas on March 10th via Google+ video link through seven Internet proxies. You can watch the conversation between Ben Wizner and Chris Soghoian of the ACLU and Ed Snowden here:
I listened carefully to the conversation, focusing primarily on what Ed Snowden had to say. What follows is my distillation (with slight rearrangements) of a portion of Edward Snowden’s remarks.
What’s the Problem?
Edward Snowden isn’t against spying. He’s against violating the constitution through mass surveillance. In his comments at SXSW, he explained:
Mass Surveillance Is Unconstitutional and It Doesn’t Work
Edward Snowden: “The reality is that now, we have reached a point where the majority of Americans' telephone communications are being recorded. We’ve got all this metadata that's being stored for years and years and years. Too many White House investigations have found it has no value at all. It's never helped us. Beyond that, we've got to think about what are we doing with those resources? What are we getting out of it?”
“As I said in my European Parliament testimony, we’ve actually had tremendous intelligence failures because we're monitoring the [entire] internet. We're monitoring everybody's communications instead of suspects' communications. That lack of focus has caused us to miss leads that we should have had, Tamerlan Tsarnaev of the Boston bombers. The Russians had warned us about it but we did a very poor effort investigating. We had people looking at other things. If we hadn't spent so much on mass surveillance, if we followed the traditional models, we might have caught that. Umar Farouk Abdulmutallab, the underwear bomber, same thing. His father walked into a US embassy, he went to a CIA officer, he said, ‘My son is dangerous. Don't let him go to your country. Get him help.’ We didn't follow up. We didn't actually investigate this guy. We didn't dedicate a team to figure out what was going on because we [spent] all this money, we spent all of this time, hacking into Google and Facebook's back ends to look at their data center communications. What did we get out of it? We got nothing and two White House investigations that confirmed that.”
Internet Surveillance Is Damaging the Economy
Edward Snowden: “So much of our country’s economic success is based on our intellectual property. It's based on our ability to create, share, communicate, and compete…. we rely on the ability to trust our communications. Without that, we don't have anything. Our economy cannot succeed.”
CALL TO ACTION: Design Easy-to-Use End-to-End Encryption
Edward Snowden: “The people who are in the room at Austin right now, they're the folks who can really fix things. Who can enforce our rights through technical standards even when Congress hasn't yet gotten to the point of creating legislation to protect our rights in the same manner? When we think about what's happened with the NSA in the last decade, in the post 9/11 era... the result has been an adversarial internet--a sort of global free fire zone for governments--that's nothing that we ever asked for. It's not what we wanted. It's something we need to protect against.”
“When we think about the policies that have been advanced... an erosion of fourth amendment protections, the proactive seizure of communications, there's a policy response that needs to occur.”
“There's also a technical response that needs to occur. It's the makers, it's the thinkers, it's the development community that can really craft those solutions and make sure we are safe. The NSA--the sort of global mass surveillance that's prying at all of these countries, not just the US, and it's important to remember that this is a global issue--they're setting fire to the future of the internet. The people who are in this room now, you guys, are all the firefighters. We need you to help us fix this.”
TECHNICAL SOLUTION: End-to-End Encryption
Edward Snowden: “By doing end-to-end encryption, you force what are called threat model global passive adversaries to go through... individual computers. The result of that is a more constitutional, more carefully overseen sort of intelligence-gathering model, law enforcement model, where if they want to gather somebody's communications, they'd have to target them specifically. They can't just target everybody all the time and then when they want to read your stuff, they go back in a time machine and they say, ‘What did they say in 2006?’ They can't pitch exploits in every computer in the world without getting caught. That's the value of end-to-end encryption. And that's what we need to be thinking about. We need to say: ‘How can we enforce these protections in a simple, cheap, and effective way that's invisible to users?’ I think that's the way to do it.”
“The bottom line, and I've repeated this again and again, is that encryption does work. We need to think about encryption not as this sort of arcane black art, but as sort of a basic protection. It's the defense against the dark arts of the digital world. This is something we all need to be implemented…. You encrypt your hardware and you encrypt your network communication. You're far, far more hardened than the average user. It becomes very difficult for any sort of a mass surveillance to be applied to you. You'll still be vulnerable to some targeted surveillance. If there's a warrant against you, if the NSA is after you, they're still going to get you. [But] you'll be much safer [from] mass surveillance, this untargeted collect it all approach.”
“Encryption technology, even if imperfect, has the potential to raise the cost of surveillance to the point that it no longer becomes economically feasible for the government to spy on everyone.”
“It's the steps that we take today, it's the moral commitment, the philosophical commitment, the commercial commitment to protect and enforce our liberties through technical standards that's going to take us through tomorrow and allow us to reclaim the open and trusted Internet.”
Chris Soghoian: You're addressing an audience that includes a lot of young technologists. Is there a call to arms for people to make this stuff more usable so that not only technologists can use it?
Edward Snowden: “There is. I think we're actually seeing a lot of progress being made here. Whisper Systems, the sort of Moxie Marlinspike of the world, are focusing on new user experiences, new UI’s. Basically ways for us to interact with cryptographic tools, which is the way it should be, where it happens invisible to the user, where it happens by default. We want secure services that aren't opt in.”
“It's got to pass the Glenn Greenwald test. If any journalist in the world gets an e-mail from somebody saying, ‘Hey, I have something that the public might want to know about’ they need to be able to open it. They need to be able to access that information. They need to be able to have those communications whether they're a journalist, an activist, or it could be your grandma. This is something that people have to be able to access. The way we interact with it right now is not good. If you have to go to the command line, people aren't going to use it. If you have to go three menus deep, people aren't going to use it. It has to be out there. It has to have it automatically. It has to happen seamlessly.”
Why is it less bad if big corporations get access to our information instead of the government?
Edward Snowden: “Right now my thinking, and I believe the majority's thinking, is that the government has the ability to deprive you of rights. Governments around the world, whether it's the United Stated Government, whether it's the Yemeni government, whether it's Zaire, any country, they have police powers, they have military powers, they have intelligence powers. They can literally kill you. They can jail you. They can surveil you.”
“Companies can surveil you to sell you products, to sell your information to other companies, and that can be bad but you have legal recourse. First off, it's typically a voluntary contract. Secondly, you've got court challenges you use. If you challenge the government about these things, and the ACLU itself has actually challenged some of these cases, the government throws barriers up and says, ‘You can't even ask about this. The courts aren't allowed to tell us whether this is legal or not because we're just going to do it anyway.’ That's the difference and it's something we need to watch out for.”
Do you think the U.S. surveillance systems might encourage other countries to do the same?
Edward Snowden: “Yes. This is actually one of the primary dangers, not just of the NSA's activities, but in not addressing and resolving these issues. It's important to remember…. that Americans have the most to lose from being hacked. At the same time, every citizen in every country has something to lose. We all are at risk of unfair, unjustified, unwarranted interference in our private lives. Throughout history, we've seen governments … repeat the trend where it increases and it gets to a point where they crossed the line. If we don't resolve these issues, if we allow the NSA to continue unrestrained, every other government, the international community, will accept that sort of as the green light to do the same. That's not what we want.”
In your early interviews with Glenn Greenwald and Laura Poitras, you said that your biggest fear was that there would be little or no reaction to these disclosures. Where you sit now, how satisfied are you with the global debate that you helped to launch and do you feel that it was worth the price that you paid in order to bring us to this moment?
Edward Snowden: “One of the things that I told Bart Gellman was when I came public with this, it wasn't so I could single handedly change the government, tell them what to do… What I wanted to do was inform the public so they could make a decision, they could provide the consent for what we should be doing. The results of these revelations, the results of all the incredibly responsible, careful reporting (that, by the way has been coordinated with the government. The government's never said any single one of these stories have risked a human life). The result is that the public has benefitted.”
“The government has benefitted. Every society in the world has benefitted. We live in a more secure place, we have more secure communications, and we're going to have a better civic interaction as a result of understanding what's being done in our name. …. When it comes to ‘Would I do this again?’ the answer is ‘absolutely yes.’ Regardless of what happens to me, this is something we had a right to. I took an oath to support and defend the constitution and I saw that the constitution as violated on a massive scale. The interpretation of the fourth amendment had been changed in secret from ‘no unreasonable search and seizure’ to ‘Any seizure is fine, just don't search it.’ That's something the public ought to know about.”
Your Mission: Design Easy-to-Use End-to-End Encryption
I will be shocked and dismayed if Snowden’s Call To Action doesn’t yield good results, and reasonably soon. I expect that both usability experts and security experts will rise to this challenge and join together to save the Internet. We’ll be watching and monitoring and reporting on the progress of end-to-end encryption solutions that are simple and easy to use for both business people and consumers. Edward Snowden gave up his life, his country, and his freedom. The least we can do is to make end-to-end encryption much easier for everyone to use. We won’t be endangering our national security. Anyone suspected of evil intent will still be able to be monitored by the NSA or other spy agencies with a warrant. But mass surveillance of innocent people will stop because it won’t be practical or economic.