This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.theguardian.com/commentisfree/2014/mar/11/snowden-nsa-fire-sxsw-silicon-valley-security
The article has changed 4 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Snowden told me the NSA set fire to the web. Silicon Valley needs to put it out | Snowden told me the NSA set fire to the web. Silicon Valley needs to put it out |
| (34 minutes later) | |
| “You are the | “You are the |
| firefighters,” National Security Agency whistleblower Edward Snowden told a tech savvy audience here yesterday, during my conversation with him at the SXSW festival. “The people in Austin are | firefighters,” National Security Agency whistleblower Edward Snowden told a tech savvy audience here yesterday, during my conversation with him at the SXSW festival. “The people in Austin are |
| the ones who can protect our rights through technical standards.” | the ones who can protect our rights through technical standards.” |
| Ed’s comments were a | Ed’s comments were a |
| call to arms for the tech community to protect its users from indiscriminate | call to arms for the tech community to protect its users from indiscriminate |
| mass surveillance by the NSA and the insecurity it creates. Despite the | mass surveillance by the NSA and the insecurity it creates. Despite the |
| talk from Washington DC regarding cybersecurity threats – and you’ll hear more of it today during a confirmation hearing for the would-be next head of the NSA – it is | talk from Washington DC regarding cybersecurity threats – and you’ll hear more of it today during a confirmation hearing for the would-be next head of the NSA – it is |
| now clear that the NSA’s mass surveillance efforts are not meant for good. Whether | now clear that the NSA’s mass surveillance efforts are not meant for good. Whether |
| it’s systematically undermining global encryption standards, hacking communications companies’ servers and data | it’s systematically undermining global encryption standards, hacking communications companies’ servers and data |
| links or exploiting so-called zero-day vulnerabilities, the nation’s cyberspies are | links or exploiting so-called zero-day vulnerabilities, the nation’s cyberspies are |
| focused on attacking online privacy and weakening the security of systems that | focused on attacking online privacy and weakening the security of systems that |
| we all trust. | we all trust. |
| Forget all the | Forget all the |
| government rhetoric on cybersecurity: the NSA simply isn’t here to make the | government rhetoric on cybersecurity: the NSA simply isn’t here to make the |
| Internet more secure. But that doesn’t mean the agency has to win. The global | Internet more secure. But that doesn’t mean the agency has to win. The global |
| tech community can fight back, if developers ramp up efforts to build privacy | tech community can fight back, if developers ramp up efforts to build privacy |
| and security into their products. By zeroing in on practical steps Ed and I discussed | and security into their products. By zeroing in on practical steps Ed and I discussed |
| in our conversation here, we can build a more open, free | in our conversation here, we can build a more open, free |
| and secure Internet. | and secure Internet. |
| Unfortunately, for far | Unfortunately, for far |
| too long, security has been an afterthought. Even for a lot of my fellow geeks | too long, security has been an afterthought. Even for a lot of my fellow geeks |
| here at SXSW. | here at SXSW. |
| Until recently, many of | Until recently, many of |
| the free email and social networking services used by consumers failed to integrate | the free email and social networking services used by consumers failed to integrate |
| the most basic of encryption technology. That made the NSA’s job far too easy, so | the most basic of encryption technology. That made the NSA’s job far too easy, so |
| the real challenge for the NSA often became processing all of the intercepted | the real challenge for the NSA often became processing all of the intercepted |
| communications data, rather than grabbing it in the first place. | communications data, rather than grabbing it in the first place. |
| Right now, the most | Right now, the most |
| widely used communications tools and services – the ones we use to do business, | widely used communications tools and services – the ones we use to do business, |
| have fun and connect with those we love – fail to deliver the reasonable and | have fun and connect with those we love – fail to deliver the reasonable and |
| realizable trifecta of privacy, security and simplicity. As a result, people | realizable trifecta of privacy, security and simplicity. As a result, people |
| are forced to choose between technology that’s incredibly intuitive but | are forced to choose between technology that’s incredibly intuitive but |
| fundamentally weak on privacy (such as Google’s Chrome browser and Android | fundamentally weak on privacy (such as Google’s Chrome browser and Android |
| operating systems) and technology (like PGP email encryption and Tor) that | operating systems) and technology (like PGP email encryption and Tor) that |
| remains far too difficult for the average person to use … even if those tools | remains far too difficult for the average person to use … even if those tools |
| do a much better job of protecting | do a much better job of protecting |
| private data. | private data. |
| Nine months after | Nine months after |
| Snowden’s documents leaked in these pages, though, the standards and practices | Snowden’s documents leaked in these pages, though, the standards and practices |
| of everyday security are truly beginning to change. Over the past few years, | of everyday security are truly beginning to change. Over the past few years, |
| and even more so after Ed’s revelations, Silicon Valley companies have begun to enable – by default – basic security | and even more so after Ed’s revelations, Silicon Valley companies have begun to enable – by default – basic security |
| features, such as the use of HTTPS encryption to protect data as it is transmitted | features, such as the use of HTTPS encryption to protect data as it is transmitted |
| from their customers’ to the companies’ servers. While HTTPS encryption by | from their customers’ to the companies’ servers. While HTTPS encryption by |
| default is a great start, isn’t enough. The tech companies must offer apps and | default is a great start, isn’t enough. The tech companies must offer apps and |
| services that are safe and secure by default. | services that are safe and secure by default. |
| 1. Disable | 1. Disable |
| data, all the way | data, all the way |
| Far too often, security is an opt-in feature | Far too often, security is an opt-in feature |
| that few regular people will even know about, much less seek out and enable. | that few regular people will even know about, much less seek out and enable. |
| In addition, big tech | In addition, big tech |
| companies need to embrace end-to-end encryption technology. That is, they need to lock their products down, so they | companies need to embrace end-to-end encryption technology. That is, they need to lock their products down, so they |
| won’t be able to see their customers’ data. This kind of encryption technology, | won’t be able to see their customers’ data. This kind of encryption technology, |
| if deployed by several major service providers, will significantly thwart the | if deployed by several major service providers, will significantly thwart the |
| ability of intelligence agencies, in the US and elsewhere, to engage in bulk | ability of intelligence agencies, in the US and elsewhere, to engage in bulk |
| surveillance. The more communications and data are encrypted, the less tenable | surveillance. The more communications and data are encrypted, the less tenable |
| mass surveillance becomes. | mass surveillance becomes. |
| It comes down to simple | It comes down to simple |
| economics, really: if the NSA has to spend more time finding a way to break or | economics, really: if the NSA has to spend more time finding a way to break or |
| otherwise circumvent encrypted communications, it will be forced to do what it | otherwise circumvent encrypted communications, it will be forced to do what it |
| should have done all along – use its extraordinary powers on high-value | should have done all along – use its extraordinary powers on high-value |
| targets, rather than the hundreds of millions of innocent people currently | targets, rather than the hundreds of millions of innocent people currently |
| subject to NSA surveillance. If you question the power of encryption, consider | subject to NSA surveillance. If you question the power of encryption, consider |
| this: the US government still doesn’t know what documents Ed took, because he | this: the US government still doesn’t know what documents Ed took, because he |
| encrypted everything. | encrypted everything. |
| 2. Limit | 2. Limit |
| collection, move up storage deadlines | collection, move up storage deadlines |
| As Ed stressed, tech companies | As Ed stressed, tech companies |
| can also begin to limit the data they collect from their customers and only | can also begin to limit the data they collect from their customers and only |
| store it for as long as it’s needed for genuine business purposes – and not one | store it for as long as it’s needed for genuine business purposes – and not one |
| second longer. The impact of the government’s ability to demand data from companies like Google and Facebook is | second longer. The impact of the government’s ability to demand data from companies like Google and Facebook is |
| amplified because these tech companies collect and store everything. If the | amplified because these tech companies collect and store everything. If the |
| companies don’t have the data that the US government and other governments are | companies don’t have the data that the US government and other governments are |
| seeking, they cannot be legally compelled to hand over what no longer exists or | seeking, they cannot be legally compelled to hand over what no longer exists or |
| never existed in the first place. | never existed in the first place. |
| The problem, however, is | The problem, however, is |
| a fundamental conflict of interest between the business model of so many tech | a fundamental conflict of interest between the business model of so many tech |
| giants – the collection, storage and monetization of your data – and your | giants – the collection, storage and monetization of your data – and your |
| privacy and security. | privacy and security. |
| This is where the | This is where the |
| average Internet user can make a difference. Right now, the digital services up | average Internet user can make a difference. Right now, the digital services up |
| on which we all rely for swift communications and easy web browsing are largely | on which we all rely for swift communications and easy web browsing are largely |
| reliant on advertising dollars. They sell the data you generate to third | reliant on advertising dollars. They sell the data you generate to third |
| parties, or use it to deliver targeted advertisements for those third parties. Entire | parties, or use it to deliver targeted advertisements for those third parties. Entire |
| businesses are devoted to collecting, analyzing and then monetizing whatever | businesses are devoted to collecting, analyzing and then monetizing whatever |
| data you produce. As a result, the apps, operating systems and services they | data you produce. As a result, the apps, operating systems and services they |
| provide us are optimized for one major thing: the collection of our private data. | provide us are optimized for one major thing: the collection of our private data. |
| 3. Rethink our | 3. Rethink our |
| relationship with tech companies | relationship with tech companies |
| We, the everyday consumers, | We, the everyday consumers, |
| must make privacy and security profitable. | must make privacy and security profitable. |
| If we want these companies to put our | If we want these companies to put our |
| interests first, we must pay for the services that they provide us. We must | interests first, we must pay for the services that they provide us. We must |
| demand that those products preserve | demand that those products preserve |
| privacy – again, by default. Until this business model changes, the services | privacy – again, by default. Until this business model changes, the services |
| that are made for the mass market will remain insecure, vulnerable and | that are made for the mass market will remain insecure, vulnerable and |
| optimized for data collection. | optimized for data collection. |
| By making it harder for | By making it harder for |
| the NSA to engage in mass surveillance, we force the agency to target the | the NSA to engage in mass surveillance, we force the agency to target the |
| communications and devices of people genuinely suspected of wrongdoing without | communications and devices of people genuinely suspected of wrongdoing without |
| compromising the privacy rights of everyone else. I cannot stress enough what I | compromising the privacy rights of everyone else. I cannot stress enough what I |
| said yesterday: the goal here isn’t to blind the NSA. The goal here is to make sure | said yesterday: the goal here isn’t to blind the NSA. The goal here is to make sure |
| they cannot spy on innocent people, in bulk. Starting right now. | they cannot spy on innocent people, in bulk. Starting right now. |
| It’s been said that the | It’s been said that the |
| geeks shall inherit the Earth. If that’s true, it’s also our responsibility to | |
| secure it. One of our own, Edward Snowden, started this revolution. Now it’s | secure it. One of our own, Edward Snowden, started this revolution. Now it’s |
| time we finished it by using our skills and knowledge to preserve our privacy | time we finished it by using our skills and knowledge to preserve our privacy |
| and civil liberties, not just the bottom line. | and civil liberties, not just the bottom line. |