This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.theguardian.com/commentisfree/2014/mar/11/snowden-nsa-fire-sxsw-silicon-valley-security
The article has changed 4 times. There is an RSS feed of changes available.
Version 0 | Version 1 |
---|---|
Snowden told me the NSA set fire to the web. Silicon Valley needs to put it out | Snowden told me the NSA set fire to the web. Silicon Valley needs to put it out |
(34 minutes later) | |
“You are the | “You are the |
firefighters,” National Security Agency whistleblower Edward Snowden told a tech savvy audience here yesterday, during my conversation with him at the SXSW festival. “The people in Austin are | firefighters,” National Security Agency whistleblower Edward Snowden told a tech savvy audience here yesterday, during my conversation with him at the SXSW festival. “The people in Austin are |
the ones who can protect our rights through technical standards.” | the ones who can protect our rights through technical standards.” |
Ed’s comments were a | Ed’s comments were a |
call to arms for the tech community to protect its users from indiscriminate | call to arms for the tech community to protect its users from indiscriminate |
mass surveillance by the NSA and the insecurity it creates. Despite the | mass surveillance by the NSA and the insecurity it creates. Despite the |
talk from Washington DC regarding cybersecurity threats – and you’ll hear more of it today during a confirmation hearing for the would-be next head of the NSA – it is | talk from Washington DC regarding cybersecurity threats – and you’ll hear more of it today during a confirmation hearing for the would-be next head of the NSA – it is |
now clear that the NSA’s mass surveillance efforts are not meant for good. Whether | now clear that the NSA’s mass surveillance efforts are not meant for good. Whether |
it’s systematically undermining global encryption standards, hacking communications companies’ servers and data | it’s systematically undermining global encryption standards, hacking communications companies’ servers and data |
links or exploiting so-called zero-day vulnerabilities, the nation’s cyberspies are | links or exploiting so-called zero-day vulnerabilities, the nation’s cyberspies are |
focused on attacking online privacy and weakening the security of systems that | focused on attacking online privacy and weakening the security of systems that |
we all trust. | we all trust. |
Forget all the | Forget all the |
government rhetoric on cybersecurity: the NSA simply isn’t here to make the | government rhetoric on cybersecurity: the NSA simply isn’t here to make the |
Internet more secure. But that doesn’t mean the agency has to win. The global | Internet more secure. But that doesn’t mean the agency has to win. The global |
tech community can fight back, if developers ramp up efforts to build privacy | tech community can fight back, if developers ramp up efforts to build privacy |
and security into their products. By zeroing in on practical steps Ed and I discussed | and security into their products. By zeroing in on practical steps Ed and I discussed |
in our conversation here, we can build a more open, free | in our conversation here, we can build a more open, free |
and secure Internet. | and secure Internet. |
Unfortunately, for far | Unfortunately, for far |
too long, security has been an afterthought. Even for a lot of my fellow geeks | too long, security has been an afterthought. Even for a lot of my fellow geeks |
here at SXSW. | here at SXSW. |
Until recently, many of | Until recently, many of |
the free email and social networking services used by consumers failed to integrate | the free email and social networking services used by consumers failed to integrate |
the most basic of encryption technology. That made the NSA’s job far too easy, so | the most basic of encryption technology. That made the NSA’s job far too easy, so |
the real challenge for the NSA often became processing all of the intercepted | the real challenge for the NSA often became processing all of the intercepted |
communications data, rather than grabbing it in the first place. | communications data, rather than grabbing it in the first place. |
Right now, the most | Right now, the most |
widely used communications tools and services – the ones we use to do business, | widely used communications tools and services – the ones we use to do business, |
have fun and connect with those we love – fail to deliver the reasonable and | have fun and connect with those we love – fail to deliver the reasonable and |
realizable trifecta of privacy, security and simplicity. As a result, people | realizable trifecta of privacy, security and simplicity. As a result, people |
are forced to choose between technology that’s incredibly intuitive but | are forced to choose between technology that’s incredibly intuitive but |
fundamentally weak on privacy (such as Google’s Chrome browser and Android | fundamentally weak on privacy (such as Google’s Chrome browser and Android |
operating systems) and technology (like PGP email encryption and Tor) that | operating systems) and technology (like PGP email encryption and Tor) that |
remains far too difficult for the average person to use … even if those tools | remains far too difficult for the average person to use … even if those tools |
do a much better job of protecting | do a much better job of protecting |
private data. | private data. |
Nine months after | Nine months after |
Snowden’s documents leaked in these pages, though, the standards and practices | Snowden’s documents leaked in these pages, though, the standards and practices |
of everyday security are truly beginning to change. Over the past few years, | of everyday security are truly beginning to change. Over the past few years, |
and even more so after Ed’s revelations, Silicon Valley companies have begun to enable – by default – basic security | and even more so after Ed’s revelations, Silicon Valley companies have begun to enable – by default – basic security |
features, such as the use of HTTPS encryption to protect data as it is transmitted | features, such as the use of HTTPS encryption to protect data as it is transmitted |
from their customers’ to the companies’ servers. While HTTPS encryption by | from their customers’ to the companies’ servers. While HTTPS encryption by |
default is a great start, isn’t enough. The tech companies must offer apps and | default is a great start, isn’t enough. The tech companies must offer apps and |
services that are safe and secure by default. | services that are safe and secure by default. |
1. Disable | 1. Disable |
data, all the way | data, all the way |
Far too often, security is an opt-in feature | Far too often, security is an opt-in feature |
that few regular people will even know about, much less seek out and enable. | that few regular people will even know about, much less seek out and enable. |
In addition, big tech | In addition, big tech |
companies need to embrace end-to-end encryption technology. That is, they need to lock their products down, so they | companies need to embrace end-to-end encryption technology. That is, they need to lock their products down, so they |
won’t be able to see their customers’ data. This kind of encryption technology, | won’t be able to see their customers’ data. This kind of encryption technology, |
if deployed by several major service providers, will significantly thwart the | if deployed by several major service providers, will significantly thwart the |
ability of intelligence agencies, in the US and elsewhere, to engage in bulk | ability of intelligence agencies, in the US and elsewhere, to engage in bulk |
surveillance. The more communications and data are encrypted, the less tenable | surveillance. The more communications and data are encrypted, the less tenable |
mass surveillance becomes. | mass surveillance becomes. |
It comes down to simple | It comes down to simple |
economics, really: if the NSA has to spend more time finding a way to break or | economics, really: if the NSA has to spend more time finding a way to break or |
otherwise circumvent encrypted communications, it will be forced to do what it | otherwise circumvent encrypted communications, it will be forced to do what it |
should have done all along – use its extraordinary powers on high-value | should have done all along – use its extraordinary powers on high-value |
targets, rather than the hundreds of millions of innocent people currently | targets, rather than the hundreds of millions of innocent people currently |
subject to NSA surveillance. If you question the power of encryption, consider | subject to NSA surveillance. If you question the power of encryption, consider |
this: the US government still doesn’t know what documents Ed took, because he | this: the US government still doesn’t know what documents Ed took, because he |
encrypted everything. | encrypted everything. |
2. Limit | 2. Limit |
collection, move up storage deadlines | collection, move up storage deadlines |
As Ed stressed, tech companies | As Ed stressed, tech companies |
can also begin to limit the data they collect from their customers and only | can also begin to limit the data they collect from their customers and only |
store it for as long as it’s needed for genuine business purposes – and not one | store it for as long as it’s needed for genuine business purposes – and not one |
second longer. The impact of the government’s ability to demand data from companies like Google and Facebook is | second longer. The impact of the government’s ability to demand data from companies like Google and Facebook is |
amplified because these tech companies collect and store everything. If the | amplified because these tech companies collect and store everything. If the |
companies don’t have the data that the US government and other governments are | companies don’t have the data that the US government and other governments are |
seeking, they cannot be legally compelled to hand over what no longer exists or | seeking, they cannot be legally compelled to hand over what no longer exists or |
never existed in the first place. | never existed in the first place. |
The problem, however, is | The problem, however, is |
a fundamental conflict of interest between the business model of so many tech | a fundamental conflict of interest between the business model of so many tech |
giants – the collection, storage and monetization of your data – and your | giants – the collection, storage and monetization of your data – and your |
privacy and security. | privacy and security. |
This is where the | This is where the |
average Internet user can make a difference. Right now, the digital services up | average Internet user can make a difference. Right now, the digital services up |
on which we all rely for swift communications and easy web browsing are largely | on which we all rely for swift communications and easy web browsing are largely |
reliant on advertising dollars. They sell the data you generate to third | reliant on advertising dollars. They sell the data you generate to third |
parties, or use it to deliver targeted advertisements for those third parties. Entire | parties, or use it to deliver targeted advertisements for those third parties. Entire |
businesses are devoted to collecting, analyzing and then monetizing whatever | businesses are devoted to collecting, analyzing and then monetizing whatever |
data you produce. As a result, the apps, operating systems and services they | data you produce. As a result, the apps, operating systems and services they |
provide us are optimized for one major thing: the collection of our private data. | provide us are optimized for one major thing: the collection of our private data. |
3. Rethink our | 3. Rethink our |
relationship with tech companies | relationship with tech companies |
We, the everyday consumers, | We, the everyday consumers, |
must make privacy and security profitable. | must make privacy and security profitable. |
If we want these companies to put our | If we want these companies to put our |
interests first, we must pay for the services that they provide us. We must | interests first, we must pay for the services that they provide us. We must |
demand that those products preserve | demand that those products preserve |
privacy – again, by default. Until this business model changes, the services | privacy – again, by default. Until this business model changes, the services |
that are made for the mass market will remain insecure, vulnerable and | that are made for the mass market will remain insecure, vulnerable and |
optimized for data collection. | optimized for data collection. |
By making it harder for | By making it harder for |
the NSA to engage in mass surveillance, we force the agency to target the | the NSA to engage in mass surveillance, we force the agency to target the |
communications and devices of people genuinely suspected of wrongdoing without | communications and devices of people genuinely suspected of wrongdoing without |
compromising the privacy rights of everyone else. I cannot stress enough what I | compromising the privacy rights of everyone else. I cannot stress enough what I |
said yesterday: the goal here isn’t to blind the NSA. The goal here is to make sure | said yesterday: the goal here isn’t to blind the NSA. The goal here is to make sure |
they cannot spy on innocent people, in bulk. Starting right now. | they cannot spy on innocent people, in bulk. Starting right now. |
It’s been said that the | It’s been said that the |
geeks shall inherit the Earth. If that’s true, it’s also our responsibility to | |
secure it. One of our own, Edward Snowden, started this revolution. Now it’s | secure it. One of our own, Edward Snowden, started this revolution. Now it’s |
time we finished it by using our skills and knowledge to preserve our privacy | time we finished it by using our skills and knowledge to preserve our privacy |
and civil liberties, not just the bottom line. | and civil liberties, not just the bottom line. |