Friday 14 March 2014

Snowden to SXSW: Here's How To Keep The NSA Out Of Your Stuff


Edward Snowden Edward Snowden, the former NSA contractor who blew the lid off the NSA's secret data collection programs, addressed a crowd at South By Southwest yesterday from his new home in Russia. While he touched on several topics throughout the hour-long talk, he returned again and again to the importance of encryption in maintaining privacy.
Because of the seven proxy servers used to secure Snowden's video feed, his words were sometimes unintelligible. To help make sense of it, I augmented my own notes with a transcript from Inside.
What You Can Do
When asked what average citizens can do to protect themselves from mass surveillance, Snowden mentioned a couple of key technologies. First was full disk encryption, which will protect the data on your device if it's ever stolen or seized. Most desktop OSes now include an option to encrypt the data on your drive.
On the browser side, Snowden recommended NoScript, a browser extension that blocks JavaScript, Java, Flash, and other plugins from running without your explicit permission. He also mentioned Ghostery, a service which reveals what companies and advertisers are following your movements across the web (hint: a lot of it comes from Google) and can block tracking cookies.
Lastly, he recommended TOR—the web traffic anonymizing service. He did acknowledge that it was possible to defeat TOR, but that using the service makes watching you harder. "By using TOR you shift their focus to either attacking the TOR cloud itself, which is incredible difficult, or to try to monitor the exits from TOR and the entrances to TOR and then try to figure out what fits," said Snowden. "And it is very difficult."
We Need Better Tools
At the beginning of the interview, Snowden said he was addressing SXSW because it was the technology sector that could most improve the security situation in the world. Legislative change was important, but he said "tech people that can really craft the solutions to make sure we're safe."
"They're setting fire to the future of the Internet," he continued. "You guys are all the firefighters."
With the NSA investing in weakening established encryption standards, Snowden called for increased research into cryptography to secure the future of privacy. But more important was making privacy tools easier to use. Snowden reflected on how the reporters he worked with were unable to use encryption tools because they were too complicated.
"I think we are actually seeing a lot of progress being made here," said Snowden. "WhisperSystems and the Moxie Marlinspikes of the world are focusing on new user experience, new UIs and basically ways for us to interact with cryptographic tools." WhisperSystems is responsible for RedPhone and TextSecure, two free Android applications for sending and receiving encrypted text and voice messages. These apps and others were designed from the beginning to be secure, and easy to use. Other app developers, like those building Heml.is, are planning to bring secure and beautifully designed products to market.
The Value of Encryption
Interestingly, Snowden did not dismiss the use of electronic surveillance. Rather, he said that using encryption would prevent the NSA and other intelligence agencies from having easy access to bulk user data. This would not only keep your information safe from the prying eyes of spies, but also scammers, hackers, and unscrupulous advertisers. This is very close to what Bruce Schneier proposed at RSAC 2014, where he posited that even if the NSA can break encryption they cannot do it at scale.
"End to end encryption where it is from my computer directly to your computer makes mass surveillance impossible at the network level," he said. Without an easily accessible stream of information, Snowden believes the NSA would turn back to targeted investigations instead of mass surveillance. "The result of that is a constitutional, more carefully overseen sort of intelligence gathering model where if they want to gather somebody's communications they have to target them specifically."
"We need to think of encryption not as this sort of arcane black art [but] a basic protection" said Snowden. "It is a 'defense against the dark arts' for the digital realm."
https://www.youtube.com/watch?feature=player_embedded&v=CPrDqoaHHSY

No comments:

Post a Comment