Whistle-blower Edward Snowden addressed CeBit delegates via video link from an unknown location in Russia, answering questions and giving his position on questions of individual user rights. Kathy Gibson reports
Don’t be lulled into a sense of false security because laws and behaviours in the US may be aimed at curtailing abuses pertaining to data collection about individuals.
Edward Snowden, the world’s best-known whistle-blower, says there are still many ways that intelligence agencies can gather data about individuals – and non-US citizens are not protected by the same laws and procedures that US citizens enjoy.
Described as the man who changed forever the way the world thinks about data and security, Snowden was interviewed via a video link at the CeBit conference in Hannover yesterday evening.
“The worst abuses have begun to be curtailed,” he says. This has combined with moves by technology companies to contain data sharing, and action by individuals themselves who are tending towards encrypted communications.
“But none of this affects metadata, which can be collected without a warrant in the US and in most other states around the world.”
While metadata collection means that actual content of mails and phone calls remains private, it is still possible to build up a comprehensive picture of a person’s communications and activities.
“Even if you shift to using https, there is still a perfect record of your private life, from every web site you’ve visited and every email you’ve sent – any communication going out via a common network,” Snowden says.
This is not the only collection technology that governments employ, though.
The interception of plain text emails is used by all governments, Snowden says. Suppliers trying to monetise their own data sets, or ordered to hand over information by a court, could be another source – and data about foreign citizens is freely provided without a court order.
There is another knock-on effect when the state or intelligence agencies actively seek individual data: they could be guilty of keeping security holes open on the Internet.
“In general, if they are discovering zero-day exploits and not closing them, they are making the whole infrastructure of the Internet vulnerable.
“Plus, if a government is creating a marketplace where they are buying zero-day exploits, and investing in companies that develop these exploits to use for intelligence collection purposes; and if a company develops one and a particular government declines to buy it – they will sell it to the next one.”
Thanks to the good work of Internet engineers and corporate policies, intelligence agencies are being forced to move away from bulk data collection, Snowden says. However, this means they are moving to more targeted attacks.
The whole issue of statewide hacking and data collection has to be challenged, he says. “We have to change the game.
“The paradigm of being able to hack anyone is ultimately harming the most developed and connected nations. We have the most to lose because we are the most dependent on our systems.”
Snowden pours cold water on the idea of cameras in microwaves being used to spy on people, if only because microwave manufacturers would baulk at the cost of adding cameras to their products.
“But there is no need to worry about the microwave when you have a camera in your pocket,” he points out. “This is a disaster if we don’t secure it.”
The world is rapidly starting to come to a consensus the we cannot secure the whole environment – largely because most states don’t want the problems to be solved, Snowden says.
“The UN affirms that it’s true, and governments recognise it. Surveillance has never been easier than it is today; they have more insight into our lives to a degree far beyond what is proportionate to the terrorism threat.
“We need intelligence. But we need to balance that with the need to keep the lights on in hospitals, to keep dams closed and to keep traffic lights functioning.”
Recent concerns about the privacy of data held in US clouds has raised a question about whether organisations in other countries can trust cloud providers to protect their data from intelligence gathering.
“It’s a bit more complicated than that,” Snowden says. “The reality is: who are you being targeted by? And where is the real risk?
“If your data is so sensitive that it shouldn’t be exposed to a government, then it shouldn’t be held in a US cloud. Or a German cloud, come to that.”
Questions to ask are whether the cloud provider has access to a company’s data; whether the data is encrypted end to end; and whether the service provider or the data owner has the key to use the data.
“As of today, you can hack one server room and get access to 500-million accounts,” says Snowden, referencing last year’s breach at Yahoo.
“These things have to change; and they will be changed by engineering decisions. We need to create better technology and apply it to all services to guarantee the rights of consumers everywhere.”
The personal cost of whistle-blowing
Democracy cannot be passive; it has to be participative.
This is the message from whistle-blower Edward Snowden, who says he has no regrets about his life choices. “Even if I had to a light match, I’m glad I did it,” he says.
Snowden was responding to a question about whether he still felt the same about a comment two years ago when he said: “I know I have burnt my life to the ground”.
“Yes I do,” he told CeBit delegates. “But there is a lot of hope in that too.”
He points out that his own government is still chasing him for charges that are considered by most of the rest of the world to be absurd, although it has changed some of its laws in response to his actions.
“And we still have no evidence that these revelations caused harm. In fact, there is increasing evidence that they did not cause harm,” Snowden adds.
“I paid real costs for my actions. Was I satisfied? Yes, I was. When you burn something down you create room for new growth.
“I believe that the reach of technology, that has been repressive in many lives, can be remastered and recovered by society in order to empower us.”
Snowden adds that it is incumbent upon us to ensure that the legacy of people who fought revolutions and died to secure our rights will pass not only to us but to our children as well.
His actions have borne results, he says. “We have had the most progressive legal reforms in the US since 2013 than we’ve had in the last 30 years. But it’s not over.”
Other countries haven’t done the same: Snowden points out that new legislation in Germany meant to reform bad practices has actually institutionalised it, while other countries still have a long way to go.
“This was never about me,” Snowden says. “I’m not the leader or the guy in charge. The only motivation I had was to put information into public hands.”
Speaking about the movie around his disclosures, Snowden says his main concern was about how it would present the issues.
“I think it explained mass surveillance in a way I couldn’t do,” he says. “When you’ve got a technical background it’s difficult to explain to non-technical people.
“I feel good that with the movie we have this resource for people who don’t think about it very deeply – but they may now understand the broad outlines of why it matters.”
Snowden offers kids Internet safety advice
To be safe from cyber surveillance, learn how to be a hacker so you can master the technology.
This is the advice that whistle-blower Edward Snowden offers to children growing up in a connected world where it’s relatively easy to become victims of cyber surveillance and hacking.
Actually, the answer Snowden gave to a request for advice to kids about how they can ensure the technology won’t be used against them was a lot more succinct. “Learn magic,” he says.
“Any sufficiently advanced technology is indistinguishable from magic; and the masters of a technology are those that understand it. That is why hackers have such ability.”
The reality is much more pedestrian: people embrace dangerous behaviours that place us at risk, and are likely to cause harm to us and to our children’s future, he says.
“When we speak about control, you need to understand that the only way you will be able to protect yourselves is if you understand the technology. And I don’t think you can understand the technology unless you manipulate it, change it, and break its rules.”
We tend to conflate the idea of hacking with stealing, Snowden says. “Yes, that is one expression of it. But hacking is about learning how a technology functions so well that you can control it in new and unexpected ways.”