- Date published:
- Author:Brian Wood
Summary: the sky is not falling and personal responsibility is as important as it ever was.
First article by John Zorabedian in Naked Security and second article by Mark Stockley, also in Naked Security.
Emphasis in red added by me.
Brian Wood, VP Marketing
What we learned from Edward Snowden
Edward Snowden now holds a permanent place in the pantheon of US national security leakers, alongside the likes of Daniel Ellsberg, Julian Assange, and Chelsea Manning.
A former contractor for the US National Security Agency (NSA), Snowden made headlines around the world when he leaked thousands of confidential files detailing secretive NSA spying programs.
Now that it’s been a year since the Snowden files emerged, after publication of a report in The Guardian blew the lid off the NSA’s bulk collection of Americans’ phone records, we thought we’d take a look back at what we’ve learned.
The codenames of the NSA’s vast data collection programs are now familiar to many – PRISM, Tempura, Upstream, XKeyscore.
The program called PRISM, explained in documents leaked by Snowden to The Guardian’s Glenn Greenwald in June 2013, collected data directly from the servers of the largest internet companies – including Google, Yahoo, Facebook and Microsoft.
The troves of data swept up by the NSA are so enormous – billions of phone calls, text messages, emails, chats and images every day – that the NSA can only store some of it for short periods of time.
XKeyscore is the NSA’s network of 500 servers across the globe used to store the data collected from the internet and telecommunications traffic of nearly everyone on the planet.
The NSA’s descriptions of XKeyscore say that it can “collect nearly everything a user does on the internet,” from web searches to video chats.
Other programs revealed by Snowden’s leaks include the NSA’s collaboration with other spy agencies, including the UK’s GCHQ, and others in France, Germany, Israel and Australia.
Most recently, we learned of the NSA’s facial recognition program that scans millions of images gathered from websites, emails, text messages and chats to match suspects against photo ID databases.
The NSA dragnet leaves nothing that travels over the internet untouched.
After The Guardian’s first report, more revelations poured out in the media in the following weeks.
There was a swift backlash against NSA spying, from people in grassroots organizations, to the biggest tech companies, with repercussions both political and diplomatic.
In the US, President Obama tried to soothe things over with allies such as Germany’s Angela Merkel when it was revealed that the NSA had tapped phone conversations of world leaders.
In terms of domestic politics in the US, Obama has called for reforms in the way the NSA gathers data from Americans, and some of those reforms will keep US citizens from having their phone records and emails collected.
But efforts to curtail the NSA’s power to collect data under US law won’t be enough.
To ensure the privacy of communications that we take for granted as a part of our rights to freedom of speech and political association, we need to have more control over the way we use technology.
That means that we as individuals have to be more aware of how the services we use handle our data, and we need to have security that includes encryption for all our communications.
Companies like Google, Yahoo and Facebook have made steps towards more encryption for our messages on those services – but many others need to follow their lead.
This story would be far less complicated if the NSA leaker were anonymous – but Snowden’s fame has made his actions hard to separate from his personality.
Some people consider Snowden’s actions heroic – others call him a traitor.
Snowden’s face is now iconic – we see everywhere the photo of Snowden that first introduced us to the bespectacled young man who opened our eyes to the NSA’s secrets.
Given what we know now about the NSA, and the unfolding events of the past year, Snowden’s actions will have an impact for a long time to come.
As for Snowden himself, he is seeking to leave Russia and find asylum, perhaps in Brazil – but Brazil might not want him due to its own concerns about relations with the US.
Let’s hope that the facts of NSA surveillance don’t become a secondary storyline to Snowden’s personal tribulations.
Snowden, one year on, and it’s still not 1984
One of the most enjoyable aspects of working on Naked Security is reading and joining in with the discussions at the end of our articles.
If you spend enough time reading our comments you’ll come to understand that different subjects attract different audiences and excite different passions.
After a while you get a feel for how the conversations that follow different articles are likely to go.
The best technical Q&As tend to follow our Anatomy of… articles while just mentioning Anonymous can get our readers drawing lines in the sand.
Positive comments on articles concerning Facebook or Microsoft are as rare as unicorns and the conversations that follow Talking Angela articles are bizarre almost beyond description.
As you might expect we’ve had some good reasons to research and write about privacy and surveillance in the last year.
The closest thing to a nailed-on certainty in a discussion about Snowden or the NSA is that, almost regardless of what’s being reported, somebody is going to compare the situation to George Orwell’s 1984.
Orwell’s hugely popular work of fiction concerns a population dominated by a command and control government that’s intent on watching and manipulating its citizens’ every move.
You can see why it’s a popular point of reference.
Shared stories and narratives are powerful social tools that act like maps by rendering new territory into a familiar form. Like all the best stories, Orwell’s is emotive, easily understood and well known.
But no matter how good a map is it should never be mistaken for the territory it represents.
Unfortunately, as a map, George Orwell’s 1984 is not accurate and it isn’t helping to show us the way.
We’re so busy looking for Big Brother we’re ignoring the landscape as it really is.
For example, before we had concrete evidence of NSA spying most of us acted as if it didn’t happen (even if we’d heard the rumours about Echelon that had been doing the rounds for years).
But the NSA is not the only agency with the means, motive and opportunity to spy on us – they’re just the first one with a whistle blower in their IT department.
That doesn’t make what they’re doing any more palatable but it should change the way we respond to it.
That’s why in my article about Reset The Net I made the point that expanding the use of encryption is more important than changing the law – it protects you from all the agencies (or anyone else for that matter) trying to spy on you.
Governments, by and large, centralise power and do as much spying as they can get away with.
I’m not particularly happy about that situation but I do know that it didn’t start with Snowden.
What’s changing most rapidly, what really is new, isn’t the power wielded by governments, it’s the power in the hands of everyone else.
Surveillance technology is no longer the preserve of all-powerful state apparatus, it’s a commodity in the hands of many, many governments, organisations, collectives and individuals.
The unpleasant side effects of the recent proliferation in data gathering, sensors, cameras and connectivity include everything from Glassholes to cyberbullying, baby monitor hacks, revenge porn, Twitter mobs and the Talking Angela hoax.
That isn’t Big Brother, that’s The Crowd.
Perhaps the most striking example of the democratisation of surveillance are the events that followed the Boston Marathon bombings.
The number of mobile phone cameras in use at the scene meant that, thankfully, police had a vast cache of pictures and video footage of the event.
The amount of footage (and therefore the chances of the bombers having been caught on camera) was much greater than if the police had been reliant on a fixed, centralised CCTV infrastructure.
That kind of decentralised, blanket surveillance is unprecedented and entirely new.
The police weren’t the only ones making use of Little Brother’s eyes and ears though.
Conspiracy theorist and radio shock jock Alex Jones scoured the footage and used it to back up his claim that the bombings were a false flag exercise conducted by undercover navy SEALs – a claim syndicated to hundreds of radio stations and uploaded to a YouTube channel with almost a million subscribers.
Mobs on Facebook, Twitter and, most notoriously, Reddit, were pronouncing a succession of entirely innocent people guilty of a truly horrific crime.
I’ve argued elsewhere on Naked Security that data privacy is more important now than it’s ever been.
Things have changed dramatically in the last few years and we have a lot to discuss. We can do better than resorting to old clichés.
It’s been a year since Snowden lifted the lid on PRISM and everything that followed. We’ve spent a year focusing on Big Brother government surveillance while at the same time we uploaded ever more of our lives into the care of giant media corporations and pointed an ever-increasing battery of smaller and better cameras at each other.
There’s good and bad in our information revolution but the one thing it most assuredly is not is Orwell’s vision of the future.
So let’s mark the anniversary of Snowden’s first blow of the whistle by looking at the problems as they are and retiring our 1984 reflex.
Godwin’s law dealt with the inevitability of somebody invoking the Nazis during the course of a Usenet discussion. The law reads:
As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one
By common convention, the person who invokes the Nazis must retire in shame having ended the discussion and lost the debate.
That sounds just what we need.
So, with apologies to Mike Godwin:
Usenetdiscussion grows longer, the probability of a comparison involving Nazis or Hitlerapproaches one