AUSTINEdward Snowden has a piece of advice for you, the average American Internet user: Employ whatever encryption tools you have at your disposal to make the National Security Agencys job a little bit harder.

Snowden doesnt often speak to the public, given his status as an American refugee in Russia, but he appeared at South By Southwest Monday via Google Hangoutsand seven proxiesto encourage the people who create devices and software to make user security a priority.

Theres a policy response that needs to occur but theres also a technical response that needs to occur, Snowden said. Its the makers, thinkers, and the development community that can help make sure were safe.

While Edward Snowdeds SXSW appearance came via Google Hangout, his attorney, Ben Wizner (left), and ACLU technologist Chris Soghoian (right) talked on stage at the Austin conference.

The NSAs surveillance powers seem so far-reaching that fighting against them may well be an exercise in futility. Spies can track your phone calls, read your text messages, view your bank transactions and your e-mails, see your Web-browsing history, collect screenshots of your Yahoo webcam chats, and even eavesdrop on German Chancellor Angela Merkels cellphone calls. The list goes on and on. And on and on.

If youre an NSA target, there is very little you can do to keep the agency out of your computer. But the majority of the data that spy agencies are collecting is completely innocuous, and theres no rhyme or reason as to why the intelligence community needs to collect or store that information. So how do regular folks avoid getting caught in the net? Encryption is the key, Snowden said.

Full-disk encryption and network encryption, like SSL, are good places to start, but there are also tools like no-tracking browser plug-ins and Tors anonymity software. Documents leaked by Snowden show that the NSA has attempted to breach Tor but has largely been unable to de-anonymize the networks users.

We need to think about encryption not as this arcane black art but as a basic protection, the defense against the black arts in the digital realm, Snowden said.

There are more advanced encryption tools available, but theyre built by geeks for geeks. The average consumer tends to use software thats familiar or comes preinstalled on the devices they buy.

Most people arent going to go out and download an obscure encryption [tool], said Chris Soghoian, the American Civil Liberties Unions principal technologist, who spoke with Snowden at SXSW. Theyre going to use the tools they already have: Facebook, Google, Skype. When Google turned on [SSL for Gmail], they made passive surveillance of users communications more difficult for agencies. We need services to be building security in. That doesnt mean that small developers cant play a role. What I want is for the next WhatsApp or Twitter to use encrypted end-to-end communications.

See the original post here:
Edward Snowden at SXSW: The NSA is setting fire to the future of the Internet

7 hours ago Mar. 10, 2014 - 11:18 AM PDT

Encrypting our communications is the best way to thwart mass government surveillance programs, according to fugitive whistle blower Edward Snowden, who appeared via live-stream at the SXSW tech festival in Austin on Monday.

Snowden, whose leaks have exposed secret data collection operations between the NSA and major U.S. companies, claims that is impossible for specific individuals to hide from the government, but thatencryption will render the current practice of mass surveillance expensive and impractical.

Encryption is the defense against the dark arts for the digital realm, Snowden said, appearing against a backdrop of the Constitution, and protected by what he described as 7 proxies an apparent allusion to a 4Chan meme.

Snowdens remarks came as part of a public discussion with ACLU lawyer Christopher Soghoian over how to take privacy techniques employed by tech enthusiasts which Snowden described as firefighters who can oppose those who are setting fire to the future of the internet and make them accessible to average people.

Most regular people are not going to go out and download an obscure encryption app, noted Snowden, adding that large companies can easily take steps to help their customers communicate in a more secure fashion. He cited Googles decision in 2010 to add SSL to its services, which made passive surveillance much more difficult.

Snowden also singled out two government officials, the NSAs Michael Hayden and Keith Alexander, for doing more harm to the internet and U.S. national security than anyone else. He claimed the men make a strategic mistake by reconfiguring NSA cyber operations into an offensive rather than a defensive role, and that attacks launched by the agency have hurt privacy without making the country any safer.

When you have a vault thats more full than anyone elses, it doest make sense to attack. When you set the standards for vaults worldwide, it makes no sense to have a big backdoor, he said, an allusion to the NSAs controversial practice of compromising global encryption standards so the agency can tap into devices and networks.

In addition to urging major tech companies to offer encryption as a common feature, Snowden also suggested Tor as a way to preserve privacy, although he acknowledged such tools are still beyond the capacity of average internet users.

Snowden also took questions via Twitter, including one from my colleague David Meyer, and received multiple ovations from a partisan crowd. The overall discussion hewed closely to tech topics, and did not broach geopolitical questions such as the relative moral standings of governments like China or Russia, where Snowden is now taking refuge.

See the original post:
Snowden calls encryption “defense against the dark arts”

With an image of the U.S. Constitution as his background, NSA whistleblower Edward Snowden beamed in through a choppy Google Hangouts video feed to call on the technologists at the 2014 South by Southwest Interactive Festival in Austin, Texas, to help fix the problem of mass government surveillance through easy-to-use encryption technology.

I would say South by Southwest and the technology community the people who are in Austin right now theyre the folks who can really fix things, who can enforce our rights through technical standards even when Congress hasnt yet gotten to the point of creating legislation to protect our rights in the same manner, said Snowden in his opening remarks.

He added that, in addition to a policy response to mass surveillance activities, theres also a technical response. And its the makers, its the thinkers, its the development community that can really crack those solutions to make sure were safe.

You guys who are in the room now are all the firefighters, he said. And we need you to help fix this.

The bottom line is that encryption does work.

Soghoian said the lack of consideration for security and other encryption by developers is what has allowed widespread government surveillance to occur.

We need to make services secure out of the box, said Soghoian. And thats going to require a re-think by developers its going to require that developers think about security early on, rather than later on down the road.

Soghoian went on to add that, since the disclosures by Snowden, major technology companies have greatly improved their security offerings. Within the past eight months, for example, both Google and Yahoo have increased their use of SSL encryption by default for users. Despite these improvements, said Soghoian, the additional security still allows these companies to collect user data, which in turn allows the government to obtain user data from the companies something that is not likely to change thanks to their advertising-based business models that rely on users information.

The irony that were using Google Hangouts to talk to Snowden has not been lost on me or our team here, Soghoian said to applause. He also indicated that the video feed had been routed through several proxy serversfor security purposes (Wizner earlier indicated the exact number was seven, a possible allusion to this meme), which led to the poor quality of the video stream.

This in fact I think reflects the state of play for many services, said Soghoian. You have to choose between a service thats easy to use, reliable, and polished, or a tool that is highly secure and impossible for the average person to use.

The rest is here:
Edward Snowden at SXSW: Encryption is the answer to NSA surveillance

By Dow Jones Business News, March 10, 2014, 03:51:00 PM EDT

By Douglas MacMillan and Danny Yadron

Former National Security Agency contractor Edward Snowden urged technology companies to adopt better methods of encryption to protect users from government surveillance.

Speaking through a live video feed to an audience at the South By Southwest Interactive conference in Austin, Texas, Mr. Snowden said technology companies can act more quickly to protect users' privacy than the government, which will move slowly, if at all, to change intelligence-gathering practices. "There is a policy response that needs to occur but there is also a technical response that needs to occur," Mr. Snowden said.

Mr. Snowden also criticized the data-collection practices of technology companies such as Google Inc. and Facebook Inc. He said the companies collect too much data, primarily to generate advertising revenue, and hold it for too long.

The comments are among Mr. Snowden's first public remarks since last June, when he exposed the NSA's programs to monitor phone calls, email and other communications. He spoke from Moscow, where he has been granted temporary asylum, with an image of the Constitution in the background. Both the audience, and the interviewers--two officials of the American Civil Liberties Union--were sympathetic to Mr. Snowden.

Mr. Snowden's revelations prompted Google and other companies to strengthen their encryption technology, but he said the firms had not done enough to protect the civil liberties of Internet users in the U.S. and abroad.

Encryption turns plain text in an email into a jumble of letters and numbers unreadable to prying eyes--whether hackers or a spy agency. To read the email, another user requires a "key" to decrypt the message.

Mr. Snowden and Chris Soghoian, one of the interviewers and a principal technologist at the ACLU, said Internet companies should adopt a system known as "end-to-end encryption," which scrambles communication, such as an email, each step from the sender's computer to the recipient's.

Messrs. Snowden and Soghoian said widespread use of encryption would make it less practical for the government to collect Internet traffic in bulk, since much of it would be unreadable. That would require government agencies to target surveillance more precisely, Mr. Soghoian said.

Read the original here:
Snowden Urges Technology Companies To Adopt Better Encryption

Edward Snowden, who leaked classified documents revealing the surveillance activities of the National Security Agency, said technology companies need to take a leadership role in protecting users privacy.

Theres a technical response that needs to occur, said Snowden, speaking through a video feed to a packed room of more than 3,000 people today at the South by Southwest Interactive conference in Austin, Texas. Technology companies can add layers of security that make it harder for intelligence agencies to scour for data, and can do it faster than new surveillance-oversight laws can be implemented, he said.

Snowden is now living in Russia to avoid arrest following last years release of the documents, which disclosed how global spy agencies collect vast amounts of data about phone calls and online activities. The revelations frayed U.S. relationships with countries such as Brazil and Germany and set off a global debate about whether the government is overstepping its authority and violating privacy to bolster security.

The leaks from Snowden, a former NSA contractor, showed that the U.S. had been collecting phone records as well as data from companies such as Google Inc. (GOOG), Facebook Inc. and Apple Inc. The disclosures made Snowden a hero to some people who want to see government activities reined in, while others, including U.S. President Barack Obama, say his actions compromised efforts to combat terrorism.

Snowden, speaking in front of an image of the U.S. Constitution, said the NSAs technique of collecting mass amounts of data hasnt been effective because there arent good ways to interpret the material.

What did we get out of it? he said. We got nothing.

Better oversight of intelligence agencies is needed, said Snowden, whose talk at South by Southwest drew a crowd of people who lined up hours before he spoke. Congress has been cheerleading instead of acting as a watchdog, he said.

Thats the biggest failure, he said.

Chris Soghoian of the American Civil Liberties Union, speaking with Snowden today, said theres inherent tension in having technology companies play a central role because their business models are dependent on using personal information to sell advertising. Technology companies have dramatically improved their security since Snowdens leaks, he said, because the revelations raised concerns among their users.

His disclosures have improved Internet security, Soghoian said. The goal isnt to blind the NSA. The goal is to make it so it cant spy on innocent people.

Read the original:
Snowden Says Technology Companies Should Lead on Data Encryption

NSA whistleblower Edward Snowden speaks via videoconference at the Virtual Conversation With Edward Snowden during the 2014 SXSW Music, Film + Interactive Festival at the Austin Convention Center on March 10, 2014 in Austin, Texas. Photo by Michael Buckner/Getty Images for SXSW

Former NSA contractor Edward Snowden spoke at the 2014 South by Southwest Interactive Festival Monday about what the tech community can do to address digital privacy and security concerns. Snowden addressed festival attendees via videoconference from Russia, where he is currently living under temporary asylum.

I would say, South by Southwest and the tech community, the people who are in the room right now, they are the folks who can fix things, enforce our rights before Congress can, Snowden said, a green screen image of the U.S. Constitution behind the NSA whistleblower.

They are setting fire to the future of the Internet. You guys that are in the room are the firefighters.

Christopher Soghoian the principal technologist of the American Civil Liberties Union also joined the conversation, which was hosted by Snowdens lawyer and ACLU director Ben Wizner. Their conversation focused on non-policy solutions. Throughout the hour-long forum, Snowden and Soghoian said repeatedly that the best way for Internet users to protect their data, is through encryption.

We need to think about encryption not as black magic but as something that works, Snowden said. Its the defense against the dark arts in the digital realm.

Encryption takes information stored on a device or data that users want to share over networks and transforms it into a cypher or a code, which prevents unauthorized access to that data. Only the holder of the key, can view and understand that data.

While there are tools available to Internet users that can help to make their data even more secure, Soghoian said most of them have been made by geeks for geeks and wont be used by the average user. The average American is more likely to choose the insecure tools that come with the devices that they buy than a tool that they do not know how to use, Soghoian said.

Thats why Soghoian and Snowden believe that developers and the larger tech companies must make encryption a priority as they create new digital tools for Internet users. As of present, security is an after thought, if it is a thought at all, Soghoian said.

Ultimately, encryption is a tool that could make the NSAs mass surveillance and collection of Americans data too expensive.

Go here to see the original:
Snowden at SXSW: Encryption is ‘defense against the dark arts in the digital realm’