clock menu more-arrow no yes mobile

Filed under:

Snowden Calls on Tech Companies to Create More Secure Products

Right now, effective security rarely makes for a good user experience.

Liz Gannes / Re/code

Edward Snowden, the former contractor who exposed the breadth of the National Security Agency’s information gathering, called on the technology community to build communication products that protect the right to privacy from government spying through the use of strong encryption technology.

“The people in the room in Austin, they’re the folks who can really fix things and enforce our rights through technical standards, even when Congress hasn’t yet gotten to the point of legislation that protects our rights,” Snowden said via video link at the South By Southwest conference in Austin, Texas. It was his first public appearance since leaking classified NSA documents.

Snowden, in a discussion with Christopher Soghoian, a technologist at the American Civil Liberties Union, and Ben Wizner, director of the ACLU’s Speech, Privacy & Technology Project, called on engineers and programmers to create a new generation of products that are secure by design and easy for consumers to use.

He called for products that use encryption systems that lock down data “end to end” between computers or phones. That, he said, would make surveillance more difficult and shift the way intelligence agencies do their work. Rather than conducting mass surveillance on practically all communications taking place, spy agencies would be forced to make more targeted efforts against criminals and suspicious people.

“End-to-end encryption makes mass surveillance at the network level impossible. … By doing end-to-end encryption, you force global passive adversaries to go to the endpoints, that is the individual computers,” Snowden said. “The result of that is a more constitutional, more carefully overseen sort of intelligence gathering model, where if they want to gather somebody’s communications, they have to target them specifically. They can’t just target everyone all the time.”

Security technologies in popular consumer tech products have often been treated “as an afterthought, if there is a thought at all,” Soghoian said. When security is available, it tends to be so complicated to use that consumers choose to do without or don’t even know it’s available, he said.

The result has been an Internet where the biggest problem the NSA has to contend with is the sheer volume of the information it has collected, not the collection of the information itself, Soghoian said, and “that’s because so many of the services that we use are not secure by default.”

While Google first enabled SSL encryption on its Gmail service in 2010, Yahoo only recently turned on SSL encryption by default, Soghoian said.

“The tools that exist to enable secure end-to-end encryption are not very polished,” he said. “You have to choose between a service that is easy to use and reliable and polished, and a tool that is highly secure and impossible for the average person to use.”

The reason, he said, is that companies that make the popular tools don’t see security as a primary concern, meaning secure products tend to be made more often than not by activists and hobbyists, “by geeks for geeks.”

“Rational people choose the insecure tools because they’re the ones that come bundled with the devices that they buy and work with and are easy for people to figure out,” Soghoian said.

In later comments, Snowden criticized the mass surveillance practices of the NSA as not being effective at the problem they were instituted to solve: Protecting the U.S. against terrorist attacks. “We’ve reached a point where the majority of Americans’ telephone communications are being recorded. We’ve all this metadata that is being stored for years and years and years.”

The intelligence agencies failed, he said, to follow up on leads they were given about the Boston Marathon bomber Tamerlan Tsarnaev and Umar Farouk Abdulmutallab, the so-called “underwear bomber,” who tried to blow up a plane in 2009.

“We’ve actually had tremendous intelligence failures … because we’re monitoring everyone’s communications instead of suspects’ communications,” Snowden said. “That lack of focus has caused us to miss leads that we should have had.”

Snowden said that encryption, when properly used, works to preserve the security of communications, and the proof is the NSA’s investigation into him. “The United States government has launched a massive investigation into me personally and into my work with journalists, and they still have no idea what documents I provided to the journalists, what they have, what they don’t have, because encryption works,” he said. “Any cryptographer, any mathematician in the world will tell you that the math is sound.”

This article originally appeared on Recode.net.