June 5, 2013 – Edward Snowden, interview with Glenn Greenwald in Hong Kong:
GG: Why should people care about surveillance?
ES: Because even if you’re not doing anything wrong, you’re being watched and recorded. And the storage capability of these systems increases every year consistently, by orders of magnitude, to where it’s getting to the point you don’t have to have done anything wrong. You simply have to eventually fall under suspicion from somebody, even by a wrong call, and then they can use the system to go back in time and scrutinize every decision you’ve ever made, every friend you’ve ever discussed something with, and attack you on that basis, to sort of derive suspicion from an innocent life and paint anyone in the context of a wrongdoer.
…The greatest fear that I have regarding the outcome for America of these disclosures is that nothing will change. People will see in the media all of these disclosures. They’ll know the length that the government is going to grant themselves powers, unilaterally, to create greater control over American society and global society, but they won’t be willing to take the risks necessary to stand up and fight to change things, to force their representatives to actually take a stand in their interests. And the months ahead, the years ahead, it’s only going to get worse, until eventually there will be a time where policies will change, because the only thing that restricts the activities of the surveillance state are policy. Even our agreements with other sovereign governments, we consider that to be a stipulation of policy rather than a stipulation of law. And because of that, a new leader will be elected, they’ll flip the switch, say that because of the crisis, because of the dangers that we face in the world, you know, some new and unpredicted threat, we need more authority, we need more power, and there will be nothing the people can do at that point to oppose it, and it’ll be turnkey tyranny.
Governments Become Hackers
August 2013 – Christopher Soghoian, speech at TED entitled “Government surveillance — this is just the beginning“:
So as I said before, governments that don’t really have the resources to build their own tools will buy off-the-shelf surveillance software, and so for that reason, you see that the government of, say, Tunisia, might use the same software as the government of Germany. They’re all buying off-the-shelf stuff. The Federal Bureau of Investigation in the United States does have the budget to build their own surveillance technology, and so for several years, I’ve been trying to figure out if and how the FBI is hacking into the computers of surveillance targets.
My friends at an organization called the Electronic Frontier Foundation — they’re a civil society group — obtained hundreds of documents from the FBI detailing their next generation of surveillance technologies. Most of these documents were heavily redacted, but what you can see from the slides, if I zoom in, is this term: Remote Operations Unit. Now, when I first looked into this, I’d never heard of this unit before. I’ve been studying surveillance for more than six years. I’d never heard of it. And so I went online and I did some research, and ultimately I hit the mother lode when I went to LinkedIn, the social networking site for job seekers. There were lots of former U.S. government contractors who had at one point worked for the Remote Operating Unit, and were describing in surprising detail on their CVs what they had done in their former job.
So I took this information and I gave it to a journalist that I know and trust at the Wall Street Journal, and she was able to contact several other former law enforcement officials who spoke on background and confirmed that yes, in fact, the FBI has a dedicated team that does nothing but hack into the computers of surveillance targets. Like Gamma and Hacking Team, the FBI also has the capability to remotely activate webcams, microphones, steal documents, get web browsing information, the works.
There’s sort of a big problem with governments going into hacking, and that’s that terrorists, pedophiles, drug dealers, journalists and human rights activists all use the same kinds of computers. There’s no drug dealer phone and there’s no journalist laptop. We all use the same technology, and what that means then is that for governments to have the capability to hack into the computers of the real bad guys, they also have to have the capability to hack into our devices too.
So governments around the world have been embracing this technology. They’ve been embracing hacking as a law enforcement technique, but without any real debate. In the United States, where I live, there have been no congressional hearings. There’s no law that’s been passed specifically authorizing this technique, and because of its power and potential for abuse, it’s vital that we have an informed public debate.
Conspiracy Against Congress
October 9, 2013 – Representative Justin Amash, lunch speaker at “NSA Surveillance: What We Know; What to Do About It” at CATO Institute:
Time and again the intelligence committees have not been the friends of Congress but the opponents of Congress and when we have had secret actions being undertaken by this administration or the previous administrations you’ve essentially had the intelligence committees covering up for the administration. And there are a lot of examples that I can describe in which the intelligence committees try to really hinder Congress’s work.
When you look back at 2011, I had just gotten into Congress and we were going to have a vote on the re-authorization of the Patriot Act. And the administration decided — we have come to learn because these documents were declassified, the administration decided that it wanted to provide a document to all members of Congress about the outlines of these surveillance programs, the e-mail program and the phone records program. Just an outline. It wouldn’t have given you enough information to understand what was really going on, but it would have at least brought the issue to people’s attention.
And so the administration said, this is the Obama administration said, “Intelligence committees, we are providing you this document so that you can share it with members of Congress so they’ll have a better understanding of what we are doing.”
Now the Senate intelligence committee, to the best of our knowledge based on all the documents and evidence we’ve seen, did share that information with Senators. But the House intelligence committee decided that it wasn’t worthwhile to share that information with members of Congress.
Now, what they’ll tell you is, and I’ve heard this repeatedly from the House intelligence committee, “Well, members have an opportunity to come in and we have classified briefings and they can come in and ask questions and their questions will be answered and we think that’s a better way to share information.”
Well of course, if you’ve ever been to one of these classified briefings, which I know none of you have, but I have, you’ll find that it is just a game of 20 questions. So you go into the classified briefing and you’re not really provided any information in the intro, so you have people come in and they might speak to you, they might be from the administration, they might be from the intelligence committee. They’ll come speak to you about the topic, the Patriot Act for example or the FISA amendments act. And they’ll come speak to you about this topic and then they’ll say, “Any questions?”
And they are speaking about it in generalities. They are speaking about it in the way that you might already know about them from the newspaper. Or in the way that any ordinary person might already know about it. There’s no real information provided. At times you’ll learn something that the public doesn’t know about that is frankly not that surprising but you’re certainly not learning anything that seems out of the ordinary given the laws that we have on the books.
So you don’t know what questions to ask because you don’t know what the baseline is. You don’t have any idea what kinds of things are going on. You have to just start spitting out random questions. Does the government have a moon base? Does the government have a talking bear? Does the government have a cyborg army? If you don’t know what kinds of things the government might have you just have to guess. And it becomes a totally ridiculous game of 20 questions.
If you ask something in slightly the wrong way, they’ll tell you, “No. No, we don’t do that.” or “No, that agency doesn’t do that.” Maybe another agency does it, but they’re not going to tell you that. They’re not going to tell you, “No, this agency doesn’t do it, but this other agency does it.” or “No, we can’t do that under this program but we can do it under this program.” They don’t tell you that information. They’ll just tell you, “No, we can’t do that.” or “No, it doesn’t happen under that program.”
But you don’t know what the other programs are! So what are you going to ask about? So it becomes a ridiculous game of 20 questions and I had one colleague for example who went from briefing to briefing asking variations of the same question. So he’d go to one briefing and he’d ask the question and they’d say no. He’d go to another briefing, ask the question with a slight change — you know maybe the subject changed a little bit or the object in the sentence — and they’d say no. By the time he got to the third or fourth briefing he’d figured out how to ask it the right way and in that case they say, “Oh! Yeah, you caught us. Yeah, We do do that.”
Search Engine Honesty Isn’t For Governments
October 2013 – Mikko Hypponen, speech at TEDxBrussels entitled “How the NSA betrayed the world’s trust — time to act“:
And this here is the infamous NSA data center in Utah. Due to be opened very soon, it will be both a supercomputing center and a data storage center. You could basically imagine it has a large hall filled with hard drives storing data they are collecting. And it’s a pretty big building. How big? Well, I can give you the numbers — 140,000 square meters — but that doesn’t really tell you very much. Maybe it’s better to imagine it as a comparison. You think about the largest IKEA store you’ve ever been in. This is five times larger. How many hard drives can you fit in an IKEA store? Right? It’s pretty big. We estimate that just the electricity bill for running this data center is going to be in the tens of millions of dollars a year. And this kind of wholesale surveillance means that they can collect our data and keep it basically forever, keep it for extended periods of time, keep it for years, keep it for decades. And this opens up completely new kinds of risks to us all. And what this is is that it is wholesale blanket surveillance on everyone.
Well, not exactly everyone, because the U.S. intelligence only has a legal right to monitor foreigners. They can monitor foreigners when foreigners’ data connections end up in the United States or pass through the United States. And monitoring foreigners doesn’t sound too bad until you realize that I’m a foreigner and you’re a foreigner. In fact, 96 percent of the planet are foreigners. Right?
So it is wholesale blanket surveillance of all of us, all of us who use telecommunications and the Internet.
But don’t get me wrong: There are actually types of surveillance that are okay. I love freedom, but even I agree that some surveillance is fine. If the law enforcement is trying to find a murderer, or they’re trying to catch a drug lord or trying to prevent a school shooting, and they have leads and they have suspects, then it’s perfectly fine for them to tap the suspect’s phone, and to intercept his Internet communications. I’m not arguing that at all, but that’s not what programs like PRISM are about. They are not about doing surveillance on people that they have reason to suspect of some wrongdoings. They’re about doing surveillance on people they know are innocent.
So the four main arguments supporting surveillance like this, well, the first of all is that whenever you start discussing about these revelations, there will be naysayers trying to minimize the importance of these revelations, saying that we knew all this already, we knew it was happening, there’s nothing new here. And that’s not true. Don’t let anybody tell you that we knew this already, because we did not know this already. Our worst fears might have been something like this, but we didn’t know this was happening. Now we know for a fact it’s happening. We didn’t know about this. We didn’t know about PRISM. We didn’t know about XKeyscore. We didn’t know about Cybertrans. We didn’t know about DoubleArrow. We did not know about Skywriter — all these different programs run by U.S. intelligence agencies. But now we do.
And we did not know that U.S. intelligence agencies go to extremes such as infiltrating standardization bodies to sabotage encryption algorithms on purpose. And what that means is that you take something which is secure, an encryption algorithm which is so secure that if you use that algorithm to encrypt one file, nobody can decrypt that file. Even if they take every single computer on the planet just to decrypt that one file, it’s going to take millions of years. So that’s basically perfectly safe, uncrackable. You take something which is that good and then you weaken it on purpose, making all of us less secure as an end result.
A real-world equivalent would be that intelligence agencies would force some secret pin code into every single house alarm so they could get into every single house because, you know, bad people might have house alarms, but it will also make all of us less secure as an end result. Backdooring encryption algorithms just boggles the mind. But of course, these intelligence agencies are doing their job. This is what they have been told to do: do signals intelligence, monitor telecommunications, monitor Internet traffic. That’s what they’re trying to do, and since most, a very big part of the Internet traffic today is encrypted, they’re trying to find ways around the encryption. One way is to sabotage encryption algorithms, which is a great example about how U.S. intelligence agencies are running loose. They are completely out of control, and they should be brought back under control.
… And then the argument that the United States is only fighting terrorists. It’s the war on terror. You shouldn’t worry about it. Well, it’s not the war on terror. Yes, part of it is war on terror, and yes, there are terrorists, and they do kill and maim, and we should fight them, but we know through these leaks that they have used the same techniques to listen to phone calls of European leaders, to tap the email of residents of Mexico and Brazil, to read email traffic inside the United Nations Headquarters and E.U. Parliament, and I don’t think they are trying to find terrorists from inside the E.U. Parliament, right? It’s not the war on terror. Part of it might be, and there are terrorists, but are we really thinking about terrorists as such an existential threat that we are willing to do anything at all to fight them? Are the Americans ready to throw away the Constituion and throw it in the trash just because there are terrorists? And the same thing with the Bill of Rights and all the amendments and the Universal Declaration of Human Rights and the E.U. conventions on human rights and fundamental freedoms and the press freedom? Do we really think terrorism is such an existential threat, we are ready to do anything at all?
But people are scared about terrorists, and then they think that maybe that surveillance is okay because they have nothing to hide. Feel free to survey me if that helps. And whoever tells you that they have nothing to hide simply hasn’t thought about this long enough. Because we have this thing called privacy, and if you really think that you have nothing to hide, please make sure that’s the first thing you tell me, because then I know that I should not trust you with any secrets, because obviously you can’t keep a secret.
But people are brutally honest with the Internet, and when these leaks started, many people were asking me about this. And I have nothing to hide. I’m not doing anything bad or anything illegal. Yet, I have nothing that I would in particular like to share with an intelligence agency, especially a foreign intelligence agency. And if we indeed need a Big Brother, I would much rather have a domestic Big Brother than a foreign Big Brother.
And when the leaks started, the very first thing I tweeted about this was a comment about how, when you’ve been using search engines, you’ve been potentially leaking all that to U.S. intelligence. And two minutes later, I got a reply by somebody called Kimberly from the United States challenging me, like, why am I worried about this? What am I sending to worry about this? Am I sending naked pictures or something? And my answer to Kimberly was that what I’m sending is none of your business, and it should be none of your government’s business either. Because that’s what it’s about. It’s about privacy. Privacy is nonnegotiable. It should be built in to all the systems we use.
And one thing we should all understand is that we are brutally honest with search engines. You show me your search history, and I’ll find something incriminating or something embarrassing there in five minutes. We are more honest with search engines than we are with our families. Search engines know more about you than your family members know about you. And this is all the kind of information we are giving away, we are giving away to the United States.
And surveillance changes history. We know this through examples of corrupt presidents like Nixon. Imagine if he would have had the kind of surveillance tools that are available today. And let me actually quote the president of Brazil, Ms. Dilma Rousseff. She was one of the targets of NSA surveillance. Her email was read, and she spoke at the United Nations Headquarters, and she said, “If there is no right to privacy, there can be no true freedom of expression and opinion, and therefore, there can be no effective democracy.”
That’s what it’s about. Privacy is the building block of our democracies. And to quote a fellow security researcher, Marcus Ranum, he said that the United States is right now treating the Internet as it would be treating one of its colonies. So we are back to the age of colonization, and we, the foreign users of the Internet, we should think about Americans as our masters.
“Collect It All” Mentality & The Math
February 16, 2014 – Bruce Schneier, speech at MIT entitled “NSA Surveillance and What To Do About It” via YouTube:
Fundamentally, the NSA’s mission is to collect everything. And you see those sorts of slogans permeating the documents: “Collect it all,” “Know it all,” “Exploit it all.” I mean, these are what the agency is trying to do. And you see it in the far flung reaches of the programs. Programs to collect internet data from airplanes. Programs to collect the chat conversations in a virtual world. That’s where you, sort of, see the mentality at its most extreme. That there can’t be little pockets of uncollected communication.
(7:22) …And this sort of ubiquitous collection mentality really should have died with the Cold War, but it got a new lease on life after September 11th. Because that’s when the intelligence agencies got an impossible mission: Never again. Right, make sure this never happens again. And if you think about it, if you’re given the goal of making sure something never happens the only way you can possibly achieve that is to know everything that does happen. And when the enemy changed from the Soviet Union over there to the terrorists in this room, the giant eye which was looking over there now has to look everywhere. And that looking everywhere has been aided by technology. By the natural trends of IT and fundamentally data is a byproduct of information society. Everything we do on a computer creates a transaction record. And so data becomes a byproduct of all the Internet age socialization that we do. Because everything that we do is increasingly mediated by computers. And this data is increasingly stored and increasingly searchable.
And this is just Moore’s law: data storage drops to free, data processing drops to free, and it becomes easier to save everything than to figure out what to save. And the result is we are all leaving digital footprints everywhere in our life.
(16:12) …And remember technology spreads. Today’s NSA programs become tomorrow’s PhD theses and the next day’s hacker tools. So when we see a lot of these NSA programs, what we’re seeing is a 3 to 5 year window of what the criminals are going to do. And in a lot of the ways, that fundamentally is the harm. We have built an insecure Internet for everyone. We have basically enabled the Panopticon. And all the losses of freedom and liberty and individuality that come with that. We now have a complete loss of trust in technology and in protocols, in the institutions that govern the Internet, a lot of the corporations that provide Cloud services or infrastructural support for the Internet.
(18:37) …In his first interview, after he became public, Edward Snowden talked about encryption and he said, “Encryption works. Strongly implemented encryptosystems are one of the few things that you can rely on.” And this is an important lesson: cryptography works. This is the lesson of the NSA’s attempt to break Tor. The NSA can’t break Tor and it pisses them off. This is the lesson of the NSA’s program to collect contact lists from the backbone. If you looked at their collection data, they collected about ten times the amount of data from Yahoo than the did from Google. Which seems odd because Google about ten times as large as Yahoo but at the time, Google used SSL by default and Yahoo did not. …Unfortunately, Snowden’s next reply in that sentence is sort of equally important: “Unfortunately, end-point security is so terrifically weak that the NSA can frequently find ways around it.” The math works but math has no agency. It’s the stuff around the math that is the most vulnerable.
(29:19) …We are never going to eliminate targeted collection. We don’t know enough to build computers that are secure from a targeted attack. But we can build protocols that are secure against bulk collection. Some of it is redesigning protocols. I mean, ubiquitous encryption on the Internet would solve a lot of this. So encrypting the backbone is important: provides real security from attacks, provides cover traffic for those who need it to stay alive. …We kind of know what to do here; we just have to do it.
(42:25) …We do know that the NSA does flag and save encrypted data because there’s just not much of it so you might as well save it all because it might be useful some day. You might get the keys somehow. So yes, using encryption does flag you. Which is why I think the solution is not to not use it; the solution is for everyone to use it. For you to use encryption, you provide cover for those who need it. And that’s a good thing. But we do know that using encryption is a flag.
(52:11) …The counterargument is easy, right? “Terrorists will kill your children.” That’s the argument. And the thing about that argument is that it stops all rational conversation. I mean, I can discuss the inefficacy of bulk collection. I can discuss the expense, both in money, in liberties, in the legal system, in the economic system. I can talk about the abuses and harms. I can talk about the right to privacy. But those are all pretty theoretical against
“Terrorists will kill your children.”
Now, I really think that it’s going to take some years before the craziness of 9/11 subsides before we can look at this rationally. The counterargument to fear is indomitability. Right, that we are stronger than this, we are better than this. That we don’t have to stoop to this kind of stuff. Right, that we can respect our laws, our countries, our liberties, our ideals, and still beat the bad guys. That we don’t have to subvert everything that we hold in order to beat them.
Right To Privacy / Cover For Action
March 18, 2014 – Edward Snowden, interview with Chris Anderson via TED:
CA: Ed, one response to this whole debate is this: Why should we care about all this surveillance, honestly? I mean, look, if you’ve done nothing wrong, you’ve got nothing to worry about. What’s wrong with that point of view?
ES: Well, so the first thing is, you’re giving up your rights. You’re saying “Hey, you know, I don’t think I’m going to need them, so I’m just going to trust that, you know, let’s get rid of them, it doesn’t really matter, these guys are going to do the right thing.”
Your rights matter because you never know when you’re going to need them. Beyond that, it’s a part of our cultural identity, not just in America, but in Western societies and in democratic societies around the world. People should be able to pick up the phone and to call their family, people should be able to send a text message to their loved ones, people should be able to buy a book online, they should be able to travel by train, they should be able to buy an airline ticket without wondering about how these events are going to look to an agent of the government, possibly not even your government years in the future, how they’re going to be misinterpreted and what they’re going to think your intentions were.
We have a right to privacy. We require warrants to be based on probable cause or some kind of individualized suspicion because we recognize that trusting anybody, any government authority, with the entirety of human communications in secret and without oversight is simply too great a temptation to be ignored.
CA: Do you think there’s a deeper motivation for them other than the war against terrorism?
ES: Yeah. The bottom line is that terrorism has always been what we in the intelligence world would call a cover for action. Terrorism is something that provokes an emotional response that allows people to rationalize authorizing powers and programs that they wouldn’t give otherwise. The Bullrun and Edgehill-type programs, the NSA asked for these authorities back in the 1990s. They asked the FBI to go to Congress and make the case. The FBI went to Congress and did make the case. But Congress and the American people said no. They said, it’s not worth the risk to our economy. They said it’s worth too much damage to our society to justify the gains. But what we saw is, in the post-9/11 era, they used secrecy and they used the justification of terrorism to start these programs in secret without asking Congress, without asking the American people, and it’s that kind of government behind closed doors that we need to guard ourselves against, because it makes us less safe, and it offers no value.
Why Should I Care?
May 15, 2014 – Glenn Greenwald, No Place to Hide Interview with CATO Institute via YouTube:
The idea that the mere existence of a surveillance system, regardless of how it is used, will severely limit and alter human behavior is something which has been acknowledged for centuries.
And to me the reason it is so critical is that there is this prevailing sentiment that says, “I am not the kind of person who threatens the government and therefore I am not the kind of person they are interested in and therefore I am not the kind of person who will fear surveillance.”
And embedded within that statement is the acceptance of this bargain that says, “If you become sufficiently obedient and compliant and passive and non-threatening – you just ignore what power is doing, you just go about your business, sit on your couch, watch television, play with your kids – you can be unmolested by power” – that is the recipe for tyranny. I mean, in even the worst tyrannies, people who don’t bother tyrants are never or rarely targeted with oppressive behavior.
And this is what the existence of a surveillance state does, and it’s what Jeremy Bentham recognized, which is that if you can create institutions where the people you are trying to control – inmates or students or patients in a psychiatric ward – know that they can be watched at any moment, even if they don’t know when they are being watched or if they are being watched, the fact that they know that they can be watched at any moment means that they will assume that they are always being watched and therefore will act accordingly – meaning in compliance with the dictative authorities.
And it’s a way to keep people under control and that was the essence of 1984.
Michel Foucault said that that was sort of the foundational point of Western democracy, that we don’t have concentration camps and political dissidents and large numbers being hauled into prison because we don’t need that because we have effectively put prisons inside people’s minds or they think that they are free but it is only because they have relinquished their basic political rights on the grounds that “I know that if I relinquish my basic political rights, I won’t be seen as threatening and therefore I won’t be punished.”
And that is essentially why a surveillance state is so insidious, because it removes the essential part of what it means to be a free individual.