Snowden at SXSW: We Need Oversight

Photo credit: GSPhotography/
Photo credit: GSPhotography/

Snowden of course has been leaking documents that he stole from confidential databases when he was a low-level IT contractor for the US government. The leaks have centered around allegations that the NSA and other intelligence bodies have been eavesdropping on private citizens’ telephone and internet communications in a wholesale fashion, all in the name of national security. The leaks have gone beyond that though, and have included evidence of international eavesdropping on allied countries’ governments, along with the revelation of sensitive information like the budgets for CIA undercover projects, cybersecurity task forces and so on.

Explaining his actions (a video of the session is available here), he said, "I saw that the Constitution was violated on a massive scale," drawing widespread applause.

“They’re setting fire to the future of the Internet,” he added. “We need public advocates. We need public oversight. Some way [to have] trusted figures, sort of civil rights champions to advocate for us, to protect the structure. How do we fix our oversight? How do we structure an oversight model that works? The key factor is accountability.”

Congress and the Obama Administration itself have leapt into the resulting fray from the revelations, changing policy points to rein in the unchecked gathering of information on American citizens. Snowden said that the moves validated his actions, but emphasized that this wasn’t enough.

"The government has gone and changed their talking points; they have changed their verbiage away from public interest to national interest," he said, adding that what the government should actually be doing is pouring efforts into protecting military technology secrets and other intellectual property.

"We've got the most to lose from being hacked," Snowden said.

Despite its high-profile, virtual guest, the session was mainly oriented around a discussion of best practices for online privacy and better approaches to encryption. Those include encryption in use, which enables cloud applications to function while the data remains persistently encrypted. In this approach, the end-user organization holds the keys, not the cloud provider. Employees of the organization can access their data, while the data remains inaccessible and useless to everyone else – even to administrators at the cloud service provider with full access to the customer.

"Encryption represents the best defense against unwanted surveillance and all other outside threats from obtaining private data,” said Elad Yoran, CEO of Vaultive, in an email to Infosecurity. “For today's organizations utilizing the cloud, encryption in use provides the only way to protect data prior to sending it to the cloud so it never needs to be decrypted while outside of their environments.”

Others pointed out that companies themselves have a duty to protect customer privacy. “The way that all of us can be fire fighters today, is to choose to do business with companies that have respect for user privacy,” said Mark Weinstein, online privacy expert and CEO of Sgrouples, in an email statement. “If we want to be true digital revolutionaries, we should choose to do business with companies that don't aggregate a packet of data to hand over to the government—regardless of whether the government knocks and ask for the data or comes uninvited through the proverbial back door.”

He added, “The conversation with Snowden, ACLU’s Chris Soghoian, and Ben Wizner (also counsel to Snowden), is relevant for everyone. They focused on the need for new end-to-end encryption solutions to make mass surveillance impossible. Circumventing mass surveillance allows law enforcement to focus their finite resources directly on the actual bad guys, instead of spreading resources thin by collecting and analyzing huge amounts of data on innocent citizens.”

Snowden faced a friendly crowd in Austin, but others were less impressed. US Representative Mike Pompeo (R-Kan.) reprimanded SXSW organizers for hosting the fugitive, who will be arrested upon minutes of stepping foot on US soil again.

"Rewarding Mr. Snowden's behavior in this way encourages the very lawlessness he exhibited," Pompeo wrote.

Snowden continues to take safe harbor in Russia, although the White House wants him extradited. It’s a request that Moscow is unlikely to comply with anytime soon.

What’s hot on Infosecurity Magazine?