Snowden Calls On Developers To Champion Privacy By Design

Speaking at the Hope X conference taking place in New York this weekend, NSA whistleblower Edward Snowden put out a call for developers to build systems that protect privacy and constitutional rights by design. He also revealed his own intention to work on developing privacy protecting technology.

Snowden was speaking via videolink from Russia where he currently has asylum after the US government cancelled his passport, following his leak last year of classified NSA documents detailing security agency surveillance programs.

Responding to a question about what people working in technology can do to counteract dragnet, overreaching surveillance, Snowden said encryption is an “important first step”. But he added that simply securing the content of communications is not in itself enough. New privacy-protecting protocols and infrastructures need to be designed.   

“It doesn’t end at encryption it starts at encryption,” said Snowden. “Encryption protects the content but we forget about associations… These programs like section 215 [of the Patriot Act] and mass surveillance in general is not about surveilling you, it’s not about surveilling me. It’s about surveilling us collectively. It’s about watching the company. For everybody in the country and on a global scale.

“This is basically a big data program which provides the raw data that can then be analyzed, it can be filtered, it can be subjected to rules for example… it says everything you do is being analyzed, it’s being weighted, it’s being measured and that’s without regard to whether or not you’ve done anything wrong.”

Snowden argued that government dragnet surveillance programs constitute an “unreasonable seizure” of information, under the 4th and 5th amendments, being as there’s no proven suspicion to justify what happens in advance. He also argued it can be seen as a due process violation under the 5th amendment — “where the government is basically saying we’re going to use warrantless surveillance to collect evidence to then secretly use to get a warrant application” — and a violation of 1st amendment rights that give US citizens freedom of association.

The continuous, programmatic analysis of the connections of everybody is “a fundamentally un-America thing”, he argued. “If you let you go of your rights for a moment, you’ve lost them for a lifetime. And that’s why this matters. It’s because it happened, and we didn’t know about it. We weren’t told,” he said.

“We the people. You the people, you in this room right now have both the means and capability to help build a better future by encoding our rights into the programs and protocols upon which we rely upon everyday,” he added, calling on developers to rethink how they build digital technology so both content and connections can be kept private.

“And that’s what a lot of my future work is going to be involved in and I hope that you will join me and the Freedom of the Press and every other organization in making that a reality.”

Governments are using the same techniques they use to unmask spies to discover journalists and leakers, said Snowden — via these “association methods”.

Getting into specifics, he talked about the need for protocols resistant to traffic analysis, and a padding process to make tracking content and connections harder, plus mixed routing to obfuscate individual connections.

“When we think about how we fix these, programmatically, when we think about these in terms of protocols, we need to have protocols that are resistant to traffic analysis. They need to be padded, basically, even if there’s some level of performance penalty. So you can’t look at differences in for example Skype conversations and tell which phoneme or word was spoken based on packet size and signaling speed and so on and so forth. You also need to use some sort of mixed routing, some sort of shared infrastructure, that divorces the individual connection from the individual orgination point. And that’s still a hard problem. We haven’t solved that in a performance respecting manor.”

User experience is another clear challenge to be worked on. “GPG is a robust and pretty reliable encryption. Unfortunately it’s damn near unusable,” he said. “We need encryption, mix routing, we need non-attributable communications. Or unattributable Internet access… that’s available to people — that’s easy, that’s transparent and that’s reliable. That we can use not just here in the US but around the world because again, this is a global problem.”

Snowden said he believes collective community action and a peer review model is required to address the challenges of developing privacy protections. “We need people to attack these systems, we need people to work as adversaries to try to find holes so that we can fix them,” he said.

While technology is clearly enabling governments to harvest data on individual citizens on a scale and at a frequency never before possible, Snowden as a technology practitioner evidently believes technology itself is a neutral force that can also be applied in the counter direction — to rebalance the relationship between individuals and governments. Assuming, of course, enough developers can be encouraged to start thinking about and building privacy by design.

“We need to think about software as a means of expressing our freedom, but also defending our freedom,” added Snowden. “Technology gives us a new power — if we pair that with a responsibility to police ourselves, the way technology grows, and not sleepwalk into new technologies.”

You can watch the full video interview with Snowden — which also featured Pentagon Papers’ leaker Daniel Ellsberg — via Hope X’s website.