NSA whistleblower Ed Snowden gave his longest speech since his revelations last year, in a conversation at the South by Soutwest Interactive conference in Austin today. One of his key refrains was that citizens need encryption technology to make it too expensive to do bulk spying.
Above, you can see the full speech that Snowden gave, though the sound quality isn't terribly good. Hopefully we'll get a cleaned-up version later today.
Encryption technologies protect your private data by converting all your files or communications into a code that can only be unlocked by using a personal key. As the ACLU's Chris Soghoian pointed out in his discussion with Snowden, encryption doesn't protect you if the NSA has targeted your emails or phone calls specifically. The agency can decrypt it, with a bit of effort. But decrypting every single piece of communication in the nation would be too costly. So encryption could prevent the mass spying that has become one of the most controversial political issues of the past year in the United States.
Over on Ars Technica, Joe Mullin summed up one of the key points in Snowden's conversation with Soghoian:
Good, user-friendly encryption technology will push us towards a "more constitutional" method of data-gathering, said Snowden. End-to-end encryption is a strategy to fight against "global passive surveillance," which collects everyone's data indiscriminately, then trusts the authorities to only do appropriate searches. With better encryption, "if law enforcement and intelligence agencies want to gather someone's communications, they have to target them specifically," he said while describing a world with better encryption. "They can't just go back in a time machine and say, 'what did they say back in 2008?'"
Snowden encouraged "makers and developers," like those at the SXSW conference, to start building more tools to protect privacy.
"They're setting fire to the future of the Internet," he said. "The people in this room, you guys are all the firefighters... We want secure services that aren't opt-in. If you have to go to a command line, people aren't going to use it. if you have to go three menus deep, people aren't going to use it.
Soghoian emphasized that the goal isn't to actually stop intelligence agencies' work, which is impossible in any case. Instead, the goal is to raise the cost of the most abusive behavior. "If you are a target of the NSA, it's going to be game over no matter what," Soghoian said. "Encryption makes bulk surveillance too expensive. The goal isn't to blind the NSA. The goal is to make it so they can't spy on innocent people."
The problem right now is that most encryption software is difficult for most people to use, so they just don't bother to protect the privacy of their conversations online. That's why security experts like those at last week's Trustycon conference are urging the industry to develop encryption tools that are as easy to use as email or Facebook.