Against a backdrop of the Constitution, Edward Snowden appeared through video on an American Civil Liberties Union panel at the South by Southwest Interactive Festival in Austin. And the former National Security Agency contractor had a message for the tech leaders watching: "We need you to help us fix this."
In the hour-long appearance, Snowden, ACLU technologist Christopher Soghoian, and moderator Ben Wizner, the ACLU's speech, privacy and technology project director, spent much of their time on ways the technology community could counteract digital bulk surveillance programs revealed by Snowden's leaking of NSA files to the media.
Both Snowden and Soghoian were unimpressed with consumers current options. "Many of the communications tools we rely on are not as secure as they could be," argued Soghoian. This is because, he said, "security is often an after thought, if it is a thought at all" during the development process.
"We need to lock things down," he urged those in the audience, saying "that's going to require a rethink by developers." But Soghoian also argued that the revelations from Snowden's disclosures have already made a significant impact on the practices of private companies.
"His disclosures have improved Internet security," he said, citing accelerated moves to end-to-end encryption and other security practices in the wake of the revelations. "Yahoo was kicking and screaming the whole way," he joked, but secured the connection between users and Web mail by default after a story that revealed their users' mail book addresses were being siphoned up in much larger numbers than those of their competitors.
At an earlier SXSW panel, Google Chairman Eric Schmidt said the company's data was now secure from prying government eyes after the revelation that the NSA had siphoned data from the connections between Google data centers.
But one of the problems Soghoian sees is that the business models of companies that run popular Web services rely on advertising -- and thus collecting personal data. He singled out Google in particular, saying "they want to be in that connection with you, and that makes it difficult secure those connections."
"Many of the tools that we are using are made by advertising companies -- it's not a coincidence that Chrome is probably a less privacy supporting browser," he said. "This makes the NSA's job a lot easier."
"The irony that we're using Google Hangouts to talk to Edward Snowden has not been lost by me or my team," he assured the audience, noting that Snowden was behind several proxies meant to obscure his physical location.
Because data collection and personalization are where the money is, Soghoian said too often consumers are left choosing between user friendly but insecure options and difficult to use but secure options. Snowden echoed his comments and urged for the development of tools that anyone from journalists to grandmothers can use. "If you have to go into command line, people aren't going to use it," he said. Snowden became a board member of the Freedom of the Press Foundation earlier this year, which is currently running a fundraising drive to provide support for encryption tools.
"The bottom line is that encryption does work," Snowden said, calling it "the defense against the dark arts for the digital realm" in what seems to have been a reference to the Harry Potter series.
But one of the most disturbing revelations to come out of the the Snowden documents to those in the cryptological community was a New York Times report that the NSA had introduced a backdoor into the number generator used in some encryption suites. With that action, Snowden said, the NSA harmed the security of U.S. computer systems.
And according to Soghoian, that revelation "radicalized" some within the cryptological community. "Those people should be mad, and those people can make a difference." Ultimately, he believes tools five or six years down the line will be more secure because those people felt "lied to."
Soghoian thinks that might herald a new wave of security innovation and consumer products. "There are going to be hot new communications tools, he said. "This can be made easy to use," argued Soghoian, but will be a significant development work. He also suggested that the market was approaching a point where consumers will pay something like five dollars month to keep prying eyes away. In the month since the Snowden leaks broke, there's been a boom in "securely" marketed products -- including one hardened smartphone that nicknamed itself the "Snowden Phone."
At another point during the panel, Snowden criticized the efficacy of the NSA's bulk collection activities -- citing the findings of two executive branch reviews and the program's failure to catch the Boston Bombers or the Underwear Bomber. "We got nothing," said Snowden, "and two White House investigations confirmed that." He also argued that other countries see U.S. activities as a "green light" to pursue similar programs.