The best way to stop the NSA's surveillance is make data too difficult to collect in bulk, argued Edward Snowden and ACLU principal technologist Christopher Soghoian during a livestream at SXSW today.
During the stream, which featured Snowden piped in via Google Hangout, both Snowden and Soghoian praised the value of encryption, and implored tech companies to take privacy and security more seriously. Snowden—who was superimposed on an image of the Constitution—also railed against the secrecy surrounding the US government's surveillance activities.
By way of introduction, moderator Ben Wizner, also of the ACLU and Snowden's legal advisor, asked Soghoian about what Snowden's leaks have done. Soghoian said that Snowden's disclosures have forced tech companies to improve their security faster than they would have had they not been embroiled in the PRISM leaks.
"There are going to people in this audience and those watching us at home who think what Ed did was wrong," Soghoian said. "But his disclosures have made the internet more secure. We all have Ed to thank for this. The companies should have done it by themselves. There should have been privacy regulators forcing them to do this. But it took Ed to get us to this place."
Snowden joined to answer questions submitted online, and one of the best came about halfway through: Why are big corporations' data collection efforts "less bad" that that of governments?
"Governments can deprive your rights," Snowden said. While "companies can spy on you to sell you products, which can be bad," you've still got legal recourse, Snowden said. For one, you generally sign your rights away in those terms of service agreements you never read. And if a company breaches your privacy without your consent, you can always sue.
The full livestream, for your enjoyment.
But when it comes to the government, he argued, there's no legal recourse. The government said bulk data collection should be kept classified because it pertains to national security, which means the legal arguments supporting the NSA's activities are heard by a secret court without public representation. And while these interpretations were supported by public representatives, the scale of data collection activities—as well as the legal rulings themselves—weren't available to the public until Snowden's leaks dropped.
"The interpretation of the Constitution had been changed in secret from 'no unreasonable search and seizure' to 'Hey, any seizure is fine, just don't search it,' and that's something the public ought to know about," Snowden said.
That's a key point that Snowden hit on a few times during the hour or so he answered questions. When asked if Big Data can be used for good, as has been promised by the tech sector, he went back to the secrecy point with regards to the government. "In general, it's a difficult problem," he said. "The bottom line is that data should not be collected without the public's knowledge and consent."
To protect against secret surveillance, Snowden said, we need to make encryption a part of everything we do. "The bottom line is that encryption does work," he said. "We need to not think of encryption as an arcane, dark art, but as basic protection for the digital world."
He offered a personal example, which got laughs from the crowd. The NSA has a massive investigation team looking into Snowden, and "they still have no idea what documents" what documents he's leaked to journalists "because encryption worked." He did say that one can break into a computer and steal encryption keys, which "happens every day," but cracking modern encryption would require an unfeasible amount of resources—and we should continue to develop crypto for the future.
Soghoian echoed that point. "Encryption makes bulk surveillance too expensive," he said, arguing that we need to get to the point where the resource cost of spying on everyone outweighs the potential benefits.
Soghoian also argued that tech companies need to take a lead on security before they start to lose business—which could add up to tens of billions of dollars, according to one early report.
"Because of the density of tech companies in this country, the US has an unparalleled tech advantage that no other government in the world has," he said, explaining that the world's data largely comes through the US at some point or another. Unless companies take pains to rebuild trust, the status quo is at risk—like with Brazil's proposed plan, however convoluted, to cut itself out of the US internet.
"We can get that trust through legal changes, but I think also tech companies can get a lot of that trust back by employing encryption and other privacy protection standards," Soghoian said.
If we don't make changes, Snowden argued, surveillance will only become more endemic—and already has, in many countries worldwide. In response to a question about whether the US's surveillance activities will cause other countries to play copycat, he said, "This is one of the primary concerns of the NSA's activities, and of the inability to rectify it."
"Throughout history we've seen governments repeat the trend of where [surveillance] increases, then they cross the line," he said.