Snowden & ACLU at SXSW: Consumers Must Protect Themselves, Tech Companies Must Innovate

In his longest public appearance since fleeing the United States, Snowden appeared via webcast with Ben Wizner and Christopher Soghoian from the American Civil Liberties Union (ACLU)'s Project on Speech, Privacy, and Technology.  Snowden was the ACLU’s featured speaker and spoke for about an hour (full video).  The conversation (click here for full transcript) began by looking at how internet surveillance and other government intrusion has fundamentally changed the internet, easily transitioning into a discussion about how those in the technology sector–startups and otherwise–can better encrypt communications and heighten security in other ways.  Soghoian, ACLU’s principal technologist, made the case for paid security services to keep consumers’ data encrypted.

Snowden opened with remarks at SXSW by explaining why he chose to address the technology sector at SXSW rather than more policy-oriented audiences:

When we think about what is happening at the NSA for the past decade, the result has been an adversarial internet.  It’s a sort of global free-fire zone for governments that is nothing that we ever asked for. It is not what we want. It is something that we need to protect against. We think about the policies that have been advanced the sort of erosion of fourth amendment protections the proactive seizure of communications... There is a policy response that needs to occur. There is also a technical response that needs to occur. It is the [technology] development community that can really craft the solutions and make sure we are safe.

Snowden highlights the centrality of cybersecurity and privacy in geopolitics today.  In the 21^st Century, civil and international conflicts have extensive technological underbellies, foregrounded in the conflict or unquestionably influencing the tenure of the conflict under the mainstream radar.  Observers of the recent conflict between Russia and the Ukraine have been eager to see, for instance, if Russia will employ cyber warfare tactics against the Ukraine they usedagainst Georgia in 2008. 

The conversation moved from international cybersecurity to individual privacy considerations.  The ACLU’s Soghoian talked at length about the need to bridge the gap between user-friendliness and optimal security.  Soghoian observed that many widely-used tools developed by large companies do not provide optimal levels of security for users (especially by default), and tools developed by smaller companies that are more secure are often too difficult to use for everyday users.  Snowden agreed saying that we do not want the standard for cybersecurity being opt-in. 

Soghoian summarized the security landscape by saying, “If you want a secure online backup service you are going to have to pay for it. If you want a secure voice or video communications product you are going to have to pay for it.”  He explained, too, that consumers cannot rely on free solutions to their security concerns.  Soghoian explained, “You [don’t] have to pay thousands of dollars a year, but you have to pay something so that company has a sustainable business model that doesn't revolve around collecting and monetizing your data.”

Wide-scale changes are needed to improve the ways consumers are currently under-protected or directly violated by government and non-government parties.  As the discussion highlighted, those changes require action from a variety of different actors.  Legislative and regulatory changes can help restrict governments’ access to citizens’ data but also work to further protect countries from outside cyber-attacks.  What he technology sector and proactive consumers can do in the meantime is protect their customers and protect themselves from harm by using the most secure tools possible and investing in high-security services (like those provided by SumRando). 

The ACLU and Snowden discussed what many of us know about technology today: As omnipresent and intertwined technology has become by choice and by default, privacy remains less of a priority than it should be with most consumers.  As Soghoian points out, most technology users rely on technology developers for security protections without knowing there are additional services that could protect them but also without knowing how to evaluate which services can provide consumers adequate security.  Without more widespread change in government and popular technology, informed consumers must rely on high-quality products that actively protect their security online.