Whistleblower Edward Snowden appeared onstage yesterday at TED 2014 in Vancouver, Canada. Snowden’s talk, titled “Here’s how we take back the internet,” looked at the continued violations of American and world trust by the National Security Agency. Snowden, who spoke from Russia as a disembodied head on a remotely controlled computer screen, seemed to have gotten through to the TED audience, but the bigger question remains: are American web-businesses listening?
An Overview of the NSA-built Security Landscape
Much of Snowden’s speech was focused around the NSA’s past actions. PRISM, the mass data gathering program that was leaked by Snowden and British journalist Glenn Greenwald last year, was discussed in-depth, giving many listeners their first real insight to how the PRISM program worked. In effect, Snowden pointed out, many of America’s biggest tech companies, Google, AT&T, and others, were willing accomplices in the NSA’s actions, despite claims that they were victims to an insidious government plot.
Of a bigger focus, arguably, was the NSA program titled “Bullrun;” the program aimed to increase the NSA’s ability to break through the encryption technologies many online services use to protect their clients’ data — everything from their names to their credit card numbers — online. One of the main methods of doing so is by encouraging companies to lessen security standards, or blatantly leave loopholes in their security systems.
Snowden said of the problem, “If we lose a single standard — if we lose the trust of something like SSL — which was specifically targeted by the Bullrun program, we will live in a less safe world.”
SSL, standing for Secure Sockets Layer, is a well-known and commonly used encryption protocol that many see as a hallmark of effective defense against hackers and other hostile web-entities, the NSA included. In other words, the NSA now doesn’t have to work so hard to break encryption — neither do hostile government agencies, like China.
More Than Orwellian Paranoia
It’s easy to listen to Snowden’s talk and dismiss it as little more than one man’s paranoia. However, the recent news that the NSA used its technological might to game Facebook users proves that there is some weight to what he’s been saying. Last week, it was revealed that the NSA had been mimicking Facebook servers in order to install data-gathering malware on users computers, an effort which has been seen by critics as just another unjustified attempt at blanketed surveillance in hopes of finding evildoers.
Even with a mounting pile of indisputable evidence, questions remained whether or not tech companies even cared about what was happening. However, Facebook’s response to the most recent violations might be the first retaliatory response to these mass surveillance efforts. Joe Sullivan, chief security officer for Facebook, told reporters yesterday that the NSA will no longer be able to mimick the social media giant’s servers and take liberties with its users. “That particular attack is not viable,” Sullivan said, noting that the company had closed that security gap at the end of last summer. While he notes that there are other ways the NSA could breach Facebook security, he made it clear that Zuckerberg and team are done making it easy for the overreaching security agency.
The move by Facebook is an important step toward regaining consumer confidence in well-used web services in general. One thing is certain: this is only the tip of the iceberg, especially with more yet to be revealed.
Speaking of the future, Snowden said, “Some of the most important reporting to be done is yet to come.”
Facebook’s volley may be the first shot in a fight against illegal surveillance, but for the sake of the American people and the businesses that rely on their support, it can’t be the last.