NSA whistleblower to tech firms, Obama: 'Grow a pair!'

Ed Snowden: Email tracking grabs 'IPs, raw data, content, headers, attachments, everything'

Mobile application security vulnerability report

Edward Snowden, the 29-year-old fugitive who revealed the NSA's PRISM system, has told the technology companies involved in surveillance to stand up for users' rights and demand a change in the current law.

"If for example Facebook, Google, Microsoft, and Apple refused to provide this cooperation with the Intelligence Community, what do you think the government would do? Shut them down?" he said, during a question and answer session hosted by The Guardian

The use of near-identical weasel-words by technology companies in their statements on the matter show they had been taking part in the program he said, but it now seems they are now beginning to work together to force disclosure of the extent of US domestic and international surveillance.

As for the US president, Snowden said he'd been heartened by Obama's election pledges (although it's claimed he contributed to Ron Paul's campaign), but that since taking office the administration has shut down investigations into rule-breaking and expanded surveillance programs in some cases.

Fixing the system

What's needed, Snowden said, is a special committee to review the current policy and the revocation of the 1953 State Secrets Privilege, which allows the government to exclude evidence from court proceedings on the grounds that it might impinge on national security. An independent regulator should oversee surveillance as a standard, he suggested.

"This disclosure provides Obama an opportunity to appeal for a return to sanity, constitutional policy, and the rule of law rather than men," Snowden stated. "He still has plenty of time to go down in history as the President who looked into the abyss and stepped back, rather than leaping forward into it."

The current filtering system used to ensure that illegal US domestic surveillance isn't being carried out is hopelessly outdated, he said. Technically, everything can be recorded, so restrictions on what analysts can access are based solely on IT policy. In practice that means data filters are set at "widest allowable aperture," and if data leaves US borders it's automatically scooped.

Snowden said data analysts view what's collected, and if US domestic users get scanned it's called "incidental collection". Under the FISA Amendments Act's section 702 provisions, a warrant isn't needed for this, and if material is valuable enough to become evidence, there's no need for a court hearing, just a form that needs to be filled out and rubber-stamped by a judge.

"If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time – and can be extended further with waivers rather than warrants," he said.

Outside audits of data collection did take place, he said, but they were "cursory, incomplete, and easily fooled by fake justifications." For example, Snowden claims that at Britain's GCHQ electronic surveillance headquarters, only 5 per cent of claimed audits were completed. The UK Prime Minister David Cameron has said the unit operates in a "proper framework of scrutiny."

He cited the performance of the US director of national intelligence, James Clapper, who at congressional hearings in March flatly denied that the NSA was keeping records on US citizens. Clapper has since said this is a semantic argument over the meaning of the word "collection".

The good news is that properly implemented encryption works to protect the content of voice and data being transmitted, Snowden said. The bad news is that endpoint security is usually so weak that the encryption can be beaten anyway.

I am not a crook

Claims that he is a Chinese spy are false, he stated, pointing out that if so he would have flown direct to Beijing and be "living in a palace petting a phoenix by now." NSA employees have to give 30 days of notice before foreign travel and are monitored, he said. He feared the Icelandic government could be forced to hand him over before the disclosures could be made public.

Taking a flight to Hong Kong gave him the "cultural and legal framework" to build his case (which one presumes is a nice way of saying that no one pushes China around), Snowden said, and he knew that if he stayed in the US, once the news broke he'd be getting the same fair and equitable treatment the authorities usually display in such circumstances.

"The US Government, just as they did with other whistleblowers, immediately and predictably destroyed any possibility of a fair trial at home, openly declaring me guilty of treason and that the disclosure of secret, criminal, and even unconstitutional acts is an unforgivable crime," he said. "That's not justice, and it would be foolish to volunteer yourself to it if you can do more good outside of prison than in it."

As for charges that he misstated his salary in early interviews Snowden said that the $200,000 he was paid to work on the NSA system was a peak salary point, and that he'd taken a pay cut to work for Booz Allen Hamilton in Hawaii.

The court order and PowerPoint presentation released so far don't uncover military operations, he said; they merely show that network operations are being carried out among millions of Americans and citizens in the rest of the world in the name of the war on terror. It's not OK to intrude on 100 per cent of the world just to nab the 5 per cent who might be dangerous, he asserted.

When asked about being branded a traitor on Sunday by Dick Cheney during a Fox News interview, Snowden replied that this was a bit rich coming from the former vice-president who oversaw the setting up of the current surveillance system and the Iraq war.

"Being called a traitor by Dick Cheney is the highest honor you can give an American, and the more panicked talk we hear from people like him, Feinstein, and King, the better off we all are," he said. "If they had taught a class on how to be the kind of citizen Dick Cheney worries about, I would have finished high school." ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
Adam Afriyie MP: Smart meters are NOT so smart
Mega-costly gas 'n' 'leccy totting-up tech not worth it - Tory MP
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.