Feeds

Snowden speaks: NSA spies create 'databases of ruin' on innocent folks

'Not all spying is bad' but bulk collection has to go, says whistleblower in web chat

Protecting users from Firesheep and other Sidejacking attacks with SSL

Ex-NSA contractor turned whistleblower Edward Snowden used his first public Q&A to call for the US to lead a global initiative to ban mass surveillance of populations. He also wants governments to ensure that intelligence agencies can protect national security while not invading everyday privacy.

"Not all spying is bad. The biggest problem we face right now is the new technique of indiscriminate mass surveillance, where governments are seizing billions and billions and billions of innocents' communication every single day," he said.

"This is done not because it's necessary - after all, these programs are unprecedented in US history, and were begun in response to a threat that kills fewer Americans every year than bathtub falls and police officers - but because new technologies make it easy and cheap."

Snowden said the vast amounts of data being stored about everyone is harmful in two key ways. Firstly, the fear that everything is being recorded will change our personal behavior for the worse, and secondly that the data amounted to "databases of ruin", storing embarrassing or harmful details can be plucked out in retroactive investigations.

As for the decision to go public, Snowden said he had no choice. Contractors are not covered under existing whistleblowing statutes and said that although some NSA analysts were very concerned about the situation, no one was prepared to put their careers on the line.

He cited the experience of Thomas Drake as an example of what the agency does to those that complain. Drake went public with the NSA's decision to spend billions on a bulk data collection system called Trailblazer rather than use a more targeted and cheaply built internally developed scanning tool called ThinThread.

Drake was arrested and charged with breaking the Espionage Act (similar to the charges Snowden himself faces for leaking thousands of top-secret documents) and was offered multiple plea offers involving prison time. Just before the trial the government dropped most charges, and Drake agreed to cop to one misdemeanor count for exceeding authorized use of a computer.

As for press reports in which serving intelligence agents made threats against his life, Snowden said he found them discouraging rather than frightening.

"That current, serving officials of our government are so comfortable in their authorities that they're willing to tell reporters on the record that they think the due process protections of the 5th Amendment of our Constitution are outdated concepts. These are the same officials telling us to trust that they'll honor the 4th and 1st Amendments. This should bother all of us," he said.

Snowden denied stealing coworkers' passwords to get the NSA files, and said that press reports that he had hacked into his colleagues' systems in order to obtain the files were wrong. Great care had been taken to make sure staff were not be compromised by the information that has been released, he said.

"Returning to the US, I think, is the best resolution for the government, the public, and myself, but it's unfortunately not possible in the face of current whistleblower protection laws, which through a failure in law did not cover national security contractors like myself," he said.

"The hundred-year old law under which I've been charged, which was never intended to be used against people working in the public interest, and forbids a public interest defense. This is especially frustrating, because it means there's no chance to have a fair trial, and no way I can come home and make my case to a jury."

In an interview with MSNBC on Thursday, the US attorney general Eric Holder said offering Snowden amnesty was "going too far." He also declined to refer to Snowden as a whistleblower, saying he preferred the term "defendant."

"We've always indicated that the notion of clemency isn't something that we were willing to consider. Instead, were he coming back to the US to enter a plea, we would engage with his lawyers," Holder said. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.