Video Irony meters exploded when NSA whistleblower Edward Snowden, addressing the SXSW conference via video link today, urged programmers to encrypt their data to protect it from, er, prying eyes.

Snowden wraps himself in US constitutions

Snowden, a former CIA technician, addressed the audience in Austin, Texas, in a live broadcast using Google Hangouts, given the web giant's involvement with surveillance of the population. He claimed government spies were "setting fire to the future of the internet."

But the SXSW organizers joked that Snowden's video signal, presumably originating from somewhere in Russia, was being bounced off "seven different proxies" before hitting the Chocolate Factory's video chat software. In an hour-long session, Snowden discussed the state of surveillance, how it could be countered, and took questions from the public – including a query from Sir Tim Berners-Lee, who asked for the "privilege" of the first question.

"Your actions were profoundly in public interest. If you could design a system from scratch, an accountability system for governance over national security agencies, what would you do," the World Wide Web creator asked during the webcast's Q&A.

"It's clear that intelligence agencies are going to be using the internet to collect information from all of us, is there any way we can make oversight more accountable and improved?"

Snowden said there were technological measures that could be used – tools to encrypt communications and thwart tracking, for example – but the biggest issue was in layer eight of the network: in other words, the difficulty in getting ordinary people to use technology effectively and the politics preventing that from happening. Crypto and privacy systems are useless if humans won't, can't or are forbidden from using them properly.

As an example of the political problem, the whistleblower highlighted the fact that the US director of national intelligence James Clapper misled US Congress and suffered no rebuke. Snowden accused congressional overseers of failing to protect privacy and "cheerleading for the NSA."

What was needed, he said, was for independent public figures to have an oversight role in the intelligence community. They are needed to scrutinize spies and Congress, and make sure they are being honest. But internet users need to be responsible, too.

Gear up, it's encryption for all

On a most basic level, the only way forward to combat mass surveillance is for a corresponding mass encryption of data, Snowden said. The NSA has poured money into cracking algorithms and protocols, and has managed to subvert a few too, but the agency was thwarted by the sound mathematics at the heart of every good cipher; strong cryptography exists and should be relied upon.

Snowden said that strong crypto will hold until "concepts of mathematics and physics change on a fundamental level."

He advised netizens to ensure their hard drives and all their network connections are securely encrypted end to end so as to avoid mass surveillance. Doing so would force government eavesdroppers to focus on compromising particular targets rather than operate today's planet-wide dragnets, which effortlessly pull in pretty much everyone's unprotected internet traffic – whether or not they were suspected of any wrongdoing.

Ciphering everything would derail that approach by making it too costly or too much hassle for government snoopers.

Thus, while almost no one can stop the NSA actively hacking your PC and stealing your secret keys, he said, just adding basic encryption on a mass scale could vastly improve the situation for millions of spied-upon innocents. And that needs developers to step up to the plate.

"There's a technical response that needs to occur. It's the makers, it's the thinkers, it's the development community that can really craft the systems to make sure we're safe," Snowden told the conference. "This is a global issue. They are setting fire to the future of the internet and the people who are in this room now are the firefighters and we need you to help us fix this."

Developers can help enforce standards of privacy even though the US Congress hasn’t got around to enforcing them, Snowden said. Software needs to pass a Glen Greenwald stupidity test, the ex-contractor added, referring to the careful coaching he had to give the journalist in how to communicate securely using PGP before he could leak a cache of top-secret documents about the US and UK's online surveillance programs.

"This is something people have to be able to access and really the way we interact with it now is not good," Snowden said.

"If you have to go to the command line people aren’t going to use it. If you have to go three menus deep, people aren’t going to use it. It has to be out there, has to happen automatically, and it has to happen seamlessly."

Video: The US has the most to lose from mass snooping

When the bulk of the population is using proper encryption, the mass surveillance of law-abiding folk by intelligence agencies around the world will be severely curtailed, Snowden said. The US had to take a lead in this because it sets the standard for the rest of the world and because it has the most to lose, politically and commercially.

Snowden accused two former heads of the NSA, in power during the days after the September 11, 2001, of dropping the ball and focusing the agency too strongly on attacking intelligence sources rather than sticking to the original role of defending US networks.

"When you are the one country in the world that's sort of a vault, that's more full than anyone else's, it doesn’t make any sense for you to be attacking all day and never defending your home vault," Snowden said. "It makes even less sense that the standards for securing vaults worldwide should have a big back door that anybody can walk in through."

The knock-on effects of the NSA's activities also mean US companies are getting hurt, Snowden said. Almost all of Earth's data runs through US networks or software at some point, and if people around the world don't have confidence in the privacy of communications enabled by US firms then they will vote with their feet.

Snowden said he had no problem with commercial companies collecting personal data, since they had to publish legally enforceable terms and conditions on its use. But the US government is not controlled by any such sanction, and for that reason it has to be reined in.

Today's mass surveillance programs don’t even work: Snowden claimed two government reports have shown that the NSA's data collection system has only found one dodgy transaction – a $8,500 donation to Somalia from a US taxi driver.

All the data slurping in the world didn’t single out and flag up the alleged leader of the Boston bombers, despite Russian intelligence warning the US about him, and it also failed to pick up Umar Farouk Abdulmutallab (a man now forever doomed to bear the sobriquet "the failed underpants bomber") despite a warning to the CIA by the chap's own father.

Channel community shares the blame

Another big part of the problem is that the NSA isn't doing much of this stuff itself, Snowden said. The agency maintains a core staff but outsources to contractors who tout huge, costly surveillance systems to the agency.

This gives the contractors enormous influence within the NSA, Snowden said. Back when he was in such a role, Snowden was writing position papers and recommendations that were treated on the same level as those from NSA staffers, but there was no oversight on his actions.

"They are saying, 'we can do this and that,' but it doesn't serve the public interest. The government has changed its talking points on this away from the public interest to the national interest," he said.

"We should be concerned about that. When the national interest of the state becomes distinct form the public interest and what benefits the people then we really are at a point where we have to marry those up or it gets harder and harder to control within a representative democracy."

Youtube video of Snowden's appearance at SXSW

Snowden said that while at the CIA he had sworn an oath to defend the constitution of the US and had seen it "violated on a massive scale." He denied putting lives in danger or passing any intelligence information to foreign governments, and said no matter what happened to him he had no regrets.

"The interpretation of the constitution had been changed in secret from no unreasonable search and seizure to 'Hey, any seizure is fine, just don’t search it,' and that's something the public ought to know," he concluded, referring to the NSA's practice of storing a record of everyone's private lives on disk – just in case, like. ®

Related stories

• Anonymous: Why we're PICKETING Glenn Greenwald's book tour (14 May 2014)

  https://www.theregister.com/2014/05/14/anonymous_greenwald_book_tour_boycott_paypal14/

• Immigration Dept: we have NO IDEA how many people saw asylum-seeker data (30 April 2014)

  https://www.theregister.com/2014/04/30/immigration_dept_we_have_no_idea_how_many_people_saw_asylumseeker/

• Data retention: encryption won't protect you much (28 April 2014)

  https://www.theregister.com/2014/04/28/data_retention_encryption_wont_protect_you/

• Oz Ombudsman calls for wiretap oversight (24 April 2014)

  https://www.theregister.com/2014/04/24/oz_ombudsman_calls_for_wiretap_oversight/

• Oz crime-busters' calls for data retention get louder (23 April 2014)

  https://www.theregister.com/2014/04/23/oz_crimebusters_calls_for_data_retention_get_louder/

• Edward Snowden on his Putin TV appearance: 'Why all the criticism?' (18 April 2014)

  https://www.theregister.com/2014/04/18/edward_snowden_on_his_putin_tv_appearance_why_all_the_criticism/

• Snowden lawyer PGP email 'crack' flap: What REALLY happened? (10 April 2014)

  https://www.theregister.com/2014/04/10/pgp_email_leak_mystery_snowden_greenwald/

• iiNet to Senate committee: metadata retention an expensive joke (3 April 2014)

  https://www.theregister.com/2014/04/03/iinet_to_senate_committee_metadata_retention_an_expensive_joke/

• Australia's opposition backs warrantless metadata collection (30 March 2014)

  https://www.theregister.com/2014/03/30/australias_opposition_backs_spooks/

• That NSA denial in full: As of right now, we're not pretending to be Facebook or Twitter (14 March 2014)

  https://www.theregister.com/2014/03/14/nsa_denies_spoofing_companies_in_surveillance_work/

• NSA's TURBINE robot can pump 'malware into MILLIONS of PCs' (12 March 2014)

  https://www.theregister.com/2014/03/12/snowden_docs_show_nsas_malware_turbine_can_pump_out_millions_of_malware_attacks/

• Euro cops on free Wi-Fi not-so-hotspots: For pity's sake, don't use them for email (10 March 2014)

  https://www.theregister.com/2014/03/10/wifi_insecurity_reminder/

• Putin to battle Snowden for Nobel Peace Prize (5 March 2014)

  https://www.theregister.com/2014/03/05/nobel_peace_prize/

• Anti-snoop Blackphone hits shelves in June: NOW we'll see how much you value privacy (3 March 2014)

  https://www.theregister.com/2014/03/03/blackphone_privacy_analysis/

• Labour calls for BIG OVERHAUL of UK super-snoop powers in 'new digital world' (3 March 2014)

  https://www.theregister.com/2014/03/03/labour_shadow_home_sec_yvette_cooper_calls_for_reforms_on_state_surveillance/

• Government-built malware running out of control, F-Secure claims (28 February 2014)

  https://www.theregister.com/2014/02/28/governmentbuilt_malware_running_out_of_control_fsecure_tells_trustycon/