Snowden Ten Years Later
Matthew Green (in 2019, Hacker News):
Edward Snowden recently released his memoirs. In some parts of the Internet, this has rekindled an ancient debate: namely, was it all worth it? Did Snowden’s leaks make us better off, or did Snowden just embarass us and set back U.S. security by decades? Most of the arguments are so familiar that they’re boring at this point. But no matter how many times I read them, I still feel that there’s something important missing.
[…]
And while the leaks themselves have receded into the past a bit — and the world has continued to get more complicated — the technical concerns that Snowden alerted us to are only getting more salient.
[…]
What’s harder to present in a chart is how different attitudes were towards surveillance back before Snowden. The idea that governments would conduct large-scale interception of our communications traffic was a point of view that relatively few “normal people” spent time thinking about — it was mostly confined to security mailing lists and X-Files scripts. Sure, everyone understood that government surveillance was a thing, in the abstract. But actually talking about this was bound to make you look a little silly, even in paranoid circles.
That these concerns have been granted respectability is one of the most important things Snowden did for us.
Barton Gellman (in 2020):
Someone had taken control of my iPad, blasting through Apple’s security restrictions and acquiring the power to rewrite anything that the operating system could touch. I dropped the tablet on the seat next to me as if it were contagious. I had an impulse to toss it out the window. I must have been mumbling exclamations out loud, because the driver asked me what was wrong. I ignored him and mashed the power button. Watching my iPad turn against me was remarkably unsettling. This sleek little slab of glass and aluminum featured a microphone, cameras on the front and back, and a whole array of internal sensors. An exemplary spy device.
[…]
On the Gmail page, a pink alert bar appeared at the top, reading, “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.”
[…]
A dozen foreign countries had to have greater motive and wherewithal to go after the NSA documents Snowden had shared with me—Russia, China, Israel, North Korea, and Iran, for starters. If Turkey was trying to hack me too, the threat landscape was more crowded than I’d feared.
[…]
The MacBook Air I used for everyday computing seemed another likely target. I sent a forensic image of its working memory to a leading expert on the security of the Macintosh operating system. He found unexpected daemons running on my machine, serving functions he could not ascertain.
Via Bruce Schneier:
It’s an interesting read, mostly about the government surveillance of him and other journalists. He speaks about an NSA program called FIRSTFRUITS that specifically spies on US journalists. (This isn’t news; we learned about this in 2006. But there are lots of new details.)
Jessica Lyons Hardcastle (Hacker News):
The world got a first glimpse into the US government’s far-reaching surveillance of American citizens’ communications – namely, their Verizon telephone calls – 10 years ago this week when Edward Snowden’s initial leaks hit the press.
[…]
In the decade since then, “reformers have made real progress advancing the bipartisan notion that Americans’ liberty and security are not mutually exclusive,” Wyden said. “That has delivered tangible results: in 2015 Congress ended bulk collection of Americans’ phone records by passing the USA Freedom Act.”
[…]
Wyden also pointed to the sunsetting of the “deeply flawed surveillance law,” Section 215 of the Patriot Act, as another win for privacy and civil liberties.
That law expired in March 2020 after Congress did not reauthorize it.
[…]
One thing we do know about Section 702 is that it has been widely misused: more than 278,000 times by the FBI between 2020 and early 2021 to conduct warrantless searches on George Floyd protesters, January 6 rioters who stormed the Capitol, and donors to a Congressional campaign.
[…]
As EFF noted: “There are serious issues raised by this tool and by 12333 more broadly. Despite consistent calls for reform, however, very little has occurred and 12333 mass surveillance, using XKeyscore and otherwise, appears to continue unabated.”
Now, ten years later, I offer this as a time capsule of what those early months of Snowden were like.
I remember the week when articles based on these disclosures began showing up. I remember being surprised not by the NSA’s espionage capabilities — that much was hinted at — but by its brazen carelessness about operating at a scale which would ensure illegal collection. Snowden’s heroic whistleblowing gave the world a peek into this world, but it was ever so brief. There is little public knowledge of the current capabilities of the world’s most intrusive surveillance agencies — by design, of course — and even the programmes exposed by Snowden continue to be treated with extreme secrecy. My FOIA requests from that week remain open.
Previously:
- ODNI Report on Commercially Available Information
- Bypassing Little Snitch With Empty TCP Packets
- Archive of the Twitter Files
- Yahoo’s FISA E-mail Scan
- FBI Asks Apple for Secure Golden Key
- Apple and Privacy
- Apple Tangles With U.S. Over iMessage Data Access
- Google Photos
- The Logjam Attack
- Certifying Certificates
Update (2023-07-05): Robert at Objective Development:
Ten years after Snowden, ten years of activism and data protection laws have not made things better – rather the opposite. We leave digital traces everywhere and they can be exploited using methods that are legal even under today’s laws. With the advent of apps, digital services, and the IoT, more and more of our lives is taking place online. AI makes it all the easier to exploit these traces. And some players don’t even care about legality.
[…]
Use tools to protect your data. Choose browsers focusing on privacy, not on features. Choose your search engine carefully — after all, you share many of your thoughts with it. Use application firewalls like Little Snitch to visualize all those data connections which normally occur under the hood and to block those connections that undermine your privacy.