This week at TED 2014 - The Next Chapter, the 30th anniversary of the conference series, Edward Snowden, Whistleblower, was invited to address the audience from Russia via the internet in a Q&A session Tuesday moderated by TED curator Chris Anderson, including a brief appearance by Tim Berners-Lee.
TED also offered the NSA equal time and later in the week was represented by Deputy Director of NSA Richard Ledgett, who appeared Thursday, also in a Q&A moderated by Anderson
Plenty of the usual TED celebrities like Bill & Melinda Gates, Larry Page and Charlie Rose appeared as well as some pleasant surprises such as Gabby Giffords and Mark Kelly, Chris Kluwe and the juggling Raspyni Brothers.
Unfortunately not all the videos are posted yet, but the Snowden and Ledgett sessions are, so south of the orange accident let's view and discuss this face-off.
I provide direct links to the talks on the "old" (low bandwidth) site as well as Interactive Transcripts from the new site. Unfortunately Daily Kos does not support TED embeds and I cannot access TED's YouTube channel so if someone can post the videos in the comments I appreciate it. I suggest everyone watch at least the Snowden and Ledgett videos before commenting and the extras from Christopher Soghoian and Mikko Hypponen if you have time.
Tuesday March 18 - Session 2 : Retrospect
Edward Snowden, Whistleblower
"Here's How We Take Back The Internet"
Page Link (old site)
Page Link (new site)
Transcript
Snowden is not a polished public speaker that shoots-out bullet points and bon mots to break the tension. Like a lot of coders, he tends to rattle-on stream of consciousness so it takes some patience and maybe a couple of rounds to catch his points, however, he has something important to say: we don't have to sacrifice privacy and freedom to police-state tactics to fight the bad guys, the interests of society and government are at odds here, and the internet is important to the world, not a private possession or playground of the USA.
Quotable :
"CA: Some people are furious at what you've done. I heard a quote recently from Dick Cheney who said that Julian Assange was a flea bite, Edward Snowden is the lion that bit the head off the dog. He thinks you've committed one of the worst acts of betrayal in American history. What would you say to people who think that?
ES: Dick Cheney's really something else. (Laughter) (Applause) Thank you. (Laughter) I think it's amazing, because at the time Julian Assange was doing some of his greatest work, Dick Cheney was saying he was going to end governments worldwide, the skies were going to ignite and the seas were going to boil off, and now he's saying it's a flea bite. So we should be suspicious about the same sort of overblown claims of damage to national security from these kind of officials. But let's assume that these people really believe this. I would argue that they have kind of a narrow conception of national security. The prerogatives of people like Dick Cheney do not keep the nation safe. The public interest is not always the same as the national interest. Going to war with people who are not our enemy in places that are not a threat doesn't make us safe, and that applies whether it's in Iraq or on the Internet. The Internet is not the enemy. Our economy is not the enemy. American businesses, Chinese businesses, and any other company out there is a part of our society. It's a part of our interconnected world. There are ties of fraternity that bond us together, and if we destroy these bonds by undermining the standards, the security, the manner of behavior, that nations and citizens all around the world expect us to abide by.
CA: But it's alleged that you've stolen 1.7 million documents. It seems only a few hundred of them have been shared with journalists so far. Are there more revelations to come?
ES: There are absolutely more revelations to come. I don't think there's any question that some of the most important reporting to be done is yet to come."
Asked, finally, what was his idea worth spreading:
CA: At TED, the mission is "ideas worth spreading." If you could encapsulate it in a single idea, what is your idea worth spreading right now at this moment?
ES: I would say the last year has been a reminder that democracy may die behind closed doors, but we as individuals are born behind those same closed doors, and we don't have to give up our privacy to have good government. We don't have to give up our liberty to have security. And I think by working together we can have both open government and private lives, and I look forward to working with everyone around the world to see that happen.
Thank you very much.
Thursday March 20 - Session 8 : Hacked
Richard Ledgett, Deputy Director, NSA
"The NSA responds to Edward Snowden’s TED Talk"
Page Link (old site)
Page Link (new site)
Partial (edited) Transcript
Richard Ledgett is the Deputy Director of the NSA, the senior ranking civilian with responsibility to direct NSA operations. Mr. Ledgett is obviously intimately knowledgeable about NSA activities and is a polished public speaker no doubt experienced selling the agency's official position; he occasionally represents the agency to the public in the media.
Ledgett's response is always focused and on-message and in addition to delivering the standard NSA talking points that have been religiously repeated since Obama gave his speech in January signaling full support of the agency and no significant changes, Ledgett took a shot at Snowden from a new angle: that Snowden has made it harder for legitimate whistleblowers.
Touché, Monsieur Directeur Adjoint.
The bulk of his remarks defend the necessity and legality of whatever the NSA is doing, and as has become customary, he welcomes the public dialogue in the USA and around the world and agrees it is important to discuss. He does this better than Obama, actually.
Quotable:
CA: So you’re saying that your access to information has been closed down. One concern is that the nature of its access was not legitimate in the first place. Describe to us the Bullrun program, in which it’s alleged that the NSA deliberately weakened security to get access.
RL: Legitimate foreign targets use the global telecommunications system, and let me say it’s a great system, it’s the most complex system devised by man. It’s a wonderful thing. It’s also used by those working against us and our allies. And in working against them I ned the capability to go after them. If we could make it so that all the bad guys used the same corner of the internet, if they all used badguy.com, that would be awesome, we could concentrate our capabilities there. That would be awesome. That’s not what happens. They’re trying to hide from the government’s ability to isolate and interdict their actions. We have to swim in the same space. (ED - more on that later)
- snip -
CA: Isn’t it also bad to deal a body blow to the American companies that have essentially given the world the Internet services that matter?
RL: It is. Companies are in as tough position as are we. We compel companies to provide information, just like every nation in world does. Every industrialized nation has a lawful intercept program compelling companies to provide information, and companies comply with those programs as they do in Russia, the UK, China, India or France, in any country you choose to name. The fact that these revelations have been broadly characterized as “you can’t trust Company A because your privacy is suspect with them” is only accurate in that it’s accurate with every other company in the world dealing with those countries in the world. It’s been marketed by countries, including some ally countries, that you can’t trust the US but “you can trust our telecoms because we’re safe.” They’re using that to counter the very large technology edge US companies have in the cloud.
- snip -
CA: A lot of information you’ve obtained has been metadata, not necessarily words, but it’s who people wrote to when and so forth. It’s been argued that metadata is more invasive than core data. In core data you present yourself as you want to be presented. With metadata who knows conclusions drawn. What do you make of that?
RL: I don’t really understand that argument. Metadata is important for a few reasons. It’s information that lets you find connections that people are trying to hide. So when a terrorist is corresponding with someone who’s not known to us but is supporting terrorist activities or violating sanctions, or is trying to hide activity because it’s because illicit, metadata lets you connect that. The alternative is less efficient and much more invasive to privacy, it’d be a giant collection of content. Metadata is privacy enhancing. We don’t grind out metadata profiles of average people. If you’re not connected to an intelligence target, you’re not of interest to us. (ED - my emphasis, new argument)
- snip -
CA: Yet when Congress discovered things that were being done, many were completely shocked. Is that not a legitimate reaction? Did they know exactly what you were doing?
RL: Congress is a big body. In the lower house there are 535 of them and they change out frequently. The NSA provided all relevant information to the oversight committees; the dissemination of information through Congress is something they manage. I would say that Congress members had the opportunity to make themselves aware, and a significant number of them, those assigned oversight responsibility, did have oversight. And you have chairs of those committees say that in public. (Ed - my emphasis)
And asked about his "idea worth spreading":
CA: So the other day I asked Edward Snowden for his idea worth spreading. What would be yours?
RL: Learn the facts. This is a really important conversation that impacts not just the NSA or the government, but you and the Internet companies. The issue of privacy and personal data is much bigger than government. So don’t rely on headlines or soundbites, or on one-sided conversations, That’s an idea worth spreading. We wear badges here, and the lanyard of those people who do crypto-analytic work says “look at the data.” So that’s my idea worth spreading: look at the data. (ED - my emphasis)
Hum ... look at the data. I have to ask: Would that be Mr. Lanyard looking at
my data, or would that be
me inspecting
NSA data?
Am I hallucinating, or did the Deputy Director of the NSA just offer to throw open the doors to me, a non-US Citizen, viewing his talk, so I can get the data?
Bonus Videos - answers before the questions were asked
If we wind back the clock to 2013, there are two other TED videos of relevance here and they are both (with others) linked to the Snowden and Ledgett pages. Both are speakers quite familiar to me and although these are not their most comprehensive and compelling talks available, this is a TED thingy so I'm cool with that.
Christopher Soghoian, ACLU
"Government surveillance — this is just the beginning"
Page Link (old site)
Page Link (new site)
Transcript
Chris Soghoian is an internet security researcher of note and presently working as an IT technologist for the ACLU, where, as he once put it, he "works with lawyers to sue the government. It's a fun job." Actually, before he was suing the government he was the government (Obama Administration) investigating Google, Facebook et al.
This 8 minute TED talk is a teaser fragment of a more extensive series of talks he presented to CCC and DEFCON in 2013 (check my last diary, it is posted there).
Here, I think Soghoian responds to Ledgett's quip about "badguy.com" in advance and in substance, so I offer that:
There's sort of a big problem with governments going into hacking, and that's that terrorists, pedophiles, drug dealers, journalists and human rights activists all use the same kinds of computers. There's no drug dealer phone and there's no journalist laptop. We all use the same technology, and what that means then is that for governments to have the capability to hack into the computers of the real bad guys, they also have to have the capability to hack into our devices too.
So governments around the world have been embracing this technology. They've been embracing hacking as a law enforcement technique, but without any real debate. In the United States, where I live, there have been no congressional hearings. There's no law that's been passed specifically authorizing this technique, and because of its power and potential for abuse, it's vital that we have an informed public debate.
Thank you very much.
Note it was delivered in August 2013 when the Summer of Snowden was just getting underway.
- next -
Mikko Hypponen, Security Expert, Chief Research Officer, F-Secure Corporation
"How the NSA betrayed the world's trust -- time to act"
Page Link (old site)
Page Link (new site)
Transcript
Mikko Hypponen is another notable IT security expert and famously outspoken on just about any subject he discusses. What I think he brings to the table here is a European perspective, and in fact, a Finnish perspective; living in the shadow of the USSR during the Cold War (last one, not new one), Finns are no strangers to spying and the geopolitics of superpowers using small countries as proxies.
This talk made some waves at the time it was delivered and became the clarion call of what is now a European rebellion against excess of the NSA and how it conflicts with EU sensibilities and law, something Mr. Ledgett seems to dispute.
Quotable:
The two most likely largest inventions of our generation are the Internet and the mobile phone. They've changed the world. However, largely to our surprise, they also turned out to be the perfect tools for the surveillance state. It turned out that the capability to collect data, information and connections about basically any of us and all of us is exactly what we've been hearing throughout of the summer through revelations and leaks about Western intelligence agencies, mostly U.S. intelligence agencies, watching over the rest of the world.
- snip -
And if you look back about the forecasts on surveillance by George Orwell, well it turns out that George Orwell was an optimist. (Laughter) We are right now seeing a much larger scale of tracking of individual citizens than he could have ever imagined.
And this here is the infamous NSA data center in Utah. Due to be opened very soon, it will be both a supercomputing center and a data storage center. You could basically imagine it has a large hall filled with hard drives storing data they are collecting. And it's a pretty big building. How big? Well, I can give you the numbers -- 140,000 square meters -- but that doesn't really tell you very much. Maybe it's better to imagine it as a comparison. You think about the largest IKEA store you've ever been in. This is five times larger. How many hard drives can you fit in an IKEA store? Right? It's pretty big. We estimate that just the electricity bill for running this data center is going to be in the tens of millions of dollars a year. And this kind of wholesale surveillance means that they can collect our data and keep it basically forever, keep it for extended periods of time, keep it for years, keep it for decades. And this opens up completely new kinds of risks to us all. And what this is is that it is wholesale blanket surveillance on everyone.
Well, not exactly everyone, because the U.S. intelligence only has a legal right to monitor foreigners. They can monitor foreigners when foreigners' data connections end up in the United States or pass through the United States. And monitoring foreigners doesn't sound too bad until you realize that I'm a foreigner and you're a foreigner. In fact, 96 percent of the planet are foreigners.
- snip -
So what do we actually know about the leaks? Everything is based on the files leaked by Mr. Snowden. The very first PRISM slides from the beginning of June detail a collection program where the data is collected from service providers, and they actually go and name the service providers they have access to. They even have a specific date on when the collection of data began for each of the service providers. So for example, they name the collection from Microsoft started on September 11, 2007, for Yahoo on the March 12, 2008, and then others: Google, Facebook, Skype, Apple and so on.
And every single one of these companies denies. They all say that this simply isn't true, that they are not giving backdoor access to their data. Yet we have these files. So is one of the parties lying, or is there some other alternative explanation? And one explanation would be that these parties, these service providers, are not cooperating. Instead, they've been hacked. That would explain it. They aren't cooperating. They've been hacked. In this case, they've been hacked by their own government. That might sound outlandish, but we already have cases where this has happened, for example, the case of the Flame malware which we strongly believe was authored by the U.S. government, and which, to spread, subverted the security of the Windows Update network, meaning here, the company was hacked by their own government. And there's more evidence supporting this theory as well. Der Spiegel, from Germany, leaked more information about the operations run by the elite hacker units operating inside these intelligence agencies. Inside NSA, the unit is called TAO, Tailored Access Operations, and inside GCHQ, which is the U.K. equivalent, it's called NAC, Network Analysis Centre. And these recent leaks of these three slides detail an operation run by this GCHQ intelligence agency from the United Kingdom targeting a telecom here in Belgium. And what this really means is that an E.U. country's intelligence agency is breaching the security of a telecom of a fellow E.U. country on purpose, and they discuss it in their slides completely casually, business as usual. Here's the primary target, here's the secondary target, here's the teaming. They probably have a team building on Thursday evening in a pub. They even use cheesy PowerPoint clip art like, you know, "Success," when they gain access to services like this. What the hell? (ED - emphasis mine)
- snip -
Because we have this thing called privacy, and if you really think that you have nothing to hide, please make sure that's the first thing you tell me, because then I know that I should not trust you with any secrets, because obviously you can't keep a secret. But people are brutally honest with the Internet, and when these leaks started, many people were asking me about this. And I have nothing to hide. I'm not doing anything bad or anything illegal. Yet, I have nothing that I would in particular like to share with an intelligence agency, especially a foreign intelligence agency. And if we indeed need a Big Brother, I would much rather have a domestic Big Brother than a foreign Big Brother. And when the leaks started, the very first thing I tweeted about this was a comment about how, when you've been using search engines, you've been potentially leaking all that to U.S. intelligence. And two minutes later, I got a reply by somebody called Kimberly from the United States challenging me, like, why am I worried about this? What am I sending to worry about this? Am I sending naked pictures or something? And my answer to Kimberly was that what I'm sending is none of your business, and it should be none of your government's business either. Because that's what it's about. It's about privacy. Privacy is nonnegotiable. It should be built in to all the systems we use. (ED - emphasis mine)
Mark Lippman has a series of diaries on the EU response worth reading.
'nuf said.