I recently interviewed NSA whistleblower Edward Snowden for the Electronic Frontier Foundation’s Pioneer Awards, an event that recognizes those protecting freedom on the Internet. We chatted by Google Hangout because Snowden remains in Russia, stuck in international limbo after the U.S. revoked his passport in 2013.
Snowden, 32, is living a relatively normal life in Russia, and spending lots of time online. Like many a computer enthusiast, he’s a fan of the USA show Mr. Robot, saying he was impressed by the technology portrayed in the show, which is “more accurate than what you usually see on TV.”
He remains preternaturally eloquent, a computer geek who channels the founding fathers, regularly peppering his conversation with sayings like, “What people describe as privacy is actually liberty.” We did not talk about aliens, but did talk about why he’s not on Twitter (yet), his advice for other whistleblowers, his plans to vote for president by absentee ballot and why he’s not using Bitcoin.
This is our conversation, condensed and edited for clarity.
KH: In the first photos of you that appeared online, you had Tor and EFF stickers on your laptop. And a former NSA colleague said you used to wear the organization’s sweatshirt, with its parody of the NSA eagle clutching AT&T phone lines, to the office in Hawaii. Were you a member of the digital rights organization while working for the NSA?
ES: I was a member. I should re-up when I have access to traditional payment mechanisms again one day.
KH: I believe EFF accepts Bitcoin.
ES: I have to worry about even Bitcoin. Even if you tumble it, it’s a public ledger that can be traced back, so I’m skeptical about its use for someone in my situation.
KH: What do you see as the biggest win to come from your disclosures?
ES: It’s actually not in the courts. It’s public awareness. If you simply recited the facts of what we knew a few years ago, they would have said you were a conspiracy theorist, an insane radical that couldn’t be taken seriously, but now everybody knows. The fact that the government is intercepting communications of people not suspected of doing anything wrong is now fact.
If you simply recited the facts of what we knew a few years ago, they would have said you were a conspiracy theorist, an insane radical that couldn’t be taken seriously, but now everybody knows.
We’re at a dynamic today where we are becoming more and more accountable to a government that’s becoming less and less accountable to us. This showed the government that [public disclosures aren’t] the end of the world. When this first happened, government said hellfire was going to rain from the skies. It was going to be catastrophe, with blood on people’s hands. But now in 2015, the rhetoric has changed significantly because there hasn’t been any harm.
Hopefully we can have a more reasoned conversation and the government will realize they can involve us.
KH: Being based in San Francisco, when I look at the post-Snowden era, the biggest change I see is the radicalization of tech companies, with companies like Apple and Google now adding security features to their products that make it harder for the government to get access to their users’ information. But some observers feel that big companies, particularly telecoms, are responsible for the growth of these surveillance programs, cooperating on a vast scale. What’s your perspective on the role of corporate America?
ES: Industry is both an ally and an enemy when we talk about the protection of our digital rights. Some companies collect information about us that makes us vulnerable. Any tech company or any company that develops a rich enough dataset will get a knock on the door from the government.
Industry is both an ally and an enemy when we talk about the protection of our digital rights.
Companies have reevaluated and realized that people are concerned because their trust has been abused. This is worse for telecoms than Internet companies. With the Fairview program, they were eager to cooperate and profit from working against the best interests of their customers. Now they’re asking, ‘How do we work for our users instead of against them?’
But it’s all too easy for them to go back to the same habits and work in secret with the government without our awareness or consent as citizens or customers.
KH: How do we ensure we find out about that if that does happen?
ES: Put forth strong and reliable whistleblower protections so you don’t have to hope for these extraordinary acts of self-immolation that only come along every few years.
KH: What’s your advice for other would-be whistleblowers?
ES: Think it through. Think about the likelihood of impact and the likelihood of discovery. Think about the best and most careful way you can go about it that maximizes public good while mitigating any potential risks no matter how small and unrealistic. Because you will be held to an accountability standard that is extraordinary compared to that of your critics.
And remember you don’t have to be somebody special. No one expects you to be the leader of your field. Whistleblowers are elected by circumstance. More critical than who you are is what you see. Be conscious of what you’re witnessing every day. Think about what you’re party to and what you’re complicit in. Then think about what is right for you, what’s right for your family and what’s right for the world you want to live in.
KH: The last year has been filled with massive hacks: OPM, Sony Pictures, Ashley Madison, The Hacking Team. With their alleged vast surveillance of the Internet, why are spy agencies like the NSA not seeing or stopping these things?
ES: We have a National Security Agency that’s presumed for itself funding and authority that have placed it in a role of a National Surveillance Agency. Offense is more important than defense. They’re not actually keeping us safe or protecting critical systems and infrastructure, and that’s a role they could be playing.
We have a National Security Agency that’s presumed for itself funding and authority that have placed it in a role of a National Surveillance Agency.
KH: Instead of stealing credit cards, hackers are taking vast amounts of personal and business information. In some cases, like the Sony Pictures, Ashley Madison and Hacking Team hacks, the attackers describe themselves as vigilantes and post the information online to expose what they consider to be unethical or deplorable practices -- which is similar to the motivation of a whistleblower. How do you think they compare?
ES: I don’t think it’s reasonable to compare, for example, the Sony hack to the Hacking Team hack. One is developing tools to be sold to regimes to be used against journalists, human rights workers, and activists, versus a typical for-profit company.
We’ve seen digital activism, vigilante action that’s deserving of our disapproval. But there are rare cases where people who may have done something that’s unlawful but that is morally right.
KH: Concerns about surveillance don’t seem to be stopping people from putting more Internet-connected devices on their bodies and in their homes. Many of my friends are putting Nest Cams [Internet-connected, always-on cameras] in their homes. Given what you know about the government’s desire and ability to gather information from digital devices, what are your concerns about the Internet of Things?
ES: I can tell you that I haven’t put a Nest Cam in my home.
It’s a challenge, particularly given the sorry state of endpoint security today. It’s an opportunity if we do it right. But, unfortunately, the incentives aren’t really there for industry to do the best job it can at securing these things.
There’s a real danger that someone can basically burn your house down by hacking your thermostat or sparking some device, turning your toaster on. That’s a little bit alarmist, but the principle is that you stop being the one who really owns your things. Instead you’re accountable to the whims of people you can’t see that you don’t know, imposing their intents on your belongings.
KH: During your interview with Neil DeGrasse Tyson, you referred to sending information that’s not encrypted as sending it “electronically naked.” I love that visceral turn of phrase. And of course, one of the most popular interviews with you ever conducted was the one by John Oliver where he translated the bureaucratese of intelligence programs into which ones were “dick pic programs,” allowing our most sensitive communications to be intercepted. How important is language and use of metaphors when debating the structure of surveillance?
ES: I think this is one of the primary challenges facing groups like EFF. The language doesn’t work to our benefit. We’re dealing with extraordinarily complex ideas and programs and systems that we don’t really have the symbols to describe them in an elegant way.
And on the other side, the government wants to maintain privilege and power, and they’re working overtime to degrade language, rebranding assassinations as “targeted killings” and calling “mass surveillance” bulk collection. They’re trying to reduce understanding so people don’t get invested.
[Government is] working overtime to degrade language, rebranding assassinations as 'targeted killings' and calling 'mass surveillance' bulk collection. They’re trying to reduce understanding so people don’t get invested.
It’s really difficult for people without the resources to compete with that. What we do have on our side is truth. Eventually people find a way to call a spade a spade.
KH: Did John Oliver actually put a naked selfie in the folder he handed to you in that episode?
ES: I can neither confirm nor deny. I was sworn to secrecy, so I have to Glomar you.
KH: You’re obviously on the Internet a ton. Why are you not blogging or tweeting?
ES: One of the big challenges in the situation I’m in is that I have all these opsec routines that I follow. All the web publishing platforms have massive amounts of analytics embedded in them. Facebook, for example, databases how long you’re on each page, what posts you click on, what pictures you’ve seen, and they store this permanently.
Inevitably someone in a high risk situation like me is going to get owned.
Exploit codes [could be embedded] into the transactions I’m receiving from a legitimate service and compromise the security of my devices. I’ve been working for a long time on improving that and creating set-ups that are more robust and survivable when you do get owned. Because inevitably someone in a high risk situation like me is going to get owned. There’s nobody good enough to block every attack.
How do you limit the damage? How do you recover in the wake of a compromise? I’ve made a lot of strides in that and am looking forward to, hopefully, participating [on social networks] in a more open and active manner in the near future.
KH: So are you following the presidential debates? Are you going to be sending in an absentee ballot from Russia next year?
ES: I almost certainly will be.
Disclosure: Snowden serves on the board of directors of the Freedom of the Press Foundation, a non-profit headed by this author's partner.
Also on WorldPost: