Edward Snowden has a piece of advice for you, the average American Internet user: Employ whatever encryption tools you have at your disposal to make the National Security Agency's job a little bit harder.
Snowden doesn't often speak to the public, given his status as an American refugee in Russia, but he appeared at South By Southwest Monday via Google Hangouts — and seven proxies — to encourage the people who create devices and software to make user security a priority.
"There's a policy response that needs to occur but there's also a technical response that needs to occur," Snowden said. "It's the makers, thinkers, and the development community that can help make sure we're safe."
The NSA's surveillance powers seem so far-reaching that fighting against them may well be an exercise in futility. Spies can track your phone calls, read your text messages, view your bank transactions and your e-mails, see your Web-browsing history, collect screenshots of your Yahoo webcam chats, and even eavesdrop on German Chancellor Angela Merkel's cellphone calls. The list goes on and on. And on and on.
If you're an NSA target, there is very little you can do to keep the agency out of your computer. But the majority of the data that spy agencies are collecting is completely innocuous, and there's no rhyme or reason as to why the intelligence community needs to collect or store that information. So how do regular folks avoid getting caught in the net? Encryption is the key, Snowden said.
Tools you can use
Full-disk encryption and network encryption, like SSL, are good places to start, but there are also tools like no-tracking browser plug-ins and Tor's anonymity software. Documents leaked by Snowden show that the NSA has attempted to breach Tor but has largely been unable to de-anonymize the network's users.
"We need to think about encryption not as this arcane black art but as a basic protection, the defense against the black arts in the digital realm," Snowden said.
There are more advanced encryption tools available, but they're built by geeks for geeks. The average consumer tends to use software that's familiar or comes preinstalled on the devices they buy.
"Most people aren't going to go out and download an obscure encryption [tool]," said Chris Soghoian, the American Civil Liberties Union's principal technologist, who spoke with Snowden at SXSW. "They're going to use the tools they already have: Facebook, Google, Skype. When Google turned on [SSL for Gmail], they made passive surveillance of users' communications more difficult for agencies. We need services to be building security in. That doesn't mean that small developers can't play a role. What I want is for the next WhatsApp or Twitter to use encrypted end-to-end communications."
Sign up for Computerworld eNewsletters.