The NSA whistleblower explained the importance of communicating securely, even for ordinary users who have “nothing to hide,” during a remote appearance at a recent event hosted by Ryerson University and Canadian Journalists For Expression.
The easiest way for government intelligence agencies and criminal hackers to surreptitiously access a user’s communications, Snowden said, is to capture the messages while in transit.
“It’s these sort of transit-interceptions that are the cheapest, the easiest, and they scale the best,” he said.
The only way to protect messages from being intercepted by malicious third-parties, he continued, is to communicate using a service that provides end-to-end encryption. That means that only the sender and the recipient are capable of reading the message. For anyone else, the message just appears as an unintelligible string of random letters and numbers.
Controversy over the bulk data-collection programs revealed by Snowden sparked a debate about government surveillance powers among lawmakers and the general public. For the first time since the Church Committee in the 1960s, a genuine public debate began about gathering intelligence for national security purposes and protecting the privacy rights of innocent citizens.
Finding a middle ground is challenging due to the classified nature of most surveillance programs, which is why those who err on the side of privacy have sought new means to secure their communications with legislative reforms.
The conversation around mass surveillance has created an opportunity for developers capable of delivering software that offers substantial privacy benefits. Encryption is no longer an accessory in these products, but rather the most prominently advertised feature. Personal security is the selling-point of many new communications tools.
Largely thanks to Snowden, privacy activists now count powerful corporate figures among their allies, including Apple CEO Tim Cook, who recently said, “None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right.”
Snowden’s message included an endorsement for Signal, an open-source, encrypted messaging tool for the iPhone. The service, which launched earlier this month, uses VoIP and the ZRTP protocol developed by PGP email encryption creator Phil Zimmermann.
“It’s very good, I know the security model,” Snowden said about Signal. “They don’t protect you from metadata association, but they do strongly protect your content from precisely this type of in-transit interception,” he said.
Signal also received an endorsement this week from Washington Post reporter Barton Gellman, one of the first journalists to publish a story based on Snowden’s material, who regularly gives talks on the importance of source protection.
My preferred voice/text channel is Signal, and I’m available on Pond, if I know you. GPG, OTR, Peerio, SecureDrop are listed in my profile.
— Barton Gellman (@bartongellman) March 3, 2015
As for Android options, Snowden suggested two programs, Redphone and TextSecure. Both are designed by Open Whisper Systems and both allow users to make encrypted phone calls and send secure text messages. The NSA, Der Spiegel revealed in December, classifies services like Redphone as a “threat” to surveillance.
The general idea, Snowden said, is for ordinary users to begin regularly using these technologies, thereby removing the stigma of encryption—the notion that people who desire privacy must be doing something wrong. With the stigma erased, he said, encryption will spread among those who truly need it, such as sensitive sources trying to communicate with journalists.
“What might get somebody thrown in jail for life in the West, will just get a bullet in the back of the head in a back alley in some of these countries,” Snowden said, highlighting the oppression that political activists and journalists face in Egypt, a U.S. ally. “We’re creating a kind of herd unity that helps protect everybody.”
Screengrab via Frederic Jacobs/YouTube