Edward Snowden’s video feed may have been a bit muddled on Monday but his message to a South by Southwest (SXSW) Interactive audience was quite clear. Privacy and digital security are not dead, despite massive surveillance programs that the former National Security Agency (NSA) contractor exposed last year.



Snowden addressed the hip technology crowd via a Google+ Hangout on Air. The signal bounced between his undisclosed location in Russia and the conference in Austin, Texas, through a series of proxy servers designed to make it more difficult for anyone to disrupt his Web feed. A fugitive from the U.S. authorities, Snowden chose SXSW as the venue for his first live conversation with an audience because the gathering appeals to computer programmers and other technology professionals receptive to his message.



The U.S. government’s practice of widespread surveillance is a global issue that is “setting fire to the future of the Internet,” Snowden said. “And you people in this room are the firefighters.”



End to end

The good news is that there are solutions. The key is to make it more expensive and less practical for government agencies to engage in indiscriminate data collection campaigns that target anyone who goes online. Perhaps the best way to do this, he said, is to encrypt one’s data whether it is in storage on a computer or being sent across the Internet—so called “end-to-end” encryption. This would presumably force the government to spend more time determining whose data it wants to collect—in the hope that it targets those actually suspected of committing or plotting a crime rather than law-abiding folks.



Snowden pointed out several measures to the SXSW crowd that one could take to improve the security of their information and communication privacy. The first was full-disk encryption programs including Microsoft BitLocker, Apple FileVault, PGPdisk and TrueCrypt that typically create an encrypted volume on a computer’s hard drive or encrypt the entire hard drive using a key derived from a password typed in as part of the start-up process.



Snowden suggested that data in transit be encrypted using Secure Sockets Layer (SSL), a cryptographic protocol used to encode communications over TCP/IP networks such as the Internet. Another option is NoScript, a program for Firefox and other Mozilla-based browsers designed to protect them from malware on the Web. Snowden also mentioned Tor, which features a browser that routes users’ Web surfing activity through a network of relays run by volunteers worldwide, a process that makes it difficult to pinpoint a user’s location. Tor Browser, which is actually a modified version of Firefox, essentially anonymizes the origin of Web traffic by encrypting communications inside the Tor network.



Civil discourse

The American Civil Liberties Union (ACLU) hosted Snowden’s SXSW presence. Ben Wizner, director of the ACLU's Speech, Privacy and Technology Project and Snowden's legal advisor, moderated the discussion. He was joined onstage by Christopher Soghoian, principal technologist with the project.



Rather than blinding the NSA or prohibiting the government from going after suspects, the goal of such security is to keep agencies such as the NSA from spying indiscriminately on everyone, Soghoian said. If the NSA is forced to pick and choose its surveillance targets, the agency will need a good reason to either break encryption or sneak onto one’s device, he added.



Starting last summer, through a series of leaks made to select media outlets, Snowden shed light on several electronic surveillance programs previously unknown to the general public, including the PRISM program for gathering Internet-based communications such as e-mail and the Section 215 Telephony Metadata Program, so named after Section 215 of the PATRIOT Act. The NSA has defended its actions, saying it collects only metadata related to intercepted communications as opposed to the actual content of messages.



No defense

Snowden’s message today remains the same. So much U.S. wealth is based on intellectual property, yet the NSA and the intelligence community in general have prioritized wholesale data collection over resources to protect citizens’ data, he said.



Soghoian agreed, saying that the government has repeatedly pointed to cybersecurity as a threat to the nation yet leaves citizens to fend for themselves. “A system that was designed to be surveiled is just waiting to be attacked,” he said.



Now that more is known about the NSA’s practices, privacy advocates and security experts argue that the agency’s snooping has weakened national security rather than enhancing it. Some of the leaked information exposed the agency’s attempts to circumvent encryption, including the manipulation and weakening of a cryptography standard the National Institute of Standards and Technology (NIST) had issued several years ago. NIST later publicly discouraged tech companies from using that cryptographic approach and promised to give the public an opportunity to weigh in on a revised standard.



Leaker’s legacy

Tim Berners-Lee, the inventor of the World Wide Web, asked Snowden how supervision of massive data collection and storage could be improved. Snowden responded that Congress could but fails to perform its oversight role. He questioned why Congress didn’t initially challenge Director of National Intelligence James Clapper’s testimony about NSA spying, which Snowden called “a lie.” He also criticized the use of the Foreign Intelligence Surveillance Court for getting permission to set up surveillance, a process largely out of the public’s eye. “We need public oversight, trusted public figures and civil rights champions to advocate for us,” he said. “People who can tell Congress when they’re being lied to.”



Pres. Barack Obama made clear in his speech January 17 that he has no plans to cut back on the intelligence community’s efforts to gather and analyze large amounts of electronic communications. Changes will instead come in how the government oversees those efforts and where that information is stored. Perhaps the most tangible change to intelligence work addressed in Obama’s speech is the end of the Section 215 program—which enables the government to collect large volumes of metadata, including phone numbers as well as the time and duration of calls. The government will continue to collect such data, but won’t store it. Obama has asked the intelligence community and the U.S. attorney general to come up with alternative approaches before the program comes up for reauthorization on March 28.



Soghoian attributed a number of changes rippling throughout the government and industry to Snowden’s whistle-blowing. News articles based on the information that Snowden extracted from the NSA have “protected us from hackers at Starbucks and stalkers and identity thieves, not just bulk collection,” Soghoian said. “Regardless of what you think of what Ed did, we all have Ed to thank for this.”



Meanwhile, Snowden remains a man without a country. Russia has granted him asylum for a year—he can return to the U.S. only if he is willing to face charges of espionage and theft of government property.