Ed Snowden does a good job of explaining the other side of the argument regarding modern privacy, namely the line of “Sorry, if you want security, privacy has to go a little bit. It’s the price we pay to keep this country safe”
The interview was mainly around the Windows vulnerability that was discovered by cyber attackers causing worldwide damage, but the twist being that the NSA knew about this vulnerability and had been using it to their advantage for a long time. The debate being: was that right?
Paraphrased transcript below regarding some meaty bits of this interview.
Privacy and security improve together. They are actually tied to each other. When one is reduced, the other is reduced. Surveillance and privacy are the contradictory factors. When surveillance increases, privacy decreases.
And unfortunately…when surveillance increases security typically decreases. Now that might not seem obvious at first glance, but when you think about how surveillance actually functions it becomes quite clear, particularly in the computer security context. Surveillance operates by observing, witnessing, and exploiting vulnerabilities. Whether that’s you walking out on the street where you can be observed, rather than within the four walls of your home, that’s exploiting a property where you are insecure, and using that for the interests of whoever runs the surveillance thing.
Now when we think about Internet surveillance this is particularly problematic, because the way internet surveillance works is the same way: communications that are being transmitted unencrypted as they cross the internet can be observed and captured, whether its by the criminal sitting next to you in Starbucks who is on your local wireless network sniffing communications that are going over the air, whether its telecommunications providers, who are seeing it as it crosses the switching points and then heads on to Facebook, whether it’s Facebook itself that’s mining these and then selling your data to advertising, advertisers making it available however they want, or whether it’s these governments themselves.
Maybe you trust the National Security Agency, maybe you think they are the champion of truth and justice in the enlightened world and that’s okay, but recognize that the Russian NSA is doing the same thing, the Chinese NSA is doing the same thing, the French, the German, you know, the Brazilian…this is happening around the world. And in a borderless network we need to be focused on security, on defensive measures more than we are focused on these offensive benefits of surveillance. Because when you cut those corners, when you focus exclusively on being able to watch people, on being able to attack adversaries, on being able to spy on people of interest, what you’re doing is you’re keeping those doors open that allow your adversaries to attack you in the same way. And this is precisely what Microsoft alleges the NSA did that led to the ransomware attacks of this weekend. They knew about this flaw—the National Security Agency—in US software, US infrastructure, hospitals around the world, these auto plants and so on and so forth, but they did not report it to Microsoft until after the NSA learned that that flaw had been stolen by some outside group, right?
We still don’t know the identity of the people who actually did this. But the problem is, had the NSA not waited until our enemies already had this exploit to tell Microsoft, and then Microsoft could begin the patch cycle, but instead told Microsoft when the NSA first learned of this critical vulnerability, we would have had years to prepare hospitals networks for this attack rather than a month or two, which is what we actually ended up with.