The Guardian has an interview with Eric Snowden, who seems to be coping with life in exile fairly well - I, spy: Edward Snowden in exile. The Guardian also has an update on Julian Assange, who seems to be planning some sort of collaboration with ex Manchester United star Eric Cantona - Julian Assange and Eric Cantona work out together – what can it mean?.
As the leaden skies darken beyond the net curtains, Snowden breaks to order a bowl of ice-cream (chocolate, vanilla and strawberry sorbet). Afterwards, he warms to his theme, explaining how he and his colleagues relied heavily on “metadata” – the information about our locations, searches and contacts that needed no warrants or court orders, but that betrays a huge amount about our lives. “To an analyst, nine times out of 10, you don’t care what was said on the phone call till very late in the investigative chain. What you care about is the metadata, because metadata does not lie. People lie on phone calls when they’re involved in real criminal activity. They use code words, they talk around it. You can’t trust what you’re hearing, but you can trust the metadata. That’s the reason metadata’s often more intrusive.”
What about his own digital habits? He won’t use Google or Skype for anything personal. Dropbox? He laughs. “They just put Condoleezza Rice on their board, who is probably the most anti-privacy official you can imagine. She’s one of the ones who oversaw [the warrantless wire-tapping program] Stellar Wind and thought it was a great idea. So they’re very hostile to privacy.” Instead, he recommends SpiderOak, a fully encrypted end-to-end “zero-knowledge” filesharing system.
Why should we trust Google any more than we trust the state? “One, you don’t have to. Association with Google is voluntary. But it does raise an important question. And I would say, while there is a distinction – in that Google can’t put you in jail, Google can’t task a drone to drop a bomb on your house – we shouldn’t trust them without verifying what their activities are, how they’re using our data.”
He is extremely alarmed by the implications of the NSA and GCHQ documents, which showed their engineers hard at work undermining the basic security of the internet – something that has also concerned Sir Tim Berners-Lee, the man credited with inventing the world wide web. “What people often overlook is the fact that, when you build a back door into a communication system, that back door can be discovered by anyone around the world. That can be a private individual or a security researcher at a university, but it can also be a criminal group or a foreign intelligence agency – say, the NSA’s equivalent in a deeply irresponsible government. And now that foreign country can scrutinise not just your bank records, but your private communications all around the internet.”
The problem with the current system of political oversight is twofold, he says. First, the politicians and the security services are too close: no politician wants to defy intelligence chiefs who warn of the potential consequences of being seen to be “weak”. And then there’s the problem that, in most societies, the job of monitoring the security agencies goes to the most senior politicians or, in the UK, retired judges – most of whom, he believes, do not have the technical literacy to understand what it is they should be looking for, or regulating.
“What last year’s revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default.” This has big implications for anyone using email, text, cloud computing – or Skype, or phones, to communicate in circumstances where they have a professional duty of confidentiality. “The work of journalism has become immeasurably harder. Journalists have to be particularly conscious about any sort of network signalling; any sort of connection; any sort of licence plate-reading device that they pass on their way to a meeting point; any place they use their credit card; any place they take their phone; any email contact they have with the source. Because that very first contact, before encrypted communications are established, is enough to give it all away.” To journalists, he would add “lawyers, doctors, investigators, possibly even accountants. Anyone who has an obligation to protect the privacy of their clients is facing a new and challenging world.”