"Undermining the Very Fabric of the Internet": Bruce Schneier on NSA’s Secret Online Spying
In an effort to undermine cryptographic systems worldwide, the National Security Agency has manipulated global encryption standards, utilized supercomputers to crack encrypted communications, and has persuaded—sometimes coerced—Internet service providers to give it access to protected data. Is there any way to confidentially communicate online? We speak with security technologist and encryption specialist Bruce Schneier, who is a fellow at Harvard’s Berkman Center for Internet and Society. He has been working with The Guardian on its recent NSA stories and has read hundreds of top-secret NSA documents provided by Edward Snowden. "I have resisted saying this up to now, and I am saddened to say it, but the U.S. has proved to be an unethical steward of the internet. The U.K. is no better. The NSA’s actions are legitimizing the internet abuses by China, Russia, Iran and others," wrote Schneier on Thursday.
This is a rush transcript. Copy may not be in its final form.
JUAN GONZÁLEZ: We continue our coverage of the latest revelations about the National Security Agency and how it has developed methods to crack online encryption used to protect emails, banking and medical records. Well, our next guest, Bruce Schneier, has read of top-secret NSA documents provided by whistleblower Edward Snowden. He’s just written two articles for The Guardian. One is called “How to Remain Secure Against NSA Surveillance.” The otheris headlined “The US Government Has Betrayed the Internet. We Need to Take It Back.”
AMY GOODMAN: Bruce Schneier joins us now via Democracy Now!video stream. He’s a security technologist and encryption specialist, as well as a fellow at Harvard’s Berkman Center for Internet and Society.
Bruce, welcome to Democracy Now!How can you protect yourself online?
BRUCE SCHNEIER:You know, for most people, it’s pretty impossible. The problem is, we don’t actually know the details of what exactly is being eavesdropped on and how. In my article, I give a bunch of suggestions on things you can do. Use encryption, because it’s better than nothing. Use products that are public domain, not controlled by large corporations, because they are less likely to be subverted. But these are all statements about playing the odds. We don’t know.
But we do know that the NSA is constrained by economics. If you look at their techniques, they tend to go for techniques that have bulk payoff. And if they can subvert every copy of Windows encryption, they get a lot. If they have to go into individual computers to steal secrets, that’s expensive. So the more you can do to raise the cost of being eavesdropped on, the safer you are.
JUAN GONZÁLEZ:What about this issue of the NSA trying to access the keys to encryption of various Internet and technology companies?
BRUCE SCHNEIER:And they are. And again, the question is, what is the economics? So, for example, a lot of our electronic commerce is based on public key cryptography SSL and something called certificates. Certificates are trusted keys signed by some trusted authority, generally a large company. If you can get that master signing key, you can use that to break quite a lot of security. So, there, that’s likely to be much more vulnerable. If it’s an individual key—let’s say you have a encryption key protecting a main office and a branch office, and it’s based on a key you generated yourself—for the NSA to get that, they have to go in and hack the computer. Now, they do that. They have teams for that. But that’s resource-limited. You know, presumably, they’re going to go after the highest-profile, highest-value targets first. So, again, the matter is making yourself more expensive to hack.
AMY GOODMAN:Bruce Schneier, you write, “I have resisted saying this up to now, and I am saddened to say it, but the U.S. has proved to be an unethical steward of the internet. The U.K. is no better. The NSA’s actions are legitimizing the internet abuses by China, Russia, Iran and others.” Explain.
BRUCE SCHNEIER:So this is a problem right now. We’re seeing some new nationalism rise on the Internet. Countries like Russia, China, Iran, Tunisia are trying to push a Internet sovereignty nationalism movement that gives them the ability and permission to subvert the Internet on their citizens, whether it’s surveillance, whether it’s propaganda, whether it’s censorship. These are all on the rise. And the United States is, quite sensibly, pushing back against that, that we need a free and open Internet. At the same time, it turns out, they are doing these exact same things. And now, when we go into international meetings and say, “We need an open Internet, we need a free Internet,” the countries all look at each other and now going to say, “Well, you can’t trust the Americans.” And guess what? You can’t trust the Americans. So what the U.S. is doing is actually undermining U.S. efforts to maintain a free and open Internet. That’s very frustrating. It’s counterproductive. It’s damaging to us, to the world. And, you know, I wish it wasn’t so, but it turns out we are not being good stewards of the Internet.
JUAN GONZÁLEZ:Do you see signs of a major pushback by American technology companies, who obviously are dependent on being able to sell their products internationally? For instance, Microsoft now, with these revelations about its cooperation with the government on its Outlook and other systems, whether they’re going to be basically rebelling now because their business model is going to be endangered by these continuing revelations?
BRUCE SCHNEIER:I think so. We’ve already seen that with the leaks about PRISM. Facebook, Google, Microsoft, Apple are all pushing back, demanding to be allowed to talk about what they’re giving the NSA. The problem is, as you said, their credibility is ruined. We’re not going to trust Apple with our data if we think the NSA is going to get it. These companies are losing enormous business especially overseas and in the U.S. because of this, and they are no longer willing allies, because it hurts their credibility. Now these new revelations appear, and again, you’re going to see this public-private surveillance partnership splitting, as there’s pressure on the corporations to come forward, to be forthright, and to protect their customers and users.
So my hope is, as these stories come out, more will come out. Right? You know, these companies are not under confidentiality rules. They don’t have clearances. They’re cooperating either because they think it’s a good idea, because they’ve been coerced. But they can make their stories public. The more stories we know, the more we hear, the more we will hear, the more we’ll know what’s going on, and I think the more companies will start pushing back.
AMY GOODMAN:Bruce Schneier, as we wrap up, what surprised you most about the NSA documents that were released?
BRUCE SCHNEIER:Yeah, it’s funny. As security people, all of this we expected. I mean, there’s no real surprises here. What I guess is surprising is how pervasive it was, how large it was, and how much collusion there was between government and industry. We knew there was some, but we didn’t realize it was this incredibly widespread.
AMY GOODMAN: We want to thank you for being with us, and we look forward to speaking to you again, Bruce Schneier, security technologist, encryption specialist, fellow at Harvard’s Berkman Center for Internet and Society, recently wrote an article for The Guardian, “How to Remain Secure Against NSA Surveillance.” We’ll link to it at democracynow.org.