Bruce Schneier talking:
for most people, it’s pretty impossible to protect yourself online. The problem is, we don’t actually know the details of what exactly is being eavesdropped on and how. In my article, I give a bunch of suggestions on things you can do. Use encryption, because it’s better than nothing. Use products that are public domain, not controlled by large corporations, because they are less likely to be subverted. But these are all statements about playing the odds. We don’t know.
But we do know that the NSA is constrained by economics. If you look at their techniques, they tend to go for techniques that have bulk payoff. And if they can subvert every copy of Windows encryption, they get a lot. If they have to go into individual computers to steal secrets, that’s expensive. So the more you can do to raise the cost of being eavesdropped on, the safer you are.
And again, the question is, what is the economics? So, for example, a lot of our electronic commerce is based on public key cryptography SSL and something called certificates. Certificates are trusted keys signed by some trusted authority, generally a large company. If you can get that master signing key, you can use that to break quite a lot of security. So, there, that’s likely to be much more vulnerable. If it’s an individual key—let’s say you have a encryption key protecting a main office and a branch office, and it’s based on a key you generated yourself—for the NSA to get that, they have to go in and hack the computer. Now, they do that. They have teams for that. But that’s resource-limited. You know, presumably, they’re going to go after the highest-profile, highest-value targets first. So, again, the matter is making yourself more expensive to hack.
We’re seeing some new nationalism rise on the Internet. Countries like Russia, China, Iran, Tunisia are trying to push a Internet sovereignty nationalism movement that gives them the ability and permission to subvert the Internet on their citizens, whether it’s surveillance, whether it’s propaganda, whether it’s censorship. These are all on the rise. And the United States is, quite sensibly, pushing back against that, that we need a free and open Internet. At the same time, it turns out, they are doing these exact same things. And now, when we go into international meetings and say, “We need an open Internet, we need a free Internet,” the countries all look at each other and now going to say, “Well, you can’t trust the Americans.” And guess what? You can’t trust the Americans. So what the U.S. is doing is actually undermining U.S. efforts to maintain a free and open Internet. That’s very frustrating. It’s counterproductive. It’s damaging to us, to the world. And, you know, I wish it wasn’t so, but it turns out we are not being good stewards of the Internet.
We’ve already seen that with the leaks about PRISM. Facebook, Google, Microsoft, Apple are all pushing back, demanding to be allowed to talk about what they’re giving the NSA. The problem is, as you said, their credibility is ruined. We’re not going to trust Apple with our data if we think the NSA is going to get it. These companies are losing enormous business especially overseas and in the U.S. because of this, and they are no longer willing allies, because it hurts their credibility. Now these new revelations appear, and again, you’re going to see this public-private surveillance partnership splitting, as there’s pressure on the corporations to come forward, to be forthright, and to protect their customers and users.
So my hope is, as these stories come out, more will come out. Right? You know, these companies are not under confidentiality rules. They don’t have clearances. They’re cooperating either because they think it’s a good idea, because they’ve been coerced. But they can make their stories public. The more stories we know, the more we hear, the more we will hear, the more we’ll know what’s going on, and I think the more companies will start pushing back.
As security people, all of this we expected. I mean, there’s no real surprises here. What I guess is surprising is how pervasive it was, how large it was, and how much collusion there was between government and industry. We knew there was some, but we didn’t realize it was this incredibly widespread.
— source democracynow.org
Bruce Schneier, security technologist and an encryption specialist. He is a fellow at Harvard’s Berkman Center for Internet and Society. He has just written two articles for The Guardian: “How to Remain Secure Against NSA Surveillance” and “The U.S. government Has Betrayed the Internet. We Need to Take It Back.”