Pinterest Stumbleupon Whatsapp
Ads by Google

When Edward Snowden and John DeLong, Director of the NSA’s Commercial Solutions Center, both appeared on the schedule for a recent symposium, people started speculating.Would they be having a debate? Is the NSA back-tracking on their campaign to paint Snowden as a traitor? Has anything changed?

I watched both Snowden’s and DeLong’s presentations, and here’s what I learned.

What Actually Happened

Some people who have written about the symposium have characterized it as a debate between Snowden and DeLong, but I think “debate” is a misnomer. Edward Snowden spent time speaking with Bruce Schneier (check our interview with Bruce Security Expert Bruce Schneier On Passwords, Privacy and Trust Security Expert Bruce Schneier On Passwords, Privacy and Trust Read More for some interesting insights), a prominent figure in the cryptography and privacy fields, via Google Hangouts. After their talk was over, DeLong took the stage for his presentation.

snowden-schneier-harvard

While they addressed a few of the same things, it seemed to me that each talk had a focus that was distinct from the other (I’ll go over them in more detail below). In a way, some of the things that DeLong said could be interpreted as a response to the points made by Snowden and Schneier, but it seemed to me that Snowden was there to talk about a range of things, from cryptographic technology to the difference between passive and active intelligence operations.

DeLong, on the other hand, was addressing the issues of compliance and monitoring at the NSA and the need for transparency and widespread discussion over a number of issues. And yes, as some people have pointed out, he also spent some time defending the NSA’s actions. I’d hesitate to call his speech as a defense of the NSA, though. While their topics overlapped, the two speakers definitely seemed to come there with their own agendas, and not seeking to simply debate or discredit the other.

Ads by Google

What Did They Say?

If you want to see the entire conversation between Snowden and Schneier, you can watch the video below. It’s an hour long, but it’s a great conversation about the state of cryptography, some failures of the compliance and transparency programs at the NSA, and the culture of the intelligence community.

One of the things that stood out to me was that both Snowden and Schneier took the time to point out that cryptography works. When properly implemented, cryptographic protocols like TOR, PGP PGP Me: Pretty Good Privacy Explained PGP Me: Pretty Good Privacy Explained Read More , AES, and Blowfish are extremely secure. Nothing is completely uncrackable, but these open-source, peer-reviewed protocols are the best tools we have (at least until quantum computing changes the science of cryptography Quantum Computers: The End of Cryptography? Quantum Computers: The End of Cryptography? Quantum computing as an idea has been around for a while - the theoretical possibility was originally introduced in 1982. Over the last few years, the field has been edging closer to practicality. Read More ).

This is one of the reasons why many governmental attempts to get at encrypted data don’t actually involve cracking the encryption; instead of going “through the wall,” they go around it by using keyloggers Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More , identifying weak encryption keys, compelling companies to share data The Privacy Mine: National Security Letters and Warrant Canaries Explained The Privacy Mine: National Security Letters and Warrant Canaries Explained Read More , and other similar methods.

Similarly, if there’s unencrypted data out there—on the servers of a telecommunications company, for example—it’s much easier to simply demand that data or go through a backdoor to get it than to get encrypted data and decrypt it without the keys. Passive collection of data is cheap and significantly easier for governments to implement on large scales than active cyber attacks.

bruce-schneier-harvard

However, Schneier brought up the point that the NSA seems to be losing their aversion to risk, and are performing more brazen attacks (as are many other countries around the world as the technologies required to do so become easier to acquire). Similarly, Snowden maintains that the NSA “is much less defensive than they’ve ever been before, and a much higher proportion of the efforts is committed to offense.”

One of the most important things that Snowden said in his presentation is that the people that he worked with, the people who are manning thousands of NSA computer terminals around the world, “aren’t bad people or villains,” but that a “culture of impunity” has developed over time. “[T]hey think they can do anything because it’s for a just cause; when meaningful judicial oversight is lost, you get a very different quality of decision when decisions need to be made.”

There’s a lot more to be learned from this conversation, and I highly recommend checking out the video.

john-delong-harvard

When John DeLong took the stage, he immediately made it clear that he wasn’t there to engage in a point-by-point debate, and framed his discussion as focusing on both the need for widespread discussion between previously disparate groups and the requirements of compliance and transparency at the NSA. As the former Director of Compliance for the organization, DeLong is certainly qualified to talk about these issues.

A major theme of the talk was the difficulties that are faced when engineers, mathematicians, lawyers, and policy makers try to have a discussion about the sorts of decisions that need to be made at the NSA. Each group speaks a different language, has different priorities, and brings a different viewpoint to the discussion. As things stand now, these discussions often happen at the end of the project process, but DeLong called for these conversations to happen from the beginning to keep everyone on the same page.

Much of his talk centered around this idea: that different types of people (including the public) should be involved in many sorts of conversations to help define privacy in a networked world and encourage the NSA to stick to its rules about transparency.

DeLong pointed out several times, however, that compliance officers, independent panels, and other individuals have been impressed with the NSA’s attempts to police itself when it comes to potential privacy violations. He specifically mentioned Professor Jeffrey Stone, who wrote on Huffington Post:

I came away from my work on the Review Group with a view of the NSA that I found quite surprising. Not only did I find that the NSA had helped to thwart numerous terrorist plots against the United States and its allies in the years since 9/11, but I also found that it is an organization that operates with a high degree of integrity and a deep commitment to the rule of law.

Similarly, DeLong used an extended metaphor about cooking and the NSA’s actions, finishing with “let’s not confuse the recipe with the cooking.” If I’ve interpreted the metaphor correctly, he was saying that while the rules and ideas behind the actions taken by the NSA The NSA Can Spy On Almost Everybody, Google Buys Songza, And More... [Tech News Digest] The NSA Can Spy On Almost Everybody, Google Buys Songza, And More... [Tech News Digest] Online book sales have overtaken retail book sales, the UK is investigating the Facebook experiment, IFTTT makes Yo useful, Oculus Rift experiment gives third-person perspective, and Google tests our general knowledge with Smarty Pins. Read More may not always have been in the best interest of privacy, they have resulted in positive outcomes, such as preventing terrorist attacks against the United States. The collection of metadata What Can Government Security Agencies Tell From Your Phone's Metadata? What Can Government Security Agencies Tell From Your Phone's Metadata? Read More is one thing that he mentions specifically.

When asked about Edward Snowden, DeLong repeated a line that he’s used before: “I think we need to let the wheels of justice turn.” Considering some of the previous things we’ve heard government officials say about him, I’d call this pretty mild. If you’re interested in DeLong’s defense of certain issues, or the things that Snowden and Schneier have to say about cryptography, you should watch the videos above.

What Can We Learn from These Discussions?

While it’s clear that Edward Snowden and John DeLong disagree on some key issues—the defensive versus offensive nature of the NSA, the justifiability of spying on US citizens Your Interest in Privacy Will Ensure You're Targeted By The NSA Your Interest in Privacy Will Ensure You're Targeted By The NSA Read More —it seems to me that their presentations, taken together, form a very positive message. Yes, Snowden called out the NSA and GCHQ on some bad stuff. And yes, DeLong was probably cherry-picking his statistics.

But Snowden’s assertion that the people who work for NSA aren’t bad people, and that they’re simply working in an environment that’s highly conducive to privacy violations, is encouraging. He may be calling for some sweeping changes, but at no point has he said that the NSA as an organization is a terrible thing, or that it’s not doing work that’s in the country’s best interest.

Similarly, DeLong’s discussion of our need for a number of different voices in discussions about privacy going forward is very valuable; we currently have intelligence officers working with mathematicians on one side, lawyers and politicians on the other, and the public thrown under the bus. By bringing all of these groups together to not only monitor the processes at work, but also to re-create them, we’ll be able to seek a balance between the best interests of the public and the security interests of our country.

table-discussion

When it comes down to it, one thing that DeLong said really sticks with me: that we need to “break out of the self-reinforcing circles that might in the short term make us feel more comfortable but in the long term don’t really advance moving us forward in the art and science of privacy.” This is true both of Snowden supporters and backers of the NSA.

The time for discussing whether Snowden is a hero or a villain is over, and the NSA knows it. Now’s the time to take the information that we have and use it to create a better system.

Have you seen Snowden’s and DeLong’s presentations? What did you think? Does it seem like the NSA is moving away from villainizing Snowden? Are they taking the proper steps toward compliance and transparency? Share your thoughts below!

Image credits: Group of business people discussing via Shutterstock.

  1. Dan
    February 23, 2015 at 10:18 pm

    I find DeLong's presentation an unconvincing whitewash. When push comes to shove, the NSA's "thwarted" "terrorist threats" aren't. Meanwhile, his agency has eroded the civil liberties of Americans, subverted and broken the law, operate with impunity, and for all of us living outside the halo of the American constitution, targeted all of complete and unfettered surveillance. This we cannot abide.

    As for the Snowden-Schneier conversation, it has some new points, but most information has been revealed before.

    And please, quantum computing is not the death knell of cryptography. With classical computers, a 256 bit AES cipher has 2^256 possible keys, and thus has 2^256 cryptographic strength. With quantum computers it would (theoretically) be reduced to 2^128, which will still take a gazillion years to brute force. And while current public key algorithms are suceptible to quantum computers, increasing the key size can still make it impractical to attacks. Also, there are already post-quantum PKC systems that will be resistant to quantum computers.

    • Dann Albright
      February 25, 2015 at 10:16 am

      I wasn't super convinced by DeLong either, though I don't have any evidence on which to dismiss his claims that some threats have been averted. And I agree about the Snowden conversation; not much was new, but it's still cool to see two of the big names in cryptography talking on stage, especially when they share that stage (spatially, if not temporally) with a member of the NSA. I'll be interested to see how their interactions play out in the future.

      Thanks for your comment!

  2. Dmitry
    February 23, 2015 at 8:20 pm

    What i remember well from my studies of recent history is that SS and Wehrmacht had great share of people who could be called good. But crimes they committed in service of those organiztion and Reich are something we still conisder nightmare (and yes, despite some propaganda told during Cold War - WM was committing atrocities in same legaue with SS including mass murders of civilians and killing jewish PoWs right at hand).
    Since 1946 being 'good guy' includes no 'i just followed orders' justification, whie 'i'd acted inside my rights and responsibilities' could be interpreted as aggravating circumstances.

    And even if NSA wasn't part of Empire of Lies, question would remain - Quis custodiet ipsos custodes?

    • Dann Albright
      February 24, 2015 at 7:49 pm

      I'm not totally sure that I follow your World War 2 references, but I think I agree with you that "I was just following orders" is not an acceptable excuse.

      Also, I don't know any Latin (pretty sure I'm not in the minority on that one!), but I assume that question translates roughly to "who's watching the watchers?" If that's right, that's a really important question, and one that's been on a lot of minds lately. The need for impartial judicial oversight of intelligence agencies is one that a lot of people are pushing for. Hopefully the kinds of conversations that we're having right now will encourage the government to put them in place, but I'm a big skeptical that impartiality can be maintained in the sorts of circumstances that agencies like the NSA deal with.

      Anyway, thanks for reading, and your comment!

    • dragonmouth
      February 24, 2015 at 9:43 pm

      "Hopefully the kinds of conversations that we’re having right now will encourage the government to put them in place"
      Any demands for oversight will be countered with "Obviously you must favor terrorism and/or child pornography if you want to control our actions." Just as during the 1950 if you were against the methods of Sen. Joseph McCarthy, you obviously were a filthy, pinko commie, today if you are for oversight, you are a terrorist sympathizer.

    • Dann Albright
      February 25, 2015 at 10:13 am

      dragonmouth, I understand where you're coming from here, but I just can't sit down and say "well, no one's going to listen, so we shouldn't waste effort on trying to make a change." Every once in a while, the voice of the people makes a difference. It might not in this case, but I think it's worth a shot.

  3. DonGateley
    February 23, 2015 at 6:45 pm

    Thanks, Dann. Excellent article. The longer, deeper articles I'm seeing lately on MUO are changing its nature in a very positive way.

    • Dann Albright
      February 23, 2015 at 6:53 pm

      I'm flattered by your comment! I've really been enjoying doing the more investigative- / journalistic-type pieces lately, and I know that a lot of other authors have, too. I'll pass along your compliments—everyone here at MUO will definitely appreciate them!

  4. Jeanne Thelwell
    February 23, 2015 at 4:16 pm

    Just a note: although it appears in one of the linked videos, you managed to write the entire article without ever actually identifying the "recent symposium" at which Snowden and DeLong appeared. That information should have been part of the text.

    • Dann Albright
      February 23, 2015 at 6:52 pm

      Oops. Good point. Fortunately, if anyone wanted to find out which symposium it was, it was probably pretty easy to find out!

  5. dragonmouth
    February 23, 2015 at 3:17 pm

    The comments by Prof. Stone beg the question of how much real access was he given to the inner workings of the NSA. Or are his comments based just on the standard public relations tour of the NSA most outsiders get?

    It is to be hoped that with all the data interception and analysis that NSA does, they did manage to thwart a number of terrorist plots. It would be criminal if they did not have any success. Does the number of plots thwarted justify giving the NSA a free hand with surveillance in the future?

    • Dann Albright
      February 23, 2015 at 6:51 pm

      I had the same thought about Stone's review. While there isn't any way to find out for sure what he was given access to, it sounds like he was pretty happy with what he was able to see. So I'm at inclined to give him some credit, though I remain a bit skeptical.

      And the question that you pose at the end of your comment is, of course, the million-dollar one. (Well, it's actually more like a tens-of-billions-of-dollars question.) I guess we'll find out!

Leave a Reply

Your email address will not be published. Required fields are marked *