Explaining the Latest NSA Revelations – Q&A with Internet Privacy Experts

Explaining the latest NSA revelations – Q&A with internet privacy experts

The Guardian's James Ball and cryptology expert Bruce Schneier answer questions about revelations that spy agencies in the US and UK have cracked internet privacy tools

James Ball and Bruce Schneier theguardian.com, Friday 6 September 2013 10.41 EDT

Today, beginning at 3pm ET | 8pm BST, the Guardian's James Ball, who reported on the latest NSA and GCHQ revelations, and cryptology expert Bruce Schneier, who wrote about the implications, will take your questions on the new revelation that the US and UK governments can crack much of the encryption protecting personal data, online transactions and emails – as well as the ongoing debate over surveillance. Toss your questions below and as you wait for a response, re-visit yesterday's stories:

• How US and UK spy agencies defeat internet privacy and security

• How internet encryption works

• The US government has betrayed the internet. We need to take it back

Excerpt only

Question:

SteppenHerring 06 September 2013 4:19pm

How hard do you think it will be to get people to take security seriously when people are willing to type so much personal data into Facebook/Google+ etc?

Answer:

Ball: I think we need more awareness of privacy and security generally, and I think as generations grow up net-native (as today’s teens are), that’s taking care of itself. I don’t think people who volunteer information to a strictly-controlled network on Facebook (or webmail, etc) are automatically willing to share that same information with their governments. That’s a large part of what the whole privacy and security debate the NSA files are fueling is about, I think.

8 September 2013 From www.theguardian.com/commentisfree/2013/sep/06/nsa-surveillance-revelations-encryption-expert-chat Question:

geoffk 06 September 2013 6:50pm

Could the spooks sell the information or keys when they retire?..Would it be impossible?

Answer:

Ball: If the NSA’s internal security was perfect, Edward Snowden would never have been able to leak. We’re essentially lucky he chose to release to the press – and it’s worth remembering he asked for responsible, measured publication, not mass-release – rather than simply sell it to hackers or criminals.

If someone in a similar position to Snowden decided to just take what they could and sell it to a foreign government, or criminal gang, would we ever know? It seems unlikely we’d be told. And given the NSA has repeatedly said they don’t know which documents Snowden accessed, maybe they wouldn’t know either.

That’s an important, additional, reason to be very concerned about the scope of NSA surveillance and activities, in my view – whatever your take on the need/legitimacy of mass-surveillance in general.

Question:

dellcam 06 September 2013 8:18pm

Your article states:

$250m-a-year US program works covertly with tech companies to insert weaknesses into products

I don't see tech industry and their lobbyists rallying to put a stop to this. Won't this revelation that the US government is undermining the quality of their products damaging their reputation with consumers -- as well as effect the ability of the US tech industry to export their products around the world?

Answer:

Ball: I think this is a serious risk of what the NSA has been doing: if I ran a US security company, I’d be concerned about my reputation (maybe deservedly so, though) – and I’m sure overseas competition will be stressing their ability to refuse US government requests in their advertising (though maybe their own government have similar programs).

That does seem to have been a concern of the NSA and GCHQ. I find that quite telling: if companies are just doing what the government requires, and no more, why

8 September 2013 From www.theguardian.com/commentisfree/2013/sep/06/nsa-surveillance-revelations-encryption-expert-chat such a need for secrecy around it? Why can’t they level? I think the efforts some of the silicon valley firms seem to be making are a good start – though what seems to be happening with Lavabit (a secure email company that shut down) are concerning.

Finally: this could be a boost to the free software / open source movement, too. That would be no bad thing.

8 September 2013 From www.theguardian.com/commentisfree/2013/sep/06/nsa-surveillance-revelations-encryption-expert-chat