Bruce Schneier, an internationally renowned security technologist, discusses how the NSA threatens national security; breaking the “trust of the internet;” and how to push back against the NSA using technical and legal means.
Podcast: Play in new window | Download
Hey y'all, Scott Horton here for WallStreetWindow.com.
Mike Swanson is a successful former hedge fund manager whose site is unique on the web.
Subscribers are allowed a window into Mike's very real main account and receive announcements and explanations for all his market moves.
The Federal Reserve has been inflating the money supply to finance the bank bailouts and terror war overseas.
So Mike's betting on commodities, mining stocks, European markets, and other hedges against a depreciating dollar.
Play along on paper or with real money and then be your own judge of Mike's investment strategies.
Let's see what happens at WallStreetWindow.com.
All right y'all, welcome back to the show.
I'm Scott Horton.
This is my show, The Scott Horton Show.
We're at scotthorton.org and on the Liberty Express, libertyexpressradio.com.
And our first guest on the show today is Bruce Schneier.
He's a correspondent for the Atlantic and chief technology officer of CO3 Systems, a computer security firm.
His latest book is Liars and Outliers, Enabling the Trust that Society Needs to Thrive.
That's interesting.
Welcome back to the show, Bruce.
How are you doing?
I'm doing fine.
Thanks for having me.
Very happy to have you back on the show and very happy to point people toward this article in the Atlantic, How the NSA Threatens National Security.
Before we get too far into that, I wanted to ask you real quick if I could, now that we're a little bit more than half a year out from the beginning of all the Snowden revelations, for someone like yourself who is such an expert in computer security issues before anyone ever heard of Edward Snowden, what have you learned from his revelations, if anything?
Or what's the most important part of what you've come to understand since the Snowden Greenwald leaks?
So what we've learned, really, is the extensiveness of the NSA's operations, both breadth and depth.
In some respects, nothing's really a surprise.
If you looked up a cartoon villain of the NSA in the years before, these are the sorts of things you'd expect them to do.
But we really didn't realize how extensive their operations were, how much of the Internet they eavesdrop on, how many people they eavesdrop on, how much data they collect.
And more importantly, we didn't realize how much they're actually subverting the fabric of the Internet.
How much they are deliberately weakening products and protocols, making it more insecure for everybody, so they can eavesdrop.
We sort of knew the budget in general terms, but the details, it's really a big deal.
And I think it's the reality of it, the cold reality of the details, that's most surprising, even though it's really not that surprising, if that makes any sense.
Yeah, I mean, I certainly knew that they're keeping track of, I mean, I've heard from a very much layperson point of view still, but I've been keeping track of NSA type stories since the 1990s, and always just assume that, yeah, they can turn your microphone on if they want to.
Yeah, they're keeping track of your triangulation data and whatever, so that they can compare it later.
But basically, a lot of what, I mean, and I've read my Bamford and everything, but a lot of what we're talking about, I guess, is sort of just, you know, what people in the know kind of know.
They're like, oh yeah, they're way outside the law, they kind of are watching everything.
But now we can really see it in their PowerPoint slides.
Yep, this is the way we do it, all right, here it is all for you, in color, not even in black and white.
And the details make a difference.
So really, the debate we're having is this, is that, is this the sort of thing we should be doing?
I mean, if the Snowden revelations said the NSA was spying on North Korea and the Taliban, nobody would care, right?
That's what we want them to do.
So they were spying on the G20 and Belgium and the oil company in Brazil, you know, all of these groups that we think, you know, why are they doing this, right, that they're collecting emails from everybody, cell phone location data from everybody, these sort of bulk collection and collection on nominally our allies, that we wonder, is this worth it?
And then at the enormous cost of really breaking the trust of the Internet, you know, suddenly you look at the agency and say, you know, maybe you've gone a little too far.
Oh, and I'm sorry, Bruce, tell me about what you mean by breaking the trust of the Internet.
So fundamentally, we all believe the Internet is secure.
It's secure for banking.
It's secure for commerce.
It's secure if you're a Chinese dissident.
It's secure if you are, if you're doing things that you want to be private.
And a lot of people rely on the Internet for their lives.
It's one thing for the NSA to spy, to take the Internet as it is and spy on it, but they've gone a step further.
They've actually deliberately weakened the products and services everybody uses.
So, and when they do that, they're weakening it for everybody.
In a lot of ways, the debate has been mischaracterized.
A lot of the debate in the United States is, should the NSA be allowed to spy or not?
And that, I think, is fundamentally wrong.
The real debate is, should we have an Internet that is vulnerable to every attacker or Internet that is secure for all users?
You can't get to say NSA spies and no one else can.
Either everyone can spy, NSA, China, Russia, other countries, cyber criminals, or nobody can spy.
Right.
Because, again, like you're saying, they're deliberately breaking all the locks.
Even as we've read in some of these stories, they're bribing the companies to put out broken encryption keys in the first place.
And this is an important point, that once, and they do do that, they bribe, they coerce, they threaten, they engage in legal action to get companies to deliberately weaken their products.
Once they do that, anybody can exploit the weakness.
There's no magic NSA-only weakness that doesn't exist.
They have a secret, but other groups can find out that secret.
And as we see, a lot of the techniques that the NSA is using, or techniques China uses, or techniques criminal uses, they're not really magical, they're just bigger budget.
So we have a choice.
We can make the internet safe for everybody and secure for everybody, or we can make the internet vulnerable for everybody.
And a vulnerable internet is much more dangerous.
Well, in your piece, again, it's how the NSA threatens national security at the Atlantic.
You talk also about how we've learned that it's not just the NSA, and I think, I'm not exactly sure the way you wrote it, whether you're referring to what all the NSA is passing on to state and local and other federal agencies, or the ways in which our local police are now just mimicking the NSA and tapping our cell phone locations themselves, or all of the above?
So we're not sure exactly how this works, but it is clear that the FBI is using a lot of the NSA tactics domestically.
We don't know if they're developing them independently.
We don't know if the NSA is passing along technology or if the NSA is passing along data.
We do know the NSA has passed along data to both the IRS and the Drug Enforcement Agency and had them lie about where they got it, that this is directly against the law.
But a lot of these techniques we see the CIA using, we see the FBI using.
So there is certainly some kind of technology sharing and potentially some kind of data sharing.
Right?
We know the FBI will often do the NSA's dirty work in the U.S.
A lot of companies have been saying, you know, we don't work with the NSA.
Well, they might not.
They might work with the FBI on behalf of the NSA, possibly even secretly, that the company doesn't know that the FBI is working on the NSA's behalf.
There's a lot of smoke and mirrors in the government's surveillance, and it's very hard to pick out exactly who does what to whom.
Same thing abroad.
The government of Belgium has been complaining about NSA surveillance, the government of Germany has.
Both of those are NSA partners surveilling on other people.
The government of France complains of NSA surveillance, the government of France doesn't do surveillance.
The U.K. and the United States are strong partners, each doing what the other's law prohibits.
The U.S. and Canada also, recently, the Canadian equivalent of the NSA was found in violation of the law, because what it would do is, it would say to the NSA, we're not allowed to do this sort of spying, can you do it for us?
Well, another thing that you talk about in the article is how this is sort of the subtle thing that doesn't get mentioned that much, in a way, where everybody gets bogged down in all the technical details of the different stories and that kind of stuff, is that this is all about a fundamental change in the relationship between the individual and the state, that nobody ever got a chance to vote on and say that they were willing to have, you know?
It's much harder to take it back once, you know, you've found out it's gone this far.
Yeah, and that's very important.
And while we can talk about individual programs, and right now there's a bill in Congress to prohibit bulk collection of cell phone call data.
But that's just one particular program, and we're learning from the Snowden documents that the NSA has many different programs to get the same data, using many different legal authorities, and going after this piecemeal is just not going to work.
And yet, we need a fundamental discussion in our society of where the lines are.
What is private and what isn't?
Right?
The conceit is that this stuff keeps us safe, but that has not been demonstrated at all.
I mean, all the evidence shows it is a complete waste of money, but we really don't have these sorts of discussions, and these things have sort of come upon us when we weren't paying attention.
And some of it's our own doing.
Right?
You know, Google knows more about what you think than anybody else, because as soon as you think of something, you go on Google and you ask it.
Right?
Your cell phone company knows exactly where you've been every minute of the past some number of years, because you've always got that phone in your pocket, and that phone is a tracking device.
So we are all leaving these digital footprints as we go through our lives.
Right?
Our friends are on Facebook, our business is on Gmail, or our cell phone, commerce is all online now using credit cards, so what used to be anonymous is now being recorded.
So there's a lot of corporations who have this data, and the government's just getting itself a copy.
Right.
Right.
All right, now, I guess, very quickly, last question here before the break kicks in, Bruce.
What do you think is the best avenue for pushing back?
Well, there are two parallel avenues.
There's a technical avenue and there's a legal avenue.
Technically, there's a lot we can do to make surveillance harder, to re-secure the internet.
And it's real important that the techies start doing that, and they are.
The second is legal, that we have to rein in the NSA, other countries.
I mean, this is not an easy problem, it's like any kind of arms negotiation, or a nuclear weapons treaty.
We have to be able to come up with international norms and ways to enforce them against bad actors.
But we need to recognize, first and foremost, that a secure internet isn't everybody's best interest.
Right.
And a vulnerable internet isn't everybody's not-best interest.
All right, everybody, that is computer security expert Bruce Schneier.
He's a correspondent now, writing at The Atlantic, the latest is How the NSA Threatens National Security.
Thanks very much.
Hey, y'all.
Scott here for MyHeroesThink.com.
They sell beautiful seven-inch busts of libertarian heroes, Ludwig von Mises, Murray Rothbard, Ron Paul, and Harry Brown.
I've got the Harry Brown one on the bookshelf now.
Makes me smile every time it catches my eye.
These finely crafted statues from MyHeroesThink.com make excellent decorations for your desktop at work, bookends for your shelves, or gifts for that special individualist in your life.
They're also all available in colors now, too.
Of course, gold, silver, or bronze.
Coming soon, Hayek, Hazlitt, Carlin.
Use promo code Scott Horton and save $5 at MyHeroesThink.com.
Fact, the new NSA data center in Utah requires 1.7 million gallons of water every single day to operate.
Billions of Fourth Amendment violations need massive computers and the water to cool them.
That water is being supplied by the state of Utah.
Fact, there's absolutely nothing in the Constitution which requires your state to help the feds violate your rights.
Our message to Utah, turn it off.
No water equals no NSA data center.
Visit offnow.org.
