Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:
Snowden described the unique recklessness of an American intelligence agency undermining internet security. "Our country's economic success is based on our intellectual property – our ability to create, share, communicate and compete. Since 9/11, former NSA director Michael Hayden and current NSA director Keith Alexander have elevated offense at the expense of defense of our communications. They've eroded protection of our communications at the expense of defense of our communications.
"This is a problem because America has more to lose than anyone else when every attack can succeed. When you're the country whose vault is more full than anyone else's in the world it doesn't make sense to attack all day without defending. It doesn't make sense to weaken standards on vaults worldwide to create a back door that anyone can walk into. This weakens our national security and everyone else's because we all rely on the same standards.
"Without security, we have nothing. Our economy can't succeed."
Soghoian made sure that the commercial implications of this were not lost on the entrepreneurial types in the audience, those who'd come to SXSW hoping to win the tech lottery. "Google, Yahoo and other internet companies want to sit between the conversations you have with your friends and add value. They want to mine your information, tell you about restaurants and suggest things that help you. That business model is incompatible with your security, with your having a secure, end-to-end connection to your friends.
"The irony of the fact that we're using Google Hangouts to talk to Edward Snowden isn't lost on me. End-to-end secure video conferencing tools aren't polished. They're not good enough to bounce traffic through seven proxies. In many cases, you have to choose between tools that are easy, reliable and polished and tools that are secure, but hard to use.
"Big companies have hundreds of developers to put on to user interface design. That's not try of companies that are optimised for security. Those tend to be made by geeks, for geeks. But small developers can play a role. The next Twitter or WhatsApp should be both encrypted end-to-end and usable.
"Remember, adding security is easier for new companies than it is for the big incumbents. The big guys can't deliver security to their users, because they're hampered by their business-models. You can tell customers that if they give you $5 a month for encrypted communications, no one will be able to watch them. Many people will be willing to pay for that."