
Edward Snowden at IETF 93 - grey-area
https://gist.github.com/mnot/382aca0b23b6bf082116
======
travjones
I think it's a shame how mainstream media suggests that Snowden is a "coward"
for not "coming home to face his charges." It's clear that he released
confidential docs to reporters and this would be incredibly easy to prove in
court, thereby landing him in prison for the rest of his life. I don't know
any sane person that would surrender to this type of treatment, considering
that he wouldn't be able to defend his actions legally. Stay on the run, Ed.
Thank you for releasing this information so that the American public has some
idea of the degree to which we are electronically surveilled on a daily basis.

~~~
kajecounterhack
Agreed, did you see [https://petitions.whitehouse.gov/petition/pardon-edward-
snow...](https://petitions.whitehouse.gov/petition/pardon-edward-snowden)

> If he felt his actions were consistent with civil disobedience, then he
> should do what those who have taken issue with their own government do:
> Challenge it, speak out, engage in a constructive act of protest, and --
> importantly -- accept the consequences of his actions. He should come home
> to the United States, and be judged by a jury of his peers -- not hide
> behind the cover of an authoritarian regime. Right now, he's running away
> from the consequences of his actions.

Ridiculous. They literally don't know what "whistleblower" means.

"Go to prison because you deserve it in our clearly unjust system" ...the
gall.

~~~
travjones
Exactly! I did see the response to the petition and thought the exact same
thing. The government is pretty much saying, "We know what you did was just.
But you broke the law, so come back to suffer in federal prison."

"In the land of the free and the home of the brave..." Haha. Ed Snowden is
brave and we are freer as Americans knowing what the government is capable of
when it comes to electronic surveillance.

~~~
sonoffett
Are we ? The mass Internet surveillance by the u.s. gov was known well before
snowden [1], albeit the specific actors were not. Post snowden I've seen
public outcry lead to a destabilization of NSA meanwhile private corporations
are collecting more data than ever--is this really freer?

[1]
[https://en.m.wikipedia.org/wiki/Room_641A](https://en.m.wikipedia.org/wiki/Room_641A)

~~~
travjones
Awesome point. When I used the term "freer" I was suggesting that we were
freer because even laypeople now KNOW about electronic surveillance practices.
But I'm not sure we are actually "free" in any sense of the word, we just know
we are constantly being watched. The reality is complicated and unfortunate.
Words like "free" or "freedom" will sadly never be appropriate.

------
vog
I like Snowden's final conclusion:

 _> if the internet and technology does become a danger to us in the future,
it's our own fault because we decided not to participate and we let other
groups and other influences to decide for us rather than being part of it
[...]_

Before that, he argues that more people should involve themselves more in the
IETF and similar groups:

 _> [...] However, when you look at the IETF, they literally don't make a
decision unless it's based on consensus. There are no requirements. There are
no academic standards or qualifications that anybody has to meet before they
can be involved in a working group. Literally, anyone can join, anyone can
participate in the process, anyone can make themselves heard, anyone can
influence the standards that we develop, put forth, and decide. [...] It's a
more inclusive community than it ever has been before [...]_

~~~
at-fates-hands
>>> if the internet and technology does become a danger.

Not sure what his context for this is, but one could easily argue we're
already here.

~~~
vog
The context is the last question, asked by journalist Monika Ermert:

 _> So hi-tech is likely always going to be a domain where a few experts will
have the knowledge to understand and control the system. Could it be that the
use of hi-tech fundamentally undermines democratic society or kind of – how
can we do something to educate users or..._

------
pythondz
When Snowden exposed facts about MAC addresses, it's very scary knowing that
IoT is coming in our life. I'd like to have a firmware for wireless electronic
devices that can use a random MAC address every thirty minutes without using
actual spoofing tools that are easy to use only on desktop/laptop/smartphone.
I want the same tools for my bluetooth headset, my car wireless devices and so
on...

------
rodionos
This is the first time I've read his point of view first hand and actually
listened to his presentation. He seems to be incredibly smart and well-versed
in his subject domain.

~~~
BillPond
You should take the time and watch the documentary. Its a good perspective of
his intentions. You can walk away from it with your own opinions if he did the
"right" thing.

------
merrywhether
I'm always struck by the strange cognitive dissonance US law has for corporate
whistleblowers vs governmental whistleblowers. How can you recognize the value
of one while dismissing the value of the other? It's not like a whistleblower
defense is a get-out-of-jail-free card either, as you must prove that what you
did was actually in the public interest. It's a shame that there's no movement
for reform in this area, because ultimately it would be very interesting to
see Snowden return to the US for a "fair trial" and see the public response
(both within the US and globally) to the outcome.

~~~
canjobear
This doesn't strike me as cognitive dissonance. From the government's
perspective, Snowden didn't reveal illegal activity and so is not a
whistleblower.

~~~
agd
The bulk collection of phone metadata (which he exposed) was subsequently
ruled unlawful: [http://www.theguardian.com/us-news/2015/may/07/nsa-phone-
rec...](http://www.theguardian.com/us-news/2015/may/07/nsa-phone-records-
program-illegal-court)

~~~
NullCharacter
That's great and all, but what about the other one million+ documents he
absconded with _not_ related to the phone metadata record collection?

At what point does he cease being a whistle blower?

~~~
comrh
I feel like this isn't a bad point. Anyone have a response because the
whistlerblower tag gets used a lot but he did release a lot that seemed to be
normal spying.

~~~
pfg
His argument was that it should be not his decision whether releasing a
document is in the public interest, but rather something journalists should
take care of (although he did select those journalists himself, so it's not
fair to say it's a completely independent process).

Still better than a full dump à la WkiLeaks, but the big question is whether
the journalists have the OpSec skills to avoid leaking the documents to other
governments.

~~~
slg
That is an awful defense. You can't just dump all the documents on a
journalist and then blame the journalist for what is being released.

It doesn't matter if it was directly or through an intermediary, everything
that Snowden gave to journalists, Snowden leaked to the public.

~~~
pfg
I'm not saying that he shouldn't be held responsible if all of those documents
were to leak. He did, however, specifically select journalists who already
experienced heavy surveillance from state actors and had at least some
knowledge of proper OpSec and encryption to mitigate this risk to some degree.
He acknowledged that it could leak, but still thought it's a risk worth taking
(I can't remember his exact words, I think it was brought up in an interview.)

~~~
NullCharacter
Why should he be the one to decide if the leaking of over a million highly
classified documents is a "risk worth taking" to inform Americans of the phone
metadata program? Doesn't that seem just odd to you? If I wanted to blow the
whistle on a program I thought was illegal, I'd gather supporting documents
and evidence of that one program (to include supposed emails I had sent in an
attempt to follow the proper "channels" for reporting illegal activity - which
in Snowden's case are conspicuously absent from the data he stole) so as to
not discredit my work/sacrifice by leaking magnitudes more than I needed to.

Why not just leak documents related to that one issue? If he had, I would not
hesitate in the least to call him a whistle blower, and in fact I think he'd
be living as a free man right now if that were the case.

~~~
mjevans
First, the reason is because this whistle blowing was /necessary/ due to a
/lack of oversight/ and to a lack of eventual release for that oversight to
the public.

Second, we don't know the number of potential documents, nor how they may have
been divided among those to whom they were disseminated.

Addressing the first point, it should take work and review, on an ongoing
basis, to re-affirm the classification of that material. By default there
should be a /reasonable/ and /short/ expiration time. If it costs too much to
keep those secrets than that in and of it's self is a reason for not HAVING so
many secrets to keep!

The cost, otherwise, is to our freedoms; to the very liberty for which our
government is supposed to be protecting.

------
tptacek
When asked about DNSSEC, which is a forklift upgrade of a core Internet
protocol that has the deliberate effect of giving NSA and GCHQ control of TLS
keys for hosts in .COM, .UK, .NET, .ORG, and .IO, this was Snowden's answer:

 _Edward Snowden: So, I agree with you and I mean this is what 's important
about the IETF. Just because I say it, doesn't mean it's gospel. I can be
wrong about an incredible amount of things. Nobody should trust me. Nobody
should grant any sort of outsized weight to what I say._

 _When I talk about the NSA, I mentioned it in correlation with DANE and the
DPRIVE initiative as well because the whole idea is that, yes, providing some
mechanism for authentication of the responses between DNS queries is valuable.
It 's not an end to itself._

 _We still have to be able to say, "Well, all right, the certificate that
you're getting from it, for a server is also reliable," and then we have to
actually do more armour the requests themselves to make sure that they don’t
become a new vector, they don't become manipulated._

 _Who knows like if eventually the DNS responses themselves that are provided
through this become some sort of vulnerability because of the way they 're
parsed or whatever, but the whole idea is that we gotta start somewhere and
then we've got to iterate from that point._

 _We 've gotta begin building and when I think about things like DNSSEC, I
don't think it's the golden age, we can solve all of the problems, but I do
think that it's a start. It's better than the status quo. It's better than
what we have today_

 _And by getting the community thinking, by coming together and trying to
develop some kind of solution, some kind of standard, we can start developing
things that will allow us to build a bridge to the next generation of what we
need to protect us against the next generation of coming attacks, and there 's
a lot of things that get in there. I mean cryptographic agility is one of the
big hot things that we have to deal with as well._

I can barely follow this at all, but the part where he says DNSSEC is "better
than the status quo" is pretty clear. The questioner responds, "so let's
implement it".

Please be careful with what Snowden says. Whatever you think of his
disclosures --- and most of my friends think they were brave and incredibly
useful --- there is very little evidence that Snowden is qualified to advise
anyone on cryptographic security, and some pretty significant evidence to the
contrary.

~~~
vezzy-fnord
_there is very little evidence that Snowden is qualified to advise anyone on
cryptographic security_

I think you're poisoning the well here. I haven't seen _anyone_ suggest we
should use Snowden as a technical advisor or anything of the sort.

~~~
tptacek
This is a weird response to a comment that quotes Snowden at length providing
technical advice to the IETF.

~~~
vezzy-fnord
From the screening arranger's words:

[https://www.mnot.net/blog/2015/07/20/snowden_meets_the_ietf](https://www.mnot.net/blog/2015/07/20/snowden_meets_the_ietf)

    
    
       It’s important to point out that this was NOT an official
       IETF event, and neither was it giving external advocacy
       organisations a stage (as some have intimated); rather,
       it was entirely an effort of individuals, working within
       the rules for requesting a room at IETF meetings.

~~~
tptacek
I do not recognize the significance of "official" versus "unofficial" IETF
events. I don't think there's a meaningful distinction to be made between
them. Anyone in the world can show up to an "official" event, or participate
in the mailing lists. That's a good thing, but it also means that "unofficial"
advocacy and advice is as important as the "official" kind.

~~~
vezzy-fnord
The real point is that no advice or consultation was being made, it was purely
opinion-based commentary. There is no reason to believe it will affect WG
charter, and in fact The Tao of IETF explicitly notes that face-to-face WG
meetings aren't of high significance to the actual WG's charter. Snowden
recommending DNSSEC isn't going to suddenly suspend all rational judgment in
those circles.

~~~
tptacek
If you spend some quality time reading IETF mailing lists, you'll learn that
it's all "opinion-based commentary". I'm a little confused as to what your
argument here is. The IETF works by means of people persuading other people to
support proposals. That's the entire mechanism.

------
rafaelferreira
The interview would've probably been a lot more fruitful if questions centered
around what he knows about the surveillance capabilities of the agencies he
was involved with, in technical detail, than asking for his opinions on
technology policy, an area where he is admittedly not an expert.

~~~
mnot
Other people came away with similar thoughts. Perhaps we'll hear more about
that from him in other channels.

~~~
Pyxl101
I thought that Snowden stated that he's not going to leak anything further? He
handed it off to the journalists and he's done. I remember this being part of
his conditions for asylum in Russia, but I could be mistaken.

I wouldn't expect him to leak anything or discuss government capabilities
beyond what has already been leaked. That was never his stated intention.
Involving journalists was deliberate on his part to remove himself from being
final decision-maker about what to publish.

------
wdewind
_The internet doesn 't belong to vendors. The internet doesn't belong to
governments.

The internet belongs to the user, right?_

The thing is, this is literally false. The infrastructure of the internet is
paid for by governments and vendors. A user wouldn't be called a user if it
belonged to them...

The internet is a great decentralization when compared to traditional media
like television, but it's not nearly as big a difference as people make it
seem. With how most people use it it's not far from just having more channels
on your existing cable box.

~~~
kajecounterhack
The internet != the infrastructure of the internet. The internet is not its
wires, it's the content and the people who are part of a large _global_
community that comprises it. Vendors and governments use the internet, but
they don't and shouldn't _own_ it.

> ...it's not nearly as big a difference as people make it seem. With how most
> people use it it's not far from just having more channels on your existing
> cable box.

You can't write emails on your TV, or do banking, or...well this is just a
silly sentiment.

~~~
wdewind
> Vendors and governments use the internet, but they don't and shouldn't own
> it.

And yet they do: we may play in this sandbox, but we don't make decisions
about the infrastructure, we don't make decisions about the law around it etc.
This is congruent to the American political and legal system.

As you pointed out, it gets more confusing when you get international, but
it's informative to look into how much control the US (and West in general)
has over global internet infrastructure.

------
mike_hearn
Ed's views on Bitcoin are a little surprising. I'm not sure what he means by
"nobody likes to talk about Bitcoin any more". It's not that old!

One of the problems Bitcoin solves is that you cannot have personas or
unlinked identities in the traditional financial system. Governments, and
therefore the banks they control, all view financial privacy or pseudonymity
as only useful for criminals. That's a rather narrow viewpoint. Especially as
the notion of "criminal" becomes more divergent between ordinary citizens and
their rulers. There's some truth to it (anonymity does sometimes enable bad
stuff), but it's excessively black and white.

Regardless, given that Snowden views payment methods and such as being very
important, he even brought that up himself, I don't know how else he thinks it
can be done, other than with Bitcoin. If you try and create a payment method
that has privacy the banks won't give you the time of day. Being completely
decentralised and independent is the only way to do money that exists outside
of the status quo.

~~~
superuser2
Bitcoin does _not_ solve this problem; you can follow the money from the
exchange to the consumer's wallet to the merchant. It's only anonymous if
you're using a tumbling service, and transferring your money to a tumbling
service is an unambiguous broadcast to the entire world that you are
committing the federal crime of money laundering. If they ever increase in
popularity, you can bet that regulators will routinely trace transfers to
tumbling services and prosecute their users for money laundering, because that
is what they're doing.

~~~
alextgordon
I am not intimate with US law, but what about altcoin exchanges? I don't think
that converting your bitcoins to say Litecoins is illegal.

~~~
thephyber
TL;DR: IANAL but money laundering laws are usually designed to prosecute a
wide range of methods and usually involve attempting to prove intent as
opposed to whitelisting specific methods of laundering.

The long explanation:

It's complicated. US law tends to be specifically designed for one application
in mind and then ends up being expanded as new applications rear their heads.

The IRS (tax collection entity for the US federal government) classified
BitCoin as an investment a few years ago (as opposed to a currency). This
suggests that other non-state created digital crypto-currencies are considered
investments as well (IIRC Canada's mint was trying a digital currency, hence
the "non-state created" phrase).

Money laundering statutes aren't new enough to know about [1] crypto-
currencies, but they are effective with dealing with the conversion of money
to products/services and back for the purpose of obscuring the original method
of obtaining the currency. I don't know much about money laundering except
what I see in movies+TV (specifically Breaking Bad).

I've heard that buying large value gift cards (plastic charge card versions of
"gift certificates") are required to be reported to authorities by the
retailers.

Recently a school sports coach was prosecuted for violating money laundering
statute when he divided up one payment of $10,000+ into multiple smaller <
$10,000 payments after his bank started to get suspicious about the nature of
the transaction (which is required by US federal law of the bank). He violated
the because he altered his payments "to avoid mandated financial institution
reporting" of his transfers. Personally I think the mandatory threshold is
stupid since people know what it is[2], but I feel no sympathy for the man in
this case since the payments were suspected to be him paying off a student
that he raped/molested. And yes, I realize that being accused of something is
not the same thing as being guilty.

[1]
[http://www.fincen.gov/news_room/aml_history.html](http://www.fincen.gov/news_room/aml_history.html)
[2] although the US Patriot Act allows federal investigators to use _any_
change in financial habits to trigger an investigation, not just transactions
above the $10k level

------
hellbanner
Props to Mnot (or whoever did it) for providing links out of the transcript.

~~~
mnot
Thanks, it seemed like the right thing to do :)

I had the transcript done by a professional, and then went over it and
corrected. That said, there are still some places where it may have errors, so
if you find an odd statement, take it with a grain of salt and check the
recording.

Corrections taken in comments, of course (don't think gist does pulls :(

------
mercurialshark
I pretty much agree with Marc Andreessen, on each point. Instead of attempting
to paraphrase his points, just watch:

[http://www.cnbc.com/2014/06/05/snowden-a-traitor-
andreessen....](http://www.cnbc.com/2014/06/05/snowden-a-traitor-
andreessen.html)

------
lsllc
Wow, he's got me. Reddit, HN _and_ grandma's cookie site!

------
rbcoffee
Without blindly claiming that Snowden was a staged act by the NSA and done on
purpose to shake things up and ruffle feathers, it certainly is an interesting
thought experiment to run if you love conspiracy theories. Imagine that was
the case! Possible explanations for a false flag:

1.) Public needed to know where there money was going 2.) Not enough to know
we're being watched. We need tangible evidence of surveillance apparatus 3.)
Leaks designed to bolster the web and privacy; look how many people suddenly
care about security 4.) NSA got tired of working in a black box and wanted to
flaunt its power 5.) Other reasons?

------
jokoon
If a republican is elected, ed might stay away from the US for a long time.

~~~
thephyber
To be honest, it doesn't seem to have to do with political party affiliation.

President Obama's administration has been arguably more hawkish against
national security disclosures (when they don't benefit the administration)
than Bush's was[1], and his administration has set up quite a few cases that
involved tapping the communications of journalists.

I liked Candidate Obama quite a bit and am fairly disappointed in President
Obama's policies. " The Obama administration, which promised during its
transition to power that it would enhance “whistle-blower laws to protect
federal workers,” has been more prone than any administration in history in
trying to silence and prosecute federal workers."[2]

[1]
[http://www.politifact.com/punditfact/statements/2014/jan/10/...](http://www.politifact.com/punditfact/statements/2014/jan/10/jake-
tapper/cnns-tapper-obama-has-used-espionage-act-more-all-/)

[2] [http://www.nytimes.com/2012/02/27/business/media/white-
house...](http://www.nytimes.com/2012/02/27/business/media/white-house-uses-
espionage-act-to-pursue-leak-cases-media-equation.html)

------
chatmasta
Currently this story has 108 points and zero comments. Are people literally
scared to comment on Snowden stories?

~~~
vog
Give people some time to read. Also, what's the point in asking for HN
comments? Just go read it and provide a good comment on your own!

~~~
agumonkey
Request for comments and the internet.

