
Lawrence Lessig Interviews Edward Snowden [video] - rosser
http://www.youtube.com/watch?v=o_Sr96TFQQE
======
gluczywo
"the fundamental reality of encryption (...) is that the person who is using
encryption (...) cannot read it either unless the key is put in some point.
(...) Even when your phone is encrypted locally, when you are looking at the
secret picture, if the picture is visible to you it's because that picture is
decrypted. (...) What this means is that even heavily encrypted communication
is vulnerable to traditional means of investigation."

I'm a strong believer in crypto as the liberating technology, but this quote
is a wonderful Devil's Advocate argument that dispels hackers crypto dreams.

~~~
xnull2guest
CALEA, the Stored Communications Act and Section 215 of the Patriot Act all
compel corporations (via the Department of Commerce) to build data and key
escrow services into their products.

For example on modern Windows systems bitlocker keys are automatically
uploaded to the (automatically created for you) Onedrive account associated
with the Microsoft Account created during your install and Onedrive is on
PRISM.

Searching for 380/286 classification patents in the US is one way to figure
out some escrow mechanisms and companies, though it is not exhaustive nor does
it only include federally-inspired escrow.

All of this is remnants of the Clinton Administration and alternatives to the
failed Clipper Chip, then increased in scope by the Bush and then Obama
administration. There's a decently history that only captures the broad
strokes up until the late '90s here:

[http://www.foia.cia.gov/sites/default/files/DOC_0006231614.p...](http://www.foia.cia.gov/sites/default/files/DOC_0006231614.pdf)

~~~
tptacek
CALEA does not require key escrow, nor, so far as I know, does PATRIOT s.215.

From my work I'm personally aware of more than one major corporate effort to
cryptographically protect user data for which key escrow was not only not
implemented, but countermeasures above and beyond basic cryptographic best
practices were implemented to mitigate likely user errors. None of these
projects would seem to me to be possible if it were the case that the USG was
requiring private companies to implement key escrow.

In ~10 years of software security work performed for many of the largest
companies in the world, I was never once asked to review a system that
performed key escrow or anything like it (I would not work on such a system,
nor would I or will I work on software security for the USG).

Not only that, but having come into contact with source code, design
documents, backend systems, and similar intimate technical details, I have
never --- that I can recall --- even _seen_ something like the backdoor you
alluded to.

Occam's Razor suggests to me that the popular idea that big tech companies spy
on their users for the USG is fallacious.

I've never looked at Bitlocker, though, so maybe I'm wrong.

~~~
Zigurd
> _CALEA does not require key escrow, nor, so far as I know, does PATRIOT
> s.215._

As far as is publicly known, this is correct.

> _Occam 's Razor suggests to me that the popular idea that big tech companies
> spy on their users for the USG is fallacious._

But that the second part doesn't, at all, follow from the first.

For example, telcos have spied on Americans for the government since there
were telcos. At best, you could argue that the heavy lifting is done in NSA
equipment in terms of DPI and word-spotting, etc. But there are plenty of
technology companies that are ass-deep in spying on the American people.

I suppose you mean that it isn't obvious that Google and other companies with
a strong reputation for being careful with customer data are spying on
Americans. OK, it isn't obvious, but let's go back to the first premise: CALEA
doesn't require companies to break encryption to make surveillance possible.
IF there isn't some hidden agreement about that, why are there exactly zero
major services that provide user-controlled keys, end-to-end encryption, and
web-of-trust key exchange?

All of these companies could get past any suspicion of surveillance by
providing the means to be truly private. None have done so.

~~~
tptacek
Intentionally or, I presume! not, you're "spreading" the debate. It was not my
claim that telecom companies didn't help the USG spy on their users. It was
not my claim that the controlling interpretation of every security law was
public. It was not my claim that NSA is working in good faith with technology.

The claim I was responding to is that CALEA and PATRIOT have the effect of
compelling all major US technology companies to implement key escrow or, more
generously, some cryptographic or UX compromise with the same effect, in order
to effectuate SIGINT.

I know this claim to be false. I said so, and, within the limits of my ability
(for obvious reasons), provided my evidence.

If you want to keep talking about how you don't trust tech companies, that's
fine by me. We don't have a live argument on that issue; I'm not interested in
it.

~~~
Zigurd
> _If you want to keep talking about how you don 't trust tech companies..._

Do you trust all of them? I doubt it. Of course some companies are more
trustworthy than others.

My point is that in a time when trust is in crisis, NONE of the major tech
companies is providing users with strong tools for privacy that can't be
circumvented for law enforcement or spying.

~~~
tptacek
Yeah, this is one of the reasons it's not an interesting discussion for me:
it's practically a valance issue. Everyone has a tech company they don't
trust.

------
venantius
"Let us speak no more of faith in man, but bind him down from mischief by the
chains of cryptography."

Really awesome interview, with some ideas discussed within (e.g. Binney's
notion that transmissions be encrypted with a key that only a court has the
power to decrypt) that I hadn't encountered yet.

In truth it's less of an interview and more of a platform for Snowden to talk
about his thinking around certain things, but he's so well informed that it's
a fascinating watch in spite of that.

------
PythonicAlpha
When (repeated) lying is tolerated in official positions and to official
organs of the state, the whole nation itself is in grave danger. In this case,
the whole world is in grave danger.

~~~
socceroos
Trying to stop these people _feels_ like an exercise in futility. Having
voiced my opinion to my own representatives over and over again it becomes
very disheartening not seeing any change for the better.

If only people didn't discard morals at the first sight of power and money.

Having said all that, I would encourage more people to talk to their
representatives regarding these issues. It goes without saying that unless the
people have a voice then their desires won't be heard.

~~~
sopooneo
If we assume people, even good people, _will_ generally discard morals at the
first sight of money and power what can we do to make the system work anyway?
Would some way of forcing transparency fix this underlying problem?

~~~
socceroos
Transparency is one of the keys - a very effective key. However, even
transparency requires all actors to behave honourably in their transparency
(not skewing the truth with white noise, not misdirecting the public to slip
through unwanted policy, not manipulating or deleting data, etc).

Also, there always comes a point in government where a certain level of
information must remain secret (such as spy activity between states and within
criminal organisations). If we were to force government transparency, I think
we would see a marked rise in stonewalling due to 'national security' \- the
phrase itself is so general that anything could be under it's wing.

~~~
dllthomas
A big part of transparency where there are legitimate purposes for secrecy is
protection of whistle-blowers.

~~~
socceroos
Good point. Funnily enough, we see these basic protections being eroded
systematically.

------
Beltiras
It's interesting to witness the flat world at work. You can't silence smart
whistleblowers anymore. They have resources to draw upon away from home base
that will allow them to continue pushing for reforms of what they blew the
whistle on. The 21st century will be interesting times to witness.

~~~
LunaSea
I don't think you'd need to silence a whistle-blower. With Snowden we learned
that most citizens and medias don't care.

~~~
recondite
Really?

Greenwald, Gellman, and Poitras were awarded the Pulitzer for their coverage,
and my elderly parents now know who Edward Snowden is and what the NSA was up
to (even though they vehemently label him a traitor).

The lack of an immediate change in government policy != people not caring.

~~~
diminoten
> The lack of an immediate change in government policy != people not caring.

How long do we wait before we strike immediate from that statement, and then
set the != to ==?

~~~
recondite
People have longer memories than you're giving them credit for. Are _you_ ever
going to forget this about the NSA? I know I won't.

At some point, a tipping point will be reached. See my comment above about
slow change. It's frustrating that things are not happening faster, but that's
why we have elections every 2 years. Unless you believe that mechanism is
broken too, in which case we have bigger problems to worry about.

~~~
glitchdout
You still believe the system isn't broken? You've got to be pretty naive, my
friend. Or a damn great optimist.

Obama was supposed to reverse Bush's policies. Instead he enhanced them. It
doesn't matter who you vote for. The gerrymandering, the first past the post
voting system, the electoral college, the two-party system, the two-party
media, all the special interest groups, the corporations, the bribing, I mean,
the campaign contributions... The system is fundamentally broken.

Democracy doesn't scale. I doubt a country as big as the United States will
ever be truly democratic.

~~~
recondite
The system is working exactly as it is meant to - it's the one we elected, put
in place, and are all a part of. You seem to be defining the system as one
where the government bends to the will of the people at every moment (true
democracy), but the Founders _never_ intended that to be the case for America.
In fact, they knew democracy wouldn't scale from their own experiences and
historical precedence, and purposely created a Constitutional Republic, to
protect us from that possibility. True democracies, almost by default, end up
in mob rule and tyrannizing the minority. I'm not sure you want that.

Now, the reason why the Snowden revelation is significant is because the
constitution is directly being violated (namely the 4th amendment, Bill of
Rights). It could be argued that some of the problems you listed are also
violations of the constitution (namely campaign contributions and corporations
being defined as people), and I would probably agree with you, but we can't
just throw it all away because it makes us unhappy.

I'm optimistic because the constitution has been violated throughout the
history of this country many times before, and the result has always been
reversion to the mean (either through a constitutional amendment or the
violating act became irrelevant over time). Ironically, two of my favorite
presidents - Lincoln and Obama - were two of the biggest violators. Hopefully,
we've learned our lesson that the candidate's promises matter less than the
era they come into and the system they represent.

~~~
jqm
"The system is working exactly as it is meant to.."

Oh, I don't doubt this. I just wonder if the "meant to" part means
representing the will of the people and acting with the interest of the
general public in mind.

------
w-m
The first couple of times Lessig replies, and tries to summarize something
Snowden said or give some citations, I can't follow him very well. Also I
can't make out any question in his remarks. Strange interviewing style.

> But even in that context though, you made a pretty strong distinction
> between people who would leak in the context of CIA activities and people
> who'd leak in the context of what you had done. So this is again a narrower
> conception of what you think the appropriate role for a whistleblower is,
> because you had a much more visceral sense of the risks that would come out
> by releasing information about the CIA.

Sorry, what?

~~~
noobface
That's an implied distinction between leaking NSA programs as they relate to
the American public vs releasing international CIA related material.

Very convoluted though. Lessig is just really, really deep into the context.
He's clearly been thinking of these questions for so long he lost perspective.

~~~
jaekwon
I read some earlier books of his that espouse a global internet content
monitoring scheme for the sake of enforcing copyright. Draw your own
conclusions.

~~~
michaelbuddy
feel free to quote that earlier book you read. Otherwise we can't really
properly draw a conclusion can we? Lessig's campaigns and initiatives have
been positive from my experience, especially the current one he's working on,
to you know, fix government corruption.

~~~
jaekwon
Hmm, I tried to find some damning quotes but I couldn't find any. I think I
was skimming the book "Code" and read parts out of context that made it seem
like he was arguing in favor of something, when he wasn't.

Well, looks like I was wrong. Thanks for challenging me.

~~~
quadrangle
Indeed, Lessig has been less than totally radical but he's one of the
strongest voices in the public discourse in FAVOR of cultural freedom. He
wrote the book "Free Culture", he took on the entire government in the Sonny
Bono Copyright Extension Act trying to stop the retroactive extension of
copyright (he failed to stop it though), and he is the primary founder of
Creative Commons.

You'd be hard-pressed to find a more respectable person when it comes to
_critiquing_ the _problems_ with Copyright. Lessig is completely opposed to
the copyright maximalists and deserves great honor for all his valuable work.

------
recondite
Less of an interview and more of a platform for Snowden to reiterate his
views, but still good to hear directly from the horse's mouth. He says he's no
good at public speaking, but it's clear that he is very articulate, very
thoughtful, and had the courage to act on his convictions despite the
extraordinary threat to his personal safety. If I were to define what makes a
strong public figure, it would be those three characteristics.

His commentary during the 2016 presidential election will be interesting to
hear, at the least (assuming he hasn't struck a deal with the US to come back
before then).

~~~
hueving
What is the "extraordinary threat" to his personal safety at this point? Any
assassination attempt at this point would create such a political backlash in
the US that he is essentially untouchable.

~~~
r12s
The threat doesn't need to be as extreme (or binary) as assassination,
presumably you mean by a government? Incarceration in a Federal prison and/or
torture under questioning are imho personal threats to safety. And cynically I
believe any "backlash" would last about as long as the media cycle at the
time.

------
MichaelMoser123
Snowden mentioned that a report for the UN General assembly found mass
surveillance in conflict with international law (the 'International Covenant
on Civil and Political Rights')

Here is some more information:

[http://www.theguardian.com/world/2014/oct/15/internet-
survei...](http://www.theguardian.com/world/2014/oct/15/internet-surveillance-
report-edward-snowden-leaks)

[http://en.wikipedia.org/wiki/International_Covenant_on_Civil...](http://en.wikipedia.org/wiki/International_Covenant_on_Civil_and_Political_Rights)

------
curiousgeorgio
Off topic, but Snowden's face seems to look "fake" in an interesting way...
maybe it's makeup, the lighting, video compression, or a combination of those
things... and his out-of-sync audio seems to enhance the synthetic feeling -
for me anyway.

Of course his physical appearance isn't important to the topic of the
interview, but maybe a part of me wishes that Edward Snowden was really a CG
persona/face created to represent an anonymous group of whistleblowers.

~~~
foobarlicious
There are filters on Hangout now and the default one that gets selected even
if you don't want is "Enhanced" and it clears blemishes and gives you this CG-
like look.

~~~
walrus
That's really weird. I wonder what drove the decision to make that default.

~~~
tatterdemalion
AB testing.

------
accounthere
Why is he using Google Hangouts? That sounds like trouble.

~~~
tomp
It's not like he has anything (more) to hide.

~~~
correcthorse
His location?

~~~
tomp
I'm pretty sure he has dozens of agents (both Russian and American) following
him 24-7. That's the only way for him to stay alive and not be kidnapped by an
"adversary" (e.g. China).

------
relate
At 48:55 (
[https://www.youtube.com/watch?v=o_Sr96TFQQE#t=2933](https://www.youtube.com/watch?v=o_Sr96TFQQE#t=2933)
) Snowden says you cannot control who uses the backdoors.

I assume he is referring to malicious bugs and simple/sloppy backdoors? For
example, if I append my public ssh key to someones .ssh/authorized_keys, it's
not a backdoor anyone else could use.

~~~
thesteamboat
I think he's speaking more broadly about (government) backdoors baked into
devices at the factory level, on a widespread scale.

------
johanzebin
It's weird that Mr. Lessig refers to cryptography as "physics" instead of
mathematics around 28:15 :-).

~~~
jMyles
I've been wrestling in my head about which parts are physics and which parts
are mathematics.

Especially from an epistemological perspective: Can we know, for example, that
encryption becomes easier / cheaper more quickly than brute-force decryption
because, in some sense, the physics of the universe have it that way?

~~~
presumeaway
Which is philosophy.

~~~
jMyles
Sure, but if it's true that this is the nature of the mechanics of the
universe, that's physics, right?

~~~
cm127
[http://en.wikipedia.org/wiki/Limits_to_computation](http://en.wikipedia.org/wiki/Limits_to_computation)

------
percept
[https://www.youtube.com/watch?v=o_Sr96TFQQE](https://www.youtube.com/watch?v=o_Sr96TFQQE)

------
johanzebin
no comment?

