
The Snowden Legacy, part one: What’s changed, really? - tnorthcutt
https://arstechnica.com/tech-policy/2018/11/the-snowden-legacy-part-one-whats-changed-really/
======
lumberjack
Everyone is very aware of private mass surveillance now. Everyone knows that
they are being tracked in their daily lives by Google and Facebook and they
know in which way the are being tracked too. So maybe, not much changed in
terms of laws but people are significantly more aware now. What used to be
conspiracy theory is now accepted fact. Stallman is no longer the butt of the
joke. Technologists that used to dismiss privacy concerns can no longer do so.

~~~
metildaa
Yeah, my brother commented to me that in retrospect, my consistent objection
to handing over my drivers license/SSN and other personal details needlessly
wasn't crazy (which at the time he considered odd behaviour).

After working with the credit bureaus, I don't llike giving out enough info
for anyone to mess up my personal life. For example, even the front of a
drivers license without the license number is enough info for fraudulent
creditors to wreck your credit.

~~~
Nasrudith
Forget government agencies - anyone not afraid of giving them away is a
fucking moron for identity theft reasons alone. Which I believe demonstrates a
fundemtnal problem with how the system works - that the burden is even on the
individual instead of the crediter is itself a problem.

If a schoolboy orders 3000 pizzas in your name that isn't your problem but the
pizza place's problem. So why the /hell/ do we consider it different with big
banks except for the general stupid human tendency to hold people in power to
lesser standards?

~~~
ironic_ali
Banks employ lobbyists and hand out more than pizzas to politicians?

------
superkuh
It doesn't really help the issue at large but in my personal life it was nice
to say, "I told you so." and not get called a crazy person anymore.

~~~
motohagiography
Worked in security for over decade before Snowden, kept finding things I
couldn't talk about, knowing I'd found the tip of an iceberg in many places
without being able to piece it together. When it all came out, was relieved
not to be nuts, and was more interested in what regular people thought of the
whole thing.

Normal people know what "parallel construction," is and how elected
governments will use these systems for political ends.

What I don't understand is why it's not a bigger public issue with all the
controversy around the current U.S. president. The scenario where a radical
takes power and has control of these systems was the precise nightmare
scenario everyone was concerned about, and yet mass surveillance just isn't a
part of the popular discourse in the culture war.

Is it because the other team wants to use it too, or is it because the current
perceived radical tyrant isn't dangerous enough?

~~~
saint_fiasco
Fortunately Trump's supporters aren't fans of the intelligence community
either, maybe partly thanks to Snowden.

~~~
jacobush
Oh, they just want the intelligence community to spy on and murder who the
president points at. To shut up and do what they are told.

~~~
detcader
It's more accurate to say "the king". People still want a king. I hope Trump
critics can start identifying this soon...

~~~
jacobush
It reminds of the biblical story of Israel, when the people were fed up with
the corruption of the judges, who ruled the land. The judges were a sort of a
"checks and balances" system. The people were not happy with the sorry state
of the system. They said, other countries have kings and order, we want one
too. So the most prominent prophet listened to the will of the people and
said, "ok, you will have a king, I will anoint one for you, you might not like
what you get though".

To me the current situation rings like an echo of that, people want strong
leaders to fix their problems.

"History never repeats, but it rhymes" \-- probably not Mark Twain

------
lifeisstillgood
He (and Greenwald etc) moved the reality of mass surveillance in the West from
somewhere between "it happens in other countries, but not here where we are
Free" past "tinfoil hat derision" and into to a reality that we have to accept
and deal with.

For one person, it's quite an achievement.

As for what has changed, Only in the movies would there be a neat resolution,
and we go back to being safe.

We can never go back. But at least we know where we are. Fixing it is now our
problem.

~~~
stirlo
^This

The people of the west can no longer look at China/Iran/Russia and say they're
police states without looking at what they've allowed in their own countries.
Once China's "Social Credit" system is in full force and in the governments
eyes working well (undoubtedly crime/social tension will decrease, at the cost
of freedom) will the west start copying these technologies just like their spy
agencies did after 9/11?

~~~
zzzcpan
Social credit is already a thing for the people of the west. Where people have
to pass various checks for everyday things, so that ideologically wrong people
could get punished and removed from ideologically right circles by not
allowing them to get decent jobs and decent places to live.

~~~
lifeisstillgood
Social Credit is merely a virtual representation of something that is already
very real. Our reputations precede us, a decade of hard drinking, abuse and
fighting in pubs will earn you a social score amoungst your local area, as
will a decade of volunteer work with a local charity.

Putting those online is not inherently a stupid or bad thing. Putting them
online without a means to view them, without controls on who can view them,
without ability to redress wrongs or corrections, without institutions that
support it, yes that's crazy.

We are never going back to a world where only your neighbours knew what you
were like, but we do not either have to go to a world where only the Stasi or
ad-tech firms do too.

~~~
whatshisface
Nobody seriously thinks that the Chinese system is your "local reputation,"
it's an East-German style reporting system where everyone informs on everyone
else and only the state's interests are served.

~~~
lifeisstillgood
Yes, I know. But the point is that a cctv camera that is accessible only to
the police is the same camera that is open to the web. It's the use not the
technology.

------
throw2016
Nothing, and no one cares. It's like the aged grandfather wheeled out at
special occasions to reassure everyone they care, and promptly wheeled back
out of sight. Life goes on.

Snowden is an embarrassment for those who use human rights, freedom and
democracy to further other interests. Hence the deafening silence. The entire
ecosystem that supports dissenters with asylum, grand freedom narratives and
wall to wall coverage about evil regimes and heroic protest closed shop for
Snowden, Assange, Manning and others.

Imagine the hysteria of the 'free world' in unison against the totalitarian
chinese if there was no Snowden and a chinese dissenter leaked something like
this, and his or her subsequent global fame as a defender of freedom. Now look
as Snowden stranded in Russia and Assange in the Ecuador embassy. That is the
pathetic state of pretension.

And instead of demonizing others and filling pages upon pages scaremongering
about totalitarian surveillance vs democracy, its surveillance that is being
demoted to a lesser transgression, even something 'acceptable' if not
'necessary', and that's what Snowden changed.

~~~
scottlocklin
It's amazing and almost completely unremarked how pwned the NGOs are by
western intel agencies. I mean some of them have always been known to be spook
outposts (Freedom house), but ... it seems virtually all of them are.

------
incomplete
this, and pretty much only this:

"Suddenly, everybody knows, and nothing's changed," security technologist and
author Bruce Schneier told Ars. "It was never a campaign issue. We tried to
make it one. We failed... the subsequent changes are very small."

~~~
JumpCrisscross
> _nothing 's changed_

2FA, E2E communications, TLS everywhere, tightening security on our phones and
computers, Congress rolling back some of the NSA’s dragnet powers, allied
countries switching to open source and re-evaluating intelligence sharing
agreements, and a sharp rise in VPN use is nothing?

~~~
auslander
> E2E communications

What popular by masses E2E encrypted comms are there?

~~~
GuiA
I’m surprised by the amount of my non techie friends who are using Signal.

~~~
godelski
I try to get all my friends to use it. Since a lot like to use WhatsApp anyway
it usually isn't too hard. But Signal doesn't have a push from a big company
like WA does. Generally it is my friends from India that I can't move, because
all of their communication is done with WA anyway. But it doesn't seem
unreasonable to me that such a stronghold could happen for Signal too. But it
needs to be spread by word of mouth.

------
nabla9
Snowden revealed that big companies voluntarily cooperated with NSA+CIA (with
the exception of Twitter) and provided api's for snooping.

It would be nice to see if things have changed behind the scenes. My hope is
that more of them are just complying with court orders and refuse cooperating
with mass surveillance. Mass surveillance without cooperation is very
expensive and don't always work.

~~~
lern_too_spel
No, Snowden "revealed" the big tech companies voluntarily cooperated with the
FBI. In quotes because we already knew that. PRISM simply takes data that the
FBI requested via court order and ingests it into NSA data processing system.

~~~
acct1771
No, we didn't. We believed it. Media portrayed it.

Now, we know it.

~~~
lern_too_spel
No, we knew it. The FBI has always had the ability to get data from
communications companies for specific subscribers via a court order. This is
as true for email and chat as it is for phones.

~~~
acct1771
Certain cases via court order is different than firehose.

~~~
lern_too_spel
Certain cases via court order is what was and is happening. The FBI has never
had a firehose, and Snowden's documents didn't say otherwise.

------
cuspycode
People who spy on their own countrymen should be regarded as traitors, in my
opinion. And they should be prosecuted as traitors, and punished as traitors.
However, the theory of the "Deep State" and its influences makes it difficult
to accomplish this. How can we fix this?

~~~
chasil
There is a very specific constitutional definition of treason. Another class
of crime should likely be used.

Section 3. Treason against the United States, shall consist only in levying
war against them, or in adhering to their enemies, giving them aid and
comfort. No person shall be convicted of treason unless on the testimony of
two witnesses to the same overt act, or on confession in open court.

The Congress shall have power to declare the punishment of treason, but no
attainder of treason shall work corruption of blood, or forfeiture except
during the life of the person attainted.

~~~
acct1771
Regarded as traitor doesn't mean we can indict as a traitor.

------
M2Ys4U
I'm slightly surprised that neither the article nor commenters here have
mentioned Safe Harbor (or Privacy Shield).

Well, maybe not _that_ surprised, this is a very American-centric community.

Snowden's revelations had a direct effect on transatlantic ties, with the
Court of Justice of the European Union holding that the EU-US Safe Harbor
system violated the essence of the right to a private life. That's a big deal,
and it's a very important piece of case law here now. I'm not sure if Schrems
would have been able to make his case without those details being made public.

------
rubatuga
Just a comment to ask general HN members, do you think the Snowden legacy has
resulted in a more stressful world? As they say, ignorance is bliss, but
Snowden's allegations have forced the public to realize the extent of the
surveillance being conducted. Humans (and crows) become stressed when being
observed by others, and this could mean citizens now have a higher stress
rate. Could it be that Snowden's legacy has resulted in a decrease in net
productivity from stressed Americans?

~~~
auslander
Not an American :) But it pushed me to un-google myself and switch all my data
to Apple. They do security properly. I have not a single byte of Google code
on all my desk/laptops and phones. No Chrome, no Android, no Gmail, no Google
Maps.

I do feel less stressed now, because i _was_ aware of what he made public. As
for general public, I believe it _added_ stress, and it is right thing, it
might lead to some changes, and slow down surveillance apparatus.

------
detcader
Whistleblowing always makes it more difficult for the human rights violators.
Some of these people will finish their workday in government or tech companies
and be with families and friends who really don't care about their actions,
but even then, they still have to wonder and worry.

"Do they think I'm spying on them, after Snowden reported that NSA men passed
around private images of girls they found? Will I be named in the history
books as a monster?"

It's always worth it. It's karma.

------
JoshCalbet
Now we have letsencrypt.org

~~~
metildaa
And more and more normal people are on Signal & Riot. Hopefully Briar and
Mastodon continue to improve, Briar for metadata free chats would be a great
thing to normalize.

~~~
mycall
Do both signal and riot work on matrix.org?

~~~
int_19h
Riot is a Matrix client. Signal is not.

------
auslander
Snowden's stuff is about how _Gov_ sources your data. That is a good start,
but is only one part of the problem.

We need another Snowden to leak how _corporations_ source, aggregate and store
your data. A whistleblower from inside Google/Facebook/AdTech/CDNs.

------
_asummers
Semi off topic, but I used to work with his girlfriend 10 years ago or so. It
was really strange seeing pictures of her and Snowden pop up in my Facebook
feed, and even stranger seeing her on the stage of the Oscars for Citizen
Four.

------
atoav
Snowden and Trump both showed how brittle the societies are that we are living
in

------
Theodores
By analogy...

Our relationship with shops has changed over the last 30 years thanks to CCTV
(affordable webcams) and point of sale systems. We went from an era where we
were not expected to be 'filmed as we shopped' to taking it for granted.

In the pre-CCTV days different strategies were needed for preventing slippage.
Helpful shop assistants would ask suspicious customers if they 'needed any
help'. Having stock locked away in glass fronted cabinets helped too, having
all the goodies behind the counter or in hard to get to window displays helped
too. There was a lot more going on than physical security though.

If your prices were actually reasonable and if everyone in town loved your
store then you wouldn't get robbed. Being locally owned rather than part of a
chain helped as theft from a big chain could be imagined to be only costing
some notional insurance company (in a thief's mind wanting to justify
stealing). Community also mattered in that nobody wants to steal from a shop
they rely on, so getting barred from the local newsagents was not a desirable
outcome. Nobody would steal a packet of sweets from a shopkeeper who they knew
the name of and depended on for their daily newspaper/milk/fags/top-shelf
magazines. Kids could be watched or only allowed in two at a time, adults
could be trusted due to soft levers of trust.

Nowadays though you just wouldn't have a fortune in stock laid out ready for
people to slip into their pockets, you would have CCTV, on every aisle, from
both sides and from both directions. You would have some outsourced security
contractor monitoring the CCTV and telling staff if they needed to apprehend
anyone. There would be no 'he said vs shopkeeper said' discussion with the
police, CCTV does the evidence providing bit.

The thing is that the CCTV works without anyone looking at the monitor
screens. The 'smile you are on CCTV' signs are a huge part of it. They instil
fear in the souls of the shoplifter. Coupled with this there is no need for
patrons to actually know the staff or for them to know neighbours that could
also be shopping. With increased mobility (people shop far and wide these
days) the nature of shopping has changed.

The difference that the Snowden leaks have made is that we now know that the
CCTV is 'everywhere', in our email and phone calls too. This ubiquitous spying
works in a similar way to CCTV in retail - behaviour is controlled. We accept
CCTV in retail in part because we want our pint of milk (or whatever it is)
and there is no option to buy what we need from places that don't have CCTV.
We are not going to buy a pasture and get a herd of cows going just to have
that spot of milk in our tea. CCTV can't be objected to. Similarly in post-
Snowden world we still have needs to communicate and we just have to accept
the spying. That is what has changed, an acceptance of it.

