Hacker News new | past | comments | ask | show | jobs | submit login
Edward Snowden at IETF 93 (gist.github.com)
442 points by grey-area on Aug 14, 2015 | hide | past | favorite | 139 comments



I think it's a shame how mainstream media suggests that Snowden is a "coward" for not "coming home to face his charges." It's clear that he released confidential docs to reporters and this would be incredibly easy to prove in court, thereby landing him in prison for the rest of his life. I don't know any sane person that would surrender to this type of treatment, considering that he wouldn't be able to defend his actions legally. Stay on the run, Ed. Thank you for releasing this information so that the American public has some idea of the degree to which we are electronically surveilled on a daily basis.


Agreed, did you see https://petitions.whitehouse.gov/petition/pardon-edward-snow...

> If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and -- importantly -- accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers -- not hide behind the cover of an authoritarian regime. Right now, he's running away from the consequences of his actions.

Ridiculous. They literally don't know what "whistleblower" means.

"Go to prison because you deserve it in our clearly unjust system" ...the gall.


Exactly! I did see the response to the petition and thought the exact same thing. The government is pretty much saying, "We know what you did was just. But you broke the law, so come back to suffer in federal prison."

"In the land of the free and the home of the brave..." Haha. Ed Snowden is brave and we are freer as Americans knowing what the government is capable of when it comes to electronic surveillance.


Are we ? The mass Internet surveillance by the u.s. gov was known well before snowden [1], albeit the specific actors were not. Post snowden I've seen public outcry lead to a destabilization of NSA meanwhile private corporations are collecting more data than ever--is this really freer?

[1] https://en.m.wikipedia.org/wiki/Room_641A


Awesome point. When I used the term "freer" I was suggesting that we were freer because even laypeople now KNOW about electronic surveillance practices. But I'm not sure we are actually "free" in any sense of the word, we just know we are constantly being watched. The reality is complicated and unfortunate. Words like "free" or "freedom" will sadly never be appropriate.


Room 641A was passed off as anomaly, a one off. It was also questioned and all too easily dismissed. The magnitude of room 641a, a 'once off' and the snowden leaks are totally different.

Clapper and Alexander lying to congressional hearings too. There's no comparison.

> private corporations are collecting more data than ever

This has always been inevitable, if at some point the amount of data about ANYTHING decreases I'll surprised.

The 'freedom' that emerged from the snowden leaks was the ability to discuss and mitigate the implications of these facts without being dismissed as a crank.


I hope in case he were captured and faced a trial, it would give a sentiment of urgency for pro-Snowden people to demomstrate together in a sufficiently massive way. It probably wouldn't lessen the judgement, just show that there's controversy.


Not just prison, the "Espionage Act of 1917", which is he charged with, has death penalty as a possible punishment.

And it is pretty clear that he is guilty of this law. Not much room for whistleblowers in a wartime law.


Good point. I assumed prison was the most likely outcome if he came back, but you're right, it is possible that he could receive the death penalty. Granted, I doubt the government would use the death penalty to prevent him from going down as a "martyr."


People (in fact only a small section) quickly forget "martyr"s and the government could take a bet on that with confidence.


The US has promised not to seek the death penalty if he returns to face trial.


Oh well if they promised then I'm sure there's absolutely nothing to worry about.


The crimes he's charged with are actually not eligible for the death sentence and the Attorney General promised not to seek the death penalty even if future additional charges do make that possible. Not really sure what else you want.


US government officials have been caught lying countless times when it comes to "national security" issues. What gives this particular promise any credibility?

Is this "promise" legally binding? What about the next Attorney General? Or the next one?

Even if he isn't executed, he could be physically and psychologically tortured. I'm not sure if you know much about the US prison system, but this is a common and officially sanctioned practice. Many people would consider a lifetime of torture to be a worse punishment than execution.


>The crimes he's charged with are actually not eligible for the death sentence and the Attorney General promised not to seek the death penalty even if future additional charges do make that possible. Not really sure what else you want.

I don't think there's any assurance or promise the US government could offer short of a full pardon that would be sufficient. The US, especially in areas of human rights and national security, is not a trustworthy entity.


They could instead award him 300+ years in jail.


they also promised the monitoring wouldn't be used on US citizens.


>> If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and -- importantly -- accept the consequences of his actions.

basically the government (caught red handed in violation of fundamental rights of the people) insists how civil disobedience must be done where is the main point of civil disobedience is ...? In particular interesting how they're trying to insist that civil disobedience can't be without martyrdom, and thus implicitly they try to scare people away from civil disobedience. Nice.

>Right now, he's running away from the consequences of his actions.

right now he is suffering from consequences of his actions - he sacrificed his good life in the US.


There have been plenty of abuses that came to light without the person who exposed them going to jail. There have even been NSA whistleblowers that stayed in the US and didn't get prosecuted (see e.g. William Binney, who has called Snowden a traitor http://www.businessinsider.com/william-binney-and-snowden-tr...).


A little disingenuous considering in that linked article Binney states that it was more the publishing of certain content he disagreed with and not Snowden's actions.

It looks like he still strongly supports what Snowden did.

I also think Binney's case is a bit different - when you don't leak the actual documents the intelligence agencies can (and do) just lie. If not an outright lie it'll be a carefully stated misleading truth ('not in this program'). Snowden's leak is a bigger deal to the intelligence agencies because he has the actual documents and they don't know what he took which makes it hard to influence the story (since it's easier to be definitively caught).

Putting Binney in prison would have likely attracted more attention than not.

John Kerry and other people requesting Snowden to come to the US to stand trial are ignoring that what he did isn't a question of whether it was legal (it wasn't), but if it was right. You won't win a trial on principle when it's the law that's the problem.


>A little disingenuous considering in that linked article Binney states that it was more the publishing of certain content he disagreed with and not Snowden's actions.

That was a direct result of Snowden's actions. I don't see the argument that his exposing the US spying on other countries is "right", and deserves a pardon. If he had only leaked local surveillance, I'd have a weaker case.

>You won't win a trial on principle when it's the law that's the problem.

If the problem was that he disagreed with the law, in the US, the way to change laws you disagree with is through the political process. Not by breaking them then demanding a pardon.


I can understand there's an argument that the scope of the documents leaked is too broad and how someone could think trusting the selective publishing to journalists isn't good enough. I think Binney was arguing that it was the journalists responsibility not to publish materials out of scope.

That said, I suspect it's broad because it's hard to be selective internally without arousing suspicion and part of the leak was the scale of the operation itself - but that's not a great defense.

>If the problem was that he disagreed with the law, in the US, the way to change laws you disagree with is through the political process. Not by breaking them then demanding a pardon.

I think the core problem is actually deeper than this. When you have secret courts and secret interpretations of secret laws you don't have a process to change them. Part of leak was to bring this into the public view - given the incentives, politics and the existing laws surrounding the sharing of classified information I don't see another way this could have been done. Mass surveillance should minimally be a public decision - the secrecy surrounding it is dangerous.


>When you have secret courts and secret interpretations of secret laws you don't have a process to change them.

Technically there's internal whistleblowing. Besides, the fact that there are secret courts wasn't secret, so you could campaign against having those courts be secret. If there's anything being done that actually violates the law, you'd have full whistleblower protection (if you go through official channels). If it's just your disagreement with the law, you can act against that (as the EFF had been doing for years before Snowden) without breaking it.


"Not by breaking them then demanding a pardon."

You can't change the laws through the political process when disclosure of the laws is illegal.

Further, Snowden is not demanding a pardon - we are demanding Snowden be pardoned.


I addressed that elsewhere in the thread. The laws aren't secret, it's the court rulings that are secret. The fact that there's a secret court is known, though. So you could campaign against that court without leaking classified information.

Imagine a world in which Snowden resigned, then publically pushed for unclassifying all FISA court rulings, with the obvious implication (or he could even say explicitly) that he saw things there that shouldn't be secret.

He could even tell members of Congress with clearances and get them to announce it publicly in Congress, which effectively legally brings it into the public record (something like that happened with the Pentagon papers).


"I addressed that elsewhere in the thread. The laws aren't secret, it's the court rulings that are secret. The fact that there's a secret court is known, though. So you could campaign against that court without leaking classified information."

The text of the laws was public. But the NSA decided that those laws meant something radically different than what was written down.

Per my understanding, mostly that did not have involvement from the FISA court.


I think most of it did; could you give a specific program that you're thinking of?

In any event, certainly much of what he published was unambiguously legal.



As I posted in the HN thread about the petition, it's worth noting that Snowden has already been in effective exile for longer than Martin Luther King, Jr spent in jail over his entire life. What are the odds that Snowden is facing the same order of magnitude of punishment, were he to return home?

This is not to diminish the work of Dr. King but to say that the tactics he employed and decisions he made were made in a dramatically different context, where the way he could stay most involved and get the most done was to spend some time in jail. Snowden has stayed more involved from abroad than he would have been able to from where they'd have thrown him.


They know what whistleblower means, they just don't agree with it. Being on power and being transparent are simply not compatible on this day and age. Unless you are dutch, pretty much the exception to the rule


Ad-hominem attacks usually say more about the sender than the receiver. "Coward" in particular has historically been most often employed against conscientious objectors and others who don't want to kill strangers in someone else's war, thus risking their reputations, employment, and freedom. The people making this attack today are appealing to those who grew up with conscription (forced violent labor) who mostly either think it's normal or lack the courage to speak out. And the people/media repeating it either enthusiastically or uncritically are announcing their own positions. So ad-hominem attacks can actually be quite illuminating, though not in the way the attacker intended.


I think this is something reasonable people can disagree about.

The rule of law should apply to everyone equally. I get that Ed Snowden is a likable guy and the documents he released may even have been a force of positive change in the world, but that doesn't necessarily absolve him of having to face trial. You can't go easy on him just because you agree with his politics.

Our whistleblowing laws are woefully inadequate, but I think it's generally a good thing that random government contractors aren't allowed to unilaterally declassify national security programs because they personally don't agree with them. It's easy to imagine examples where this would lead to a very bad situation.


Ok, many members of the Bush administration ordered torture and medical experimentation on human beings, a flat out war crime.

James Clapper lied under oath to Congress.

Hillary Clinton kept classified material on a personal server at her house.

These are all serious crimes with plenty of publicly available evidence that they were committed. The people who committed them are all inside the country and easy to find, so charging and arresting them wouldn't be difficult.

So where's the outrage from all the "rule of law" folks? Why aren't these well known fugitives ever mentioned alongside Snowden?


> many members of the Bush administration ordered torture and medical experimentation on human beings

The way you phrased this made me curious, so I looked it up. I don't know if it was your intention, but the way you phrased it made it sound like they were preforming medical procedures, possibly heinous medical procedures. In fact, the experiments were collecting data[0]:

"...and crossed the line into human experimentation by collecting and analyzing data that were then used to refine harsh interrogation techniques, including sleep deprivation and waterboarding..."

Don't get me wrong, I don't agree with it, but I had visions of people having limbs attached to them, superhuman drugs injected into them, and death left and right, like some kind of V for Vendetta shit. This does not seem to be the case.

[0] http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2917950/



I think all those people should be investigated and, if there's evidence, prosecuted. I've never said differently. But Hillary Clinton's email server truly has nothing to do with Edward Snowden. She was not involved in the crimes he is alleged to have committed so it has no bearing on his case.


It does have a bearing on Edward Snowden given that we demonstrably do NOT have actual rule of law. The intelligence agencies have clearly compromised the integrity of our justice system, which ensures Snowden would not be treated fairly.

Until the system can show it's worthy of our trust by pursuing powerful people who flagrantly violate the law in the public view, there is no reasonable argument that Snowden should be subjected to its plainly unequal notion of justice.


> there is no reasonable argument that Snowden should be subjected to its plainly unequal notion of justice.

Couldn't everyone accused of any crime use that excuse?


Presumably, yes! Which is why it's so important for the law to be impartial and apply equally to everyone, especially the rich and the powerful.


> The rule of law should apply to everyone equally. I get that Ed Snowden is a likable guy and the documents he released may even have been a force of positive change in the world, but that doesn't necessarily absolve him of having to face trial. You can't go easy on him just because you agree with his politics.

Its pretty clear the rule of law doesn't apply to our intelligence services. How about you work on that first before going after the little guy?

http://www.telegraph.co.uk/news/worldnews/northamerica/usa/1...

http://www.ft.com/cms/s/0/bfa9ada4-81e6-11e4-b9d0-00144feabd...

http://www.usatoday.com/story/news/nation/2013/08/04/fbi-inf...

Get back to us when all that sees a court room, kay?


>The rule of law should apply to everyone equally

Then start with the little incident that happened around 2008 that did far more damage to the average American. Also, hasn't Obama admitted to smoking pot? He is currently in a far greater position to damage the US and should be thoroughly punished for his crimes. What about Clinton and her emails? And if I started listing the skeletons in the closet of Congress we would be here for weeks.

Rule of law has ALWAYS been selectively applied.


No one gets arrested for saying they've smoked pot. Its for possession usually. Theres a difference.


The petition was for a pardon. The law allows for pardon. Issuing a pardon would in no way undermine "the rule of law".


While he shouldn't be absolved... he shouldn't be charged with war crimes or espionage in this case. There are many other things he could be charged with allowing for a reasonable defense.


War crimes? That seems like a stretch.

He's charged with theft of gov't property, unauthorized communication of national defense information, and willful disclosure of classified intelligence. You can view the charging document here: http://apps.washingtonpost.com/g/documents/world/us-vs-edwar...

What is the more appropriate charge you think should have been levied instead?


Look at section 793... IIRC that can carry the death penalty.


What I wonder is where the line is for people who automatically defer to government authority in these situations. How bad do the transgressions have to be before a whistleblower is justified in coming forward through any means necessary? For many, spying on billions of innocent people in direct violation of the country's constitution isn't sufficient, so what would be? What if Snowden had instead revealed proof of plans to carry out genocide or stage a military coup? Would he still be a traitor? Would he still be expected to "face the music" and go to jail? Where's the line?


> "...in direct violation of the country's constitution..."

I'm too lazy to try and verify this myself. You seem to have information on how to verify this. Can you point me in at least a vague general direction so I can read up more on it?



This didn't answer my question.

> "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

What was violated here? Break it down for me.


I don't follow much but I haven't noticed Snowden being shamed in media in Europe.

US media call him a coward for exposing how much effort their government puts into breaking citizens' privacy, and then GTFOing from the country? That's not a stand one can come to while having brain in the head. To have media so much aligned with government witch-hunting seems borderline Russian.


I like Snowden's final conclusion:

> if the internet and technology does become a danger to us in the future, it's our own fault because we decided not to participate and we let other groups and other influences to decide for us rather than being part of it [...]

Before that, he argues that more people should involve themselves more in the IETF and similar groups:

> [...] However, when you look at the IETF, they literally don't make a decision unless it's based on consensus. There are no requirements. There are no academic standards or qualifications that anybody has to meet before they can be involved in a working group. Literally, anyone can join, anyone can participate in the process, anyone can make themselves heard, anyone can influence the standards that we develop, put forth, and decide. [...] It's a more inclusive community than it ever has been before [...]


>>> if the internet and technology does become a danger.

Not sure what his context for this is, but one could easily argue we're already here.


The context is the last question, asked by journalist Monika Ermert:

> So hi-tech is likely always going to be a domain where a few experts will have the knowledge to understand and control the system. Could it be that the use of hi-tech fundamentally undermines democratic society or kind of – how can we do something to educate users or...


When Snowden exposed facts about MAC addresses, it's very scary knowing that IoT is coming in our life. I'd like to have a firmware for wireless electronic devices that can use a random MAC address every thirty minutes without using actual spoofing tools that are easy to use only on desktop/laptop/smartphone. I want the same tools for my bluetooth headset, my car wireless devices and so on...


This is the first time I've read his point of view first hand and actually listened to his presentation. He seems to be incredibly smart and well-versed in his subject domain.


You should take the time and watch the documentary. Its a good perspective of his intentions. You can walk away from it with your own opinions if he did the "right" thing.


That was the reaction of many people in the room too; he came across as not only smart and well-considered, but also deeply technical.


I'm always struck by the strange cognitive dissonance US law has for corporate whistleblowers vs governmental whistleblowers. How can you recognize the value of one while dismissing the value of the other? It's not like a whistleblower defense is a get-out-of-jail-free card either, as you must prove that what you did was actually in the public interest. It's a shame that there's no movement for reform in this area, because ultimately it would be very interesting to see Snowden return to the US for a "fair trial" and see the public response (both within the US and globally) to the outcome.


Law at both federal and state levels (in most states) has fairly strong protection for government whistleblowers in general; the Espionage Act specifically lacks whistleblower provisions, which certainly presents an issue when whistleblowing relates to the kind of defense-related information to which the Espionage Act applies, but that's not indicative of a general approach in law to government whistleblowers.


This doesn't strike me as cognitive dissonance. From the government's perspective, Snowden didn't reveal illegal activity and so is not a whistleblower.


The bulk collection of phone metadata (which he exposed) was subsequently ruled unlawful: http://www.theguardian.com/us-news/2015/may/07/nsa-phone-rec...


That's great and all, but what about the other one million+ documents he absconded with not related to the phone metadata record collection?

At what point does he cease being a whistle blower?


The phone metadata is just a small part of the lawless behaviour of intelligence services he released proof of to journalists. For example he also released proof of industrial espionage (Petrobras), political spying during negotiations (Belgacom), of tapping internet traffic indiscriminately (Tempora), of undermining encryption standards(Bullrun), installing malware on routers, of personnel misusing selectors to target their loved ones with impunity.

Perhaps you believe in your country right or wrong, but many don't nowadays, many feel little allegiance to national boundaries or national agencies which actively undermine our society.

What I find most interesting here is that this attempt by security agencies to collect it all actually means that their operation can be compromised by the smallest cogs in their machine whom they foolishly gave full access to. You can be absolutely sure that if Snowden walked out with this data, Chinese, Russian and other spies have the whole trove as well dating back years, because their security around private contractors was awful - GCHQ shared all this with the US without restraint, and of course all their data is now open to the world. So the ambition to collect it all and the entire collection of data (including data on western judges, politicans etc etc) is actually highly damaging to national security, even if you believe that flimsy excuse.

At some point if you're exposed to all this you might feel you have to take sides with humanity and take a stand, before these tools are used for widespread repression. At that point you start being a whistleblower, and your life will probably be destroyed by the powers that be (as his has been, or as Binney's was), because they now have that power.

http://www.nytimes.com/video/opinion/100000001733041/the-pro...

I think the biggest lesson from Snowden is not technical, but the simple argument that the power of state and citizen must be in balance for society to function, and we must constantly guard against the state aggrandising power, because that is in its nature.


I feel like this isn't a bad point. Anyone have a response because the whistlerblower tag gets used a lot but he did release a lot that seemed to be normal spying.


His argument was that it should be not his decision whether releasing a document is in the public interest, but rather something journalists should take care of (although he did select those journalists himself, so it's not fair to say it's a completely independent process).

Still better than a full dump à la WkiLeaks, but the big question is whether the journalists have the OpSec skills to avoid leaking the documents to other governments.


That is an awful defense. You can't just dump all the documents on a journalist and then blame the journalist for what is being released.

It doesn't matter if it was directly or through an intermediary, everything that Snowden gave to journalists, Snowden leaked to the public.


I'm not saying that he shouldn't be held responsible if all of those documents were to leak. He did, however, specifically select journalists who already experienced heavy surveillance from state actors and had at least some knowledge of proper OpSec and encryption to mitigate this risk to some degree. He acknowledged that it could leak, but still thought it's a risk worth taking (I can't remember his exact words, I think it was brought up in an interview.)


Greenwald couldn't figure out how to use PGP on his own and then frequently communicated via CryptoCat. His OpSec skills at the time of the leak were questionable at best.


Why should he be the one to decide if the leaking of over a million highly classified documents is a "risk worth taking" to inform Americans of the phone metadata program? Doesn't that seem just odd to you? If I wanted to blow the whistle on a program I thought was illegal, I'd gather supporting documents and evidence of that one program (to include supposed emails I had sent in an attempt to follow the proper "channels" for reporting illegal activity - which in Snowden's case are conspicuously absent from the data he stole) so as to not discredit my work/sacrifice by leaking magnitudes more than I needed to.

Why not just leak documents related to that one issue? If he had, I would not hesitate in the least to call him a whistle blower, and in fact I think he'd be living as a free man right now if that were the case.


First, the reason is because this whistle blowing was /necessary/ due to a /lack of oversight/ and to a lack of eventual release for that oversight to the public.

Second, we don't know the number of potential documents, nor how they may have been divided among those to whom they were disseminated.

Addressing the first point, it should take work and review, on an ongoing basis, to re-affirm the classification of that material. By default there should be a /reasonable/ and /short/ expiration time. If it costs too much to keep those secrets than that in and of it's self is a reason for not HAVING so many secrets to keep!

The cost, otherwise, is to our freedoms; to the very liberty for which our government is supposed to be protecting.


https://en.wikipedia.org/wiki/Whistleblower

"or threat to public interest"

It doesn't have to be illegal.


Clapper and Alexander lying to congress is illegal.


> I'm always struck by the strange cognitive dissonance US law has for corporate whistleblowers vs governmental whistleblowers.

It doesn't: there are multiple different programs for reporting perceived illegal activity. Snowden never availed himself of any of these, but instead committed espionage.


He tried. He found out that because he wasn't a government employee, those programs treated him like shit.[0]

> One of the things that has not been widely reported by journalists is that whistle-blower protection laws in the US do not protect contractors in the national security arena. There are so many holes in the laws, the protections they afford are so weak, and the processes for reporting they provide are so ineffective that they appear to be intended to discourage reporting of even the clearest wrongdoing. If I had revealed what I knew about these unconstitutional but classified programs to Congress, they could have charged me with a felony. One only need to look at the case of Thomas Drake to see how the government doesn't have a good history of handling legitimate reports of wrongdoing within the system.

> Despite this, and despite the fact that I could not legally go to the official channels that direct NSA employees have available to them, I still made tremendous efforts to report these programs to co-workers, supervisors, and anyone with the proper clearance who would listen. The reactions of those I told about the scale of the constitutional violations ranged from deeply concerned to appalled, but no one was willing to risk their jobs, families, and possibly even freedom to go through what Drake did.

[0] http://www.cnet.com/news/snowden-not-all-spying-bad-but-nsa-...

Every time I've been a contractor[1], I've been treated likewise.

[1]never been contracted out to a government agency of any level.


The legality shouldn't even be part of the conversation.

Government activity that is fascistic is usually going to be completely legal or made legal once revealed. We saw the government do this with the USA Freedom Act. Before that, they claimed to have authorization under the FISA and PATRIOT Acts. They do not want oversight, and the "abuses" are actually functioning exactly as intended. This is also why they endlessly lie to our faces about what is going on and don't get fired, even when they have been outed repeatedly.

Also, there's the documented fact [0][1] that whistleblowers at the NSA who go through the "proper channels" ultimately gets you fired, ostracized, raided, and prosecuted. So really, it's a non-starter to claim that they should have reported illegal activity.

[0]: https://en.wikipedia.org/wiki/Thomas_Andrews_Drake#Drake_act...

[1]: https://en.wikipedia.org/wiki/William_Binney_%28U.S._intelli...


> It doesn't: there are multiple different programs for reporting perceived illegal activity. Snowden never availed himself of any of these, but instead committed espionage.

These programs had been used by multiple people before, with no results. They are for show, so that people like you can point to them to show that there's "oversight".

Whistleblowing of the type done by Snowden is a last resort when there is no other option. The options you speak of are not credible avenues for change.


Think about it from the prosecution's perspective. He revealed one program that was legal at the time but later ruled illegal, dozens of programs that are entirely legal, and thousands of documents that describe ongoing work on specific targets that were also perfectly legal and incredibly sensitive. What he did was equivalent to the SPE hack, where the attackers dumped emails without regard to whether what they contained was illegal in any way but were certainly harmful to SPE.


When asked about DNSSEC, which is a forklift upgrade of a core Internet protocol that has the deliberate effect of giving NSA and GCHQ control of TLS keys for hosts in .COM, .UK, .NET, .ORG, and .IO, this was Snowden's answer:

Edward Snowden: So, I agree with you and I mean this is what's important about the IETF. Just because I say it, doesn't mean it's gospel. I can be wrong about an incredible amount of things. Nobody should trust me. Nobody should grant any sort of outsized weight to what I say.

When I talk about the NSA, I mentioned it in correlation with DANE and the DPRIVE initiative as well because the whole idea is that, yes, providing some mechanism for authentication of the responses between DNS queries is valuable. It's not an end to itself.

We still have to be able to say, "Well, all right, the certificate that you're getting from it, for a server is also reliable," and then we have to actually do more armour the requests themselves to make sure that they don’t become a new vector, they don't become manipulated.

Who knows like if eventually the DNS responses themselves that are provided through this become some sort of vulnerability because of the way they're parsed or whatever, but the whole idea is that we gotta start somewhere and then we've got to iterate from that point.

We've gotta begin building and when I think about things like DNSSEC, I don't think it's the golden age, we can solve all of the problems, but I do think that it's a start. It's better than the status quo. It's better than what we have today

And by getting the community thinking, by coming together and trying to develop some kind of solution, some kind of standard, we can start developing things that will allow us to build a bridge to the next generation of what we need to protect us against the next generation of coming attacks, and there's a lot of things that get in there. I mean cryptographic agility is one of the big hot things that we have to deal with as well.

I can barely follow this at all, but the part where he says DNSSEC is "better than the status quo" is pretty clear. The questioner responds, "so let's implement it".

Please be careful with what Snowden says. Whatever you think of his disclosures --- and most of my friends think they were brave and incredibly useful --- there is very little evidence that Snowden is qualified to advise anyone on cryptographic security, and some pretty significant evidence to the contrary.


there is very little evidence that Snowden is qualified to advise anyone on cryptographic security

I think you're poisoning the well here. I haven't seen anyone suggest we should use Snowden as a technical advisor or anything of the sort.


This is a weird response to a comment that quotes Snowden at length providing technical advice to the IETF.


From the screening arranger's words:

https://www.mnot.net/blog/2015/07/20/snowden_meets_the_ietf

   It’s important to point out that this was NOT an official
   IETF event, and neither was it giving external advocacy
   organisations a stage (as some have intimated); rather,
   it was entirely an effort of individuals, working within
   the rules for requesting a room at IETF meetings.


I do not recognize the significance of "official" versus "unofficial" IETF events. I don't think there's a meaningful distinction to be made between them. Anyone in the world can show up to an "official" event, or participate in the mailing lists. That's a good thing, but it also means that "unofficial" advocacy and advice is as important as the "official" kind.


The real point is that no advice or consultation was being made, it was purely opinion-based commentary. There is no reason to believe it will affect WG charter, and in fact The Tao of IETF explicitly notes that face-to-face WG meetings aren't of high significance to the actual WG's charter. Snowden recommending DNSSEC isn't going to suddenly suspend all rational judgment in those circles.


If you spend some quality time reading IETF mailing lists, you'll learn that it's all "opinion-based commentary". I'm a little confused as to what your argument here is. The IETF works by means of people persuading other people to support proposals. That's the entire mechanism.


I wouldn't say that Snowden was intending to provide technical (or specifically cryptographic) advice in this Q&A. I would compare it to a power user giving feedback to the engineers working on improving their software.

What he brings to the table in discussions like this is basically having worked with people on surveillance projects. He knows how they operate and where they'd look for attack vectors. I think that's valuable when you have to think about designing any system with any kind of security requirements.

He literally stated himself that what he says shouldn't be accepted as gospel, and in a later question about MITM specifically confirmed that it's not his area of expertise. I don't think there's any risk of people suddenly jumping on the DNSSEC bandwagon just because of his lukewarm support.


His support isn't lukewarm. Also: now, when DNSSEC is almost dead, is the most important time to ensure that it actually becomes fully dead. It's like a zombie. You have to cut off the head and burn the body. DNSSEC is still intact and twitching.


I wouldn't classify statements like "we gotta start somewhere and then we've got to iterate from that point" or "It's better than what we have today" as a call to action to drop everything and start implementing DNSSEC as-is right away. I would interpret it as "yes, DNSSEC improves the situation in that it provides authenticated DNS replies (which - by itself - is an improvement, even though it's no magic wand that, alone, solves the cert trust issue), but there are legitimate concerns that need to be taken care of before it becomes really useful."


"DNSSEC improves the situation" is (a) false and (b) a concession to the narrative that DNSSEC is worth doing.

Someone actively engaged in trying to prevent centralization of Internet trust, and decoupling it from the Five Eyes governments --- a worthy goal, I think --- should be adamantly against DNSSEC. But here's Snowden doing the opposite.

It's not because Snowden is disingenuous. I think he's a true-believer. It's because he doesn't understand DNSSEC.


> This is a weird response to a comment that quotes Snowden at length providing technical advice to the IETF.

Viewed another way, its a perfectly obvious and not at all weird response to a comment that quotes Snowden explicitly disclaiming that he is any particular, before providing a very vague general impression of things "like" a particular technology about which he was specifically questioned, without providing anything that looks like actual specific technical advice.


Then why is he advising the IETF? :)


Edward says this himself. Practically "Please be careful with my input". That said, his input is not nonsense. No one should take any writing at face value. Always ponder the message, the consequences and if there's an even better way.

Edward Snowden: [...] Just because I say it, doesn't mean it's gospel. I can be wrong about an incredible amount of things. Nobody should trust me. Nobody should grant any sort of outsized weight to what I say.


"... armour the requests themselves to make sure that they don't become the new vector, they don't become manipulated."

I interpreted this to mean encrypting each DNS packet.

Maybe I misread the statement?

DNSSEC of course does not protect the contents of the packet.

Instead, DNSSEC more or less is just another CA system (or an adjunct to the existing one), running over UDP.


You're confusing vanilla DNSSEC with its proposed uses/abuses. DNSSEC just enforces the trust model that was already in place (the hierarchical nature of DNS) to ensure the authority and integrity of DNS responses. It doesn't provide confidentiality because that simply doesn't work in the shared DNS forwarder+cache model we all currently depend upon, much like HTTPS renders shared HTTP caches useless (which has implications for CDNs for example).

Proposals like DANE, using TLSA records, or deploying SSHFP records on DNSSEC enabled domains, are a different kettle of fish.

Whether or not you believe in DANE really depends on whether you're willing to accept that the DNS infrastructure is already security critical. Truth be told, if I can hijack your DNS, I can get a certificate for your domain using simple domain validation... but that's true of your web server as well. There's no easy answer here.


That would be DPRIVE, which he mentioned as well -- http://datatracker.ietf.org/wg/dprive/charter/


Well, at least they are acknowledging the need.

I use my own cache, not shared with anyone. Do I really need to worry about snooping?

I also use CurveDNS with the authoritative server that serves my version of the root.zone.

Practicing my CurveDNS skills for that day when more authoritative servers are using curvedns. Not sure that day will ever come.


The current situation is that anyone can read DNS. If DNSSEC and DANE were implemented, that group would be restricted. In that sense it's better than the status quo, though admittedly only a little bit.

I'm all for implementing the perfect protocol if it exists or there is a known credible path to get there. But to my knowledge noone has proposed such a thing (namecoin maybe?), certainly not in a form that my grandmother would be likely to use.

Do you have a suggestion for how you would like to see DNS evolve to fix these issues?


No. DNSSEC does not encrypt the DNS. After DNSSEC is implemented, everyone will still be able to read DNS. The major difference will be that sites will store their TLS keys in the DNS, and will thus have vouchsafed them with a new set of CAs controlled by the Five Eyes governments.

DNSSEC isn't an imperfect protocol; it's harmful, a net loss.

And here we have Snowden twice advocating for it.


DNSSEC is not DANE. All DNSSEC does is prevent MITM injection of DNS packets which is almost certainly one of the techniques QUANTUM INSERT uses. So no surprise he thinks DNS should be hardened against it.

And as Chrome experimented with DANE then removed support for it, I don't think you have to worry about that either.

But even if you did - so what? There are CAs in areas controlled by the American and British and French and Chinese governments already. I don't see how it makes anything different.


1. He's the one who brought up DANE.

2. DNSSEC is harmful for reasons that go past DANE.

3. I am worried about DNSSEC; I think it's a more reasonable thing to be worried about w/r/t/ surveillance than 95% of what's been posted to The Intercept.

4. QUANTUM INSERT will work fine in an all-DNSSEC world.

5. You can revoke a CA. It has happened more than once. You can't revoke a TLD.

I'm happy to talk more about how I think DANE CAs are different and worse than the 20391 X509 CAs we have today, but I'm not sure you're asking me to go on at length about that.


> No. DNSSEC does not encrypt the DNS. After DNSSEC is implemented, everyone will still be able to read DNS. The major difference will be that sites will store their TLS keys in the DNS, and will thus have vouchsafed them with a new set of CAs controlled by the Five Eyes governments.

Fair enough, my knowledge of DNSSEC is limited. I thought it provided confidentiality in addition to authentication, but I see I was mistaken.

I'm still not sure how you arrive at the conclusion that it is a net loss. Which attacks will DNSSEC enable that are not possible today? If you mean that it will give people a false sense of security, is that not the same as TLS today? Despite my hangups with the CA system I think we're better off with TLS than without it.

The NSA certainly has no problems with intercepting DNS requests today with their QUANTUM tools.

I am genuinely interested in hearing other ideas about how to provide confidentiality and authentication for DNS without central trust. Since you have clearly investigated these matters, I would like to ask again, are you aware of any promising projects or ideas in this regard? Because I would jump into the anti-DNSSEC camp in a heartbeat if one existed.


I wrote a long piece that says everything I'd say in a comment here:

http://sockpuppet.org/blog/2015/01/15/against-dnssec/


Thanks, that was a good read, and cleared up a lot of misunderstanding I had about DNSSEC!

You make a strong argument that DNSSEC cannot deliver any real advantages. I did not see anything to support your earlier statement that it's worse than nothing, but given the general uselessness of the protocol, I certainly won't be deploying it.


One thing that makes it 'worse than nothing' is that it contributes to amplification attacks due to large response packets: http://dnscurve.org/amplification.html


This is my wish list:

    * DNSCurve
    * Certificate Transparency
    * TACK
    * HPKP headers
    * HSTS headers
    * TLS 1.2 minimum
    * EdDSA TLS certificates (Ed25519 / Ed448-Goldilocks)
Implement all of the above, and you've obsoleted any argument that DNSSEC advocates can make.

Most of the people who I've seen advocate for DNSSEC are graybeard traditionalists who want centralized control, not cryptographers or security experts.

A decentralized system like Namecoin, but more like Stellar (with EdDSA signatures please) than Bitcoin, would probably serve as an appropriate replacement for DNSSEC. But even that probably isn't necessary. Every sane end-to-end encryption protocol assumes DNS is insecure anyway.


> Implement all of the above, and you've obsoleted any argument that DNSSEC advocates can make.

Still no offline signatures.

How is it that centralized control is worse than the TLS's "everybody has full power to impersonate you" decentralization? You know that Certificate Transparency is still subject to MITM attacks, right? It just makes it obvious that you were victim of one after the fact (if there is an "after the fact").


You can have offline signatures in a design for a Stellar/Namecoin/EdDSA decentralized protocol.

> How is it that centralized control is worse than the TLS's "everybody has full power to impersonate you" decentralization? You know that Certificate Transparency is still subject to MITM attacks, right? It just makes it obvious that you were victim of one after the fact (if there is an "after the fact").

This is non sequitur. You're comparing a bad option where only a few can screw you over (DNSSEC) with a bad option where lots can screw you over (CAs).

I want a protocol where no one can screw you over, except yourself. And I want the government to be powerless to do anything about it without your consent. And if it function with high anonymity (e.g. with Tor Hidden Services on servers purchased with cryptocurrencies), all the better.


The interview would've probably been a lot more fruitful if questions centered around what he knows about the surveillance capabilities of the agencies he was involved with, in technical detail, than asking for his opinions on technology policy, an area where he is admittedly not an expert.


Occams razor would conclude that he doesn't know. He ripped a ton of documents off multiple servers because he was an IT admin and had access, and rolled out.


Other people came away with similar thoughts. Perhaps we'll hear more about that from him in other channels.


I thought that Snowden stated that he's not going to leak anything further? He handed it off to the journalists and he's done. I remember this being part of his conditions for asylum in Russia, but I could be mistaken.

I wouldn't expect him to leak anything or discuss government capabilities beyond what has already been leaked. That was never his stated intention. Involving journalists was deliberate on his part to remove himself from being final decision-maker about what to publish.


The internet doesn't belong to vendors. The internet doesn't belong to governments.

The internet belongs to the user, right?

The thing is, this is literally false. The infrastructure of the internet is paid for by governments and vendors. A user wouldn't be called a user if it belonged to them...

The internet is a great decentralization when compared to traditional media like television, but it's not nearly as big a difference as people make it seem. With how most people use it it's not far from just having more channels on your existing cable box.


The internet != the infrastructure of the internet. The internet is not its wires, it's the content and the people who are part of a large global community that comprises it. Vendors and governments use the internet, but they don't and shouldn't own it.

> ...it's not nearly as big a difference as people make it seem. With how most people use it it's not far from just having more channels on your existing cable box.

You can't write emails on your TV, or do banking, or...well this is just a silly sentiment.


> Vendors and governments use the internet, but they don't and shouldn't own it.

And yet they do: we may play in this sandbox, but we don't make decisions about the infrastructure, we don't make decisions about the law around it etc. This is congruent to the American political and legal system.

As you pointed out, it gets more confusing when you get international, but it's informative to look into how much control the US (and West in general) has over global internet infrastructure.


And who pays the government to run it's operations? Same for the vendors. Who pays them? I as a consumer keeps them running.


As a single consumer you don't do anything. And that's reflected in the fact that you don't write or contribute to the policy or infrastructure of the internet. The point is that the internet is not something that is fundamentally different or outside of our culture's existing political, legal and social framework. It exists inside it and replicates most of it. We shouldn't expect it to be different. It hasn't been constructed in a way that implies it will be different either, outside of extremely superficial ways (protocols etc.).


Ed's views on Bitcoin are a little surprising. I'm not sure what he means by "nobody likes to talk about Bitcoin any more". It's not that old!

One of the problems Bitcoin solves is that you cannot have personas or unlinked identities in the traditional financial system. Governments, and therefore the banks they control, all view financial privacy or pseudonymity as only useful for criminals. That's a rather narrow viewpoint. Especially as the notion of "criminal" becomes more divergent between ordinary citizens and their rulers. There's some truth to it (anonymity does sometimes enable bad stuff), but it's excessively black and white.

Regardless, given that Snowden views payment methods and such as being very important, he even brought that up himself, I don't know how else he thinks it can be done, other than with Bitcoin. If you try and create a payment method that has privacy the banks won't give you the time of day. Being completely decentralised and independent is the only way to do money that exists outside of the status quo.


Bitcoin does not solve this problem; you can follow the money from the exchange to the consumer's wallet to the merchant. It's only anonymous if you're using a tumbling service, and transferring your money to a tumbling service is an unambiguous broadcast to the entire world that you are committing the federal crime of money laundering. If they ever increase in popularity, you can bet that regulators will routinely trace transfers to tumbling services and prosecute their users for money laundering, because that is what they're doing.


It's also been demonstrated that tumblers are not always reliable depending on the implementation and how they are used. There is also the risk that the tumbling service could be seized, hacked or operated by "unethical" individuals. It's a complete gamble as far as anonymity is concerned.


I am not intimate with US law, but what about altcoin exchanges? I don't think that converting your bitcoins to say Litecoins is illegal.


TL;DR: IANAL but money laundering laws are usually designed to prosecute a wide range of methods and usually involve attempting to prove intent as opposed to whitelisting specific methods of laundering.

The long explanation:

It's complicated. US law tends to be specifically designed for one application in mind and then ends up being expanded as new applications rear their heads.

The IRS (tax collection entity for the US federal government) classified BitCoin as an investment a few years ago (as opposed to a currency). This suggests that other non-state created digital crypto-currencies are considered investments as well (IIRC Canada's mint was trying a digital currency, hence the "non-state created" phrase).

Money laundering statutes aren't new enough to know about [1] crypto-currencies, but they are effective with dealing with the conversion of money to products/services and back for the purpose of obscuring the original method of obtaining the currency. I don't know much about money laundering except what I see in movies+TV (specifically Breaking Bad).

I've heard that buying large value gift cards (plastic charge card versions of "gift certificates") are required to be reported to authorities by the retailers.

Recently a school sports coach was prosecuted for violating money laundering statute when he divided up one payment of $10,000+ into multiple smaller < $10,000 payments after his bank started to get suspicious about the nature of the transaction (which is required by US federal law of the bank). He violated the because he altered his payments "to avoid mandated financial institution reporting" of his transfers. Personally I think the mandatory threshold is stupid since people know what it is[2], but I feel no sympathy for the man in this case since the payments were suspected to be him paying off a student that he raped/molested. And yes, I realize that being accused of something is not the same thing as being guilty.

[1] http://www.fincen.gov/news_room/aml_history.html [2] although the US Patriot Act allows federal investigators to use _any_ change in financial habits to trigger an investigation, not just transactions above the $10k level


You're engaged in a nirvana fallacy: comparing something real to some theoretical but non-existent ideal.

Bitcoin "solves the problem" to a much greater extent than any other actual system. It provides a base on which privacy can be improved over time. Tumbling is not required to upgrade privacy in Bitcoin, there are many other techniques that can help too.


A good paper on this point "A Fistful of Bitcoins": https://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf


Bitcoin isn't just "anonymous cash", it comes with very real-life tradeoffs. A hash might be anonymous, but if you are ever linked with it, all of your transactions are public.


Props to Mnot (or whoever did it) for providing links out of the transcript.


Thanks, it seemed like the right thing to do :)

I had the transcript done by a professional, and then went over it and corrected. That said, there are still some places where it may have errors, so if you find an odd statement, take it with a grain of salt and check the recording.

Corrections taken in comments, of course (don't think gist does pulls :(


I pretty much agree with Marc Andreessen, on each point. Instead of attempting to paraphrase his points, just watch:

http://www.cnbc.com/2014/06/05/snowden-a-traitor-andreessen....


Wow, he's got me. Reddit, HN and grandma's cookie site!


Without blindly claiming that Snowden was a staged act by the NSA and done on purpose to shake things up and ruffle feathers, it certainly is an interesting thought experiment to run if you love conspiracy theories. Imagine that was the case! Possible explanations for a false flag:

1.) Public needed to know where there money was going 2.) Not enough to know we're being watched. We need tangible evidence of surveillance apparatus 3.) Leaks designed to bolster the web and privacy; look how many people suddenly care about security 4.) NSA got tired of working in a black box and wanted to flaunt its power 5.) Other reasons?


If a republican is elected, ed might stay away from the US for a long time.


To be honest, it doesn't seem to have to do with political party affiliation.

President Obama's administration has been arguably more hawkish against national security disclosures (when they don't benefit the administration) than Bush's was[1], and his administration has set up quite a few cases that involved tapping the communications of journalists.

I liked Candidate Obama quite a bit and am fairly disappointed in President Obama's policies. " The Obama administration, which promised during its transition to power that it would enhance “whistle-blower laws to protect federal workers,” has been more prone than any administration in history in trying to silence and prosecute federal workers."[2]

[1] http://www.politifact.com/punditfact/statements/2014/jan/10/...

[2] http://www.nytimes.com/2012/02/27/business/media/white-house...


If the election were held tomorrow between a generic Democrat and a generic Republican, I'd write in Edward Snowden. Right now, I can't imagine either of the parties yielding a better candidate. If enough others did the same, I think the discussion might actually be elevated enough to make a difference--I won't be holding my breath, though.


Currently this story has 108 points and zero comments. Are people literally scared to comment on Snowden stories?


Give people some time to read. Also, what's the point in asking for HN comments? Just go read it and provide a good comment on your own!


Request for comments and the internet.


People read the content first. This isn't reddit.


It could equally be the reverse - that people up-vote such stories based on the headline but don't bother reading or commenting.


From what I've seen, it can take up to 45 minutes for a submission to get commented on after it arrives on the front-page. Which makes sense, since (most) people want to consume the material, do some thinking and write their (hopefully well-thought out) comments.


Seems like every comment in this thread is downvoted. Might be bots.




Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: