In conversation with Edward Snowden | Web Summit 2019
7:08PM Nov 4, 2019
For many, Edward Snowden defines what it means to be a whistleblower. In 2013, he exposed a system of mass global surveillance. Six years later, he continues to be one of the most listened to voices in the world. In conversation with Pulitzer Prize winning investigative journalist James Ball, please welcome Edward Snowden.
At this stage I can offer nothing more than my word. I'm a senior government employee in the intelligence community. I hope you understand that contacting you is extremely high risk. For now know that every border you cross, every purchase you make, every call you dial, every cell phone tower you pass, friend you keep, site you visit and subject line you type is in the hands of a system whose reach is unlimited, but whose safeguards are not. In the end if you publish the source material, I will likely be immediately implicated. I ask that you only that you ensure this information makes it home to the American public. Thank you and be careful. Citizen four.
So I don't know anything about you.
Okay. I work for
Sorry I don't know your name.
Oh sorry, I, my name is Edward Snowden, I go by Ed. Edward Joseph Snowden's the full name.
Edward Snowden. Are you listening?
I can hear you. Can you hear me?
So, Welcome to Web Summit, Edward. So um, let's jump right in. Let's have you take us all here to the moment where you decided as a serving intelligence contractor that you needed to speak to the public. You needed to speak to the world. What, what was it like in that moment, what drove you to it?
It's a good question. Excuse me, I hear feedback on my audio line. I'll just try to talk through it.
Imagine that you worked at the CIA.
You follow the rules your, your whole life.
I had never been drunk, I had never smoked a joint, right? I was, I was a square. My family worked for the government. I was going to work for the government. So you come from a certain kind of background, you're a certain kind of guy. You're, you're not that exciting, but you believe in the importance of rules. And on the first day you work at the CIA, you have to take what they call an oath of service. It's a very solemn vow in a dark room flags all over the place with everybody else that's entering government service at the same day. And here you have to swear an oath to support and defend not the agency, not a secret, not even a president, but the Constitution of your country against all enemies, foreign and domestic. Now fast forward, many, many years. After you've signed something else, what's called standard form 312, a classified non disclosure agreement means you won't talk to reporters.
And many years later, you find that what you are doing, what everyone at your agency is doing is a gigantic conspiracy to violate precisely that oath you took on the very first day. And this is what I struggled with for many years and eventually drove me forward is, what do you do when you have contradicting obligations? To what do we owe our greater loyalty? To the founding documents of our society, to the Constitution, or to standard form 312? For myself the answer was clear. And when the government can act behind closed doors, when they can change the game without our knowledge and consent, I believe the public has a right to know about that.
Now, when you made that decision to pick your, the first loyalty to the US Constitution, to the world's public. What was, you know, you handed over lots of documents to reporters and they spent months and years reporting. Now you know no one's going to remember every story, every line. What was the message that you wanted the US public, the publics of the world to take from what you saw and you disclosed?
There's there's two large ones. One is technological and one is democratic. When we talk about technology, the primary distinction, the thing that drove me forward the thing that chilled me, is that intelligence collection and surveillance more broadly, was happening in an entirely different way. It was no longer the targeted surveillance of the past where the police or spies went, we have this person that we suspect is up to no good and so we're gonna sneak into their their home or their office, we're going to plant a bug. We're going to go to the phone company, and we're going to tap their specific line. We're going to listen to a link that they talked to bad guys with. Instead they begin watching everyone, everywhere all the time saving as much information as they could even for people who had done nothing wrong. Even for people who were not suspected of doing something wrong, simply because it could eventually be useful or maybe they wouldn't get a chance to catch it later so they would prospectively begin surveilling people before they had broken the law. This is what I call the creation of the new permanent record. Systems were being created. They did this all the time in the background and nobody in a position of power tried to stop it, because it benefited them. And this is what brings us to the democratic problem. The law didn't matter. The courts didn't matter. Your rights didn't matter, because the system had redefined and compromised them and what they meant in absolute secrecy. And this leaves us with the question that I think we are still dealing with today. What do you do when the most powerful institutions in society have become the least accountable to society. And I think that's the question that our generation exists to answer.
2013 was a long time ago, six years and the world has moved quite a long way. It's not just the US president that has changed, though, maybe people will feel different about the surveillance powers that has, we have seen our attitudes to tech change we've seen the Giants change. You know, we've seen far more activity from Russia from China from other countries. Do you think the huge debate, the huge conversation that you started. How do you feel about the state of that six years on, have we moved forward, or are we moving back.
Yeah, no, I think it's it's a good question. And this is the really the subject of the memoir that I just wrote that the day I published it. The CIA and NSA sued, to try to keep people from reading, because they don't like books like this being written. I feel looking, six years on that the world is changing and we are at a point of primary vulnerability. But I think, as much as we see the anger rising as much as I think we see awareness of problems, beginning to develop. People are quite frequently mad at the right people for the wrong reasons as they see this increasing predation on all of us publicly through these systems, whether we're talking governmental or corporate. Yes. These people are engaged in abuse, particularly when you look at a Google and Amazon, Facebook, but their business model is appears. And yet every bit of it. They argue is legal. And whether we're talking about Facebook or the NSA, that is the problem that's the real problem but we have legalized, the abuse of the person through the personal. We have entrenched a system that makes the population vulnerable. For the benefit of the privileged.
Now, you talk about how this collection is intrinsic to the business model of a lot of the companies we think about when we think about the internet. One of the main programs that you know maybe the most famous that was undercover I've uncovered thanks to what you revealed was prison. famously involving a lot of the biggest tech companies now about three hours before that program was revealed I was on the phone to one of the execs at one of these companies, saying what prism Why are you involved with it. And they were very confident in denying it. They didn't think they were part of it. This was not something no one is that good at lying, not attack anyway. They thought they weren't How naive Do you think Tech has been about how its business model help surveillance and about how it relates itself to governments around the world.
I think what we saw for each of those companies in their own ways I don't think it was a collaborative decision across the industry was an entrance into a Faustian bargain. They had made the deal with the devil, as it were, where they went in this way in this particular circumstance and we're going to construct a data sharing method for us to go beyond what the law requires to do this government a favor, because we believe this government is positive force for the world. And I think we can all understand and appreciate where that initial drive comes from, you want to believe the government is going to have the tools they need to investigate serious crimes, to prevent acts of terrorism. But when we look at what these programs, actually were used for, and what the results of them were over many, many years. We saw the tools that had been intended to protect the public, had been in many ways, used to attack the public, but the government's not going to tell these companies, why, in many cases they need this information. They're simply going to try to create those methods of exchange those systems of information sharing as they call it, and ultimately what they're doing is they're deputizing. These companies to act in water increasingly quasi governmental rules, deciding what can and cannot be said on the internet, deciding what can and cannot be shared. And ultimately, turning over perfect records of private lives on demand to institutions that are no longer meaningfully accountable to the public at large.
So, we're in the middle of something of a backlash towards a lot of big tech. And it's a strange backlash sometimes it's because tech is seen as violating privacy or acting badly. And sometimes it comes from governments for tech protecting privacy encrypting things, and you know, quotes helping terrorists. Do you think this backlash towards tech which for a while, at least was seen as this force for goods this difference thing from big corporations, is that, helping the surveillance era, or is it harming it.
It's a good question. I was complicated when I think the answer is both.
technologies is largely value neutral.
It is an amplification of individual power. But what is an institution than the accumulation of individual power, put toward a single purpose. When we have new technologies that are being used by small companies by non governmental organizations by human rights defenders and activists to try to empower the public broadly and protect them from threats and vulnerabilities. We start moving in the direction of a safer and for your world. When we see governments and corporations, working in concert. We begin to see the birth of a complex between the two where neither truly act independently, or adversarially, but rather they become
the left and the right hand of the same body.
What we see is the concentration of power. Now, when we have an institution or institutions which were already powerful before and now they are combining their powers to control, or at least influence what everybody who is outside of those institutions are able to do that I think raises real questions of is the ultimate benefit worth the cost because if you create an irresistible power, whether it's held by Facebook or whether it's held by any government.
The question is,
how will you police, the expression of that power.
When it is used against the public rather than for it.
If this is essentially the bad version of the internet the dangerous version of the internet. What does a good version of the internet look like what helps you build that, you know, we are speaking to you from within the EU. So it's something like GDPR Do we have a panacea there.
This is a
good bit of legislation in terms of the effort that they're trying to do is GDPR the correct solution. I think no and I think the mistake that it makes is actually in the name. The general general data protection regulation. Miss places the problem. The problem isn't data protection. The problem is data collection. Right regulating the protection of data presumes that the collection of data in the first place was proper that it was appropriate that it doesn't represent a threat or a danger that it's okay to spy on everybody all the time whether they're your customers or whether they're your citizens, so long as it never leaks, so long as only you are in control of what it is the truth, sort of stolen from everybody. And I would say not only is that incorrect. But if we learned anything from 2013 and it's that eventually everything leaks. It's a bad strategy. Some,
but to just test you on that a little but one of the rare things with GDPR is. It's got big fines you know you can have 4% of your money, or they're not some tech giants you'd like to see facing that kind of thing.
Absolutely like this is the thing where I say it is a good first effort, right is low bar, and they have raised that bar, and that is meaningful. What I'm saying is that it's not a solution. What I'm saying is that it's not the good internet that we want because even though the GDPR does propose I believe, 4% of global revenue fines for internet giants. Today those fines don't exist. And until we see those fines, being applied to every single year to the internet giants until they reformed their behavior and begin complying not just with the letter but the spirit of the law. It is a paper tiger. And I think that actually gives us a false sense of reassurance. Because these companies that are the ones who that find is most threatening to are also the ones with the most lawyers who are able to undermine the meaning that law the most effectively.
Now of course the room that you're speaking to here, this is a room full of tech entrepreneurs of tech executives of tech investors, maybe one or two regulators but that's not the main crowd.
What do you want them to build next what do you want them to do next, what, what is the sort of positive thing that you could see from them for the next year of the internet.
I think we need to consider what the real problem is, what is responsible for this move that we all feel whether we're talking politics whether we're talking technology whether we're talking economy,
The public. My generation, particularly the generation after me. They no longer own anything. They are increasingly not allowed to own anything. You use the services, and they create a permanent record of everything you've done simply by having your phone in this room on you in your pocket not even using it, but simply having to turned on, registers your presence at this event, because your phones association with the Wi Fi points that are around you phones association with the cellular towers that are around it. And this is the thing that people miss all of these companies all of these governments go, oh data collection data protection. It's all very abstract, but data isn't harmless data isn't abstract. When it's about people and almost all of the data that's being collected today is about people. It is not data that is being exploited, it is people that are being exploited is not data and networks that are being influenced and manipulated. It is you, that is being manipulated. And right now. The reason that is so, and the reason surveillance and collection is so much of a problem, is because we have to trust, everybody on the network we have to trust, everyone that we pass on this hostile path of the internet, all of the routers all the internet service providers that you cross. If you have to trust Cisco or Juniper or Huawei or Nokia, we have a problem, because you can't trust any of them they will all act in their own interest, rather than the public's interest broadly, whether it's a private company or a national telecommunications company. It is an institution of power, and our communications are vulnerable today to every single one of them until we change the mind. Until we redesign the basic system of connectivity and the internet. We have more and more communications becoming encrypted today, or electronically protected right they're no longer electronically naked as they crossed this hostile path, but it is not all of them, even when they are being encrypted they are still observed you can do with origin and
cut you there with that challenge for building you into that so Edward Snowden Thank you very much.
Thank you I'm gonna say one last thing if I can.
I know we're out of time but one last thing. And this is for the call for restructuring the internet. It's much more simple than that, rather than asking people to trust you rather than asking them to trust your service as all of your alien competitors to show them why they don't have to trust you have all of the intermediaries between you and the people that you're talking to, are not in control of you, they do not understand your content is private to them. The only people you have to trust are the people that you're talking to the people on the ends of the communication and the reason that is important, even if you are for the NSA even if you are for Facebook is that there are companies, there are laws that do not apply to these countries that are different jurisdictions and the internet is global. The law is not the only thing that can protect you. Technology is not the only thing that can protect you. We are the only thing that can protect us and the only way to protect anyone is to protect everyone. Thank you, and stay free.
Thank you very much.