One of the clearest implications of NSA leaker Edward Snowden’s revelations has been that cloud computing is a big problem: By creating a centralized data repository, the model makes it easier for law enforcement and spies to access users’ data through programs such as PRISM.
Obviously that creates a massive trust issue. That said, Snowden doesn’t think cloud computing is doomed. In an interview with the Guardian published on Thursday, he said cloud providers could remain safe to use by being more encryption-friendly.
What you can trust and what you can’t
“What cloud companies need to pursue in order to be truly successful is what’s called a zero knowledge system, which means the service providers host and process content on behalf of customers but they don’t actually know what it is,” Snowden said. “That’s the only way they can prove to the customers that they can be trusted with their information.”
Snowden pointed to Spideroak as a good example, because they’ve “structured their system in such a way, you can store all of your information on it, but they literally have no access to the content of that information.”
“So while yeah, they could be compelled to turn it over, the law enforcement agencies still have to go to a judge and get a warrant to actually get your encryption key from you,” he said, contrasting this with Dropbox, a “wannabe PRISM partner” that put former U.S. Secretary of State Condoleezza Rice, “probably the most anti-privacy official you can imagine,” on its board of directors.
The former NSA systems administrator, who currently has temporary asylum in Russia, said he didn’t use Skype(s msft) or Google(s goog) for personal communications (though he has used them to appear on-screen at international conferences in the last year). “We shouldn’t trust them without verifying what their activities are, how they’re using our data, and deciding for ourselves whether it’s appropriate where they draw the lines,” he said.
Snowden also said it was common for NSA analysts to pass around nude photos of people in sexually compromising positions, derived from those people’s internet usage, among themselves for ogling.
“Sooner or later this person’s whole life has been seen by all these other people. It’s never reported. Nobody ever knows about it because the auditing of these systems is incredibly weak,” he said, adding that this is “seen as sort of the fringe benefits of surveillance positions.”
The NSA has responded by saying the agency has “zero tolerance for willful violations of the agency’s authorities or professional standards,” but it didn’t actually deny that such passing-around takes place. It can’t, of course, if such incidents are never reported.
On a similar theme, Snowden said digital illiteracy among lawmakers was “probably the single most important factor that explains the failures in oversight that we’ve seen in almost every western government.”
“We need to think of it in terms of literacy because technology is a new system of communication, it’s a new set of symbols that people have to intuitively understand,” he said.
A very similar thought was expressed on Wednesday by web entrepreneur and British peer Martha Lane-Fox, when bemoaning the fact that others in the House of Lords were ill-equipped to examine a new U.K. surveillance law that was fast-tracked through the parliamentary process this week. “All pieces of legislation will soon have aspects of technology at their core and our ability to scrutinize effectively will rely on a deeper understanding than currently exists,” she said.