back to article 10 years after Snowden's first leak, what have we learned?

The world got a first glimpse into the US government's far-reaching surveillance of American citizens' communications – namely, their Verizon telephone calls – 10 years ago this week when Edward Snowden's initial leaks hit the press. Verizon, we all learned, had handed over information to the US National Security Agency (NSA) …

  1. NoneSuch Silver badge
    Childcatcher

    Lesson Learned

    We learned that no one but you will stand up for your privacy.

    Corporations make too much money off your date.

    The government wants access into everything and screw your privacy, even if there are laws in place to protect it.

    1. Groo The Wanderer Silver badge

      Re: Lesson Learned

      We also learned that despite much outrage and fanfare at the time, nothing ever really changes, so the spying continues unabated in different forms and with different technologies. The latest rage is apparently spoofing cell towers to capture the traffic of everyone in a "surveillance zone."

    2. Michael Wojcik Silver badge

      Re: Lesson Learned

      Corporations make too much money off your date.

      Oh, come on. All I did was pay for dinner.

  2. alain williams Silver badge

    Time expired secrecy

    One thing needed is stopping perpetual secrecy rules imposed on a telco, web site, ... where data is grabbed under one of these laws. After this the NSA/... would have to publish the data request and an overview of what they got. The organisation that provided it would also be free to publish, this is important as one cannot trust the NSA/... to disclose everything that it should.

    The default period should be two years. If more is wanted the NSA would need to get approval from a judge, with a maximum of 10 years.

    1. Yorick Hunt Silver badge
      Unhappy

      Re: Time expired secrecy

      A lovely suggestion, if not for the fact that US agencies regularly ignore and even intentionally trample any applicable laws.

      The only real solution is to force feed them so much bogus data that they'll be tied up fumbling longer than actually examining misappropriated data. Alas, there're far too few real BOfHs left these days to enact this retaliation effectively.

      1. Binraider Silver badge

        Re: Time expired secrecy

        By collecting too much data they actually invite problems in impossibility of interpretation.

        Desert Storm had this problem. So much data was flowing up to HQ's, interpreting that material and acting on it was basically a non-starter (though thankfully NATO practises of delegation of mission command are well established so more local decisions could still be made).

        Current "AI" models demonstrate much the same...

      2. Dagg Silver badge

        Re: Time expired secrecy - small correction

        A lovely suggestion, if not for the fact that US ALL agencies regularly ignore and even intentionally trample any applicable laws

        There fixed

  3. Eclectic Man Silver badge
    Unhappy

    Trust

    The issue here is not just the gathering of data on citizens (and non-USA citizens), it is whether 'the people' can trust the 'security agencies' to protect the people's rights. Primarily the right to oppose the democratically elected government and politicians by lawful means. So, for example, the police infiltrating groups opposed to animal testing, or campaigning for justice for victims of police brutality or racism as in the botched investigation into the murder of Stephen Lawrence was clearly not appropriate and publicising Police activities was.

    In the UK, and I hope in the USA, there is a right to claim that unlawful activities should not be punished if they were 'in the public interest'*. So revealing criminal activities by elected politicians by stealing evidence, bugging or pretending to offer a bribe etc. or breaching a legal confidence to publicise crimes could be allowed, if a jury accepted the 'public interest' defence.

    Basically are the security agencies acting to protect the general public (their actual job), which includes those who oppose elected officials, or to protect the elected officials and the 'military-industrial complex' (or whoever actually runs things these days)?

    I think we already know the answer to that.

    *Note, just because Prince Harry's personal affairs were of interest to part of 'the public', does not make publishing them 'in the public interest', so tapping his and his friends' phones etc. cannot be justified. Sorry, you cannot spy on your neighbour's home just because 'it would make great TV'.

    1. Version 1.0 Silver badge
      Pint

      Re: Trust

      I have never seen Edward Snowden's revelations as "data leaks", basically he only documented what was happening behind the law in the USA back then, and these days is happening everywhere via apps on our phones ... I'd love to see his opinions on AI and if he is ever able to return home then I'll buy him a crate of beer.

      1. Groo The Wanderer Silver badge

        Re: Trust

        Snowden was a common data thief. Next!

    2. Clausewitz4.0 Bronze badge
      Black Helicopters

      Re: Trust

      Sorry, you cannot spy on your neighbour's home just because 'it would make great TV'.

      Looks like a case of "teaching" thy neighbour to not mess with the wrong people.

  4. StrangerHereMyself Silver badge

    Spy vs spy

    What really amazed me is that Britain gave up its lead in digital computing just to be able to spy on other nations' diplomatic traffic. They destroyed (literally) almost every digital computer they developed during WWII to decrypt German Enigma traffic. And the ones that weren't were relocated to GCHQ as to break encrypted traffic.

    To me this sounds like the British politicians have their heads up their wrong end. The U.S. quickly commercialized all the computers it produced during the war and became world leaders in computing equipment, whilst the British computing sector languished. In fact. some of the people who worked on secret British computers actually had to pretend not to know stuff they'd learned during the War as the Official Secrets Act towered above their heads like Damocles' sword.

    1. Boris the Cockroach Silver badge

      Re: Spy vs spy

      THis was more to do with protecting the enigma coding machines

      After all, if we said in 1946 that the german enigma machines were unbreakable, then a lot of people would use them to encrypt traffic before transmitting it back home.

      And we had a way of decoding it almost instantly.......

      1. Robert 22

        Re: Spy vs spy

        Similar technology was used by many countries.

    2. This post has been deleted by its author

      1. Yes Me Silver badge

        Re: Spy vs spy

        Not so. Some of it was kept by GCCS (renamed as GCHQ). Others were broken up and used as spare parts (e.g. to build the first computer in Manchester).

    3. Anonymous Coward
      Anonymous Coward

      Re: Spy vs spy

      To me this sounds like the British politicians have their heads up their wrong end.

      Not just the politicians (which IMHO is still the case), also the military. I don't know what it is with those old boys clubs, but they seem to be terrified of anyone with a brain inventing something they can't understand, which, given the apparent lack of talent on display, appears to be anything more complicated than a quill and ink.

      Notable examples: Frank Whittle who invented the jet engine but who was screwed out of making a decent profit from it (not in the least by the US "partners" stealing the technology in the process) and Gordon Welchman who in WW II came up with a new way to derive intelligence from communication, and who the Smithsonian attributes the Cloud to (although I would not call that a Cloud).

      Utterly disappointing.

      1. graeme leggett Silver badge

        Re: Spy vs spy

        The Tizard Mission handed over examples of jet technology to the US. getting jet engines built and in use to defeat the enemy was considered more important than profit for Whittle or British companies

        He did receive £100,000 for his invention. That's somewhere between 4 and 15 million in todays money depending on what you choose to determine the change against.

        (if you choose to consider what the cost was to the country of the award, then its about 20 million as a proportion of GDP)

        1. StrangerHereMyself Silver badge

          Re: Spy vs spy

          Wasn't the adage that Britain had won the war but lost the peace?

      2. StrangerHereMyself Silver badge

        Re: Spy vs spy

        The point I'm trying to make is that being able to spy on other governments communications didn't give Britain an enormous advantage in world affairs. The economic impact of commercializing those digital computers could've been lasting and profound OTOH.

        Ukraine currently has a much stronger information position (thanks to Western satellite constellations, both data and optical) compared to Russia, yet this hasn't (yet) translated into success on the battlefield.

        1. graeme leggett Silver badge

          Re: Spy vs spy

          The worlds first commercial general purpose mainframe was British - the Ferranti Mark 1

          The worlds first commercial computer with applications was British - the Lyons Elecrtonic Office

          Relative sizes of US and UK economies and post-war UK debt were probably too blame.

          1. Binraider Silver badge

            Re: Spy vs spy

            IBM had a better marketing machine than Ferranti.

            Probably also differences in local tax breaks and Britain's hopelessly stifling culture. Computers? Why dont they get a real job in t'pit... Alan Turing? Throw him in the nick.

            Etc.

  5. Anonymous Coward
    Anonymous Coward

    Misdirection!

    Quote: "....mass adoption of end-to-end encrypted messaging services like WhatsApp and Signal...."

    "End-to-end encryption" by a single interweb provider is a single point of failure for privacy. As Edward Snowden revealed, the nice people in Fort Meade just love it when there's only one (or only a few) targets to hack (say Signal, Telegram, WhatsApp....).

    Talking about targets, the interweb hardware is primarily supplied by the nice folk in Silicon Valley....at Cisco Corp. It's widely believed that this is another single point of failure for personal privacy targeted by those nice people in Fort Meade.

    And about encryption more generally, we've got the publicly funded NIST organisation producing "recommendations" about encryption. Experts think that this is a waste of public money, because the "recommendations" are widely believed to be pushing VERY WEAK standards. I wonder why?

    (Steve Schneier: Link: https://www.schneier.com/blog/archives/2022/06/on-the-subversion-of-nist-by-the-nsa.html

    Quote: "....the National Security Agency had subverted the integrity of a NIST cryptographic standard...")

    So........billions in taxpayer money.....going to Fort Meade, NIST, Cisco......so that an unknown someone can research the colour of my underwear!! Where's the outrage? Why is Ron Wyden almost the only visible person trying to stop the (illegal) snooping? Ten years since Edward Snowden is ten years too long.....for something to be done!!!!

    1. spold Silver badge

      Re: Misdirection!

      Well, there were always the rumors (I'm sure never to be verified) that John Koum quit WhatsApp because the US Feds had the backdoor keys to the encryption. Also, there is commercially available software that can read out your locked iPhone in under an hour.

      I worked in China for a while. In the morning when I spoke to my wife in Canada I would sometimes use one of the everyday VOIP apps - the conversation would be about what did you do last night, did you have a good meal etc. When I spoke to her in the evening I would always use Signal so I could bitch about my day with the client and how daft they were. Strangely, overnight my VPN connection would crash, reverting to an ordinary connection, now my hotel was owned by a government organisation...

      In this case it is 5 eyes - I always assume someone will be listening and act accordingly, (and noting I have a paranoid suspicion a lot of the intercept stuff is for commercial Intelectual Property purposes).

    2. Anonymous Coward
      Anonymous Coward

      URL Misdirection! (Thats Bruce's site, which many here are familiar with in passing)

      and actual end-to-end encryption is exactly the thing to stop the carrier from stooping. Of course some of those players tried to redefine that in a way that allowed them to decrypt users traffic. That is why any claims from systems that haven't been audited by a competent third party should be taken with a grain of salt.

      The TLA sponsored weak EC hash scandal was a faceplant to be sure, but the overall effect of the NIST crypto competitions has been overwhelmingly positive, with the majority of the internet secured by technologies that where created by the open and public process. A process that caught and exposed that attempt to slip in a flawed candidate.

      Regular ordinary people have taken notice and have actually started protecting their own privacy, something that took years but underscores the huge impact these revelations had. Trying to enact a fraction of that change took an insane amount of work before. Most people neither cared or were particularly aware. Now it's causual dinner conversation, and elementary school curriculum. Is there a ton of work to be done, hell yes. But tools like Passkeys will make the next chapter of this easier for people, faster to roll out, and more pervasive.

      So if you want to rage against these surveillance programs, go after the purse strings of the data warehouses the TLAs are holding this stuff indefinitely in. Go after the ghouls like Palantir that promote and profit of the faceless surveillance state. Go after the cloud companies running the servers they use as well as the date of the rest of their customers.

  6. stiine Silver badge
    Coffee/keyboard

    What we've learned:

    What we've learned is that our laws aren't ours.

    We've also learned that our government representatives aren't respresenting us.

    The CIA isn't very centralized.

    The FBI has some very interesting definitions for 'federal.'

    Most politicians can't do basic math. This explains how they can become millionaires during a single term in office at a salary far too low for this to happen mathematically.

    I could go on, but i'd rather stick my foot in a combine harvester.

  7. Doctor Syntax Silver badge

    There's no point in laws saying what agencies can and can't do if there is no punishment for transgression. Agents should be personally liable for breaches they may make. Having spent about 14 years in a job where I had such liability I don't see anything unusual about the idea. Snowden shouldn't be pursued for his disclosures if those wrongs he pointed out went and continue to go unpunished.

    1. Anonymous Coward
      Anonymous Coward

      Sadly as the reaction by the MSM and a good % of the US population to the twitter files shows, they simply believe what the govt is telling them and believe that the govt is protecting them and has their best interests in mind.

    2. Jellied Eel Silver badge

      Agents should be personally liable for breaches they may make. Having spent about 14 years in a job where I had such liability I don't see anything unusual about the idea.

      I think the laws protecting official secrets should be extended to private entities. It's a strange situation where intelligence services and LEAs can't 'spy' on citzens, yet 'Big Tech' can hoover up every scrap of personal data they can get.

      Snowden shouldn't be pursued for his disclosures if those wrongs he pointed out went and continue to go unpunished.

      But he broke the law, and violated the trust around access to official secrets. I think this is the real problem, ie a lack of effective oversight around what was going on. Rest is really a trust issue, ie I'd rather have official 'spying' on me, because I know I've done nothing wrong than all the commerical crap that's going on. Especially as we have no real control or oversight of how our personal data is being hoarded, aggregated and sold to any buyer that can afford it.

  8. t245t Silver badge
    Big Brother

    10 years after Snowden's first leak, what have we learned?

    Thou shalt not cross the surveillance security complex, not without severe repercussions.

  9. Yes Me Silver badge
  10. Potemkine! Silver badge

    Snowden is a hero, even if uncrowned.

    Our democracies are accomplices of his persecution. Shame on us.

  11. Anonymous Coward
    Anonymous Coward

    what have we learned?

    that all the hot talk about democracy, values, respect for laws and privacy, blah blah blah is worth - nothing. Particularly telling was the reaction of all those advanced western democracies and wannabe democracies, harping on about those values in public for years, and now, all of a sudden sticking their head in their anus, when that guy was desperately searching for one, just ONE country that stands up for those values so he . And yes, in one (easy to make, no consequences) move, Russia put a nail in this coffin. And now I'm gonna collect my cayak in lieu of russki shilling to get back to higher (moral) ground.

    ...

    NOT ONE COUNTRY.

    1. JessicaRabbit

      Re: what have we learned?

      From what I've read a number of countries wanted to but as usual the US bullied them into retracting their offers or the countries weren't reachable directly and the countries in between would have captured and deported him.

  12. captain veg Silver badge

    just saying

    "To its credit, the government has engaged in reforms, and there's more transparency now that, on the one hand, has helped build back some trust that was lost, but also has made it easier to shine a light on surveillance misconduct that has happened since then," Jake Laperruque, deputy director of the Center for Democracy and Technology's Security and Surveillance Project, told The Register.

    Oddly, "la perruque" is French for "the wig".

    -A.

  13. DXMage

    In answer to the question.

    1. We have learned nothing.

    2. Governments will always and continue to lie about data collection.

    3. Companies will always and continue to lie about data collection.

    4. Money and control are the goals of data collection.

    5. Our society is doomed.

  14. CGBS

    Learn? I don't even know the meaning of the word.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like