Snowden – Five Years Later

Edward Snowden has no regrets five years on from leaking the biggest cache of top-secret documents in history.

He is wanted by the US. He is in exile in Russia. But he is satisfied with the way his revelations of mass surveillance have rocked governments, intelligence agencies and major internet companies.

In a phone interview to mark the anniversary of the day the Guardian broke the story, he recalled the day his world, and that of many others around the globe, changed for good. He went to sleep in his Hong Kong hotel room and when he woke, the news that the National Security Agency had been vacuuming up the phone data of millions of Americans had been live for several hours.

Snowden knew at that moment his old life was over. “It was scary but it was liberating,” he said. “There was a sense of finality. There was no going back.”

What has happened in the five years since? He is one of the most famous fugitives in the world, the subject of an Oscar-winning documentary, a Hollywood movie, and at least a dozen books.

The US and UK governments, on the basis of his revelations, have faced court challenges to surveillance laws. New legislation has been passed in both countries. The Internet companies, responding to a public backlash over privacy, have made encryption commonplace.

Snowden, weighing up the changes, said some privacy campaigners had expressed disappointment with how things have developed, but he did not share it. “People say nothing has changed: that there is still mass surveillance. That is not how you measure change. Look back before 2013 and look at what has happened since. Everything changed.”

The most important change, he said, was public awareness. “The government and corporate sector preyed on our ignorance. But now we know. People are aware now. People are still powerless to stop it but we are trying. The revelations made the fight more even.”

He said he had no regrets. “If I had wanted to be safe, I would not have left Hawaii (where he had been based, working for the NSA, before flying to Hong Kong).”

His own life is uncertain, perhaps now more than ever, he said. His sanctuary in Russia depends on the whims of the Putin government, and the US and UK intelligence agencies have not forgiven him. For them, the issue is as raw as ever, an act of betrayal they say caused damage on a scale the public does not realise.

This was reflected in a rare statement from Jeremy Fleming, the director of the UK surveillance agency GCHQ, which, along with the US National Security Agency. was the main subject of the leak. In response to a question from the Guardian about the anniversary, Fleming said GCHQ’s mission was to keep the UK safe: “What Edward Snowden did five years ago was illegal and compromised our ability to do that, causing real and unnecessary damage to the security of the UK and our allies. He should be accountable for that.”

The anger in the US and UK intelligence communities is over not just what was published, fewer than 1% of the documents, but extends to the unpublished material too. They say they were forced to work on the assumption everything Snowden ever had access to had been compromised and had to be dumped.

There was a plus for the agencies. Having scrapped so much, they were forced to develop and install new and better capabilities faster than planned. Another change came in the area of transparency. Before Snowden, media requests to GCHQ were usually met with no comment whereas now there is more of a willingness to engage. That Fleming responds with a statement reflects that step change.

In his statement, he expressed a commitment to openness but pointedly did not credit Snowden, saying the change predated 2013. “It is important that we continue to be as open as we can be, and I am committed to the journey we began over a decade ago to greater transparency,” he said.

Others in the intelligence community, especially in the US, will grudgingly credit Snowden for starting a much-needed debate about where the line should be drawn between privacy and surveillance. The former deputy director of the NSA Richard Ledgett, when retiring last year, said the government should have made public the fact there was bulk collection of phone data.

The former GCHQ director Sir David Omand shared Fleming’s assessment of the damage but admitted Snowden had contributed to the introduction of new legislation. “A sounder and more transparent legal framework is now in place for necessary intelligence gathering. That would have happened eventually, of course, but his actions certainly hastened the process,” Omand said.

The US Congress passed the Freedom Act in 2015, curbing the mass collection of phone data. The UK parliament passed the contentious Investigatory Powers Act a year later.

Ross Anderson, a leading academic specialising in cybersecurity and privacy, sees the Snowden revelations as a seminal moment. Anderson, a professor of security engineering at Cambridge University’s computer laboratory, said:
“Snowden’s revelations are one of these flashbulb moments which change the way people look at things. They may not have changed things much in Britain because of our culture for adoring James Bond and all his works. But around the world it brought home to everyone that surveillance really is an issue.”

MPs and much of the UK media did not engage to the same extent of their counterparts elsewhere in Europe, the US, Latin America, Asia and Australia. Among the exceptions was the Liberal Democrat MP Julian Huppert, who pressed the issue until he lost his seat in 2015. “The Snowden revelations were a huge shock but they have led to a much greater transparency from some of the agencies about the sort of the things they were doing,” he said.

One of the disclosures to have most impact was around the extent of collaboration between the intelligence agencies and internet companies. In 2013, the US companies were outsmarting the EU in negotiations over data protection. Snowden landed like a bomb in the middle of the negotiations and the data protection law that took effect last month is a consequence.

One of the most visible effects of the Snowden revelations was the small yellow bubble that began popping up on the messaging service WhatsApp in April 2016: “Messages to this chat and calls are now secured with end-to-end encryption.”

Before Snowden, such encryption was for the targeted and the paranoid. “If I can take myself back to 2013,” said Jillian York, the director for international freedom of expression at the digital rights group the Electronic Frontier Foundation, “I maybe had the precursor to [the encrypted communication app] Signal on my phone, TextSecure. I had [another email encryption tool] PGP, but nobody used it.” The only major exception was Apple’s iMessage, which has been end-to-end encrypted since it was launched in 2011.

Developers at major technology companies, outraged by the Snowden disclosures, started pushing back. Some, such as those at WhatsApp, which was bought by Facebook a year after the story broke, implemented their own encryption. Others, such as Yahoo’s Alex Stamos, quit rather than support further eavesdropping. Stamos is now the head of security at Facebook.

“Without Snowden,” said York. “I don’t think Signal would have got the funding. I don’t think Facebook would have had Alex Stamos, because he would have been at Yahoo. These little things led to big things. It’s not like all these companies were like “we care about privacy”. I think they were pushed.”

Other shifts in the technology sector show Snowden’s influence has in many ways been limited. The rise of the “smart speaker”, exemplified by Amazon’s Echo, has left many privacy activists baffled. Why, just a few years after a global scandal involving government surveillance, would people willingly install always-on microphones in their homes?

“The new-found privacy conundrum presented by installing a device that can literally listen to everything you’re saying represents a chilling new development in the age of internet-connected things,” wrote Gizmodo’s Adam Clark Estes last year.

Towards the end of the interview, Snowden recalled one of his early aliases, Cincinnatus, after the Roman who after public service returned to his farm. Snowden said he too felt that, having played his role, he had retreated to a quieter life, spending time developing tools to help journalists protect their sources. “I do not think I have ever been more fulfilled,” he said.

But he will not be marking the anniversary with a “victory lap”, he said. There is still much to be done. “The fightback is just beginning,” said Snowden. “The governments and the corporates have been in this game a long time and we are just getting started.”

Guardian

You Might Also Read:

Russia Faces US Request To Extradite Snowden:

British Police Continue A Secret Snowden Investigation:

« Big Data Becomes Everyone's Job
China Dominates Global Investment In AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

Entersekt

Entersekt

Entersekt is an innovator in push-based authentication and app security.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

Asvin

Asvin

Asvin provides secure update management and delivery for Internet of Things - IoT Edge devices.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

ReachOut Technology

ReachOut Technology

ReachOut is a transformative approach to IT Security, Support, and Guidance. But we’re more than that. We’re passionate IT experts driven to make solutions to your problems.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.