Call Edward Snowden what you will: traitor, hero or simply a naive young man. Maybe all three. At the South by Southwest Interactive conference Monday, he was both subject and object, clarifying some of the defining public policy challenges of the digital age even as he illustrated the difficulty of resolving them.
Snowden, a fugitive who began leaking documents about the National Security Agency’s surveillance operations last year, spoke via video feed before a large and largely sympathetic crowd in Austin, Texas. He exhorted technology companies to better protect their users, called for more oversight of the NSA and inveighed against bulk surveillance.
Nothing new there. But he also conveyed two deeper lessons — one wittingly and one not.
The first is that security is often illusory on the Internet. Cybercriminals can exploit and create security flaws as fast as the private sector can close them — and so can the NSA itself. As Snowden noted, even as the NSA was trying to protect Americans from online threats, it was working to introduce weaknesses into security tools such as encryption.
Never miss a local story.
It may well be that the nature and architecture of the digital economy will permanently redefine notions of privacy and security. It’s also undeniable that Internet companies have some responsibility for protecting their users from unwarranted snooping, as Snowden says. But the kind of information the NSA has been collecting is much the same as what consumers voluntarily divulge to technology companies every day. And it’s the same information those companies routinely sell to advertisers. That won’t change anytime soon.
The second lesson stems from Snowden’s mere presence — or, rather, lack thereof, as his comments were beamed to the audience from a site in Russia. For all the NSA’s legendary reputation for secrecy, all it took, in the end, was a young security contractor with an overdeveloped sense of indignation and some technological know-how to expose its methods to the world. Hardening cyberdefenses and using tools such as encryption are well and good — but such systems are only as trustworthy as the people who use them.
If Snowden deserves credit for anything — and it will be easier to apportion if he returns to the United States to make his case in a court of law — it’s for starting a debate about surveillance that even President Barack Obama has said is important. Technology changes the details of this debate, but not its parameters. If Americans, as citizens, want the NSA to curtail its mass surveillance, they can demand that change from Congress. And if Americans, as consumers, want to stop digital enterprises from collecting and selling so much of their data, they can demand that change in the marketplace.
As always in an age of technological flux, such change will bring plenty of unforeseen consequences. It will also carry costs as well as benefits. The challenge lies not so much in identifying them as in striking the balance.