Note to all Internet users: Trust no one

Whistleblower Edward Snowden says U.S. telecom companies all collaborate with NSA, accuses Britain of storing every bit of Internet data it can

Customers should assume that American multinational telecom companies are providing the U.S. government access to their personal data, according to whistleblower Edward Snowden. In an interview with Der Spiegel conducted before he went public about the NSA's surveillance programs, the former NSA contractor also said that punishing companies who collaborate with the agency should be "the highest priority of all computer users who believe in the freedom of thought."

In the interview, Snowden also said the NSA and Israel co-wrote the Stuxnet worm, which knocked out Iran's nuclear program in 2011, and he asserted that U.S. allies like Britain are engaging in surveillance programs similar in scope to those of the United States.

Last month, Snowden outted several companies, including Facebook, Apple, and Microsoft, for sharing data with the NSA as part of the U.S. government's widespread surveillance programs. In turn, many of those companies have scrambled to do damage control to assuage customers' privacy concerns. Meanwhile, political and business leaders overseas are urging their countrymen to steer clear of U.S.-based service providers to prevent their communications from being intercepted.

In the Der Spiegel interview, Snowden made comments that could further fuel that mistrust of doing business with U.S.-based communications companies. "Generally you can say that multinational [telecom companies] with headquarters in the U.S. should not be trusted until they prove otherwise," he said. "This is unfortunate, because these companies have the ability to deliver the world's best and most reliable services -- if they wanted to."

He said that consumers and privacy groups could drive change by pressuring companies to protect customer data and by not doing business with companies who won't. "Civil rights movements should use these revelations as a driving force. The companies should write enforceable clauses into their terms, guaranteeing their clients that they are not being spied on. And they should include technical guarantees," Snowden said. "If you could move even a single company to do such a thing, it would improve the security of global communications. And when this appears to not be feasible, you should consider starting one such company yourself."

He went on to say that "if the collaborators are punished by consumers in the market," the list of companies that refuse to cooperate with the NSA will inevitably grow." Punishing those companies, he said, "should be considered priority one for anyone who believes in freedom of thought."

Snowden made his opinions crystal clear that he had little faith in the U.S. legal system reining in the PRISM program. When asked who would be charged in the wake of the NSA leak, he replied, "In front of U.S. courts? I'm not sure if you're serious.... Who can be brought up on charges is immaterial when the rule of law is not respected. Laws are meant for you, not for them."

Snowden also alleged that the NSA is in cahoots with law enforcement agencies overseas. "For example, we tip them off when someone we want is flying through their airports (that we for example, have learned from the cellphone of a suspected hacker's girlfriend in a totally unrelated third country) -- and they hand them over to us," he said. "They don't ask to justify how we know something, and vice versa, to insulate their political leaders from the backlash of knowing how grievously they're violating global privacy."

What's more, he said that the "Five Eye Partners" -- the United States, Britain, Australia, New Zealand, and Canada -- collectively "go beyond what the NSA itself does." For example, he said the United Kingdom has a system called TEMPORA that's a "full-take Internet buffer that doesn't care about content type and pays only marginal attention to the Human Rights Act."

"It snarfs everything in a rolling buffer to allow retroactive investigation without missing a single bit," he said. "If you send a single ICMP packet and it routes through the U.K., we get it. If you download something and the [Content Delivery Network] happens to serve from the U.K., we get it.... Even the Queen's selfies with her lifeguards would be recorded, if they existed."

This story, "Note to all Internet users: Trust no one," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies