Security experts acknowledge that lawmakers need to take action to rein in government surveillance. The issue dominated the RSA Conference 2014 and led to the launch of TrustyCon, the first Trustworthy Technology Conference held concurrently with the annual RSA event as a result of the alleged ties between the intelligence community and some U.S. technology companies. At least two bills are being considered in Washington, according to the Electronic Frontier Foundation. Congress is considering the FISA Improvement Act, which aims to legalize certain surveillance activities while putting in some safeguards, and the USA Freedom Act, which would establish restrictions on the dragnet collection of data by the government.
Speaking at TrustyCon, noted cryptographer Bruce Schneier, an outspoken opponent of mass surveillance, who has reviewed the technical documents leaked by former NSA employee Edward Snowden, said the chance of actual change brought on by regulation is very low. Any new law would have a marginal impact on activity as the NSA and other agencies have multiple ways to get at the data they require and can give up some dragnet data collection activities without any loss of capability, Schneier said.
"How we enable the benefits of data in bulk -- all of our data together -- while at the same time protecting our privacy is the main problem right now," Schneier said. "Generally we should have a law to limit the use of data and technically limit the collection of data. ... It will take a generation who doesn't remember 9/11 to build privacy into society like we were used to."
Schneier is advocating for easier ways to incorporate encryption into popular applications. Easy-to-use encryption programs such as Off The Record, a clean plugin for chat programs, can make bulk collection more difficult and force intelligence-gatherers to conduct targeted surveillance to thwart terrorism, Schneier said.
"It is the bulk collection on everybody that we found terrible, and that is what encryption can solve," Schneier said. "We can make it more expensive and force them to go after my computer alone and not the entire country."
PUBLISHED MARCH 4, 2014