When "trust us" isn't enough: Government surveillance in a post-Snowden world presented at ITWeb 2014

by Christopher Soghoian,

Summary : Principal technologist and senior policy analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union
Silicon Valley is finally improving its security. Shamed by the Snowden disclosures, many of the major tech companies have been forced to begin encrypting their customers' data in transit. HTTPS, which just a few years ago was only widely deployed by banks, is now in use by default by Google, Facebook, Microsoft, Twitter and Yahoo.
The NSA could, in the past, engage in dragnet surveillance of hundreds of million of users with the assistance of friendly backbone operators. However, in an era of default transport encryption, NSA's network intercepts will be far less useful. Massive, dragnet surveillance now requires the assistance of Silicon Valley technology companies.
Many of the big Internet companies, whose services, applications and operating systems we all use, occupy a unique position of power. To surveil us, governments need their help. However, these companies and their advertising supported business models require that we trust them with our sensitive, private data. In the wake of the NSA disclosures, that trust is vanishing. Can the companies find a way to restore user trust without destroying their advertising supported services? What happens when governments go nuclear, and demand the companies' encryption keys or the insertion of surveillance backdoors in their products?