Mon January 20, 2014
Tech Executive On NSA: Washington 'Exploits' Security Holes
Originally published on Mon January 20, 2014 7:44 pm
MELISSA BLOCK, HOST:
And now, we're going to hear more reaction to the proposed NSA reforms from another tech company, Mozilla, the company behind the Firefox Web browser. Firefox is built with open-source code, which means that outsiders and users can audit privacy and security. And the company prides itself on its efforts to protect people's data when they browse the Internet.
Alex Fowler is Mozilla's chief privacy officer, and he joins me now from San Francisco. Mr. Fowler, welcome to the program.
ALEX FOWLER: Thank you. Pleasure to be here.
BLOCK: I was looking at your blog post from Friday, and you sounded pretty skeptical after the president's speech. You said the president didn't address the most glaring reform needs. So what, in your view, would be the most glaring reform need?
FOWLER: Well, so right now, we have a policy approach in Washington which is focused on not closing security holes but actually un-hoarding information about security backdoors and holes in our public security standards and using those then to exploit them for intelligence needs. In our perspective, and I think certainly those of your listeners - as you think about the news related to Target data breaches and breaches with Snapchat and other common tools that we use every day - that what we really need is to actually focus on securing those communications platforms so that we can rely on them. And that we know that they are essentially protecting the communications that we're engaged with.
BLOCK: Let me try to break this down just a little bit. Is one of the things that you're worried about the government subversion of encryption systems? In other words, the government might inject surveillance code into browsers. This is what's called the backdoor.
FOWLER: Exactly. Those are exactly the type of issues where, you know, it's not just by leaving those types of exploits in place, it's not just our intelligence agencies that may be using them to protect national security, but it also leaves them there for hackers and other criminals engaged in trying to break into those particular systems.
BLOCK: One of the things that you wrote about in your blog post on Friday was a concern about what you called a world of balkanization of the Internet. Why don't you explain what you mean by that.
FOWLER: Yes. So one of the really critical values of the Internet is that it is global, it is distributed, it is very easy for people to gain access to it. And so one of the things that we're always concerned about is any kind of governmental action whereby those countries would be isolating themselves, creating their own versions of the Net and closing off that broader access to information and the ability to contribute back to the broader Internet community. So balkanization is really a notion where you would essentially have a separate Internet for, say, citizens in Brazil than what the same users outside of Brazil would see when they visit those sites.
BLOCK: And do you think that's a realistic scenario at this point?
FOWLER: Absolutely. A year ago, we were talking about balkanization in the context of Russia and China. And now, we're talking about that in the context of Brazil and Germany, in democratic countries, seeing that as a viable approach to protecting the privacy and security of their citizens.
BLOCK: I want to get back to your blog post from Friday, Mr. Fowler. You wrote, Internet users around the world would be well served if the next director of the NSA makes transparency and human rights a true priority. Do you think that's a fair expectation for the head of a spy agency?
FOWLER: We do, actually. I mean, we think that any agency, even a spy agency, has to operate in the context that they find themselves. And right now, we are seeing a changing set of public values and concerns as it relates to those particular activities. And so I think it's important to remind ourselves that even an intelligence agency isn't above and beyond the law.
BLOCK: I wonder if you - you say there might be just a fundamental contradiction here, given that so much of our daily lives is now digitally recorded and preserved and transmitted, that there's going to be a huge temptation for both tech companies and the government to want to access that data.
FOWLER: I'm not sure I would describe it as a contradiction and more as what the responsibilities are for any organization in the business of collecting and using information from users. And I think that that's an important set of concerns that are still evolving. We're still relatively new at this. And so, you know, I would say that, while some best practices exists and industry has been very proactive in thinking about the types of protections and safeguards that they can put in place but, you know, we still look at data breaches, so we know we need to do a lot better. And I think that's a critical area for us as a society in the 21st century to get very effective at.
BLOCK: Alex Fowler is chief privacy officer with Mozilla. Mr. Fowler, thank you.
FOWLER: My pleasure. Thank you. Transcript provided by NPR, Copyright NPR.