The NSA whistleblower, Edward Snowden, has urged lawyers, journalists, doctors, accountants, priests and others with a duty to protect confidentiality to upgrade security in the wake of the spy surveillance revelations.
Snowden said professionals were failing in their obligations to their clients, sources, patients and parishioners in what he described as a new and challenging world.
“What last year’s revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default,” he said.
The response of professional bodies has so far been patchy.
A minister at the Home Office in London, James Brokenshire, said during a Commons debate about a new surveillance bill on Tuesday that a code of practice to protect legal professional privilege and others requiring professional secrecy was under review.
Snowden’s plea for the professions to tighten security came during an extensive and revealing interview with the Guardian in Moscow.
The former National Security Agency and CIA computer specialist, wanted by the US under the Espionage Act after leaking tens of thousands of top secret documents, has given only a handful of interviews since seeking temporary asylum in Russia a year ago.
During the seven hours of interview, Snowden:
• Said if he ended up in US detention in Guantánamo Bay he could live with it.
• Offered rare glimpses into his daily life in Russia, insisting that, contrary to reports that he is depressed, he is not sad and does not have any regrets. He rejected various conspiracy theories surrounding him, describing as “bullshit” suggestions he is a Russian spy.
• Said that, contrary to a claim he works for a Russian organisation, he was independently secure, living on savings, and money from awards and speeches he has delivered online round the world.
• Made a startling claim that a culture exists within the NSA in which, during surveillance, nude photographs picked up of people in “sexually compromising” situations are routinely passed around.
• Spoke at length about his future, which seems destined to be spent in Russia for the foreseeable future after expressing disappointment over the failure of western European governments to offer him a home.
• Said he was holding out for a jury trial in the US rather a judge-only one, hopeful that it would be hard to find 12 jurors who would convict him if he was charged with an offence to which there was a public interest defence. Negotiations with the US government on a return to his country appear to be stalled.
Snowden, who recognises he is almost certainly kept under surveillance by the Russians and the US, met the Guardian at a hotel within walking distance of Red Square.
The 31-year-old revealed that he works online late into the night; a solitary, digital existence not that dissimilar to his earlier life.
Advertisement
He said he was using part of that time to work on the new focus for his technical skills, designing encryption tools to help professionals such as journalists protect sources and data. He is negotiating foundation funding for the project, a contribution to addressing the problem of professions wanting to protect client or patient data, and in this case journalistic sources.
“An unfortunate side effect of the development of all these new surveillance technologies is that the work of journalism has become immeasurably harder than it ever has been in the past,” Snowden said.
“Journalists have to be particularly conscious about any sort of network signalling, any sort of connection, any sort of licence-plate reading device that they pass on their way to a meeting point, any place they use their credit card, any place they take their phone, any email contact they have with the source because that very first contact, before encrypted communications are established, is enough to give it all away.”
Journalists had to ensure they made not a single mistake or they would be placing sources at risk. The same duty applied to other professions, he said, calling for training and new standards “to make sure that we have mechanisms to ensure that the average member of our society can have a reasonable measure of faith in the skills of all the members of these professions.”
He added: “If we confess something to our priest inside a church that would be private, but is it any different if we send our pastor a private email confessing a crisis that we have in our life?”
The response of professional bodies in the UK to the challenge varies, ranging from calls for legislative changes to build in protection from snooping, to apparent lack of concern.
Ross Anderson, professor of security engineering at Cambridge University, said he shared Snowden’s concerns about the vulnerability of the professions to surveillance by spy and law enforcement agencies.
Advertisement
“If you think your HIV status is secret from GCHQ, forget it,” he said. “The tools are available to protect data and communications but only if you are important enough for your doctor or lawyer to care.”
Timothy Hill, technology policy adviser at the Law Society, which represents UK lawyers, said the profession was concerned
“Legal professional privilege – the right to consult a legal adviser in confidence – is a long established common law right. Its fundamental role in our legal system needs to be reasserted.”
The society is pressing to have existing legislation rewritten to include explicit protection for legal professional privilege from government surveillance.
“There needs to be a debate about the implications of the Snowden revelations for professional privilege in the digital age,” Hill said. “It is not happening. This is not being debated in parliament.”
He said the society was seeking to strengthen law firms’ cybersecurity awareness but that a stronger statutory framework was essential.
Michelle Stanistreet, the National Union of Journalists general secretary, echoed the concerns. “For democracy to function, it needs to have a free press and journalists who are able to do their job without fear or hindrance. But this is becoming increasingly under threat.”
She added: “Last year’s revelations show that unencrypted communications can mean that journalists may be unwittingly handing over their contacts, footage or material, against their will.”
The General Medical Council provides guidance to UK doctors about protecting information against improper disclosure.
Niall Dickson, the GMC chief executive, said: “Modern communication offers huge benefits for patients in terms of research, access to professionals, as well as speed of care and treatment. But of course it also carries risk, and confidentiality and trust are at the heart of the doctor-patient relationship.
“We recognise that keeping up with advances in technology and its implications for confidentiality are challenging for all healthcare professionals. We do have guidance which explains what doctors need to do if they are concerned about the security of personal information or systems they have been given to use. But in this rapidly changing area, we also need to keep on top of this ourselves, and we do regularly review our guidance to take account of changes in the external environment.”
https://www.theguardian.com/world/2014/jul/17/edward-snowden-professionals-encrypt-client-communications-nsa-spy