Small app developers and startup computer services businesses listen up: You've got to build better security into your products right away.
That was the word from whistleblower Edward Snowden who spoke to an audience at the South by Southwest festival via Google Hangouts from Russia, where his exact location was protected by 8 different proxy servers on Monday. The audio and video quality were atrocious, but the message was compelling.
In reference to the National Security Agency's spying program, Snowden said: "The result has been an adversarial Internet, which is not what we asked for and not what we wanted."
Snowden has been living as fugitive in Russia since 2013, following his exposure of troves of data collected by the NSA. The revelation presented a far bigger picture than had been known of the government's eavesdropping on U.S. citizens and their ordinary interactions, in which many communications and consumer Internet companies have been complicit.
Essentially, the services consumer rely on for email, text, and other communications created by Google, Microsoft, Yahoo and other consumer Internet companies are not secure because they depend on advertising, noted Snowden.
In other words, these larger companies have a business incentive to poke through your emails so they can sell you stuff, Snowden said. That's in addition to the allegation that these firms are collaborating with the NSA.
Small companies and startups, however, don’t have to follow that lead. They can develop products and services that are secure out-of-the-box, Snowden and co-panelist Christopher Soghoian, the principal technologist of the American Civil Liberties Union, said on stage.
Building in Security
One obvious way to secure consumer product would be to offer end-to-end encryption, or other privacy protecting-enhancements for a minimal fee, Soghoian said.
"Developers will have to think about security early on, not later down the road," Soghoian added.
Part of the reason large companies have not secured their products for consumers is that it might make them harder for consumers to use, the panelists said. A natural place for small companies to innovate would be to create products that are easy to use and highly secure.
One example given to illustrate that point was Gmail's introduction of secure socket layer email in 2011, which dramatically cut down on hack attacks and snooping on consumers. Apparently that technology had been available for years before Gmail felt the pressure to use it. Now it operates in the background without consumers even knowing it.
Another security improvement, Snowden noted, would be if Internet and computing companies that held customer data did so for abbreviated periods of time.
"Companies should only hold the data for as long as necessary for the operation at hand," Snowden said.