Yesterday, Golden Frog president Sunday Yokubaitis and co-Founder Ron Yokubaitis participated in Q&A discussion with Edward Snowden at SXSW. The invite-only session with about 25 tech leaders was a chance for the tech community and Snowden to talk about the things we need to do to improve cybersecurity and fight back against government surveillance.
The Verge wrote a nice recap of the event, but here’s a few highlights that might interest the readers of this blog:
What’s next for VPN Technology
Sunday brought up personal VPN services and asked, “What product or services should we build to fill in the current policy gaps?” Snowden answered that VPN providers need to develop new technologies to obscure their services so VPN traffic can’t be identified as being encrypted. He also said we need more randomizing efforts for other services so we, as a tech community, can defeat monitoring at the network level. Snowden’s suggestion was very encouraging because Golden Frog has already built our proprietary VPN technology called Chameleon that already does what Snowden described so people around the world can defeat the deep pack inspection tactics of the Great Firewall and other monitoring efforts. So, we were thrilled that Snowden validated our existing efforts!
Tech Policy vs. Tech Innovation
A fair amount of the discussion focused on tech policy to curb government surveillance. But Snowden pointed out that the tech industry needs to build products and services to protect people. If you are waiting for the government to protect you, you likely will be waiting a very long while.
This is the reason we founded Golden Frog in 2009. Prior to 2009, we’d spent a fair amount of time talking with legislators about the need for updated and better privacy laws. Finally, after becoming frustrated with the legislative and regulatory process, we lost confidence that policy would provide the solutions we all need. We were happy that Snowden validated Golden Frog’s mission to build the tools that Internet users will need to protect themselves online without waiting for policy to protect us.
It’s no secret the NSA is actively trying to break encryption. Snowden said the more we encrypt, the more expensive it is for the government to collect data. Even the NSA has budget constraints, and the more money we make them spend to get our data, the harder it will become to keep their programs going.
Speaking of encryption, Snowden also predictably criticized government proposals that allow organizations like the NSA and FBI backdoors into our networks. Snowden correctly noted backdoors only create insecurity and “China would jump at the opportunity” if we decide to create encryption backdoors. We agree, it’s hard enough to do encryption correctly without the government asking us to intentionally build vulnerabilities into our servers.
There’s one way the Government can actually help
Snowden also said that many of the critical infrastructure cyber security solutions, things like SSL libraries, are funded by voluntary investments in time – and therefore have massive security vulnerabilities. We need to be more proactive in plugging these holes. He urged the government, along with the big tech companies, to create a fund for research into security vulnerabilities.
It was a great experience participating in the Q&A and gratifying to hear that the types of things we are doing at Golden Frog are consistent with the direction he believes the tech community needs to take.