3 years ago
Former CIA contractor turned whistleblower Edward Snowden shocked the world when he revealed the misdeeds of the US intelligence community and its allies. Now living in Russia, he is a noted privacy advocate and author who serves as president of the Freedom of the Press Foundation. His book, Permanent Record, is now available in paperback from Henry Holt and Company.
First of all, congratulations on the recent ruling. Was it 9th District Court of Appeals? Yeah. Is that what it was? It said that what you exposed with the warrantless wiretapping was in fact illegal. And there are many people that are calling for you to be pardoned now. Yeah, so much has happened. This ruling, this is actually not the first time the federal government has, or the appeals courts have struck down some of the federal surveillance programs as unlawful. But this one is really important because it happened from an appeals court. It wasn't from a single judge. It was from a panel of judges. And what they had ruled was that the NSA's bulk collection of Americans' phone records was illegal. And this is the very first mass surveillance program that I and the journalists, really that the news was broken back in 2013. So this is a huge victory for privacy rights. What it means is there was this provision of the Patriot Act. Remember the Patriot Act? Remember a zillion years ago? I do. Everybody was laying on the Patriot Act. Your friend Alex Jones, I think. He was worried about the Patriot Act. It's a terrible name. There's a real problem with that name. Because if you're against the Patriot Act, it's against babies. This is the Pro-Baby Act, but meanwhile, Pro-Baby Act, they get to look through your email. It's like the word Patriot is attached to that in a very disingenuous way. Calling that the Patriot Act, it's really creepy that they could do that. It should have a number, like Bill A-1. You know what I'm saying? So you can debate the merits of it. There's just so much propaganda attached to that name, like the Patriot Act. This is one of the funny things, because it should be a warning for anybody who's in like anywhere in the country. And here on the news, they're talking about the Save Puppies Act. There's actually one that's been, they've been trying to push through recently, which is basically outlawing meaningful encryption from the major internet service providers. Like if Facebook or Google, for whatever reason, got out of bed in the morning and they actually wanted to protect the security of your communications in a way that even they can't break. Like right now, Google and Facebook, they do a great job keeping other people from spying on your communications. But if Google wants to rifle through your inbox, if Facebook wants to go through all your direct messages and give that to the federal government, like you tap one button and boom, they've got all of it. It happens every single day. Well, companies like Facebook have recently realized this is a real problem for them. Because first off, they get all these censorship demands that you've seen, where like there's deplatforming requests. And if it happens in one country, right, like if the US government is allowed to decide what can and can't be said by this person on this platform, or the US goes, look, we got a court warrant. They said, or a judge said, we think this person's a criminal. We want you to hand over everything you have on this person. And they do it, right? Facebook does this. Well, guess who's next, right? The Russian government shows up at the door the next day. The Chinese government shows up at the door the next day. And if these companies don't play ball, they get shut down in that country. They can no longer, no longer operate. And so the idea that a lot of them have that they've considered, and this has actually become a bigger thing in the COVID crisis, where we start talking about like contact tracing, these companies want to know where everybody is at all the time, so they can hand this over to medical authorities or whatever. There's this idea called end to end encryption, which what it means is that when you send a message, you know, when Billy sends a message to Bobby, Billy and Bobby both have the keys to unlock that message. And it could be sent through Facebook, it could be sent through Google, it could be posted, you know, on a bulletin board in the town square. But without that key, which people who run the bulletin board, right, the people who own the bulletin board, Google, Facebook, they don't have that key. Only the phones at the end, the laptops at the end, the people who own those, they're the only people who have the key. So if somebody comes to Facebook and says, we want to see that information, Facebook hands over the encrypted message, right? And Facebook goes, well, here you go, here's our copy, but we can't read it. You can't either. Now you've got to actually do some work on the government side and go get that key yourself. And then you can read it, right? But we can't read it. Congress is trying to stop the basically proliferation of that basic end to end encryption technology. And they're calling it like the Child Online Predator Act or something like that, where they say it's all about protecting the posting of like child exploitation material and really, really horrible stuff. But that's not actually what the law is about. The law is about making it easier for spies and law enforcement to reach deeper and deeper into your life with a simple warrant stamped by any court. Now, the funny thing is this never used to be the way law enforcement worked in the United States. I mean, when you hear about a warrant, what does that mean to you? What can the cops get with a warrant? Well, usually I think it means that they can come in your house and search. Right. The real issue with warrants when it pertains to encryption, like when you're talking about the Child Safety Act or whatever they're calling it, anyone would say, yes, we have to stop child predators. But the problem with having the ability to use something like that to stop child predators, in my eyes, I start thinking, well, if I really wanted to look into someone, what I would do is I would send them some malware that would put child pornography on their computer and then I would have all of the motive that I need to go and look through everything like say if they were a political dissident, if they were doing something against the government and you were someone who was acting in bad faith and you decided, OK, we want to look into this guy, but we don't have a warrant. What are the laws? What can we get away with it? Well, we have the Child Endangerment Act. And so because of that, we're allowed to peer into anything, but we just have to have motive. So we have to well, do we have motive? All you'd have to do is and we both know this. It's very easy to put something illegal on someone's computer if they're not paying attention. It's very easy to install like you could send someone a text message that looks like a routing number for a package they're going to get. They click on that and then you what is that with the Israelis have Pegasus. Yeah, you've read up on this. Yeah. So well, it's it's from Brian Fogel's new film The Dissident, which is about Jamal Khashoggi's murder and how the Saudis use that to use. They actually tapped into Jeff Bezos, his phone. And that's where all of this is the suspicion is that that's where all of those national inquirer photos came out and all the attacks on him because they had access to his actual phone through this. So someone could easily get into your stuff if you're not paying attention and then they could use, you know, whatever acts they've come up with, whatever it's the Patriot Act or whatever act where they could just get into everything you're doing. Look at your WhatsApp messages. Look at your your Facebook messages. It's real sneaky. So and it's it's dangerous. It's a dangerous precedent to set. Yeah, I mean, there's a lot to this. Let me go into some of that in a little depth. So you mentioned the NSO group and their Pegasus malware set. And this is very much a real thing. Like you're a well read guy. This is like this company, the CEO's name, I think is Shalom Leo, is run in Israel. It was previously owned actually by an American venture capital firm. I believe they've been rebought out, but it doesn't really matter. Their entire business is preying on flaws in the critical infrastructure of all the software running on the most popular devices in the world. The number one target right is the iPhone. And this is because the iPhone as secure as it is relative to a lot of other phones is a monoculture. Right. Like if you if you have an iPhone, you get these little software update notifications all the time that are like, hey, please update to the most recent version of iOS. And that's a fabulous thing. That's a wonderful thing for security, because the number one way that people's devices get screwed if it's not just through user error, right, like you entering your password somewhere you shouldn't. Like a fake site that looks like Gmail, but it's not actually Gmail. You just gave the guy your password. Now he uses your password to log in. But to actually break into a device is that it's not patched, right? Patch means getting these security updates, these little code updates that fix holes that researchers found in the security device. Well, Apple's really good about rolling these out all the time for everybody in the world. The problem is basically all these different iPhones, right, you got an iPhone six, you got an iPhone eight, you got an iPhone X, you got an iPhone, you know, three, whatever. These are all running a pretty narrow band of software versions. And so these guys go if they want to target, for example, Android phones like Google phones, like a Samsung Galaxy or something like that. There's like a billion different phones made by a billion different people. Half of them are completely out of date. But what it means is not one version of software they're running, it's like 10,000. And this is actually bad for security on the individual level. But it's good for security in a very unusual way, which is the guys who are developing the exploits. The guys like this NSL report trying to find ways to break into phones. They now have to have like 50 different handsets running 50 different versions of software. They're all changing. They've got different hardware, they've got different ship sets, they've got different, like all kinds of just technical variables that can screw up the way they attack your phone. And then when they find one, it only works on like this Samsung Galaxy line. It doesn't work on like the Google Pixel line, or it doesn't work on like a Nokia line or something Whereas they realize if they find a way to attack an iPhone, which is actually, you know, this is difficult, this is really difficult stuff. Now it works against basically every iPhone. And who has iPhones? All the rich people, right? All the important people, all the lawmakers, all the guys who are in there. So they've made a business on basically attacking the iPhone and selling it to every two bit thug who runs a police department in the world. You know, they sell this stuff to Saudi Arabia, they sell this to Mexico. And there's a group of researchers in Canada working at a university called the Citizen Lab. And these guys are really like the best in the world at tracking what NSO Group is doing. If you want to learn about this stuff, the real stuff, look up Citizen Lab and the NSO Group. And what they have found is all the people who are being targeted by the NSO Group, the classes of people, the countries that are using this. And, you know, it's not like the local police department in Germany trying to bust up, you know, a terrorism ring or something like that. It's the Mexican government spying on the head of the Mexican opposition or trying to look at human rights defenders who are investigating like student disappearances. Or it's people like the friends and associates of Jamal Khashoggi, who was murdered by the Saudi government. Or it's people like dissidents in Bahrain. And these like Petro states, these bad actors nationally, will pay literally tens of millions of dollars each year just to have the ability to break into an iPhone for a certain number of plans. Because that's how these guys do it. They sell their business plan, they go, we'll let you break into any iPhone just by basically sending a text message to this phone. All you need to find is the phone number of a person who's running an iPhone. And we will exploit something, which will give you total control of this. If that happens to someone, I'm sorry, but if that happens to someone, could they just get a new phone? And does the exploit, is the exploit specific to their account? Or is the exploit on the physical phone itself? So the question or the answer to this is it really depends on the exploit. Like the easiest forms of exploit, or rather the easier types of exploits, are where they send you a text message, right? And it'll be like an iMessage or something like that. And it's got a link in it that'll be like, oh gosh, terrible news. You know, your buddy's father just died. And we're making funeral arrangements. Are you going to be there? It's the day after tomorrow. And when you click the link for the funeral arrangements, it opens your web browser. And the web browser on your phone is always the biggest, most complicated process in it, right? There's a zillion lines of code in this, as opposed to an instant messenger where there's fewer lines of code in it. And they'll find one thing in that where there's a flaw that lets them feed instructions, not just to the browser, but basically escape the little sandbox that the browser's supposed to play in. That's supposed to be safe where it can't do anything too harmful. And it'll run out of this sandbox. And it'll ransack your phone's hardwired operating system, the system image. It'll give them privileges to do whatever they want on your phone, as if they are you, and as if they have a higher level of privilege than you. They have system-level privileges to change the phone's operation permanently. And this is the problem is on the phone. You can replace the phone, and they'll lose access to that. But if they've already used that to gain the passwords that you use to access your iCloud or whatever, when they have control of the phone, they've already got your photo roll. They've already got your contact list. They already have everything that you've ever put in that phone. They already have all your notes. They already have all your files. They already have everything that's in your message history. They can pull that out immediately. And now, because they have all your contacts and things like that, they see that phone stop being active, they know you've changed your phone number. All they have to do is find the new phone number, and then they can try to go after you again. The benefit is, with that old style of attack, if you get that message and you don't click that link, you're somebody in a vulnerable class, right? You've had these kind of attacks the entry before. It looks suspicious. You don't know who this person is. The number isn't right, something like that. And you save that link. You don't click the link. You don't do anything with that link. But you send it to a group like Citizen Lab. They can basically use that link to basically use like a dummy phone, like a sort of a Trojan horse to go to the site that would attack your phone and catch it. And this is what the sort of process that all of their research is based on. There are other more advanced types of attacks that actually don't have these defenses against them that are far more scary. Episodes of the Joe Rogan Experience are now free on Spotify. That's right. They're free from September 1st to December 1st. They're going to be available everywhere. But after December 1st, they will only be available on Spotify, but they will be free. That includes the video. The video will also be there. It'll also be free. That's all we're asking. Go download Spotify. Much love. Bye bye.