Snowden told me the NSA set fire to the web. Silicon Valley needs to put it out

[Commentary] “You are the firefighters,” National Security Agency whistleblower Edward Snowden told a tech savvy audience, during my conversation with him at the South by Southwest festival. “The people in Austin are the ones who can protect our rights through technical standards.”

Ed’s comments were a call to arms for the tech community to protect its users from indiscriminate mass surveillance by the NSA and the insecurity it creates. Over the past few years, and even more so after Ed’s revelations, Silicon Valley companies have begun to enable -- by default -- basic security features, such as the use of HTTPS encryption to protect data as it is transmitted from their customers’ to the companies’ servers. While HTTPS encryption by default is a great start, isn’t enough. The tech companies must offer apps and services that are safe and secure by default.

• Disable data, all the way. Far too often, security is an opt-in feature that few regular people will even know about, much less seek out and enable.
• Limit collection, move up storage deadlines. As Ed stressed, tech companies can also begin to limit the data they collect from their customers and only store it for as long as it’s needed for genuine business purposes -- and not one second longer.
• Rethink our relationship with tech companies. We, the everyday consumers, must make privacy and security profitable. If we want these companies to put our interests first, we must pay for the services that they provide us. We must demand that those products preserve privacy -- again, by default. Until this business model changes, the services that are made for the mass market will remain insecure, vulnerable and optimized for data collection.

[Soghoian is principal technologist for the American Civil Liberties Union]

[March 11]