NSA whistleblower Edward Snowden opened the Free Software Foundation's LibrePlanet 2016 conference on Saturday with a discussion of free software, privacy and security, speaking via video conference from Russia.
Snowden credited free software for his ability to help disclose the U.S. government's far-reaching surveillance projects – drawing one of several enthusiastic rounds of applause from the crowd in an MIT lecture hall.
"What happened in 2013 couldn't have happened without free software," he said, particularly citing projects like Tor, Tails (a highly secure Linux distribution) and Debian.
Snowden argued that free software's transparency and openness are cornerstones to preserving user privacy in the connected age. It isn't that all commercial products are bad, nor that all corporations are evil – he singled out Apple's ongoing spat with the FBI as an example of a corporation trying to stand up for its users – merely that citizens should not have to rely on them to uphold the right to privacy.
"I didn't use Microsoft machines when I was in my operational phase, because I couldn't trust them," Snowden stated. "Not because I knew that there was a particular back door or anything like that, but because I couldn't be sure."
Private data, these days, only stays private at the sufferance of the major tech companies that administer devices and services, he argued. Given the increasing centrality of smartphones and social networks and the myriad of other digital communication methods to modern life, simply trusting that those tech companies will protect their users' privacy is insufficient.
Relying on corporations to protect private data is bad enough in a vacuum – but Snowden pointed out that many tech giants have already proven more than willing to hand over user data to a government they rely on for licensing and a favorable regulatory climate.
He particularly singled out service providers as being complicit in overreaching government surveillance.
"We can't control telecom partners," Snowden stated. "We're very vulnerable to them."
However, protecting privacy is gaining mindshare, he added. Increasingly, a digital public concerned with keeping its private data to itself is getting behind the idea of pushing back on the tech industry and the government.
"We're no longer passive in our relationship with our devices," he said.
But awareness must be raised still further, and alternatives have to be offered by the free software world. Encrypting everything that can be encrypted is one way to preserve privacy, as is self-hosting.
"Even mass surveillance has limits," Snowden said.
Even if tech companies don't actively partner with the government on surveillance, there are huge vulnerabilities in important systems, he noted. A need for stability compromises the ability to patch security holes in anything like a timely manner, particularly in the enterprise.
"It's not just a question of stable – stable is important," Snowden said. "But increasingly, due to the pace of adversary offensive research [being] so fast, that if our update cycles are not at least relevant to the attack speed, then we're actually endangering people."