Speaking remotely at Web Summit, Snowden slams big tech companies, saying they make people vulnerable to surveillance.
Six years after leaking documents about the National Security Agency's mass surveillance activities, Edward Snowden believes the world is changing. He recognizes that people are more aware of privacy problems and angrier about them than ever, but he still seems to want people to take more time to understand the specific "abuse" being committed against them.
"People are quite frequently mad at the right people for the wrong reasons," he said, speaking via video link at Web Summit in Lisbon on Monday. Snowden hit out at big tech companies, saying they make populations vulnerable by collecting data and allowing it to be accessed by governments.
"These people are engaged in abuse, particularly when you look at Google and Amazon, Facebook and their business model," he said. "And yet every bit of it, they argue, is legal. Whether we're talking about Facebook or the NSA, we have legalized the abuse of the person through the personal."
Google, Amazon and Facebook didn't immediately respond to a request for comment.
Snowden is best known for lifting the lid on an NSA surveillance program known as Prism in 2013, leaking documents to journalists showing the extent to which people's data was being collected by the US government and its allies. He fled first to Hong Kong, and was later granted asylum in Russia, where he still resides. Snowden believed the world had a right to know what he knew -- but he's not an obvious whistleblower, as he calls himself.
As he told it, he has always been a rule follower and goody-two-shoes -- never getting drunk, never smoking a joint. He took the oaths he signed when he started working for the intelligence services seriously. So what changed?
"Many years later you find that what you are doing is that you're in a conspiracy to violate that oath you took on that very first day," Snowden said. "What do you do when you have contracting obligations?"
What he witnessed, he said, was that rather than chasing the bad guys, the NSA had begun prospectively surveilling people before they had broken the law, and no one in a position of power tried to stop it because it benefited them.
"What do you do when the most powerful institutions in society have become the least accountable in society?" he asked himself. Society deserved to know, he thought, and so he spoke out.
Among the documents he handed over to journalists were top-secret slides listing Apple, Google, Microsoft, Yahoo, AOL, Facebook and a video chat company called PalTalk as willing partners in the surveillance program.
These, he said, contained a "Faustian bargain" or "deal with the devil," even though the government didn't necessarily tell the companies why they needed vast amounts of data. Tools originally designed to protect the public were being used to attack the public, he said, as companies started turning over perfect records of private lives to institutions that couldn't be held accountable.
When governments and corporations start working together, Snowden said, there's a concentration of power that he describes as "the left and right hands of the same body." The result is a level of control and influence that raises questions about whether the benefit is worth the cost, he said.
"If you create an irresistible power, whether it is held by Facebook or any government, the question is, how will you police the expression of that power when it is used against the public rather than for it?"
Snowden also didn't have many positive words to share about the GDPR, the EU-wide data protection legislation introduced in May 2018. He called it a "paper tiger," for failing to pull in significant fines for data protection violations.
Critics would argue that there have been several notably large GDPR fines issued since the introduction of the legislation, including 50 million euros ($57 million) for Google, £99.2 million ($123.7 million) for Marriott and £183.4 million ($230 million) for British Airways.
But Snowden argued that the problem with the legislation is in its name. It shouldn't regulate data protection, he said, but data collection. "If we learned anything from 2013, it's that eventually, everything leaks," he said.
We have no choice but to trust companies with our data, but in an ideal world, we wouldn't have to, he said. He would like to see the basic systems of the internet redesigned so that we're required to share less data across the board and therefore aren't required to trust every system or company we cross paths with. "We are the only thing that can protect us," he said.