Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/12/2016
12:10 PM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Snowden May Help Explain Your Job To Your Family

Hacking Oliver Stone's new film about whistleblower Edward Snowden.

Snowden is not "Mr. Robot." The new Oliver Stone biopic about whistleblower Edward Snowden, which opens Friday, is not peppered with inside jokes and perfect technical accuracy that only hackers will get (although the terms "SQL injection" and "zero-day" are appropriately tossed off without explanation). Rather, it's the sort of movie infosec pros should bring their family, friends, and non-geek dates to -- all those people who don't understand what you do for a living.

The Snowden film showed to a packed room and an overflow room during a pre-screening Sunday at the Central Library in Brooklyn, just across the river from downtown Manhattan on the 15th anniversary of 9/11. The pre-screening was followed by a short Q&A with director Oliver Stone and Ben Wizner, Snowden's attorney and director of the ACLU's speech, privacy and technology project. 

The film also will hold interest for some people inside the industry. And for those who have been teetering on the fence for years about their feelings about Edward Snowden's actions, it may sway their opinions in his favor; he is very indelibly portrayed as the hero. It's also entertaining.

"I was worried the whole time that this thing was going to be a bore," said Stone during the Q&A. He noted that there are no car chases or shoot-outs in Snowden (although the beginning of the film does include some very Stonesque screaming drill sergeants and muddy soldiers straining over obstacles). 

Stone is clear that Snowden is neither a documentary nor a spy movie. "It's a drama," he said.

It's a character-driven piece. Joseph Gordon-Levitt in the title role admirably shows Snowden progress from someone who encourages his new girlfriend to question "the liberal media" and criticizes people peacefully protesting the government to someone holed up in a Hong Kong hotel room with reporters planning to reveal the information that would make him an enemy of the state.  

The film follows Snowden's progression up the ranks through the CIA, a shifting relationship with a CIA recruiter (hauntingly, subtly played by Rhys Ifans) who shifts from mentor to Big Brother, and a growing understanding of the extent of amount of data being collected. It shows how the stress put strain on his relationship with his girlfriend (Shailene Woodley) and contributed to him developing epilepsy. Stone said he believes that developing epilepsy may have played a role in Snowden's actions because it made him more aware of his mortality, even at a young age.   

Although Snowden isn't stuffed with lingo and inside jokes, infosec pros may find other things to identify with: the moment when Edward first decides to tape over his laptop webcam; and the struggle of trying to urge loved ones to improve their cybersecurity without being able to disclose all the confidential details of why.

For the infosec uninitiated, one of the most important and educational scenes is a sequence where Snowden explains work he was doing for the CIA in Japan. It explains how collecting surveillance targets' metadata can ultimately lead to collecting bartenders' conversations with their mothers. Snowden describes a system of US intelligence implanting malware on the critical infrastructure of its allies -- from Japan to Austria -- so that in case they are ever not allies, the US is prepared to shut them down at any time.

Stone said that of course this was the scene was was most urged to cut. However, he said that the scene shows the dangers the world is facing, and left it in.

Wizner asked the audience if it made them "connect with the subject matter more viscerally," to which many hearty "yesses" and nodding heads.

The performances are strong throughout, and while a cameo by Nicolas Cage is particularly humorous, the largest chuckle might have been after a clip of Director of National Intelligence James Clapper giving testimony that the NSA does not collect any type of data at all on millions or hundreds of millions of Americans.

This week alongside the release of the film, Wizner said there will be renewed efforts to secure a presidential pardon for Snowden. A petition is available at PardonSnowden.org. 

"I hope this film is going to do a lot of good for [Edward Snowden, too]," said Wizner. Snowden is currently residing in Moscow, and would be tried under the Espionage Act if he were to return to the US now. Wizner said that in his opinion when Snowden returns there should be "not a conversation about what his punishment should be, but a conversation about whether we've thanked him sufficiently." 

Related Content:

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/20/2016 | 11:58:14 AM
Re: Black tape.
@Whoopty: Precisely why so many security professionals are actively advising people now to write their passwords down...provided that:

1) They keep the password writings in a truly safe location (e.g., NOT on the computer monitor, NOT on their desk or in their top desk drawer, NOT in a notebook that's labelled "Password Minder" in big letters, etc.), and

2) They use long, truly entropy-filled (esp. computer-generated, for maximum randomization) passwords.

If your password is going to be "password123!" then there's little utility in writing it down (and if you make that your password and still can't remember, then maybe you should be grounded from using your devices).  But if writing your password down is what it's going to take to make you pick truly long and complex passwords that are full of entropy, then maybe that's what you should do.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
9/15/2016 | 7:42:16 AM
Re: Black tape.
Oh I know that headache. So often when I help fix someone's system it's because they did something dumb security wise. 

It's just not possible to take on everyone's security responsibilities though. I can't remember all of your passwords and mine!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/14/2016 | 1:26:02 PM
Re: Black tape.
I get poked fun at a lot for my secure approach to passwords.  (One person I know once changed a (low-risk/low-exposure, albeit) password of theirs to "QWERTY" for a time just to try to annoy me.)
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
9/13/2016 | 7:52:35 AM
Re: Black tape.
Totally agree. I have the same reaction with my giant passwords and consistent changing, their uniqueness. It's something most just don't put the effort into.

However I am interested to watch Snowden. I like Joseph Gordon Levitt a lot, so am interested to see how he plays the 'character.' 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/13/2016 | 5:08:17 AM
Black tape.
My own loved ones have called me crazy to tape over and block my webcams.  I've called them crazy not to.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/1/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19393
PUBLISHED: 2020-10-01
The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the c...
CVE-2020-16844
PUBLISHED: 2020-10-01
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy.
CVE-2020-24620
PUBLISHED: 2020-10-01
Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable Format.
CVE-2020-25017
PUBLISHED: 2020-10-01
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
CVE-2020-25018
PUBLISHED: 2020-10-01
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.