NSA Spying Hurts California's Business

mspohr points out an opinion piece from Joe Mathews that "makes the argument that California's economic life depends on global connections. 'Our leading industries — shipping, tourism, technology, and entertainment — could not survive, much less prosper, without the trust and goodwill of foreigners. We are home to two of the world's busiest container ports, and we are a leading exporter of engineering, architectural, design, financial, insurance, legal, and educational services. All of our signature companies — Apple, Google, Facebook, Oracle, Intel, Hewlett-Packard, Chevron, Disney — rely on sales and growth overseas. And our families and workplaces are full of foreigners; more than one in four of us were born abroad, and more than 50 countries have diaspora populations in California of more than 10,000.' It quotes John Dvorak: 'Our companies have billions and billions of dollars in overseas sales and none of the American companies can guarantee security from American spies. Does anyone but me think this is a problem for commerce?' It points out that: 'Asian governments and businesses are now moving their employees and systems off Google's Gmail and other U.S.-based systems, according to Asian news reports. German prosecutors are investigating some of the American surveillance. The issue is becoming a stumbling block in negotiations with the European Union over a new trade agreement. Technology experts are warning of a big loss of foreign business.' The article goes on to suggest that perhaps a California constitutional amendment confirming privacy rights might help (but would not guarantee a stop to Federal snooping)."

Can somebody please rein in California?

[lxs]

All this caring about what foreigners think sounds Unamerican to me.

Re:

[instagib]

All this caring about what foreigners think sounds Unamerican to me.

I agree, bring back Arnie!
Oh wait...

Re:

[Anonymous Coward]

I'd say otherwise. What brought us Apple, Google, Lycos, Yahoo, and even Sun seem to be gone. Companies that genuinely made new and useful things. They expanded the pie.

Instead, we have companies like Facebook which don't innovate, they just new ways of data mining, behavioral tracking, and ad-slinging. FB and such are not expanding any pie, they are just doing new ways to take chunks from other people.

It is shameful; no US school placed in the ACM's top 10 this year, while in the past, CA was always a

Not looking at the whole picture.

[ron_ivi]

California's also overlooking how much the NSA pays Facebook, Google, etc for that data.

I imagine it must be far more than the lost business.

Re:Can somebody please rein in California?

[RabidReindeer]

Well, there's also the other side. The spying gives you valuable information, that any good psychopath^Wbusiness man can use, to raise his profits.

"American" enough for you?

There are certain counter-intuitive practices that the USA was once known for holding as ideals. We didn't bribe or take bribes. We didn't torture or keep secret prisons. We didn't spy on our own people, interfere with their free travel, or otherwise indulge in the oppressive practices of countries we condemned.

We were never as good at holding these ideals as we deluded ourselves, but we did manage to put up a good front.

In the movies, the villains sneer at the good guys for being soft and impractical, and in the end, they lose. Movies are a bad model for real life, but it is true that if you demolish a reputation for square dealing just to be "practical", that there can be practical costs. And that a reputation once lost can be very hard to rebuild.

Re:

[Anonymous Coward]

Pro tip: Slashdot is a US based service.

Also, it's spelled "tyranny".

So Europeans don't spy?

[alen]

What does the dgse and other agencies do all day?
Xbox?

Re:

[mwissel]

What does the dgse and other agencies do all day?

Evaluate the data they receive from NSA.

Re:So Europeans don't spy?

[AHuxley]

Contain their own press, save or rig trade deals, hide or set up sex scandals, protect NATO com links, insider trading and contain any "public" outbreak of local crime. Help the USA and UK.

Re:So Europeans don't spy?

[Anonymous Coward]

Pointing out someone else also kills puppies is no basis for a defense for you killing puppies.

Killing puppies is a cost of business.

[Overzeetop]

That's not the point. If you are not going to transact business in a country specifically over the concern about your puppies being killed, you should be aware of which other countries kill puppies as a matter of routine governmental intelligence gathering. And by which others, I mean all of them. In fact, I would say that any country who doesn't kill puppies as part of their internal intelligence operations either has no significant stake in world affairs or is lying. Killing puppies is a fact of modern in

Re:

[Anonymous Coward]

Nonsense. There's a HUGE difference between being spied on by our own government which IS accountable to us, ultimately, and some foreign superpower that isn't. Sorry but that's the crux of it. We can do something about the first situation, democratically. What can we do about that bunch of evil sociopaths you voted in? Not a damn thing.

It's already happening. Watch your cloud providers collapse, and you brought it on yourselves. Well done (slow handclap).

Re:

[Kohath]

It's the "everybody does it" defense -- a favorite defense of those who are obviously guilty.

Re:

[instagib]

Nope. DOS games. Xbox might have a backdoor.

Re:

[Runaway1956]

Trust? WTF trusts us, anyway? Ignore everything and anything we may have done wrong prior to 9/11/01. Let's call that water under the bridge. WTF have we done SINCE 9/11/01 to earn or to bolster anyone trust in us? What has government done to earn the trust of US citizens, much less the trust of foreign citizens, corporations, or governments?

I'm having a very hard time seeing anything of the nature.

Re:

[Rob the Bold]

Congratulations for missing the point in the most American[tm] way possible. "No, look at them, then!"

Go ahead with your "it can't happen here" rant. Whatever helps you sleep at night. But don't say we didn't warn you.

So... SECURE THE TECH!

[Karmashock]

Seriously. We've been saying this for decades. Secure it.

Top to bottom encryption, compartmentalization, etc.

Make it so the NSA just can't tap your communication.

Re:So... SECURE THE TECH!

[Anonymous Coward]

Seriously. We've been saying this for decades. Secure it.

Top to bottom encryption, compartmentalization, etc.

Make it so the NSA just can't tap your communication.

Microsoft helped the NSA get around their encryption [guardian.co.uk]. Securing technology only works as long as the company securing it does so against everyone. How can you tell whether the company you're working with has a quiet deal with the government?

I know one response will be "open source!", but how many people actually go through OS code looking for hidden back doors? And it's not like we can all run our own infrastructure, you've got to trust someone at some point, and how can you tell whether or not they've got a quiet deal going on in the background?

Re:So... SECURE THE TECH!

[Runaway1956]

Well, at least with open source, I can decide whom I want to trust, if anyone. With Microsoft or Apple, what are your choices? The various officers of either company can make statements that "You can trust us!" but there isn't a snowball's chance in hell that ANYONE can inspect the code to find those back doors.

I'm far less than competent at reading code, but I can actually step through some of it, with open source. I can do it openly, without fear of someone finding out that I "hacked" the code. I can look at it all day. If I find something that I don't like, I can contact someone - anyone - to find out what it is. My buddy, down the street, who is a little more competent than I am. People on a support forum, some of whom are actually competent. The developers themselves, if I think I've really got something.

Try that with Microsoft or Apple. You might want to consult with a good lawyer before doing so.

Re:

[flyingfsck]

We need a commercial version of a Class I Crypto and partitioned systems. Basically, private industry need to start doing the same things that the military IT services have been doing for the past 50 years. The so called 'firewall' concept needs to be strengthened to form a really secure barrier.

Re:

[spacepimp]

If you think a private crypto company is going to be safe/reliable then you have missed the point entirely. You can't trust the software if you can;t see the code. Period. It has been shown time and again when standards are ratified that the NSA had been poking their heads about to ffer suggestions to design.

Re:

[AHuxley]

You would have to go for an air gap.
With trade deals US cloud providers start to whine and put pressure on the US gov.
The result is demands from the US gov like this:
http://www.smh.com.au/national/public-service/trade-war-up-in-the-clouds-20120529-1zhpg.html [smh.com.au]
"‘Concerns that laws such as the Patriot Act offer the US government carte blanche to obtain private data from US providers are misplaced"
We should have listened to our own experts and air gapped much more :)

Re:So... SECURE THE TECH!

[Karmashock]

Air gapping isn't good enough because that only concerns hacking.

What about intentional collusion between your service provider and a third party? THAT is at least half the problem.

Many companies do have good security that would give the NSA a hard time. BUT all the NSA has to do is make a phone call and the company just hands over the data.

That is unacceptable. As a result, systems need to be set up in such a way that information is decentralized thus making it harder for any one source to compromise you entirely. And the information must be encrypted using private encryption keys that the company doesn't have access to... That is, they store and transfer your data but they don't decrypt it. It decrypts and is encrypted on your systems.

Its really all about control and "what is possible"... To make ourselves secure, we need to make it more and more impossible to get data. Make it theoretically unlikely or literally impossible for them to breach your data without basically blackjacking you and then water boarding the information out of you.

There are systems that cannot be breached. They are generally very inefficient but we have processing power, storage, and bandwidth to spare. Especially concerning high security data we can afford to make our systems literally unhackable.

Re:

[Runaway1956]

A proper air gap, in which your own data is stored on your own servers, and only accessed under rigorous guidelines, wouldn't be crossing your ISP's infrastructure. Therefore - the ISP can't hand it over to the government. No one can reach what is inaccessible from the internet, unless then come in to your place of business, to gain physical access to your servers. That might be done with a secret warrant from a secret court - but the moment they come through your doors, it's no longer very secret. You

Re:

[Runaway1956]

"American envoys are now pressing the Australian government to alter its official guidelines on data security."

Don't do it. It's a trap, plain and simple. "Come into my parlor, said the spider to the fly."

Re:

[gl4ss]

but if it's done in america you can't trust the compartmentalization. maybe through open source, but even then it's a bit iffy.
you see, the problem is that you can't trust that the american offices weren't visited by men in black.

Re:So... SECURE THE TECH!

[Karmashock]

The point is not for any one thing to make you 100 percent bullet proof.

The point is to make getting your data without your approval annoying, inefficient, and incomplete.

When we over centralize and give our hosting companies total access to our data then there is only one place the "men in black" need to go to get everything. They don't need to force hack anything because the company will just give up the security keys.

Break things up while avoiding big companies that it becomes unlikely that your host will have any "deal" with the NSA or FBI.

Furthermore, no reason for the host to even be able to give the NSA what they want. Use them to HOST your data... not manage its encryption.

There are methods of encryption that can't be breached or are so difficult to breach that they'll be secure for generations. That's good enough. When the NSA wants your data they're going to have a very short attention span about it. Tell them it will take 10 years of super computer time to break something and they'll opt for plan B... which might be actually sending you a court summons or something.

Point being... we're making it too easy for the NSA by over centralizing and placing too much trust in our hosts. Reverse that policy and the NSA will find very little they can exploit.

Re:

[ewieling]

I thought plan B was for them to hit you with a $2 wrench until you tell them your encryption key?

Re:

[Thud457]

This is the U. S. gubbamint we're talking about, that wrench isn't going to be a mere $2.

Re:So... SECURE THE TECH!

[L4t3r4lu5]

Point me to a secure and easy to use for the regular user system, and I'm all for implementing it.

Currently, what we have is PGP. This is great for people who know what the terms X.509, 2048bit RSA, and certificate revocation list mean and why these things are important. However, it doesn't help Bob in Accounting get his TPS report to Simon in Management very quickly. It's awkward and it's cumbersome for anyone who doesn't have quite an in-depth knowledge of the technologies involved.

Re:

[chihowa]

In the case of corporate infrastructure, like you describe, it's much easier. If you have knowledgeable people designing and running the system, you can make it quite easy for the end users. It's easier to justify the expense and hassle of crypto dongles (or smartcards) to take key management away from the users. You can set policies on the systems to force the use of encryption.

It gets hard when you start dealing with random people, your grandparents, and friends. They can't keep their computers free of ma

Re:

[lgw]

The fundamental problem for home use is: only the web mail provider can easily do this. Almost nothing would be gained here if Gmail et al encrypted emails in flight for you. If the endpoint in compromised, in-flight security is pointless.

So what can you do? Normal people don't run a program to do email any more, and they expect to be able to read their mail from any device with web access.

Re:

[sFurbo]

That is what they are doing. One step in securing the tech is to limit the number of back doors. Apparently, the best way to do this presently is to have as little US tech involved as possible.

Re:

[synapse7]

Beyond top to bottom encryption, know who has access to your keys.

Re:

[kav2k]

So is importing, in some countries.

Re:

[TheRaven64]

Exporting encryption has not been illegal in the USA for some time. Certain forms of encryption, however, are still illegal to export to countries under arms embargoes.

What're you gonna do?

[Anonymous Coward]

Seccede from the union? Then you're just as much a furriner to the NSA as the rest of the world. And thus fair game to spying operations that have gotten a little out of hand. To the point that you can no longer say "don't do that" to the people doing it. It is so much out of control that you have to shut down the machine entirely and scap it. And please don't rebuild it, not even from scratch.

This also shows how utterly provincial the USoA really is. It takes an outlier like California to look outside the borders with anything but thinly-veiled suspicion. And that also means that the USoA is not really fit for playing the world's neighbourhood cop, since that is a position of trust, not power. It doesn't surprise, then, that there's quite a difference between how the rest of the world sees what it's done and the stellar job it itself thinks it has done.

Re:What're you gonna do?

[lxs]

Ah, the ancient sport of looking down on Americans as uncultured slobs.

I wouldn't call it a sport. Sports require skill.

Are you surprised?

[gstoddart]

If you demonstrate that your industry is an arm of state surveillance, why would you be surprised that when this is revealed people stop trusting you?

Every other country in the world now more or less has to assume that these American companies can (and will) provide their data for US national intelligence -- at which point the logical choice is to stop using those US companies.

Much like if companies from another country were found to be enabling widespread spying on US citizens, there would be outcry in the US and backlash.

I don't see why anybody should be surprised that if you undermine trust, there will be consequences.

Some of these companies were already very casual with what they were collecting (eg Google and the wifi passwords when doing Street View). If they were likely handing this kind of stuff over to the US government, even less so.

Once damaged, trust is a very difficult thing to get back. If Google and everyone else though they were under scrutiny for their privacy policies before, then they should really expect a lot more of it.

Re:

[BSAtHome]

It is called "blowback". No surprise there.

Re:

[drinkypoo]

If you demonstrate that your industry is an arm of state surveillance, why would you be surprised that when this is revealed people stop trusting you?

No one is surprised, and suggesting otherwise is disingenuous douchebaggery. Just as when a slashdot headline is a question the answer is no, so too is the answer no when a comment title asks one.

I don't see why anybody should be surprised that if you undermine trust, there will be consequences.

I can't even figure out on what specious basis you're claiming that people are surprised.

Re:Are you surprised?

[gstoddart]

I can't even figure out on what specious basis you're claiming that people are surprised.

The entire tone of TFA is one of "what happens now". It's full of things like:

Will tourists balk at visiting us because they fear U.S. monitoring? Will overseas business owners think twice about trading with us because they fear that their communications might be intercepted and used for commercial gain by American competitors? Most chilling of all: Will foreigners stop using the products and services of California technology and media companies â" Facebook, Google, Skype, and Apple among them â" that have been accomplices (they say unwillingly) to the federal surveillance?

I'm not saying nobody didn't see this as a possible outcome -- but it certainly reads like now that people are realizing the potential scope of the impact they're wondering what they can do to mitigate it.

Even before this was revealed many people were already saying that, due to the PATRIOT Act, you shouldn't be trusting these companies with your data. Now it's been confirmed. US based cloud services might suddenly find a lot of doors closed to them -- it's not a surprise in the "wow, who saw that coming?" send, but people are acting like the "what next" part is coming as a surprise.

Hell, I'd go so far as to say that a lot of these companies should have been saying to themselves "if this ever gets out, there is a real chance of business risk". Now that it has, there is. If they didn't have a plan in place for what to do, then that's their problem.

Re:

[drinkypoo]

I'm not saying nobody didn't see this as a possible outcome -- but it certainly reads like now that people are realizing the potential scope of the impact they're wondering what they can do to mitigate it.

The truth, though, is that now that the scope of the impact has been publicized, corporations who already knew that data they shared with U.S. corporations was being Hoovered into the government's databases are now having to deal with the backlash from their customers.

Hell, I'd go so far as to say that a lot of these companies should have been saying to themselves "if this ever gets out, there is a real chance of business risk". Now that it has, there is. If they didn't have a plan in place for what to do, then that's their problem.

Exactamente.

Monday

[coofercat]

It's a Monday, and /. is stating the bleedin' obvious.

What's less obvious is how much NSA snooping hurts US companies. I doubt it's nearly enough to be able to call it a justification for dismantling the infrastructure.

Re:

[AHuxley]

Re So you're saying the entire American business is based on fraud?
More that any global crypto standard is cleared by the NSA. More that any local crypto standard is questioned by the US until US firms can get total access.
US diplomats, students (PhD swaps), private sector just offer the same message of quality, many eyes, US court protections and freedoms until American business gains what the NSA needs.

Re:Monday

[kilfarsnar]

On the other hand, the snooping causes American businesses.

So you're saying the entire American business is based on fraud?

No, just Wall Street.

Anti-terrorism is an excuse

[brxndxn]

Anti-terrorism is the excuse for spying. Business is the real purpose. When the countries we spy on the most can be ranked in terms of size of economy, there is no fucking way the government can keep claiming that the purpose for these spying programs is anything other than to keep the powerful people powerful.

For example, revelations were made that we target Germany for spying. It only makes sense if you look at the size of the economies. http://www.spiegel.de/international/germany/nsa-spies-on-500-million-german-data-connections-a-908648.html [spiegel.de]

Yes, NSA spying will hurt California's business.. and it should. Instead of giving in to the secret government's secret demands, Google, Microsoft, Apple, and everyone else should be fighting these anti-democratic efforts tooth and nail.

Re:

[drinkypoo]

Yes, NSA spying will hurt California's business.. and it should. Instead of giving in to the secret government's secret demands, Google, Microsoft, Apple, and everyone else should be fighting these anti-democratic efforts tooth and nail.

It's too late. IBM and Microsoft have both been in bed with government since time was time, for them anyway. Social networks and other data aggregators are also obvious allies; the aggregators can't even do what they do without government complicity.

Re:

[jbmartin6]

I didn't see any indication that Germany was targeted more than say, France or Brazil, which tends to disprove your assertion. i.e. I didn't see a scale where amount of spying correlated to size of economy.

Re:

[timeOday]

I don't entirely disagree with you, however several of the 911 hijackers, called the Hamburg Cell [wikipedia.org], did live in Germany prior the attack. This cell included 2 of the pilots, as well as ringleader Mohamed Atta.

As to this story, in the end there is no way to entirely eliminate geopolitics from globalization. But it is a matter of degree and I agree it has got out of hand in the wake of 911, although I am really only upset about the domestic side of it.

Don't complain

[Cynops]

German citizen here, and one working it IT Security for almost two decades now. I have been advocating the use of strong encryption and keeping the crown jewels "in the house" to my employers and customers all the time, but managers would often not listen in order to save the odd buck on the next outsourcing deal.

By launching and funding the spy programmes the US government has willingly accepted possibly detrimental effects on the economy.

In my opinion it serves the US companies right that finally the time has come that companies and people all over the world actually start looking at whom they make business with. The USA have decided to spy on every single person on this planet - OK, but now don't complain that this hurts your economy. If US companies don't like what's happening then they should complain to your government and make them change things.

A lot of trust has been destroyed, and it will take the US economy some effort to regain it. Work hard, and maybe some day in the future I will no longer advise my customers and friends to avoid US services.

Re:

[flyingfsck]

Well, I advise my customers to avoid all foreign services, not just the USA. Whenever you send an email, it is backed up in at least 5 countries.

What about american stock holders?

[Marrow]

We repeatedly hear that NSA is spying for industrial reasons. To give advantage to American companies. But the NYSE is full of foreign companies that are traded here. And those companies are in complex derivative markets. And the retirement portfolios of Americans. If its an truly international market now, but American companies are benefiting from the spying, then Americans are being hurt. Perhaps the difference is that foreign companies cannot contribute to politicians and political parties. Maybe that is the difference.

Not a bit

[PopeRatzo]

There's not going to be any problem with anyone hosting anything in the US. What do you think all these lovely "trade agreements" are about?

The NSA will promise to "partner" with friendly foreign intelligence services and it will all be one big happy family except daddy has his hand under your skirt.

I guess the best we can hope for now is that there are some more brave whistleblowers out there who will risk their lives to keep this story front and center. And if that fails, the best we can hope for is tha

I have bad news for non USians

[Overzeetop]

Are you considering not dealing with the US over concern that the NSA is spying on your communications which pass through the US? I ask because the CIA are spying on pretty much every one else internationally. Oh, and should you feel that other countries are *not* spying on your communications...well, that's the kind of naivete they're counting on so that they can expect that you won't be moving to any annoying end-to-end communication encryption any time soon.

Have a great day!

Not just "California" but all of US business

[erroneus]

I have been saying this since the Snowden releases -- because all of US products compromised by the NSA/CIA/FBI and used as spy devices, people will change the way they feel about US products and services INCLUDING communications.

I would find it not hard to imagine that other nations would begin setting up additional/supplemental communications links across the world to avoid passing through US controlled circuits. It simply makes sense to route around the damage. And F/OSS is also looking REALLY attracti

A-FUCKING-MEN

[korbulon]

This reminds of how they got Capone on income-tax evasion: it wasn't his (allegedly) serious and morally reprehensible crimes which did him in the end. Likewise, the overreach (such an understatement) of the NSA and "justice" department is now having serious consequences, not just the ones you would expect (e.g,. widespread moral outrage, constitutional crisis, shutting down and arrests). Things will change because of money, not moral outrage.

simple solution

[odigity]

Secede. Get rid of the federal beast sucking at your throat while simulatenously choking it.

It'll make it easier for the rest of us to do the same, and then maybe we can finally know some peace.

Re:

[psydeshow]

+1 - unlike most states, California could actually pull secession off. Big population, lots of industry, geographically diverse and geographically isolated. Great trade connections. Plus most of the rest of the US wishes they'd fall off the edge of the continent already.

Good luck getting much water out of the Colorado river post secession, but that's been drying up anyway.

If California were to secede, I would move back in a heartbeat.

Doubt it.

[Bill_the_Engineer]

California's high cost of living, taxes, urban sprawl, over regulation, and bankrupt state budget is more a risk to California's business than some speculated blowback from NSA revelations.

Tip of the iceberg

[gmuslera]

California tech industry is a lot about intellectual property.What if the world decide to dismiss US intellectual property because US dismissed the intellectual property of just everyone else?

European view

[TheSync]

I was recently at an IT conference in Geneva.

A speaker from a large company there warned those attending (mainly from Europe) to avoid US cloud companies because of NSA spying. Not just US-based servers, but also any company with SUPPORT STAFF located in the US as well, even if the servers are located outside of the US.

Reason 1 is the risk of private company information flowing to competitors through the NSA either officially or through corruption.

Reason 2 is the legal risk of falling afoul of EU privacy laws by hosting in the US or with US support staff.

That's the report from Europe folks. You can call it FUD, but it is there nonetheless.

Re:

[Ash Vince]

less foreigners == more american STEMs getting hired?

Or the work just gets done overseas. It is probably roughly 50 / 50.

Re:

[Anonymous Coward]

less foreigners == more american STEMs getting hired?

Or the work just gets done overseas. It is probably roughly 50 / 50.

Where it still gets spied on.

Re:So this means more jobs for American STEMs?

[rtfa-troll]

less foreigners == more american STEMs getting hired?

Or the work just gets done overseas. It is probably roughly 50 / 50.

Unlikely. Trade has to be a huge net benefit otherwise it doesn't get done because the companies that are involved in it have to cover huge costs (transport; multinational lawyers; dealing with multiple regulations; insurance; security people; translations; business travel for sales; moving support people etc.). From the point of view of the place that it's done in, all those costs are employed people.

Furthermore, one country trades with many. Thus, for California which is effectively a trade hub, especially for IT services, the benefit is disproportionate.

In any case, this is unlikely in any way to influence the influx of poorer than you Indian workers coming for money. It's rather going to influence richer than you German and Swiss companies trying to buy things off you. When the company heads know that their customers might be spied on then they are breaking the law by outsourcing to the US. They may end up in jail and they have to move their work away from the US.

Difficult case in my view. The US approach that you shouldn't let your data be gathered, but once it is you have no control is not working. The European approach that the data should be under full control of the person who owns it clearly doesn't work properly for secret services. No idea how you restore trust now.

Re:So this means more jobs for American STEMs?

[Trepidity]

This is talking about less foreign business for U.S.-based companies, e.g. European companies getting wary of hosting their stuff on a U.S.-based cloud provider. It is not discussing immigration, which doesn't have much to do with the NSA.

Less foreign business for U.S.-based companies would probably not increase the number of U.S.-based engineering jobs.

Re:So this means more jobs for American STEMs?

[gstoddart]

e.g. European companies getting wary of hosting their stuff on a U.S.-based cloud provider.

Which, sadly, is something people have already been warning about for some time.

That the PATRIOT act allowed the US to force US based companies to provide them this data has been known for some time. Many governments have policies which say you can't put anything into the cloud because it has a good chance of hitting a US controlled server and you would potentially have them accessing it.

Ever before this revelation came out, many people were pointing out that this was a very real possibility and likely already happening.

Now that it's been confirmed, people are suddenly realizing just how bad an idea it always was. But people have been identifying this as a risk for some time now.

This is a self inflicted injury.

Re:So this means more jobs for American STEMs?

[flyingfsck]

Yah, the problem has always been with the bean counters who don't understand technology and who are all gung ho about the cloudy thing in order to save a few pennies. Now at least, one can point out the potential cost of all the law suits and lost business due to the loose control over information as a countering force.

Re:

[gstoddart]

Anyone with 1/16th of a brain knows not to store locally important data on another continent.

And yet, people have been doing it.

NSA fears are just an excuse the sysadmins can use to convince their bosses to make the right decision.

Well, then sadly the people who have been making the business decisions do not have that 1/16th of a brain required to see the risks inherent in these services -- or they were so focused on short-term savings they stopped looking at the risks.

It's been known for years that this wa

Re:

[gl4ss]

less foreigners == more american STEMs getting hired?

yeah, more jobs picking apples and manufacturing produce which isn't high tech(provided you don't start poisoning it too).

Re:So this means more jobs for American STEMs?

[sabri]

yeah... he mistrust only really impacts foreign countries buying our products and services. Individual foreigners and companies will likely still happily take our money to sell us products and services.

Exactly. Remember the hype surrounding US companies buying Huawei equipment because of spy concerns? It seems to me that the roles are reversed now... The Chinese government has an excellent argument to ban US manufactured equipment from their networks and country.

Re:Reason for secrecy

[ameen.ross]

That's the exact same reason why a murderer should be sure to always safely dispose of the victim's body, clean up traces and never speak to anyone about the crime. Confessing it will never do him any good...

Re:

[evilviper]

dispose of the victim's body, clean up traces and never speak to anyone about the crime. Confessing it will never do him any good...

Han Reiser might disagree.

Re:

[flyingfsck]

Actually, he might agree. He had a sure thing going until he suffered a mental break down and confessed.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Reason for secrecy

[Runaway1956]

Exactly the opposite. This is why it was necessary that the programs never be started. I don't care if you're a private citizen, a church, a corporation, or a government. If you're committing acts that have to be kept SECRET, then you're doing something wrong. No, we don't need lurid details of your sex life behind closed doors - but yeah, we figure you're banging each other at night, Mr. and Mrs. Private citizen. No, we don't need to examine your church doctrine, we don't much care - but if you're having initiation orgies and human sacrifices that you are keeping secret, then it's WRONG. Businesses can have trade secrets of course, but deliveries, shipments, and financial transactions should be an open book for auditors. And, government. Yeah, we know you spy. It's cool, up to a point. But if you're a paranoid bunch of assholes who need to keep track of everyone and everything that happens - it's time for you to take a hike. We need a new government. It's really that simple. Remember - you work for us, not the other way around.

Re:Reason for secrecy

[Kohath]

I don't care if you're a private citizen, a church, a corporation, or a government. If you're committing acts that have to be kept SECRET, then you're doing something wrong.

This sounds exactly like "if you don't have anything to hide, you don't have anything to worry about from the NSA spying".

Re:

[parkinglot777]

It may be true. However, it is useless to talk about what if because it's been done and cannot be undone. No good to keep talking about this. What should be talking about is how to deal with it and how to recover from the damage.

Re:

[flyingfsck]

Of course it can be undone - shut the spy operation down and throw the servers into the sea.

Re:

[parkinglot777]

That is not UNDONE, that is an attempt to recover. You can NOT erase everyone from knowing that there is/was the operation (unless you have a way to completely erase people's memory).

Re:Reason for secrecy

[cffrost]

This is why it was necessary to keep the programs secret and why the leaks didn't do any good.

First of all, you had good reason to post anonymously: you should be ashamed of yourself. Secondly, your comment brings two quotes to mind:

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." — Eric Schmidt

"Security through obscurity is no security at all." — Bruce Schneier

That the revelation of these expensive, ineffectual, unethical, and unconstitutional programs may have harmful repercussions for national security and the economy is not (in my opinion) a good argument for secrecy, but an excellent argument for not starting such programs, shutting the existing ones down, and not starting similar ones in the future.

Re:

[init100]

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." — Eric Schmidt

That quote (or a variant thereof) is actually often used to defend government surveillance. It's a version of the "if you've got nothing to hide, you have no reason to oppose government surveillance" argument.

Re:

[meza]

Which is exactly why it was the perfect quote for this occation! Same words, even same meaning, yet suddenly almost opposite meaning. Loved it.

Re:

[Kazoo the Clown]

If you think you have nothing to hide from the government, maybe you should consider that some 250 people have so far been let off death row due to DNA testing which finally overturned their conviction-- presumably many of these were simply in the wrong place at the wrong time and/or pursued by an over-zealous prosecutor. Now imagine an over-zealous prosecutor with the ability to cherry-pick any bit of information he might want about you-- who you've called, where you've been, any email you've ever writte

Re:

[liamevo]

Would you like to explain what you mean, or do you just want to post bumper sticker-esque nonsense?

Re:They voted for it

[asylumx]

Oh, I see what you're doing. You're insinuating that this is all Obama's doing, as if this hasn't been the Government trend for many decades. It's funny that they've got you believing this is a difference between political parties.

Re:

[SecurityTheatre]

Big, yet transparent government is different than big and shadily opaque.

Re:They voted for it

[cffrost]

Californians voted for bigger, more intrusive government. They got it. They should accept the consequences.

Just California? Neither Gary Johnson nor Jill Stein won any states.

Re:They voted for it

[kilfarsnar]

Californians voted for bigger, more intrusive government. They got it. They should accept the consequences.

Right, because all government action is the same. If you vote for tighter pollution controls, you should expect to have your communications recorded.

Re:

[Kohath]

You keep giving them more and more power. And you keep being surprised when that power is used against you.

Re:Snitches are bitches

[Anonymous Coward]

If America is losing business, blame your culture of coddling attention-seeking little bitches like Snowden.

Because heaven forbid you blame it on your sense of entitlement to spy on everybody.

Sorry, but if you think this is entirely the fault of people who pointed out that the US does this, you've lost the plot.

If ever that had come to light, the response would have been the same.

Now that it's been demonstrated that American industry are government lapdogs who will roll over at the first sign from their masters, of course people are going to cut and run and stop trusting them. They're no less trustworthy now than a few weeks ago -- it's just that now we know you can't trust them and haven't been able to for some time.

Fuck your business and your shareholder value. You made this mess, not us.

Re:

[AHuxley]

Did "Snowden" make so many trusted US 'brands' hand over their crypto? They seem to do that as part of some "everyday" commercial event as hardware and software upgrades.
Not a word from their legal teams, no CEO in court talking of your right to privacy.
How could any agency spy "far greater extent than the US"? The Soviets had orbital options and needed to move huge spy ships around for limited regional efforts, the UK had cash flow problems and has to use US computers/software...the French seem to focu

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cffrost]

Snowden: I never gave any information to Chinese or Russian governments [2013-07-10] [guardian.co.uk]

Re:

[kilfarsnar]

And WHO, might I asked, tipped off these "Asian governments and businesses"?

If America is losing business, blame your culture of coddling attention-seeking little bitches like Snowden.

Is this real life?

Re:Just California?

[TWiTfan]

I remember telling a friend on 9-11 that we would do way more damage to OURSELVES with our response to 9-11 than 9-11 or any other terrorist attack would ever do directly. That's the whole point of terrorism, really. The amount of lives we've lost (and took) since, the economic damage we've done, the national debt we've incurred, the international goodwill we've squandered--they all make the actual damage done by direct terrorist attacks pale in comparison.

And I was hardly alone in seeing this coming. But the U.S. government still played out the script almost exactly as expected, right down to the internment camps, the curtailing of civil liberties, the assassinations, the spying, etc. It's like a historical play that we NEVER LEARN FROM.

Re:

[AHuxley]

http://arstechnica.com/tech-policy/2013/07/nsa-taps-skype-chats-newly-published-snowden-leaks-confirm/ [arstechnica.com]

Re:

[flyingfsck]

Skype was quite secure, until Microsoft bought it for the NSA.

Re:

[erroneus]

Quite true in that law is only effective when it is followed and enforced. If people aren't RIOTING about the law makers and law enforcement offices of the nation not following the laws and the judicial not enforcing them, then it just shows that people seriously lack comprehension of just how bad things really are.

Re:

[AHuxley]

Russia had some interesting crypto insights to offer.
The UK gov broke Soviet embassy codes early on but leaked coded Soviet efforts to their politicians and thus the press...
They ran so many agents that one time pads failed due to re use.
http://en.wikipedia.org/wiki/Venona_project [wikipedia.org]
Russia knew the West had subs, aircraft, tunnels and many other efforts all around their boarders/ under a few embassies. By the 1950's Soviet spies noted code use was not good and the Soviets stopped all chatter and went t