NSA Spying Hurts California's Business 277
mspohr points out an opinion piece from Joe Mathews that "makes the argument that California's economic life depends on global connections. 'Our leading industries — shipping, tourism, technology, and entertainment — could not survive, much less prosper, without the trust and goodwill of foreigners. We are home to two of the world's busiest container ports, and we are a leading exporter of engineering, architectural, design, financial, insurance, legal, and educational services. All of our signature companies — Apple, Google, Facebook, Oracle, Intel, Hewlett-Packard, Chevron, Disney — rely on sales and growth overseas. And our families and workplaces are full of foreigners; more than one in four of us were born abroad, and more than 50 countries have diaspora populations in California of more than 10,000.' It quotes John Dvorak: 'Our companies have billions and billions of dollars in overseas sales and none of the American companies can guarantee security from American spies. Does anyone but me think this is a problem for commerce?' It points out that: 'Asian governments and businesses are now moving their employees and systems off Google's Gmail and other U.S.-based systems, according to Asian news reports. German prosecutors are investigating some of the American surveillance. The issue is becoming a stumbling block in negotiations with the European Union over a new trade agreement. Technology experts are warning of a big loss of foreign business.' The article goes on to suggest that perhaps a California constitutional amendment confirming privacy rights might help (but would not guarantee a stop to Federal snooping)."
So Europeans don't spy? (Score:3, Insightful)
What does the dgse and other agencies do all day?
Xbox?
So... SECURE THE TECH! (Score:5, Insightful)
Seriously. We've been saying this for decades. Secure it.
Top to bottom encryption, compartmentalization, etc.
Make it so the NSA just can't tap your communication.
Re:So Europeans don't spy? (Score:5, Insightful)
Re:So this means more jobs for American STEMs? (Score:5, Insightful)
This is talking about less foreign business for U.S.-based companies, e.g. European companies getting wary of hosting their stuff on a U.S.-based cloud provider. It is not discussing immigration, which doesn't have much to do with the NSA.
Less foreign business for U.S.-based companies would probably not increase the number of U.S.-based engineering jobs.
Are you surprised? (Score:5, Insightful)
If you demonstrate that your industry is an arm of state surveillance, why would you be surprised that when this is revealed people stop trusting you?
Every other country in the world now more or less has to assume that these American companies can (and will) provide their data for US national intelligence -- at which point the logical choice is to stop using those US companies.
Much like if companies from another country were found to be enabling widespread spying on US citizens, there would be outcry in the US and backlash.
I don't see why anybody should be surprised that if you undermine trust, there will be consequences.
Some of these companies were already very casual with what they were collecting (eg Google and the wifi passwords when doing Street View). If they were likely handing this kind of stuff over to the US government, even less so.
Once damaged, trust is a very difficult thing to get back. If Google and everyone else though they were under scrutiny for their privacy policies before, then they should really expect a lot more of it.
Re:So... SECURE THE TECH! (Score:5, Insightful)
Seriously. We've been saying this for decades. Secure it.
Top to bottom encryption, compartmentalization, etc.
Make it so the NSA just can't tap your communication.
Microsoft helped the NSA get around their encryption [guardian.co.uk]. Securing technology only works as long as the company securing it does so against everyone. How can you tell whether the company you're working with has a quiet deal with the government?
I know one response will be "open source!", but how many people actually go through OS code looking for hidden back doors? And it's not like we can all run our own infrastructure, you've got to trust someone at some point, and how can you tell whether or not they've got a quiet deal going on in the background?
Anti-terrorism is an excuse (Score:5, Insightful)
Anti-terrorism is the excuse for spying. Business is the real purpose. When the countries we spy on the most can be ranked in terms of size of economy, there is no fucking way the government can keep claiming that the purpose for these spying programs is anything other than to keep the powerful people powerful.
For example, revelations were made that we target Germany for spying. It only makes sense if you look at the size of the economies. http://www.spiegel.de/international/germany/nsa-spies-on-500-million-german-data-connections-a-908648.html [spiegel.de]
Yes, NSA spying will hurt California's business.. and it should. Instead of giving in to the secret government's secret demands, Google, Microsoft, Apple, and everyone else should be fighting these anti-democratic efforts tooth and nail.
Re:They voted for it (Score:4, Insightful)
Re:Snitches are bitches (Score:5, Insightful)
Because heaven forbid you blame it on your sense of entitlement to spy on everybody.
Sorry, but if you think this is entirely the fault of people who pointed out that the US does this, you've lost the plot.
If ever that had come to light, the response would have been the same.
Now that it's been demonstrated that American industry are government lapdogs who will roll over at the first sign from their masters, of course people are going to cut and run and stop trusting them. They're no less trustworthy now than a few weeks ago -- it's just that now we know you can't trust them and haven't been able to for some time.
Fuck your business and your shareholder value. You made this mess, not us.
Re:Just California? (Score:5, Insightful)
I remember telling a friend on 9-11 that we would do way more damage to OURSELVES with our response to 9-11 than 9-11 or any other terrorist attack would ever do directly. That's the whole point of terrorism, really. The amount of lives we've lost (and took) since, the economic damage we've done, the national debt we've incurred, the international goodwill we've squandered--they all make the actual damage done by direct terrorist attacks pale in comparison.
And I was hardly alone in seeing this coming. But the U.S. government still played out the script almost exactly as expected, right down to the internment camps, the curtailing of civil liberties, the assassinations, the spying, etc. It's like a historical play that we NEVER LEARN FROM.
Re:So... SECURE THE TECH! (Score:4, Insightful)
Air gapping isn't good enough because that only concerns hacking.
What about intentional collusion between your service provider and a third party? THAT is at least half the problem.
Many companies do have good security that would give the NSA a hard time. BUT all the NSA has to do is make a phone call and the company just hands over the data.
That is unacceptable. As a result, systems need to be set up in such a way that information is decentralized thus making it harder for any one source to compromise you entirely. And the information must be encrypted using private encryption keys that the company doesn't have access to... That is, they store and transfer your data but they don't decrypt it. It decrypts and is encrypted on your systems.
Its really all about control and "what is possible"... To make ourselves secure, we need to make it more and more impossible to get data. Make it theoretically unlikely or literally impossible for them to breach your data without basically blackjacking you and then water boarding the information out of you.
There are systems that cannot be breached. They are generally very inefficient but we have processing power, storage, and bandwidth to spare. Especially concerning high security data we can afford to make our systems literally unhackable.
Re:So... SECURE THE TECH! (Score:4, Insightful)
The point is not for any one thing to make you 100 percent bullet proof.
The point is to make getting your data without your approval annoying, inefficient, and incomplete.
When we over centralize and give our hosting companies total access to our data then there is only one place the "men in black" need to go to get everything. They don't need to force hack anything because the company will just give up the security keys.
Break things up while avoiding big companies that it becomes unlikely that your host will have any "deal" with the NSA or FBI.
Furthermore, no reason for the host to even be able to give the NSA what they want. Use them to HOST your data... not manage its encryption.
There are methods of encryption that can't be breached or are so difficult to breach that they'll be secure for generations. That's good enough. When the NSA wants your data they're going to have a very short attention span about it. Tell them it will take 10 years of super computer time to break something and they'll opt for plan B... which might be actually sending you a court summons or something.
Point being... we're making it too easy for the NSA by over centralizing and placing too much trust in our hosts. Reverse that policy and the NSA will find very little they can exploit.
Re:Reason for secrecy (Score:4, Insightful)
Exactly the opposite. This is why it was necessary that the programs never be started. I don't care if you're a private citizen, a church, a corporation, or a government. If you're committing acts that have to be kept SECRET, then you're doing something wrong. No, we don't need lurid details of your sex life behind closed doors - but yeah, we figure you're banging each other at night, Mr. and Mrs. Private citizen. No, we don't need to examine your church doctrine, we don't much care - but if you're having initiation orgies and human sacrifices that you are keeping secret, then it's WRONG. Businesses can have trade secrets of course, but deliveries, shipments, and financial transactions should be an open book for auditors. And, government. Yeah, we know you spy. It's cool, up to a point. But if you're a paranoid bunch of assholes who need to keep track of everyone and everything that happens - it's time for you to take a hike. We need a new government. It's really that simple. Remember - you work for us, not the other way around.
Re:So... SECURE THE TECH! (Score:4, Insightful)
Currently, what we have is PGP. This is great for people who know what the terms X.509, 2048bit RSA, and certificate revocation list mean and why these things are important. However, it doesn't help Bob in Accounting get his TPS report to Simon in Management very quickly. It's awkward and it's cumbersome for anyone who doesn't have quite an in-depth knowledge of the technologies involved.
Re:Are you surprised? (Score:5, Insightful)
The entire tone of TFA is one of "what happens now". It's full of things like:
I'm not saying nobody didn't see this as a possible outcome -- but it certainly reads like now that people are realizing the potential scope of the impact they're wondering what they can do to mitigate it.
Even before this was revealed many people were already saying that, due to the PATRIOT Act, you shouldn't be trusting these companies with your data. Now it's been confirmed. US based cloud services might suddenly find a lot of doors closed to them -- it's not a surprise in the "wow, who saw that coming?" send, but people are acting like the "what next" part is coming as a surprise.
Hell, I'd go so far as to say that a lot of these companies should have been saying to themselves "if this ever gets out, there is a real chance of business risk". Now that it has, there is. If they didn't have a plan in place for what to do, then that's their problem.
Re:So... SECURE THE TECH! (Score:5, Insightful)
Well, at least with open source, I can decide whom I want to trust, if anyone. With Microsoft or Apple, what are your choices? The various officers of either company can make statements that "You can trust us!" but there isn't a snowball's chance in hell that ANYONE can inspect the code to find those back doors.
I'm far less than competent at reading code, but I can actually step through some of it, with open source. I can do it openly, without fear of someone finding out that I "hacked" the code. I can look at it all day. If I find something that I don't like, I can contact someone - anyone - to find out what it is. My buddy, down the street, who is a little more competent than I am. People on a support forum, some of whom are actually competent. The developers themselves, if I think I've really got something.
Try that with Microsoft or Apple. You might want to consult with a good lawyer before doing so.
Re:They voted for it (Score:1, Insightful)
Californians are responsible for the Obama Administration because they voted for him. California's two Senators are Obama Administration allies, so they're unlikely to help rein in the government they support. Californians didn't vote for Bush, so they aren't responsible for his policies in the same way.
Californians should start supporting smaller, less intrusive government if they don't want to accept the consequences of having a huge, powerful, active government.
You can't keep accepting the idea that government knows best and then complain when government doesn't do the right things.
Re:So this means more jobs for American STEMs? (Score:4, Insightful)
Re:Monday (Score:4, Insightful)
So you're saying the entire American business is based on fraud?
No, just Wall Street.
Re:Reason for secrecy (Score:5, Insightful)
I don't care if you're a private citizen, a church, a corporation, or a government. If you're committing acts that have to be kept SECRET, then you're doing something wrong.
This sounds exactly like "if you don't have anything to hide, you don't have anything to worry about from the NSA spying".
Re:Can somebody please rein in California? (Score:5, Insightful)
Well, there's also the other side. The spying gives you valuable information, that any good psychopath^Wbusiness man can use, to raise his profits.
"American" enough for you?
There are certain counter-intuitive practices that the USA was once known for holding as ideals. We didn't bribe or take bribes. We didn't torture or keep secret prisons. We didn't spy on our own people, interfere with their free travel, or otherwise indulge in the oppressive practices of countries we condemned.
We were never as good at holding these ideals as we deluded ourselves, but we did manage to put up a good front.
In the movies, the villains sneer at the good guys for being soft and impractical, and in the end, they lose. Movies are a bad model for real life, but it is true that if you demolish a reputation for square dealing just to be "practical", that there can be practical costs. And that a reputation once lost can be very hard to rebuild.
tiny example (Score:0, Insightful)
I switched to duckduckgo from google, it's a tiny, irrelevant (in the big schema of things) example, but understand that I used google exclusively for over a decade now and it took overcoming a serious mental block to do that and I did it anyway.
Re:Can somebody please rein in California? (Score:0, Insightful)
The movies are often made for kids or as an uncomplicated distraction adults.
I'm not sure you can draw conclusions from movies, even if it is the bulk of your life experience.
Re:So this means more jobs for American STEMs? (Score:4, Insightful)
yeah... he mistrust only really impacts foreign countries buying our products and services. Individual foreigners and companies will likely still happily take our money to sell us products and services.
Exactly. Remember the hype surrounding US companies buying Huawei equipment because of spy concerns? It seems to me that the roles are reversed now... The Chinese government has an excellent argument to ban US manufactured equipment from their networks and country.