Snowden and the Fate of the Internet As a Global Network 505
Hugh Pickens DOT Com writes "John Naughton writes in the Guardian that the insight that seems to have escaped most of the world's mainstream media regarding the revelations from Edward Snowden is how the US has been able to bend nine US internet companies to its demands for access to their users' data proving that no US-based internet company can be trusted to protect our privacy or data. 'The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system,' writes Naughton. 'Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA.' This spells the end of the internet as a truly global network. 'It was always a possibility that the system would eventually be Balkanised, ie divided into a number of geographical or jurisdiction-determined subnets as societies such as China, Russia, Iran and other Islamic states decided that they needed to control how their citizens communicated. Now, Balkanisation is a certainty.' Naughton adds that given what we now know about how the US has been abusing its privileged position in the global infrastructure, the idea that the western powers can be allowed to continue to control it has become untenable. 'Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes?' writes Neelie Kroes, vice-president of the European Commission. 'Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally, and providers will miss out on a great opportunity.'"
Encryption: (Score:5, Insightful)
Free speech* (Score:5, Insightful)
*As long as that speech falls into the category of things that benefits the U.S. government.
Re:Encryption: (Score:5, Insightful)
Technical solutions to social & political problems don't work.
Re:WTF? (Score:5, Insightful)
This isn't news. (Score:5, Insightful)
It's always been the elephant in the room. The only new thing is that it has become obvious to a larger number of people that encryption isn't just an "in case" precaution. Anyone who knows anything about the way the Internet works has been aware for years that nothing is secure unless you both encrypt it and control the only means to decrypt it (either by encrypting it to someone's public key whom you trust or by encrypting it for your own secure decryption later).
So again, the only real change is that the tinfoil hats were verifiably right for once. The question nobody seems to be answering is, what (other than nothing) will the general public do about it? The answer to that is, only as much as they are forced to.
Re:WTF? (Score:5, Insightful)
And we Brits want our Turing Machines back!
Is there anything useful on the non-Western 'Net? (Score:3, Insightful)
Is there really anything worthwhile on the non-Western Internet, at least from the perspective of most Westerners?
I know I couldn't care any less if I could no longer access Russian or Chinese websites, for instance. Due to language differences, they're already pretty much useless to me. I know this also holds true for most Americans and Australians, and many Europeans, too.
Yeah, I know, there are probably a small number of expats and academics who find some use in such information, but there aren't many of them. Aside from them, I don't think that Westerners in general would really miss those very foreign parts of the Internet if they suddenly disappeared.
Was never secure to begin with (Score:4, Insightful)
Re:Encryption: (Score:4, Insightful)
Encryption is not a solution. You can't reasonably use cloud computing, webmail or social networks with encryption in a way to prevent the kind of snooping that is going on. The solution is to stop using untrustworthy providers: Don't use US services.
Re:What's the benefit of privacy from the governme (Score:5, Insightful)
If a citizen of the United States is not committing a crime, then why does the United States Government need to know the full text of everything that he reads and writes on the Internet?
Re:What's the benefit of privacy from the governme (Score:5, Insightful)
That's not a concern. That's just a paraphrase of "if you're not doing anything wrong, you have nothing to hide."
If one is still asking that question at this point, when it has been answered a hundred ways on a hundred days, then he doesn't care about any answer, and will continue to dismiss it.
Re:Encryption: (Score:5, Insightful)
Technical solutions to social & political problems don't work.
Really you want to try brute force decrypt 4092 bit random key encrypted folder stored to random joe's sky drive folder? No, well neither does the NSA.
Re:Encryption: (Score:5, Insightful)
One small problem - encrypted messages won't get very far if the packets are blocked as being non-readable by whatever censorship authority runs the firewall/choke-point/etc.
A truly 'Balkanized' Internet would mean that there would be choke-points through which packets have to travel between subnets.
Now if you said 'steganography' instead, well, different story. But an obviously encrypted message would likely be blocked cold.
A bit overly dramatic (Score:4, Insightful)
IMHO, the author's conclusion is a bit overly dramatic. I think a more realistic conclusion is a gradual fade out of cloud computing and cloud storage. Business and people will be more inclined to keep their private data on local, closed systems now because they no longer trust the government not to stick their nose in where it doesn't belong. How long will it be before the same effect happens to socialized medicine? Would you trust the government not to use your medical status against you?
Re:What's the benefit of privacy from the governme (Score:5, Insightful)
I've got nothing to hide, so there is no reason to look. Should work both ways.
Re:What's the benefit of privacy from the governme (Score:2, Insightful)
What is not illegal now might become illegal in the future.
http://en.wikipedia.org/wiki/Persecution_of_homosexuals_in_Nazi_Germany_and_the_Holocaust
The problem with encryption (Score:4, Insightful)
... is that, either literally or metaphorically, it's vulnerable to someone holding a gun to your head and demanding the key. We're seeing this (the literal version) in the USA already. I agree with the thesis of the original article: The farther you can keep your data from USA-entangled entity, the better.
Re:What's the benefit of privacy from the governme (Score:5, Insightful)
This is why [cornell.edu]:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Long story short? Unless the government has demonstrable cause to read/know the full text of "everything", it's none of their fucking business.
Re:What's the benefit of privacy from the governme (Score:2, Insightful)
Substitute government with your neighbor. Does that clear things up?
In particular, government, being comprised of mere human beings, should (logically) not be trusted with any more power than the average human being.
General public doesn't care (Score:4, Insightful)
Most people won't really care/comprehend much past the drama generated around the whole thing. In the US, Reality TV wins, everything else is lucky if it gets a confused, apathetic nod. If it's more work than walking to the checkout line at a Walmart, people just won't do it.
'Global Network' =/= 'uniform resources' (Score:4, Insightful)
It's still a global network, and will continue to be a global network even if it's balkanized. Your business network is part of "the Internet" even though it's protected by a firewall. You might use different servers and services, but it's still all connected.
The Internet has never been so uniform a thing as what this summary implies. Different countries have been filtering access, providing different services, etc. Even in cases where access is unfettered, there are still language barriers, cultural barriers, an geographic barriers. I don't access Russian sites and services very much because I don't speak Russian, I don't live in Russia, and I'm not Russian. But we can still access many of the same sites, and we can still send email to each other.
Re:Encryption: (Score:5, Insightful)
In this case, the solution fails for technical / practical reasons. Corporations do not use "the cloud" just for storage, but for processing of data as well, which means it'll have to exist in plaintext on the cloud server at some point. If you want your data to be secure, you should certainly encrypt it, but you aso should stop using the cloud for anything but storage of already encrypted data.
Re:WTF? (Score:5, Insightful)
Re:Encryption: (Score:4, Insightful)
These are *services* on the Internet, not the Internet itself. Yes, individual services like SMTP are vulnerable, but no one says you have to use it, or Facebook or whatever hipster doofus smocial smetworking site is the be-all and end-all this week. There are ways to use the Internet that make you far less vulnerable. Nothing, of course, is 100%, and if They (whoever They are) can take advantage of vulnerabilities on your hardware, well that is a problem, but it is a different kind of problem.
Not even China can afford to cut the tubes between here and the West, and not even the West, despite its governments' singular desire to know every utterance its citizens make over said tubes, can afford to so damage the Internet in a quest for that kind of total knowledge. They will all push the boundaries of technology, but at the end of the day, too much of the global economy has become reliant on the Internet to allow it to be too balkanized.
That is not to say there aren't problems here. Whether it's trying to censor what citizens see (as China and Iran have done, and what the UK is trying to do) or ubiquitous spying (as probably all governments now do) these are threats to the free exchange of information, but at least so far as the letter is concerned, that can be fixed by using alternative protocols and encryption. Just because it's no longer secure to post shit on Facebook or use SMTP to send confidential emails (when was it ever really secure to use SMTP) doesn't mean the Internet is doomed.
New levels of trust (Score:5, Insightful)
But this brings back a new tool into the tool into the toolbox. Security through obscurity. The idea is that if you are using well known protocols and systems then the voracious data monsters may very well have ways to tap into them. But if you adopt the weirdos then you might very well avoid easy data loss. These can be layered. So you might use SSH(or some VPN) for the outer layer but underneath you might even use some homebrew encryption. As everyone knows the chances of getting your own encryption right is low but it takes you out of the realm of automated data harvesting. Some group of humans have to now pick through your protocol and crack it. Then you just keep making regular tweaks to your protocol, not to make it better but to change the weirdness.
But this whole thing is a huge opportunity for a country with good privacy protections. A whole industry of secure routers and whatnot could be created that people would trust. I would infinitely prefer a router from an Icelandic(designed and built) company than a technically better router from Cisco (designed in the US and probably made in China).
Also this is where opensource is going to get a whole lot more interesting. Tools like Skype would be better trusted if the code was opensource (they can still retain the copyrights and say, you can poke through it and compile it for your own use but not modify and distribute it). This way when the NSA demands a back door. Skype can say, "No problem but people will discover it in 5 seconds." On top of that it would be great if tools like skype had better plugins for things like encryption and comm. This way you could download 3rd party tools all day to keep shaking things up. Your buddies would have to have the same plugin but among friends or corporations this would not be a problem.
The ideal setups would allow you to know that your ISP was compromized, your software provider was compromised, and the feds hated you, yet you could still use the Internet in complete privacy.
Personally the only security I would trust if I were wanting perfect secrecy would be one time pads. By hand I would deliver one time pads to my trusted companions (divided into slices and delivered by multiple trusted couriers) and use only those for communications. The occasional HD should suffice for nearly all communications. Also the machines being used for communications would not be networked. You would take the transmission from an (assumed compromised) machine, put it on a storage device, then read it on the trusted non-networked machine using the matching one-time-pad, prepare an encrypted response, and then put it back on the compromised machine for sending. Good luck back dooring that setup.
Re:What's the benefit of privacy from the governme (Score:4, Insightful)
The issue here is in part interpretation of the 4th amendment, in part the fact that "meta-data", whatever form it takes, has long been viewed as not being considered "personal papers" and in part it's irrelevant to the large mass of humanity on the Internet. Even if you win the battle in the US and meta-data is either constitutionally protected, it doesn't help much if a US ally doesn't have such stringent protections. A major aspect of what Snowden's leak revealed is that the US and its allies shop the data around, so that if the US can't read an email because it is nominally obeying the 4th Amendment, no problem, the UK will happily do it.
Re:Is there anything useful on the non-Western 'Ne (Score:5, Insightful)
Re:What's the benefit of privacy from the governme (Score:5, Insightful)
Battle of Athens [wikipedia.org]
Return to URL-based Internet (Score:4, Insightful)
The approach - "trust me, trust my closed binaries, as I am good guy" - is over.
I expect clearer interfaces, as people will not trust convoluted websites and OSs anymore.
It could be a chance for small and medium companies from all over the world. Why, for instance, to have one Skype when we can have several competing clients talking via open protocols.
Re:Encryption: (Score:5, Insightful)
Now, the interesting question is what is the relationship between Random Joe and Random Bob?
You've nailed it. The secret service does not exist to crush dissent, it exists to crush organised dissent before it takes root.. They collect "meta data" not because of the fig-leaf of privacy it affords but because it holds the information they want - relationships between "subversives" (real or imagined). Trawling a gazzillion emails for key phrases is inefficient and error prone, the network of relationships tell you exatly which individuals to remove to most effectively dismantle the entire organisation.
Trivia: Biologists use the same network analysis methods to identify key species in different habitats.
Re:What's the benefit of privacy from the governme (Score:4, Insightful)
If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
You can tell your relation that the main flaw in her thinking is that she presumes herself 100% legal. The basic reason NOT to allow the government to collect this data is that everyone breaks the law all the time, simply because the law is so complicated, and sometimes unjust (oppressive). Anyone who has private communications exposed becomes a low-hanging fruit for the prosecutors. The public does not benefit from prosecution under irrelevant and/or unjust laws, and the negative outcome is huge: more abuse of power, and a slide towards a police state.
Oh The Irony... (Score:5, Insightful)
Re:What's the benefit of privacy from the governme (Score:3, Insightful)
"Battle of Athens"
End result? Business as usual.
You were saying?
The government has thrown out the constitution, and voters approve. The end...
Re:what's the benefit of privacy from the governme (Score:5, Insightful)
There are no innocent people.
There are so many laws today that you've probably committed six crimes before breakfast. If laws were actually enforced, not only would everyone be in jail, but they'd rapidly discover that the laws are so inconsistent that they can't even tell whether or not some things are crimes.
The article's point is in error (Score:5, Insightful)
Look, it's not just the US that does this, it's every developed nation. The UK does it the EU does it the Far East and Middle East nations do it, no there's no escaping it.
Why do they do it? National security- same reason the US does it.
Fact: the internet is how non-state actors plan their violence, raise their money, spread their vision, do reconnaissance . Of course it gets state scrutiny- as much as the state can bring to it.
The reason that's a Big Deal in the news now is because the U.S. government appears to be contravening the US Constitution's Fourth Amendment and lying about it to the American people, and purely instrumental John Yoo-style of "findings" does not count as "lawful".
It's pretty clear to all Americans that their internet searches, their contacts, the time place and duration of those contacts qualify as their "papers" which the Constitution expressly says shall be free from unreasonable search and further that capturing those and rifling through them, analyzing them, drawing conclusions and inferences about the people behind them and then indexing all that away under the key Smith, John , well that's pretty much the definition of "search".
To Americans, myself included, that's a big fucking deal and something that needs to be publicly, seriously and and in a sustained and methodical way considered with the goal of reaching a consensus about how we should go forward.
The government ignores this at their own peril: the terrorist have as their explicit goal to provoke reactions from the US government which de-legitimize that government in the eyes of its own people. They intend to do this and it's their greatest and perhaps only real weapon.
The purpose of doing that is divide the nation against itself and thus generate home-grown discontents which they can cynically join in a common cause (hating the US government). One of the reasons we haven't been hit the way the UK and say Spain have been is because, aside from sleeper cells composed of foreign nationals, al Queda is having a tough time finding Americans who want to support them locally.
Provoking such responses from the US government also serves to undermine the US government's legitimacy with their foreign partners by de-legitimizing the US with those nation's citizens.
So far, they're winning. They won with Abu Graib (thanks Cheney!!!!! Thanks Yoo !!! ) . They won when they turned the Depatment of Justice into a made-to-order *legal* sausage factory , thanks to Yoo , Cheney, David Addington Jay Bybee and Alberto Gonzales.
Now they're poised to win again with this shit. This time it's structural. As one of his first official acts, Obama nullified and set aside all of messy diapers John Yoo left behind in the DoJ. But this time, it's all going to be carried forward.. it's going structural folks. You need to take this seriously.
This is Obama's legacy. This and what he does about climate change are the things history will judge him on, Obamacare is small beans in comparison.
At this exact moment in history Snowden has given him something no one could have foreseen- the perfect excuse to engage the nation in a meaningful debate over complex and fast changing relationship between personal privacy and national security and the 4th Amendment.
It's been presented to him on a mother fucking silver platter, and is he going to engage the nation like a goddamn motherfucking leader and bring us, together, as a nation, as Americans into a shared and accepted understanding about this issue strong enough to take us forward into the next century or is he going to blink this nettlesome thing before him away and let mere circumstance, some random future chain of unfortunate events decide the issue for us in a way that is incoherent, chaotic, instrumental and divisive?
Which is it going to be, Mr. President? This is an issue that is all, and only, up to you.
That's the REAL issue that no one in the main stream media is talking about.
Re:What's the benefit of privacy from the governme (Score:4, Insightful)
This is why [cornell.edu]:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Long story short? Unless the government has demonstrable cause to read/know the full text of "everything", it's none of their fucking business.
Government's trump card: National Security Letter
The People's trump card: Constitutional Supremacy Clause [wikipedia.org]
The Government declared the Constitution of the United States of America as a "worthless piece of paper".
Considering that "worthless piece of paper" is the only document that actually authorized a federal government, I'd say that's a really bad idea on their part.
Re:Is there anything useful on the non-Western 'Ne (Score:5, Insightful)
Let me get this straight. Did you really just say that, because you believe that "most people" lead a one-country/one-language existence, I'm obliged to give up the global life I've led for most of the last 30 years?
Just who the hell do you think you are?
Comment removed (Score:4, Insightful)
Re:Telegraph: They don't tap than service! (Score:3, Insightful)
I would assume you meant to say 'sign with your private key'. As noted above, encrypting with the private key so everyone can decrypt it would be pointless. However, if it was signed, it still serves are purpose as you could be ensured of the author of the message.
If you really wanted to encrypt the content of the message between parties you would always use their public key to encrypt, then only they could decrypt with their private key.