NSA Internet Spying Sparks Race To Create Offshore Havens For Data Privacy 166
Posted
by
samzenpus
from the keeping-a-lid-on-it dept.
from the keeping-a-lid-on-it dept.
schwit1 writes "Some European leaders are renewing calls for a 'euro cloud,' in which consumer data could be shared within Europe but not outside the region. Brazil is fast-tracking a vote on a once-dormant bill that could require that data about Brazilians be stored on servers in the country. And India plans to ban government employees from using email services from Google and Yahoo Inc. It is too soon to tell if a major shift is under way. But the Information Technology and Innovation Foundation estimates that fallout from revelations about NSA activities could cost Silicon Valley up to $35 billion in annual revenue, much of it from lost overseas business. A survey conducted this summer by the Cloud Security Alliance, an industry group, found that 56% of non-U.S. members said security concerns made it less likely that they would use U.S.-based cloud services. Ten percent said they had canceled a contract. Even some companies that seek to profit from fears about U.S. snooping acknowledge that law-enforcement agencies in other countries want to catch up with Washington's capabilities. 'In the long run, there won't be any difference between what the U.S. or Germany or France or the U.K. is doing,' says Roberto Valerio, whose German cloud-storage company, CloudSafe GmbH, reports a 25% rise in business since the NSA revelations. 'At the end of the day, some agency will spy on you,' he says."
Consolidation in the Cloud? (Score:3, Insightful)
The answer is not consolidation but more decentralization.
Re: (Score:3, Funny)
My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.
Re: (Score:3)
My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.
Interesting! I would like my prosumer mo-social wireless content delivery strategy to synergize with your thinking-inside-the-box solution, but the interface to my problem space may need realignment to fit the new paradigm. Do you support RFC 1149 [ietf.org] - IP over Carrier Pigeon?
Re: (Score:2)
The CIA has operated a communication intercept station in Mongolia since the early sixties. Whilst its focus is on Russian and Chinese communications, it does pickup, and analyze Mongolian signals.
How can you ensure that those ponies don't pass through the CIA communications intercept station?
Amber
Re: (Score:2)
Use yaks. Not as fast, but more capacity per "packet".
Re: (Score:3)
Re: (Score:2)
Re: Consolidation in the Cloud? (Score:2, Insightful)
*cough*IPv6*cough*
Re:Consolidation in the Cloud? (Score:4, Insightful)
In most of the world yes there is. There are government granted telecom monopolies that will block ports at random, unless you pay a small fortune for a business account.
Re: (Score:2)
As much as I hate to encourage ISPs coaxing people to business accounts in this way, I really recommend you check it out.
When I got sick of random ports being blocked (the last straw was blocking inbound 25/TCP (which has nothing to do with stopping spammers)), I changed my account to a business account and it ended up only costing ~10% more for the same speed. In addition to helpful cooperation with things like setting up reverse DNS and an actual SLA (it's not fantastic, but they are now extremely quick a
doesn't europe spy as well? (Score:2)
a euro data hub accessible only to european intelligence agencies who will happily share data with their NSA buddies
even then the NSA was tapping under sea fiber cables 20 years ago. before that we were sucking transmissions out of the sky
Re:doesn't europe spy as well? (Score:5, Insightful)
Re: (Score:2)
in the early 90's there was talk in the US press about french and european spying on US companies, especially to get an advantage for airbus
Re:doesn't europe spy as well? (Score:5, Interesting)
And China has been accused of it many, many times - they barely even bother to hide it. Every country does it, then acts outraged when all the others do too.
Re: (Score:2)
Re: (Score:2)
Yeah - no reason to get outraged. The NSA uses our tax dollars to inject weaknesses in applications, encryption techniques, and devices which make it easier to be a victim of identity theft. Worse, after we completed exporting our manufacturing economy during the 80s and 90s in favor of "knowledge jobs", the NSA makes it obvious that doing business with American companies is unwise at best, though moronic is a better descriptor. And if that's not enough, all those aforementioned weaknesses make it easier
Re:doesn't europe spy as well? (Score:5, Interesting)
Countries like France and UK, yeah, absolutely. Germany... is slightly more touchy about issues pertaining to surveillance and the general topic of totalitarianism, for some reason.
Iceland overthrew its government when said government wouldn't jail bankers. If Iceland says they ain't going to spy on people because fuck that, I would lean toward cautiously trusting them.
Re:doesn't europe spy as well? (Score:4, Interesting)
Yea, we had to have a special network connection through the American Embassy in France so we could exchange e-mail without the French reading the emails. We put it into place when the French would ask about something that was only disclosed in the email.
[John]
Re:doesn't europe spy as well? (Score:4, Interesting)
Yes, we (the German people) are. No, we (the German government) are not. The later will happily share whatever they acquire with its "friends" in Europe and overseas.
Technically both NSA and BND/Verfassungschutz are not spying on their own people ... but if the BND spies on Americans and the NSA spies on Germans and both swap their findings, all laws were respected.
I'm not making this weird shit up, that's actually how our government argued in this affair. Granted the wording they used was of course more not-so-obvious politian-speak. But that's what they said.
Re: (Score:2)
I'm an American living in Germany. V for Vendetta is not only correct, but the few people I have spoken to have their fingers in their ears. They complained more about the Americans' secret surveillance watching them rather than about the secret surveillance of the German government watching them. At least they agreed when I politely told them that they should tell their government to stop allowing the Americans to spy on them. They are their own country and didn't have to bow to American whims.
Unfortun
Re:doesn't europe spy as well? (Score:5, Interesting)
Pretty much. Governments have long recognized that the existence of a decentralized packet-switched network makes spying on its citizens harder. Therefore, their goal is to break the Internet, splitting it off into lots of little regional networks that don't fully talk to one another, requiring companies to store data on their citizens in country-specific servers so that it is easier to keep track of everything that's happening, etc. Government would love to go all the way back to the circuit-switched days of mainframe computing if they could.
This is why we, as citizens of the world, must unite to demand more reasonable policies, starting with laws that fine companies an exorbitant amount of money for sharing information about their citizens with foreign governments without a warrant from the citizens' governments. If Google were hit with a million dollar fine every time it obeyed an NSL without getting a court order from whatever country the target was from, Google would then be forced to sue the federal government to reclaim those damages, forcing the U.S. government to act like a proper player on the world stage instead of a world-class thug that bullies its way into whatever information it wants.
Re: (Score:2, Insightful)
Or with other words, the more decentralized the network, the harder for any entity to eavesdrop on all of them. Do i really have to prove it? Really???
Re:doesn't europe spy as well? (Score:4, Insightful)
Your point and my point are not really in conflict; they're just two sides of the same coin. Ultimately, the first goal of government, sadly, is and has always been maintaining and concentrating power. It shouldn't be that way, but it is. Other governments knowing things about your citizens weakens your own government's power, because those other countries could potentially learn some of your country's secrets. (This is particularly true for business communications.) Your own government knowing things about its citizens increases its power, because it gives them information not only about security threats, but also about potential threats to your power. It also gives them ammunition that they can use for blackmail if they need to silence a dissenter. Therefore, the natural tendency is for a government to want to increase its ability to spy on its citizens while decreasing the ability of other governments to do so. I cite as an example the extensive U.S. government surveillance of people involved in the Occupy movement.
Complete global decentralization, which the Internet typically trends towards in the absence of interference, limits the ability of all governments to spy on anyone. This does not meet the above goals. However, regional centralization (such as EU member governments encouraging people to use servers within the EU) in lieu of global centralization decreases the ability of governments to spy on people from other countries/economic communities, while increasing governments' ability to spy on people in their own countries. This is a win-win for European governments; they get the political win of being able to say that they're protecting people from the watchful eye of the nefarious U.S. government, all the while centralizing that data in a location where it is more easily reachable by their own governments through subpoenas and what not.
This article [washingtonsblog.com] is a good read on the subject.
Re: (Score:2)
Europe is already covered by the European data protection directive, recently updated in 2012 and 2013.
The directive, essentially, makes the whole of Europe a data enclave, out of which data can only be passed if it's subject to the same laws as would apply within that enclave.
Third countries is the term used in legislation to designate countries outside the European Union. Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to t
Re: (Score:3)
Yes - data safes are worthless when the spy agency has access to all the I/O pipes.
Re: (Score:3)
That particular problem can be solved with simple encryption. No need for the fancy stuff - simple symmetric will do.
Re: (Score:2)
Generations have passed. Most 'top' staff in most European intelligence agencies would really, really enjoy their visits to see the 'future' in the US.
Many nations entire 'new' telco systems are just regional hubs to track dissent and mirror off all data to the US/UK.
I've read this book... (Score:3, Informative)
So, U.S. domestic spying won't last long, then? (Score:2)
The commercial interests, big commercial interests are negatively affected by this spying. It's going to hit some bottom lines big time pretty soon. If we're to believe in the strong arm of lobbying, domestic spying should end any day now, right? Riiight :)
Re: (Score:2)
They're not hurt by the spying but by the disclosure. If these California companies didn't like the spying itself, you'd have seen them pour money into unseating Dianne Feinstein last year.
Expect instead to see these companies to lobby for feel-good measures that are simply aimed at making the story "go away."
Re: (Score:2)
I KNOW, i know, they are stupid, not so smart as you are (or more likely, you think you are...)
Sealand... (Score:2, Interesting)
Is it still up for sale?
Re: (Score:2)
If you continue to do it, day after day, year after year.....(do i have to say the obvious?)
Re: (Score:2)
Re: (Score:2)
Expect competitors for all big IT US companies (Score:5, Insightful)
Re:Expect competitors for all big IT US companies (Score:5, Interesting)
Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!
Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.
Re: (Score:3, Insightful)
Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!
Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.
That's because people are idiots. Not only would a European-based competitor NOT prevent the NSA and GCHQ from getting at your data, it's not going to prevent any other agency from getting at it either.
Avoiding US-based services is nothing more than a bunch of political bullshit. If you're worried about the security of your data, the solution is not to stop using US-based services, the solution is to stop using cloud services in general and run things yourself. Shifting a data center from one country you di
Re: (Score:2, Insightful)
I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.
Re: (Score:2, Interesting)
The big difference is...if a company is based in the USA the NSA can ask for practically anything, backdoors, etc and that company has to comply or shutdown. I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.
This is true. We only have to give up customer data when handed specific official court orders (specific for the customer and case in question). It might be hard for Americans to believe after all their NSA revelations, but our law enforcement simply don't have similar blanket powers to request access without going through due process. We actually give customers a guarantee on this, and this guarantee is not written in a clever way to give NSA type loopholes.
Re: (Score:3)
I think that's a bold claim. Remember that when GCHQ wanted to spy on phone calls from the Middle East, they didn't do it by serving Belgacom with some dubious order from a bogus court. No such courts exist in Europe, at least as far as I know. They did it by hacking Belgacom directly and then they got caught
Re: (Score:3)
A non-US competitor to VISA would be even more important.
Spot on (Score:4, Interesting)
Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.
Re:Spot on (Score:5, Insightful)
I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.
Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.
"Actual" and "measurable" are two different things. The simple truth is we don't really know the extent of what the NSA is up to or whom they're sharing this data with. Already there have been calls for this treasure trove of private information to be "shared" with private companies so they can "help out" in the fight against terrorism. And the fact that these organizations have the guts to publicly lobby for such access says to me that likely somebody somewhere in private industry already has access to some or all of it through "connections" and now wants this sharing legalized so their access to that knowledge can be leveraged for greater financial gain out in the open, in front of stockholders.
Re:Spot on (Score:5, Insightful)
The fact that we don't know just makes it worse. We have to assume that the entire US and everything in it is compromised.
Re:Spot on (Score:4, Interesting)
The fact that we don't know just makes it worse. We have to assume that the entire US and everything in it is compromised.
For the moment, I'd say that is a wise assumption. If I were a non-US corporation or person I'd be assuming the exact same thing. Until there is a full, detailed accounting--of the uncomfortable "truth commission" variety--all but the staunchest pro-authoritarian Americans will believe it anyway, so there's no sense delaying what absolutely has to happen.
It may yet be that the capitalist interests that the NSA are damaging might in the long-run have to expend considerable lobbying dollars to reverse some of this perception by drastically reining in the NSA. Or we can write-off a good chunk of the money we'd have otherwise made by innovating online.
Re: (Score:2)
It seems like the US will have to undergo a painful examination of what it has done, as you suggest. Kinda like East Germany after the wall fell, or Soviet Russia after the collapse of the USSR.
Re: (Score:2)
Still time and the smart contractors have some really great ideas.
The US still has time to offer 'free', charm and totally effortless connectivity to 'everybody' for a while longer.
The real fun starts when the use of 'free' web 2.0 services becomes useless as its flooded with fun, recreation, hobbies, sport
Re:Spot on (Score:5, Informative)
Eduard Snowden wasn't employed by the NSA, but by Booz Allen Hamilton, which belongs to the Carlyle Group. Think about the opportunities insider information offers to these kinds of investors.
Great (Score:5, Insightful)
First we rid ourselves of manufacturing to become a country of services and intellectual property. Then we destroy the reputation of our services by spying on everyone who uses them. Good job government. Good job.
Re: (Score:2)
I just hope that the other countries realize that all the intellectual property agreements with US worths nothing in the actual situation, NSA are free to roam their internal networks and private mails, steal any intellectual property they want to give to big corporations to patent/copyright them so the original inventors don't have it, anywhere.
So no manufacturing, no services, and no intellectual property. Just a big bully sitting there.
Re: (Score:3)
Hosting stuff in the US is like having the USSR build your embassy. :-)
Re:Great (Score:5, Insightful)
The NSA was not balancing anything. They are a rogue agency operating outside of the law and outside of meaningful oversight. Snowden is a patriot and a hero for exposing the criminals at the NSA for what they are. The NSA does not make America safer or more competitive at business. It's a liability to our freedom, our safety, and our economic security.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
You sound like a petulant child who blames his sibling for tattling on him for stealing cookies.
The perception of privacy is valuable (Score:5, Insightful)
And here's the big-ass BUT, really, DARPA built the Internet. Someone has been spying on some of it all along, most certainly. BUT the level it has risen to with the holy excuse of THA TURRISTS is unexcusable. The Snowden Shaming was long overdue.
Works as designed (Score:2)
Re: (Score:2, Insightful)
Wasn't internet designed around the idea to route around damage? Places where spying on everybody and his sister is the norm certainly looks like something to be avoided. But then again, we don't want the terrorists to win. Right?
Terrorism won. The terrorist took on the Big USA, claimed they weren't the "good guys" that they claimed to be. Come a decade later, we got Snowden showing exactly how much of dicks the USA Government really is, and that the terrorist aren't the big threat, but that the USA Government is the big threat. The one causing TERROR in the world.
Re: (Score:2)
Nah, we've been dicks from the start. I personally blame our English parents.
sad this is now nsa spying is going to get stopped (Score:2)
Client side cryptography (Score:2)
Re: (Score:2)
Most of it will be done in JavaScript for convenience, even if it's not a good idea
http://www.w3.org/2012/webcrypto/
Re: (Score:2)
Re: (Score:2)
It's still exposed at least to cross-site scripting attacks, I think.
Limiting XSS exposure is a key goal of the design effort.
Some agency will spy on you (Score:3)
Yes. But some countries do so only to maintain their domestic security. That's not always good, but I can deal with it. What many people don't like is losing their privacy in the name of propping up the US' good old boy commercial interests. And getting pulled into every global military dick swinging contest.
Some Agency (Score:3)
However, a lot of companies will be more comfortable if an agency from their own country will be spying on them, if only to keep US-companies from getting business intelligence.
From that point of view, the USA just got too greedy with their industrial espionage.
Data Haven in the Sultanate of Kinakuta (Score:3)
Who's going to be the Sultanate of Kinakuta ?
Missing the Point (Score:3)
Yes and you can be sure that most governments are already spying on their own people. The point of using non-US cloud services is to limit the amount of eyes on your data. If your company is based outside of the U.S., your government is likely keeping their own tabs on internet traffic - maybe not to the same extent as the NSA, but it's likely happening nonetheless. Then, if you use U.S.-based cloud services, you have to worry about the U.S. government having access to that data as well. By using a provider in your own country, you limit the number of parties available to snoop on that data to the company offering the cloud services and your local government.
Re: (Score:2)
Re: (Score:2)
I take anytime a government spying in their own people over a government spying and controlling other countries people, sometimes even is a reaction for their own protection, to avoid the dangers implied of other government controlling your own people. Also, using Russia, China and a few more as all the 200+ governments is a good generalization to support that it must be good because others do it, there are thousands of people that steal, so everyone steals, so is ok that you do it, no?
The difference is that if China has Total Information Awareness about you and you live in the US, their direct control over you is necessarily limited. The FBI, DHS, et. al. are all ultimately branches of the US Federal Government, which in turn has a lot of control in both carrot and stick forms over state and local government agencies. China cannot sic the FBI on you. The NSA on the other hand...
Dear europe.... It wont matter.. (Score:3)
Because your endpoints will still be compromised.
Unless all of you are moving to Linux or BSD, we will still have full access to all your data.
Love,
The NSA
Re: (Score:2)
What about my C64? Is it safe?
Re: (Score:2)
Re: (Score:2)
Regarding alternative OS, it won't matter. Who says Intel, AMD, ARM, nVidia, RealTek and all other hardware manufacturers haven't already included backdoors into their firmwares and hardware design to please the NSA? There was an article [heise.de] recently in the German magazine C't about possible backdoors in Intel's Active Management's Technology (AMT). Even if turns out to be a hoax, for now, who knows what lays dormant in such firmware, waiting to be tapped by the NSA?
Re: (Score:2)
Re: (Score:2)
Also, be wary of your network cards, hard drivers, pen-drives, keyboards, mice, DVD drivers, and watever else you plug on your computers. If you plug your cellphone or tablet at your PC, you've already lost the PC.
And be wary of binary software distributed to you. Even if it's personally signed by someone you trust (and you trust the certificate you got), his computer may be compromissed. If it's not signed, well, you've already lost.
Changing your OS or trusting the manufacturer of your processor won't make
euro cloud concept is ignorant (Score:3)
it won't protect anyone.
If anything, it will simply expose europeans to spying by european governments by labeling your secret information secret and then putting it in their pocket.
Re: (Score:2)
both will have access regardless.
The euro cloud will not stop the NSA.
It will be entirely ineffective at protecting people from that sort of thing.
You do not protect yourself from state cyber intelligence by centralizing your information in easily located systems.
You protect it by hiding it away.
The best security is simply being unknown.
If you really want to talk about security and privacy... the cloud itself is a threat. We shouldn't put as much on the cloud as we do now.
Misread the title.. (Score:2)
"Offshore data havens" indeed (Score:3)
You want your data to be 100% secure? Then store it off-line. If the FBI, CIA, NSA, DHS, military intelligence, or whoever you care to name really wants to see what's stored on a USB flash drive or hard drive sitting on a shelf in my house (or stored in a safe deposit box, or in a vault somewhere, or buried in the ground in an undisclosed location) then they'll have to come and physically get it.
Re: (Score:2)
Re: (Score:2)
Like your bank, medical, insurance, mortgage, employment, social security, credit card, Facebook, eBay and Amazon records. Put them on a flash drive buried in your back yard and the NSA has no chance. Good luck with that.
Re: (Score:2)
Re: (Score:2)
Stock markets? (Score:2)
So now that the veil has been pulled back, when do we all realize that the next logical conclusion as citizens globally is to exit the stock market en masse? Any notion remaining that it was a fair game have been squashed - if NSA staff and contractors can monitor exes and lovers for months without effective oversight, imagine the financial incentive to do the same to C level execs?
Offshore data havens? (Score:5, Insightful)
Oh, shit.
Spread it around (Score:3, Insightful)
You use various services on the Internet. Get those services from different companies, different countries. If you use Google for everything, then Google knows everything about you, and Google will tell the NSA. Yandex will not tell the NSA; no way; Yandex is in Moscow. Google's business plan is to become an expert on you, and I don't want ANYBODY to be an expert on me. It's not about who you trust, it's about trusting nobody.
Irony tho... china (Score:2)
Plenty of folks will use chinese IT services without considering the risk is equally great.
Sad to say but I'm all for breaking the internet back into smaller chunks. And that's going to create a lot of risk as people start pulling of terror plots which might have been seen before.
But-- we lose over 10x as many people as we ever did to terrorism. Our fear of terrorist acts are allowing a huge distortion of the 1st world societies.
U.S. or Germany or France or the U.K (Score:2)
'In the long run, there won't be any difference between what the U.S. or Germany or France or the U.K. is doing,'
As far as I know, neither Germany, France, not UK have secret courts, national security letters, gag orders...
LOL (Score:2)
Waste of time (Score:2)
NSA will simply setup shop in a consulate in that country, and it will be business as usual.
It is SPY vs SPY game as depicted in Mad Magazine of the 1960's
Re: (Score:2)
Re: (Score:2)
The americans were the ones that put the entire world into this. It had some time into making, and still were elected people controlled by the same pupeteers each time. It was pretty clear in previous election that worrying trends were just increase if Obama get reelected, and he did (and people were happy because the "other option" wasnt elected, even if both options would had the same people in control, and there actually were other options, if even were expressely voting for noone).
And you are just star
Re: (Score:2)
It's amazing that Americans think the world would have turned out different if they had voted for the other guy... American history must have been a string of electing the wrong guy each and every time then it seems.
Re:Government is shutting down. (Score:5, Insightful)
Will they shutdown the FBI, CIA and NSA? The DHS?
It's not a "Free Country", or even a plausible republic, with Secret Police.
Re: (Score:3)
The law was written so the President can set "essential" branches or programs that cannot be shut down. For example, the ACA program cannot be shutdown. Given the President's current track record, most secret agencies will be going strong tomorrow morning (though we wont know about it till they knock on the door).
Re: (Score:3)
I'm pretty sure they won't shut down the IRS. :-)
Actually, DHS is considered an essential service that will not be shut down, while IRS auditing will be shut down!
Re: (Score:2)