NSA Internet Spying Sparks Race To Create Offshore Havens For Data Privacy

schwit1 writes "Some European leaders are renewing calls for a 'euro cloud,' in which consumer data could be shared within Europe but not outside the region. Brazil is fast-tracking a vote on a once-dormant bill that could require that data about Brazilians be stored on servers in the country. And India plans to ban government employees from using email services from Google and Yahoo Inc. It is too soon to tell if a major shift is under way. But the Information Technology and Innovation Foundation estimates that fallout from revelations about NSA activities could cost Silicon Valley up to $35 billion in annual revenue, much of it from lost overseas business. A survey conducted this summer by the Cloud Security Alliance, an industry group, found that 56% of non-U.S. members said security concerns made it less likely that they would use U.S.-based cloud services. Ten percent said they had canceled a contract. Even some companies that seek to profit from fears about U.S. snooping acknowledge that law-enforcement agencies in other countries want to catch up with Washington's capabilities. 'In the long run, there won't be any difference between what the U.S. or Germany or France or the U.K. is doing,' says Roberto Valerio, whose German cloud-storage company, CloudSafe GmbH, reports a 25% rise in business since the NSA revelations. 'At the end of the day, some agency will spy on you,' he says."

Consolidation in the Cloud?

The answer is not consolidation but more decentralization.

Re:Consolidation in the Cloud?

My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.

Re:Consolidation in the Cloud?

[gmuslera]

Countries should give facilities to people to have their own servers in their own home connections, the cloud should be not obligatory to host my own mail/web server, some personal services for my cellphones, or descentralized services like Diaspora. It may not do a lot of difference in US, but in other countries could not force their information to go through points of NSA control. That, and adding/supporting some optional anonimization layers for more or less anonymous browsing (proxies, Tor, Hyperboria, etc) as in some points you must reach the monitored internet.

Re:Consolidation in the Cloud?

Countries should give facilities to people to have their own servers in their own home connections...

Who's going to provide the funding for that? Did you just volunteer?

Re:Consolidation in the Cloud?

Who's going to provide the funding for that?

The people operating their own servers in their own home connections?

Re:Consolidation in the Cloud?

I was responding to the comment that "countries should give facilities.." But maybe I misunderstood.

Re:Consolidation in the Cloud?

I like your plan, are you accepting investment capital at this time?!?!?

Re:Consolidation in the Cloud?

[cayenne8]

Countries should give facilities to people to have their own servers in their own home connections, the cloud should be not obligatory to host my own mail/web server, some personal services for my cellphones, or descentralized services like Diaspora. It may not do a lot of difference in US, but in other countries could not force their information to go through points of NSA control. That, and adding/supporting some optional anonimization layers for more or less anonymous browsing (proxies, Tor, Hyperboria, etc) as in some points you must reach the monitored internet.

Err...there's nothing stopping people now from setting up their own servers at home (email, web, wordpress, etc)....

You might possibly need to get a 'business' account from your ISP and pay a couple $$'s more, but the internet was built as it is, so that every computer hooked to it can be a peer with any other computer on it.

Get with and ISP for the proper TOS for allowing you to host, but that's 100% possible today and has been from day 1 of the internet.

I have mine with a local cable company, $70/mo, and about 10up/10down, with a decent SLA. I run as many servers as I wish, no ports blocked...etc.

Re:Consolidation in the Cloud?

[gmuslera]

Forbidding providers to put clausules in your contract that don't let you do that, in example. There are places where a dynamic IP is given to full time home connection, to specifically avoid setting fixed IP servers there. Is not mandating to put servers in each home, but not putting an extra cost if a person want to do so. Is not exactly rocket science by now, at least for doing it at personal level.

Re:Consolidation in the Cloud?

[marcosdumay]

Err...there's nothing stopping people now from setting up their own servers at home

In most of the world yes there is. There are government granted telecom monopolies that will block ports at random, unless you pay a small fortune for a business account.

Re:Consolidation in the Cloud?

[VortexCortex]

My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.

Interesting! I would like my prosumer mo-social wireless content delivery strategy to synergize with your thinking-inside-the-box solution, but the interface to my problem space may need realignment to fit the new paradigm. Do you support RFC 1149 - IP over Carrier Pigeon?

Re:Consolidation in the Cloud?

[stanlyb]

There is only one little problem: The IP addresses are limited. Of course, if every country does setup their internal network, and if you want to connect to your home computer only while you are not leaving your country, then it will work pretty well. Of course, it means BYE-BYE internet, HELLO intranet, but nevertheless, we are fast going this way....

Re: Consolidation in the Cloud?

*cough*IPv6*cough*

Re:Consolidation in the Cloud?

[RabidReindeer]

Use yaks. Not as fast, but more capacity per "packet".

Re:Consolidation in the Cloud?

[amber_of_luxor]

The CIA has operated a communication intercept station in Mongolia since the early sixties. Whilst its focus is on Russian and Chinese communications, it does pickup, and analyze Mongolian signals.

How can you ensure that those ponies don't pass through the CIA communications intercept station?

Amber

Re:Consolidation in the Cloud?

Never under-estimate the bandwidth of a pigeon with a microsd memory stick !

Re:Consolidation in the Cloud?

Bah. That is what we have IPv6 for. Start using it - be fine!

Re:Consolidation in the Cloud?

[chihowa]

As much as I hate to encourage ISPs coaxing people to business accounts in this way, I really recommend you check it out.

When I got sick of random ports being blocked (the last straw was blocking inbound 25/TCP (which has nothing to do with stopping spammers)), I changed my account to a business account and it ended up only costing ~10% more for the same speed. In addition to helpful cooperation with things like setting up reverse DNS and an actual SLA (it's not fantastic, but they are now extremely quick about fixing outages that involve me), speaking to the customer service is not horrible at all. They are all native speakers who know what they're talking about and the first line techs will actually listen to you and fix your problem.

It sounds like Stockholm Syndrome now that I type it out, but this is really what dealing with an ISP should be like. It's nice to not be treated as an enemy of the company I'm paying for service.

Re:Consolidation in the Cloud?

That's what it should be like, but it isn't unless you fork over the extra bucks for little to no extra service. It literally is Stockholm Syndrome; at least you recognize it.

Luckily my ISP does no blocking whatsoever unless there is massive, obviously malware-fed traffic in your network (no worries here, not a windows box in the house). But I'm just waiting for the day when they require that I pay an extra $100 a month for the privilege of doing everything I do now, except without their hassling me. I fear it's coming soon.

doesn't europe spy as well?

[alen]

a euro data hub accessible only to european intelligence agencies who will happily share data with their NSA buddies

even then the NSA was tapping under sea fiber cables 20 years ago. before that we were sucking transmissions out of the sky

Re:doesn't europe spy as well?

[CRCulver]

Industrial espionage is a big concern. It has been known since at least 2001 (when Echelon was widely covered in the press and the European Parliament opened an investigation) that the NSA has intercepted communications among European companies and then handed over business secrets to their American competitors. Even if it wouldn't protect individuals' privacy, the idea is that a European cloud would protect European businesses.

Re:doesn't europe spy as well?

[Balinares]

Countries like France and UK, yeah, absolutely. Germany... is slightly more touchy about issues pertaining to surveillance and the general topic of totalitarianism, for some reason.

Iceland overthrew its government when said government wouldn't jail bankers. If Iceland says they ain't going to spy on people because fuck that, I would lean toward cautiously trusting them.

Re:doesn't europe spy as well?

[dgatwood]

Pretty much. Governments have long recognized that the existence of a decentralized packet-switched network makes spying on its citizens harder. Therefore, their goal is to break the Internet, splitting it off into lots of little regional networks that don't fully talk to one another, requiring companies to store data on their citizens in country-specific servers so that it is easier to keep track of everything that's happening, etc. Government would love to go all the way back to the circuit-switched days of mainframe computing if they could.

This is why we, as citizens of the world, must unite to demand more reasonable policies, starting with laws that fine companies an exorbitant amount of money for sharing information about their citizens with foreign governments without a warrant from the citizens' governments. If Google were hit with a million dollar fine every time it obeyed an NSL without getting a court order from whatever country the target was from, Google would then be forced to sue the federal government to reclaim those damages, forcing the U.S. government to act like a proper player on the world stage instead of a world-class thug that bullies its way into whatever information it wants.

Re:doesn't europe spy as well?

[fustakrakich]

...the idea is that a European cloud would protect European businesses.

Only the biggest of the big, those businesses that can place their puppets into their respective parliaments. For the rest? Let them eat cake!

Re:doesn't europe spy as well?

[infolation]

Europe is already covered by the European data protection directive, recently updated in 2012 and 2013.

The directive, essentially, makes the whole of Europe a data enclave, out of which data can only be passed if it's subject to the same laws as would apply within that enclave.

Third countries is the term used in legislation to designate countries outside the European Union. Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to this rule are provided, for instance when the controller himself can guarantee that the recipient will comply with the data protection rules.

We (UK personally) already have the data protection legislation in place. The law is very clear on what's allowed. But the laws just aren't being followed.

Re:doesn't europe spy as well?

[alen]

in the early 90's there was talk in the US press about french and european spying on US companies, especially to get an advantage for airbus

Re:doesn't europe spy as well?

[tchdab1]

Yes - data safes are worthless when the spy agency has access to all the I/O pipes.

Re:doesn't europe spy as well?

[Bigbutt]

Yea, we had to have a special network connection through the American Embassy in France so we could exchange e-mail without the French reading the emails. We put it into place when the French would ask about something that was only disclosed in the email.

[John]

Re:doesn't europe spy as well?

[SuricouRaven]

And China has been accused of it many, many times - they barely even bother to hide it. Every country does it, then acts outraged when all the others do too.

Re:doesn't europe spy as well?

[SuricouRaven]

That particular problem can be solved with simple encryption. No need for the fancy stuff - simple symmetric will do.

Re:doesn't europe spy as well?

DING, DING, DING. We have a winner.

Yes the Europeans spy on their citizens and informational transactions in and out of the country. These results are then shared with the NSA so if you try to hide you data outside of the United States then you become even more of a target than if you had kept your information within the US.

Ya' just plain cain't win for losing.

Re:doesn't europe spy as well?

[V+for+Vendetta]

Germany... is slightly more touchy about issues pertaining to surveillance and the general topic of totalitarianism, for some reason.

Yes, we (the German people) are. No, we (the German government) are not. The later will happily share whatever they acquire with its "friends" in Europe and overseas.

Technically both NSA and BND/Verfassungschutz are not spying on their own people ... but if the BND spies on Americans and the NSA spies on Germans and both swap their findings, all laws were respected.

I'm not making this weird shit up, that's actually how our government argued in this affair. Granted the wording they used was of course more not-so-obvious politian-speak. But that's what they said.

Re:doesn't europe spy as well?

a euro data hub accessible only to european intelligence agencies who will happily share data with their NSA buddies

even then the NSA was tapping under sea fiber cables 20 years ago. before that we were sucking transmissions out of the sky

Yes and the last little blip in the summary is retarded.

  'At the end of the day, some agency will spy on you,' he says."

He meant to say at the end of the day every agency is already spying on you but none of them will admit it.

Re:doesn't europe spy as well?

Europe is already covered by the European data protection directive, recently updated in 2012 and 2013.

The directive, essentially, makes the whole of Europe a data enclave, out of which data can only be passed if it's subject to the same laws as would apply within that enclave.

Third countries is the term used in legislation to designate countries outside the European Union. Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to this rule are provided, for instance when the controller himself can guarantee that the recipient will comply with the data protection rules.

We (UK personally) already have the data protection legislation in place. The law is very clear on what's allowed. But the laws just aren't being followed.

The laws are for people and corporations. It doesn't apply to the the NSA or whatever branch is equivalent in your government.

Re:doesn't europe spy as well?

[stanlyb]

But you have to admit, no one could compete with NSA, not in a 100 years....the irony.

Re:doesn't europe spy as well?

[stanlyb]

Actually, it is the opposite. I don't know what kind of idiot did make your opinion "Interesting", but you both need some special medical attention.
Or with other words, the more decentralized the network, the harder for any entity to eavesdrop on all of them. Do i really have to prove it? Really???

Re:doesn't europe spy as well?

[dgatwood]

Your point and my point are not really in conflict; they're just two sides of the same coin. Ultimately, the first goal of government, sadly, is and has always been maintaining and concentrating power. It shouldn't be that way, but it is. Other governments knowing things about your citizens weakens your own government's power, because those other countries could potentially learn some of your country's secrets. (This is particularly true for business communications.) Your own government knowing things about its citizens increases its power, because it gives them information not only about security threats, but also about potential threats to your power. It also gives them ammunition that they can use for blackmail if they need to silence a dissenter. Therefore, the natural tendency is for a government to want to increase its ability to spy on its citizens while decreasing the ability of other governments to do so. I cite as an example the extensive U.S. government surveillance of people involved in the Occupy movement.

Complete global decentralization, which the Internet typically trends towards in the absence of interference, limits the ability of all governments to spy on anyone. This does not meet the above goals. However, regional centralization (such as EU member governments encouraging people to use servers within the EU) in lieu of global centralization decreases the ability of governments to spy on people from other countries/economic communities, while increasing governments' ability to spy on people in their own countries. This is a win-win for European governments; they get the political win of being able to say that they're protecting people from the watchful eye of the nefarious U.S. government, all the while centralizing that data in a location where it is more easily reachable by their own governments through subpoenas and what not.

This article is a good read on the subject.

Re:doesn't europe spy as well?

[rmdashrf]

In Europe the news was exactly the other way around... with the US spying for Boeing on Airbus.

Re:doesn't europe spy as well?

>every country does it, then acts outraged when all the others do too.

No, every don't. Only assholes (bullies) countries do. Everybody bully John, let's do it. Grow up, be a man, you are no more at school (and still at school this was already not acceptable).

Re:doesn't europe spy as well?

[anagama]

Yeah - no reason to get outraged. The NSA uses our tax dollars to inject weaknesses in applications, encryption techniques, and devices which make it easier to be a victim of identity theft. Worse, after we completed exporting our manufacturing economy during the 80s and 90s in favor of "knowledge jobs", the NSA makes it obvious that doing business with American companies is unwise at best, though moronic is a better descriptor. And if that's not enough, all those aforementioned weaknesses make it easier to hack into businesses and steal their work or otherwise damage them.

So we're talking something like $54 billion a year for ID theft (1), $35 billion for the cloud crap in the next three years (2), and $100 billion and 500k jobs or so due to industrial espionage (3).

What the NSA is doing to undermine security is costing Americans and American businesses billions every year, and harming employment to boot. The NSA is much more akin to a co-conspirator in a Russian computer crime gang than to some run of the mill spy who "always did this" because those others didn't screw with NIST, or use the force of the US Gov't to require backdoors. And worse, we have to pay for it with our tax dollars -- we're paying to get fucked by an agency that destroys American values and then turns around damages our economy. It's like paying to get robbed.

So you know what, you can just take a flying fuck with your idiotic "everyone does it" crap. Your complacency is allowing the NSA to continue directly harming America and Americans.

(1) http://www.westfieldinsurance.com/personal/pg.jsp?page=identity_theft_protection
(2) http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/07/nsa-snooping-could-cost-u-s-tech-companies-35-billion-over-three-years/
(3) http://www.huffingtonpost.com/2013/07/25/hackers-jobs_n_3652893.html

NOTE: certainly the NSA isn't responsible for the entire $160ish billion per year, but it is doing it's darndest to get there.

Re:doesn't europe spy as well?

[AHuxley]

Yes the NSA and GCHQ shaped national spy staff and gave them unaffordable tech gifts and long term support.
Generations have passed. Most 'top' staff in most European intelligence agencies would really, really enjoy their visits to see the 'future' in the US.
Many nations entire 'new' telco systems are just regional hubs to track dissent and mirror off all data to the US/UK.

Re:doesn't europe spy as well?

[Common+Joe]

I'm an American living in Germany. V for Vendetta is not only correct, but the few people I have spoken to have their fingers in their ears. They complained more about the Americans' secret surveillance watching them rather than about the secret surveillance of the German government watching them. At least they agreed when I politely told them that they should tell their government to stop allowing the Americans to spy on them. They are their own country and didn't have to bow to American whims.

Unfortunately, I have not been able to go in depth into these types of conversations. (My German is not the greatest.) The only German person who went into depth into this topic spoke English and they didn't want to hear how that the we (modern day Germany and America) are spying in ways that would make the Stasi jizz in their pants. This person could not face that kind of reality and I suspect there are many, many others like them.

I've read this book...

[CryptoJones]

it was called Cryptonomicon.

Re:I've read this book...

it was called Cryptonomicon.

And it seemed like a good idea then, too.

So, U.S. domestic spying won't last long, then?

[tibit]

The commercial interests, big commercial interests are negatively affected by this spying. It's going to hit some bottom lines big time pretty soon. If we're to believe in the strong arm of lobbying, domestic spying should end any day now, right? Riiight :)

Re:So, U.S. domestic spying won't last long, then?

I don't know, but anything that hurts the corporate arm of the US government is good by me. Suffer.

Re:So, U.S. domestic spying won't last long, then?

Meh. I don't see why any corporate interests are being hurt. There's nothing special about US corporations or the NSA, this shit goes on all over the planet. The politicians are just using it as an excuse to further their political agendas.

Some European leaders are renewing calls for a 'euro cloud,' in which consumer data could be shared within Europe but not outside the region.

HAHAHAHA ya right, so the GCHQ can just shoot the details over to the NSA, assuming they wouldn't already have their claws sunk into such a 'solution'.

Brazil is fast-tracking a vote on a once-dormant bill that could require that data about Brazilians be stored on servers in the country.

Which will do absolutely nothing to anybody who doesn't have their shit IN Brazil already. You can't pass a law in Brazil and expect anyone in the rest of the world to pay attention. Keep in mind if people in Brazil want to access a foreign site, that site does NOT have to comply with Brazil's laws.

And India plans to ban government employees from using email services from Google and Yahoo Inc.

Wrong. India is planning on barring government employees from using ANY service other than the official Indian Government service.

fallout from revelations about NSA activities could cost Silicon Valley up to $35 billion in annual revenue, much of it from lost overseas business

Not likely. There isn't anything unique about Silicon Valley based businesses. The privacy concerns are universal across the planet, companies are not going to abandon US cloud services in favor of Russian, Chinese, European or other countries' services because those other services bear just as much, if not more, risk when it comes to Agency data snooping.
If anyone is going to be hurt, it's "cloud" services in general. Which doesn't make me cry any, as such solutions are fundamentally risky and people need to stop treating them as some kind of magic solution to their IT woes.

Re:So, U.S. domestic spying won't last long, then?

[stanlyb]

Then why Google has a special team for dealing with this "non-existent" lost business? And Microsoft too? And Amazon too? And Yahoo too?
I KNOW, i know, they are stupid, not so smart as you are (or more likely, you think you are...)

Re:So, U.S. domestic spying won't last long, then?

[Guppy06]

They're not hurt by the spying but by the disclosure. If these California companies didn't like the spying itself, you'd have seen them pour money into unseating Dianne Feinstein last year.

Expect instead to see these companies to lobby for feel-good measures that are simply aimed at making the story "go away."

Re:So, U.S. domestic spying won't last long, then?

More than likely the US government will just take more tax dollars from citizens and cut these big companies special tax breaks to make up for the lost revenue. So we will be paying more taxes to support the results of NSA spying on us. Cool huh?

Sealand...

Is it still up for sale?

Re:Sealand...

My thoughts similarly. When the headline mentioned "offshore havens", I thought the story was going to be about servers in international waters. But reading TFS, it simply means "not in the US".

Re:Sealand...

Of course it means 'not in the US'. Everyone knows that the US is the only country in the world that spies on its citizens and other countries. Therefore, you move them out of the US, spying stops!

Re:Sealand...

[stanlyb]

If you pass through Bronx and get raped, shame on rapist.
If you continue to do it, day after day, year after year.....(do i have to say the obvious?)

Re:Sealand...

And if the only route home passes through the Bronx... shame on who again?

Re:Sealand...

[stanlyb]

Do i still have to say the obvious???

Re:Sealand...

[stanlyb]

Be happy there is no "-1", as it would be you getting it, LOL.

Re:Sealand...

The answer is ALWAYS shame on the rapist.

Expect competitors for all big IT US companies

[lehphyro]

Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

Re:Expect competitors for all big IT US companies

Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.

Re:Expect competitors for all big IT US companies

Before all this, people didn't even think about creating a real competitor for Google or Amazon.

China:
http://bidu.com/
http://aliexpress.com/

Russia:
http://yandex.ru/

Just because you don't know of them, does not mean they are not there or not popular.

Re:Expect competitors for all big IT US companies

Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.

That's because people are idiots. Not only would a European-based competitor NOT prevent the NSA and GCHQ from getting at your data, it's not going to prevent any other agency from getting at it either.

Avoiding US-based services is nothing more than a bunch of political bullshit. If you're worried about the security of your data, the solution is not to stop using US-based services, the solution is to stop using cloud services in general and run things yourself. Shifting a data center from one country you dislike to another country which is going to do the same damn thing doesn't solve any of your problems.

Re:Expect competitors for all big IT US companies

Too right! Expect more business for hushmail, a Canadian encrypted email service. Not to mention encrypted personal VPN services like witopia or hidemyass that let you pop out into the Internet from another nation.

Re:Expect competitors for all big IT US companies

[jeti]

A non-US competitor to VISA would be even more important.

Re:Expect competitors for all big IT US companies

[mrspoonsi]

The big difference is...if a company is based in the USA the NSA can ask for practically anything, backdoors, etc and that company has to comply or shutdown.

I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.

Re:Expect competitors for all big IT US companies

The big difference is...if a company is based in the USA the NSA can ask for practically anything, backdoors, etc and that company has to comply or shutdown. I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.

This is true. We only have to give up customer data when handed specific official court orders (specific for the customer and case in question). It might be hard for Americans to believe after all their NSA revelations, but our law enforcement simply don't have similar blanket powers to request access without going through due process. We actually give customers a guarantee on this, and this guarantee is not written in a clever way to give NSA type loopholes.

Re:Expect competitors for all big IT US companies

[IamTheRealMike]

That's because people are idiots. Not only would a European-based competitor NOT prevent the NSA and GCHQ from getting at your data, it's not going to prevent any other agency from getting at it either.

I think that's a bold claim. Remember that when GCHQ wanted to spy on phone calls from the Middle East, they didn't do it by serving Belgacom with some dubious order from a bogus court. No such courts exist in Europe, at least as far as I know. They did it by hacking Belgacom directly and then they got caught when the telco went looking for them (and presumably evicted).

The UK has some pretty crap laws when it comes to surveillance, largely a hangover from the IRA era (which was a way scarier terrorist group than al-Qaeda, so it's somewhat understandable). The "9 hours at the border" thing comes from that time, it predates 9/11 actually. However the rest of Europe, not so much.

With regards to the solutions, I guess some companies will do exactly as you suggest and in source, or at least partially in-source private data. But that's a giant pain in the ass. Expect to see some novel and innovative approaches to squaring this circle in the coming years - cryptographers have spent a lot of time finding ways to do computation in the cloud over encrypted data. Perhaps they will finally see some of it get used.

Re:Expect competitors for all big IT US companies

You're welcome we've always prided ourselves on driving innovation. This is no exception.

Re:Expect competitors for all big IT US companies

[mars-nl]

I think you meant http://www.baidu.com/.

Spot on

[rogueippacket]

I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.
Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.

Re:Spot on

[Karl+Cocknozzle]

I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.

Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.

"Actual" and "measurable" are two different things. The simple truth is we don't really know the extent of what the NSA is up to or whom they're sharing this data with. Already there have been calls for this treasure trove of private information to be "shared" with private companies so they can "help out" in the fight against terrorism. And the fact that these organizations have the guts to publicly lobby for such access says to me that likely somebody somewhere in private industry already has access to some or all of it through "connections" and now wants this sharing legalized so their access to that knowledge can be leveraged for greater financial gain out in the open, in front of stockholders.

Re:Spot on

Pretty much the same here. The problem is that it is a poker game where everyone was cheating, but it was the US that got caught with the spare ace in the sleeve pocket.

The biggest answer is to split data via cryptographic sharing (not just cut the data into pieces, but using Shamir's system) and store it among cloud providers in multiple countries. It would require collusion and decryption of all the providers in order for a third party to get the data back, which is doable, but highly unlikely, especially data is stored in countries that don't cooperate with each other.

I've also seen this trend. It seems to have caused the push to store everything in the cloud to go back to storing locally, so I wouldn't be surprised of EMC has a windfall this near fiscal year because of people buying new drive arrays instead of stashing their stuff on Glacier or S3.

Re:Spot on

[AmiMoJo]

The fact that we don't know just makes it worse. We have to assume that the entire US and everything in it is compromised.

Re:Spot on

[Karl+Cocknozzle]

The fact that we don't know just makes it worse. We have to assume that the entire US and everything in it is compromised.

For the moment, I'd say that is a wise assumption. If I were a non-US corporation or person I'd be assuming the exact same thing. Until there is a full, detailed accounting--of the uncomfortable "truth commission" variety--all but the staunchest pro-authoritarian Americans will believe it anyway, so there's no sense delaying what absolutely has to happen.

It may yet be that the capitalist interests that the NSA are damaging might in the long-run have to expend considerable lobbying dollars to reverse some of this perception by drastically reining in the NSA. Or we can write-off a good chunk of the money we'd have otherwise made by innovating online.

Re:Spot on

[jeti]

Eduard Snowden wasn't employed by the NSA, but by Booz Allen Hamilton, which belongs to the Carlyle Group. Think about the opportunities insider information offers to these kinds of investors.

Re:Spot on

I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.

Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.

"Actual" and "measurable" are two different things. The simple truth is we don't really know the extent of what the NSA is up to or whom they're sharing this data with. Already there have been calls for this treasure trove of private information to be "shared" with private companies so they can "help out" in the fight against terrorism. And the fact that these organizations have the guts to publicly lobby for such access says to me that likely somebody somewhere in private industry already has access to some or all of it through "connections" and now wants this sharing legalized so their access to that knowledge can be leveraged for greater financial gain out in the open, in front of stockholders.

That would only give Corporate executives who are doing wrong time to cover their tracks or go a different direction. Businesses won't help the problem at all. They will only make it worse.

Re:Spot on

[AmiMoJo]

It seems like the US will have to undergo a painful examination of what it has done, as you suggest. Kinda like East Germany after the wall fell, or Soviet Russia after the collapse of the USSR.

Re:Spot on

[AHuxley]

My guess would be a ~1970's Soviet or late ~1970's South Africa timeline. Time for some good sockpuppets, world events, self printed cash flow and theatrics to win the world back to the big brands.
Still time and the smart contractors have some really great ideas.
The US still has time to offer 'free', charm and totally effortless connectivity to 'everybody' for a while longer.
The real fun starts when the use of 'free' web 2.0 services becomes useless as its flooded with fun, recreation, hobbies, sport and brings back less international political insight.
The warnings of the GCHQ become reality: dont ever let the public know they are been watched 24/7.

What about Americans?

So Brazil, Germany, and lots of others, get some sort of privacy back... but what about Americans? Why the hell should they be spied on just because someone in a uniform decides he's like to "collect it all"?

Re:What about Americans?

[Guru80]

No they don't get it back. Anyone who thinks that the minute those governments have access to that amount of data that they won't take a peak is fooling themselves. Welcome to the world we live in today. All through history, those in power always do whatever they can to leverage it. Today it is easier than ever since every single thing about every single person is basically in digital format and can be transported on an item the size of a finger nail. Privacy has all but been completely eroded by irresponsible people throughout the world.

Re:What about Americans?

Something called Democracy?

Re:What about Americans?

[gmuslera]

The americans were the ones that put the entire world into this. It had some time into making, and still were elected people controlled by the same pupeteers each time. It was pretty clear in previous election that worrying trends were just increase if Obama get reelected, and he did (and people were happy because the "other option" wasnt elected, even if both options would had the same people in control, and there actually were other options, if even were expressely voting for noone).

And you are just starting to realize how deep the rabbit hole goes, your private information is shared with Israel so any limitation US intelligence still have to access all your information it can be dodged using that proxy. And is not just privacy what is in danger, intellectual property if you are not one of the big players could be worthless, objectors are muted in a way or another, and press is tighly controlled. You don't have a democracy anymore, and your country is taking care that there is no democracy in practice anywhere else.

Re:What about Americans?

[swilver]

It's amazing that Americans think the world would have turned out different if they had voted for the other guy... American history must have been a string of electing the wrong guy each and every time then it seems.

Well...

This is what happens when you sleep with the NSA.

Nice, but

Great, build an offshore data center beyond the NSA's reach in the Bahamas, heavily guarded both physically and electronically.

How exacy will they stop the NSA from snooping in while data is getting there? If they plan to transport the tapes on a vessel from time to time, good luck getting funding for such project. What if the vessel accidentally bumps into a torpedo along the way?

Great

[LoRdTAW]

First we rid ourselves of manufacturing to become a country of services and intellectual property. Then we destroy the reputation of our services by spying on everyone who uses them. Good job government. Good job.

Re:Great

Yeah, let's shoot the messenger.

Re:Great

[sqrt(2)]

The NSA was not balancing anything. They are a rogue agency operating outside of the law and outside of meaningful oversight. Snowden is a patriot and a hero for exposing the criminals at the NSA for what they are. The NSA does not make America safer or more competitive at business. It's a liability to our freedom, our safety, and our economic security.

Re:Great

[torsmo]

Any ill reputation that US cloud services have acquired is entirely their own doing. Stop shoveling blame where none is warranted.

Re:Great

[stanlyb]

Wow, i have only one word for you: IDIOT

Re:Great

[stanlyb]

The simple fact that Snowden was able to get all these documents, and publish it, means only one thing: The question is not if this could be prevented, but when it will happen. As simple as that.

Re:Great

One's reputation depends on what you do, or do not do, to EARN that reputation. According to your rationale, the real guilty parties in the Watergate scandal were the two Washington Post journalists who published all the information, right? YOU FUCKING IDIOT!

Re:Great

What the fuck is wrong with you? Are there a lot of people in US that think like that? Wow! You must be a politician or something because usually people are not that stupid unless they are paid to be.

Re:Great

Well if your sibling snitches on you when you do something wrong, you are not suddenly innocent. You just got caught doing something wrong.

Re:Great

[gmuslera]

Yeah, we must jail the witnesses and leave free the assassins so they keep killing. You are sure that you won't be the next target, no? Or is just too deep into the culture to be too big to jail?

Re:Great

[gmuslera]

I just hope that the other countries realize that all the intellectual property agreements with US worths nothing in the actual situation, NSA are free to roam their internal networks and private mails, steal any intellectual property they want to give to big corporations to patent/copyright them so the original inventors don't have it, anywhere.

So no manufacturing, no services, and no intellectual property. Just a big bully sitting there.

Re:Great

Imagine that same reasoning applied to other situations ...

"You are accused of defrauding Mr. Foo. Do you plead guilty or not guilty?"
"Well, of course not guilty."
"But you already confessed that you took his money away instead of investing it as per your agreement with him. So you retract that confession?"
"No, I did do that, so no reason to retract."
"But then, why do you plead not guilty?"
"Well, Mr. Foo wouldn't have noticed it if he would not have been told by Mrs. Bar. Therefore it clearly is Mrs. Bar who is guilty."
"That argumentation is reasonable. I'd say we can close the case now."

Re:Great

[sqrt(2)]

You sound like a petulant child who blames his sibling for tattling on him for stealing cookies.

Re:Great

First we rid ourselves of manufacturing to become a country of services and intellectual property. Then we destroy the reputation of our services by spying on everyone who uses them. Good job government. Good job.

I supposed the government put a gun to the head of Corporate Executives and screamed OUTSOURCE TO CHINA AND INDIA FOR CHEAP LABOR because I'm shorting your stock.

Re:Great

[Monoman]

Hosting stuff in the US is like having the USSR build your embassy. :-)

The perception of privacy is valuable

[SpaceManFlip]

We may or may not have ever had any real privacy online, and only the naive would post revealing/personal/sensitive things anywhere online, but all along most folks have assumed that it would be WRONG for anyone to spy on your online business without warrants. And it most certainly fucking IS.

And here's the big-ass BUT, really, DARPA built the Internet. Someone has been spying on some of it all along, most certainly. BUT the level it has risen to with the holy excuse of THA TURRISTS is unexcusable. The Snowden Shaming was long overdue.

Re:The perception of privacy is valuable

And here's the big-ass BUT, really, DARPA built the Internet.

No: Internet/pre-Internet history is *much* more complex than that. The necessary research, technology design & network-building was done by multiple organizations in different nations around the world, with the early (incompatible) networks going live surprisingly close together.

Court Martial Alexander.

That is all.

Works as designed

[pesho]

Wasn't internet designed around the idea to route around damage? Places where spying on everybody and his sister is the norm certainly looks like something to be avoided. But then again, we don't want the terrorists to win. Right?

Re:Works as designed

[Nyder]

Wasn't internet designed around the idea to route around damage? Places where spying on everybody and his sister is the norm certainly looks like something to be avoided. But then again, we don't want the terrorists to win. Right?

Terrorism won. The terrorist took on the Big USA, claimed they weren't the "good guys" that they claimed to be. Come a decade later, we got Snowden showing exactly how much of dicks the USA Government really is, and that the terrorist aren't the big threat, but that the USA Government is the big threat. The one causing TERROR in the world.

Re:Works as designed

[Krneki]

Truth to be told the USA started to be a dick since the WWII.

Re:Works as designed

[qwak23]

Nah, we've been dicks from the start. I personally blame our English parents.

sad this is now nsa spying is going to get stopped

[Dan667]

US citizens outraged their Constititional Rights are being trampled on enough to end nsa spying on them? Nope. Mega corporations losing revenue because of nsa spying? That nsa spying needs to end immediately.

Client side cryptography

[pmontra]

I expect a surge in client side cryptography, where servers store encrypted data and the keys never leave the client. This can't suit every application but it could be a good selling point for a while. Most of it will be done in JavaScript for convenience, even if it's not a good idea. Mega is just an entry level example of what can go wrong. Some "real" client application (mobile or desktop) will be developed, I wonder if they'll get mainstream. Anyway that only raises the bar for whoever wants to spy on us. There are many other ways to bypass encryption (rootkits, 0 day exploits, etc), nevertheless it's going to increase their costs.

Re:Client side cryptography

[swillden]

Most of it will be done in JavaScript for convenience, even if it's not a good idea

http://www.w3.org/2012/webcrypto/

Re:Client side cryptography

[pmontra]

It's still exposed at least to cross-site scripting attacks, I think.

Re:Client side cryptography

[swillden]

It's still exposed at least to cross-site scripting attacks, I think.

Limiting XSS exposure is a key goal of the design effort.

Some agency will spy on you

[PPH]

Yes. But some countries do so only to maintain their domestic security. That's not always good, but I can deal with it. What many people don't like is losing their privacy in the name of propping up the US' good old boy commercial interests. And getting pulled into every global military dick swinging contest.

Some Agency

[Kirth]

However, a lot of companies will be more comfortable if an agency from their own country will be spying on them, if only to keep US-companies from getting business intelligence.

From that point of view, the USA just got too greedy with their industrial espionage.

At the end of the day, some agency will spy on you

Maybe, but we don't have to make it easy.

Data Haven in the Sultanate of Kinakuta

[advid.net]

I remember Cryptonomicon by Neal Stephenson: the data haven is built underground on some island with brand new huge pipes / data cables.
Who's going to be the Sultanate of Kinakuta ?

Re:Data Haven in the Sultanate of Kinakuta

Going to back up Bitcoin with german and Japanese war gold?

Missing the Point

[organgtool]

At the end of the day, some agency will spy on you

Yes and you can be sure that most governments are already spying on their own people. The point of using non-US cloud services is to limit the amount of eyes on your data. If your company is based outside of the U.S., your government is likely keeping their own tabs on internet traffic - maybe not to the same extent as the NSA, but it's likely happening nonetheless. Then, if you use U.S.-based cloud services, you have to worry about the U.S. government having access to that data as well. By using a provider in your own country, you limit the number of parties available to snoop on that data to the company offering the cloud services and your local government.

Re:Missing the Point

[gmuslera]

I take anytime a government spying in their own people over a government spying and controlling other countries people, sometimes even is a reaction for their own protection, to avoid the dangers implied of other government controlling your own people. Also, using Russia, China and a few more as all the 200+ governments is a good generalization to support that it must be good because others do it, there are thousands of people that steal, so everyone steals, so is ok that you do it, no?

Re:Missing the Point

[RabidReindeer]

I take anytime a government spying in their own people over a government spying and controlling other countries people, sometimes even is a reaction for their own protection, to avoid the dangers implied of other government controlling your own people. Also, using Russia, China and a few more as all the 200+ governments is a good generalization to support that it must be good because others do it, there are thousands of people that steal, so everyone steals, so is ok that you do it, no?

The difference is that if China has Total Information Awareness about you and you live in the US, their direct control over you is necessarily limited. The FBI, DHS, et. al. are all ultimately branches of the US Federal Government, which in turn has a lot of control in both carrot and stick forms over state and local government agencies. China cannot sic the FBI on you. The NSA on the other hand...

offshore

How stupid do you have to be to believe that there is even a single state on this Earth that isn't spying on the Internet or wouldn't shut-down or coerce a service operator to give them secret access?

Re:offshore

[stanlyb]

So, you would prefer to live in Bronx? Right? Because, it is all the same everywhere...

Dear europe.... It wont matter..

[Lumpy]

Because your endpoints will still be compromised.

Unless all of you are moving to Linux or BSD, we will still have full access to all your data.

Love,

The NSA

Re:Dear europe.... It wont matter..

[ArcadeMan]

What about my C64? Is it safe?

Re:Dear europe.... It wont matter..

should be, so long as you dont use facebooger (their CMS, AKAMAI, is an israeli spy front), and do not use your cellphone for connectivity (cellphone companies have billing software, usually AMDOCS, which is also an israeli spy front)

Re:Dear europe.... It wont matter..

[Errol+backfiring]

Given that mine is switched off now for more than 15 years, I think it is.

Re:Dear europe.... It wont matter..

[cpghost]

Very true w.r.t. endpoints.

Regarding alternative OS, it won't matter. Who says Intel, AMD, ARM, nVidia, RealTek and all other hardware manufacturers haven't already included backdoors into their firmwares and hardware design to please the NSA? There was an article recently in the German magazine C't about possible backdoors in Intel's Active Management's Technology (AMT). Even if turns out to be a hoax, for now, who knows what lays dormant in such firmware, waiting to be tapped by the NSA?

Re:Dear europe.... It wont matter..

[stanlyb]

And that was my reason to not even look at Intel's motherboards, at all, no matter the consequences. Sorry guys, you lost me long time ago with your TPM chips.

Re:Dear europe.... It wont matter..

[marcosdumay]

Also, be wary of your network cards, hard drivers, pen-drives, keyboards, mice, DVD drivers, and watever else you plug on your computers. If you plug your cellphone or tablet at your PC, you've already lost the PC.

And be wary of binary software distributed to you. Even if it's personally signed by someone you trust (and you trust the certificate you got), his computer may be compromissed. If it's not signed, well, you've already lost.

Changing your OS or trusting the manufacturer of your processor won't make any of that go away.

euro cloud concept is ignorant

[Karmashock]

it won't protect anyone.

If anything, it will simply expose europeans to spying by european governments by labeling your secret information secret and then putting it in their pocket.

Re:euro cloud concept is ignorant

No, but by making sure it's their own governments doing this to them, it does give them one extra power. The ability to vote the entire lot of them out of office if they dick shit up enough. That's something they couldn't do if it's a foreign government doing all the collecting and sharing of their data.

Re:euro cloud concept is ignorant

yeah, right, like anything happened after snowden leaks.. and how long they managed to keep the secret!

Re:euro cloud concept is ignorant

So you believe they don't have that access currently? But what would you prefer: European governments having access to your data, or European and American governments having access to your data?

Re:euro cloud concept is ignorant

it won't protect anyone.

I think it will do some nice economic wonders for European companies.

Re:euro cloud concept is ignorant

[Karmashock]

both will have access regardless.

The euro cloud will not stop the NSA.

It will be entirely ineffective at protecting people from that sort of thing.

You do not protect yourself from state cyber intelligence by centralizing your information in easily located systems.

You protect it by hiding it away.

The best security is simply being unknown.

If you really want to talk about security and privacy... the cloud itself is a threat. We shouldn't put as much on the cloud as we do now.

Misread the title..

[MadKeithV]

For a minute I thought the title was "NSA Internet Spying Sharks Race To Create Offshore Havens For Data Privacy". Those would have been some cool sharks.

About time

The US has been screwing the EU over for financial gain ever since the Marshall Plan.

Re:Government is shutting down.

[Jeremiah+Cornelius]

Will they shutdown the FBI, CIA and NSA? The DHS?

It's not a "Free Country", or even a plausible republic, with Secret Police.

"Offshore data havens" indeed

[kheldan]

Apparently it's not only politicians who are remarkably inept when it comes to technical matters, but many others as well. I think it's safe to say at this point that there is no way to 100% ensure that any data stored "in the cloud" is safe from the prying eyes of the truly motivated.

You want your data to be 100% secure? Then store it off-line. If the FBI, CIA, NSA, DHS, military intelligence, or whoever you care to name really wants to see what's stored on a USB flash drive or hard drive sitting on a shelf in my house (or stored in a safe deposit box, or in a vault somewhere, or buried in the ground in an undisclosed location) then they'll have to come and physically get it.

Re:"Offshore data havens" indeed

[stanlyb]

Exactly, that's the only sensible solution. Make them earn their salt. It is all number's game.

Re:"Offshore data havens" indeed

[Tokolosh]

Like your bank, medical, insurance, mortgage, employment, social security, credit card, Facebook, eBay and Amazon records. Put them on a flash drive buried in your back yard and the NSA has no chance. Good luck with that.

Re:"Offshore data havens" indeed

[stanlyb]

All of them, except Facebook are "public" records anyway, no point of trying to hide them. But facebook? which could tell stories about your personal life and contacts and feelings???

Re:"Offshore data havens" indeed

[kheldan]

I don't have Facebook anymore because they don't respect my basic right to privacy in the first place, and what makes you think I'm talking about "public records" anyway? I'm talking about data that is private and valuable to you or to your company.

Re:Government is shutting down.

I'm pretty sure they won't shut down the IRS. :-)

Stock markets?

[RoTNCoRE]

So now that the veil has been pulled back, when do we all realize that the next logical conclusion as citizens globally is to exit the stock market en masse? Any notion remaining that it was a fair game have been squashed - if NSA staff and contractors can monitor exes and lovers for months without effective oversight, imagine the financial incentive to do the same to C level execs?

Offshore data havens?

[The+Archon+V2.0]

Holy hell, William Gibson's Virtual Light is coming true! At least we don't have to worry until we see the middle class vanish and the rise of Christians who worship exclusively by watching television.

Oh, shit.

Re:Government is shutting down.

[Bucc5062]

The law was written so the President can set "essential" branches or programs that cannot be shut down. For example, the ACA program cannot be shutdown. Given the President's current track record, most secret agencies will be going strong tomorrow morning (though we wont know about it till they knock on the door).

Re: So, U.S. domestic spying won't last long, then

You're wrong. There's no risk of surveillance using US services.

It's a certainty

Spread it around

[AndyCanfield]

Sure every country has a spy group. But every country does not have the SAME spy group. My search engine is in Europe. My e-mail is in Russia. My web site is in Thailand. You think the KGB is going to share data with the NSA? No way.

You use various services on the Internet. Get those services from different companies, different countries. If you use Google for everything, then Google knows everything about you, and Google will tell the NSA. Yandex will not tell the NSA; no way; Yandex is in Moscow. Google's business plan is to become an expert on you, and I don't want ANYBODY to be an expert on me. It's not about who you trust, it's about trusting nobody.

It's not the servers.

It's the pipes, the fiber cable (overland and sea) and the microwave relay networks. Guess who these all belong to... The TelComs. That's right the phone company (it would be a misnomer to say phone companies--they all interconnected, both by electrical and corporate networks). Even if a country tried to isolate it's self from the NSA/TelCo cartel, if it were to connect to the rest of the world, it would still be venerable.

Just want to point out..

[tech.kyle]

This is what the Pirate Bay attempted to do back in 2007.

Irony tho... china

[Maxo-Texas]

Plenty of folks will use chinese IT services without considering the risk is equally great.

Sad to say but I'm all for breaking the internet back into smaller chunks. And that's going to create a lot of risk as people start pulling of terror plots which might have been seen before.

But-- we lose over 10x as many people as we ever did to terrorism. Our fear of terrorist acts are allowing a huge distortion of the 1st world societies.

The only safe haven...

... Is Tor. There's nothing stopping the USA from reaching across borders the same way it did with Kim Dotcom.

Re:Government is shutting down.

[cyn1c77]

I'm pretty sure they won't shut down the IRS. :-)

Actually, DHS is considered an essential service that will not be shut down, while IRS auditing will be shut down!

Excellent

"How do we scare the data out of the US so we can hack it at will?"

"Leak a story about how we currently hack it at will, and everyone will run offshore"

"Excellent...."

Re:Government is shutting down.

Only until the Republicans take the wheel, then they'll thank the Democrats for demonstrating what a useful tool it can be when they audit every left-wing organization.

"b-b-b-but Obama!" will replace the previous Republican cry of "b-b-b-but Clinton!" and we'll get more of the same because that's what everyone votes for.

Re:sad this is now nsa spying is going to get stop

Mega corps are already loosing money - people outside the U.S. are actively looking for non-US providers now. Before, they simply went with whatever provider they discovered - and the american ones were often the best known.

I'tll be interesting to see who is strongest - mega corps or the NSA. Not that it matters much for me, I have a non-US provider now anyway . . .

Oh... America... what happened to you?

[nensondubois]

The NSA is also hurting our internal relations, embarrassing us, and is affecting our economy aside from trampling our civil liberties. Good job government!

U.S. or Germany or France or the U.K

[manu0601]

'In the long run, there won't be any difference between what the U.S. or Germany or France or the U.K. is doing,'

As far as I know, neither Germany, France, not UK have secret courts, national security letters, gag orders...

Open source tools to create private cloud storage

[aikawa]

If your company/country wants to create its own private cloud storage, here is the fast way:

1) Set up an Alfresco server on Linux. Enterprise-class, scalable, very customizable.
2) Have users install CmisSync, it looks like a Dropbox client, but syncs with Alfresco (or any other CMIS-compliant server).

LOL

[SuperDre]

Like that's gonna help anything.. You have no certainty the company you are using offshore doesn't have any connections to the NSA or are safe from it (data still has to go from and to those servers)..

Waste of time

[lsatenstein]

NSA will simply setup shop in a consulate in that country, and it will be business as usual.

It is SPY vs SPY game as depicted in Mad Magazine of the 1960's