Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Internet Spying Sparks Race To Create Offshore Havens For Data Privacy

Posted by samzenpus on from the keeping-a-lid-on-it dept.

schwit1 writes "Some European leaders are renewing calls for a 'euro cloud,' in which consumer data could be shared within Europe but not outside the region. Brazil is fast-tracking a vote on a once-dormant bill that could require that data about Brazilians be stored on servers in the country. And India plans to ban government employees from using email services from Google and Yahoo Inc. It is too soon to tell if a major shift is under way. But the Information Technology and Innovation Foundation estimates that fallout from revelations about NSA activities could cost Silicon Valley up to $35 billion in annual revenue, much of it from lost overseas business. A survey conducted this summer by the Cloud Security Alliance, an industry group, found that 56% of non-U.S. members said security concerns made it less likely that they would use U.S.-based cloud services. Ten percent said they had canceled a contract. Even some companies that seek to profit from fears about U.S. snooping acknowledge that law-enforcement agencies in other countries want to catch up with Washington's capabilities. 'In the long run, there won't be any difference between what the U.S. or Germany or France or the U.K. is doing,' says Roberto Valerio, whose German cloud-storage company, CloudSafe GmbH, reports a 25% rise in business since the NSA revelations. 'At the end of the day, some agency will spy on you,' he says."

48 of 166 comments (clear)

  1. Consolidation in the Cloud? by Anonymous Coward · · Score: 3, Insightful

    The answer is not consolidation but more decentralization.

    1. Re:Consolidation in the Cloud? by Anonymous Coward · · Score: 3, Funny

      My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.

    2. Re:Consolidation in the Cloud? by gmuslera · · Score: 2

      Forbidding providers to put clausules in your contract that don't let you do that, in example. There are places where a dynamic IP is given to full time home connection, to specifically avoid setting fixed IP servers there. Is not mandating to put servers in each home, but not putting an extra cost if a person want to do so. Is not exactly rocket science by now, at least for doing it at personal level.

    3. Re:Consolidation in the Cloud? by marcosdumay · · Score: 3, Insightful

      Err...there's nothing stopping people now from setting up their own servers at home

      In most of the world yes there is. There are government granted telecom monopolies that will block ports at random, unless you pay a small fortune for a business account.

      --
      Rethinking email
    4. Re:Consolidation in the Cloud? by VortexCortex · · Score: 2

      My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.

      Interesting! I would like my prosumer mo-social wireless content delivery strategy to synergize with your thinking-inside-the-box solution, but the interface to my problem space may need realignment to fit the new paradigm. Do you support RFC 1149 - IP over Carrier Pigeon?

    5. Re: Consolidation in the Cloud? by Anonymous Coward · · Score: 2, Insightful

      *cough*IPv6*cough*

    6. Re:Consolidation in the Cloud? by amber_of_luxor · · Score: 2

      The CIA has operated a communication intercept station in Mongolia since the early sixties. Whilst its focus is on Russian and Chinese communications, it does pickup, and analyze Mongolian signals.

      How can you ensure that those ponies don't pass through the CIA communications intercept station?

      Amber

      --
      Wind Beneath Thy Wings
  2. I've read this book... by CryptoJones · · Score: 3, Informative

    it was called Cryptonomicon.

    --
    "Chance favors the prepared mind." ~Me
  3. Sealand... by Anonymous Coward · · Score: 2, Interesting

    Is it still up for sale?

  4. Expect competitors for all big IT US companies by lehphyro · · Score: 4, Insightful

    Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

    1. Re:Expect competitors for all big IT US companies by Anonymous Coward · · Score: 5, Interesting

      Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

      Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.

    2. Re:Expect competitors for all big IT US companies by Anonymous Coward · · Score: 3, Insightful

      Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

      Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.

      That's because people are idiots. Not only would a European-based competitor NOT prevent the NSA and GCHQ from getting at your data, it's not going to prevent any other agency from getting at it either.

      Avoiding US-based services is nothing more than a bunch of political bullshit. If you're worried about the security of your data, the solution is not to stop using US-based services, the solution is to stop using cloud services in general and run things yourself. Shifting a data center from one country you dislike to another country which is going to do the same damn thing doesn't solve any of your problems.

    3. Re:Expect competitors for all big IT US companies by jeti · · Score: 2

      A non-US competitor to VISA would be even more important.

    4. Re:Expect competitors for all big IT US companies by mrspoonsi · · Score: 2, Insightful

      The big difference is...if a company is based in the USA the NSA can ask for practically anything, backdoors, etc and that company has to comply or shutdown.

      I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.

    5. Re:Expect competitors for all big IT US companies by Anonymous Coward · · Score: 2, Interesting

      The big difference is...if a company is based in the USA the NSA can ask for practically anything, backdoors, etc and that company has to comply or shutdown. I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.

      This is true. We only have to give up customer data when handed specific official court orders (specific for the customer and case in question). It might be hard for Americans to believe after all their NSA revelations, but our law enforcement simply don't have similar blanket powers to request access without going through due process. We actually give customers a guarantee on this, and this guarantee is not written in a clever way to give NSA type loopholes.

    6. Re:Expect competitors for all big IT US companies by IamTheRealMike · · Score: 2

      That's because people are idiots. Not only would a European-based competitor NOT prevent the NSA and GCHQ from getting at your data, it's not going to prevent any other agency from getting at it either.

      I think that's a bold claim. Remember that when GCHQ wanted to spy on phone calls from the Middle East, they didn't do it by serving Belgacom with some dubious order from a bogus court. No such courts exist in Europe, at least as far as I know. They did it by hacking Belgacom directly and then they got caught when the telco went looking for them (and presumably evicted).

      The UK has some pretty crap laws when it comes to surveillance, largely a hangover from the IRA era (which was a way scarier terrorist group than al-Qaeda, so it's somewhat understandable). The "9 hours at the border" thing comes from that time, it predates 9/11 actually. However the rest of Europe, not so much.

      With regards to the solutions, I guess some companies will do exactly as you suggest and in source, or at least partially in-source private data. But that's a giant pain in the ass. Expect to see some novel and innovative approaches to squaring this circle in the coming years - cryptographers have spent a lot of time finding ways to do computation in the cloud over encrypted data. Perhaps they will finally see some of it get used.

  5. Spot on by rogueippacket · · Score: 3, Interesting

    I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.
    Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.

    1. Re:Spot on by Karl+Cocknozzle · · Score: 5, Insightful

      I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.

      Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.

      "Actual" and "measurable" are two different things. The simple truth is we don't really know the extent of what the NSA is up to or whom they're sharing this data with. Already there have been calls for this treasure trove of private information to be "shared" with private companies so they can "help out" in the fight against terrorism. And the fact that these organizations have the guts to publicly lobby for such access says to me that likely somebody somewhere in private industry already has access to some or all of it through "connections" and now wants this sharing legalized so their access to that knowledge can be leveraged for greater financial gain out in the open, in front of stockholders.

      --
      Who did what now?
    2. Re:Spot on by AmiMoJo · · Score: 4, Insightful

      The fact that we don't know just makes it worse. We have to assume that the entire US and everything in it is compromised.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Spot on by Karl+Cocknozzle · · Score: 3, Interesting

      The fact that we don't know just makes it worse. We have to assume that the entire US and everything in it is compromised.

      For the moment, I'd say that is a wise assumption. If I were a non-US corporation or person I'd be assuming the exact same thing. Until there is a full, detailed accounting--of the uncomfortable "truth commission" variety--all but the staunchest pro-authoritarian Americans will believe it anyway, so there's no sense delaying what absolutely has to happen.

      It may yet be that the capitalist interests that the NSA are damaging might in the long-run have to expend considerable lobbying dollars to reverse some of this perception by drastically reining in the NSA. Or we can write-off a good chunk of the money we'd have otherwise made by innovating online.

      --
      Who did what now?
    4. Re:Spot on by jeti · · Score: 4, Informative

      Eduard Snowden wasn't employed by the NSA, but by Booz Allen Hamilton, which belongs to the Carlyle Group. Think about the opportunities insider information offers to these kinds of investors.

  6. Great by LoRdTAW · · Score: 4, Insightful

    First we rid ourselves of manufacturing to become a country of services and intellectual property. Then we destroy the reputation of our services by spying on everyone who uses them. Good job government. Good job.

    1. Re:Great by sqrt(2) · · Score: 5, Insightful

      The NSA was not balancing anything. They are a rogue agency operating outside of the law and outside of meaningful oversight. Snowden is a patriot and a hero for exposing the criminals at the NSA for what they are. The NSA does not make America safer or more competitive at business. It's a liability to our freedom, our safety, and our economic security.

      --
      If you build it, nerds will come. Soylentnews.org
    2. Re:Great by gmuslera · · Score: 2

      Yeah, we must jail the witnesses and leave free the assassins so they keep killing. You are sure that you won't be the next target, no? Or is just too deep into the culture to be too big to jail?

    3. Re:Great by Monoman · · Score: 2

      Hosting stuff in the US is like having the USSR build your embassy. :-)

      --
      Keep the Classic Slashdot.
  7. The perception of privacy is valuable by SpaceManFlip · · Score: 4, Insightful
    We may or may not have ever had any real privacy online, and only the naive would post revealing/personal/sensitive things anywhere online, but all along most folks have assumed that it would be WRONG for anyone to spy on your online business without warrants. And it most certainly fucking IS.

    And here's the big-ass BUT, really, DARPA built the Internet. Someone has been spying on some of it all along, most certainly. BUT the level it has risen to with the holy excuse of THA TURRISTS is unexcusable. The Snowden Shaming was long overdue.

  8. Re:doesn't europe spy as well? by CRCulver · · Score: 5, Insightful

    Industrial espionage is a big concern. It has been known since at least 2001 (when Echelon was widely covered in the press and the European Parliament opened an investigation) that the NSA has intercepted communications among European companies and then handed over business secrets to their American competitors. Even if it wouldn't protect individuals' privacy, the idea is that a European cloud would protect European businesses.

  9. Some agency will spy on you by PPH · · Score: 2

    Yes. But some countries do so only to maintain their domestic security. That's not always good, but I can deal with it. What many people don't like is losing their privacy in the name of propping up the US' good old boy commercial interests. And getting pulled into every global military dick swinging contest.

    --
    Have gnu, will travel.
  10. Re:doesn't europe spy as well? by Balinares · · Score: 5, Interesting

    Countries like France and UK, yeah, absolutely. Germany... is slightly more touchy about issues pertaining to surveillance and the general topic of totalitarianism, for some reason.

    Iceland overthrew its government when said government wouldn't jail bankers. If Iceland says they ain't going to spy on people because fuck that, I would lean toward cautiously trusting them.

    --

    -- B.
    This sig does in fact not have the property it claims not to have.
  11. Some Agency by Kirth · · Score: 2

    However, a lot of companies will be more comfortable if an agency from their own country will be spying on them, if only to keep US-companies from getting business intelligence.

    From that point of view, the USA just got too greedy with their industrial espionage.

    --
    "The more prohibitions there are, The poorer the people will be" -- Lao Tse
  12. Data Haven in the Sultanate of Kinakuta by advid.net · · Score: 2

    I remember Cryptonomicon by Neal Stephenson: the data haven is built underground on some island with brand new huge pipes / data cables.
    Who's going to be the Sultanate of Kinakuta ?

  13. Re:doesn't europe spy as well? by dgatwood · · Score: 4, Interesting

    Pretty much. Governments have long recognized that the existence of a decentralized packet-switched network makes spying on its citizens harder. Therefore, their goal is to break the Internet, splitting it off into lots of little regional networks that don't fully talk to one another, requiring companies to store data on their citizens in country-specific servers so that it is easier to keep track of everything that's happening, etc. Government would love to go all the way back to the circuit-switched days of mainframe computing if they could.

    This is why we, as citizens of the world, must unite to demand more reasonable policies, starting with laws that fine companies an exorbitant amount of money for sharing information about their citizens with foreign governments without a warrant from the citizens' governments. If Google were hit with a million dollar fine every time it obeyed an NSL without getting a court order from whatever country the target was from, Google would then be forced to sue the federal government to reclaim those damages, forcing the U.S. government to act like a proper player on the world stage instead of a world-class thug that bullies its way into whatever information it wants.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  14. Missing the Point by organgtool · · Score: 2

    At the end of the day, some agency will spy on you

    Yes and you can be sure that most governments are already spying on their own people. The point of using non-US cloud services is to limit the amount of eyes on your data. If your company is based outside of the U.S., your government is likely keeping their own tabs on internet traffic - maybe not to the same extent as the NSA, but it's likely happening nonetheless. Then, if you use U.S.-based cloud services, you have to worry about the U.S. government having access to that data as well. By using a provider in your own country, you limit the number of parties available to snoop on that data to the company offering the cloud services and your local government.

  15. Dear europe.... It wont matter.. by Lumpy · · Score: 2

    Because your endpoints will still be compromised.

    Unless all of you are moving to Linux or BSD, we will still have full access to all your data.

    Love,

    The NSA

    --
    Do not look at laser with remaining good eye.
  16. euro cloud concept is ignorant by Karmashock · · Score: 2

    it won't protect anyone.

    If anything, it will simply expose europeans to spying by european governments by labeling your secret information secret and then putting it in their pocket.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  17. Re:doesn't europe spy as well? by tchdab1 · · Score: 2

    Yes - data safes are worthless when the spy agency has access to all the I/O pipes.

  18. Re:doesn't europe spy as well? by Bigbutt · · Score: 3, Interesting

    Yea, we had to have a special network connection through the American Embassy in France so we could exchange e-mail without the French reading the emails. We put it into place when the French would ask about something that was only disclosed in the email.

    [John]

    --
    Shit better not happen!
  19. Misread the title.. by MadKeithV · · Score: 2

    For a minute I thought the title was "NSA Internet Spying Sharks Race To Create Offshore Havens For Data Privacy". Those would have been some cool sharks.

  20. Re:doesn't europe spy as well? by SuricouRaven · · Score: 5, Interesting

    And China has been accused of it many, many times - they barely even bother to hide it. Every country does it, then acts outraged when all the others do too.

  21. Re:doesn't europe spy as well? by SuricouRaven · · Score: 2

    That particular problem can be solved with simple encryption. No need for the fancy stuff - simple symmetric will do.

  22. Re:Government is shutting down. by Jeremiah+Cornelius · · Score: 4, Insightful

    Will they shutdown the FBI, CIA and NSA? The DHS?

    It's not a "Free Country", or even a plausible republic, with Secret Police.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  23. "Offshore data havens" indeed by kheldan · · Score: 2

    Apparently it's not only politicians who are remarkably inept when it comes to technical matters, but many others as well. I think it's safe to say at this point that there is no way to 100% ensure that any data stored "in the cloud" is safe from the prying eyes of the truly motivated.

    You want your data to be 100% secure? Then store it off-line. If the FBI, CIA, NSA, DHS, military intelligence, or whoever you care to name really wants to see what's stored on a USB flash drive or hard drive sitting on a shelf in my house (or stored in a safe deposit box, or in a vault somewhere, or buried in the ground in an undisclosed location) then they'll have to come and physically get it.

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  24. Re:doesn't europe spy as well? by V+for+Vendetta · · Score: 3, Interesting

    Germany... is slightly more touchy about issues pertaining to surveillance and the general topic of totalitarianism, for some reason.

    Yes, we (the German people) are. No, we (the German government) are not. The later will happily share whatever they acquire with its "friends" in Europe and overseas.

    Technically both NSA and BND/Verfassungschutz are not spying on their own people ... but if the BND spies on Americans and the NSA spies on Germans and both swap their findings, all laws were respected.

    I'm not making this weird shit up, that's actually how our government argued in this affair. Granted the wording they used was of course more not-so-obvious politian-speak. But that's what they said.

  25. Offshore data havens? by The+Archon+V2.0 · · Score: 4, Insightful
    Holy hell, William Gibson's Virtual Light is coming true! At least we don't have to worry until we see the middle class vanish and the rise of Christians who worship exclusively by watching television.

    Oh, shit.

  26. Re:Government is shutting down. by Bucc5062 · · Score: 2

    The law was written so the President can set "essential" branches or programs that cannot be shut down. For example, the ACA program cannot be shutdown. Given the President's current track record, most secret agencies will be going strong tomorrow morning (though we wont know about it till they knock on the door).

    --
    Life is a great ride, the vehicle doesn't matter
  27. Spread it around by AndyCanfield · · Score: 3, Insightful

    Sure every country has a spy group. But every country does not have the SAME spy group. My search engine is in Europe. My e-mail is in Russia. My web site is in Thailand. You think the KGB is going to share data with the NSA? No way.

    You use various services on the Internet. Get those services from different companies, different countries. If you use Google for everything, then Google knows everything about you, and Google will tell the NSA. Yandex will not tell the NSA; no way; Yandex is in Moscow. Google's business plan is to become an expert on you, and I don't want ANYBODY to be an expert on me. It's not about who you trust, it's about trusting nobody.

  28. Re:doesn't europe spy as well? by dgatwood · · Score: 3, Insightful

    Your point and my point are not really in conflict; they're just two sides of the same coin. Ultimately, the first goal of government, sadly, is and has always been maintaining and concentrating power. It shouldn't be that way, but it is. Other governments knowing things about your citizens weakens your own government's power, because those other countries could potentially learn some of your country's secrets. (This is particularly true for business communications.) Your own government knowing things about its citizens increases its power, because it gives them information not only about security threats, but also about potential threats to your power. It also gives them ammunition that they can use for blackmail if they need to silence a dissenter. Therefore, the natural tendency is for a government to want to increase its ability to spy on its citizens while decreasing the ability of other governments to do so. I cite as an example the extensive U.S. government surveillance of people involved in the Occupy movement.

    Complete global decentralization, which the Internet typically trends towards in the absence of interference, limits the ability of all governments to spy on anyone. This does not meet the above goals. However, regional centralization (such as EU member governments encouraging people to use servers within the EU) in lieu of global centralization decreases the ability of governments to spy on people from other countries/economic communities, while increasing governments' ability to spy on people in their own countries. This is a win-win for European governments; they get the political win of being able to say that they're protecting people from the watchful eye of the nefarious U.S. government, all the while centralizing that data in a location where it is more easily reachable by their own governments through subpoenas and what not.

    This article is a good read on the subject.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  29. Re:Government is shutting down. by cyn1c77 · · Score: 2

    I'm pretty sure they won't shut down the IRS. :-)

    Actually, DHS is considered an essential service that will not be shut down, while IRS auditing will be shut down!