Slashdot Mirror
French, German Leaders: Keep European Email Off US Servers
jfruh writes "In her weekly podcast, German Chancellor Angela Merkel said she'd be discussing European email security with French President Francois Hollande. Specifically, in the wake of the NSA spying revelations, the two leaders will try to keep European email off of American servers altogether to avoid snooping. This comes as Merkel's government faces criminal complaints for assisting aspects of the NSA's programs."
So that you don't have to cross the Atlantic with emails and other things, but also can build up communication networks within Europe," Merkel said Saturday.
You mean if one were to send an email from Munich to Paris, it'd cross the Atlantic and come back?
NSA aside, that's a pretty sucky setup.
You COULD mandate end-to-end encryption if you were really that worried about it. That probably also wouldn't avoid snooping, but it'd make it a bit more difficult. We should probably also move away from using the browser as a mail client. But you're not really worried about snooping, are you? You're just worried about US snooping.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
it seems like a total fail understanding of the problem. as snowden elaborated in the german interview, moving the data doesnt fix it. its why the notion that snowden had copies of everything on his laptop for everyone to see is is also retarded. cloud or offsite properly encrypted works better than bringing it with you. "if the nsa can collect sms messages in china, it can certainly grab emails in germany".
The German Prism: Berlin Wants to Spy Too
French officials can monitor internet users in real time under new law
And some of the reports of "NSA spying" were in fact NSA being given phone data from European agencies.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
> This comes as Merkel's government faces criminal complaints for assisting aspects of the NSA's programs."
> twitter facebook linkedin Share on Google+
My favorite part of the whole thing is that they are facing criminal complaints for assisting the NSA, all while having also been spied on by the very people they assisted. Hmm a happy satisfied feeling from seeing others get what has been coming to them? I believe the Germans just might have a word for that.
"I opened my eyes, and everything went dark again"
News at 11.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Can't see how this will stop the NSA from snooping on Europeans' emails.
If you're sending an email from anywhere to anywhere, odds are that at least one or both of you are using an email account with one of the big US-based internet companies (Google, Yahoo, Microsoft, etc.). Or you don't even bother with email and use Facebook instead.
So your message is very likely to not only cross the Atlantic, but also get stored and backed up redundantly in several datacenters including servers in the US. This has nothing to do with internet architecture, just market forces and poor consumer options.
Internet routing only begins to matter to email security if your email account is hosted privately or by a local organization - and even then, you're better off securing the email by encryption than trying to compartmentalize a network that was designed from the beginning to ignore physical locations and borders.
Quite often I see that my E-mails had been routed via SMTP servers located in London. A quick review of E-mails that I received in the past show me that E-mails from Acerta (A organization in Leuven that deals with salary and social security administration of employees) to my Postfix server in Switzerland goes from Belgium to London to Netherlands to Zwitserland. The link between London and Netherlands was apparently not even encrypted. Why? And this is servers that voluntarily added "Received" headers. Who knows what's in between. In my opinion any IP traffic should only if *really* necessary go to Five eye members (when the destination is in one of those countries).
you're not gonna stop us from reading or listening to any of your conversations. We're the proud, the strong, and we own all of your communications :)
-- edited by NSA -- I think the US is a wonderfull place to live in full of freedom and democracy. I think all other countries are plotting terrorist attacks and they will fail.
You mean if one were to send an email from Munich to Paris, it'd cross the Atlantic and come back?
NSA aside, that's a pretty sucky setup.
It's how the Internet works. To quote directly from the experts: A target's phone call, e-mail or chat will take the cheapest path, not the physically most direct path.
Physical distance is not as important as congestion on the routes. So it might very well be that your data takes a much longer path that what you'd think, simply because it uses the fastest way, not the shortest.
Angela Merkel's approach is pretty idiotic, and it cannot fix the problems. First of all, most emails are routed through the US either because the sender or the recipient has an American email provider (Germans love Gmail, too). Secondly, even if that is not the case, can you be sure that the NSA doesn't spy on traffic in Frankfurt? It wouldn't surprise me.
Only true end-to-end encryption can be a solution. The government in Germany is currently pushing for DE-Mail, which relies on transport encryption only. So that means that your email provider can still snoop and so can the German government, which is probably the reason why they designed it like that in the first place. End-to-end encryption would have been possible, especially since the German government is spending much money rolling out their own PKI, with keys for every citizen right on their new national ID card.
There's a presentation about DE-Mail from last December's Chaos Communication Congress, it's worth watching (video also has an audio track with English translations).
You COULD mandate end-to-end encryption if you were really that worried about it. That probably also wouldn't avoid snooping, but it'd make it a bit more difficult.
They could send their emails in germanese
So now the French and Germans will only have their own governments spying on them and not the yanks too.
Hugh consolation there.
Is riseup.net any safe? Its servers are in the US, after all
What safe solutions exist nowadays?
...none of the EU countries monitor communications, right? This is completely an example of misdirection. "Look over there!!! Bad NSA!!! Bad US spy agencies!!"
The two rules for success are:
1) Never tell them everything you know.
"Chancellor Merkel thought of this plan immediately after she learned the Internet was a series of tubes."
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
It's even a law in Canada to prohibe company with data on canadians people to avoid any storage/transport of these data using any IT infrastrure in the USA.
Ceci n'est pas une Signature !
What safe solutions exist nowadays?
Data encryption.
Given the latency across the Atlantic, I wouldn't be surprised if all of the major US email providers host the mailboxes of their EU customers in the EU. If so, does that go against Merkel's wishes?
Never mind we are using ours to spy on you..
I think it just hilarious the world leaders want to act as if their hands are clean in this mess.
It's not just that the French and German government are going to move to doing business with non-US companies for email. There are many reports [citation needed] of governments and companies throughout the world choosing non-US cloud providers who promise not to have servers in the US. This is showing up on companies earnings reports in reduced overseas sales.
At first I thought it was silly - all governments want to be able to get their hands on data stored in their domain, so moving from the US just changes the potential actor. Then I thought "why would you store your secrets in a place you don't control?" If you've got something very, very secret, you don't store it in a bank, you hide it somewhere on your property (and no, I do not have anything very very secret :-) ) so it makes sense for governments to store their data on their own servers. And if they're technically capable, their own government cloud (sadly, not built by the US).
-- Everything is wonderful until you know something about it.
You mean that if google has a gmail server sitting in Germany that it won't be able to access all the content on that server? What?
If some NSA/FBI/CIA goon walks into an google/yahoo/whatever office in the US and hands a secret court order for a US citizen to dig through the German server the guy is going to dig through the German server. If anything a google run German based server is actually more legally friendly to the CIA/NSA as now they can be fairly certain they aren't trolling through US-US communications.
So if the US passed a law tomorrow (that was actually obeyed) that 100% banned any interception of communications of one US citizen with another then setting up European only servers would be something the NSA would want Google to to.
If Europe is truly serious about defending their privacy they would insist upon audited servers stationed in Europe run by natural born European citizens with single nationality and no family or economic ties outside of their legal reach. Then they would need to make a ferociously punitive fine for any employes, management, or companies that violate these privacy rights with a huge portion of the fines going to any whistleblower.
Another suggestion I have is for some European company to buy blackberry and make those phones truly and uncompromisingly secure with features such as one time pads.
Someone could maybe tell Merkel that there is no "German internet" and no "American internet"?
Saying that you want to "keep emails in Europe" is like sitting in the swimming pool noticing that some piss in the pool so you decide to put a chain across the middle of the pool and declare that in your side only non-peers may swim while those that pee in the water have to stay on the other side.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
EU Data Protection laws require a company to protect the privacy of the people it receives email from. Now the fallacy of the Safe Harbor agreement has become clear, using US providers means knowingly placing privacy in jeopardy.
Silicon Valley has a MASSIVE problem on its hands in this context: even if a US company WANTED to protect client information (and let's be honest, lots of them actually do), they are legally not in a position to do so. The biggest problem is that this is a legal issue, and that will take at least a decade to fix...
Insert
Given that GCHQ is a loyal lapdog of the NSA, you'll have to exclude ole Britannia Servers as well.
We already have nodes running inside both countries which tap the main lines.
Illegal? Of course.
Unconstitutional? Only if, as they are designed to do, they capture American emails too.
Stupid? Heck, this is America ... does that answer your question?
-- Tigger warning: This post may contain tiggers! --
Yes. This is the last one, and if this isn't true and Slashdot.org will permanently resemble a wife married for 28 years with a fifteen year old son and a twelve year old daughter so be it, I spent most of my early life without sex (ie Please tell me the browser cache is screwing with me. Please tell me that my wife wants to have sex more often ( ok that isn't going to happen, I have a 12 and 15 year old) Do we really have Slashdot.org back? Isn't that better than writing a curse word in caps? No. Please tell me this SHIT,SHIT,SHIT,FUCKING,FUCKING,FUCKING,JACKASS,JACKASS,JACKASS beta experiment is dead and buried. Excuse my French.
Let's make it clear: The blind and the other blind are trying to avoid observation by the seeing through taking of their fake glasses – that's it.
They want their technology back. Honestly, Angela should talk to people who know what they are doing before making such silly statements.
Yes, Let's put another dead bolt on that front door. Don't worry about the unlocked screen door in back. Nobody sees it. Besides, they certainly wouldn't dare go back there, would they?
Heh.