Eric Schmidt: Anxiety Over US Spying Will "Break the Internet"

jfruh writes Oregon Senator Ron Wyden gathered a group of tech luminaries to discuss the implications of U.S. surveillance programs, and Google Chairman Eric Schmidt didn't mince words. He said that worries over U.S. surveillance would result in servers with different sets of data for users from different countries multiplying across the world. "The simplest outcome is that we're going to end up breaking the Internet."

Very easy to solve

[Karmashock]

Restore the prohibitions against spying and require real warrants to engage. No more dragnets.

Things are just going to keep getting worse until it happens.

Re:Very easy to solve

[Cenan]

Yeah, because we trust them to abide by the law. This is a problem that words on paper won't be able to solve. You cannot ever prove that the NSA (or whichever agency) does not snoop, even if the law says they can't do it. They have been proven to snoop, the cat is out of the bag, end of story.

Re:Very easy to solve

[NormalVisual]

They have been proven to snoop, the cat is out of the bag, end of story.

And they've been proven to have no problem lying to Congress as well. "You didn't see it, so I didn't do it."

Re:Very easy to solve

[dugancent]

Cut their funding. No money, no spying.

Re: Very easy to solve

This. You guys are complaining about how bad your internet infrastructure is. Use the 10 billion per year that you are paying to be spied on to upgrade the nations backbone instead. I think that would improve many things.

Re:Very easy to solve

[Cenan]

You're right, whatever agency has their funding cut won't be spying anymore. That won't solve the underlying trust problem though. It's not the NSA that people don't trust, it's USA.

Re: Very easy to solve

[dimeglio]

The problem is not spying on US citizens, it's spying data from foreign citizens stored on US based cloud servers. Something the US will never stop doing any more than they will stop body searches on domestic/foreign flights.

Re: Very easy to solve

This. You guys are complaining about how bad your internet infrastructure is. Use the 10 billion per year that you are paying to be spied on to upgrade the nations backbone instead. I think that would improve many things.

We tried that, and the major ISPs just pocketed the money.

Re:Very easy to solve

[Karmashock]

This ignores that the information privacy laws in these other countries is often no better or often worse then the US. So you're just exchanging one set of snoops for another. And again, if the US government wants the data... chances are they'll get it so long as the information is centralized.

The only solution against government snoops is decentralized storage in small obscure systems. The big cloud systems are the enemy.

Re:Very easy to solve

We will not "break the Internet". Worry over spying may cause people to take more interest in protecting their privacy, which may break Google's business model.

Boo hoo.

Re: Very easy to solve

Before that could ever happen, we'd need to upgrade the nation's backbone. Not the internet one, the other one.

Re:Very easy to solve

[Tokolosh]

And the courts who are supposed to be overseeing them have proven to be no more than rubber stamps.

I think the judicial branch has a lot to answer for in this whole mess, from letting AT&T retroactively off the hook, to accepting secret FISA courts, to issuing warrants to SWAT teams on negligible evidence.

Re: Very easy to solve

[Noah+Haders]

I think the problem is 100% US spying on its citizens.

Re:Very easy to solve

[fustakrakich]

Nonsense. Like the CIA, they already sustain themselves through the sale of contraband. Nobody is going to stop them without a war.

Re:Very easy to solve

[Frobnicator]

Worry over spying may cause people to take more interest in protecting their privacy, which may break Google's business model.

Boo hoo.

The problem isn't really with Google's business model.

It also is not limited to the US government.

Think back to various releases. News stories of the US government intercepting Cisco equipment shipments, installing back doors, and sealing them back in their original boxes with new factory seals. There are many news stories of logs with people communicating over supposedly secure connections and exchanging honeypot URLs, only to have the honeypot link hit several hours later by government-owned IP blocks or sometimes Microsoft or Apple IP blocks when using their 'secure' products.

As a result of those we set up honeypot links of our own, and I've seen reports that a percent of our site-to-site messages with honeypot links really are being visited by IP blocks from several nations. This is not just the US government, multiple governments and probably multiple big businesses have their spying tendrils inside businesses. We're looking for and slowly tightening down on potential leaks, either that or the assorted groups are slowly hitting our honeypots less and less. I used to think some of our security policies were draconian, but seeing how many probably-government groups are watching internal messages, I've become quite paranoid myself.

If someone cannot trust that their encrypted, supposedly secure communications are safe, they will stop using the products. When a government IP address hits a honeypot link shared over Apple's iMessage, does that mean Apple is a willing participant forwarding the messages while telling the public it is secured, or does that mean Apple is a victim too? Either way, iMessage is now one of many banned products in our workplace, sending any type of secure business information over it (or over Lync or Google's services or any but a short list of secure communications programs) has become a fire-able offense.

When the news broke on the Cisco equipment being intercepted this spring, their stock price plummeted and orders slowed. I know in my organization there were several major purchasing announcements, and they only buy HP equipment now (although I'm sure those are intercepted just as readily). Cisco went directly to the POTUS both publicly and privately to tell them to stop harming the company. I would not be surprised if their lawyers are nearly ready to file lawsuits for tortuous interference.

This is about far more than Google's business model. People cannot communicate within their own company infrastructure about business needs without some sort of government espionage or corporate spying. It is completely out of control.

Re:Very easy to solve

[Forgefather]

As intrusive as I find Google's business model there is no changing the fact that the vast majority of internet content exists only because of add revenue. If that revenue were to dry up then it is quite likely that the internet would be facing a large crisis as so many users have been conditioned to believe they don't have to pay out of wallet for browsing web content.

This is not to support the sensationalist quote from Eric Schmidt, but merely to point out that Google's business model, and the business models of similar companies, are currently the reality of how the internet functions without pay walls. This was in a slashdot article a while ago, but it would cost the average user $230 a year to use the internet without adds.

http://www.telegraph.co.uk/tec...

While this is not really that large of an amount considering what Comcast extorts its average user for, it is worth mentioning that this would require individual signups for almost every website which throws a wet blanket over the prospect of most internet start ups who are looking to lower the barrier to entry as far as possible. Like it or not adds support the internet and targeted adds are the most valuable.

Instead of dismissing targeted adds as a concept I would prefer to know exactly what is being tracked about me so that I can separate the sensitive information from information that would be useful to marketers.

Nice wording

[JeffOwl]

I like how the title of the article is "Jitters over US surveillance..." implying that the surveillance itself isn't the problem, we just need to get comfortable with it.

Re:Nice wording

[bickerdyke]

While surveillance itself is problematic, too, it wasn't a real problem before. I used to be comfortable with the fact that in some cases, police and FBI could wiretap phones and intercept email. So surveillance isn't exactly the problem either.

The "problem" is that this power has been heavily misused and that the trust that surveillance would only be directed to crime suspects is now lost. And people losing trust in police IS a problem.

Re:Nice wording

And people losing trust in police IS a problem.

It is, but not directly related to this.
This is about the rest of the world no longer trusting the US. You will sometimes see comments on slashdot in the lines of "The constitution doesn't apply to non-US citizens." and similar when human rights violations are up for discussion.
That you see comments like that in a group that is supposedly well educated hints to me that there is a widespread lack of knowledge in the US about the UN bill of human rights and that the US has ratified it. (At least the more basic parts where it clearly says that human rights should be applied equally regardless of nationality.)
It also tells me that it is common in the US to either not care about human rights or to not consider non-US citizens to be human. (This is a matter of empathy, even if a nation doesn't have laws that protects human rights a person can still stand up for what is morally right.)

The problems the US have with the government not following the constitution isn't that relevant to Internet. Its that neither the government nor the population cares about playing fair with the rest of the world that is the problem here.
Now, both are very serious problems and may have the same cause, but that isn't necessarily the case.

Re:Nice wording

[The+Ickle+Jones]

And people losing trust in police IS a problem.

Everyone should be distrustful of the government. Otherwise, it is difficult to maintain your freedoms. This is a healthy attitude for any free country. It doesn't mean you should blindly distrust everything, but be cautious of what powers they want and see how they could be abused.

Meaning

[StripedCow]

Did he mean "breaking" as in: services becoming more federated instead of being governed by 1 or 2 mega-corporations?

Re:Meaning

[Monoman]

Probably. Breaking a business model and breaking the Internet are two very different things but they probably mean the same to him.

Re:Meaning

[NoNonAlphaCharsHere]

And by "more federated" we really mean "more feudal". What Schmidt is worried about is Google's loss of world hegemony, which is inevitable as the rest of the second and third world gets wired and/or broadband. When he talks about concerns about US spying, he's really worrying about the loss of Europe.

"It's a harder problem to solve because it's seen as personal," he [Schmidt] said. "We're very concerned that there will be a sort of 'Buy European' movement."

He doesn't really need to worry about that as much as he needs to worry about Net Neutrality. That's what's going to "break the Internet", when Comcast gets their wish of charging different content providers different rates, everyone, down to the ISP (last mile) level will eventually follow suit. Schmidt will end up paying a different rate to deliver YouTube to each individual customer. Eventually he'll have BIGGER server farms dedicated to billing, cross-licensing, etc. than he has for content today.

Re:Meaning

[Solandri]

While the significant anti-Google sentiment among privacy advocates is not without merit, Schmidt has a point. There are basically two models for how the Internet could work when information crosses international boundaries.

There's the free/Chinese model (free for information going out, Chinese for information coming in). You put whatever you want on your server, and that's what it serves to everyone who visits. If a national government has a problem with it, they selectively block it via a massive firewall. This is analogous to how physical international borders work (although on the Internet, every country "borders" every other country). If a country wants to keep people/materials they consider to be bad out, it is their responsibility to stop it at their border.

Then there's the U.S./French model. Filtering out content a country considers to be "bad" is somehow no longer their responsibility, it's the responsibility of the server hosting the content. And when multiple countries demand different standards, the server needs to selectively block it based on which country the info is being sent to. It's an attempt by countries to offload work that's clearly their own responsibility onto others simply because they're big and have enough legal/financial/political clout to force it.

That's basically what this boils down to. If each country is responsible for enforcing their own standards with firewalls, surveillance, and filters they set up, then (putting aside free speech issues) enforcing ~200 different standards is plausible. But if you insist on shifting that enforcement work to several million websites, you will break the Internet.

Don't be so blinded by your hatred of Google that you fail to see how what Schmidt is complaining has implications for companies and individual websites other than Google.

What this fuss over nothing?

[GeekWithAKnife]

As usual, creative people will find solutions to make the spying irrelevant.

From decentralizing and conception to storing data where the US (and others) cannot legally reach it etc.

The US and other agencies dug themselves a hole. They have shown us they are weary of strong encryption standards and good security practices by individuals.

They've shown us that we cannot trust them to use data responsibly and that we should avoid sharing anything with them.

Re:What this fuss over nothing?

[Megol]

The US have stated that trying to have an international trial against a US citizen (for e.g. crimes against humanity) will result in use of military force. Do you really think anything is off limits for a government with that attitude? Remember this are laws the US recognizes and even was one of the parties who created them and enforced them (e.g. at the Nuremberg trials).

The US is rapidly becoming the biggest enemy of itself and no, while a superpower it can't simply ignore the opinions of the rest of the world.

Re:What this fuss over nothing?

[Sique]

There is no problem with a defense during a trial. Making the trial impossible is a problem. US citizens going free after they commited crimes against non-US-citizens is a problem, and the reluctance of the US to either try them on US soil or have them tried somewhere else is a big problem.

Re:Privacy more of a issue

"It's interesting how people embrace the cloud and social sites and all it brings. "

Yeah and how they complain when from that cloud their private Photos emerge, where they have a cock in their mouth.

Or crypto

[DrYak]

Or, alternatively use descent crypto and security procedure.

i.e: don't count on the US and everybody else behaving correctly (As if there were any chance that Russia and China would stop spying) (or US for that matter. They'll simply spin another secret tree-letter agency that they can denying knowing it exists).
instead count of the fact that there will always be fuckers somewhere on the net, and keep best practices to avoid becoming yet again a victim whoever might it be.

Things like end-to-end encryption (total encryption between the two users communicating like OTR, CryptoCat, Jitzi, etc., not only on each leg to/from the server like HTTPS), making GPG more userfriendly, making Tor more popular, etc.

then dragnet or not, user will be safer on the average, even from non-law abiding 3rd parties. (Not only safe from NSA, but safe from script kiddies too).

Re:Or crypto

[Karmashock]

Eric is saying the crypto will break the internet.

That is likely an exaggeration. It will change it. A lot of this cloud crap is dead. And that will hurt google. But the system can survive it in a new form.

Re: Or crypto

[sneakyimp]

Yeah Eric is just worried everyone will encrypt their gmail so google can't read it any more and target their ads. If everyone starts guarding their privacy, google's business model starts to look much less attractive. "If you scare everyone about the snooping, we can't keep snooping on everyone."

Re:Or crypto

[bill_mcgonigle]

Eric is saying the crypto will break the internet

He's right in that some of what we have now may become unworkable. But insulating the Internet from corrupt governments is progress, and we may well have to give up some of the utility that we could have had given the assumptions that there are non-corrupt governments. But that was an idealistic pipe-dream as such a thing has never existed in history.

This moment is one of architectural correction. "Oh, what a pretty bridge we could have without winds and rust!" The faster it happens, the sooner we can get on with human progress.

Re: Or crypto

[kaiser423]

To be fair, part of the "breaking" is not being able to de-duplicate data. Very large portions of what gets stored in the cloud is redundant. You might well have over 10 million copies of one song on a cloud service. If they're all encrypted with different keys you can't de-dupe and your storage needs rise by 10 million. Ditto for some email lists that millions subscribe to. If you can't de-dupe that email then you have a problem! Personally, I couldn't care less, but there at least is a technical argument. I'm really just waiting on a good private cloud that I can host and regularly backup the binary blob to an external server for redundancy. Maybe if Comcast ever gets off their asses I could have enough upstream to feasibly do something like that. Or if the solution is there, maybe I just upgrade to business class...

Already happening

[DrYak]

Actually some of it already started happening before the NSA being busted:

for the SWIFT payment processing, the financial information of European users are mirror on two NON-US nodes for very obvious reasons (IRS, etc.)
only US users might have one of the two mirrors of their data on US soil.

What's sauce for the gander is sauce for the goose

[stevez67]

Every country (and reasonably sized corporation) on the planet is doing the same thing, always has done the same thing, always will do the same thing. Only fools believe their online activity is safe from snooping or ever will be.

Eric Schmidt is part of the problem

[RR]

My problem is that I want to control my data by placing it on systems under my control. Storing everything on Google is fine for Eric Schmidt because Eric Schmidt owns (many shares and a significant amount of control) of Google. Storing everything on Google is not so good for me because I don't.

And that's the real issue. Google and Facebook's entire business model is to violate my privacy. I don't know if Dropbox does anything with your data, but they've definitely chosen convenience over security. I'd rather store my stuff on SpiderOak than Dropbox. As long as my data are available to somebody other than me, then my data are vulnerable to hackers and immoral government officials.

Do you know what else will break the internet?

[peppepz]

DRM in HTML will “break the internet” too, and you pushed for it. Surveillance sucks whether the data is gathered by a hostile government or by a friendly commercial entity.

Background article

[return+42]

If you have time to read 12,000 words, the New Yorker ran an excellent article last year detailing US surveillance programs and Senator Wyden's efforts to rein them in.

"State of Deception"

OTOH

[DrYak]

There is money to be made by selling proper crypto solutions.

Re:OTOH

I will never pay for closed source American made crypto software. Even though OpenSSL turned out to have serious bugs, at least it was open enough for people to find, make public and fix. I don't trust that an American company might have their hands tied by NSL when fixing bugs or "bugs".

Re:What's sauce for the gander is sauce for the go

[coofercat]

I'd still rather my data to be snooped by my own country's security services than by the Americans (if though there's an awful lot of data sharing between then). As such, I might be inclined to buy services from local suppliers than from Google. That's bad news for the US, in two ways - 1) it removes a bit of revenue from American companies, and 2) it promotes non-american companies, and the technology they need. Ultimately that means places like silicon valley stop being one of the few centres of technology innovation, and instead there are lots of SVs all around the world - again, bad news for the US.

This isn't all just me making stuff up - it's already happening. Sure, the US is no where near bankrupt because of it, but it doesn't take a genius to work out that it'll mean there's less opportunity for Americans now and in the future.

anxiety over *corporate spying*...

[globaljustin]

spying is spying

whether it's our Totalitarian Big Brother or our Capitalist Creepy Uncle

spying is spying

i think it will cause a fracutring of the internet

[FudRucker]

and it already has in a few places, i think Iran has pulled the plug

i think more nations will cut the international wires and develop their own internet within their own nation's borders sort of like a Nation wide LAN, various governments may have some international connections to the WWW but there will be mostly separation between nation's, i dont mind this at all and would stop most of the international cybercrime,

So what's the problem with that?

[BarbaraHudson]

different sets of data for users from different countries multiplying across the world.

So what? I don't care if my data is "out of sync" in Kabul or Beijing or Kuala Lampour or London or Sao Paulo. It's not a problem for me. However, companies attempting to monetize that data (Hello, Google, etc.) by selling it to advertisers across the globe ... it makes that data harder to sell. Awww. That won't break the internet - if anything it's an improvement, since someone in Nigeria now has to hit servers in North America to get information for spearfishing - something that will be easier to track.

Its not just illegal snooping thats the problem

[simonreid]

Eric is confusing two issues, probably purposefully.

The issue of illegal (at least against US citizens) mass surveillance by the NSA and the like is one problem - but as others have pointed out, its something that should be assumed to always be happening, and doesn't have any real impact on the internet. People make a fuss about it, particularly in the US, but I think most people assumed it was happening anyway and it hasn't really changed the way that people, businesses or governments operate. Just look at the recent Silk Road story as an example

The issue that has everyone jittery is the close cooperation that has been shown between the US Government and US based companies, and from a legal perspective the stance that the US government is taking on data stored by US companies, outside the US, for a non-US entity. This has a huge effect on Google's business in particular, not as an adverting company - I would be surprised if they are loosing a significant amount of their consumer business - but rather their growing enterprise / cloud business. No one outside the US will want to switch to Gmail if their email can be read, without their knowledge, by the US Government issuing a National Security Letter, or even just by any local judge issuing a subpoena.

This is what they are talking about when they say you have to start a data center in Germany just to serve customers there. Its not the NSA hacking your system, or even snooping on the wire people are worried about. Its the legal and risk issue that the US government can seize your data, without any notification, and you have no legal recourse to prevent it happening.

Its a great opportunity for companies in Europe, but if your a US headquartered company, as Google is, its going to break *your* small part of the internet