Eric Schmidt: Anxiety Over US Spying Will "Break the Internet"

jfruh writes Oregon Senator Ron Wyden gathered a group of tech luminaries to discuss the implications of U.S. surveillance programs, and Google Chairman Eric Schmidt didn't mince words. He said that worries over U.S. surveillance would result in servers with different sets of data for users from different countries multiplying across the world. "The simplest outcome is that we're going to end up breaking the Internet."

Very easy to solve

[Karmashock]

Restore the prohibitions against spying and require real warrants to engage. No more dragnets.

Things are just going to keep getting worse until it happens.

Re:Very easy to solve

[Cenan]

Yeah, because we trust them to abide by the law. This is a problem that words on paper won't be able to solve. You cannot ever prove that the NSA (or whichever agency) does not snoop, even if the law says they can't do it. They have been proven to snoop, the cat is out of the bag, end of story.

Re:Very easy to solve

[NormalVisual]

They have been proven to snoop, the cat is out of the bag, end of story.

And they've been proven to have no problem lying to Congress as well. "You didn't see it, so I didn't do it."

Re:Very easy to solve

[dugancent]

Cut their funding. No money, no spying.

Re: Very easy to solve

This. You guys are complaining about how bad your internet infrastructure is. Use the 10 billion per year that you are paying to be spied on to upgrade the nations backbone instead. I think that would improve many things.

Re:Very easy to solve

We will not "break the Internet". Worry over spying may cause people to take more interest in protecting their privacy, which may break Google's business model.

Boo hoo.

Re:Very easy to solve

[Frobnicator]

Worry over spying may cause people to take more interest in protecting their privacy, which may break Google's business model.

Boo hoo.

The problem isn't really with Google's business model.

It also is not limited to the US government.

Think back to various releases. News stories of the US government intercepting Cisco equipment shipments, installing back doors, and sealing them back in their original boxes with new factory seals. There are many news stories of logs with people communicating over supposedly secure connections and exchanging honeypot URLs, only to have the honeypot link hit several hours later by government-owned IP blocks or sometimes Microsoft or Apple IP blocks when using their 'secure' products.

As a result of those we set up honeypot links of our own, and I've seen reports that a percent of our site-to-site messages with honeypot links really are being visited by IP blocks from several nations. This is not just the US government, multiple governments and probably multiple big businesses have their spying tendrils inside businesses. We're looking for and slowly tightening down on potential leaks, either that or the assorted groups are slowly hitting our honeypots less and less. I used to think some of our security policies were draconian, but seeing how many probably-government groups are watching internal messages, I've become quite paranoid myself.

If someone cannot trust that their encrypted, supposedly secure communications are safe, they will stop using the products. When a government IP address hits a honeypot link shared over Apple's iMessage, does that mean Apple is a willing participant forwarding the messages while telling the public it is secured, or does that mean Apple is a victim too? Either way, iMessage is now one of many banned products in our workplace, sending any type of secure business information over it (or over Lync or Google's services or any but a short list of secure communications programs) has become a fire-able offense.

When the news broke on the Cisco equipment being intercepted this spring, their stock price plummeted and orders slowed. I know in my organization there were several major purchasing announcements, and they only buy HP equipment now (although I'm sure those are intercepted just as readily). Cisco went directly to the POTUS both publicly and privately to tell them to stop harming the company. I would not be surprised if their lawyers are nearly ready to file lawsuits for tortuous interference.

This is about far more than Google's business model. People cannot communicate within their own company infrastructure about business needs without some sort of government espionage or corporate spying. It is completely out of control.

Nice wording

[JeffOwl]

I like how the title of the article is "Jitters over US surveillance..." implying that the surveillance itself isn't the problem, we just need to get comfortable with it.

Re:Nice wording

[bickerdyke]

While surveillance itself is problematic, too, it wasn't a real problem before. I used to be comfortable with the fact that in some cases, police and FBI could wiretap phones and intercept email. So surveillance isn't exactly the problem either.

The "problem" is that this power has been heavily misused and that the trust that surveillance would only be directed to crime suspects is now lost. And people losing trust in police IS a problem.

Meaning

[StripedCow]

Did he mean "breaking" as in: services becoming more federated instead of being governed by 1 or 2 mega-corporations?

Re:Meaning

[Monoman]

Probably. Breaking a business model and breaking the Internet are two very different things but they probably mean the same to him.

Or crypto

[DrYak]

Or, alternatively use descent crypto and security procedure.

i.e: don't count on the US and everybody else behaving correctly (As if there were any chance that Russia and China would stop spying) (or US for that matter. They'll simply spin another secret tree-letter agency that they can denying knowing it exists).
instead count of the fact that there will always be fuckers somewhere on the net, and keep best practices to avoid becoming yet again a victim whoever might it be.

Things like end-to-end encryption (total encryption between the two users communicating like OTR, CryptoCat, Jitzi, etc., not only on each leg to/from the server like HTTPS), making GPG more userfriendly, making Tor more popular, etc.

then dragnet or not, user will be safer on the average, even from non-law abiding 3rd parties. (Not only safe from NSA, but safe from script kiddies too).

Re: Or crypto

[sneakyimp]

Yeah Eric is just worried everyone will encrypt their gmail so google can't read it any more and target their ads. If everyone starts guarding their privacy, google's business model starts to look much less attractive. "If you scare everyone about the snooping, we can't keep snooping on everyone."

Re:What this fuss over nothing?

[Megol]

The US have stated that trying to have an international trial against a US citizen (for e.g. crimes against humanity) will result in use of military force. Do you really think anything is off limits for a government with that attitude? Remember this are laws the US recognizes and even was one of the parties who created them and enforced them (e.g. at the Nuremberg trials).

The US is rapidly becoming the biggest enemy of itself and no, while a superpower it can't simply ignore the opinions of the rest of the world.

Eric Schmidt is part of the problem

[RR]

My problem is that I want to control my data by placing it on systems under my control. Storing everything on Google is fine for Eric Schmidt because Eric Schmidt owns (many shares and a significant amount of control) of Google. Storing everything on Google is not so good for me because I don't.

And that's the real issue. Google and Facebook's entire business model is to violate my privacy. I don't know if Dropbox does anything with your data, but they've definitely chosen convenience over security. I'd rather store my stuff on SpiderOak than Dropbox. As long as my data are available to somebody other than me, then my data are vulnerable to hackers and immoral government officials.

Background article

[return+42]

If you have time to read 12,000 words, the New Yorker ran an excellent article last year detailing US surveillance programs and Senator Wyden's efforts to rein them in.

"State of Deception"

Re:What this fuss over nothing?

[Sique]

There is no problem with a defense during a trial. Making the trial impossible is a problem. US citizens going free after they commited crimes against non-US-citizens is a problem, and the reluctance of the US to either try them on US soil or have them tried somewhere else is a big problem.

So what's the problem with that?

[BarbaraHudson]

different sets of data for users from different countries multiplying across the world.

So what? I don't care if my data is "out of sync" in Kabul or Beijing or Kuala Lampour or London or Sao Paulo. It's not a problem for me. However, companies attempting to monetize that data (Hello, Google, etc.) by selling it to advertisers across the globe ... it makes that data harder to sell. Awww. That won't break the internet - if anything it's an improvement, since someone in Nigeria now has to hit servers in North America to get information for spearfishing - something that will be easier to track.

Its not just illegal snooping thats the problem

[simonreid]

Eric is confusing two issues, probably purposefully.

The issue of illegal (at least against US citizens) mass surveillance by the NSA and the like is one problem - but as others have pointed out, its something that should be assumed to always be happening, and doesn't have any real impact on the internet. People make a fuss about it, particularly in the US, but I think most people assumed it was happening anyway and it hasn't really changed the way that people, businesses or governments operate. Just look at the recent Silk Road story as an example

The issue that has everyone jittery is the close cooperation that has been shown between the US Government and US based companies, and from a legal perspective the stance that the US government is taking on data stored by US companies, outside the US, for a non-US entity. This has a huge effect on Google's business in particular, not as an adverting company - I would be surprised if they are loosing a significant amount of their consumer business - but rather their growing enterprise / cloud business. No one outside the US will want to switch to Gmail if their email can be read, without their knowledge, by the US Government issuing a National Security Letter, or even just by any local judge issuing a subpoena.

This is what they are talking about when they say you have to start a data center in Germany just to serve customers there. Its not the NSA hacking your system, or even snooping on the wire people are worried about. Its the legal and risk issue that the US government can seize your data, without any notification, and you have no legal recourse to prevent it happening.

Its a great opportunity for companies in Europe, but if your a US headquartered company, as Google is, its going to break *your* small part of the internet

Re:OTOH

I will never pay for closed source American made crypto software. Even though OpenSSL turned out to have serious bugs, at least it was open enough for people to find, make public and fix. I don't trust that an American company might have their hands tied by NSL when fixing bugs or "bugs".