Slashdot Mirror
Twitter Moves Non-US Accounts To Ireland, and Away From the NSA
Mark Wilson writes Twitter has updated its privacy policy, creating a two-lane service that treats U.S. and non-U.S. users differently. If you live in the U.S., your account is controlled by San Francisco-based Twitter Inc, but if you're elsewhere in the world (anywhere else) it's handled by Twitter International Company in Dublin, Ireland. The changes also affect Periscope. What's the significance of this? Twitter Inc is governed by U.S. law; it is obliged to comply with NSA-driven court requests for data. Data stored in Ireland is not subject to the same obligation. Twitter is not alone in using Dublin as a base for non-U.S. operations; Facebook is another company that has adopted the same tactic. The move could also have implications for how advertising is handled in the future.
as long as Ireland NSA is aware of the move.
Slashdot, fix the reply notifications... You won't get away with it...
...it's been done before and didn't work.
That's great and all, but it doesn't change the fact that pretty much every tweet out there is total crap. By its very nature of rapid information flow, even the most worthwhile tweet is quickly (within seconds!) eclipsed by shitty tweets, and quickly is long forgotten.
"....away from the NSA."
Ha ha ha ha ha, yeah, that was +1, hilarious.
-The NSA
-Styopa
IIRC the more common reason for doing this is to be able to claim that European data protection laws apply.
Which is probably just as much bogus a claim as this one.
I know I could google it, but I shouldn't have to. The summary should tell me what the fuck "Periscope" is.
Since it didn't tell me, I have to make assumptions about what it is. I envision it as a submarine periscope erupting out of the water, except it isn't a traditional submarine periscope. It's actually shaped like a massive cock, bursting through the hymen of the ocean blue.
Can we use a proxy or VPN to create an account outside of the US? Just curious, if one has to be physically outside the US to get a non-US account.
The NSA doesn't have jurisdiction over twitter because some complicated rule of international legal procedure says it does, it has jurisdiction in the US because US Courts can order US Cops to arrest the Twitter employees who refuse to hand them information. Microsoft has tried this, and while I don't think they've officially lost yet, it's very difficult for me to see a reason for them to win. The Constitution is silent on the matter of what happens when Court Orders affect people in other countries, which means there's absolutely no reason for them to give a shit about jurisdiction. In fact in several cases the US has sent Agents into foreign countries secretly, arrested/spied upon/etc. private citizens against the laws of those countries, and when they've gotten back to the US the Courts have said "great, the bad guy's fucked, when can you arrange a chump public defender so we can schedule the execution?"
OTOH, it's likely this is all PR because European customers live in places where the Constitution spends a half-goddamn page describing the precise geographic limits of it's jurisdiction. They don't understand that a) when our Constitution was written a good 90% of the land mass of the US was somebody else's, b) no we did not amend the damn thing with the Gadsden Purchase, and c) the whole damn thing's supposed to be on a single page.
It's also an interesting defense of their Irish tax strategy. "Of course we pay the ridiculously low Irish tax rate. We'd pay the US Tax Rate, but the NSA Gestapo would demand access to our servers."
Provided the data is viewed by someone in the USA, the NSA already has it. John Oliver already went through this. https://www.youtube.com/watch?...
Yes, instead now it will just be handled by NSAs little brother, GCHQ.
What's that, Ireland? ahahaha, let me laugh harder. You think they care?
Where is the backbone located? Exactly.
Nothing more than a tax dodge with good PR spin.
A secret agency like the NSA does not need to be well-managed, because everything it does can be hidden.
A good indication of the quality control of the NSA is that Snowden, an employee of a contractor, was able to steal a huge amount of data.
The article says, without a hint of irony: "EU citizens will feel that their data is not protected under US law". Well, of course not. US law should have absolutely no meaning for anyone outside the US. Why would an EU citizen expect US law to have any relevance at all?
What's missing from this picture is EU law. Ireland needs to stand up on its hind legs and enforce EU law. My understanding is that any data transfer to the US is forbidden, unless there is a confirming judgement from an EU court. Just like Kim Dotcom: The US wants all sorts of things, but it's the New Zealand courts that have jurisdiction.
If Ireland wants to keep all of this data center business, it had better find the courage to enforce EU law...
Enjoy life! This is not a dress rehearsal.
I guess we should applaud twitter for taking steps, but outside of the US (where the NSA is supposed to be active according to its mandate) the NSA will just use locally extralegal means to spy on twitter.
This is more show that effect, the main technical problems still remain:
There's still a full-take of the cross-Atlantic fiber-optic done by GCHQ, the Tempora program that snarfs all UK and the bulk of US internet traffic. That still grabs all of Irelands traffic.
TLS (HTTPS) will not fix it, the certificate authorities are in the US and can certify fake NSA certs, and we've learned they stripped Googles https encryption to MITM Googles website. That in 2011 (2010?) they were doing that to 15 million sessions a day which is likely 15 billion by now. They have backdoored encryption standards, and applied pressure to US hardware makers, and possibly even Truecrypt (due to TC's canary tweeting).
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
Tempora is accessed by NSA staff in the UK to get around US laws and by GCHQ because they think they are above the law if they have a Section 6 request from the Secretary of State (yep literally they think they can kill cute babies if they can make a specious argument that its needed for their surveillance courtesy of the immunity from criminal prosecution the order gives them. They think they are real James Bonds license to do anything at all).
And you may also remember that their conspirator companies, Vodafone being named as one, also have subsidiaries in Ireland, and these companies have yet to face prosecution abroad for their part in this.
( http://www.theguardian.com/world/2014/jun/06/analysis-vodafone-feels-edward-snowden-effects )
There may also be hacked networks of Ireland itself, as they did with Belgium, helping the US spy on the EU, which is erm, a law making body whose law control the UK. In effect GCHQ spied on the political machine above them, for a foreign power. i.e. fucking backstabbing Stasi traitors helping the US making anti-EU trade agreements that then screw over the UK. /rant
Really this measure needs to be matched with SUBSTANTIAL switch to open source (i.e. verifiable) hardware from non-Stasi countries and layers of encryption from multiple sources.
Silly children you are so simple minded.
That is a huge step in the right direction from Twitter, but unfortunately it won't help much people from Central and South America, since all traffic out of the Americas is routed trough the USA anyway (and consequently trough the NSA).
For those unaware, this is not hyperbole on my part, the whole Central and South American sub-continents are served by not much more than a handful of Atlantic underwater cables and Pacific underwater cables, all of them terminating in Miami,USA (if the exception of one or two of the pacific ones terminating in California, USA). The connectivity in South America is so dependent on the USA that many times a packet from Chile to Argentina (neighbor countries in the far south of the continent) have to travel thousands of kilometers north to be routed trough the USA and come back south.
This connectivity dependence on the USA was reveled to be more of a problem after the the Snowden leaks. The leaks showed that the facilities in Miami responsible for routing the cables from South America, also house secret NSA rooms capable of intercepting any and all communication from those cables. Also, the leaks showed that the NSA had already intercepted many communications, among those emails and calls from top Brazilian government officials including the president Dilma Rousseff. And the intercepts where not limited to political motives, the NSA also intercepted emails and calls from South American companies in order to help USA competitors in large bids, for example helping Boeing in two different occasions, one in a dispute against the Brazilian Embraer, and another in Boeing's bid to sell the F18 to the Brazilian Air Force (this last one was a shoot in the foot, since the revelations in the leaks de facto removed the F18 from consideration and solidified the Brazilian choice of the Swedish Saab Gripen as Brazil's next fighter plane).
Fortunately there is hope for the near future here in South America as the Snowden leaks lead to a new push, spearheaded by Brazilian government, to install more inland fibers interconnecting neighbor countries, and to install new South Atlantic fiber cables connecting South America directly to Africa and Europe.
If we pretend that laws mean something...
then they would be *safer* here in the USA where the NSA is not allowed to spy on them, because it's
A: in the USA (FBI territory, right?)
B: whoever it is would need a warrant.
Now, the NSA can do whatever they want, because they're completely
A: outside of the USA
B: totally foreign SIGINT
That just means Twitter is preparing for when US domestic surveillance is curtailed. If they wanted to help their users evade surveillance and thought they could do that by moving their accounts to Ireland, they would simply move all users, not just foreigners. In reality, this split just means "here, these are the ones you need to tip toe around, and these are the ones you can pilfer as you please."
The servers do not have to be in the US and they are close to enough to (some of) the five eyes to intercept communications anyway.Plus, the UK already do a 'full take' on all data, not just metadata. Whatever they say about 'not spying on the Irish' is not so. There has been enmity long enough in (and with) Ireland to make it a place of interest. The move is more symbolic than anything else. A better location would be Iceland. Again, it would be purely symbolic, but it does send a stronger statement. When I think Ireland, I think 'tax shelter'.
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
Seeing that they can use secret courts I would suspect that they will order Twitter employees to just hand the data or access over anyway. Then when they balk it can be handled in a secret court where nobody knows the results. Even better I could see a situation where they identify an employee or two and order them to hand the data over and not even allow them to tell twitter about the court order (if they can't tell some people then why can't these orders be restricted to their boss as well?)
Lastly they could just get an overqualified NSA employee to get a job there and just inject the needed back doors. Don't think of this as a lone hacker attack but a single guy who has a massive support team thus someone who could do off the scale things like swap out someone's desktop/laptop (spaghetti stains and all) with a compromised machine. Let the "cleaners" in so that they can wire their own fibreoptic cables right into the server room, swap out pretty much anything cisco with compromised machines with matching serial numbers, etc.
Also by moving the servers offshore it actually frees up the NSA to attack with even fewer legal restrictions. So full on sabotage may even be a perfectly valid procedure.
So short of eliminating all American employees and doing exhaustive background checks the only way to stop this stuff from being done to them is to convince legislators to curtail what the NSA can actually do.
Isn't data in data centers in Dublin subjected to Irish laws though? I would imagine that An Garda Síochána can retrieve data with a search warrent.
EU privacy laws. The US Government is at risk of losing safe harbour from the EU. If these companies did not locate somewhere in the EU, they would be at risk of being cut off from there customers. This is probably the greatest thing ever to happen to tech employment in Dublin.
"To those who are overly cautious, everything is impossible. "
It is IRRATIONAL to think that they do not. They need to know what is going on around them, and data lines are the best source of this. Shy of putting up your own network (think musk's new network), everywhere you go, will involve spying.
The NSA should pay for the information just like everyone else who wants it! A national security letter must not be the crowbar to getting for free what others have to shell out quite a bit of money for. Security and all that, ok, but there's money to be made and a business model to protect!
Huh? Oh, I mean, we protect our customer's privacy! That's the reason!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Seriously, so many are real fools and do not understand the situation. The NSA is free to operate at will outside of America. Within America, they have restraints. In addition, once outside of America, China and Russia will have it easier to access networks as well. Yes, America's networks ARE far more secured than in most other nations.
Ireland either (1) Agrees to a new treaty extending US National Security Letter, wiretap, and subpoena privileges to cover resources hosted in Ireland, OR (2) Ireland gets added by the US to the state sponsors of terrorism list
Does the tranfer of assets (Twitters assets are its users) overseas incur taxes?
It has absolutely nothing to do with Ireland's tax laws that allows corporations to dodge millions in tax dollars.
Wouldn't surprise me if this is for taxation reasons as well as avoiding the spooks.
the schemes to avoid paying u.s. taxes.
The NSA isn't supposed to spy on Americans, but if the logs are in Ireland, and are in Ireland _because_ they relate to non-US users, then the NSA is definitely allowed to get them. They can also collect data in transit more freely if both ends are outside the US, or if one end is in Ireland. This looks like a move to give NSA more freedom to spy on European Twitter users by segregating the Americans. Also, if politics in the US goes well, NSA will have less freedom to spy on Americans. This move is bet-hedging: if US politics turn anti-authoritarian, NSA won't lose as much access to Europeans because they'll be better segregated.
To judge this move correctly, you need to list all the forms of government surveillance: what organization is requesting data, why does that organization request it, is it possible to refuse the request. This is all secret, though. It's not even possible to disclose the request. The transparency reports Twitter and Google release aren't detailed enough because the government won't allow them to be, and has structured what they're allowed to release to limit debate on the methods and intentions of the government. The more interesting information requests, like the one Calyx received, have more of the now-standard threat-backed secrecy requirements around them than less interesting requests, so the outliers that should be driving debate are carefully hidden. There's no way for the public to judge the usefulness of what Twitter did. Twitter themselves has a better idea, but still not a very good idea.
I think the Europeans are less rational about this than the Americans.
- they think there's no first-world population-control surveillance in Europe just because their spy agencies haven't had a leaker yet. NSA leaks should tell them how stupid an assumption this is, and they should be embarrassed it took the idealism of an American to expose their own authoritarianism indirectly. Instead, they are like, "oh Americans are so authoritarian. Thank God I'm European." pretty smug, guys.
- they don't make a connection between surveillance and power. For example, NSA spies on Europeans, finds the leaders of a globalization protest movement, shares the information with GCHQ, and the leaders are detained at immigration in London until the protest is over. This is a low-hanging-fruit anti-democratic way that surveillance has been used in the past, and is a task at which bulk surveillance is good because it can reveal the structure of networks (ex. the Paul Revere metadata attack http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/ ). But it's the connection between the surveillance and the detention that matters. Instead they're worried abstractly whether they're "watched" or not. Why would an American be worried if the Stasi had a file on them? It's a problem, though, if Stasi shares their files with FBI, which in this case, they do.
- their fears aren't proportionate. For example, some European sysadmins I spoke to fear the FISA court will approve a warrant to collect industrial espionage data through PRISM. Is this possible? Yes: the court is a rubber stamp, and if it weren't a rubber stamp it's also within spy agency skill to ask questions and disguise their goal, ex. "we think this top engineer at Xerox is into child porn so please give us complete copy of his work email." Is the fear proportionate, though? No: US is generally less corrupt than Europe when doing international business, the French in particular are notorious for industrial espionage, and there is a poor match between PRISM and industrial espionage so that US would probably use a different program and method, like exploiting employees' phones and laptops, or bribing emloyees in traditional GRU-style. For the former attack, the European response (self-host everything rather than using Google/MS/etc.) makes them more vulnerable to industrial espionage, not less. However constructing this fear provides a pretense for retaliatory
Ireland is a tax haven; that by avoiding US law they are also avoiding US surveillance of everyone is the cherry on top of it, and the meat for the marketing of this move.
Call me a cynic - but if Twitter chose Ireland for "privacy" purposes then it's a huge coincidence it just happens to be cheaper - as well
Switzerland is not as private as Ireland, because, um, CERN is just another name for GCHQ, unless.... oh crap, GCHQ is an NSA partner (cough* we keep the data, NSA keeps the index/metadata*cough).
Never mind, I'm obviously delusional - GCHQ doesn't have access to Ireland, what was I thinking? As you were, carry on, nothing to see here...
Do GCHQ and G2 coordinate operations?
They just need an administrative subpena (we think this is relevant to something) since it is third party data. No notification of the target is necessary.
Outside the US:
- illegal and illegitimate
- clandestine
- partial control, many uncontrolled factors (politics, corporate movements and so on)
In the US:
- legal(ized).
- illegitimate... for some.
- complete control
Which one would you prefer?
But, nice try, NSA.
Surely, you realize it's a distinction without a difference. The US agencies have already proven they do what they want, damn the consequences (because there are none). They should have moved operations to Germany, who at least pretend to care about privacy, and the rule of law.
Actually, this move from another company at least would help Americans a bit. The NSA actually does limit what it does with American stuff--it sucks up EVERY bit of data outside US borders, or tries to, but in the US it just sucks up MOST bits of data.
Move those accounts to where the NSA is not required to follow US law. /s
I guess Ireland is the new Switzerland of the digital era.
then they would be *safer* here in the USA where the NSA is not allowed to spy on them,
Trouble is, the US Constitution is more like a guideline than a law, since there is no punishment for violating it. On the other hand, in non-US countries it would be possible to arrest the NSA agents for espionage, at least in theory, or at least publicly humiliate their agency by holding their agent until they say "pretty please".
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
As all messages are hosted on foreign soil any agency can collect and store everything indefinately legally.
Use this against third party doctrine?
http://en.wikipedia.org/wiki/S...
US-Ireland espionage deal, I can guess. Allowing all kinds of shady things with the excuse of it being on foreign soil (Ireland), exploiting US law for that reason or whatever.
Now, the NSA can do whatever they want, because they're completely
A: outside of the USA
B: totally foreign SIGINT
This is correct but also wrong.
For example, one thing the NSA can't do now is simply get a court to order the company to bend over, hand over the data, and then stick a gag order on it so the company isn't allowed to even resist.
By moving it outside the company, yes the NSA is now free to target them without restraint, but they are also free to talk about any attacks, and they are free to actively resist the NSA.
Also:
then they would be *safer* here in the USA where the NSA is not allowed to spy on them, because it's
A: in the USA (FBI territory, right?)
Not really.
B: whoever it is would need a warrant.
Which they can get, from a secret court, that rubber stamps warrants. And they can also broadly interpret various legislation (patriot act, etc) to grant them all sorts of priviledges to collect data without a warrant...
And again, if they have a warrant, with a silence gag on it, you cannot resist. In any other country, the NSA can attack you all they like - but you can defend yourself. They don't get to just order you around.
True, but, meh? Nobody outside the USA knew what the attacks are, or if they were actually attacked. Nobody's posted any pictures of implants they've found either.
Also:
You left out quoting the top part where I was basically saying in absence of a kangaroo court... then this.
They're not really welcome in Ireland as they don't employ many Irish people. If they move operations here, they usually move their people here too.
It just makes things worse actually. We in Ireland know our Irish-Asian and recognise them by accent. When these new Asian-Americans arrive to Ireland, we see them correctly as the usurpers that they are.
You are correct--in theory.
In practice, the NSA collectively view everyone outside of the Agency as foreigners and enemies. Therefore, due process of law even within the USA's borders means fuck-all to them. So in actually, Americans within the US have no more real protections than non-citizens, especially when you have pliant judges and magistrates who will sign on the dotted line cuz National Security.
In some rarefied Platonic universe, we all have natural, inalienable rights endowed us, but unless they are recognised, enforced, and vigilantly defended, they aren't worth the paper upon which they're enumerated.
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
And if you're not an American:
1. The servers are in the US: NSA does what it wants (because you, the client, are not American) and can subpoena the information, or can get the FBI to just subpoena it. Further, access to the information is guaranteed to cross a US border.
2. The servers are not in US: NSA must hack them to get the info. Access to the information does not necessarily cross a US border.