Slashdot Mirror
Can Switzerland Become a Safe Haven For the World's Data? (dailydot.com)
An anonymous reader shares an interesting article on Daily Dot which lists a number of reasons why Switzerland should be deemed as the nation for storing all of your data. The article reads: As United States and European Union regulators debate a sweeping new data-privacy agreement, Switzerland is presenting itself as a viable neutral location for storing the world's data thanks to strict privacy laws and ideal infrastructure. The Swiss constitution guarantees data privacy under Article 13. The country's laws protecting privacy are similar to those enacted by the E.U. Swiss data protections are also, in some cases, much stricter than those of the E.U., according to Nicola Benz, attorney at Swiss law firm Froriep. And since Switzerland is not part of the E.U., data stored there remains outside the reach of the union's authorities. [...] The country's tight privacy laws could make the small nation more attractive to privacy-focused start-ups. And it already has that momentum. After the former NSA contractor Edward Snowden 2013 revelations about the National Security Agency's secret surveillance activities, Switzerland witnessed something of a boom in its data-center business. Phil Zimmermann, creator of the popular PGP encryption protocol and founder of Silent Circle, even left the U.S. for Switzerland last year, citing the overreach of American authorities. Andy Yen, CEO of Swiss-based encrypted email service Protonmail, said that the country has robust processes in how it carries out data requests from authorities. Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court. This is quite different than the U.S., where things can go through a so-called FISA court."
Everyone has been hiding money and information there for years. Everyone from the Nazi's to the Russians to FIFA.
They're able to hide and protect money "in the bank cloud". Why not do the same for other forms of data.
the country whos four major banks wound up in the panama papers is entirely trustworthy with the worlds data. the country with an open-ended sysiphean mission to question Julian assange about a rape that cant produce a victim is a mindful steward of privacy. The country whos historic purpose has been a tax haven for the worlds wealthy elite is also unaccountably a safe and neutral place to house data.
Call me a skeptic, but unless sweden is a CNAME for a BSD machine on my network, I dont think so.
Good people go to bed earlier.
Yes, well, Switzerland also used to guarantee banking secrecy. The US and other countries flexed their muscles and swiss banks fell over themselves to comply (I mean, cracked down on all those evil tax evaders), pressuring their customers into either agreeing to lift the secrecy or having all their accounts forcibly closed. It was illegal, but they still did it, including to Swiss citizens, not just foreigners. Then I think the law changed anyway, Switzerland signed agreements with other countries.
So, a privacy safe haven, really? What guarantees?
The Swiss didn't seem to have any issue turning over Jewish gold and bank accounts during their Nazi alliance. How sure can we be a "friendly state" doesn't secretly get the data anyway? The Swiss bankers didn't get rich by simply holding assets, they go with whatever the highest bidder wants.
Good encryption is the only way to keep your data safe, in Switzerland or elsewhere.
Custom electronics and digital signage for your business: www.evcircuits.com
The Swiss dropped their pants a while back for the U.S. I.R.S. I'm pretty sure the NSA can use that precedent.
Peace is easy to achieve, just surrender. Liberty is much harder get/keep.
Neuromancer for the win; we now just need an orbiting, privately funded space station.
"Helping to keep you two steps ahead of the Thought Police!"
but don't forget that not to long ago your money was also deemed safe in Switzerland because of their laws.
The Swiss do have a FISA-like court and a robust intelligence capability. But, unlike the U.S. FISA court, which is spelled out in open legislation, the Swiss do not make public their system. In other words, it's worse, because the intelligence agencies have broader and less-scrutinized authorities, but only less advertised. If a foreigner hosts data on a Swiss system and Swiss intelligence wants access to it, then they have means of targeting that system, and are not accountable to their courts for those methods.
I'm not so sure. The Swiss also had strong protections and privacy laws regarding bank accounts but look what happened to those when the IRS wanted the data on US citizens.
"Under the new treaty, U.S. authorities will be able to ask the Swiss to disclose names of U.S. taxpayers at a bank who exhibit certain "behavioral patterns" indicating tax evasion under U.S. law, such as trying to conceal the ownership of the account through a trust. The U.S. also will be able to request information even from small cantonal banks that, unlike UBS and Credit Suisse Group, don't do business in the U.S." WSJ 05 March 2012
I'm still waiting for Mitt Romney to explain how his IRA account can have $100M in it when legal contribution limits is ~$200,000 over 40 years.
It's over. Big Brother has won. Get over it.
I'm sure the Swizz will create an awesome bunch of rules explaining in precise detail how they will promise to maintain your data private.
Execution, however, is a different matter as it is not the swiss who have built our operating systems and neither is it likely they could even do it in a secure way.
So it's a non-starter.
Could you hide your extra apostrophes there too? I mean why didn't you also use an apostrophe for Russian's? Or year's?
After Snowden I too moved all my hosting needs from the Netherlands to Switzerland. I can recommend nine.ch. I once thought I lost my private ssh key and when I asked they where quick and willing to log in for me and reconfigure password authentication for openssh. It didn't matter that I wasn't using the OS they normally install. Luckily I found the USB stick with the private key and their assistance wasn't needed in the end. Other than that: almost no downtime at all and while a bit more expensive than my previous hosting firm in .nl, it's not a lot more expensive either. You get a nice invoice which you can pay both in Euro as in Swiss franks.
Your right!
All it takes is an unwavering belief that the organs of state security do not see themselves as clear-thinking Defenders of the Faith, and have not placed themselves and their actions above the orders and rules of mere elected officials.
Encryption beyond the mind of Minolta. .....
NOT based on anything like what is considered a standard by any agency.
NOT based on AES/Rijndael, elliptic curves, group operations, or prime numbers. ( Oxford comma used here )
NOT based on any algorithm published.
MAYBE a form of OTP
Maybe chaos theory,
fractals,
gravitational field equations,
MHD theory,
turbulence theory,
or the zeta function......... or all of them
I see 2 mistakes in the summary. I know for a fact that at least one European constitution guarantees data privacy and probably other constitutions too. I am talking about the Greek constitution. Furthermore, Greece(and other EU countries) has implemented in their national law the EU directive about private data. And in fact Greece has chosen a stricter(for the data processor) set of rules and interpretation of the directive. Lastly, the directive (and the laws that implement it) don't care where you have your base of operations. As long as you store/edit/manipulate personal data of EU residents you have to abide by the EU rules. And in fact if you plan to transfer/store that data outside the EU you are allowed to do so only if the country you are transfering/storing them has the same level of protection. (this last segment is the 2nd mistake in the summary). So in conclusion, Switzerland doesn't offer something special compared to EU. What is missing is an aggressive stance of the various national data protection watchdogs that are supposed to oversee the application of the law.
Next question?
How is data sitting on a server in Switzerland going to guarantee the safety of the data? Are they going to unplug the Internet connections in their data center there by guaranteeing the data is safe? Do they have some magical technology guaranteeing nobody can compromise their servers? If so they would be the first people to accomplish that elusive goal. If someone can get a USB thumb drive loaded with Stuxnext into one of Iran's most secure labs they certainly could get access to any data center located in Switzerland.
The Europeans are decrying the NSA collection of data while ignoring the fact that it was the European countries who were actually collecting bulk data on it's citizens and then sharing that data with the NSA. And of course their citizens think moving data centers to the EU sanctioning US companies will some how make the spying problem disappear? The idiots in Brussels are in a tight competition with the US Congress to win first prize for the "stupidest people on the planet" award.
So for example if you have data servers in 8 countries, you encrypt and break your data up into 5 chunks. Create 3 additional parity chunks, and store one chunk in each country. To access the original data, you need to pull data from 5 of the 8 servers (the 3 parity chunks allow you to access your data even if access to your servers in up to 3 of those countries goes down).
Any individual country's government can hack, install backdoors on, or confiscate your servers in that country, and it won't help them read your data. In order to get a readable copy of your data, they need to pull the data from at least 5 of your servers in different countries, and have your decryption key. There's no need to pick a single country and hope that it is/remains neutral and friendly to your data.
Actually, ProtonMail sucks a lot. It's "security" is based on two passwords: one for login, one for decrypting the mailbox.
1. Both of the passwords were sent to their server upon registration. I have no guarantees that they were not stored in clear text.
2. I have no guarantees that the mailbox is even encrypted.
3. Even if the mailbox is encrypted and they haven't stored its password, a totalitarian government may force them to install a man-in-the-middle and have my messages the moment I access them (i.e. send the password).
4. No PKI. No interoperability with PGP/MIME or S/MIME. Totally proprietary. If I send an e-mail message to a non-ProtonMail address I must somehow communicate a password for it as well. How? Not ProtonMail's problem.
In short, ProtonMail provides something that is not an end-to-end e-mail encryption and thus not useful at all. You can do much better by using even GMail (via SMTP and IMAP/POP3) with ThunderBird and Enigmail (a PGP/MIME extension). Google will only ever see the encrypted messages. Only using a desktop client guarantees that your private key will never be sent to a man-in-the-middle (e.g. GMail, ProtonMail).
The Swiss dropped their pants a while back for the U.S. I.R.S.
Not to mention them buzzing the Russian Speaker's jet last fall; their "neutrality" is likely anything but.
Maybe not Switzerland, but the trend since the Snowden revelations has been to move data back to Europe from the US. European companies have been dropping hosting and networking companies In the America and it's estimated Cisco has lost around 30 billion in sales. Who knows how much hosting companies like Amazon have lost. So, European companies and subsidiaries are moving their data back to their home countries. There hasn't been a Snowden-level event yet in the countries to force the companies to think about moving their data to Switzerland. I work with multinationals in Europe and I've seen first-hand companies moving their hosting back to Europe but I haven't seen companies moving to Europe yet, other than Swiss companies.
No Safety.
No Privacy.
No Problem.
Even Mrs. Timmy Cook Apple CEO cannot protect his butt, let alone the privacy of anyone else. He has already sold iCloud privacy to China for cash.
Ha ha
"meanwhile" OECD countries (namely USA and UE) made Swiss reveal bank data secrets (there are some exceptions) a few years ago.
If they were able to force Swiss into cooperating with tax offices abroad, they will make them reveal data from "safe heavan" and cooperate with foreign police of judiciary system.
Even your money is not safe there. Data will double unsafe.
I keep my odd-numbered bits in Switzerland, and the even-numbered ones in the Cayman Islands. Can't be too careful these days.
Have you read my blog lately?
Swiss bank account
You must be kidding. AWS and Azure revenue is going through the roof. Ciscos revenue is at an all time high.
Heh, yeah I loved the irony of that one too!
Just do a simple google search. Losses to u.s. companies are estimated at $180B at this point due to moving from u.s. hosting and from buying european networking hardware instead of cisco.
The companies I deal with are moving their data out of the u.s., but it's a hodge-podge of where it ends up. Some ends up in their own data centers, some in european cloud-computing companies. None ends up in Amazon's European zones. Cisco revenue dropped drastically in 2013 and 2014, but grew in 2015, but not through overseas customers.
Who knows what Amazon's AWS revenues are. Do you know? It's a blackbox.
There's these things called treaties. So regardless of switzerlands laws, if they have treaties with US that override them, then it doesn't matter
See IRS data sharing treaties with Switzerland
Switzerland has enabled crime for many decades with the supposed privacy laws. The stash of Nazi wealth in Switzerland and a refusal to help return property stolen from the Jews leaps to mind as well as enabling tax evasion for US citizens. So just how can we have privacy and still prevent financial crimes as well as terrorist activities? Perhaps a partial solution would be to allow businesses far less privacy than we allow the public.
I'm sure we'll have a new treaty where the swiss will report any internet user exhibiting certain behavioral patterns on swiss servers to the USA. Funny how most of the governments of earth lube up their bungholes and bend and spread it for the U.S. of A-holes.
I was asked by the ex-CEO of Mega (not Dotcom) for suggestions for non-hostile data centres about a 18 month ago. :)
We'd met casually and he was talking about the risks of raids, neutrality etc and was soliciting ideas.
I suggested Iceland for a number of good reasons.
1) Geo-physical location. Right in the middle of the atlantic at the mid-point between Europe and N.America. Good latency to either continent.
2) Political neutrality. Iceland jails bankers and politicians. Not whistle blowers and has been a Wikileaks save haven.
3) Abundance, even surplus, of renewable energy. Cooling isn't a problem either
A simple google search shows that you're a moron.
http://www.businessinsider.com...
http://www.cio.com/article/292...
'a'r'e' y'o'u' f'u'c'k'i'n'g' k'i'd'd'i'n'g' m'e'
Nowhere is safe.
"Data requests have to go through a court like in most countries, said Yen, but "the person that's having their data requested needs to be notified eventually about the request happening and there's an opportunity to fight it in an open court."
I mean, someone should have to let you know the cops are after you data in order to give you a fair shot at wiping all your incriminating shit (child porn, stolen credit card database, malware dev files, etc.) before the they can get their grubby mitts on it.
Resistance is futile, keep the data in the U.S.
That is what you meant to say ?
Niklaus With of ETH Zurich actually designed not just the Pascal language, but also Modula-2, Oberon and several operating systems. Unlike the dreck from Bell Labs, all these systems aim for solid principles of computer science, such as strong type systems and general robustness.
Sure as hell the Swiss have the brains and capabilities to do this.
But this small Allemanic nation is surrounded by an Imperium Of Evilness. An Imperium which is allied with the enemies (the wealthy Wahabist brutes) of Allemanic and general European culture.
The Swiss must collaborate or be completely eaten by the evilness Empire. Just as they did during the Nazi era.
The Imperium does not like a secure operating system from Switzerland. That is why it does not happen.
If you do not believe me, look up "Crypto AG NSA".
Greetings
An Alleman
Switzerland protected Nazi money... and stole Jewish money.
And Switzerland might be considered "safe" today, but the times are changing here too.
Not only have the constitutional-guaranteed secrecy-protecting laws been recently "disabled" for the Americans in "select cases", but there is a burgeoning neo-totalitarian element in grass roots politics here, and things could easily change in the future because of, of all ironies, Switzerland's implementation of direct democracy.
Because the population can and do vote on any and all issues that meet the requirements, you only nominally need a 51% approval to overturn or implement major legislation.
We had a close-call run-in recently with the "Expel Foreign Criminals Enactment" referendum proposed by the SVP/UDC (the Swiss Peoples' Party), which was considered and polled as a "done deal" until some academics realised the consequences and some private individuals financed an education campaign.
The official federal recommendation was against the proposed law, but because referendum and campaign financing are completely opaque, a rich punter can easily turn public opinion with provocative, suggestive or outright racist publicity.
The new referendum included phrasing that meant two strikes against several minor criminal laws would result in MANDATORY expulsion from the territory, regardless of circumstances, family, history, investment, anything. Completely against the Convention of Human Rights. Break the speed limit twice, you're fucked. Get caught with a joint twice, you're fucked. Bad luck if your whole family have to move because the breadwinner was expelled back to a country they have never lived in. (Yes, "secondos" are Swiss-born natives with foreign parents who do not automatically gain Swiss citizenship, and sometimes NEVER acquire citizenship of the country they were born in - it's true). And it was THIS close to passing.
Switzerland's various peoples are perfectly capable of voting in bad laws that would destroy your supposed "data haven".
They're not magically gifted with higher discernment, better education, stronger morals or overwhelming generosity for mankind, they're just like any other Joe Plumber you'd meet anywhere else in the first world.
Don't get me wrong, there's plenty of progressives and beautiful warm people here too. I'm not moving away any time soon.
But be very careful in whom you trust your nest eggs and most precious secrets.
You are confusing swiss banks with "the swiss". These days, swiss banks are international corporations.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
We see just how well the government respects the Constitution in the United States... to think the Swiss will be any different is naive at best.
Thats because most Europeans are not engineers and simply want to cut the US out, cut any ties inside our countries.
I agree with you, I don't see how this change would improve anything. We need something much stronger coming from the top. Sanctions against us tech companies need to be on the table that hold them and their employees personally responsible.
This idea is similar to "Stormy Clouds", with the addition that on an information-theoretical basis, maximal distance separation codes can provide more entropy that traditional symmetric encryption: [paper] [presentation]
Well.... In fact, it is true that the banking secret is somewhat an effect of the nazis back then... But to protect the (Jewish) money from the grasp of the brown shirts., and not the other way round!
I think Mars is better
Casteism