Court Ruling Shows The Internet Does Have Borders After All

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"

I'll take the bait

[guruevi]

No, we just end up with these large corporations splitting up in entities that are harder to control (and tax). Microsoft will just transfer it's "data assets" to Microsoft Farawayistan just like it does with it's taxes to Microsoft Ireland. We may end up with all of the major data centers in South America, Japan and Eastern Europe and thus a shift of both tech, brains and money to countries that don't put up with idiotic lawmakers.

Re:I'll take the bait

Or the Opposite, the Data held in the country with jurisdiction over the individual in question.

Storing data so it is out of reach of the court is not really a constitution freedom anywhere.

The Location of data has what to do with its movement around the world?
It always exists in at least one place.

Re:I'll take the bait

I was with you until the 'idiotic' part.

The idea that cyberspace is space-less, that' it's some vague cloud beyond national laws, has also created lots of (privacy) problems.

I really like my EU protections, and I can see the oposite happening where something like "Our servers are located in the EU" becomes a mark of quality.

Re: I'll take the bait

What happens when even Microsoft can't tell where their data is physically?

Re:I'll take the bait

[Sique]

The Location of data has what to do with its movement around the world?

It always exists in at least one place.

Even that is not a given. Think about a RAID5 spread over several legislations, where each hard drive is in another country. No legislation has control over a complete set of the information in the RAID5, and only if one reads a sector of it, its parts get requested in the different locations and combined to the real data. And only if all but one legislations agree, you are able to get the complete information, as the data from n-1 stripes can reconstruct the original.

Re:I'll take the bait

[K.+S.+Kyosuke]

Shamir's secret sharing FTW?

Re:I'll take the bait

[Aighearach]

Think about a RAID5 spread over several legislations, where each hard drive is in another country.

Well, I thought about thinking about it, but given the implied latency, I should probably stop and wait a week before I decide if I decided to think about it, or not.

Re:I'll take the bait

Yeah, I liked my EU protections too, then a bunch of stupid bastards voted against them.

Re:I'll take the bait

[Sique]

Building it as a real RAID5 operating storage would be somewhat underperforming indeed. Take RAID5 as a metaphor of that information striping into independent storages works. A real RAID5 would also be somewhat clunky when it comes to plausible deniability, as the information chunks are quite large, and thus a legislation could request all stripes that are on the local hard drive, which would give them 1/nth of the information in a readable form, often enough to contain a lot of interesting material.

If you want to share the information in a way that no chunk contains legible details, you would have to stripe bitwise. Imagine the information A being encoded with an One-Time-Pad, and the One-Time-Pad stored in one site and the OTP(A) in another site, then only possession of both will yield anything. To stripe even more, you could use an OTP on both, and then you had four stripes, being OTP2(OTP1(A)), OTP2, OTP3(OTP1) and OTP3. Now only the knowledge of all four will give you any clue about A. If each information is stored under the umbrella of another legislation, you have plausible deniability until all four legislations agree to the information being released.

Re: I'll take the bait

[aix+tom]

Then they have lost it.....

There are of course ways to "store" data so that nobody knows where it is (Freenet for example) but in that scenarios ....

1) you never know when the data will drop out of storage
2) I suspect that when they can't *prove* that the data is out of the jurisdiction, then they will probably go with the last entity "receiving money to store it"

So while it might be a good way for people (and maybe even corporations) to store their *own* data, I don't see how they can make a business model storing other peoples data.

They can of course switch to not offering data storage for specific data, but maybe "1-Terra Freenet nodes", (where the customer running it has no way of knowing what data is stored on his node)

Re: I'll take the bait

Exactly. I live in the US and wish we had any data protections at all.

As to the 'concerns' of cloud providers and global corporations: fuck them. I don't care one bit of anything hurts them and if they cease to exist I won't shed a tear. All they do is steal jobs, lower salaries, hoard wealth, and generally do nothing that couldn't be done in ways that actually benefit real human workers.

Re:I'll take the bait

[SuricouRaven]

My favourite was an old p2p network - I think it was called OFF? It never caught on, but it had a very interesting concept.

Let's say you have a copyright-infringing file - call it Bieber-generic-love-song.mp3. You don't share it directly. When you put it into OFF, the client will see if it has a block of data of matching size or a little larger. If not, it'll create one - full of completely random bits:
Garbage1.bin.
Now, it takes your Bieber-generic-love-song.mp3 and XORs that with Garbage1.bin. That gives you Garbage2.bin... which is also purely random, because it's a result of an XOR with uncorrelated random bits.
Now you have two chunks of data, Garbage1.bin and Garbage2.bin, both of which are utterly random - they can't possibly be infringing upon copyright in any way, because they contain no meaningful information. But the network also has a search function - and if someone were to search for Bieber, your client would answer: "I know of Bieber-generic-love-long.mp3. To get it, use Garbage1.bin and Garbage2.bin, truncate to X bytes."

The searcher than goes and downloads Garbage1.bin and Garbage2.bin - both of which are, on their own, nothing but random bits. And from those, through the magic of mathematics, out pops the latest vapid ode to an unnamed girl from a manufactured pop star.

The overhead is bad - up to 100%.

It never really caught on because of the overhead and because better, though more legally-dangerous, networks also existed. But it shows an interesting approach to using mathematical trickery to subvert the law. Somehow I doubt it would stand up in court - judges tend to frown upon people who find creative ways to avoid infringing the letter of the law while making an obvious mockery of the intent.

The wikipedia page still exists, but the website of the software doesn't.

2006 was a time of great optimism for the pirate community - I was in university at the time. Napster had been shut down, but countless successors were blooming and it really felt like we would bring down 'The Man' and usher in a new age of free access to knowledge and unconstrained international flow of communication. The future felt inevitable. Turns out we were wrong. I wonder if this is what the hippies felt like as they grew older, realised the flaws in their youthful vision and watched their movement fade.

Re: I'll take the bait

Then they have lost it.....

Not true. Imagine a hypothetical situation where you have 4 disks across 4 continents, with a computer on a 5th continent that sees all 4 as virtual HDDs, and those 4 virtual HDDs are all RAIDed together in a Raid 5. That array is then encrypted, and shows up as a virtual HDD on a 6th computer on a 6th continent. And that 6th computer is the only one that belongs to Microsoft.

typo

The last sentence, which reads, "Might we end up with a fractured web, a 'splinternet,' of lessening utility?"

I think that's supposed to be "listening utility".

it's pretty useless now

because of the massive surveilance and DMCA stupidity

Short answer

[ebonum]

Yes.

Long answer. China is quickly moving in this direction. 20% of the world's population is quickly moving towards being on an internet island. Currently, the great firewall is a black list. There is talk of it becoming a white list. Of course to get on the white list, companies will have to jump through all sorts of hoops. Including agreeing to terms such as recognizing Taiwan as part of China, that China owns the South China Sea, Japan sucks and the Chinese people are superior in every way, etc. Globally, all content from the company will have to follow rules to promote peaceful, happy society. Otherwise, you company doesn't get access to China. The sad part: most companies will agree in a heartbeat.

Re:Short answer

The sad part: most companies will agree in a heartbeat.

This. This. This. Companies are agreeing to cut their own throat in the greedy desire to have access to a country and government that does not play by any type of rules that are fair. In fact, the rules are stacked against any foreign company that wants to do business in China. Do I blame the government of China for making these rules? No, they are stacking the rules for their advantage, which is their right. But the for companies to knowingly grovel and cut their own throats because they will get a short term gain profit for their own self serving interest is angering to the extreme.

Re: Short answer

and yet the US government acts as if it has some sort of manifest right to said data wherever it may reside. Well, the data islands may be bad. but I'd sure hate for Herr Erdogan to determine that this post is inflamatory to him and that the US should just compel /. to unmask my anonimity so they can then compel US Marshalls to help facilitate my extradition to Turkey to whatever kangaroo court will soon be set up. Erdogan can just go suck on big Q and shove a big W up his ass.
tl;dr similar laws and policies protect people so why shouldn't data be protected?

typo

There's a typo in the last sentence:
Might we end up with a fractured web, a 'splinternet,' of lessening utility?"
should read:
"listening utility".

Actually, I've seen a vision of how it turns out.

[Narcocide]

Turns out this is the setting of the world in which your character lives in Megaman Battle Network 2 (Nintendo GBA). Its not really the plot, but as a setting for a world it makes some interesting but subtle social commentary. First of all, it just assumes this is the "right way" for the internet to work and that it always has been thus, and doesn't debate it with you. You're along for the ride in a world where:

1) Just connecting to the internet in another country requires a Passport.
2) The internet is not as safe in every country. In fact, they're all incrementally more dangerous than your home country's internet.
3) The space on the internet between country jurisdictional borders is very hostile.
4) Viruses roam freely, attacking anything in their sight. Nobody seems to know why they are there. They just take for granted that they must always have been there or are naturally occurring.

Still waiting

I wanted to post something but I am still waiting for my internet visa application.

The internet and data

[trailerparkcassanova]

They're two separate things. Data is physical while the net is just a means to access data. Data is property. The data exists regardless of the internet. I don't see what the hullabaloo is about.

Re: The internet and data

[ZeroWaiteState]

Data is not, nor ever has been, physical.

Re:The internet and data

[Aighearach]

I don't see what the hullabaloo is about.

Just wave your arms in front of your face while shouting buzzwords. Now, can you see what the hullabaloo is about?!?

As far as fractured... I'm not sure they understand the inter- in internet. If it was continuous, what even needed connecting?

Re: The internet and data

[Aighearach]

If it isn't physical, it doesn't exist; inside or outside the network.

Re: The internet and data

[SuricouRaven]

It's physical at any one instant. It has to exist in some form - written in matter, or encoded in fluctuating electromagnetic fields.

Re: The internet and data

Technically it's stored using electrons. Without storage, it's only around as long as electricity is flowing through hardware.

The 90s called and want their cyberspace back

[Kjella]

Remember when tech pundits were talking like the Internet would transcend to become it's own nation that people would emigrate to and live in? Well shit turns out we still live in meatspace with countries and laws. And surprise, surprise so does our data. The cloud is just the new buzzword for the same concept without the people. I suppose companies will try to go jurisdiction shopping, but I doubt they'll succeed. The governments of the world will set requirements for dealing with their citizen's data and you'll either comply or get in legal trouble, like the EU's "right to be forgotten". Yes, it means data on the Chinese might stay in China but it might also mean data on US citizens stay in the US. Would you really like them to swap? Or do you just want to fulfill the NSAs wet dream that all data on everyone in the whole world go through the US? Seriously, for most of us local data is a good thing.

Re: The 90s called and want their cyberspace back

For everyone local everything is a good thing. Local data, local business ownership, local jobs, etc. Globalism benefits nobody but big companies and big government.

pr0n

as long as i live in a region that has porn, i'm solid.

Incentives

[edjs]

"it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries"

No, the PATRIOT act and related laws regarding the (lack of) privacy for data held in the US did that ages ago.

Re: Incentives

Wrong. And taking things away from title 18 puts the squarely in the world of title 50.

Re: Incentives

[PPH]

Fine by me. If this country wants to go to war over the contents of my e-mail archive, go right ahead.

What's needed is a new architectural layer

[presidenteloco]

which moves (encrypted) fragments of files around the world, ostensibly for performance and reliability reasons.
So it would act like a content delivery network does with whole files.
Except that this layer would be the default assumption for where you put data on the Internet.
Data in the new paradigm has no home physical location. It only has identity, and access rights granted by possession of decryption keys.
For data intended to be fully public, perhaps its metadata would be unencrypted in the layer, for searchability. But that would not imply a particular physical location for the data file payload itself. A search would result only in an identifier, which the layer infrastructure would locate an retrieve from multiple sources.

Data would automatically maintain sufficient worldwide distributed copies of itself, and the system would migrate (and cache) copies of data fragments closer to end-users of the data, based on speculative probabilistic co-access patterns. In other words, data would coalesce toward where it was needed, as an automagic feature of the distributed storage layer.

This kind of distributed encrypted storage layer thing (not owned by any single company of course, but rather both open/libre and partly peer-to-peer) needs to get implemented, and widely adopted so that it is a default assumption of how content on the Internet mostly works, BEFORE it is made substantially illegal by overreaching governments.

That's how to make the Internet remain borderless. Make it a fait accompli that is very hard to subvert technically without blocking nearly every ip address, which, if this is implemented right, could be a partial mirror of fragments of the content.
 

Re:What's needed is a new architectural layer

Sounds like past attempts including the Eternity Service or GNUnet, both of which remain near-ubiquitous for Internet users everywhere.

Re:What's needed is a new architectural layer

[SuricouRaven]

You just described Freenet. And a few others, though Freenet might be the best-known.

They never caught on outside of the paranoid-and-activist community, for practical reasons. When everything has to be proxied multiple times, performance utterly sucks - it's dialup-bad.

I've become something of a fan of IPFS. It's not designed to actively thwart monitoring and censorship efforts, so performance on it is actually... well, not great. But a whole lot better than Freenet. It is fully distributed and any content published is done so irrevocably. You should look in to it.

Microsoft servers so secure they are out of reach?

Sure, they are.

No

[PPH]

The Internet has no borders. Court jurisdictions do however.

Countries might try to mandate local storage for their citizens' data. But that is authoritarian control over their citizens, not so much the Internet. Anyone reasonably motivated can still move their data to overseas services if they are willing to incur the risk.

Re:No

Already exists, about as bad as it's going to get. We already have China, we already have various nations demanding Google censor results according to country, not only for the country-specific web pages but for all search results. We already have the USA, which asserts copyright in all nations of the world because it affects US assets and potentially passes through US hands.
This might become more prevalent as time goes on, but the so-called splintering of the web isn't going to be something that suddenly happens some time in the future.

Only the US

> what happens if every country tries to assert jurisdictional control over the web?

Compared to only the USA? Hopefully something more sane [less insane] will be established

Human knowledge has always been splintered

This is not a new thing. Imagine a network of libraries across international borders. The libraries share books, allowing others to make copies, but whether borders are open or closed, the content of each copy of a book will drift. At some point, some libraries will have access to content others do not, and some libraries will form isolated networks.

A similar analogy could be made of tribal knowledge, hence the common metaphor.

Human nature is ultimately the limiting factor, not the medium.

No it doesn't

Quit lying to everybody, slashdot.

Online privacy does not exist anyway, why bother?

[alexandre.oberlin]

I follow Google+ on that matter. Online privacy is an irrelevant matter. It causes a plethora of problems for no benefit. You are less likely to behave miserably or deal with offending matters if you are assuming your identity.

Now of course it would be better to revise a few laws before enforcing transparency.

'Decentralized stripe set'

[Rick+Schumann]

I think I just came up with a new cloud storage technique, aimed at protecting people's data from nosy governments, which (for the time being) I'm calling 'decentralized strips sets'. I'm forming the details for this as I write this so bear with me. Let's say you break each byte up into stripes of each bit position, zero through seven. You store each of these bit-stripes on a different one of 8 servers, all located in 8 different countries. Any one of the 8 servers has the capability of reassembling the data. The data itself can be in any format, of course; it could be anything from cleartext all the way to highly encrypted, doesn't matter. The point of this would be, that if the government of any of the 8 countries involved decides to make a law that says they have the right to any data stored on any server within their countries' borders, all they'd get is one bit-stripe of it, which of course would be totally useless; since the other 7/8ths of the data is stored in other countries, they can't compel anyone to provide it. If there is some sort of security breach (some government decides to seize the server in their country), you could 'break' the bit-stripe set, rendering the rest of the bit-stripes useless. Or, if you were more concerned with preserving the integrity of the data, spread out literally across the world, you could use 9 servers instead of 8, the 9th server storing a parity bit-stripe, from which any one bit-stripe that 'failed' could be regenerated.

Am I on to something here? Has someone else thought of this already? Or is it just a dumb idea? No, I'm not trying to be funny with this, this is a serious idea.

Re: 'Decentralized stripe set'

Dumb idea.

Encryption, compression and such can be implemented in ways that control access w/o requiring the overhead of byte splitting and dispersal around the world.

Currently mega.NZ offers 50gig of free cloud drive. Data is encrypted before it leaves my PC and decrypted as it returns. If I lose the keys it's impossible to reconstruct. More sophisticated systems encrypt multiple datasets with multiple keys.

If Jack Baur tortures a password out of you give him the one that unlocks furry porn instead of wikileaks data...

Not control over the web

[HalAtWork]

Other countries understandably want to assert control over their own data and keep citizens' data from being handed over to foreign countries at their whim. Companies want control over clients' data in the same way, especially when it is part of the agreement that clients are to ultimately have say over who can look at their data (such as private family pictures stored in the cloud under trust for backup purposes only, as an example). I think this is the concern, the "control over the web" bogeyman is not the issue here.

For The Record...

[kackle]

I "invented" the word "splinternet" several years ago. When I would babysit my niece and nephew, I wanted them to at least know what an encyclopedia was. So when I couldn't answer one of their many questions, we'd reference the Internet made of wood! (I lucked out that almost all of their topics were found there.)

I only hope they know how to use Google today...