The flood of revelations about the sheer scale of NSA information theft… direct server access without an individual court order whenever the NSA wants something from Microsoft, Google, Yahoo, Facebook, Skype*, PalTalk, YouTube, AOL and Apple… has made me wonder if savvy non-US based business might not be able to market their services as explicitly non-US.
Just imagine the possible tag lines:
“Don’t worry, the NSA does not have easy assess to your data as we are not a US based or owned company”
…or tapping into a bit of anti-Americanism never hurt the bottom line…
“We are not located in the ‘Land of the Free, Home of the Brave’, so your data cannot be browsed at will by unaccountable NSA spies!”
… which is not to say such services cannot be marketed to Americans…
“Non-US nationals across the world are not protected by the US constitution, come to think of it, neither are Americans in America, so your data is safer with us as we are a NON-US owned and NON-US based company!”
The creative possibilities are endless and anyone who cannot leverage this into internet gold is not trying hard enough! Capitalism for the win!
*= Skype, originally a Luxembourg based company, was purchased by eBay in 2005 and then Microsoft in 2011.
Well, if the NSA was getting in without the agreement of the companies involved (yeah, right) then what is to stop them getting in without agreement regardless of where the sites are located?
This is also an opportunity for open source security products. Propriety products can contain backdoors, open source can be waaay too scrutinised for that to happen.
How long before we see bodies set up whose sole purpose is to examine third party code for this purpose?
I might switch CCinZ from FreeBSD to OpenBSD for this reason.
Because it is pretty obvious they were indeed getting in with the agreement of those companies and given that there are penalties for revealing their cooperation, their denials are not worth spit.
I agree completely.
There are already Cloud service providers who mention to customers that they aren’t US-based or US-owned, and can therefore show PATRIOT, FISAA et don’t affect them or their non-US customers. I’d expect the latest revelations will only add fuel to this, such that more service providers follow suit.
Kim Dotcom, no stranger to unauthorised snooping by the US, has announced his cloud storage site Mega (based in New Zealand) will offer encrypted emails.
But now, seriously: how many “Western” governments are out there who do not actively, enthusiastically and comprehensively cooperate with the US government on issues such as “security”, The War on Drugs (substitute ‘drugs’ with any other boogieman du jour, such as human trafficking, terrorism etc.), money “laundering” and so on (and on, and on)?
This thread has so far, mostly, focused on US spying, but surely no one here thinks NSA is the only one doing this? Why no complaints about China, who by the way does not even bother with a FISA court and a modicum of oversight from a democratic process. Don’t get me wrong, WashDC is completely corrupt and I wish they were in fact more incompetent in some things (less damage done!). Also, are you more worried about what we know (in part) about NSA activities in this case versus the vast missing information about what the Chinese are doing?
But in spite of my misgivings about the US Government’s competency and motives in most things, I believe statements we occasionally get from them like “…this bit of intel stopped a threat or saved X lives in country Z”. I can’t prove it and I’m not taking their word for it; it just makes sense that they might occasionally succeed. I also believe such situations are used to advantage by bureaucrats (more funding!). But EVERYONE spies and as far as NSA style high tech spying, everyone would if they could. And not just governments–has anyone asked if this whole NSA thing opened any doors for what Google wanted to do anyway?
So, we are here focused on NSA because that’s the hot topic in the news, but perhaps we can broaden this to include everyone. After all, we are all sinners (where by “we” I mean all governments, all corporations, all NGOs, all concentrations of power, and maybe even a few individuals). What fundamental right do any of us have to gather information on anyone by any means?
Greg, it might occasionally succeed, but then so would randomly stopping every fifth person passing by for a strip search. Whatever “successes” it might enjoy (and I don’t accept that there have been any) aren’t worth the cost.
The New York Times (of all places) has come out with a mealy-mouthed editorial (http://www.nytimes.com/2013/06/07/opinion/president-obamas-dragnet.html?pagewanted=1) opposing the government’s information-gathering, actually saying that the Obama administration “has now lost all credibility on this issue” and characterizing Diane Feinstein’s defense of it as “absurd”. Hypocritical, of course, since the Times has been completely in the tank for Obama and everything he stands for since the beginning and probably wouldn’t even be mentioning this if it hadn’t already gained significant traction elsewhere; apparently they are still capable of reading the handwriting on the wall. And of course the editorial doesn’t actually object to the intelligence-gathering per se (“We are not questioning the legality under the Patriot Act of the court order”) but merely to “using that power in this manner”. Not good enough, not by a long shot, but I guess it’s a start. Anyway, the readers’ comments are really interesting. Most of them are strongly opposed to the government on this matter. If the NTY and its readership have come around maybe there’s hope for this country yet.
Probably not, but one can dream.
Of course not. GCHQ does this sort of shit too.
Both we at Samizdata and to give them their due, the media in general have extensively covered Chinese net-war shenanigans, so it is hardly like they have been getting a free pass.
Actually we know really quite a lot about what China has been doing. But in truth I am far more worried about what the USA does. China is really only interested in China and its immediate zone of control, whereas the USA throws its weight around globally, exporting its global drug war shit and money laundering obsessions everywhere its shadow falls.
To put it bluntly, whilst I loath the Chinese government, they are no threat to me. The American state on the other hand is vastly more likely to be reading my e-mails and looking at my financial transactions than the Chinese state. Not that UK Gov is any less toxic, but by sheer virtue of the money and human resources the US state throws into surveillance, they have become more of a threat that the people they purport to be protecting everyone from.
Pull the other one mate, it’s got bells on.
Because most people care about this in the abstract, not in the concrete. There is nothing I do in email under my real name, or under my nom de guerre that the Government would give two shits about. I don’t trade drugs, my gun purchases are all as legal as I can make them, my taxes go through a licensed tax professional && etc.
The only possible concern I would have would be were I developing significantly valuable intellectual property.
I *wish* that was true.
You’re not paying attention mate. Not really you’re fault, it’s not major headline news, it’s on the back pages in 3 paragraph stories that are there to fill space on the page, but China has serious global ambitions currently being exercised in Africa and (to a lesser extent) in Central America and Australia (there it’s mostly resource stripping).
True they don’t care much about non-Chinese drug use, and they are a source for significant amount of the global heroin trade, but the government there is every bit as vicious, stupid, and corrupt as the US.
China is also tends to have a very aggressive industrial, military and government espionage system. Most people don’t care about this, but those that do care care *a lot*.
No, actually they aren’t. Not in the sense most people would mean by “reading”.
Yeah. Who cares about young women and old folks anyway.
Bloody hell. Can’t type today.
s/really you’re fault/really your fault/
Sorry.
Actually it is certainly true that it is likely to be harder for the NSA to get data from a server in Italy or Russia or India than it is for them to get it off one belonging to any of the named companies. But regardless the ability to pump up that notion is simply great marketing.
But the media was awash with howls about Chinese internet malfeasance just a few weeks ago, so that is simply untrue that people have not been ‘complaining’ about China. Can this have really vanished down the memory hole that quickly???
No mate, I am the one paying attention. Global ambitions to do what exactly? Make money? China’s army is deployed in how many countries in Africa, The Middle East and Central America? And have they invaded Australia to take its natural resources by force or are Chinese companies paying the market rate for them? What you call ‘resource stripping’ is what most people would call ‘international trade’. And has China been tirelessly calling for ‘crack downs’ on tax havens and ‘money laundering’ (which usually just means moving private money in ways that do not make it easy to tax)? No, that would be the USA.
The classic justification for unlimited government: “if it saves even one child…”
Don’t think for a second that the Americans aren’t doing exactly the same things to the Chinese as what’s claimed the Chinese are doing to the Americans. Actually, the Americans are far better at this than the Chinese, and have been at it for much longer than the Chinese have. Although the Chinese get all the headlines.
Why?
Well, when networks in China are compromised by sources ultimately traced back to the US, they don’t start jumping up and down about these intrusions. Why? Well, that would be admitting failure to the world. If the US hacks Chinese targets, you aren’t going to hear about it. The Americans are certainly not going to speak, and the Chinese don’t want to lose face.
On the other hand, it seems we’re constantly reading of the successful cyber penetration of western assets by Chinese sources. Why? The Chinese aren’t going to admit what they’ve been up to, but the defeated gatekeepers have proven themselves more than willing to talk.
So it all seems as though it’s just a big one-way hack. I doubt it.
Perhaps we are seeing from non-US governments a form of ‘electronic rendition’, whereby in a twist on the US policy of ‘exporting’ people to other countries for torture, thereby keeping ‘clean hands’, the US may be a source of data for other governments who can keep within their domestic laws, or appear to do so, by receiving information from the US which they have not themselves unlawfully accessed, as has been alleged against the UK GCHQ.
Perhaps it’s time to close Hotmail or Gmail accounts?
What makes you think that?
All three of those countries have a long history of bribery and corruption–doing favors for cash, and since they’re not the US the NSA has a relatively long leash. Here they have to get Yahoo to agree. There they just have to pay a developer a little extra to patch the code a certain way.
Heck, those companies could BE the NSA at one level or another. It’s not illegal for them to do pretty much whatever they want to compromise the systems.
Oh yeah.
There *are* people who are worried about Chinese espionage. They are generally the folks in the various intelligence agencies and either large enterprises (you think Apple and Microsoft aren’t worried?) or folks working on the cutting edge of technology, but these folks *know* (for values of know that mean “have a really, really good idea) what the Chinese are doing and why. Espionage and possibly blackmail (guessing here) in pursuit of espionage. They aren’t going to whine (much) in public about it because they have other ways of getting the governments attention and assistance. Sometimes it bubbles to the surface and you get a news story. Other times it’s just there like the background radiation.
There is a HUGE difference between your own government vacuuming up every email or phone metadata it can find, or lying to a judge to get access to someone’s email, and a foreign government targeting your company for espionage.
The Chinese government cannot do anything to me about my political opinions. They cannot audit my taxes, send the BATF to my door, have the FBI come to my work to “ask me a few questions” (given my line of work this would basically mean that I would be looking for work soon after) or have Child Services come take my kid away (not that the Obama administration has gone that far yet). I’m sure that *technically* they could arrange these things, but by manipulating things at a remove, which is always riskier.
We’ve *seen* the Obama administration do the rest of it. And the Bush, Clinton, Reagan, Nixon and Kennedy.
US Citizens (and others who use services hosted by US companies) worried they might be targeted. This is an abstract worry, since *generally* the USG isn’t interested in what 98-99% of the population is doing. They don’t care if I’m calling my dealer every 2 days for a delivery. They don’t care if I’m calling my imam every Thursday night. They’re looking for much bigger fish, and (I believe) that the latest grab of data from Verizon is mostly to get test or experimental data. Most people are worried that they ARE, but most people have an overblown sense of self and think the government is a lot more interested in them that it usually is. Unless you’re trying to start a “right wing” 501c3/4.
The USG is grabbing big chunks of data and we DO NOT KNOW WHY. We don’t believe us when they tell us what they are after other than “Terrorism”, which is basically the new root passphrase to the constitution. This worries *everyone*.
The threat is general and abstract.
The Chinese OTOH are targeting specific people and for specific things. This is concrete. If you’re not a technology company, or a US military/intelligence operation you don’t have to worry about the Chinese. The Chinese have very little interest in you, and only a touch more in me (because of where I used to work), and could care less about my cousin Tim the immigration lawyer.
The USG could very well have an interest in all three of us. Tim because he routinely talks to folks overseas. Me because of my work history. You because you’re an international political agitator. But we’re not *sure*.
Yeah, China is in Tibet at the invitation of the locals. They’re *purely* responding to Indian provocations on that border. They’re *only* interested in money and have no ambitions to being a global power. This is why they’re building out their blue water navy, working on their own air and space forces etc.
Deployed? As in large units? No. But they *do* have soldiers there to protect their interest. Sometimes in mufti.
I’ve got nothing against international trade. It’s freaken awesome. Some billion people have been raised out of poverty in the last 20 or 30 years because of it.
But the backbone of International Trade is adherence to contracts, and playing by agreed rules.
What the Chinese are doing is different. They bribe their way out of following contractual obligations regarding environmental controls leaving behind serious problems for the locals who weren’t enriched enough to leave. There’s also reason to suspect that the Chinese–who often import their own people to run the mines–aren’t being as honest with the accounting as one might wish.
So yeah, there’s a difference between international trade and resource stripping. Witness the difference between the way the British handled their empire and the Spanish. The Brits engaged in international trade and tried to build enduring local institutions. You guys created modern India and showed the Chinese how it’s done with Hong Kong. In *general* the British colonies were better off (richer, freer) during and after British rule than not. The Spanish, well, not so much.
This is one of the big fears some of us have for the Gulf of Mexico–there’s a lot of oil there, and if US companies subject to US environmental controls don’t go after it the Mexican government will, and they’ll likely hire the Chinese to go after it.
If find it odd that you’re supporting a totalitarian government that routinely engages in the very sort of behavior you’re complaining about the USG is engaging in simply because they don’t yet have the ability to project their power much beyond their neighbors.
I think the pressure by the USG on tax havens is the wrong way to solve the problem–but governments generally make that sort of choice. The only reason the Chinese Gov. isn’t helping them is because it’s not a big enough problem for them yet and that’s where they’re storing their skim, along with half the despots in Africa and S. America. Also the Chinese would (and probably have) made using those sorts of mechanisms illegal and shoot anyone not politically connected enough to get away with it.
Ah, so if one is concerned about 14 year old girls yanked off the street and sold into sex slavery, and would like to see international identity theft and credit card fraud reduced or eliminated, one is inherently advocating a totalitarian state?
I see.
The War On Drugs is a travesty, and is (generally) a trade between consenting individuals, and where it’s not the problem stems from it’s illegal nature, or from an individual who makes their addition other people’s problems. Yes, I’m onboard with that. I suspect that blanket legalization will have a short to medium term negative impact on society, but I think that would be balanced by reducing the negative effects of the WoD, and in the long run we’d wind up a healthier people.
Terrorism is a real but overblown threat, and would be better managed by arming individuals, both physically and intellectually/philosophically.
Trafficking of persons is a serious problem that is not as tractable. To toss it off as “if it saves one child” is really rather facile. This isn’t the nanny state telling someone they have to send their child to a state institution of higher propaganda, this isn’t the state telling me I can’t own a semi-auto magazine fed modern rifle built to military specs. This is the government trying to, well, prevent (mostly) young women from being sold, functionally, as slaves. This is the state trying to do it’s primary job–to protect it’s citizens (or subjects in most jurisdictions).
Modern money laundering is, as often as not, not about processing the financial gains from recreational pharmaceutical and prostitution, but from credit card fraud and other scams. There are very sophisticated international networks of people dedicated to defrauding individuals and companies.
Since these crimes are about 95% electronic, the ONLY way to track them is electronically. There is, until the last step, no physical evidence at all.
Individuals do not have the resources to reasonably protect themselves and their children against these sorts of problems. Pooling resources to solve larger problems is why we *have* a society.
The trick is to figure out how to meet these challenges without violating peoples rights.
I understand that Drugs and Taxes are at the root of libertarian causes, and have quite a bit of sympathy in that area.
I also know that there are some really nasty and clever predators out there.
We have to figure out a way to go after these predators without violating folks rights.
Indeed. A foreign government tends to have vastly less ways to fuck up your life than your own government. Likewise most foreign governments really do not care about my day to day life or my money, whereas on the other hand…
You seem to be confusing ‘society’ with ‘state’. They are really very different things. I am all for society. And I am all for states too… when they are about 20% the size of most states in the First World these days and they confine themselves to doing the very very very few things that only states can do.
And this ain’t it. And those predators, whilst real, reprehensible and deserving of being gone after, are really less of a threat on almost every level than the people you want to trust with so much information and power.
I’ve been wondering why companies like Google don’t decamp to a more amenable jurisdiction.
Some place with low corporate tax rates, an amenable climate, and a government with a hands-off attitude to anyone cutting them a tax check.
Because Google is joined at the hip to the Tranzi Progressives, that’s why.
They, and various other of the big “info-tech” companies, are part of the TP’s ganglia. (Or, you might say simply “gang.”)
Billy, I am more than happy to overlook the straw-man you shot at my remark, because your last comment was well worth it – good points all. Still, what Perry replied.
Why no complaints about China, who by the way does not even bother with a FISA court and a modicum of oversight from a democratic process.
As an American I worry about my government. The Chinese can’t issue secret subpoenas to collect my data. While they might be able to hack in to this or that application, they can’t just tap and store it all at the ISP.
“Non-US nationals across the world are not protected by the US constitution, come to think of it, neither are Americans in America, so your data is safe with us as we are a NON-US owned and NON-US based company!”
– I think you may want to talk to the internet poker chaps about how that one works out.
The Register has an article on a similar theme: http://www.theregister.co.uk/2013/06/08/what_about_a_us_tech_boycott/
So, why is Kim Dotcom not shouting this from the rooftops?
He sort of is and people might actually listen now.
The reality is they will still try and go after you if you annoy them but it *is* harder.
One commercial aspect of this that has not been widely discussed is that the USA was once the preferred hosting location, due to limitations of liability like the “Safe Harbor” provisions of the DMCA and S230 of the CDA.
Many US Internet companies had a genuine competitive advantage over their foreign competitors, which the US government is in the process of throwing away.
Iceland seems to be the ticket, as far as data havens go – they’ve been building up their IT services industry around their strong data protection laws.
You’ll be paying for that protection though: for a VPS with roughly similar specs (1 Gb RAM, 30 Gb HDD), Icelandic orangewebsite.com will bill you around $950/year whereas Media Temple, for example, only ask for 600.
Not negligible, but what’s the cost of a bit of privacy anyway?