the whole IT world watches america, next choice critical

the whole world is watching (no not some big spy agency)
the people of the world are looking at the most powerful nation on earth,
trying to decide if their business assets are safe on american soil.

by assets i mean "cloud services" such as SAAS (Software As A Service)
cloud "compute" "storage" and "databasing"
big data centres that are in america are now a problem.

in my country NZ we have just had a pilot program for inmates to skype their families shut down because the privacy of our inmates "could not be guaranteed"

NB, New Zealand has very strong privacy laws, and government departments that handle private or personal information have a duty of care to ensure that NO privacy laws are broken EVEN for inmates.

which brings up a bigger problem,
any company NOT the US government itself is not allowed to access a new Zealand citizens private or personal information.
to do so would violate the privacy laws here in NZ.

now when the intercept laws were "changed" from foreign agent, to foreign persons,
that "opened up" the ability to "quasi legally" obtain data from New Zealanders while their data was held in the US, or while it travelled over their soil.

but this was a clear violation of the privacy laws of our nation.
while no one knew about this it was lawful, (no standing)
but now that our government "knows" this is happening,
it must take actions to limit and reduce the exposure or personal or private information
in a manner consistent with internal guidelines.

now,
how can we as an IT industry continue to allow the invasion of our customers privacy and personal information, considering our liability under the relevant laws concerning keeping data safe?

how can the IT industry in the US survive the removal of these privacy protections when whole other countries would then abandon your service providers?

why do Americans consider any non american "fair game" while only complaining that drag net surveillance is so very outrageous, when the eye turns inwards?

do the IT guys and gals on ATS here realise that whole countries are looking at moving away from the USA as a "safe place" to do business?

could the very next law passed be the last nail in the coffin for american service providers?

One former White House aide told POLITICO that Alexander has been asking members of Congress for some time to adopt bill language on countermeasures that’s “as ill-defined as possible” — with the goal of giving the Pentagon great flexibility in taking action alongside Internet providers. Telecom companies, the former aide said, also have been asking Alexander for those very legal protections.

www.techdirt.com...

most dont seem to realise just how serious other countries are over this loss of trust.
and that there are already companies planning on pulling out of america,
and they are already making "failover" plans for if this made worse.

ps
they are outside the US.
i just want people to know how far ranging these effects could be,
because reading most posts in the last week,
NO ONE has even mentioned that the US could end up becoming an internet waste land.

if the rest of the world does not like what happens next with privacy laws, in the US,
and a commitment for foreign party privacy,
the world might just reroute around you completely.

there are many in the IT industry here scrambling to make other arrangements,
i suspect this is happening all over the world.

your next move is critical, dont go in the wrong direction,
the whole IT world is watching, and people i have talked to are very nervous.

has anyone thought about the loss of jobs that would occur if this privacy invasion is not corrected?
trust me us KIWIS are as mad as you are.

xploder

I gave you a star and a flag because you are right in what you're saying about privacy, but unfortunately, probably wrong in your conclusion. Yes there would be companies and even countries that pull up roots or disconnect from the US infrastructure, but it's my guess that still wouldn't prevent the access to the data these entities collect and or maintain. The US intelligence community and military more than likely have the ability to overcome the safeguards. Additionally, unless you disconnect from companies such as Apple, Intel, Microsoft and the like, there are no safeguards.

Well, there are several issues here. First off, if a company's contracting stuff out to an SaaS provider, the assets likely aren't safe anyway. You'd need individual Service Level Agreements with those providing the infrastructure, the platform and the software to get any real degree of assurance - potentially that's three or more contractors, any of which could be US-based.

The real issue, which I've been pointing out for years, is the US government itself isn't the threat we need to worry about (at least not directly), but if it's going to backdoor stuff without being able to secure its own sh1t and keep employees in check, it's actually putting us at risk. Companies then have to think about the US government as an attack vector for the real bad guys.

Edited to add: I'm kind of on the fence about whether this is a good thing. If you've got the major players disconnecting from the US, that's another precedent for the same thing happening between other countries as privacy-invading laws are passed. The end game could be the 'Balkanisation' of the Internet.

Originally posted by Bilk22
I gave you a star and a flag because you are right in what you're saying about privacy, but unfortunately, probably wrong in your conclusion. Yes there would be companies and even countries that pull up roots or disconnect from the US infrastructure, but it's my guess that still wouldn't prevent the access to the data these entities collect and or maintain.

you do realise that duty of care compels some to move their services

The US intelligence community and military more than likely have the ability to overcome the safeguards. Additionally, unless you disconnect from companies such as Apple, Intel, Microsoft and the like, there are no safeguards.

while i think you are correct,
uses of these services are being investigated and alternatives tested.
for every product there is an alternative.

xploder

reply to post by XeroOne

. The end game could be the 'Balkanisation' of the Internet.

although that is not the aim of privacy advocates, unless concrete steps are taken thats where we are heading.
in fact it would be the direct response of any self preserving nation,

in the case of balkanization, it would be an effect of drag net collection of privacy protected data,
not
because it was the next logical step in the evolution of the internet.

just because you can spy in our country, should not be an excuse to do nothing,
at least here we have implied privacy protections and a court we can approach for remedy

xploder

If you want 'it' kept private, do not enter 'it' on to a PC connected to the internet! If you are working on 'stuff'' kept in your external hard drive, pull the internet plug while doing so, its all common sense.

reply to post by XPLodER


I agree with you. However the American government isn't going to take this threat seriously and I know the American people could care less. Heck we are having trouble just dredging up outrage against the NSA spying on the American people, let alone foreigners. Maybe these countries and companies should reroute around America to teach the government a lesson that some people do take privacy seriously. At this point I am for anything that could potentially change the way the government operates. The American public isn't the answer, so maybe hope for something external to happen like what you alluded to in your OP.

reply to post by XPLodER



The answer to your question is quite simple.

It's called End to End Encryption. An actual END to END Encryption that is Mandatory (not based on user acceptance, but instead a mandatory part of the supporting protocol.
You really only have to be concerned about the top 3 or so OSI Layers. IP and below (transport, link layer and hardware) need not be encrypted, as they are only used to connect and route data.

TCP and up will need to be encrypted though. I'm sure we could leverage a new protocol stack that uses some form of mandatory TCP encryption, based on a web of trust or something.

Either way - the only way our data will be secure on the global internet is with encryption. True story bro.

Nope. They're not safe. But soon their countries won't be any safer.

At the moment things like SaaS are still relatively new and are pretty complicated to deploy, adding extra encryption on top while not a great problem always has problems when theres some dodgy piece of gear mucking up the data stream so people turn off the encryption so the raw traffic can be analysed or for performance analysis and generally forget to re-enable it afterwards and since most of the software companies providing this service are based in the USA it just takes one visit from a NSA guy and suddenly theres a patch which allows them to evesdrop into the communication since they have a master decryption key which means for people to trust it they have to be able to vet the source code and thats under lock and key as trade secrets

The other problem is that these companies will have to obey the correct legal environments in their relevant countries which may/may not allow strong encryption.

and even trying not to route the data through certain countries can be problematic especially is someone starts to mess with the BGP and shunting data via an alternative route

From my understanding of what is going on with the NSA, this is a world wide network. There are at least six countries with these huge data centers collecting information from around the world, New Zealand being one of them. To skirt the constitutional issue, wasn't the British collecting information on America and the NSA collecting information for the British??

Additionally, many of these congressmen/congresswomen are coming out of the classified meeting with the intelligence community and saying data collection is just the "tip of the iceberg". IMO, I believe this is a lot bigger network than we are suspecting with a pretty advanced set of toys. I think it will be pretty hard for any one person to skate under the radar anymore. I don't doubt that metadata is being collected on anyone plugged into any type of technology.

Come on ... do you honestly think there is such a thing as privacy these days? That too for a bunch of lifers in prison..? Whether it's NZ or USA or whatever, these top networks are all spies, and they have access to each and every piece of data that comes out, they read it, store it, sell it, share it, sell it, all amongst each other.
Privacy laws are just there to make you feel better .. to give you an illusion of a safe environment. If you know anything about computers, you'd know how far this rabbit hole goes ..

reply to post by XPLodER


If only "I" had an effect on the next decision "they" make on "my" behalf your post could instigate a change. But unless the law makers are reading ATS your voice will fall on def ears, the decision rests in "their" control.

As an IT guy in the US, I do not have a means to ensure "they" make your desired decision; the only card we have left is rebellion, and that is not something most have the stomach for in this day, including myself.

You are correct in your points though, so excellent job bringing them to the surface, it is the action you desire that the IT community in the US in unable to effect.

The world is on the brink... change is coming.

God Bless,

reply to post by XPLodER


Yes, this is something that many might not have considered.

There are a lot of individuals and companies who will now not feel at all safe and secure using any of these services. And they shouldn't either. I wonder how many foreign companies will now be considering moving offices and assets out of the US for increased security?

You can argue that these companies are not safe from spying anywhere, but I can guarantee that the security departments of many corporations will be looking into how to minimize the risks (they have to in many cases to meet the obligations to their boards and shareholders) and moving out of the US will be one option to look at.

As for people using the services of compromised companies, I don't know why people use these services at all! It costs less than $10 a month to have a domain of your own, with your own email address, your own access to a server. You don't need Apple's cloud, Google's document sharing or Microsoft's email services.

Just pay $10 a month (often less) and get your own server.

reply to post by Rocker2013


The problem with setting up these sort of things is the technical cost...you need a server in a certain country and if you are not near that company you'll be paying for hardware/software support for the machine and thats before you have spent a single (insert smallest currency in your country) on actually getting it productive which will mean various levels of software/configuration and detailed knowledge to be able to get it all work together, disaster recovery planning, capacity forecasting and all the other things that are needed to ensure it 'just works'

so while a company may rent you a time-share of a virtual server for $10 a month don't expect anything near what would be required to do a job properly

Originally posted by Krazysh0t
reply to post by XPLodER

 

I agree with you. However the American government isn't going to take this threat seriously and I know the American people could care less. Heck we are having trouble just dredging up outrage against the NSA spying on the American people, let alone foreigners. Maybe these countries and companies should reroute around America to teach the government a lesson that some people do take privacy seriously. At this point I am for anything that could potentially change the way the government operates. The American public isn't the answer, so maybe hope for something external to happen like what you alluded to in your OP.

what is interesting is that actions are mandated under the privacy clauses in my country.
what i hope people get from this op is that there are some very concerned IT folks trying to find out how to comply with domestic laws, and if its not "correctly" delt with in the US,
we would be in a catch 22 situation.

the only way to avoid liability, would be to move to a country that respected privacy,
and ensure that all links on the path are exterior to the US.

its still not clear how the govenment of NZ would react.

xploder

Originally posted by zeeon
reply to post by XPLodER

 

The answer to your question is quite simple.

It's called End to End Encryption. An actual END to END Encryption that is Mandatory (not based on user acceptance, but instead a mandatory part of the supporting protocol.
You really only have to be concerned about the top 3 or so OSI Layers. IP and below (transport, link layer and hardware) need not be encrypted, as they are only used to connect and route data.

the best solution i have seen that conforms to End to End manditory encryption is MEGA.CO.NZ (CLOUD STORAGE PROVIDER) User Controlled Encryption or UCE

TCP and up will need to be encrypted though. I'm sure we could leverage a new protocol stack that uses some form of mandatory TCP encryption, based on a web of trust or something.

www.opendaylight.org...

Either way - the only way our data will be secure on the global internet is with encryption. True story bro.

the easyer it is to use ubiquitous encryption the more people will use it

xploder

Originally posted by Maxatoria
At the moment things like SaaS are still relatively new and are pretty complicated to deploy, adding extra encryption on top while not a great problem always has problems when theres some dodgy piece of gear mucking up the data stream so people turn off the encryption so the raw traffic can be analysed or for performance analysis and generally forget to re-enable it afterwards and since most of the software companies providing this service are based in the USA it just takes one visit from a NSA guy and suddenly theres a patch which allows them to evesdrop into the communication since they have a master decryption key which means for people to trust it they have to be able to vet the source code and thats under lock and key as trade secrets

i have been looking into building a NZ based SAAS cloud using SDN (software defined networking) and UCE (user controlled encryption) as the basis for privacy

The other problem is that these companies will have to obey the correct legal environments in their relevant countries which may/may not allow strong encryption.

with the revelations coming out of the us of global intercepts, most countries would be evaluating ubiquitous encryption. IMHO

and even trying not to route the data through certain countries can be problematic especially is someone starts to mess with the BGP and shunting data via an alternative route

edit on 18-6-2013 by Maxatoria because: (no reason given)

with SDN traffic shaping should provide backwards compatibility with BGP, while allowing for specific path forwarding.

we already have the tech to route around countries, how that effects the backbone is still uncertain.

xploder

To be honest, nothing is going to change until the users change it.
I think the best option would be to make the internet and it's care a task for a new governing body. Perhaps it's time the internet became it's own country. It may sound kind of silly, but just think about that.

More and more people are pushing for freedom of access to information as a human right. What better way to secure the internet, mankind's biggest interactive library of all information, than to take the control of it out of the existing governments of the world's hands?

I don't know though, that's just a random idea I had.

Something has to be done though, the more draconian internet laws and abuses of it become, the more people will push back, and some of those people are not people that should be pushed.

reply to post by XPLodER

Did Obama Just Destroy the U.S. Internet Industry?

News about the National Security Agency's PRISM program and its privileged access to internal user data at 9 U.S. Internet companies has unleashed a torrent of justified anger and hand-wringing. But the worries do not go far enough. Almost everybody is still looking at this through a narrow domestic lens. Our values and goals may be more challenged than you think.

The implications are not just about what happens to the privacy of Americans and to the future of American political due process. There are potentially vast negative global consequences. Giving the U.S. government special rights to data from U.S. companies sets a terrible precedent, and is hugely short-sighted.

The Internet is intrinsically a global business and social landscape. Yet up until now American companies have overwhelmingly dominated it. They have done so with astonishing innovation and technical achievement. Apple, Facebook, Google, Microsoft, Skype, Yahoo, and YouTube — all companies said to be participating in PRISM — are the world's most important digital platforms for communications and information. The economic and political benefits both to the U.S. and to the world of this domination are obvious. Not only are they by far the world's most valuable set of businesses for investors. They have created extraordinary value for their users by fostering an openness and landscape for free expression and dialogue that is unprecedented.

How much of this astonishing success are we willing to sacrifice on the altar of domestic security?

The citizens of the world can look up anything on Google and can communicate anything to their friends on YouTube and Facebook, regardless of its political sensitivity. The result has included Arab Spring, the Iranian Green Revolution, the popular protests against President Putin in Russia, and recently the extraordinary outpouring of citizen protest against Turkey's Prime Minister Erdogan.

The largest group of people likely to care about the NSA's intrusions are non-American customers of U.S. Internet companies. Facebook alone has more than one billion of them. Google completely dominates search in most of the world, with its market share across Europe significantly exceeding 90%. And its YouTube distributes citizen videos worldwide. It will be hard now to ever again assure users of these services that their behavior or opinions can be protected from the U.S. government. Some reports on the NSA surveillance suggest that the court orders given these companies can be as broad as forcing them to turn over all traffic to and from a specific country.

As the author of The Facebook Effect [www.amazon.com...] I am especially well-acquainted with that company's strategy and achievements. More than two-thirds of Brazil's 90 million Internet users are regular users of Facebook. It is similarly among the most important platforms for Internet communication in Indonesia, Nigeria, South Africa, Turkey, and most other countries large and small. Google's Gmail, Microsoft's Hotmail, Skype, Yahoo and Apple's services are also hugely important around the world.

Because Facebook gives users a broadcast tool to send messages to their friends, it is routinely the tool ordinary people use when they are dissatisfied or seek to make a political statement. This is true in almost every country on earth.

It's quite possible that Obama has undermined the effectiveness and attractiveness for political speech and protest of what have been the most potent communications tools for activism in history. Political and commercial opponents of the U.S. in every country as well as governments themselves will likely alert citizens to the potential that U.S. companies could pass their info back to US authorities. This will seriously conflict with these companies' aim to maintain their platforms as neutral global environments. It could dramatically slow their global growth.

While these services have not seemed very American, of course they are. In many countries Facebook is not perceived to be an American service at all, since it operates completely in the local language. Now being American becomes potentially a concrete commercial and political disadvantage. To be an American service is now to be a tool for U.S. surveillance.

Do we really want to impair such powerful tools for spreading dialogue, political discourse, and U.S. values? Is it worthwhile to impair the extraordinary financial and commercial success of these great flagships for the American economy? Does Obama want Facebook et al just to be seen as tools of American power? That is certainly not the way the average user in Bolivia sees it. They see it as a tool of their own personal power, and they don't want governments interfering with that.

The global influence and long-term commercial success of U.S. Internet companies may depend on how Obama handles this from now on. Unfortunately to undo the damage he has caused he may have to completely disavow the program, which seems highly unlikely.

Don't believe there are not alternatives to the U.S. Net collossi. Companies worldwide are already relentlessly working on alternatives. The second largest search service worldwide is China's Baidu, with more than 8% of searches globally at the end of last year according to ComScore. Russia's Yandex is at close to 3%, more than Microsoft's own search product. In social networking, China's Tencent has had a stunning recent success with its WeChat product, which by some counts has over 450 million users worldwide, including many tens of millions outside China. Most major Chinese Internet companies have global ambitions.

It's easy to see why leaders in Washington presume Chinese networking equipment company Huawei must be spying on us through its products. Apparently in their eyes it makes perfect sense to take advantage of any domestic asset to achieve geopolitical aims. Of course, they think, Huawei and the Chinese government would be doing that. We do. Obama and the NSA now seem determined to give Facebook, Google, and the other American Internet companies the same reputation internationally that Huawei has here. Huawei, incidentally, recently decided to forsake the giant U.S. market because of the condemnations of politicians, despite little evidence of actual espionage. This may foreshadow the experience of American companies elsewhere.

Facebook CEO Mark Zuckerberg has never wavered in his ambition to make Facebook a tool for literally every citizen on the planet. Aside from China, where his service is barred by the government, he has until now been making steady progress. His arguments that governments there and elsewhere ought to allow Facebook just became a lot less persuasive.

(For more from David Kirkpatrick, follow him at Techonomy.com and subscribe to the newsletter there.)

Photo: President Barack Obama talks with Michael Froman, then NSA deputy for international and economic affairs, during a working dinner at the G8 Summit, June 25, 2010.

www.linkedin.com...