NSA Helped Destroy Trust In US Internet Firms, But Would Going Overseas Be Any Better?

from the unfortunately-not dept

The NSA has created a real mess for the tech industry these days. As has been detailed repeatedly, and showing a complete lack of concern for basic privacy, the NSA has basically destroyed trust in US internet companies not just for Americans but everyone outside of the US as well. We're already hearing stories of foreign companies demanding contracts with internet firms that say data must be kept outside the US. And there are worries about a splintering internet. Even Eric Schmidt has said that Google explored the option of moving its servers out of the US, if it would protect them more from the NSA. But the company eventually chose otherwise, and the more you think about it, the more you realize that the really messed up thing in all of this is that even with all of the revelations, it's still probably safer to keep the data inside the US than out of it.

First off, when the data is within the US, there are at least some restrictions on what the NSA/FBI can access. There are quite reasonable complaints about just how insanely broad Section 215 of the PATRIOT Act and Section 702 of the FISA Amendments Act are... but, at least those laws do include some restrictions and oversight (even if we all agree it's not nearly enough). However, once things are outside of the US, it's basically "fair game" to the NSA. The NSA has interpreted Executive Order 12333 to mean that it's "open season" on all information not in the US. As ridiculous as it sounds, that actually means that there are somewhat greater restrictions on information inside the US than outside. Those stories about the NSA hacking into the links between Google and Yahoo data centers? Those were only done on offshore data centers outside of the US, under the auspices of EO 12333. Meanwhile, for local intelligence operations, they rarely even have the same kind of restrictions that the NSA has -- meaning that offshore data may be even more at risk of being spied on by whatever local intelligence agencies are in that country.

It's a complete mess for the entire tech industry -- but if you were running a tech company and wanted to best protect that data from the NSA, there's at least a strong argument that the best move is to stay in the US, even after all of these revelations. And, honestly, that's even more of a reason why the US tech industry needs to be fighting strongly for much greater reform and oversight concerning NSA (and FBI) activities inside the US. The protections are way too low, but at least there are some protections.

I recognize that some are going to disagree with this entirely, as many have completely written the US off because of these revelations. But, there's a simple question to ask: if that's the case, do you really feel safer with your data somewhere else, where there are no rules at all about what the NSA can do with it?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    silverscarcat (profile), Jan 22nd, 2014 @ 7:21am

    Too bad...

    There isn't some way to make it so that anyone who gets into the "back door" of a system like the NSA or other governments do gets false information.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Jan 22nd, 2014 @ 8:44am

    As ridiculous as it sounds, that actually means that there are somewhat greater restrictions on information inside the US than outside.

    You see, the question actually is: are there countries where the Governments can't issue secret court orders or executive orders (national security letters?) with gagging effects to hijack your business from the inside? If there are, is it enough to prevent the NSA or whoever from tapping directly into the fibers? Since we know the answer is no, can the data be protected, encrypted, so even with that direct tap they can't meddle with the data?

    We also know there are issues at the very structural level introduced on purpose by the NSA so while you do have a point I think the focus you gave wasn't spot on. Regardless of internal safeguards they seemingly don't mean shit to the Govt so it's better to be outside where you can't be forced to self-hijack. Now, is there such country?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      crade (profile), Jan 22nd, 2014 @ 9:19am

      Re:

      And even if they are currently, are they outside of the U.S. influence such that the U.S. wouldn't just pressure them to change their laws to how the U.S. wanted them? That's the part I really doubt.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    That One Guy (profile), Jan 22nd, 2014 @ 8:58am

    Focusing on the wrong problem

    If the problem with companies moving overseas is that, due to how the law is structured anything outside the borders of the US is free game, then the fix isn't to keep the data in the US under the assumption/hope that what few restrictions there are on browsing the data are followed, the fix is to get rid of the foreign data exception.

    If a government agency wants to tap communications, whether it's in the US or elsewhere, they should have the same restrictions, the same need to get a court order for that specific communications tap, have to follow the same minimization procedures to avoid as much as possible scooping up data not related to that specific investigation.

    The fact that the NSA appears to believe otherwise shouldn't mean they get a pass because the data being tapped is foreign(Probably... well, with at least 51% certainty...), they need to be reigned in and told that no, if they want to tap any communications it requires following the same stringent rules they'd have to follow if they wanted to tap the communications of a domestic target(or course, that would require those rules to be enforced first I suppose).

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Jan 22nd, 2014 @ 9:12am

    Easy question. Answer is NO: all gov'ts and all corporations are intent on stealing your privacy.

    So I'll move on to a REAL worry:



    REPENT! TEH END OF TEH INTERNETS IS NIGH!

    "There I Fixed It will not be publishing new content after this Friday, January 24th. Starting Saturday the 25th, all of the site's content will be reset entirely randomly each day."

    http://cheezburger.com/8013372160

    "In order to focus our efforts on the sites you all enjoy the most, we will no longer be updating Picture is Unrelated with new content."

    http://cheezburger.com/8014043904

    So much for teh free internets! NOT a sustainable model even for a few silly user-generated images!


    Continuing to see trend next day: Not even 1.4m users can save 4Chan founder Chris Poole's startup If Moot can't turn a quid from an app, what chance do you have?

    http://www.theregister.co.uk/2014/01/22/not_even_14m_users_can_save_4chan_chris_pooles_founders_star tup/

    Actually, knew was the end of civilization when "Twin Peaks" arrived. Stupidest character ever: the Log Lady.

    http://cheezburger.com/8013280512

    When you think surveillance or spying or snooping or censoring or pushing propaganda (by a globalist mega-corporation), think Google!

    05:10:41[g-101-5]

     

    reply to this | link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
       
      identicon
      Anonymous Coward, Jan 22nd, 2014 @ 9:26am

      Re: Easy question. Answer is NO: all gov'ts and all corporations are intent on stealing your privacy.

      please do something useful for mankind and remove yourself from the genepool

       

      reply to this | link to this | view in chronology ]

    • This comment has been flagged by the community. Click here to show it
       
      identicon
      teka, Jan 22nd, 2014 @ 10:29am

      Re: Easy question. Answer is NO: all gov'ts and all corporations are intent on stealing your privacy.

      1. "meme"-image sites shut down, open up, rebuild and fall apart all the time. This is a non-issue.

      2. number of 4chan users has nothing to do with app users, so bringing That up is a bit pointless. There was never real cross-promotion because it was more or less unrelated to 4chan and his other works. Poole's own writing on the subject lays bare that the venture-backed business was just not quick to profit and it is shutting down instead of hunting for more VC money. That's the great thing about a free system! sometimes people succeed, sometimes not.

      3. And thanks for that opinion.. which has nothing to do with anything ever.

      Stop acting foolish, or at least stop broadcasting it.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 9:13am

    Or, they just have a collection partner do it. Canada or UK could do it and just send the data back

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 9:37am

    Basically Users and Company's are being held hostage by the NSA . Thoughts of this being a safe guard to preventing terrorism has turned into role reversal, with the NSA becoming the new alqaeda.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Jeff, Jan 22nd, 2014 @ 9:47am

    Move to avoid the NSLs.

    You move so they cannot do it entirely behind closed doors. NSLs cannot be used outside the U.S. obviously, so you're protected from betraying your customers knowingly.

    Also, encrypt all communications between your data centers and with customers using forward secure encryption like ECDHE. Now the NSA must actually hack your servers, which they'll succeed in doing, but..

    Install clever monitoring tools so that you've good odds of catching them in the act. If you succeed, then you publicize their hack attempt and the exploit.

    If they face a PR disaster and loose an exploit by hacking your system, then they'll think twice before doing it again.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Jan 22nd, 2014 @ 10:54am

      Re: Move to avoid the NSLs.

      You move so they cannot do it entirely behind closed doors. NSLs cannot be used outside the U.S. obviously, so you're protected from betraying your customers knowingly.

      You don't think other countries have the equivalent of NSLs, with even fewer legal protections?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 22nd, 2014 @ 11:22am

        Re: Re: Move to avoid the NSLs.

        I can't speak for everyone, but as a US person I'm not very concerned about being the subject of an investigation by a foreign country. Residing in the US, there's very little they could do to meaningfully affect my life.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jan 22nd, 2014 @ 12:57pm

          Re: Re: Re: Move to avoid the NSLs.

          exactly, thank you...

          mike is assuming those 'legal protections' and strictures have any meaning any longer, i believe there is a valid argument in saying they don't: its all window dressing...

          after all, the ONLY reason we KNOW (not 'strongly suspect to the point of near certainty', as many of us have for DECADES), is because someone TOLD us (and provided backup documentation); NOT as if the spooks told us, or were EVER going to tell us...

          AND, GIVEN the unknown -if not unknowable- nature of these activities, i have ZERO 'trust' in these scumbags to follow the 'law', which -as documented by thousands of articles here and elsewhere- has little/no meaning any longer: 'law' is what the powerful inflict upon us, nothing more, nothing less...

          further, it is disingenuous to say 'well, everyone does it...' bullshit, not only does 'everyone' NOT do it, they don't have the resources to do it on the massive, pervasive scale as unka sam (and a handful of other nations)...

          further still, 'everyone' does NOT have their own personal splitter room at the chokepoints of international telephone/data lines...

          and furtherest out of all, EVEN IF they did have such technical capabilities, they are NOT the 900 pound gorilla we are to get away with it TOTALLY UNSCATHED...

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    Michael Donnelly (profile), Jan 22nd, 2014 @ 9:48am

    It's the courts, not the tech.

    Ninja is right: the primary benefit to having your data live outside the US is you escape the US government.

    The NSA itself is not the problem to be avoided for your hypothetical. It's safe to assume that the technical capabilities of the NSA are the same everywhere. It's also fairly safe to assume that the "limitations" imposed on the NSA with regards to US citizens are about as effective as a cheese grater at holding water.

    Given that you face the same technical challenges anywhere in the globe, being outside of the US is a huge, huge benefit in that you have less to fear from NSL's and court orders. Those are the tools that the government uses to bypass what technology it cannot.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Jan 22nd, 2014 @ 10:56am

      Re: It's the courts, not the tech.

      Ninja is right: the primary benefit to having your data live outside the US is you escape the US government.


      Do you really? I think the evidence shows that you do not.

      Given that you face the same technical challenges anywhere in the globe, being outside of the US is a huge, huge benefit in that you have less to fear from NSL's and court orders.

      But significantly more to fear from local law enforcement, whose protections are often much LESS than the NSLs that we have in the US.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Michael Donnelly (profile), Jan 22nd, 2014 @ 1:03pm

        Re: Re: It's the courts, not the tech.

        Of course you have less to fear from the US government's authority outside of the US. Mind you, I'm not saying that hosting something outside of the US is a panacea that somehow makes you safe from government overreaches. I'm sure there are many countries and situations, in general, where they can apply pressure.

        But security is always about doing the best possible thing, not simply discarding options because they are imperfect.

        It's kind of a question of which is worse: the enemy you know, or the enemy you don't know? What we know of the NSA and the US government is that it is an *extremely* serious enemy.

        The NSA has far more technical resources than any other country I can think of. And the US government's ability to strongarm its citizens into doing bad things in the US is among the highest I can imagine, right up there with China and North Korea. We've all seen it and to pretend otherwise is foolish.

        Given that, I'd expect anyone interested in privacy to try and get as much physical (and corporate) distance from the US. It might not be perfect, but hosting here is just fucking stupid.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Richard (profile), Jan 22nd, 2014 @ 10:57am

      Re: It's the courts, not the tech.

      The NSA itself is not the problem to be avoided for your hypothetical. It's safe to assume that the technical capabilities of the NSA are the same everywhere. It's also fairly safe to assume that the "limitations" imposed on the NSA with regards to US citizens are about as effective as a cheese grater at holding water.

      and the constraints on the NSA within the US are actually slightly weaker than those outside it.

      Outside the US if they don't get caught they can do what they like. Inside the US if they don't get caught they can do what they like.

      Outside of the US if they get caught they are immediately exposed and forced to stop.

      Inside the US if they get caught they can use their considerable influence on the judicial system and the political system to keep it covered up - until someone like Snowden blows the gaff.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 9:54am

    things may well be, as far as the NSA and other USA security agencies are concerned, 'Fair Game' when outside the USA, but it doesn't automatically mean that they can actually infiltrate those places and/or get the information, especially now that everyone is aware of what they have been up to. i think there is going to be a much greater emphasis put on ensuring information is more secure than it has been and that private citizens personal info is far more safe than it has ever been. you need to remember also that as everyone is aware of what has been going on, people are going to demand greater security and far more severe penalties for any person/company/service etc that doesn't live up to those demands!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 9:55am

    Your own country

    If I put my data in a server in the USA, it is subject to two sets of laws: the laws of the USA (which as we all know include gag orders) and the laws of my own country (since I live here).

    If I put my data in a server in my own country, it is subject to one set of laws: the laws of my own country.

    The NSA can't force my server provider to compromise my data and forbid them to tell me, because the USA gag order laws do not apply here. They are forced to use illegal methods, and my server provider has incentives to not cooperate with the NSA, since they could be arrested if they cooperate, while in the USA people have incentive to cooperate with the NSA, since they could be arrested if they do not cooperate.

    Clearly, putting my data in the same jurisdiction as myself makes a lot of sense.

    Frankly, the only reason people lease servers in the USA is that hosting in the USA is very cheap, while local hosting is quite expensive. Amazon does not count, they have a local datacenter but they are owned by a USA company so they can be forced to obey USA laws.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 10:02am

    I thought it was clear that the NSA doesnt give two fucks about any laws that it doesnt like. At least in other countries, they cant be ordered to do what the NSA wants, and they can protect the users properly.
    This article seems very shillish.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Jan 22nd, 2014 @ 10:59am

      Re:

      I thought it was clear that the NSA doesnt give two fucks about any laws that it doesnt like.

      That's not actually true. They will push boundaries and often (we believe) go too far, but there is no indication that institutionally they flat out ignore laws.

      At least in other countries, they cant be ordered to do what the NSA wants, and they can protect the users properly.

      Nearly every other country has their own version of the NSA, with much fewer protections for privacy.

      This article seems very shillish.

      Shillish for *who* for fuck's sake?

      Seriously. Not everything you disagree with is "shillish".

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 22nd, 2014 @ 7:36pm

        Re: Re:

        "That's not actually true. They will push boundaries and often (we believe) go too far, but there is no indication that institutionally they flat out ignore laws.
        "

        so why have you been saying 'BUT THE CONSTITUTION', and 'ILLEGAL' searches and so on, now you are saying this is no evidence of this, apart from 'pushing the boundaries', and I would think in terms of copyright, you would agree you too 'push the boundaries'.

        So you drive 50miles per hour, you are pushing the boundaries of speeding laws, but are you BREAKING A LAW ?? or are you doing ANYTHING WRONG? NO..

        So by your admission what the NSA does is legal, and pushing the bounds of the law is just as legal.

        On TD if you disagree with the TD line of arguing you are a troll or a shill.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    mark, Jan 22nd, 2014 @ 10:05am

    I think the Argument that Americans are more protected is naive. They pressured NIST to promote unsave encryption standards even if that means that everything is vulnerable to criminals and every other spy agency in the world. They clearly want all the data that is available, even if that makes everyone extremely unsafe.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Daniel Joseph Calvanese, Jan 22nd, 2014 @ 10:06am

    So you are saying that it is better to keep your data in the hands of thieves on the promise that if you keep it with them, they might respect some rights - even though they have shown that they have no problem violating rights?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    lfroen (profile), Jan 22nd, 2014 @ 10:16am

    Yes, it would be better

    Mike have typical US-centric attitude and can't see the forest behind the trees.
    Here's a hint: NSA doesn't have infinite budget. And USA doesn't have infinite political influence. So, while US can pressure national government to do things, it's not a matter of piece of paper sent by mail.
    In some high-profile cases, sure, CIA can cooperate with national agencies. But, fishing expeditions like NSA is running - no way.
    Moreover, most of western-style democracies don't have NSL-like laws, so service providers can't be issued gag orders "just because". They will need to go to courts, run regular bureaucracy, and so on.

    So, to answer the question - yes, it would be definitely better.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 10:18am

    You don't have to use the internet for everything. Though there may come a day when you will be forced to...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Andrew, Jan 22nd, 2014 @ 10:21am

    The benefit of going overseas is NOT Your privacy...it is a (tiny) step towards the overthrow of the US Government. One prerequisite to that overthrow is an economic collapse. Moving all business overseas, and refusing to buy anything "Made in AmeriKKKa" is just one tiny step towards that goal.

    Why overthrow the US Government?

    1. The elections are rigged. Any reasonably intelligent person already has tried my experiment: Look up the minor party candidates in Your area, and vote for a few of them. Then, check the election results on the web site for Your state's Secretary of State. Your precinct will show 0 votes for the candidate You voted for, at least 1/3 of the time.

    2. The US Government has openly declared war on its own people. "The War on Terror." "The War on Drugs." "The War on Guns." "The War on Poverty." There are many more. Honest to God, man...they have declared war on You a dozen times over, and You are too cowardly to reciprocate?!?!

    3. The US Government admits its illegitimacy. In the preamble to the Bill of Rights, it says any government that violated the BOR is not a legitimate government. Yet, the USA has violated that sacred charter.

    4. The US Government has murdered 55 million unborn babies, and that's just inside its own borders. That ignores what is happening in Iraq, where the USA set up abortion mills / death camps before bothering to feed the people they conquered.

    5. I could go on, but I have a meeting.

    God Damn the USA!

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      akp (profile), Jan 22nd, 2014 @ 11:37am

      Re:

      The US Government has murdered 55 million unborn babies, and that's just inside its own borders. That ignores what is happening in Iraq, where the USA set up abortion mills / death camps before bothering to feed the people they conquered.


      Uh, what? Just because abortion is legal doesn't mean the US Government "murdered babies."

      Last I checked, we had no forced abortions in this country, and each one was the choice of the mother.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      art guerrilla (profile), Jan 22nd, 2014 @ 1:07pm

      Re:

      i'm with you, bro !

      (except for the 55 million 'babies' thing: does a person own their own body or not ? if they do, then fuck off if i want to excise MY blob of MY protoplasm from MY body... and, no, it is NOT a 'person' until it gulps its first breath, but realistically, not until they are 18/21...)

      make no mistake, even though we may disagree vehemently on the above factoid and its implications, we must ALL band together to defeat our common foe: the USG...

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        alan turing, Jan 23rd, 2014 @ 8:29am

        Re: Re:

        Ya, he seemed all anarchy like crazy, then he was really just all Westboro like crazy.

        ...Baby steps, that's the way; boil that frog slowly.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 22nd, 2014 @ 7:42pm

      Re:

      "it is a (tiny) step towards the overthrow of the US Government. One prerequisite to that overthrow is an economic collapse."

      so running away will overthrow the Government ? Yea right, good plan, off you go.

      and replace that Government with what? something that provides you will even less protection that you get now ?

      I know you hate your Government really bad, we get that. But trying to use the NSA and a fight against terrorists is not such a smart way to do it.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Me, Jan 22nd, 2014 @ 10:26am

    Missing a Point

    "But, there's a simple question to ask: if that's the case, do you really feel safer with your data somewhere else, where there are no rules at all about what the NSA can do with it?"
    ___________________________

    You say this as if that's the only consideration: whether the NSA can crack the tech (legally and technologically).

    One also has to consider information laundering, the likelihood of being caught up in an investigation (local, state and federal), whether the company you are using makes things *easy* for the NSA (and by extension criminals), whether the company is fighting for your rights, whether you want to send a message to a U.S. company that just rolled over for the government, etc. etc.

    All things being equal, I would rather (and I did) move my data to a company in a foreign jurisdiction that gives me more of (no one expects all!) the protections and assurance I can reasonably seek. I moved the accounts for my business from MS Skydrive (and before that Google Drive and before that Dropbox) exactly because I want MS, Google and other U.S. tech companies to suffer for not looking out for their customer.

    They only listen to money, and the only way to get corporate America (and by extension their bought and sold political puppets) to listen is the power of the purse.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 10:31am

    I think overseas is the way to go. If you think holding your data inside the US is a good idea, I've got a bridge to sell you.

    In the US they can come in with no warrant, no proof no nothing and get data from any company, encrypted or not. They siphon data from their own fiber optic cables, considering most of the world's activity flows through the US, if you look at the internet globally the US is the main HUB of activity, so that is where they are actually going to focus most. I don't want my data in there.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Jan 22nd, 2014 @ 11:01am

      Re:

      In the US they can come in with no warrant, no proof no nothing and get data from any company, encrypted or not.

      And you don't think pretty much every other country doesn't allow its own intelligence/law enforcement forces to do the same thing?

      They siphon data from their own fiber optic cables, considering most of the world's activity flows through the US, if you look at the internet globally the US is the main HUB of activity, so that is where they are actually going to focus most. I don't want my data in there.

      Actually the indication is they have taps on pretty much all of the world's fiber optic cables. So there's no increased benefit for being somewhere else.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 22nd, 2014 @ 11:27am

        Re: Re:

        For example my email is now hosted in Switzerland, I hope you aren't trying to convince me that my data is safer in the US in a Google data center. Because that's not only incorrect but almost laughable.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Jan 22nd, 2014 @ 4:20pm

          Re: Re: Re:

          He's saying that your data is no less visible to the NSA for being in Switzerland. And he's right.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Jan 22nd, 2014 @ 4:31pm

            Re: Re: Re: Re:

            It's more protected at rest because the US can't serve Swiss companies with a gag order and the Swiss Government isn't yet known to share intelligence. Even if the Swiss were complicit, they'd have to hack into their own national companies. All of this serves as checks against mass surveillance by the US. Unencrypted data in transit is more vulnerable, so it's a personal choice to make. I think encrypted communication and data stored in a foreign country like Switzerland offers greater protection than encrypted or unencrypted communications between US hosted companies.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              John Fenderson (profile), Jan 22nd, 2014 @ 4:41pm

              Re: Re: Re: Re: Re:

              Correct, but I wasn't talking about data at rest (which is irrelevant when the data can be slurped in transit), or the use of encryption (which will gain you just as much privacy enhancement in the US as outside of it.)

              So, if you're not encrypting your datastream, then your data is just as susceptible to being slurped by the NSA overseas as domestically. If you are encrypting your data, then the data will still be slurped either way, but the NSA will have equal difficulty being able to read it.

              I'm not sure I see a substantive difference.

               

              reply to this | link to this | view in chronology ]

              •  
                identicon
                Anonymous Coward, Jan 22nd, 2014 @ 4:56pm

                Re: Re: Re: Re: Re: Re:

                >I wasn't talking about data at rest
                I think this is where most of the contentiousness in these posts is coming from. Different threat models require different responses. What needs to be met to fit your definition of secure? What protocols are you using? These are all questions that need to be answered before anyone can say which country your data would be most secure in.

                Going forward, as more and more companies use encryption, I think it's a better bet to use foreign hosting because countries are less likely to force or coerce companies within their borders to install taps or weaken encryption.

                 

                reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 10:35am

    Foreign companies are not subject to gag orders from the United States. Their own governments may force them to comply if they are part of the n-eyes program but if not, they can't get to that data without illegal means. All the revelations we've seen shows that encryption works. As an American using a foreign hosted email service I enjoy all the protections of any American. Just because the data is in a foreign country doesn't mean my rights disappear. I know all American companies can be subject to an NSL like lavabit. Foreign hosted companies at least have an additional layer of bureaucracy.

    If lavabit were hosted in a foreign country it would not have been forced to close by the US government.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 10:40am

    >where there are no rules at all about what the NSA can do with it?

    There are rules if you are American. If you're not, America never gave you and rights to begin with.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    David, Jan 22nd, 2014 @ 10:41am

    Have you thought this through?

    I recognize that some are going to disagree with this entirely, as many have completely written the US off because of these revelations. But, there's a simple question to ask: if that's the case, do you really feel safer with your data somewhere else, where there are no rules at all about what the NSA can do with it?

    What you are saying here is that the NSA is running a successful international terrorist organization spreading fear to people outside of the U.S.A. and blackmailing them to not rely on local infrastructure because they'll blow it up.

    So you are recommending supporting terrorism by moving business to the U.S.A. and thus funneling further money to the terrorists threatening the viability of the internet.

    Even if they are your terrorists, successful in getting your money for financing their deeds, should you be supporting them? Should you tell others to buckle under their threats and machinations?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Jan 22nd, 2014 @ 11:03am

      Re: Have you thought this through?

      What you are saying here is that the NSA is running a successful international terrorist organization spreading fear to people outside of the U.S.A. and blackmailing them to not rely on local infrastructure because they'll blow it up.

      Not quite. But I did note that this was a problem.

      So you are recommending supporting terrorism by moving business to the U.S.A. and thus funneling further money to the terrorists threatening the viability of the internet.


      I didn't say that at all. I merely pointed out that it's not clear if anywhere else is safer.

      Even if they are your terrorists, successful in getting your money for financing their deeds, should you be supporting them? Should you tell others to buckle under their threats and machinations?

      Are you dense? I didn't say that this was something everyone should do. I pointed out the basic REALITY that things might not be any safer anywhere else, and noted that was a problem.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 10:42am

    I'm more concerned about the hardware inside my electronics, being open-source and secure. That way I can choose the programs I want to use for secure communications, and those programs will actually work, because there's minimal risk of backdoors compromising the entire encryption stack.

    As for 3rd party service providers As a US citizen, I'd probably go with an overseas email provider. At least then I know they're immune to warrant-less National Security Letters.

    That 3rd party email provider would most likely need to be using free and open-source software, with client-side encryption. I'm willing to let them store my encrypted data on their servers, but the client-side software performing the encryption process needs to be FOSS.

    Let's face it. There's a much higher chance that a citizen's own government will take an interest in them, than there is a foreign government taking an interest in the native citizen of a foreign country.

    So FOSS solved the storage problem, by client-side encrypting the data. The 3rd party service provider (email), in a foreign country solved the warrent-less National Security Letters problem.

    As for the political and legislative problems, such "mandatory" metadata logging (seizure) problems. Along with many other problems. I apologize, but I'm not that much of a wide eyed optimistic, to dream about any of those problems getting solved any time soon.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 22nd, 2014 @ 11:27am

      Re:

      "Let's face it. There's a much higher chance that a citizen's own government will take an interest in them, than there is a foreign government taking an interest in the native citizen of a foreign country."

      wrong. generally, native citizens have privacy protections against their own government. so, how do they circumvent it? let another government do the snooping and then exchange data.

      see the relationship between NSA (USA)and GCHQ (UK). and don't try to tell me that are isolated cases, I'm not buying that.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 11:27am

    We need a revolution.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 11:37am

    TLS solves most of the issues with data in transit. The more US citizens that diversify and use foreign providers, the safer those citizens become from their own government. The feds can legally send NSLs to every email provider in the US, and they likely have to most large ones. It's not realistic to think that they put hardware inside all or even most of foreign hosted services. It's also not realistic to think that all foreign countries cooperate with the US government. If you're more afraid of local governments an ocean away, by all means keep your email in the US.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 12:17pm

    dont forget that if firms did go abroad and the NSA regard it as 'Open Season' for spying on everyone they liked, everywhere, that the other countries that would then be housing these firms, having moved out of the USA, would not take too kindly at having it's country and companies etc spied on. there could be some even more serious backlash against the USA, which wouldn't do it much good considering the rest of the world thinks it is a shit house nation full of shit house people who do nothing except interfere in the rest of the world's business

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    John Fenderson (profile), Jan 22nd, 2014 @ 12:50pm

    The best protection

    While there are very light restraints on what the NSA can do with regards to the programs we know about, there are certainly programs we don't know about. Who knows what restraints, if any, there are with those? The NSA has taught us they can't be trusted, so we can't trust that, either. But, yes, moving your data out of the US (f you're a US citizen) most likely weakens your privacy situation.

    However, the best solution is to just stop keeping any of your data on third party servers in the first place. Don't use the cloud, don't store your email on the server (unless you run your own server), etc.

    This is what I do. If you're hardcore, you can even run your own private cloud so that you can get the convenience of the cloud without the risks.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Me, Jan 22nd, 2014 @ 3:23pm

    Mike: "I didn't say that at all. I merely pointed out that it's not clear if anywhere else is safer."

    Mike: "So there's no increased benefit for being somewhere else."

    One of those statements has a hedge while the other doesn't.

    You can't say there is NO benefit if you're not certain, and it seems like you keep dismissing all the legitimate reasons people point to for moving data out of the U.S.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 22nd, 2014 @ 7:57pm

      Re:

      "You can't say there is NO benefit if you're not certain"

      yes, he can, he does it all the time, makes statements of certainty with absolutely no evidence to confirm his statements.

      It's called "spin", then he will call you 'dense' or an idiot if you point this out to him.

      With TD I does not pay to look too closely at the 'facts' presented, its far more informative to look at the overall attitude. TD wants to put out ITS message, not THE MESSAGE.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 22nd, 2014 @ 7:28pm

    Of course NO other country can do any spying at all, anywhere, they never spy on their own people or people in other countries, even in America..

    So really what is your point? Does not matter where you are, you will get spied on, EVERYONE is spied on, but only the people who want to hide things, or get upset that their pizza order might be noted really care..

    we live in an era of 'big data', look at Google, facebook, banks, money traiding, and spying, law enforcement, very good doco on 'big data' going around too, would pay to pirate it and watch it, try to keep up with technology, TD is falling behind..

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      longfisher (profile), Jan 23rd, 2014 @ 4:24am

      Re: Anonymous Coward

      "only the people who want to hid things...really care."

      Nope. I've nothing to hide. I care deeply.

      If for only the reason that I'm an adult, an accomplished citizen, an honorably discharged Vietnam era Marine infantry officer, a Ph.D., a scientist, a businessman and a doting father and I don't need supervision or looking after.

      It's offensive to me that someone thinks so little of who I am and what I am to think that they have the right to pry into my private or business affairs at will.

      And, it makes me feel less free.

      LF

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    longfisher (profile), Jan 23rd, 2014 @ 4:19am

    Moved already

    There are two elements that argue in favor or moving your data.

    The first is that overseas those countries would not be subject to NSLs or even subpoenas under the Patriot Act. I chose Switzerland and eliminated all my state-side online and off-site data contracts (but for a FAX service) within 60 days of learning of the NSAs spying. It was simple and cheap.

    The second is that I responded to the NSAs excesses in much the same way that I responded to the excesses of the major U.S. banks. I moved my money then to punish the banks. I moved my data and online services to punish the telcoms and IT companies in the U.S.

    Neither deserves my business. And, I'd feel like I were a serf or, worse yet, someone's b*tch if I didn't fight back.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    quawonk, Jan 23rd, 2014 @ 5:40am

    As long as they still use hardware, software, network infrastructure and encryption created by the U.S. they still will not be safe. Those things are all tappable, backdoorable, etc.

    Those things would have to be re-created from scratch with no US influence whatsoever to truly be safe.

    That is, if the government of whatever country they're in can be trusted.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      longfisher (profile), Jan 23rd, 2014 @ 8:47am

      Trust in other Countries

      I chose Switzerland because they're not subject to the Patriot act or NSLs, because they employ high-level encryption of all my data, because they are not subject to EU laws, because they have a long-standing and well-respected tradition of providing private services internationally and because I don't like paying any U.S. service which may very well have stealthily conspired with the government to share my data.

      That's just too many positives to ignore.

      Longfisher

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    longfisher (profile), Jan 23rd, 2014 @ 8:44am

    Difficult but not Unassailable

    Quawonk said, "All things are tappable, backdoorable.

    Snowden said, "If they went in they'll get in."

    Longfisher says, as long as I receive a subpoena or a particularized NSA I would gladly cooperate and turnover what the government needed.

    The part I get upset about is the fishing expeditions.

    To extend the fishing analogy, my moving my data and services overseas is not too different from a landowner becoming frustrated with the trespassing on his lake even though he posted no trespassing signs so he erects a high wire fence.

    It's not impossible to still trespass and fish the farmer's lake But it's a lot harder and those who would breech a wire fence just to pull in a bass have to be highly motivated.

    I think the NSA will leave my foreign-hosted data alone because I'm making it harder for them to fish it. They can much more easily just ask me for it and show particularized reasons for me turning it over to them.

    After all, I have nothing to hide.

    LF

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anon, Jan 23rd, 2014 @ 2:25pm

    Nothing's Perfect

    Going overseas solves a number of problems.
    There are multiple "points of entry" for the NSA. They can hack, use NSLs, make "requests" to ISPs, service companies, the telco's. They can make these orders secret. They can't do this as easily with overseas services.

    If the equipment goes from Taiwan or China to Switzerland, they can't walk into the warehouse at midnight with a court order and insert tapping hardware. They can't hack into the equipment except by subterfuge. They can't demand the private keys from the ISP.

    You might argue (others have) that the local security service would do so. For some countries, yes. But consider - very few countries are that cozy with the NSA. UK, Canada, Australia, maybe. Switzerland? who knows. Those otehr countries don't have the hard-on or budget to do a tenth of what the NSA is doing. If you are selling nuclear secrets, distributing kiddie porn, or financing al Qeda and the USA can persuade the local gendarmerie of that, maybe they'll dig into your business. But for tax evasion, or because your father's name matches one of ten million on the no-fly list, or just wholesale hoovering of data, they won't do it - and odds are they won't sanction the USA doing it either.

    A lot of data is collected because much of the internet backbone goes through the USA. To the extent current revalations encourage alternate high-level pathways, trhough routes the NSA does not have its claws into, then that will also be a benefit.

    The worst effect is that software and hardware "made in the USA" will now be suspect. We saw this with a recent French satellite contract for the middle east. The buyer dropped it, in favour of a Russian choice, to avoid the prying eyes of the NSA. yeah, the Russians can pull the same tricks. When the world prefers the Russians rather than the USA know their business, what does that say?

    the difference is the USA is the 800-lb gorilla. Not only do they collect data, they can persuade other nations to do things (sanctions) that the Russians can't. They have by threats made most foreign banks either report US customers' acounts, for example, or the banks prefer to simply dump US customers - it's easier not to have us customers than to try to undo a misunderstanding and business-crippling sanctions after the fact.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This