Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Amazon Vows To Fight Government Requests For Data

samzenpus posted about a year ago | from the why-don't-you-make-me dept.

Privacy 104

itwbennett writes "Speaking at a cloud panel discussion hosted by Reuters on Wednesday, Terry Wise, head of global partner ecosystem for Amazon Web Services, explained how the company handles government requests for data stored on Amazon's cloud: 'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena.' But Wise's best advice to customers is to encrypt their data: 'If the data is encrypted, all we'd be handing over would be the cypher text,' he said."

cancel ×

104 comments

Sorry! There are no comments related to the filter you selected.

Silence is Golden (2, Insightful)

Anonymous Coward | about a year ago | (#44056637)

I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.

Re:Silence is Golden (4, Funny)

noh8rz10 (2716597) | about a year ago | (#44056659)

I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.

lxkvz;j;ldfkja;lskdfjas;lkfja';ldf'DJFAS;LDFNASLKBF.A,EMFNW;OIHZPIVBWEF !

Re:Silence is Golden (1)

Virtucon (127420) | about a year ago | (#44056719)

Use the Ceasar Cipher.. If that fails pig latin may do the trick. Iway inkthay ethay USWAY overnmentgay eedsnay otay etgay outway
ofway ourway ivatepray iveslay.

L fdq vhh lw qrz, Dpdcrq zloo irog zkhq wkh mxgjh wkurzv klv iluvw lqmxqfwlrq dw wkhp.

I can see it now, Amazon will fold the first time a judge throws an injunction at them.
They are right, encrypt your shizzle wherever you store it off of your premises.

Re:Silence is Golden (0)

Anonymous Coward | about a year ago | (#44057887)

Use the Ceasar Cipher.. If that fails pig latin may do the trick. Iway inkthay ethay USWAY overnmentgay eedsnay otay etgay outway
ofway ourway ivatepray iveslay.

L fdq vhh lw qrz, Dpdcrq zloo irog zkhq wkh mxgjh wkurzv klv iluvw lqmxqfwlrq dw wkhp.

I can see it now, Amazon will fold the first time a judge throws an injunction at them.
They are right, encrypt your shizzle wherever you store it off of your premises.

http://eeprojects.com/cryptology/shiftCipher.html

Re:Silence is Golden (1)

master5o1 (1068594) | about a year ago | (#44058755)

I find that the one of the most secure versions of that is to cascade the shift(5) and shift(8) together. The only other one more secure is cascading shift(6), shift(9) and shift(11) together.

This message has been encrypted with a cascade of shift(9), shift(10) and shift(7).

Also there's this bit of fun: lolcryption.master5o1.com [master5o1.com]

Re:Silence is Golden (1)

Jane Q. Public (1010737) | about a year ago | (#44058007)

"... overnmentgay eedsnay..."

I think you may be onto something there.

Re:Silence is Golden (1)

Anonymous Coward | about a year ago | (#44057285)

> lxkvz;j;ldfkja;lskdfjas;lkfja';ldf'

I totally agree!

> DJFAS;LDFNASLKBF.A,EMFNW;OIHZPIVBWEF !

There's no need to shout.

Re:Silence is Golden (2)

FuzzNugget (2840687) | about a year ago | (#44056747)

Nah, we'll just have to start speaking Klingon

Re:Silence is Golden (1)

Mitreya (579078) | about a year ago | (#44057337)

Nah, we'll just have to start speaking Klingon

jatlh, chonayta' wIghaj!

Re:Silence is Golden (1)

lister king of smeg (2481612) | about a year ago | (#44057671)

Nah, we'll just have to start speaking Klingon

i prefer drow to klingon or should i say; usstan hull'phir ilythiiri ulu klingon

Yeah, this is normal (0)

Anonymous Coward | about a year ago | (#44056665)

It is the blind subpoena problem. If you have your data hosted at a third party and you are sued about "widget XYZ," they can get a subpoena about "widget XYZ", and your attorneys will never know. However, if you control the encryption keys, they either hand over nothing (since "widget XYZ" returns nothing in the data search) or they get the key from you to decrypt it and you know.

How is this news for nerds? This is a thing that's existed for... Well, at least the 15 years of my life and I've only been out of my MBA since 98.

Re:Yeah, this is normal (4, Interesting)

Drakonblayde (871676) | about a year ago | (#44057399)

It's news for nerds because the government paying attention to electronic data has been in the limelight for awhile now.

Since we nerds are the kinds of folks who are tasked with the implementation and maintenance of the systems that store and process said electronic data, this is the kind of thing that could have an effect on our livelihoods.

Sure, it's obvious that you should encrypt your data, especially if it's at rest on equipment you don't personally control. It's also somewhat of an unmitigated pain in the ass to actually setup and maintain, especially if you inherited infrastructure that you didn't build from the ground up. Or maybe you're a lazy sumbitch.

In the same vein, it's obvious that if you eat a shit load of junk food, you'll get fat and have health issues. Despite the fact that it's obvious, there's a severe problem with obesity in the US, hence we have health groups trying to spread awareness, whether it's through scare tactics or just trying to inform people and at least get them to acknowledge a problem they pretend doesn't exist.

In the same vein, the folks who post about this kind of thing are treated somewhere between polite acknowledgement, with nods of 'yup, he/she's right, we should do that', or viewed as the mad prophet raving in the town square. In both cases, folks pretty much forget about it after theyr'e done and go back to the status quo.

While I'm not in the habit of defending large corporations, I understand why they put out stuff like this. On the one hand, if they want to legally continue to do business without suffering censure by local governments, they have to comply with legal requests for data. If they simply do it, they're viewed as being in collusion by the general public. If they try and provide the information to their customers on how to mitigate their risk, their words tend to fall on deaf ears.

While I'm certain Amazon probably doesn't give a shit about handing over a customers data, they recognize that it's a touchy subject, and a potential PR nightmare, hence they spend some time trying to encourage their customers to do what's in their own best interests. I don't think it's a good idea to try and curb that.

Re:Yeah, this is normal (1)

davester666 (731373) | about a year ago | (#44057713)

This tool is basically going "We are going to follow the letter of the law." as if it's something new that nobody else is doing.

If they get a warrant/subpoena with the "Thou shalt tell no other" stamp on it, they can't tell anybody about it, in particular, they can't tell the subject/victim of it.

And, huge surprise, the subpoena's that would be most concerning to a significant portion of the population have been hit with this stamp.

Re:Yeah, this is normal (1)

Golddess (1361003) | about a year ago | (#44062197)

If they get a warrant/subpoena with the "Thou shalt tell no other" stamp on it, they can't tell anybody about it, in particular, they can't tell the subject/victim of it.

I thought the point was "but if you encrypt it, you will know about it". Not because Amazon will violate the "tell no one" order, but because if the government actually wants to know what the encrypted data is, they will have no choice but to try going through you, since Amazon won't be able to turn over that piece of information.

Re:Yeah, this is normal (1)

davester666 (731373) | about a year ago | (#44062255)

That's in the future. This surveillance has been going on for awhile, and Amazon has been responding to these warrants/subpoenas for quite some time.

This is just a PR to make it seem like "they've got your back".

In Contrast... (0)

Anonymous Coward | about a year ago | (#44056667)

Yeah, but my company admitted to fighting government voyeurism before it was cool. As if the fat lazy PigMericans would actually get up and do anything about it.

Look and laugh at all of the disingenuous chickenshit corporations' apologies - It's like they were caught by the teacher cheating, so they ran to the principal's office to admit their cheating because that's what people of good character do.

-- Ethanol-fueled

Re:In Contrast... (0)

Anonymous Coward | about a year ago | (#44056683)

Your comment reminds me, who would win in a fight between the Millennium Falcon and the USS Enterprise?

Re:In Contrast... (0)

Anonymous Coward | about a year ago | (#44056821)

The Millennium Falcon would fuck up all Enterprises, even the beloved NCC 1701-D, because Chewie long ago(and in a galaxy far, far away before he was put on probation) stole the Federations' plans to the Photon Torpedoes and invented a superior product, the Proton Torpedo. And you don't fuck with Protons, because they're in H-Bombs.

The Defiant is the only federation starship that could fuck up the Millennium Falcon. Trying to find it is trying to find Lando at night, and good luck getting it to smile in outer space.
 
  -- Ethanol-fueled

Re:In Contrast... (3, Funny)

NoNonAlphaCharsHere (2201864) | about a year ago | (#44056977)

The Millenium Falcon, because Han would shoot first.

Re:In Contrast... (1)

Virtucon (127420) | about a year ago | (#44056729)

And... Your mother was a hamster and your father smelled of elderberries...

Re:In Contrast... (4, Funny)

Anonymous Coward | about a year ago | (#44057113)

It's "smelt", not "smelled". Now go away or I shall taunt you a second time!

You Brave Companies, You (4, Insightful)

RyoShin (610051) | about a year ago | (#44056707)

How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?

(Of course, without the public knowledge it would be a lot easier for the government to silence businesses or influential people who did try to fight this stuff, but something tells me that all of this is about trying to re-establish consumer trust and loyalty, and is shit-all about trying to protect our Fourth Amendment rights.)

Re:You Brave Companies, You (4, Informative)

Ziest (143204) | about a year ago | (#44056911)

Once again we prove the principle, Sunlight is the best disinfection. These guys, the NSA and the big internet companies, were happy to share your data UNTIL the light was shone on them. Then they scattered like cockroaches when you turn the lights on.

Re: You Brave Companies, You (0)

Anonymous Coward | about a year ago | (#44057025)

Well said.

Re:You Brave Companies, You (0)

Anonymous Coward | about a year ago | (#44057409)

Once again we prove the principle, Sunlight is the best disinfection. These guys, the NSA and the big internet companies, were happy to share your data UNTIL the light was shone on them. Then they scattered like cockroaches when you turn the lights on.

Excuse me, but WHO'S data?

Any Internet libertarian will tell you there are no borders on the Internet and an IP is not a person, information wants to be free, blah blah blah.
Now someone goes to the big landfills on the Internet digging for treasure and you scream, "HEY THAT'S MY TRASH, and it's AMARUHKEN!"

Any law that grants "your" data on their server the same protection that say a safe deposit box has, would prevent these companies from indexing and collating "their" data. Also, you KNEW there is no such protection for this data, copies of it, or derived data. You just weren't sure who was using it. This is no big curtain being thrown open.

Amazon is only going to bat for your AWS data, because they don't profit this way from it. Ask what else they consider "your" data, like purchase history, see how far that goes. They are not scattering, they are using this as a marketing opportunity.

My point is don't play the stupid card here, my loud mouth friends on the Internet, this is the Internet you _asked_ for.

Re:You Brave Companies, You (4, Funny)

jez9999 (618189) | about a year ago | (#44058545)

Excuse me, but WHO'S data?

An android character on Star Trek.

Re:You Brave Companies, You (0)

Anonymous Coward | about a year ago | (#44063043)

"... whose data..."

Re:You Brave Companies, You (3, Funny)

sociocapitalist (2471722) | about a year ago | (#44057953)

Once again we prove the principle, Sunlight is the best disinfection. These guys, the NSA and the big internet companies, were happy to share your data UNTIL the light was shone on them. Then they scattered like cockroaches when you turn the lights on.

Don't you mean Snowlight?

Re:You Brave Companies, You (3, Interesting)

stephanruby (542433) | about a year ago | (#44057361)

How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?

In the case of Amazon, it cut off [cnet.com] its services to Wikileaks at the request of Sen. Joseph Lieberman (Chairman of the Homeland Security and Governmental Affairs Committee). That's what Amazon was doing before Snowden. They didn't wait for an injunction, they didn't wait for Wikileaks or Assange to be brought upon charges (they've helped the US government deal with Wikileaks, without having to enter the messy US court system and all the rights that could possibly imply for the defendant).

And now suddenly, Amazon is getting this big fat 10-year contract [itworld.com] from the CIA for a private cloud (that IBM is challenging every which way). Oh thanks Senator Lieberman!! And thank you US taxpayers!!! Amazon may not like to pay taxes, but it sure likes benefiting from them!

Re:You Brave Companies, You (2, Insightful)

Drakonblayde (871676) | about a year ago | (#44057433)

I too have my doubts about the sincerity of corporate entities who are in the business of relieving folks of their money. I also think they're in spin control mode.

But, when you get right down to it, their advice is not wrong. It behooves us brainy type peoples to ignore the political and social connotations that prompted such announcements and distill the subject matter down to it's essence and ultimately determine whether or the information is correct or not.

Re:You Brave Companies, You (2)

im_thatoneguy (819432) | about a year ago | (#44057541)

Many companies had appealed and had lawsuits. The difference is that now that the program is public their lawyers are letting them talk about the lawsuits. Yahoo for instance it was revealed had a 3 year long lawsuit fighting it.

Re:You Brave Companies, You (2)

RyoShin (610051) | about a year ago | (#44057635)

From what I've read, Google is the only one claiming to have tried to fight these before the reveal. Everyone else is playing damage control.

alright (1)

slashmydots (2189826) | about a year ago | (#44056711)

That's good. They do not need to know just how many Anime DVDs I bought, okay? It's enough to flag anyone as abnormal, lol.

Re:alright (1)

MrEricSir (398214) | about a year ago | (#44056997)

That's funny, I didn't know Amazon Web Services sold DVDs.

Mostly Harmless (0)

Greyfox (87712) | about a year ago | (#44056723)

I'm pretty sure the government doesn't care about your purchase history of... an inflatable love goat and a 55 gallon drum of lube. Nice. Your file still says "Mostly Harmless."

Re:Mostly Harmless (2, Interesting)

Thantik (1207112) | about a year ago | (#44057017)

Just a heads up, if you buy that much lube, they don't arrive like the lube you'd buy in a tube. They come as a dry powder with mixing instructions....

Re:Mostly Harmless (1)

jelizondo (183861) | about a year ago | (#44057111)

Well, well, well...

Now that we know about the lube, pray tell us, where you can get an inflatable sex goat...

tsk, tsk, tsk, children need to learn to keep their traps shut, lest they embarrass themselves.

Re:Mostly Harmless (1)

Mr. Slippery (47854) | about a year ago | (#44057165)

Now that we know about the lube, pray tell us, where you can get an inflatable sex goat...

I wouldn't type a query like that into Google, but privacy-respecting search engine DuckDuckGo [duckduckgo.com] reveals several sources for inflatable sex goats.

Re:Mostly Harmless (1)

jelizondo (183861) | about a year ago | (#44057283)

Mr. Slippery joins the discussion about lube and sex goats; I'm sure there is good joke material there but I'm too tired to explore it.

Please forgive me and just ROL like I made a good joke...

Re:Mostly Harmless (1)

maxwell demon (590494) | about a year ago | (#44058265)

just ROL like I made a good joke...

Ranting Out Loud? :-)

Re:Mostly Harmless (1)

Anonymous Coward | about a year ago | (#44057509)

You don't even need to leave Amazon. They got what you want, http://www.amazon.com/Pipedream-Products-Blow-Billy-Goat/dp/B0016399DY

Re:Mostly Harmless (0)

Anonymous Coward | about a year ago | (#44057757)

One should always keep their inflatable sex-goat handy. You never know when you might need it [theonion.com] .

Re:Mostly Harmless (1)

Arancaytar (966377) | about a year ago | (#44058503)

Yes, I... heard about that, too.

Re:Mostly Harmless (2)

Jah-Wren Ryel (80510) | about a year ago | (#44057685)

I'm pretty sure the government doesn't care about your purchase history of... an inflatable love goat and a 55 gallon drum of lube. Nice. Your file still says "Mostly Harmless."

Until that day comes that they DO care. Like say, you end up a prominent civil rights leader. [cnn.com]

Ever wonder how much of the Occupy movement was derailed by quiet government pressure on key people?

Now all I want is (0)

Anonymous Coward | about a year ago | (#44056795)

So, Google, now I want client-side email encryption in Gmail. What? You won't do that? Oh, I forgot, YOU want to snoop on my stuff too, right.

Re:Now all I want is (1)

PixetaledPikachu (1007305) | about a year ago | (#44057041)

So, Google, now I want client-side email encryption in Gmail. What? You won't do that? Oh, I forgot, YOU want to snoop on my stuff too, right.

Google doesn't prevent you from using Thunderbird + enigmail. You have options, you know

Re:Now all I want is (3, Interesting)

Nerdfest (867930) | about a year ago | (#44057117)

Thunderbird and EnigMail actually work very nicely as well. Someone has mentioned that there is actually a browser add-on or something that will allow you to do it with webmail as well, but I'm not familiar with it. K9 supports encryption on Android as well. Using encryption is really not that much trouble. The only inconvenient part is getting non-techies to set up their keys.

In Soviet Russia... (1)

Thor Ablestar (321949) | about a year ago | (#44056815)

In Soviet Russia, the soldering iron solders YOU!

Seriously, here is a Russian analog to US Rubberhose Decryptor. It's named a Rectothermal Crypto Analyzer. We Russians mean a hot soldering iron in suspect's anus. And after some policemen sodomized their suspects with batons and Champaigne bottles (In Kazan, the region police station has been closed after this) this lore becomes just a reality.

But we Russians are not the first. In Great Britain you either disclose your keys or just go to prison. [Insert your 1984-esque joke here]

Re:In Soviet Russia... (0)

Anonymous Coward | about a year ago | (#44060271)

In Great Britain you either disclose your keys or just go to prison.

Or maintain consistently that you forgot or never had the keys as appropriate (which *is* supposed to be a defence). And appeal all the way to the Supreme Court (and the ECHR if necessary) if convicted. You will almost certainly win on the grounds that having to prove the impossible (that you don't know the keys) is not compatible with your right to a fair trial. No one has done this yet; AFAIK one of the few relevant cases was where the suspect admitted knowing the key but refused to provide it or something like that.

Don't make promises you can't keep (5, Interesting)

wickerprints (1094741) | about a year ago | (#44056867)

Amazon's position may be principled, but it won't do any good to fight the subpoena. We have already seen that the FISC (FISA court) is just a rubber stamp operation, and that the legislative, executive, and judicial branches of the government want ever greater power and authority under the guise of the "war on terror." Indeed, according to the government, it would be illegal for Amazon to inform the individual(s) whose information is being requested that a request even exists.

The problem isn't merely that warrantless surveillance exists. The problem is that there are no checks in place, no means by which the people themselves, can directly hold the government accountable for such programs. Constitutionality is a farce, easily overcome in the name of "national security." And this is precisely what the terrorists hope to achieve--the use of guerrilla tactics to provoke a government to enact increasingly draconian laws and curtail basic civil liberties, until the government becomes the oppressor against its people. Their eventual goal is to cause the collapse of that government. To this end, such surveillance programs play into the hands of the terrorists.

Also, the proper word is "ciphertext." Not "cypher text."

Re:Don't make promises you can't keep (1)

Anonymous Coward | about a year ago | (#44057131)

Alright then, Captain Fussbudget Wickerprints, "cypher text" it is.

Re:Don't make promises you can't keep (0)

Anonymous Coward | about a year ago | (#44057141)

Any of these companies that don't want to cooperate with these measures, 'legal' or not have a simple option: move their servers outside the US.
MS took this ridiculous stance "OH, there's this conflict between US law and EU privacy law, we can't do anything..."
Of course they can, US law doesn't apply to EU corporations on EU territory, MS can own a EU company which operates the servers.
That can serve customers outside the US, or even within the US, just as US servers deal with international originating traffic.

Re:Don't make promises you can't keep (1)

MysteriousPreacher (702266) | about a year ago | (#44058427)

Local law applies when you do business in that region. You can't relocate your servers to the fucking moon and then claim immunity to all earthly laws. The only way MS can evade US law is to relocate and to stop doing business in the US.

Re:Don't make promises you can't keep (1)

Psychotria (953670) | about a year ago | (#44057379)

Actually, cyphertext is perfectly reasonable. But I agree that it should (probably) be one word.

Re:Don't make promises you can't keep (0)

Anonymous Coward | about a year ago | (#44057675)

No, he's right. "Cipher" comes via French from the medieval Latin cifra, originally from Arabic. It wasn't spelled with a "y" anywhere along the line from the time it emerged from Arabic script into the Latin alphabet, up until fairly recently. The "y" in "Cypher" probably comes about from confusion with similar-looking Greek roots like "cybern-" (which had an upsilon in Greek and a "y" or "u" in Latin, as opposed to an iota/i) and "crypt-" (again, the upsilon in Greek).

captcha: scribe

Re:Don't make promises you can't keep (1)

Mitreya (579078) | about a year ago | (#44057389)

Amazon's position may be principled, but it won't do any good to fight the subpoena.

You are assuming that they actually intend to fight the requests. Just because a company comes forward and claims something...

They'll probably only fight the non-secret, regular requests (i.e. the ones from the 90s).

Huh ? (1)

boorack (1345877) | about a year ago | (#44057503)

Typical corporate hipocrisy and damage control measures. They realized their "principles" only after it has been revealed but were happy to ignore those "principles" earlier. Everyone, (especially non-US companies) should consider moving out of their (and Google's, and others) wiretapped clouds.

Re:Don't make promises you can't keep (0)

Anonymous Coward | about a year ago | (#44057593)

If the US Government wants to conduct this sort of mass surveillance then as part of that they should be required to grant absolute immunity to all US Citizens from any prosecution, whether criminal or civil, based in whole or in part upon information obtained from or investigation informed by the surveillance system. The only exceptions should be for cases where the United States is directly attacked or there is clear evidence that an attack was or is being planned, as is the case in terrorist plots and incidents.

Re: Don't make promises you can't keep (0)

Anonymous Coward | about a year ago | (#44059419)

good one

Re:Don't make promises you can't keep (1)

Tokolosh (1256448) | about a year ago | (#44059719)

'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena."

How does this work if Amazon are served with a secret order? They are gagged and cannot reveal that it even exists. The customer cannot sue, because he cannot prove the government is snooping on him. And it is no use asking, because the existence of snooping is secret. This is the most outrageous aspect of the whole sorry saga.

Re:Don't make promises you can't keep (1)

C0C0C0 (688434) | about a year ago | (#44059973)

RE: "We have already seen that the FISC (FISA court) is just a rubber stamp operation"

I just want to point out that this is not necessarily as bad as it sounds. Assuming we don't think the courts have gone over to the dark side, just the fact that the request has to be approved by someone outside the agency and will not be kept a *complete* secret is a *very* good thing. I suspect that a great many requests are never made because they would have to be explained. Even if the threshold is low (which is a legislative issue, not a judicial one), I for one am at least a little encouraged by the existence of the rubber-stamp FISC. I can assure you that the NSA would rather it didn't.

Re:Don't make promises you can't keep (1)

flimflammer (956759) | about a year ago | (#44061153)

They don't have a great track record of following through with their promises, anyway. Look at the California sales tax ordeal. All up in arms over it vowing to fight it and then overnight they just change their mind and welcome the change.

Damn right.. (2)

RoknrolZombie (2504888) | about a year ago | (#44056959)

...you only get data from Amazon if you PAY for it!!!

Ahem... (4, Insightful)

SJ (13711) | about a year ago | (#44057005)

This is the same Amazon that just won an $800m bid to host the CIA's cloud computing system?

Uh huh.

Re:Ahem... (1)

jkflying (2190798) | about a year ago | (#44058155)

$600M. But yeah.

Re:Ahem... (1)

maxwell demon (590494) | about a year ago | (#44058225)

Running the CIA's cloud will give Amazon access to the CIA's data, not the other way round.

Re:Ahem... (0)

Anonymous Coward | about a year ago | (#44059145)

it will also give them a huge conflict of interest. I think that was the point.

This is truly the problem with NSA spying.. (3, Insightful)

HerculesMO (693085) | about a year ago | (#44057033)

It tells the rest of the world that your data is not safe in the USA, and our cloud service providers are not to be trusted (along with our banks, our ISPs in general, our telecom companies, etc).

There will be a boom to companies who are situated in more open societies in the next few years providing these services without the watchful thumb (presumably) of the NSA and other organizations. Right now Amazon and everybody else, even if they didn't cooperate with the NSA, are now subject to the US government's stupidity in proposing big brother and not realizing how it may harm our trade.

But you know... freedom rah rah rah.

Re:This is truly the problem with NSA spying.. (2, Insightful)

Anonymous Coward | about a year ago | (#44057373)

I'm going to go out on a limb, post as AC, and ask: what open societies?

If you put servers in China, you KNOW they do the same thing as the NSA, not to mention worse (Great Firewall of China.) In fact, China, by law, owns 51% of any extension of a firm doing business there.

Russia? Perhaps, except the shadow of the old Soviet Union still is present.

Europe? Right now, they are the pinnacle of global civilization and freedom now, but who knows how long that will stand. Germany is subject to Russia's whims, since if the gas gets turned off, they will freeze to death in the thousands (as they gave up their sovereignty in return for being able to be nuclear-free.)

Sweden/Norway/Finland as a subset of Europe? Probably the best place to open a business in the world as it stands now... who knows in the future.

Africa? No real infrastructure, and most of the continent would not even have a stable government to protect a data center from guys with technicals and machine guns from raiding the place on whims.

India? These guys broke the back of Skype and RIM demanding eavesdropping points.

Middle East? Perhaps Israel, but anywhere else, one goof, and all the equipment would be seized.

I'm going to also go further out on the limb and state this:

I have a few co-located servers behind a decent firewall and IDS/IPS. I constantly get barraged by hack attempts from China, India, and Russia. The SSH daemon gets slammed even with sshguard in place. I looked at locating servers in China, and they demanded a local firm there own them, giving me a minority stake.

So far, the NSA has been the least of the threats to what I'm doing. In fact, SELinux has probably saved the hide of my webserver a few times. If the NSA gets my business records, who the fuck cares. They don't share them even with domestic firms, while if the PLA gets anything, they will become Chinese property, just like the blueprints for PV panels did (which allowed them to dump panels for cheaper than the rare earths needed until Congress finally tacked on a tariff.)

I'm far more worried about a burglar attacking the co-loc I have my stuff at than anything the NSA does. In fact, the NSA has -helped- my little business's operational security, so even though this is unpopular, I will say that the NSA is not on my worry list whatsoever.

Locating servers in the US, I really don't have much to be afraid of. The NSA may get access to something I have at the worst, but I won't have my servers shut down, and some US company start making my exact product.

So, choose your evils wisely.

Re:This is truly the problem with NSA spying.. (1)

capedgirardeau (531367) | about a year ago | (#44057521)

Switzerland, which is not in the EU and is very strict about privacy.

Yes, their banking sector is starting to crack a bit, but they are being dragged kicking and screaming and it is not even clear if they will be turning over data. Most of the banks, unless you are a giant customer I would guess, are just refusing accounts to US citizens. I know they closed my crappy bank account.

There are several hosting services in Switzerland that offer privacy protecting hosting and services.

Re:This is truly the problem with NSA spying.. (1)

heypete (60671) | about a year ago | (#44058497)

Considering that the Swiss have a well-developed satellite monitoring system [wikipedia.org] , it wouldn't surprise me if they had monitoring of domestic and international phone and internet traffic going through the country.

They may have very strong data protection laws that help prevent the misuse of data by private entities (the EU has similar laws), but do they have strong laws that protect data from misuse by the government? (If so, I'd appreciate a link, as that'd be really useful to know.) I know that the EU mandates retention of various email metadata (IP addresses, sender/recipient addresses, etc.) for 6-24 months in case the government wants the info -- do the Swiss?

Re:This is truly the problem with NSA spying.. (1)

capedgirardeau (531367) | about a year ago | (#44060023)

I don't know the answers to your questions, nor did I know about the system in your link.

All I know about is all the crap they put me through as a small business with privacy and data collection and what I see on the news about the government blocking a lot of the data requests from other countries.

Thanks for the link.

Re: This is truly the problem with NSA spying.. (0)

Anonymous Coward | about a year ago | (#44057397)

Seriously, which open societies are you talking about ?

Re:This is truly the problem with NSA spying.. (2)

Drakonblayde (871676) | about a year ago | (#44057455)

The irony is that back when cloud storage started to become a big buzzword, folks were worried about things like their data coming to rest in China.

Honestly, the NSA scandal just provides me with some vindication when I argue for encrypting all data, no matter how inconvenient it may be, and to avoid the cloud unless it's a cloud you built and control yourself.

Re:This is truly the problem with NSA spying.. (3, Interesting)

turp182 (1020263) | about a year ago | (#44059169)

The rest of the world has known for a long time that their data isn't safe in the US, in fact they legislate that personal data cannot be stored in the US (various data privacy acts relating to multinational corporations).

When I worked at a multinational insurance company our international data storage was in Canada, UK (we served data to/from India from the UK, insanity from a performance perspective), South Africa, and Australia. No data regarding foreign citizens could be stored in the US.

This has been the case for at least 7 years or so, probably longer.

Re:This is truly the problem with NSA spying.. (1)

cavreader (1903280) | about a year ago | (#44059923)

Do you honestly believe every country government on the planet with indoor plumbing, electricity , and a broadband connection are not interested in monitoring their citizens online activities for all kinds of reasons? The shear amount of hyperventilating over this NSA secret spying is just uncovering just how stupid and gullible people can really be. This secret NSA program was outed over 11 years ago when the NSA fired and investigated the employee who designed the first edition of the software because he refused to add the capability for domestic intercepts. If the NSA is so sneaky and overbearing why do they need to ask for data from the phone and internet service providers? Isn't their super sneaky, rights annihilating, spook system capable of intercepting all internet traffic with a flip of the switch? And the shear number of people of actually think the government or anyone else for that matter gives 2 shits about anything you say on the phone or put in your e-mails. If you want to protect your secret plans to rule the world or download a free DVD there are a lot of ways to encrypt and obfuscate your online activity if you really feel the need. And doesn't it strike you funny that the CIA and NSA are supposed to be clandestine organizations but every damn thing they do ends up on the front page of the web sites, newspapers, and television shows? If this whole NSA program surprised you obviously you have not been paying attention.

We're gonna see more of this (1)

93 Escort Wagon (326346) | about a year ago | (#44057049)

It's probably all just empty posturing; but these companies know the recent revelations regarding the US government's reckless behavior has the potential to single-handedly kill their nascent cloud businesses.

And, perversely, that may be our only hope. Congress will cow-tow to big businesses a lot more readily than it will listen to the citizens they purport to represent. If it's a danger to profits, they may slam on the brakes.

Bite the Hand that Feeds You? (4, Informative)

Jah-Wren Ryel (80510) | about a year ago | (#44057137)

The CIA is one of Amazon's biggest customers. [wired.com]

After what they did to the CEO of Qwest [reddit.com] for refusing to cooperate [usatoday.com] I doubt Bezos is going to put those big contracts and his personal freedom at risk.

Re:Bite the Hand that Feeds You? (1)

Tr3vin (1220548) | about a year ago | (#44057535)

The CIA is not associated with the NSA. The CIA is an independent organization while the NSA is part of the Department of Defense. So no, Amazon did not bite the hand that feeds it. If anything, based on how the various government bureaucracies view each other, the CIA loves Amazon even more.

Re:Bite the Hand that Feeds You? (1)

Ost99 (101831) | about a year ago | (#44058569)

Amazon scored their CIA brownie-points by taking down Wikileaks without any legal requirement to do so.

Re:Bite the Hand that Feeds You? (1)

cdrudge (68377) | about a year ago | (#44059411)

They are both part of the Intelligence Community, The CIA is headed by the Director of National Intelligence who reports to the President. The NSA is part of the US Intelligence Community which is also headed by teh Director of National Intelligence. The NSA itself is headed by the DoD who reports to the President.

Saying they aren't associated with the NSA is saying that two grandkids of the same grandparent aren't related to each other. They are cousins on the same branch of the US Government family tree. They are both operating independently of each other, but they still hang out with each other and can get into all sorts of trouble together.

Clever Girl (-1)

Anonymous Coward | about a year ago | (#44057239)

This establishes in-fact-do that the U.S.A. Government (NSA, NSC, DNI, White House, DoJ) want to know WHO buys, what WHO buys, and when WHO buys, and the WHO is citizens of U.S.A. The Utah 'Facility' sorts, collates and correlates the WHO citizen of the U.S.A.

This establishes in-facto that the U.S.A. government of Barak Hussain Obama II is engaging in blackmail and wire fraud on the legal citizens of the U.S.A. for the first time.

The 'Coffin' of Mr. Barak Hussain Obama II will be a 500 meter radius crater.

Good Targeting Boys.

Already got a feed into Amazon (1)

JabrTheHut (640719) | about a year ago | (#44057243)

So, tell us, how does a company that insists it didn't give the NSA complete access and coincidentally uses cloud hosting providers like Amazon wind up giving the NSA it's entire database, plus updates in real time? Does anyone want to guess if S3 has a rule that states it must be replicated to one or more of the DCs in the US?

No, Bezos, I don't believe you when you say you would fight it, and I don't believe you when you say they NSA don't have complete access to each and every one of your systems at will. Encryption or no, Amazon is a honey pot. People pay them for the privilege of being snooped on by the NSA.

Encryption of VMs in the cloud (1)

Anonymous Coward | about a year ago | (#44057311)

Having a VM in the cloud with disk encryption is really only as effective as your cloud provider deems. Since encryption keys can be relatively easily obtained from a snapshot of the VM's memory, it really depends on if someone like AWS informs you to turn off your VM before making a snapshot to give to the government. In my opinion, if you have data that you don't want the government to see, don't rely on the cloud.

That'd be a neat trick (1)

kriston (7886) | about a year ago | (#44057331)

That'd be a neat trick since they are busily building a huge, private AWS cloud for the CIA right now.

They probably already have most of this data ... (0)

Anonymous Coward | about a year ago | (#44057347)

They probably already have most of this data if you used a credit card for your purchases

Hmmmm (1)

Demonoid-Penguin (1669014) | about a year ago | (#44057367)

The CIA chose Amazon's cloud services over the cheaper tender from IBM [smh.com.au] . Maybe IBM couldn't demonstrate the experience in IT delivery that Amazon can - or, maybe it's because Amazon plans to deliver everything to consumers (and IBM already has many CIA contracts). Would that mean I should take the Amazon's claims with a big fucking bucket of salt??

Just joking! Only a paranoid would think the CIA has an agenda.

Great if true ... (2)

MacTO (1161105) | about a year ago | (#44057747)

... I can't speak for everyone, but I find that the books I read are amongst the most private things in my life. It would be nice if the websites that I read were private, but the fact is that involves so many third parties that it's absurd so privacy isn't an expectation. It would be wonderful if my search queries were private, but I recognize that the businesses involved make their money by selling my data (such is the perils of demanding a service for free). But books I obtain from a limited number of sources, and I pay for directly or through my taxes. They are also, in a way, more intimate. So it is nice to think that my reading of books is private.

Then again, I choose my book vendors carefully and purchase with cash when I expect it to be private.

Mobile morals (3, Insightful)

boundary (1226600) | about a year ago | (#44057853)

All of a sudden these huge companies that own all our data are vowing to fight this, divulge that, release this, resist that. Shame they weren't willing to do all that ethical shit before the middle of last week when they were all caught with their pants down.

Re:Mobile morals (0)

Anonymous Coward | about a year ago | (#44061245)

All of a sudden these huge companies that own all our data are vowing to fight this, divulge that, release this, resist that. Shame they weren't willing to do all that ethical shit before the middle of last week when they were all caught with their pants down.

Amazon is willing to fight for "your" AWS data, not "their" data concerning for example, what you purchased through them, what pages you look at.

This is like authorities trying to search a landfill (on the Internet), and the operators are telling the users it's "their" trash to upset them into hassling the government for really backwards warrants they don't really need. The landfill operator doesn't want you telling them how to treat "your" trash at all, because they don't want you or the authorities to have much say in their operations, so it's entirely two faced.

It's REALLY between the authorities and the landfill operator who makes it well known they don't know or care who uses their services or what gets dumped, thus don't have any defense when the authorities say they suspect something they have cause to look for is there.

Everyone is calling the FISA courts rubber stampers, but how hard should it be to establish probable cause to search a landfill as opposed to an individual's effects? Yah, maybe landfill is a bit harsh, but the point is where do you draw the line in determining something on the Internet is actually yours?

remember wikileaks (0)

Anonymous Coward | about a year ago | (#44058095)

Yes... they vow to do that... just like they did it with wikileaks....

I am quite disappointed by American politics... (1)

fufufang (2603203) | about a year ago | (#44058735)

Back in 2008, Obama said he was going to stop all these warrantless wiretapping. Now we have private corporations supposedly fighting the government for the privacy of private customers. I thought it should have been the other way around.

keep it up (0)

Anonymous Coward | about a year ago | (#44059405)

good

Diversion (0)

Anonymous Coward | about a year ago | (#44059553)

This story was released to divert your attention from the story that Amazon has a $600million dollar government contract to build the CIA a private cloud.

    http://qz.com/95994/amazon-is-staffing-up-for-its-600-million-cloud-for-spooks/

Bozos ? Amazon ? Fight NSA ? (0)

Anonymous Coward | about a year ago | (#44060609)

Never happen. Bozos will welcome the cool butt zillion in cash the NSA can cough up with his gay laugh.

But this does show the NSA is targeting U.S.A. citizens for blackmail and extortion.

So how much cash does the General in charge of NSA get under the table from bogus credit card transactions each day ?

Maybe more than his 120K/yr government salary.

Subtle advertisement for their HSM product? (1)

bacchus612 (168559) | about a year ago | (#44061771)

It seems like a lot of people don't realize that amazon has recently released a Hardware Security Module product [amazon.com] . If you want to encrypt your data in "the cloud" such that it is not available to your cloud provider, but is usable by your application, this is pretty much the only way to do it.

As far as I know, amazon is the only major cloud provider that has an HSM option -perhaps this is a subtle advertisement of their (not cheap) new service to people who are *really* concerned about encrypting their data.
Food for thought at least..

Is FISA Constitutional ? (0)

Anonymous Coward | about a year ago | (#44061929)

How is that, regarding our Constitutional Law, that a 'Court' can exist in secret, whose 'Judges' exist in secret, whose deliberations exist in secret, whose opinions regarding Federal Government actions against U.S.A. citizens exist in secret but by whose secrecy the Federal Government relies upon to attack U.S.A. citizens?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?