Snowden and the Fate of the Internet As a Global Network

Hugh Pickens DOT Com writes "John Naughton writes in the Guardian that the insight that seems to have escaped most of the world's mainstream media regarding the revelations from Edward Snowden is how the US has been able to bend nine US internet companies to its demands for access to their users' data proving that no US-based internet company can be trusted to protect our privacy or data. 'The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system,' writes Naughton. 'Nothing, but nothing, that is stored in their "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA.' This spells the end of the internet as a truly global network. 'It was always a possibility that the system would eventually be Balkanised, ie divided into a number of geographical or jurisdiction-determined subnets as societies such as China, Russia, Iran and other Islamic states decided that they needed to control how their citizens communicated. Now, Balkanisation is a certainty.' Naughton adds that given what we now know about how the US has been abusing its privileged position in the global infrastructure, the idea that the western powers can be allowed to continue to control it has become untenable. 'Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes?' writes Neelie Kroes, vice-president of the European Commission. 'Front or back door – it doesn't matter – any smart person doesn't want the information shared at all. Customers will act rationally, and providers will miss out on a great opportunity.'"

Encryption:

[Redeye Carci]

Something to actually use.

Re:Encryption:

[aaaaaaargh!]

Technical solutions to social & political problems don't work.

Re:Encryption:

[lister king of smeg]

Technical solutions to social & political problems don't work.

Really you want to try brute force decrypt 4092 bit random key encrypted folder stored to random joe's sky drive folder? No, well neither does the NSA.

Re:Encryption:

[localman57]

If Random Joe doesn't share it with anybody, they probably don't give a shit. The NSA is perfectly happy to let Random Joe sit around enjoying his porn collection. But when people start working together, they get interested. They care if Random Joe is going to share it with somebody at somepoint. And they're real interested in that. Even if they never decrypt it, they can tell that Random Joe uploaded it, and Random Bob downloaded it. Now, the interesting question is what is the relationship between Random Joe and Random Bob? That connection between those two is valuable information, and you can get it without ever decrypting the actual data.

Re:Encryption:

[TapeCutter]

Now, the interesting question is what is the relationship between Random Joe and Random Bob?

You've nailed it. The secret service does not exist to crush dissent, it exists to crush organised dissent before it takes root.. They collect "meta data" not because of the fig-leaf of privacy it affords but because it holds the information they want - relationships between "subversives" (real or imagined). Trawling a gazzillion emails for key phrases is inefficient and error prone, the network of relationships tell you exatly which individuals to remove to most effectively dismantle the entire organisation.

Trivia: Biologists use the same network analysis methods to identify key species in different habitats.

Re:

[TemporalBeing]

The Secret Service exists to protect the president and his family.

Well, only partially right. The main job of the Security Service is related to the various tasks of the Treasury Department and money handling - counterfeit money, etc. (Yeah, FBI does some investigative work; but the job is primarily one for the Treasury Department and the Secret Service. Apparently the law creating DHS also moved the SS to DHS.) It was just convient that it didn't report to the Executive Branch and therefore they also got the job of protection of the high level Executive Officials (POTUS,

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[synapse7]

the xkeyscore presentation suggests they do this while they get coffee.

Re:

[lister king of smeg]

the xkeyscore presentation suggests they do this while they get coffee.

I thought they were using stolen ssl keys or blank ssl keys provided by verasign for that.

Re:

[NatasRevol]

Does it really matter how if they have all the keys?

Re:

[Synerg1y]

*shrug* verisign isn't the only CA, it's just the biggest one. It doesn't even have to be a trusted CA (you'll just get ominous looking browser messages till you add it). I think that's going to be the biggest fallout from this, non-NSA compromised off-shore offerings are going to start cropping up for services primarily used by everybody but hosted in the US. Megaupload's takedown took down a ton of other businesses as well, somehow I doubt those businesses host their data on shore now.

This however won'

Re:Encryption:

[lister king of smeg]

That is why I encrypt my private key

Re:Telegraph: They don't tap than service!

[Half-pint HAL]

Also, while you can encrypt to your hear's content, how do you pass people you want to communicate to securely a private key to encrypt and decrypt with?

You don't, you pass them a public key, and you keep the private key to yourself. You encrypt with your private key, they decrypt with your public key; they encrypt with your public key, you decrypt with your private key. This is the wonderfully symmetrical maths of pair-of-primes cryptosystems.

Re:Telegraph: They don't tap than service!

[Areyoukiddingme]

And if you want to make sure that one and only one recipient can receive your message, you encrypt with your private key, then encrypt with the recipient's public key. They decrypt with their private key, then decrypt with your public key. To respond to you and only you, they encrypt with their private key, then encrypt with your public key. You decrypt with your private key, then with their public key.

PGP, kids. It's a wonderful thing. (Or GPG, if you're excessively fond of a particular open source license.)

Re:

[orkim]

I would assume you meant to say 'sign with your private key'. As noted above, encrypting with the private key so everyone can decrypt it would be pointless. However, if it was signed, it still serves are purpose as you could be ensured of the author of the message.

If you really wanted to encrypt the content of the message between parties you would always use their public key to encrypt, then only they could decrypt with their private key.

Re:

[leehb9]

But since we know that they're out there and looking, anything I can do to slow them down a bit is a step in the right direction. Encrypt all your shit!

Re:

[Pi1grim]

It's not a social problem. It's problem of power abuse. Making it harder to abuse can help contain the problem. If everyone uses end-to-end encryption, then centralized ubiquitous surveillance is impossible.

Re:

[X0563511]

At which points heads will begin to roll.

Re:

[arth1]

Unless I remember wrong, there was already one case where the presence of encryption and refusing to decrypt with reference to the fifth amendment was used as evidence against an accused.

Sure you have rights, but if you invoke them, it's evidence that you're a criminal.

Re:

[lister king of smeg]

Mod this up. Encryption will continue to be a 'grey' area legally for the sake of the children. Fuck the children.

i believe that is actually the excuse they use for all of the spying and hacking

Re:Encryption:

[JaredOfEuropa]

Technical solutions can to some degree mitigate social and political problems. Using encryption isn't going to solve the issue of governmental and commercial parties snooping and sharing stuff that we the people do not want them to access, nor will it solve the deeper issue of these organisations thinking that they have a right to access that data to begin with, but encryption can reduce the amount of useful data they can actually access.

In this case, the solution fails for technical / practical reasons. Corporations do not use "the cloud" just for storage, but for processing of data as well, which means it'll have to exist in plaintext on the cloud server at some point. If you want your data to be secure, you should certainly encrypt it, but you aso should stop using the cloud for anything but storage of already encrypted data.

Re:Encryption:

[Anonymous Coward]

Encryption is not a solution. You can't reasonably use cloud computing, webmail or social networks with encryption in a way to prevent the kind of snooping that is going on. The solution is to stop using untrustworthy providers: Don't use US services.

Re:

[Pi1grim]

You're using the encryption wrong. If you are the only one who has the key, then NSA can go and build quantum computer. Untill they do that, you are in the clear.

Re:

[Jane Q. Public]

"Such techniques are overlooked because they have huge flaws. I you were to monitor the message exchange in the scheme the GP used you could recover both keys and the plaintext easily."

Yes, in that particular implementation you could, if you [A] captured ALL of the exchanges, and [B] knew that they are a sequence, and (C) knew the encryption method. But even if you knew all these things, that's an implementation flaw, not a flaw in either XOR or one-time-pad-type encryption. The problem with his scheme is that it isn't "one time". Each key is used twice. But ANY cipher that re-uses a key can become vulnerable, some just more so than others.

With proper key management, one-time pads (whe

Re:Encryption:

[MightyMartian]

These are *services* on the Internet, not the Internet itself. Yes, individual services like SMTP are vulnerable, but no one says you have to use it, or Facebook or whatever hipster doofus smocial smetworking site is the be-all and end-all this week. There are ways to use the Internet that make you far less vulnerable. Nothing, of course, is 100%, and if They (whoever They are) can take advantage of vulnerabilities on your hardware, well that is a problem, but it is a different kind of problem.

Not even China can afford to cut the tubes between here and the West, and not even the West, despite its governments' singular desire to know every utterance its citizens make over said tubes, can afford to so damage the Internet in a quest for that kind of total knowledge. They will all push the boundaries of technology, but at the end of the day, too much of the global economy has become reliant on the Internet to allow it to be too balkanized.

That is not to say there aren't problems here. Whether it's trying to censor what citizens see (as China and Iran have done, and what the UK is trying to do) or ubiquitous spying (as probably all governments now do) these are threats to the free exchange of information, but at least so far as the letter is concerned, that can be fixed by using alternative protocols and encryption. Just because it's no longer secure to post shit on Facebook or use SMTP to send confidential emails (when was it ever really secure to use SMTP) doesn't mean the Internet is doomed.

Re:Encryption:

[Penguinisto]

One small problem - encrypted messages won't get very far if the packets are blocked as being non-readable by whatever censorship authority runs the firewall/choke-point/etc.

A truly 'Balkanized' Internet would mean that there would be choke-points through which packets have to travel between subnets.

Now if you said 'steganography' instead, well, different story. But an obviously encrypted message would likely be blocked cold.

Re:

[CanHasDIY]

Time to setup our own encrypted wi-fi/radio/microwave/personal satellite based communication networks. Bypass the wired choke points and go above everyone's heads. Although they can intercept radio waves, encryption could protect the message in the transmission. Where are Amateur Radio operators when you need them? ;-)

Minding their P's and Q's - it's currently illegal to use encryption on amateur bands. There is a petition [fcc.gov] filed with the FCC to reverse that rule, but as far as I've seen no action has been taken in that regard.

Re:

[lister king of smeg]

not quite. what your thinking of is obfuscation.

encryption make your payload unreadable without they key
obfuscation hides your payload unless you know how and where to look.

Re:

[lgw]

There's no "good" steganography (provably undetectable), and such a thing may prove to be impossible. Once someone is checking a channel in depth, the steganographic bits jump out as statistically different from normal traffic because people don't usually send random noise to one another.

Steganography as security-through-obscurity might work well through automated filters if there aren't consequences for being detected - just change subchannels every time the filters get updated until you find one that's n

Re:

[tgd]

Something to actually use.

Until you can put the crypto chip into your head, all that does is move the needle, and not by much.

Re:

[CdXiminez]

More interesting that your content, is who you share it with.
They map out who sends what to whom, to find interest networks and classify people:

http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/ [kieranhealy.org]

Free speech*

[i kan reed]

*As long as that speech falls into the category of things that benefits the U.S. government.

Re:Free speech*

[CrimsonAvenger]

Nah, you can say whatever you want.

Of course, the Feds will be listening....

Re:What's the benefit of privacy from the governme

[Anonymous Coward]

If a citizen of the United States is not committing a crime, then why does the United States Government need to know the full text of everything that he reads and writes on the Internet?

Re:

[SuperTechnoNerd]

You would have no problem then with me entering your house going through your file cabinets and photo copying all your paper work , bills, loans, work, tax forms, medical records, etc..?

Re:what's the benefit of privacy from the governme

[0123456]

There are no innocent people.

There are so many laws today that you've probably committed six crimes before breakfast. If laws were actually enforced, not only would everyone be in jail, but they'd rapidly discover that the laws are so inconsistent that they can't even tell whether or not some things are crimes.

Re:

[Crypto Gnome]

It's easy to tell what is a crime and who has committed one.

The person with the highest paid lawyer wins.

Not only that but person-or-interest-group with the largest bucket of cash writes most laws these days anway.

Being poor IS a crime these days (effectively).

Re:

[stanlyb]

What about this answer: .....because as per the US constitution, and its amendments, the so called statutes, and which have precedence before any, i repeat ANY "rules" imposed by the states or the central government, that's why it is ILLEGAL.
Now, as a good citizen, go and read your constitution, for the first time in your life.

Re:What's the benefit of privacy from the governme

[geminidomino]

That's not a concern. That's just a paraphrase of "if you're not doing anything wrong, you have nothing to hide."

If one is still asking that question at this point, when it has been answered a hundred ways on a hundred days, then he doesn't care about any answer, and will continue to dismiss it.

Re:What's the benefit of privacy from the governme

[sosume]

I've got nothing to hide, so there is no reason to look. Should work both ways.

Re:What's the benefit of privacy from the governme

[CanHasDIY]

You should never, ever talk to police. [youtube.com]

EVER. [kirkpiccione.com]

FYI, when someone's being arrested and the cops tell them, "you have a right to remain silent, anything you say can and will be used against you ," they mean it literally.

Re:

[Anonymous Coward]

What is not illegal now might become illegal in the future.
http://en.wikipedia.org/wiki/Persecution_of_homosexuals_in_Nazi_Germany_and_the_Holocaust

Re:What's the benefit of privacy from the governme

[Penguinisto]

This is why [cornell.edu]:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Long story short? Unless the government has demonstrable cause to read/know the full text of "everything", it's none of their fucking business.

Re:

[Anonymous Coward]

This is why [cornell.edu]:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Long story short? Unless the government has demonstrable cause to read/know the full text of "everything", it's none of their fucking business.

Government's trump card: National Security Letter

The Government declared the Constitution of the United States of America as a "worthless piece of paper".

Re:What's the benefit of privacy from the governme

[hazah]

The government has NO authority to dismiss the constitution. Without the constitution it cannot be an official government, and thus in a legal position to impose *any* laws after the fact. It was alway the case that The People shall hold the government to the constitution.

Battle of Athens [wikipedia.org]

Re:

[fustakrakich]

"Battle of Athens"

End result? Business as usual.

You were saying?

The government has thrown out the constitution, and voters approve. The end...

Re:What's the benefit of privacy from the governme

[CanHasDIY]

This is why [cornell.edu]:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Long story short? Unless the government has demonstrable cause to read/know the full text of "everything", it's none of their fucking business.

Government's trump card: National Security Letter

The People's trump card: Constitutional Supremacy Clause [wikipedia.org]

The Government declared the Constitution of the United States of America as a "worthless piece of paper".

Considering that "worthless piece of paper" is the only document that actually authorized a federal government, I'd say that's a really bad idea on their part.

Re:

[ebno-10db]

This is why [cornell.edu]:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

You sound like some kind of radical. I'll bet if you had a few beefs with the king you'd advocate a revolution.

As an American I know that when you go to school here you're boiled in the history and causes of the Revolution and the Constitution from a young age. That's how it should be. But it amazes me how many people are oblivious to what it really means. This is a country that was created by a bunch of radicals because they had beefs with the government, and wouldn't adopt the Constitution unless a Bill o

Re:What's the benefit of privacy from the governme

[MightyMartian]

The issue here is in part interpretation of the 4th amendment, in part the fact that "meta-data", whatever form it takes, has long been viewed as not being considered "personal papers" and in part it's irrelevant to the large mass of humanity on the Internet. Even if you win the battle in the US and meta-data is either constitutionally protected, it doesn't help much if a US ally doesn't have such stringent protections. A major aspect of what Snowden's leak revealed is that the US and its allies shop the data around, so that if the US can't read an email because it is nominally obeying the 4th Amendment, no problem, the UK will happily do it.

Re:

[JesseMcDonald]

Now define unreasonable

It doesn't matter in the slightest how you define "unreasonable", because that term only appears in the rationale part of the amendment. The actual requirement is that the government doesn't get permission to search or seize someone's property (i.e. a warrant) without specific, documented probable cause.

The only definition consistent with the Constitution is that if no legal warrant has been issued, the search or seizure must be presumed unreasonable by default. If it were reasonable, they would have been a

Re:

[Anonymous Coward]

Substitute government with your neighbor. Does that clear things up?

In particular, government, being comprised of mere human beings, should (logically) not be trusted with any more power than the average human being.

Here's why.

[Anonymous Coward]

A member of my family has expressed the following concern: If a citizen of the United States is not committing a crime, what's wrong with the United States Government knowing the full text of everything that he reads and writes on the Internet?

They haven't been keeping up with current events, have they.

Have them google (if they know how), "IRS abuses".

You see, when the typical person on average commits 3 crimes per day [wsj.com], the State now has an unlimited supply of criminals - EVERYONE.

Mix it in with a For Profit prison system, politicians with agendas, and the increasing polarization of politics in the US, you WILL see abuses that we would have never thought could happen in the US.

EVERYONE has something to hide!

Re:

[JaredOfEuropa]

Ask your family member if they would like their neighbours to see every single thing they read and write on the Internet. If they don't like that, then why would they allow their government to see everything, knowing that a government (and its individual civil servants) can do far more damage, intentionally or by accident, than any neighbour could with that information.

Re:What's the benefit of privacy from the governme

[melikamp]

As Cardinal Richelieu allegedly said,

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

You can tell your relation that the main flaw in her thinking is that she presumes herself 100% legal. The basic reason NOT to allow the government to collect this data is that everyone breaks the law all the time, simply because the law is so complicated, and sometimes unjust (oppressive). Anyone who has private communications exposed becomes a low-hanging fruit for the prosecutors. The public does not benefit from prosecution under irrelevant and/or unjust laws, and the negative outcome is huge: more abuse of power, and a slide towards a police state.

End of global network

[Errol backfiring]

It does not spell the end of a global network, just like spam did not end the popularity of e-mail. More programs that are capable of storing things in the cloud will feature encryption from now on, and more people will use it.

Re:

[garyebickford]

Which raises the eternal question, "(How long) will the encryption be sufficient to avoid others snooping into it?" This is an easy question for information with no value, but as information becomes more valuable (in conjunction with an unknown amount of other information available for cross correlation), the question becomes harder.

I could see today some company offering confidential decryption services for corporate spying, which is run secretly by some professor on a big university's supercomputer to av

Re:

[DarkOx]

Encryption in the cloud is not all that realistic. Encryption of any real value requires good key management. That is to say only the people who are supposed to read and or author the plain text documents have the keys.

Right now what you mostly see if you see data at rest ciphered at all is the provider has all the keys, if you are really really lucky the provider stores the keys and keeps them weakly ciphered with some crappy password you have. Which they have many opportunities to intercept for any arm

Re:

[Charliemopps]

Most of these products already featured encryption. Unfortunately the companies in question were more than helpful when it came to letting the NSA breach that encryption.

If the mob ran the security alarm company, do you really think those alarms would do you much good against the mob? That's the exact position we're in now.

internet was never a global network

[alen]

it was always a series of government and privately owned networks, interconnected together for some limited communication and a common naming/addressing scheme for communication

This isn't news.

[intermodal]

It's always been the elephant in the room. The only new thing is that it has become obvious to a larger number of people that encryption isn't just an "in case" precaution. Anyone who knows anything about the way the Internet works has been aware for years that nothing is secure unless you both encrypt it and control the only means to decrypt it (either by encrypting it to someone's public key whom you trust or by encrypting it for your own secure decryption later).

So again, the only real change is that the tinfoil hats were verifiably right for once. The question nobody seems to be answering is, what (other than nothing) will the general public do about it? The answer to that is, only as much as they are forced to.

Is there anything useful on the non-Western 'Net?

[Anonymous Coward]

Is there really anything worthwhile on the non-Western Internet, at least from the perspective of most Westerners?

I know I couldn't care any less if I could no longer access Russian or Chinese websites, for instance. Due to language differences, they're already pretty much useless to me. I know this also holds true for most Americans and Australians, and many Europeans, too.

Yeah, I know, there are probably a small number of expats and academics who find some use in such information, but there aren't many of them. Aside from them, I don't think that Westerners in general would really miss those very foreign parts of the Internet if they suddenly disappeared.

Re:Is there anything useful on the non-Western 'Ne

[Karl Cocknozzle]

Is there really anything worthwhile on the non-Western Internet, at least from the perspective of most Westerners?

I know I couldn't care any less if I could no longer access Russian or Chinese websites, for instance. Due to language differences, they're already pretty much useless to me. I know this also holds true for most Americans and Australians, and many Europeans, too.

Yeah, I know, there are probably a small number of expats and academics who find some use in such information, but there aren't many of them. Aside from them, I don't think that Westerners in general would really miss those very foreign parts of the Internet if they suddenly disappeared.

Would you care if you could no longer send email to those countries? What about parts of Europe? What about India? India, China, and Asia represent something like 40% of the Human race... that's a huge portion of potential customers that now have a catastrophically negative image of storing their data in our country on our servers.

We've really screwed ourselves here.

Re:

[TheGratefulNet]

if we lost ability to email china and india, think of the jobs that would have to come back home again!

the silver lining, in a way.

perhaps mistrust of other nations (and vice versa) would be good for us.

Re:

[AmiMoJo]

American companies care. How are they going to buy all that cheap stuff from China and sell it to you if they can't access Chinese' web sites? How will Apple email the guys at the Foxconn factory?

Re:Is there anything useful on the non-Western 'Ne

[Joehonkie]

Good god, how did this get modded up? The way to deal with a globalization and the myriad cultures on this planet is to stick you fingers in your ears and avoid anything that doesn't interest you directly? How many expats, or 3rd or even 4th generation folks do want access to that? How many "academics," which apaprently to you means "anyone with an interest in a culture I don't care about?" Probably more than you think.

Re:Is there anything useful on the non-Western 'Ne

[Zontar The Mindless]

Let me get this straight. Did you really just say that, because you believe that "most people" lead a one-country/one-language existence, I'm obliged to give up the global life I've led for most of the last 30 years?

Just who the hell do you think you are?

Nothing but nothing?

[Hatta]

Try storing an encrypted container. When you want to access it, download it, decrypt it locally, do your work, reencrypt, and reupload. Unless your home PC is keylogged, you're safe. But if your PC is keylogged, whether you use cloud services is irrelevant.

What are the technical solutions?

[pr0nbot]

Suppose your philosopher king came to you and said, "We want to set up our own national network with privacy/neutrality as the core principle, away from the prying eyes of our tyrannical neighbours".

What would you do differently? Can much of the problem be engineered out, at least at the network layer?

Is it just end-to-end encryption? Or anonymised routing? What's the collection of technolgies you'd use to make things at least better?

Was never secure to begin with

[sureshot007]

I don't know why this is a surprise to anyone out there. The internet was never a secure place to store any information, or discuss anything. Putting something in "the cloud" is like putting on your front porch. When is the general public going to realize this? Google is giving you email for free, do you really think no one is reading it?

Let's be realistic ...

[Old97]

It's hardly shocking that the U.S. government will pressure companies or anyone with in its reach to serve its interests. Every government does that though some governments have more evil aims than others. (Like people, the U.S. is not evil though sometimes it does bad things.) Did AT&T ever refuse a government request to tap a phone line? I've read that in the 1930's the U.S. pressured ITT which was installing Germany's telephony infrastructure to include things to help us tap their lines. Not sure

Re:

[Anonymous Coward]

I have no idea why your comment is rated 4, Interesting as it is void of insights.

First of all, you are completely missing the point. The point is a rational sovereign nation will kick out US companies and generally this leads to balkanization.

Secondly, your point is absolutely useless:
"The point is that if you put information and valuables where somebody else can get it, assume someone will."

Can you propose a place where information and valuables can be put where nobody can get at it? Say we put them on

Re:

[kruach aum]

No, the news here is that the US actually applied that leverage, not that it has it. And to spell it out for you, this is news because of the contradiction between the gross violation of civil liberties on the one hand and the Defenders Of Liberty narrative the US spins around itself on the other. Additionally, there are many safe places to store information: libraries, books, journals, universities, etc.. There are even safe places to store information you do not want others to access, if you think about i

A bit overly dramatic

[RogueWarrior65]

IMHO, the author's conclusion is a bit overly dramatic. I think a more realistic conclusion is a gradual fade out of cloud computing and cloud storage. Business and people will be more inclined to keep their private data on local, closed systems now because they no longer trust the government not to stick their nose in where it doesn't belong. How long will it be before the same effect happens to socialized medicine? Would you trust the government not to use your medical status against you?

The problem with encryption

[scotts13]

... is that, either literally or metaphorically, it's vulnerable to someone holding a gun to your head and demanding the key. We're seeing this (the literal version) in the USA already. I agree with the thesis of the original article: The farther you can keep your data from USA-entangled entity, the better.

General public doesn't care

[sl4shd0rk]

Most people won't really care/comprehend much past the drama generated around the whole thing. In the US, Reality TV wins, everything else is lucky if it gets a confused, apathetic nod. If it's more work than walking to the checkout line at a Walmart, people just won't do it.

The USA still wins

[AHuxley]

UNLIMITED Domain Hosting, UNLIMITED GB Hosting Space, UNLIMITED GB File Transfer, UNLIMITED Email Accounts, FREE Domain, FREE Site Builder ..
vs the ~10 Gb bandwidth, 2 Gb Disk space other parts of the world offer at the low end.
The mid and high end will start to think about air gap, no cloud, encryption and trusted local staff.
The real fun is in bilateral agreements, trade deals and telcos just helping so the paperwork is signed.
http://www.crikey.com.au/2013/07/12/telstras-deal-with-the-devil-fbi-access [crikey.com.au]

The Business Perspective

[Bob9113]

My congressional rep is a pretty far right "We gotta stop the terr'rists" type. I've been trying to figure out the message that will ring with him, to help him understand what we have at stake here. I think it is this: Surveillance cannot become a condition of purchasing American goods and services, or we will lose business. And the solution is already in use in New Jersey:

"Under settled New Jersey law, individuals do not lose their right to privacy simply because they have to give information to a third-party provider, like a phone company or bank, to get service."

I don't want to play to stereotypes, but the reality is that New Jersey is host to some of the traditionally hard-to-crack criminal enterprises. Yet they have decided that the ability to do business must not take a back seat to making law enforcement a little easier. We cannot let surveillance become a condition of purchasing American goods and services.

'Global Network' =/= 'uniform resources'

[nine-times]

It's still a global network, and will continue to be a global network even if it's balkanized. Your business network is part of "the Internet" even though it's protected by a firewall. You might use different servers and services, but it's still all connected.

The Internet has never been so uniform a thing as what this summary implies. Different countries have been filtering access, providing different services, etc. Even in cases where access is unfettered, there are still language barriers, cultural barriers, an geographic barriers. I don't access Russian sites and services very much because I don't speak Russian, I don't live in Russia, and I'm not Russian. But we can still access many of the same sites, and we can still send email to each other.

AT&T not on the list?

[schneidafunk]

I'm still surprised this is such big news when the AT&T scandal [wired.com] got little national interest.

New levels of trust

[EmperorOfCanada]

The key here is trust. Before people might have said, 'Well AWS, Google, Microsoft won't cave because it would hurt their business models." But now we are even asking if the chips themselves might have back doors. So I suspect that now people are looking at their infrastructure and saying, "Trust nothing" Thus you design your infrastructure to assume that nearly everything is compromised.

But this brings back a new tool into the tool into the toolbox. Security through obscurity. The idea is that if you are using well known protocols and systems then the voracious data monsters may very well have ways to tap into them. But if you adopt the weirdos then you might very well avoid easy data loss. These can be layered. So you might use SSH(or some VPN) for the outer layer but underneath you might even use some homebrew encryption. As everyone knows the chances of getting your own encryption right is low but it takes you out of the realm of automated data harvesting. Some group of humans have to now pick through your protocol and crack it. Then you just keep making regular tweaks to your protocol, not to make it better but to change the weirdness.

But this whole thing is a huge opportunity for a country with good privacy protections. A whole industry of secure routers and whatnot could be created that people would trust. I would infinitely prefer a router from an Icelandic(designed and built) company than a technically better router from Cisco (designed in the US and probably made in China).

Also this is where opensource is going to get a whole lot more interesting. Tools like Skype would be better trusted if the code was opensource (they can still retain the copyrights and say, you can poke through it and compile it for your own use but not modify and distribute it). This way when the NSA demands a back door. Skype can say, "No problem but people will discover it in 5 seconds." On top of that it would be great if tools like skype had better plugins for things like encryption and comm. This way you could download 3rd party tools all day to keep shaking things up. Your buddies would have to have the same plugin but among friends or corporations this would not be a problem.

The ideal setups would allow you to know that your ISP was compromized, your software provider was compromised, and the feds hated you, yet you could still use the Internet in complete privacy.

Personally the only security I would trust if I were wanting perfect secrecy would be one time pads. By hand I would deliver one time pads to my trusted companions (divided into slices and delivered by multiple trusted couriers) and use only those for communications. The occasional HD should suffice for nearly all communications. Also the machines being used for communications would not be networked. You would take the transmission from an (assumed compromised) machine, put it on a storage device, then read it on the trusted non-networked machine using the matching one-time-pad, prepare an encrypted response, and then put it back on the compromised machine for sending. Good luck back dooring that setup.

False premise

[msobkow]

The idea that the spying means balkanization must happen is a false premise.

Anyone with a functioning brain cell who relies on cloud services already knows they're insecure and open to data theft. Those who bought into the hype of cloud services who thought otherwise were only deluding themselves that they could trust a vendor.

You've never been able to trust a vendor with data. If you have/had data that needed to be truly secure, you implemented and maintained your own infrastructure to deal with it; in fact most government and high security contracts require you to do so.

Or did you think someone like a bank would ever rely on something like AWS?

Return to URL-based Internet

[Max_W]

I think it will be the end of "social networks" and return to the Internet, which based on open source technologies.

The approach - "trust me, trust my closed binaries, as I am good guy" - is over.

I expect clearer interfaces, as people will not trust convoluted websites and OSs anymore.

It could be a chance for small and medium companies from all over the world. Why, for instance, to have one Skype when we can have several competing clients talking via open protocols.

Re:

[jader3rd]

I think it will be the end of "social networks" and return to the Internet, which based on open source technologies.

You don't know any non-nerds, do you?

Oh The Irony...

[SuperCharlie]

The most ironic and insidious part of this whole mess is.. They got us to pay for the surveillance network above our taxes. They got us to pay for the cable lines, they got us to pay for the websites, they got us to pay for Windows, they got us to pay for iPhones and Android phones, they got us to practically beg for all of it and take our money.to build our own cages.

The article's point is in error

[WOOFYGOOFY]

Look, it's not just the US that does this, it's every developed nation. The UK does it the EU does it the Far East and Middle East nations do it, no there's no escaping it.

Why do they do it? National security- same reason the US does it.

Fact: the internet is how non-state actors plan their violence, raise their money, spread their vision, do reconnaissance . Of course it gets state scrutiny- as much as the state can bring to it.

The reason that's a Big Deal in the news now is because the U.S. government appears to be contravening the US Constitution's Fourth Amendment and lying about it to the American people, and purely instrumental John Yoo-style of "findings" does not count as "lawful".

It's pretty clear to all Americans that their internet searches, their contacts, the time place and duration of those contacts qualify as their "papers" which the Constitution expressly says shall be free from unreasonable search and further that capturing those and rifling through them, analyzing them, drawing conclusions and inferences about the people behind them and then indexing all that away under the key Smith, John , well that's pretty much the definition of "search".

  To Americans, myself included, that's a big fucking deal and something that needs to be publicly, seriously and and in a sustained and methodical way considered with the goal of reaching a consensus about how we should go forward.

The government ignores this at their own peril: the terrorist have as their explicit goal to provoke reactions from the US government which de-legitimize that government in the eyes of its own people. They intend to do this and it's their greatest and perhaps only real weapon.

The purpose of doing that is divide the nation against itself and thus generate home-grown discontents which they can cynically join in a common cause (hating the US government). One of the reasons we haven't been hit the way the UK and say Spain have been is because, aside from sleeper cells composed of foreign nationals, al Queda is having a tough time finding Americans who want to support them locally.

Provoking such responses from the US government also serves to undermine the US government's legitimacy with their foreign partners by de-legitimizing the US with those nation's citizens.

So far, they're winning. They won with Abu Graib (thanks Cheney!!!!! Thanks Yoo !!! ) . They won when they turned the Depatment of Justice into a made-to-order *legal* sausage factory , thanks to Yoo , Cheney, David Addington Jay Bybee and Alberto Gonzales.

Now they're poised to win again with this shit. This time it's structural. As one of his first official acts, Obama nullified and set aside all of messy diapers John Yoo left behind in the DoJ. But this time, it's all going to be carried forward.. it's going structural folks. You need to take this seriously.

This is Obama's legacy. This and what he does about climate change are the things history will judge him on, Obamacare is small beans in comparison.

At this exact moment in history Snowden has given him something no one could have foreseen- the perfect excuse to engage the nation in a meaningful debate over complex and fast changing relationship between personal privacy and national security and the 4th Amendment.

It's been presented to him on a mother fucking silver platter, and is he going to engage the nation like a goddamn motherfucking leader and bring us, together, as a nation, as Americans into a shared and accepted understanding about this issue strong enough to take us forward into the next century or is he going to blink this nettlesome thing before him away and let mere circumstance, some random future chain of unfortunate events decide the issue for us in a way that is incoherent, chaotic, instrumental and divisive?

Which is it going to be, Mr. President? This is an issue that is all, and only, up to you.

That's the REAL issue that no one in the main stream media is talking about.

Re:WTF?

[qbast]

Don't forget to return HTML/WWW to CERN first. Then you can talk about 'very little outside help'.

Re:WTF?

[jobsagoodun]

And we Brits want our Turing Machines back!

Church-Turing thesis

[tepples]

Alonzo Church was an American. Had there been no Turing, computers as we know them might have been designed through analogy to the lambda calculus rather than to the finite state machine with tape.

Re:

[garyebickford]

That's not the internet, although it may seem like it these days. I was sending and receiving email and files over the internet in the early 1980s, long before the WooWooWoo. In fact the WWW was really a logical extension of the NeXTStep OS with its object-based system, which allowed NeXTMail and, really, any document, to incorporate objects of any type - audio and video in email, or in a spreadsheet.

In 1990 I was product manager for PaperSight, a networked document management system that allowed annotati

Re:

[cyber-vandal]

I don't remember the US paying for all the network infrastructure in my country.

Re:

[MRe_nl]

Hahahahahahahahahahaha.
O, you're serious : (.
Chauvinism and blind nationalism for the win!

Re:

[mlts]

The Internet is a "stone soup". It was a DoD effort at first, but the world has put in a lot of technologies in general.

If I were to state who "owns" the Internet now, I would probably say China, since they are the top producer of L1 gear (switches, routers, NICs, motherboard chips, etc.,) and without that layer, everything else isn't going to happen.)

Re:

[wmac1]

So what? Many of the things YOU use iin the united states were initially invented in other countries/lands.

The internet comprises of the network infrastructure which belongs to different countries. Parts of the net which reside in those countries and have been paid by them belong to them.

Next you want to say because Graham Bell invented phone, all the phone network of the world belongs to YOU?

Re:WTF?

[sandertje]

Von Neumann was born in Hungary; he moved to the US in 1933. Einstein was a German; he moved to the US only in 1933, decades after he published his famous relativity theory in the 1910s. Now, if we were to follow your logic and only those countries where technology x was invented can use this technology, then the US would still be a well.... hunter-gatherer society. You can attribute many 20th century inventions to US citizens, but they tend to build on earlier industrial revolution technology. And where did that happen? Right, in Europe. Now, take your nationalistic bullshit, and put it up your ass. Technology is for all of mankind.

Re:

[Gibgezr]

Karl Benz, moron...from the library of congress:
http://www.loc.gov/rr/scitech/mysteries/auto.html [loc.gov]

Re:

[Penguinisto]

No powerful corporation will tolerate the routine interception of its business communications and the reading of its internal records by a political entity.

Umm, businesses don't have to worry about that so much [wikipedia.org].

Re:

[93 Escort Wagon]

Yes, because there's no way Microsoft would assist the government in circumventing the encryption used in any of their products...

Re:

[lister king of smeg]

Most VPN tunnels are between networking devices (usually Cisco ASA), but you can use pretty much anything, including a Linux box on both ends to handle the tunnel.

Anyone who uses a Windows Server on either end of a corporate-critical 24/7/365 VPN tunnel is, well, an idiot.

unfortunately IT acquisitions and licensing is handled by pointy haired bose

Unless NSA spies for benefit of corporations.

[boorack]

Which is propably the case. My biggest fear is that instead of curbing those crooks it will make them doind the same crap overtly. And overtly opressing everyone opposing them. Some crooks have already become proud, overt pricks (eg. Holder saying he won't prosecute big banks and on the other hand praising Aaron Schwarts treatment).

Re:

[CanHasDIY]

No, Goldman Sachs will not curb the excesses of the NSA. They have already found a way to profit from the excesses of the NSA.

FTFY.